No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Examples

Configuration Examples

Configuring Whitelist-based URL Filtering

Networking Requirements

As shown in Figure 26-37, a company deploys a WLAN and wants to enable the AP to filter HTTP requests from wireless users to access URLs on the Internet.

The company requires that a URL whitelist be configured to allow employees to access only work-related URL www.example.com/working and domain name www.example.org in wireless mode.

Figure 26-37  Whitelist-based URL filtering
Configuration Roadmap
  1. Configure basic WLAN services.
  2. Create a URL filtering profile, add URL www.example.com/working and domain name www.example.org to the whitelist, and set the default filtering action to block.
  3. Configure an attack defense profile and bind it to a URL filtering profile to control users' access to URLs.
  4. Configure a WLAN service VAP and bind it to the attack defense profile to make the URL filtering function take effect.

Procedure

  1. Configure basic WLAN services. For details, see Example for Configuring Fat AP Layer 2 Networking.
  2. Configure a URL filtering profile.

    # Create attack defense profile defence_wlan.

    <Huawei> system-view
    [Huawei] sysname AP
    [AP] defence-profile name defence_wlan
    [AP-defence-profile-defence_wlan] quit

    # Configure URL filtering profile url_wlan and add a URL whitelist to the profile.

    [AP] profile type url-filter name url_wlan
    [AP-profile-url-filter-url_wlan] default-action block
    [AP-profile-url-filter-url_wlan] whitelist url name www.example.com/working
    [AP-profile-url-filter-url_wlan] whitelist url name www.example.org
    [AP-profile-url-filter-url_wlan] quit
    

    # Configure attack defense profile defence_wlan and bind URL filtering profile url_wlan to it.

    [AP] defence-profile name defence_wlan
    [AP-defence-profile-defence_wlan] profile type url-filter url_wlan
    [AP-defence-profile-defence_wlan] quit
    

  3. Configure URL filtering for VAPs.

    # Configure VAP profile wlan-vap and bind attack defense profile defence_wlan to implement URL filtering for wireless users.

    [AP] wlan
    [AP-wlan-view] vap-profile name wlan-vap
    [AP-wlan-vap-prof-wlan-vap] defence-profile defence_wlan
    

  4. Verifying the Configuration

    After the configuration, wireless users associated with the VAP can access www.example.com/working and www.example.org, but cannot access other websites or domain names.

Configuration Files
  • AP Configuration File

    #
     sysname AP
    #                                                                               
    profile type url-filter name url_wlan                                           
     whitelist url name www.example.com/working                                     
     whitelist url name www.example.org                                             
     default-action block
    #
     defence-profile name defence_wlan 
      profile type url-filter url_wlan 
    #
    interface Vlanif101
     ip address 10.23.101.1 255.255.255.0
     dhcp select interface
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port trunk allow-pass vlan 101
    #
    wlan
     security-profile name wlan-security
      security wpa2 psk pass-phrase %^%#(yk#Q+M[\CMK]1)AWMX7MjZ)=e`fy@fA+.J\ht3Y%^%# aes
     ssid-profile name wlan-ssid
      ssid wlan-net
     vap-profile name wlan-vap
      service-vlan vlan-id 101
      ssid-profile wlan-ssid
      security-profile wlan-security
      defence-profile defence_wlan 
    #
    interface Wlan-Radio0/0/0
     vap-profile wlan-vap wlan 1
     channel 20mhz 6
    #
    return
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 117195

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next