Thunder-link.com: How to Configure ACL-based Packet Filtering So That Internal Users Cannot Access All External Networks

Tuesday, March 15, 2016

How to Configure ACL-based Packet Filtering So That Internal Users Cannot Access All External Networks

Configuring Huawei Routers ACL-based Packet Filtering So That Internal Users Cannot Access All External Networks, works for all the huawei routers, such as AR151, ME60-X3, Huawei NE40 router

Applicability

This example applies to all AR models of V200R002C00 and later versions.

Networking Requirements

The PC at 192.168.1.12/24 is prohibited from accessing all websites.

Figure 1 Configuring ACL-based Packet Filtering So That Internal Users Cannot Access All External Networks

Procedure

Configure the Router.

dhcp enable //Globally enable DHCP.

acl number 2000 //Create ACL 2000 and configure a rule that permits packets with source IP addresses on the

network segment 192.168.1.0/24 to pass.

rule 5 permit source 192.168.1.0 0.0.0.255

acl number 3005 //Configure ACL 3005 for packet filtering.

description deny_souce_ip_www

rule 5 deny tcp source 192.168.1.12 0 destination-port eq www

rule 10 permit tcp source 192.168.1.12 0

ip pool pool1 //Create a global IP address pool.

gateway-list 192.168.1.2 //Configure the egress gateway address for DHCP clients.

network 192.168.1.0 mask 255.255.255.0 //Configure the range of allocable IP addresses in the global IP address pool.

dns-list 202.106.0.20 202.106.46.151 //Specify the IP address of the DNS server for DHCP clients.

interface Serial2/0/0

link-protocol ppp

ip address 219.143.125.234 255.255.255.252

nat outbound 2000 //Enable NAT for hosts on network segment 192.168.1.0/24.

interface GigabitEthernet0/0/1

ip address 192.168.1.2 255.255.255.0

traffic-filter inbound acl 3005 //Apply ACL 3005 to the interface to filter packets on the interface.

dhcp select global //Configure the interface to use the global IP address pool.

ip route-static 0.0.0.0 0.0.0.0 Serial2/0/0 //Configure a default route.

Verify the configuration.

Run the display traffic-filter statistics command on the Router to view statistics about packets matching the ACL on the interface.

Contact information:

Telephone: 852-30623083

Email: Sales@Thunder-Link.com

Supports@Thunder-link.com

Website: http://www.thunder-link.com

More related:

Different VLAN with the same IP address segment communicate through the layer three switches
MA5600T Series Maintenance Feature Glance
MA5600T&MA5603T&MA5608T 10G GPON Feature Glance

How to Configure the H.248-based Voice Service?
How to Login Huawei Equipment Through the Local Serial Port

Thunder-link.com

Tuesday, March 15, 2016

How to Configure ACL-based Packet Filtering So That Internal Users Cannot Access All External Networks

No comments:

Post a Comment