1. Home
    2. /
  2. Manuals
    3. /
  3. Huawei
    4. /
  4. HG8245T
    5. /
  5. 60
Page 296 / 429 Scroll up to view Page 291 - 295
NOTE
l
The security mode and encryption configured on a Wi-Fi terminal must be the same as those of an ONT. If
the TKIP&AES, or AES encryption mode is not configured on the Wi-Fi terminal, the Wi-Fi terminal may
have an old-version driver. If so, update the driver version.
l
When two SSIDs are configured, if you modify the information of an SSID, the other SSID will re-choose
a channel, causing the service to be interrupted for a few minutes.
4.5 Security
This topic describes how to configure the IP address filter, MAC address filter, DoS, and ONT
access control through the Web page.
4.5.1 IP Filter Configuration
1.
In the navigation tree on the left, choose
Security
>
IP Filter Configuration
. In the pane
on the right, enable the IP address filter function. After selecting the filter mode, click
New
. Then, in the dialog box that is displayed, configure the rule for filtering IP addresses
from the WAN interface to the LAN port, as shown in
Figure 4-17
.
Figure 4-17
IP Filter Configuration
2.
Click
Apply
to apply the configuration.
The IP address filter function is a security mechanism configured on the residential gateway. It
enables or disables all or partial ports in an Intranet IP address segment to communicate with
all or partial ports in an Extranet IP address segment. The IP address filter configuration is used
to limit communication between an Intranet device and an Extranet device.
Table 4-5
describes the parameters related to the IP address filter.
EchoLife HG8010/HG8240B/HG8245T/HG8247T GPON
Terminal
Service Manual
4 Web Page Reference
Issue 01 (2011-10-18)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
288
Page 297 / 429
Table 4-5
Parameters related to the IP address filter
Parameter
Description
IP address filter function
Indicates whether to enable the IP address filter function by
clicking
OPEN
or
CLOSE
.
Filter Mode
Indicates the IP address filter rule of the blacklist or whitelist.
l
Blacklist: indicates that the data meeting the rule in the filter
rule list is not allowed to pass.
l
Whitelist: indicates that the data meeting the rule in the filter
rule list is allowed to pass.
The filter mode is global config mode. Thus, the blacklist and
whitelist mode cannot be used at the same time.
Protocol
Indicates the type of the protocol, which may be TCP/UDP,
TCP, UDP, ICMP, or ALL.
LAN-side IP Address
Indicates the IP address on the LAN side.
LAN-side Port
Indicates the port ID on the LAN side. This parameter can be
configured when
Protocol
is set to
TCP/UDP
,
TCP
or
UDP
.
WAN-side IP Address
Indicates the IP address on the WAN side.
WAN-side Port
Indicates the ID of the WAN side port. This parameter can be
configured when
Protocol
is set to
TCP/UDP
,
TCP
or
UDP
.
4.5.2 MAC Filter Configuration
1.
In the navigation tree on the left, choose
Security
>
MAC Filter Configuration
. In the
pane on the right, after enabling MAC filter and selecting the filter mode, click
New
. On
the dialog box that is displayed, configure the MAC filter rule for the PC to access the
Internet, as shown in
Figure 4-18
.
Figure 4-18
MAC Filter Configuration
2.
Click
Apply
to apply the configuration.
EchoLife HG8010/HG8240B/HG8245T/HG8247T GPON
Terminal
Service Manual
4 Web Page Reference
Issue 01 (2011-10-18)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
289
Page 298 / 429
The MAC address lists of PCs in the network are saved on the ONT. Configuring MAC filter
rules enables the PCs that conform to the rules to access the Internet service or disables the PCs
that do not conform to the rules to access the Internet service. A PC may have more than one IP
addresses but a unique MAC address. Therefore, configuring MAC filter rules effectively
controls the Internet service access rights of PCs in a LAN.
Table 4-6
describes the parameters related to the MAC filter.
Table 4-6
Parameters related to the MAC address filter
Parameter
Description
MAC address filter function
Indicates whether to enable the MAC address
filter function by clicking
OPEN
or
CLOSE
.
Filter Mode
Indicates the MAC address filter rule of the
blacklist or whitelist.
l
Blacklist: indicates that the data meeting
the rule in the filter rule list is not allowed
to pass.
l
Whitelist: indicates that the data meeting
the rule in the filter rule list is allowed to
pass.
The filter mode is global config mode. Thus,
the blacklist and whitelist mode cannot be
used at the same time.
Source MAC Address
Indicates the source MAC address in the
MAC address filter rule.
4.5.3 URL Filter Configuration
1.
Click the
Security
tab and then choose
URL Filter Configuration
from the navigation
tree. In the pane on the right, after enabling URL filter and selecting the filter mode, click
New
. On the dialog box that is displayed, configure the URL filter rule for the PC to access
the Internet, as shown in
Figure 4-19
.
EchoLife HG8010/HG8240B/HG8245T/HG8247T GPON
Terminal
Service Manual
4 Web Page Reference
Issue 01 (2011-10-18)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
290
Page 299 / 429
Figure 4-19
URL Filter Configuration
2.
Click
Apply
to apply the configuration.
4.5.4 DoS Configuration
1.
In the navigation tree on the left, choose
Security
>
DoS Configuration
. In the pane on
the right, determine whether to enable the DoS attack-preventive configuration, as shown
in
Figure 4-20
.
Figure 4-20
DoS Configuration
2.
Click
Apply
to apply the configuration.
Denial of service (DoS) attack is a network-based attack that denies users from accessing the
Internet. The DoS attack initiates a large number of network connections, making the server or
the program running on the server break down or server resources exhaust or denying users to
access the Internet service. As a result, the network service fails.
Table 4-7
describes the parameters related to the DoS.
EchoLife HG8010/HG8240B/HG8245T/HG8247T GPON
Terminal
Service Manual
4 Web Page Reference
Issue 01 (2011-10-18)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
291
Page 300 / 429
Table 4-7
Parameters related to the DoS
Parameter
Description
Prevent SYN Flooding Attack
Indicates whether to enable the prevent SYN
flooding attack.
In the attack, several source hosts send SYN
packets to a destination host. After receiving
the SYN ACK packets from the destination
host, the source hosts do not respond. In this
case, the destination host establishes many
connection queues for the source hosts and
maintains these queues all the time because
no ACK response is received. As a result,
many resources are used and the destination
host fails to provide normal services for
normal connections.
Prevent ICMP Echo Attack
Indicates whether to enable the prevent ICMP
echo attack.
In the attack, many ICMP echo packets are
sent to a destination host within a short time.
As a result, the network is congested or the
resources of the host are exhausted.
Prevent ICMP Redirect Attack
Indicates whether to enable the prevent ICMP
redirect attack.
In the attack, many ICMP redirect packets are
sent to a destination host within a short time.
As a result, the network is congested or the
resources of the host are exhausted.
4.5.5 ONT Access Control Configuration
1.
In the navigation tree on the left, choose
Security
>
ONT Access Control
Configuration
. In the pane on the right, configure the rule of ONT access control, as shown
in
Figure 4-21
.
EchoLife HG8010/HG8240B/HG8245T/HG8247T GPON
Terminal
Service Manual
4 Web Page Reference
Issue 01 (2011-10-18)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
292

Rate

3.5 / 5 based on 2 votes.

Popular Huawei Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top