Example application

AAll employees in the 'Purchasing' department must first authenticate themselves to the device using PPoE (IP routing, PAP check) in order to access the Internet.

Constraint: The device can be accessed directly by the users in the LAN as a router, firewall and gateway, i.e. there are no other routers in between them.

The computers in Purchasing are assigned with an IP address from a certain address range (e.g. 192.168.100.200 to 192.168.100.254) from the list of addresses for dial-in connections (LANconfig/ TCP/IP / Addresses). (LANconfig: IPv4 > Addresses).

Important: The device itself is in a different IP address range!




To prevent users from bypassing the authentication, a DENY ALL rule is defined in the firewall to stop local connections from being established.

The user 'Purchasing' is then entered into the PPP list (LANconfig: Communication > Protocols > PPP list) and authentication (encrypted) is set up as CHAP. Both IP routing and NetBIOS (Windows Networking) are to be activated for this PPP user:





Along with the activation of the PPPoE server (LANconfig: Communication > General > PPPoE server enabled), further limitations (e.g. permissible MAC addresses) can also be defined in the PPPoE server. The example uses the existing entry DEFAULT with the MAC address 00:00:00:00:00:00, thereby permitting all MAC addresses.





The firewall (LANconfig: Firewall/QoS > IPv4 Rules > Rules)can be used to control which services are available to the employees in Purchasing (e.g. release of HTTP and EMAIL only).





www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo