No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
WLAN Troubleshooting Guide
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Can ACLs Be Configured Based on Domain Names on an AC?

Can ACLs Be Configured Based on Domain Names on an AC?

From V200R006C20, Huawei ACs support the ACL configuration based on domain names.

User ACLs can be configured to control users' network access rights. To control the user access to a domain name, an administrator can query the IP address mapping this domain name and configure users' rights for accessing this IP address. If the domain name maps multiple IP addresses, you can configure a global domain name and control the access rights directly based on the global domain name in ACL rules, reducing maintenance workload of the administrator.

A global domain name can be configured only for user ACLs numbered from 6000 to 6031. ACL rules within the global domain name range are delivered to APs.

  • On the CLI
    1. Create the global domain name weixin.com and set its ID to 1.
      <AC> system-view 
[AC] passthrough-domain name weixin.com id 1

      After the global domain name weixin.com is configured, only weixin.com is matched. If the global domain name is set to *.weixin.com, the domain name weixin.com and its all sub-domain names (such as vip.weixin.com and auth.vip.weixin.com) are matched.

    2. Configure a user ACL and specify domain name information in packets that matches the user ACL.
      [AC] acl 6003 
[AC-acl-ucl-6003] rule 5 permit tcp destination passthrough-domain weixin.com
    3. Apply the user ACL to policies such as a simplified traffic policy.
  • On the web system
    1. Choose Configuration > Security > ACL > Domain Name Configuration. The Domain Name Configuration page is displayed.
    2. Click Create, and set Domain name ID and Domain name.

      After the global domain name weixin.com is configured, only weixin.com is matched. If the global domain name is set to *.weixin.com, the domain name weixin.com and its all sub-domain names (such as vip.weixin.com and auth.vip.weixin.com) are matched.

    3. Click OK.
    4. Choose Configuration > Security > ACL > User ACL Settings. The User ACL Settings page is displayed.
    5. Click Create, and set ACL name or ACL number. Click OK.
    6. Select the created ACL and click Add Rule.
    7. Set Protocol type based on the actual situation. Click Dest domain under Destination and select the configured global domain name. Click OK.
    8. Apply the user ACL to policies such as a simplified traffic policy.
Translation
简体中文
Download
Updated: 2023-06-02

Document ID: EDOC1000060368

Views: 1824703

Downloads: 5813

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :