Page 326 / 364 Scroll up to view Page 321 - 325
Table 5-5
Parameters related to the IP address filter
Parameter
Description
IP address filter function
Indicates whether to enable the IP address filter function by
clicking
OPEN
or
CLOSE
.
Filter Mode
Indicates the IP address filter rule of the blacklist or whitelist.
l
Blacklist: indicates that the data meeting the rule in the filter
rule list is not allowed to pass.
l
Whitelist: indicates that the data meeting the rule in the filter
rule list is allowed to pass.
The filter mode is global config mode. Thus, the blacklist and
whitelist mode cannot be used at the same time.
Protocol
Indicates the type of the protocol, which may be TCP/UDP,
TCP, UDP, ICMP, or ALL.
LAN-side IP Address
Indicates the IP address on the LAN side.
LAN-side Port
Indicates the port ID on the LAN side. This parameter can be
configured when
Protocol
is set to
TCP/UDP
,
TCP
or
UDP
.
WAN-side IP Address
Indicates the IP address on the WAN side.
WAN-side Port
Indicates the ID of the WAN side port. This parameter can be
configured when
Protocol
is set to
TCP/UDP
,
TCP
or
UDP
.
5.5.2 MAC Filter Configuration
1.
In the navigation tree on the left, choose
Security
>
MAC Filter Configuration
. In the
pane on the right, after enabling MAC filter and selecting the filter mode, click
New
. On
the dialog box that is displayed, configure the MAC filter rule for the PC to access the
Internet, as shown in
Figure 5-18
.
Figure 5-18
MAC Filter Configuration
2.
Click
Apply
to apply the configuration.
EchoLife HG8010/HG8110/HG8240/HG8245/HG8247/
HG8447 GPON Terminal
Service Manual
5 Web Page Reference
Issue 02 (2011-12-08)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
318
Page 327 / 364
The MAC address lists of PCs in the network are saved on the ONT. Configuring MAC filter
rules enables the PCs that conform to the rules to access the Internet service or disables the PCs
that do not conform to the rules to access the Internet service. A PC may have more than one IP
addresses but a unique MAC address. Therefore, configuring MAC filter rules effectively
controls the Internet service access rights of PCs in a LAN.
Table 5-6
describes the parameters related to the MAC filter.
Table 5-6
Parameters related to the MAC address filter
Parameter
Description
MAC address filter function
Indicates whether to enable the MAC address
filter function by clicking
OPEN
or
CLOSE
.
Filter Mode
Indicates the MAC address filter rule of the
blacklist or whitelist.
l
Blacklist: indicates that the data meeting
the rule in the filter rule list is not allowed
to pass.
l
Whitelist: indicates that the data meeting
the rule in the filter rule list is allowed to
pass.
The filter mode is global config mode. Thus,
the blacklist and whitelist mode cannot be
used at the same time.
Source MAC Address
Indicates the source MAC address in the
MAC address filter rule.
5.5.3 URL Filter Configuration
1.
Click the
Security
tab and then choose
URL Filter Configuration
from the navigation
tree. In the pane on the right, after enabling URL filter and selecting the filter mode, click
New
. On the dialog box that is displayed, configure the URL filter rule for the PC to access
the Internet, as shown in
Figure 5-19
.
EchoLife HG8010/HG8110/HG8240/HG8245/HG8247/
HG8447 GPON Terminal
Service Manual
5 Web Page Reference
Issue 02 (2011-12-08)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
319
Page 328 / 364
Figure 5-19
URL Filter Configuration
2.
Click
Apply
to apply the configuration.
5.5.4 DoS Configuration
1.
In the navigation tree on the left, choose
Security
>
DoS Configuration
. In the pane on
the right, determine whether to enable the DoS attack-preventive configuration, as shown
in
Figure 5-20
.
Figure 5-20
DoS Configuration
2.
Click
Apply
to apply the configuration.
Denial of service (DoS) attack is a network-based attack that denies users from accessing the
Internet. The DoS attack initiates a large number of network connections, making the server or
the program running on the server break down or server resources exhaust or denying users to
access the Internet service. As a result, the network service fails.
Table 5-7
describes the parameters related to the DoS.
EchoLife HG8010/HG8110/HG8240/HG8245/HG8247/
HG8447 GPON Terminal
Service Manual
5 Web Page Reference
Issue 02 (2011-12-08)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
320
Page 329 / 364
Table 5-7
Parameters related to the DoS
Parameter
Description
Prevent SYN Flooding Attack
Indicates whether to enable the prevent SYN
flooding attack.
In the attack, several source hosts send SYN
packets to a destination host. After receiving
the SYN ACK packets from the destination
host, the source hosts do not respond. In this
case, the destination host establishes many
connection queues for the source hosts and
maintains these queues all the time because
no ACK response is received. As a result,
many resources are used and the destination
host fails to provide normal services for
normal connections.
Prevent ICMP Echo Attack
Indicates whether to enable the prevent ICMP
echo attack.
In the attack, many ICMP echo packets are
sent to a destination host within a short time.
As a result, the network is congested or the
resources of the host are exhausted.
Prevent ICMP Redirect Attack
Indicates whether to enable the prevent ICMP
redirect attack.
In the attack, many ICMP redirect packets are
sent to a destination host within a short time.
As a result, the network is congested or the
resources of the host are exhausted.
5.5.5 ONT Access Control Configuration
1.
In the navigation tree on the left, choose
Security
>
ONT Access Control
Configuration
. In the pane on the right, configure the rule of ONT access control, as shown
in
Figure 5-21
.
EchoLife HG8010/HG8110/HG8240/HG8245/HG8247/
HG8447 GPON Terminal
Service Manual
5 Web Page Reference
Issue 02 (2011-12-08)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
321
Page 330 / 364
Figure 5-21
ONT Access Control Configuration
2.
Click
Apply
to apply the configuration.
5.6 Route
This topic describes how to configure the default route and static route through the Web page.
5.6.1 Default Route Configuration
1.
In the navigation tree on the left, choose
Route
>
Default Route Configuration
. In the
pane on the right, select or deselect the
Default Route
option button to enable or disable
the default route of the system, as shown in
Figure 5-22
.
Figure 5-22
Default Route Configuration
NOTE
If an ONT fails to find a matching routing entry after receiving a packet, the WAN interface specified
by the default route configuration sends the packet to a network device. Before the default route of
the system is enabled, the WAN interface must obtain the IP address. Therefore, the parameters of
the WAN interface must be correctly set. For details, see
5.2.1 WAN Configuration
.
2.
Click
Apply
to apply the configuration.
EchoLife HG8010/HG8110/HG8240/HG8245/HG8247/
HG8447 GPON Terminal
Service Manual
5 Web Page Reference
Issue 02 (2011-12-08)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
322

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top