Previous Next Title Page Contents

Chapter 10
Access Control

This Chapter explains how to configure and use the LevelOne WBR-1101TX's "Access Control" feature.

Overview

The Access Control feature allows administrators to restrict Internet Access by individual PCs. The process uses "Packet Filtering" to block or discard data packets. By default, no packets are blocked or discarded.

To use this feature:

You can limit Internet access for ALL PCs without entering ANY PC data. Simply apply the desired restrictions to the "Everyone" group.

It is also possible to define your own packet filters, and use these filters in addition to the pre-defined filters. Defining your own filters is optional.

Access Control Log

This log is accessed from the Access Control Log on the Status screen. It shows the attempted accesses which have been blocked.

This log can be used to track the operation of the Access Control feature. Data shown in this log is as follows:

Security Groups Screen

The Security Groups screen is reached from the Access Control link on the navigation bar. An example screen is shown below.

Figure 50: Security Groups Screen

Note that the Security groups are pre-named "Everyone", "Group 1", "Group 2", "Group 3", and "Group 4".

Operations

Define Access Rights
for a Security Group
  1. Select the group from the drop-down box.
  2. Enter the required data as described below.
    If necessary, click Clear Form to remove the existing information shown on screen.
  3. Click the Save button when finished.
Change Access Rights
for a Security Group
  1. Select the group from the drop-down box,
  2. Click Get Data to view their information
  3. Change any fields you wish.
  4. Click Save when finished.
Assign PCs to a
Security Group
All PCs are initially in the "Everyone" group. Use the PCs screen to move individual PCs to other groups as required.

Data - Security Groups Screen

The following data is required.

Access Rights: Internet Access for this Group

No restrictions
No packets are blocked. Use this to create an "Unlimited Access" group, or to temporarily remove restrictions.
Block all Access
Groups members cannot access the Internet at all. Use this to create the most restrictive group.
Use Packet Filter Table below
Use this to define intermediate levels of access. Using the Packet Filter table gives you fine control over Internet access.
Simply select the items you wish to block. You can choose from the pre-defined filters in the Applications to Block column, or your own filters in the TCP Packets to Discard and UPD Packets to Discard column.

Packet Filter Table

Applications
to Block
Any items checked will be blocked. Users will not be able to use the application.
TCP Packets
to Discard
This lists any TCP filters you have defined on the Filters screen. If no filters have been defined, this is empty.
Multiple items can be selected (or deselected) by holding down the Ctrl key while selecting items.
Selected items can NOT be accessed by members of this group.
UDP Packets
to Discard
This lists any UDP filters you have defined on the Filters screen. If no filters have been defined, this is empty.
Multiple items can be selected (or deselected) by holding down the Ctrl key while selecting items.
Selected items can NOT be accessed by members of this group.

 

If you have not defined your own filters, but wish to do so, refer to "Filters" later in this chapter.

PCs Screen

The PCs screen is reached from the Access Control link on the navigation bar. An example screen is shown below.

Figure 51: PCs Screen

Note that the drop-down box lists all PCs previously entered. If none have been entered, this box will be empty.

Operations

Create a new entry
  1. Click the "Clear Form" button.
  2. Enter the required data, as described below.
  3. Click "Add".
Note: The name shown in the drop-down list is ignored.
Delete an entry
  1. Select the entry from the drop-down list
  2. Click "Delete"
Modify (Edit)
an entry
  1. Select the entry from the drop-down list.
  2. Click "Get Data" to view the current data for this entry.
  3. Make any desired changes
  4. Click "Update"

 

Data - PCs Screen

Select PC

PC Name
This drop-down list shows all entries in the "PC" database. If you have not made any entries, this list will be empty.
Get Data button
Click this button to view the data for the PC selected in the drop-down list. You can then edit the data.

Details

PC Name
Enter a name to identify this PC.
Network Adapter Address
Hardware address for this PC. You can use the Windows "Winipcfg" program or your LAN management program to find this address.
Reserve entry in DHCP Table
Check this if you wish to reserve an IP address for this PC. This is useful if you have to provide the IP Address for other programs or users.
If this is left unchecked, the following entry can be ignored.
Reserved
IP Address
This relates to the entry above. Enter the reserved address here. This MUST be within the range used by the DHCP server (set on the Device - Internal LAN Port screen).
Security Group
Select the security group for this PC. If you only wish to reserve an IP Address, and are not using the security (access control) features, simply leave this at "Everyone".

Buttons

Clear Form
Clears all data, ready for input of a new entry.
Add
Add a new entry, using the data shown on screen.
The name shown in the drop-down list is ignored.
Delete
Delete the Virtual Server entry selected in the drop-down list, regardless of whether its details are shown on screen.
Update
Update the Virtual Server entry selected in the drop-down list, using the data shown on screen.
List All
List all User-defined Virtual Servers.
Cancel
Reverse any changes made since the last "submit" operation (i.e. since clicking any other button).

 

Filters Screen

The Filters screen is reached from the Access Control link on the navigation bar. An example screen is shown below.

Figure 52: Filters Screen

This screen allows you to define packet filters. When you define security groups, on the "Security Groups" screen, you can select from any filters defined here, as well as the pre-defined filters.

Data - Filters Screen

Define the packets you wish to be filtered out, by entering the following data.

TCP Filters

Name
Enter a descriptive name for this entry.
Port No.
Enter an integer representing the Port Number for this type of packet. This information can normally be provided by the service provider. Otherwise, a Network Analyzer or Packet Sniffer can be used to determine the correct port number.

UDP Filters

Name
Enter a descriptive name for this entry.
Port No.
Enter an integer representing the Port Number for this type of packet. This information can normally be provided by the service provider. Otherwise, a Network Analyzer or Packet Sniffer can be used to determine the correct port number.



Previous Next Title Page Contents