No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Typical Configuration Examples

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600

This document provides examples for configuring AR router features in typical usage scenarios.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring ACL-based Packet Filtering So That Internal Users Cannot Access All External Networks

Example for Configuring ACL-based Packet Filtering So That Internal Users Cannot Access All External Networks

Applicability

This example applies to all AR models of V200R003C00 and later versions.

Networking Requirements

As shown in Figure 10-1, the PC at 192.168.1.12/24 is not allowed to access external networks, so the PC cannot access any website. The router functions as a DHCP server to allocate IP addresses to all clients on network segment 192.168.1.0/24, except that IP addresses 192.168.1.2/24, 192.168.2.1/24, and 192.168.1.1 are manually configured for GE0/0/1, GE0/0/2, and the DNS server.

Figure 10-1  Configuring ACL-based Packet Filtering So That Internal Users Cannot Access All External Networks

Procedure

  1. Configure a basic ACL to specify the permitted network segment.
    1. As shown in Figure 10-2, choose Security > ACL > Basic ACL Setting to open the Basic ACL Setting page.

      Figure 10-2  Basic ACL Setting

    2. Click Create in the Basic ACL Setting List area to configure the basic ACL, as shown in Figure 10-3.

      Figure 10-3  Create Basic ACL Setting

    3. Click OK to complete the configuration.
    4. Click Add rules in the row of acl2000, and permit the clients on network segment 192.168.1.0/24 to access external networks, as shown in Figure 10-4.

      Figure 10-4  Add rules for basic ACL

    5. Click to complete the configuration, as shown in Figure 10-5.

      Figure 10-5  Basic ACL Setting List

  2. Configure an advanced ACL to filter packets.
    1. As shown in Figure 10-6, choose Security > ACL > Advanced ACL Setting to open the Advanced ACL Setting page.

      Figure 10-6  Advanced ACL Setting

    2. Click Create in the Advanced ACL Setting List area to configure the advanced ACL, as shown in Figure 10-7.

      Figure 10-7  Create Advanced ACL Setting

    3. Click OK to complete the configuration.
    4. Click Add rules in the row of acl3005, and prevent the internal user at 192.168.1.12/24 from accessing external networks, as shown in Figure 10-8.

      Figure 10-8  Add rules for advanced ACL

    5. Click to complete the configuration.
    6. Repeat Step 2.d to add the second rule to the advanced ACL. The configuration result is displayed as Figure 10-9.

      Figure 10-9  Advanced ACL Setting List

  3. Configure the router as a DHCP server to allocate IP addresses to the users on network segment 192.168.1.0/24.
    1. As shown in Figure 10-10, choose IP Service > DHCP to open the DHCP Configuration page.

      Figure 10-10  DHCP Configuration

    2. Select Start and click Apply to enable DHCP globally. The configuration result is displayed as Figure 10-11.

      Figure 10-11  DHCP Status

    3. Click Create in the DHCP Service Information List(IPv4) area to configure the DHCP service, as shown in Figure 10-12.

      Figure 10-12  Create DHCP Service

    4. Click OK to complete the configuration.
  4. Configure IP addresses for GE0/0/1 and GE0/0/2.
    1. As shown in Figure 10-13, choose WAN Access > Ethernet Interface to open the Ethernet Interface page.

      Figure 10-13  Ethernet Interface

    2. Click in the row of GigabitEthernet0/0/1 in the Ethernet Interface List area, as shown in Figure 10-14.

      Figure 10-14  Configuring IP addresses for interfaces

    3. Click OK to complete the configuration.

      Configure IP address 192.168.2.1 and subnet mask 255.255.255.0 for GE0/0/2 in the same way.

  5. Configure static NAT to perform translation between private and public network addresses.
    1. As shown in Figure 10-15, choose IP Service > NAT > External Network Access to open the External Network Access page.

      Figure 10-15  External Network Access

    2. Click Create in the External Network Access area to configure NAT, as shown in Figure 10-16.

      Figure 10-16  Configuring a NAT information

    3. Click OK to complete the configuration.
  6. Apply the advanced ACL to an interface to filter packets.
    1. As shown in Figure 10-17, choose Security > Security Protection > ACL Filtering to open the ACL Filtering page.

      Figure 10-17  ACL Filtering

    2. Click Create in the ACL Filtering List area to configure the advanced ACL, as shown in Figure 10-18.

      Figure 10-18  Configuring the advanced ACL

    3. Click OK to apply the advanced ACL to the interface.
  7. Configure a default route.
    1. As shown in Figure 10-19, choose IP Service > Route > Static Route Configuration.

      Figure 10-19  Static Route Configuration

    2. Click Create in the IPv4 Static Route Configuration Table area to configure routing information, as shown in Figure 10-20.

      Figure 10-20  Configuring a Default Route

    3. Click OK to complete the configuration.
  8. Verify the Confuguration.

    # The user at 192.168.1.12/24 cannot access external networks.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1000079722

Views: 51634

Downloads: 7488

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next