How to limit the specified source or destination address to access the network

8

You can configure an ACL to match the source or destination address. If the host with the source IP address of 10.1.1.1 is required to access only the host on network segment 10.1.1.18/26, the configuration is as follows:
For details on how to configure a traffic classifiers, behaviors (action is set to permit), and traffic policies, see MQC Configuration in AR CLI-based Configuration Guide - QoS.

Other related questions:
How do I control access through specific source or destination addresses

You can configure access control lists (ACLs) to match source or destination addresses. For example, under the following configuration, the host at 10.1.1.1 can only access hosts on the 10.1.1.18/26 network segment.

[Huawei] acl 3000 [Huawei-acl-adv-3000] rule permit ip source 10.1.1.1 0 destination 10.1.1.18 0.0.0.63 [Huawei-acl-adv-3000] rule deny ip source 10.1.1.1 0

For configurations of other traffic classifiers, behaviors (actions set to permit), and policies, see Traffic Policy Configuration in the AR Configuration Guide - QoS.


How to set a specified time range on an AR to limit users to access the network
Method 1: You can configure an ACL with the time range specified and configure a traffic policy. Create a time range, for example, 8:00 to 18:00 from Monday to Friday. [Huawei]time-range workday 8:00 to 18:00 working-day Create an ACL based on the time range. [Huawei]acl 3000 //Set the validity period of ACL 3000 to workday. [Huawei-acl-adv-3000]rule permit ip source 10.1.1.0 0.0.0.255 time-range workday //Match network segment 10.1.1.0/24 on the intranet, and set the validity time to workday. Then create a traffic classifier, traffic behavior, and traffic policy, and apply the traffic policy. Method 2: You can also disable NAT in the specified time range to limit users to access the network. Create a time range, for example, 8:00 to 18:00 from Monday to Friday. [Huawei]time-range workday 8:00 to 18:00 working-day Create an ACL based on the time range. [Huawei]acl 3000 //Set the validity period of ACL 3000 to workday. [Huawei-acl-adv-3000]rule permit ip source 10.1.1.0 0.0.0.255 [Huawei-acl-adv-3000]rule permit ip source 10.1.2.0 0.0.0.255 time-range workday //Match network segment 10.1.2.0/24 on the intranet, and set the validity time to workday. [Huawei]interface GigabitEthernet 0/0/2 [Huawei-GigabitEthernet0/0/2]nat outbound 3000 //Devices on the network segment 10.1.2.0/24 can only access the network at 8:00 to 18:00 from Monday to Friday, while devices on the network segment 10.1.1.0/24 can access the network at any time.

How is the source IP address of ping packets specified
The -a parameter specifies the source IP address of ping packets. If -a is not specified, the system searches for the outbound interface mapping the destination IP address in the routing table and uses the outbound interface's IP address as the source IP address of ping packets. If there are equal-cost routes to the destination IP address, the system performs the hash algorithm based on the destination IP address, protocol number, ICMP type, and ICMP mode and selects the outbound interface's IP address as the source IP address of ping packets.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top