Can an AR monitor intranet traffic

91

AR routers can monitor intranet traffic.The AR does not provide query of traffic from each IP address.

Other related questions:
Can an AR monitor intranet traffic
AR routers can monitor intranet traffic.The AR does not provide query of traffic from each IP address.

Does the AR series support the web NMS
The AR series supports the web network management system (NMS) from V200R002C01. You can use the web network management system to manage and maintain AR series.

How does an AR limit intranet users to access the network
An AR can be configured with a traffic policy to limit intranet users to access the network.
If an intranet user uses the static IP address, a traffic policy can be configured to deny the intranet user. If a terminal device obtains an IP address using DHCP, the IP address of the terminal device that is limited to access the network needs to be determined.
This prevents the impact on other users' Internet access after the address is released and allocated to other terminals.
The configuration roadmap is as follows:
Create an ACL and configure rules that match the IP or MAC addresses of users who are limited to access the network (ensure that users are connected to the router directly or through a switch). For example:
Create an ACL based on IP addresses.
[Huawei] acl 3000  //Create ACL 3000
[Huawei-acl-adv-3000] rule permit ip source 10.1.1.1 0.0.0.0   //Match terminal 10.1.1.1 of the intranet.
[Huawei-acl-adv-3000] rule permit ip source 10.1.1.2 0.0.0.0  //Match terminal 10.1.1.2 of the intranet.
Create a traffic classifier that matches acl 3000.
[Huawei] traffic classifier c1
[Huawei-classifier-c1] if-match acl 3000
Create a traffic behavior to limit the matched IP address to access the network.
[Huawei] traffic behavior b1
[Huawei-behavior-b1] deny 
Create a traffic policy and bind the traffic classifier and traffic behavior to the traffic policy.
[Huawei] traffic policy test 
[Huawei-trafficpolicy-test] classifier c1 behavior b1
Apply the traffic policy test to the interface.
[Huawei] interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1] traffic-policy test inbound 
Using the same method to match source MAC addresses except for creating an ACL. For example, permit users with the intranet MAC address 1122-1122-1122 to access the network.
[Huawei] acl 4000 //The Layer 2 ACL number must be in the range 4000 to 4999.
[Huawei-acl-L2-4000] rule permit source-mac 1122-1122-1122
Use the preceding profile to perform other configurations.

Whether DHCP can be configured on the intranet LAN interface of the AR
The DHCP server can be configured on a Layer 3 interface of the Huawei AR to allocate IP addresses to users connected to the Layer 3 interface. In practice, an interface connected to the intranet is enabled with the DHCP server and allocates intranet IP addresses to intranet users. The interface connected to the public network has NAT enabled to communicate with the public network.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top