No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Access Control on a BAS Interface

(Optional) Configuring Access Control on a BAS Interface

Configure a BAS interface to filter users that attempt to go online so that only specified users are allowed to access the router.

Context

To filter users based on source MAC addresses, configure an ACL rule. When a DHCP or PPP user attempts to go online, match the user's source MAC address against the ACL rule. If matched, the user is allowed to go online.

Perform the following steps on the NE40E:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run acl { name link-acl-name { link | [ link ] number link-acl-number } | [ number ] link-acl-number } [ match-order { config | auto } ]

    The ACL view is displayed.

  3. Run rule [ rule-id ] { deny | permit } source-mac source-mac sourcemac-mask

    An ACL rule is configured.

    NOTE:

    BAS interfaces support only ACLs in the range 4000 to 4999,

    and the ACL rules can only define users' source MAC addresses. The source MAC address for DHCP users is the hardware address carried in DHCP packets.

    When a BAS interface uses a filter-policy to filter users, note the following:
    • If the action specified in the ACL rule is permit, only users matching the rule are allowed to access the router.

    • If the action specified in the ACL rule is deny, users matching the rule are not allowed to access the router, and the other users are allowed to access the router.

    • If the ACL does not have any rules, the BAS interface that references this ACL does not filter access users based on users' MAC addresses.

    • If the ACL referenced by the BAS interface does not exist, the BAS interface does not filter access users based on users' MAC addresses.

  4. Run quit

    Return to the system view.

  5. (Optional) Run ppp keepalive slow acl acl-num source-mac

    PPP slow reply is configured for PPP echo packets with a specified MAC address.

  6. Run interface interface-type interface-number [ .subinterface-number ]

    The interface view is displayed.

  7. Run bas

    A BAS interface is created and the BAS interface view is displayed.

  8. Run filter-policy acl acl-number ppp

    The function of filtering DHCP users that attempt to go online based on ACL rules on a BAS interface is configured.

    NOTE:
    • Before running the filter-policy acl command, the BAS interface must already have the access-type command configured.

    • An access type can be bound to only one ACL on an interface.

    • Because IP addresses are assigned to DHCP users based on the MAC addresses contained in user DHCP packets, if you run the filter-policy acl acl-number dhcp command to filter users, the command filters users based on source MAC addresses contained in the DHCP packets, rather than those contained in the Ethernet headers. This command cannot filter out attackers whose MAC addresses contained in Ethernet headers are inconsistent with those contained in DHCP packets. To protect the device from this type of attack, run the dhcp check chaddr command.
    • The filter-policy acl acl-number ppp command applies to PPPoE, PPoEoA, and L2TP users.

  9. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17142

Downloads: 69

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next