How to configure an ACL through the web NMS on an AR router

1

Log in to the web NMS, and choose Security > ACL. Click a tab page to configure basic ACL, advanced ACL, or Layer 2 ACL.
Configure a basic ACL so that the AR router can categorize IPv4 or IPv6 packets based on the source and destination IP addresses as well as time period carried in the packets.
Configure an advanced ACL so that the AR router can categorize IPv4 or IPv6 packets based on the source and destination IP addresses, source and destination interface numbers, protocol type, priorities, as well as time period carried in the packets.
Configure a Layer 2 ACL so that the AR router can categorize packets based on link layer information such as the source and destination MAC addresses and Layer 2 protocol type.
Select a tab page, and click new on the configuration list. In the displayed dialog box, enter an ACL name. For the basic ACL and advanced ACL, an ACL type must be set. In the new configuration entry, click add and configure parameters.
For details, see the URL: The AR router configures the VLANIF interface to implement inter-VLAN communication.

Other related questions:
Configure a blacklist of an AR router
A blacklist can be manually configured. After the address scan and port scan functions of the attack defense module are enabled on an AR router, an IP address (or an interface) for which the packet rate exceeds a set value can be automatically added into a blacklist to shield packets sent from this IP address (or through this interface) as the router considers the rate excess as a scan attack. To configure a blacklist, do as follows: Run the system-view command to access the system view. [Huawei] firewall blacklist enable //Enable the blacklist function. By default, the blacklist function is not enabled. Blacklist entries can be added one by one or in batches. [Huawei] firewall blacklist ip-address [ vpn-instance vpn-instance-name ] [ expire-time minutes ] //Add blacklist entries one by one. Note: Blacklist entries without specified aging time will be written into a configuration file, while those with specified aging time will not. Run the display firewall blacklist command to check the blacklist entries without specified aging time. [Huawei] firewall black-white-list load configuration-file configuration-file-name //Load the configuration file of the blacklist/whitelist. Note: By loading the configuration file of the blacklist/whitelist, blacklist entries can be configured in batches. This configuration file must be configured in advance, and it supports only the text format. For details about how to configure the blacklist function of AR series routers using command lines and through the web NMS, see the URL: AR router configuration blacklist.

How to configure a route through the web NMS on an AR router
To configure a static route, do as follows: 1. Choose IP Service > Route > Static Route Configuration. . 2. Click Create in the IPv4 Static Route Configuration Table or IPv6 Static Route Configuration Table according to requirements to enter the parameter configuration page. 3. Configure parameters one by one, and click OK to complete the configuration. To configure a dynamic route, do as follows: - Configure the OSPF function. 1. Choose IP Service > Route > Dynamic Route Configuration > OSPF to enter the OSPF List page. 2. Click Create, enter parameters, and click ok to create an OSPF process. 3. On the OSPF List page, select the new OSPF process, click Advanced at the right side, click the Basic or Advanced tab page, and modify the OSPF process parameters according to requirements. - Configure the BGP function. 1. Choose IP Service > Route > Dynamic Route Configuration > BGP, configure parameters, and click Apply. 2. On the Peer Configuration List page, click Create, enter parameters, and click ok to create a BGP neighbor.

Method of configuring Telnet through the web NMS on an AR router
The method of configuring Telnet through the web NMS on an AR router is as follows: I. Enable the Telnet service. 1. Log in to the web NMS, and choose System Management > System Configuration > Service Management to enter the service management page. 2. Select Enabled of Telnet Service to enable the Telnet service. 3. Click Apply. II. Configure an account and a password for Telnet login. 1. Choose User Management > User Management. 2. Click the modify icon to change the default user admin and configure Telnet as an access type. Alternatively, click Create User to create an administrator account for Telnet login, configure a user name and a password, and select Telnet for Access type. 3. Click OK.

Configure a whitelist of an AR router
A device is added to a whitelist to avoid being added into a blacklist if the legal service packets sent by this device boast the features of IP scan attack and port scan attack. To configure whitelist entries one by one, do as follows: Run the system-view command to access the system view. [Huawei] firewall whitelist ip-address [ vpn-instance vpn-instance-name ] [ expire-time minutes ] //Add whitelist entries one by one. To configure whitelist entries in batches, do as follows: By loading the configuration file of the whitelist, whitelist entries can be configured in batches. This configuration file must be configured in advance, and it supports only the text format. The configured whitelist does not need to be enabled, and the whitelist entries automatically take effect. system-view //Access the system view. [Huawei] firewall black-white-list load configuration-file configuration-file-name //Load the configuration file of the whitelist. For details about how to configure the whitelist function of AR series routers using command lines and through the web NMS, see the URL: AR router configuration whitelist .

How to enable the web function on an AR router
The methods of enabling the web function on an AR router are as follows: Method 1: Default web login 1. Connect a PC to the router over the management interface through a network cable. 2. Configure an IP address for the PC. Configurable network segment: 192.168.1.2~192.168.1.254. 3. Open a browser, enter the URL "https://192.168.1.1" in the address bar, and click Enter to enter the user login page. 4. Enter login information. 5. Configure the router through the web NMS page. Note: If you cannot enter the web NMS page, the software version you use does not support the default web login method. Please try the following method: Method 2: Non-default web login 1. Connect a PC to the router over the CON/AUX interface through a console configuration cable. 2. Enable the terminal emulation software on the PC, create a connection, and set an interface for the connection and other communication parameters. 3. Press Enter until the following information is displayed to remind users of configuring a verification code. 4. Connect a PC to the router over the management interface through a network cable. 5. Configure an IP address for the router for management. 6. Enable the web service. 7. Configure an HTTPS user and a user level. 8. Configure an IP address for the PC. 9. Open a browser, enter the URL "https://192.168.1.1" in the address bar, and click Enter to enter the user login page. 10. Configure the router through the web NMS page.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top