All employees in the 'Purchasing' department must first authenticate themselves to the LANCOM using PPoE (IP routing, PAP check) in order to access the Internet.
Constraint: The LANCOM can be accessed directly by the users in the LAN as a router, firewall and gateway, i.e. there are no other routers in between them.
The computers in Purchasing are assigned with an IP address from a certain address range (e.g. 192.168.100.200 to 192.168.100.254) from the list of addresses for dial-in connections (LANconfig/ TCP/IP / Addresses).
To prevent users from bypassing the authentication, a DENY ALL rule is defined in the firewall to stop local connections from being established.
The user 'Purchasing' is then entered into the PPP list (LANconfig / Communication / Protocols) without a user name but with a password which is to be used by all staff members in the department, and authentication (encrypted) is set up as CHAP. Both IP routing and NetBIOS (Windows Networking) are to be activated for this PPP user:
Along with the activation of the PPPoE server (LANconfig / Communication / General), further limitations (e.g. permissible MAC addresses) can also be defined in the PPPoE server. The example uses the existing entry 'DEFAULT' with the MAC address '00.00.00.00.00.00', thereby permitting all MAC addresses.
The firewall (LANconfig / Firewall/QoS / Rules) can be used to control which services are available to the employees in Purchasing (e.g. release of HTTP and EMAIL only).
