Installation Guide of

Wireless Internet Access Server

WRT-2110


Ch 9. Access Control

The Access Control feature allows administrators to restrict Internet Access by individual PCs. The process uses "Packet Filtering" to block or discard data packets. By default, no packets are blocked or discarded.

To use this feature:

You can limit Internet access for ALL PCs without entering ANY PC data. Simply apply the desired restrictions to the "Everyone" group.

It is also possible to define your own packet filters, and use these filters in addition to the pre-defined filters. Defining your own filters is optional.


9.1 Security Groups

The Security Groups screen is reached from the Access Control link on the navigation bar. An example screen is shown below.

Figure 31: Security Groups Screen

Note that the Security groups are pre-named "Everyone", "Group 1", "Group 2", "Group 3", and "Group 4".

Operations

Data

The following data is required.

Access Rights: Internet Access for this Group

No restrictions
No packets are blocked. Use this to create an "Unlimited Access" group, or to temporarily remove restrictions.
Block all Access
Groups members cannot access the Internet at all. Use this to create the most restrictive group.
Use Packet Filter Table below
Use this to define intermediate levels of access. Using the Packet Filter table gives you fine control over Internet access.
Simply select the items you wish to block. You can choose from the pre-defined filters in the Applications to Block column, or your own filters in the TCP Packets to Discard and UPD Packets to Discard column.

Packet Filter Table

Applications to Block
Any items checked will be blocked. Users will not be able to use the application.
TCP Packets to Discard
This lists any TCP filters you have defined on the Filters screen. If no filters have been defined, this is empty.
Multiple items can be selected (or deselected) by holding down the Ctrl key while selecting items.
Selected items can NOT be accessed by members of this group.
UDP Packets to Discard
This lists any UDP filters you have defined on the Filters screen. If no filters have been defined, this is empty.
Multiple items can be selected (or deselected) by holding down the Ctrl key while selecting items.
Selected items can NOT be accessed by members of this group.

If you have not defined your own filters, but wish to do so, refer to the "Filters" topic later in this Chapter.

 


9.2 PCs

The PCs screen is reached from the Access Control link on the navigation bar. An example screen is shown below.

Figure 32: PCs Screen

Note that the drop-down box lists all PCs previously entered. If none have been entered, this box will be empty.

Operations

Data

PC Name
Enter a name to identify this PC.
Network Adapter Address
Hardware address for this PC. You can use the Windows "Winipcfg" program or your LAN management program to find this address.
Reserve entry in DHCP Table
Check this if you wish to reserve an IP address for this PC. This is useful if you have to provide the IP Address for other programs or users.
If this is left unchecked, the following entry can be ignored.
Reserved
IP Address
This relates to the entry above. Enter the reserved address here. This MUST be within the range used by the DHCP server (set on the Device - Internal LAN Port screen).
Security Group
Select the security group for this PC. If you only wish to reserve an IP Address, and are not using the security (access control) features, simply leave this at "Everyone".


9.3 Filters

The Filters screen is reached from the Access Control link on the navigation bar. An example screen is shown below.

Figure 33: Filters Screen

This screen allows you to define packet filters. When you define security groups, on the "Security Groups" screen, you can select from any filters defined here, as well as the pre-defined filters.

Data

TCP Packets

Define the packets you wish to be filtered out, by entering the following data.

TCP Filters

Name
Enter a descriptive name for this entry.
Port No.
Enter an integer representing the Port Number for this type of packet. This information can normally be provided by the service provider. Otherwise, a Network Analyzer or Packet Sniffer can be used to determine the correct port number.

UDP Filters

Name
Enter a descriptive name for this entry.
Port No.
Enter an integer representing the Port Number for this type of packet. This information can normally be provided by the service provider. Otherwise, a Network Analyzer or Packet Sniffer can be used to determine the correct port number.

[ Top of this Chapter ]

Ch 8 Adavanced Internet

Table of content

AppA  Troubleshooting

 


Copyright (c) 2001, Planet Technology Corp.