No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
After NAT Is Configured, How Do I Configure the Device to Prevent PCs with Specified Internal IP Addresses from Accessing the Website?

After NAT Is Configured, How Do I Configure the Device to Prevent PCs with Specified Internal IP Addresses from Accessing the Website?

A traffic policy is configured on the device connected to the internal network in the inbound direction. The traffic policy rejects packets with the source IP address as the specified network segment and destination IP address as the website address.

As shown in Figure 29-104, the IP address of GE0/0/1 (outbound interface) on the router is 200.100.1.2/24, and the IP address of Eth0/0/1 is 192.168.0.1/24. The remote IP address of GE0/0/1 is 200.100.1.1/24. The intranet user uses Easy IP to access the Internet through GE0/0/1.

Figure 29-104  Easy IP configuration on the outbound interface

The configuration is as follows:

#
 sysname Router  //Modify the device name.
#
acl number 2000  //Configure the internal address segment 192.168.0.0/24 that can be translated using NAT.
 rule 5 permit source 192.168.0.0 0.0.0.255
#
interface Ethernet0/0/1
 ip address 192.168.0.1 255.255.255.0  //Configure the internal gateway address.
#
interface GigabitEthernet0/0/1
 ip address 200.100.1.2 255.255.255.0
 nat outbound 2000  //Configure Easy IP on GE0/0/1.
#
ip route-static 0.0.0.0 0.0.0.0 200.100.1.1  //Configure a static route.
#

To prevent PCs with IP addresses 192.168.0.16 to 192.168.0.31 from accessing 211.1.1.6, perform the following operations:

[Router] acl 3000
[Router-acl-adv-3000] rule deny ip destination 211.1.1.6 0.0.0.0 source 192.168.0.16 0.0.0.15
[Router-acl-adv-3000] quit
[Router] traffic classifier c1
[Router-classifier-c1] if-match acl 3000
[Router-classifier-c1] quit
[Router] traffic behavior b1
[Router-behavior-b1] deny
[Router-behavior-b1] quit
[Router] traffic policy p1
[Router-trafficpolicy-p1] classifier c1 behavior b1
[Router-trafficpolicy-p1] quit
[Router] interface ethernet 0/0/1
[Router-Ethernet0/0/1] traffic-policy p1 inbound
Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 445755

Downloads: 4299

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next