Installation Guide of
Wireless
Internet Access Server
WRT-2110
Ch
9. Access Control
The Access Control feature allows
administrators to restrict Internet Access by individual PCs. The process uses
"Packet Filtering" to block or discard data packets. By default, no packets
are blocked or discarded.
To use this feature:
- Set the desired restrictions on the "Everyone"
group. All PCs are in the "Everyone" group unless explicitly moved to another
group, using the PC screen.
- Set the desired restrictions on the other groups
("Group 1", "Group 2", etc ) as needed.
- For each PC you wish to move from the "Everyone"
group, enter their details on the PCs screen, and assign them to the
desired group
 |
You
can limit Internet access for ALL PCs without entering ANY PC data.
Simply apply the desired restrictions to the "Everyone" group.
|
It is also possible to define your
own packet filters, and use these filters in addition to the pre-defined filters.
Defining your own filters is optional.
9.1
Security Groups
The Security Groups screen
is reached from the Access Control link on the navigation bar. An example
screen is shown below.

Figure
31: Security Groups Screen
Note that the Security groups are
pre-named "Everyone", "Group 1", "Group 2", "Group 3", and "Group 4".
Operations
- To Define a Security Group:
Select the group from the drop-down box, then enter the required data. If
necessary, click Clear Form to remove the existing information shown
on screen.
Click the Save button when finished.
- To Change Access for an Existing Group:
Select the group from the drop-down box, click Get Data to view their
information, then change any fields you wish.
Click Save when finished.
- To Assign PCs to a Security Group
All PCs are initially in the "Everyone" group. Use the PCs screen to
move individual PCs to other groups as required.
Data
The following data is required.
Access
Rights: Internet Access for this Group
|
No restrictions
|
No packets are blocked.
Use this to create an "Unlimited Access" group, or to temporarily remove
restrictions.
|
Block all Access
|
Groups members cannot access
the Internet at all. Use this to create the most restrictive group.
|
Use Packet Filter Table
below
|
Use this to define intermediate
levels of access. Using the Packet Filter table gives you fine control
over Internet access.
Simply select the items
you wish to block. You can choose from the pre-defined filters in the
Applications to Block column, or your own filters in the TCP
Packets to Discard and UPD Packets to Discard column.
|
Packet
Filter Table
|
Applications to Block
|
Any items checked will be
blocked. Users will not be able to use the application.
|
TCP Packets to Discard
|
This lists any TCP filters
you have defined on the Filters screen. If no filters have been
defined, this is empty.
Multiple items can be selected (or deselected) by holding down the Ctrl
key while selecting items.
Selected items can NOT be accessed by members of this group.
|
UDP Packets to Discard
|
This lists any UDP filters
you have defined on the Filters screen. If no filters have been
defined, this is empty.
Multiple items can be selected (or deselected) by holding down the Ctrl
key while selecting items.
Selected items can NOT be accessed by members of this group.
|
 |
If
you have not defined your own filters, but wish to do so, refer to the
"Filters" topic later in this Chapter.
|
9.2
PCs
The PCs screen is reached from
the Access Control link on the navigation bar. An example screen is shown
below.

Figure
32: PCs Screen
Note that the drop-down box lists
all PCs previously entered. If none have been entered, this box will be empty.
Operations
- To Add a New PC:
Ignore the drop-down box, click the Clear Form button, and enter the
PC details in the fields provided.
Click Add when finished.
- To Delete an Existing PC:
Select the PC from the drop-down box, click Get Data to view the information
and confirm that this is the correct PC, then click the Delete button.
- To Change an Existing PC's Details:
Select the PC from the drop-down box, click Get Data to view their
information, then change any fields you wish.
Click Update when finished.
- To Generate a List of all PCs:
Just click on the List All button.
Data
PC Name
|
Enter a name to identify
this PC.
|
Network Adapter Address
|
Hardware address for this
PC. You can use the Windows "Winipcfg" program or your LAN management
program to find this address.
|
Reserve entry in DHCP
Table
|
Check this if you wish to
reserve an IP address for this PC. This is useful if you have to provide
the IP Address for other programs or users.
If this is left unchecked,
the following entry can be ignored.
|
Reserved
IP Address
|
This relates to the entry
above. Enter the reserved address here. This MUST be within the range
used by the DHCP server (set on the Device - Internal LAN Port
screen).
|
Security Group
|
Select the security group
for this PC. If you only wish to reserve an IP Address, and are not
using the security (access control) features, simply leave this at "Everyone".
|
9.3
Filters
The Filters screen is reached
from the Access Control link on the navigation bar. An example screen
is shown below.

Figure
33: Filters Screen
This screen allows you to define packet
filters. When you define security groups, on the "Security Groups" screen, you
can select from any filters defined here, as well as the pre-defined filters.
Data
TCP Packets
Define the packets you wish to be
filtered out, by entering the following data.
TCP Filters
|
Name
|
Enter a descriptive name
for this entry.
|
Port No.
|
Enter an integer representing
the Port Number for this type of packet. This information can normally
be provided by the service provider. Otherwise, a Network Analyzer or
Packet Sniffer can be used to determine the correct port number.
|
UDP Filters
|
Name
|
Enter a descriptive name
for this entry.
|
Port No.
|
Enter an integer representing
the Port Number for this type of packet. This information can normally
be provided by the service provider. Otherwise, a Network Analyzer or
Packet Sniffer can be used to determine the correct port number.
|

|
Copyright (c) 2001, Planet Technology Corp.
|