PLANET Internet SOHO Router

XRT-101 / XRT-711

xDSL/Cable Access Router


Appendix A. Access Control

The Access Control feature allows administrators to restrict Internet Access by individual workstations. The process uses "Packet Filtering" to block or discard data packets. You can apply the pre-defined filters, and optionally define your own filters.
By default, filtering is disabled; no packets are blocked or discarded.

To use the Access Control feature:

You can limit Internet access for ALL PCs without entering ANY workstation data. Simply apply the desired restrictions to the "Everyone" group.


A.1 Security Groups

Select Access Control from the navigation bar, then Security Groups to see a screen like the example below.

Security Groups

Figure 1: Security Groups

A.1.1 Operations

Select the group from the drop-down box, then enter the required data. Note that the Security groups are pre-named "Everyone", "Group 1", "Group 2", "Group 3", and "Group 4". These names cannot be changed.

If necessary, click the Click Form button to clear the existing data.

Click Save when finished.

Select the group from the drop-down box, then click the Get Data button to view the data for the selected group.

Make any changes you wish, click Save when finished.

All workstations are automatically in the "Everyone" group. Use the the Workstations screen to move them to another group if desired.

A.1.2 Data - Security Groups Screen

Internet Access for this group
No restrictions No packets are blocked. Use this to create an "Unlimited Access" group, or to temporarily remove restrictions from a group.
Block all Access Groups members cannot access the Internet at all. Use this to create the most restrictive group.
Use Packet Filter Table
below
Use this to define intermediate levels of access. Using the Packet Filter table gives you fine control over Internet access.
Packet Filter Table
Applications
to Block
Any items checked will be blocked. Users will not be able to use the application.
TCP Packets to Discard This lists any TCP filters you have defined on the Administrator Defined Filters screen. If no filters have been defined, this list is empty.
Multiple items can be selected (or deselected) by holding down the Ctrl key while selecting items.
Selected items can NOT be accessed by members of this group.
UPD Packets to Discard This lists any UDP filters you have defined on the Administrator Defined Filters screen. If no filters have been defined, this list is empty.
Multiple items can be selected (or deselected) by holding down the Ctrl key while selecting items.
Selected items can NOT be accessed by members of this group.


A.2 Workstations

The Workstations screen is reached from the Access Control link on the navigation bar. An example screen is shown below.

Figure 2: Workstations

Note that the drop-down box lists all Workstations previously entered. If none have been entered, this box will be empty.

A.2.1 Operations

A.2.2 Data

Workstation Name Enter a name to identify this workstation.
Network Adapter Address Hardware address for this workstation. You can use the Windows "Winipcfg" program or your LAN management program to find this address.
Reserve entry
in DHCP Table
Check this if you wish to reserve an IP address for this workstation. This is useful if you have to provide the IP Address for other programs or users.
If this is left unchecked, the following entry can be ignored.
Reserved IP Address This relates to the entry above. Enter the reserved address here. This MUST be within the range used by the DHCP server (set on the Device - Internal LAN Port screen).
Security Group Select the security group for this workstation. If you only wish to reserve an IP Address, and are not using the security (access control) features, simply leave this at "Everyone".


A.3 Administrator Defined Filters

The Administrator Defined Filters screen is reached via the Access Control menu.

This screen allows you to define packet filters; that is, what packets should be blocked (discarded). After you define packet filters, they will appear on the Security Groups screen. You can then select them, as well as the pre-defined filters, when applying restrictions to a Security Group.

Figure 3: Administrator Defined Filters

A.3.1 Data

TCP Packets
Name Enter a descriptive name for this entry.
Port No. Enter an integer representing the Port Number for this type of packet. A Network Analyzer or Packet Sniffer can be used to determine the correct port number.
UDP Packets
Name Enter a descriptive name for this entry.
Port No. Enter an integer representing the Port Number for this type of packet. A Network Analyzer or Packet Sniffer can be used to determine the correct port number.


[Top of this Chaptert] Table of Contents Back to Chapter 8 Go to Appendix B, E-mail Sharing .
Copyright (c) 2001, Planet Technology Corp.