ELTEX ESR-10, Руководство пользователя

Страница: 408 / 440

ESR service routers. ESR-Series. Functionality description. Version 1.12.0
408
esr(config)# object-group network server
esr(config-object-group-network)# ip address-range
192.0 . 2.20
esr(config-object-group-network)# exit
esr(config)# das-server CoA
esr(config-das-server)# key ascii-text password
esr(config-das-server)# port
3799
esr(config-das-server)# clients object-group server
esr(config-das-server)# exit
esr(config)# aaa das-profile CoA
esr(config-aaa-das-profile)# das-server CoA
esr(config-aaa-das-profile)# exit
The traffic from trusted zone is blocked before authentication as well as DHCP and DNS requests. You need to
configure allowing rules in order to pass DHCP and DNS requests:
esr(config)# ip access-list extended DHCP
esr(config-acl)# rule
10
esr(config-acl-rule)# action permit
esr(config-acl-rule)# match protocol udp
esr(config-acl-rule)# match source-address any
esr(config-acl-rule)# match destination-address any
esr(config-acl-rule)# match source-port
68
esr(config-acl-rule)# match destination-port 67
esr(config-acl-rule)# enable
esr(config-acl-rule)# exit
esr(config-acl)# rule
11
esr(config-acl-rule)# action permit
esr(config-acl-rule)# match protocol udp
esr(config-acl-rule)# match source-address any
esr(config-acl-rule)# match destination-address any
esr(config-acl-rule)# match source-port any
esr(config-acl-rule)# match destination-port
53
esr(config-acl-rule)# enable
esr(config-acl-rule)#exit
esr(config-acl)# exit
Then, create rules for redirecting to portal and passing traffic to the Internet:
esr(config)# ip access-list extended WELCOME
esr(config-acl)# rule
10
esr(config-acl-rule)# action permit
esr(config-acl-rule)# match protocol any
esr(config-acl-rule)# match source-address any
esr(config-acl-rule)# match destination-address any
esr(config-acl-rule)# enable
esr(config-acl-rule)# exit
esr(config-acl)# exit
esr (config)# ip access-list extended INTERNET
esr(config-acl)# rule
10
esr(config-acl-rule)# action permit
esr(config-acl-rule)# match protocol any
esr(config-acl-rule)# match source-address any
esr(config-acl-rule)# match destination-address any
esr(config-acl-rule)# enable
esr(config-acl-rule)# exit
esr(config-acl)# exit