Seitenhistorie

Seiteneigenschaften

Description:

This document describes the management of user-related rights when operating the PPPoE server on the LANCOM router, and how to set up the PPPoE client in Windows 7.

The PPPoE server integrated into the LANCOM router allows multiple PPPoE users to be created and managed within an existing LAN. With the widespread availability of DSL, most operating systems are now equipped with PPPoE clients. These can be used to "log on to the network" as well as to manage access rights to services such as the Internet, e-mail or remote sites.

In most scenarios DHCP is used to assign addresses to LAN users, which makes the configuration of individual firewall rules complicated and laborious. This process can be simplified by creating PPPoE users and then using the remote sites as the basis for granting access rights. This approach greatly simplifies the configuration and management of individual employees and groups.

In the example described here, the firewall is used to restrict the group

named

named Purchasing to using the following services: HTTP, HTTPS, POP3, SNMP, and NNTP. All other services are prohibited for this group. This range of services can be enlarged or restricted to meet your individual needs.

Requirements:

LANtools as of version 7.80 (download latest version)
LCOS as of version 7.80 (download latest version)
The router must have been given a name

under

under Management

->

→ General

->

→ Device name.

An

An address pool for dial-in access must be specified in the router

under Configuration ->

under TCP/IP

->

→ Addresses.

Procedure:

1. Configuring the LANCOM router:

1.1) Enable the PPPoE server in the configuration of the LANCOM router (

Configuration ->

Communication

->

→ General).

1.2) Assign

a

a name to the service, e.g. User_Auth).

Information:

Info
Entering a name for the service is optional. This enables a PPPoE client to select a certain PPPoE server as specified in the client software.

The

The Session limit specifies how often a client can be logged on simultaneously with the same MAC address. Once the limit has been reached, the server no longer responds to the client queries that are received. The default is1, the maximum value

is

is 99. A Session limit

of 0

of 0 stands for an unlimited number of sessions.

Image Removed

Image Added

1.3) Click on the button

'

Remote sites (PPPoE)

'

and create a new entry

in the PPPoE server's name list (LANconfig> Communication> Name list)

.

Image Removed

Image Added

The settings for the remote

site

site DEFAULT are applied to all client dial-ins.

To make settings for each individual client, you can define remote-site names for each client here. The name of the remote site must be set in the client as the PPP user name.

Information:

Info
If a MAC address is entered, then only connections from this MAC address will be established. The MAC address of '000000000000' means that the client may log on with any MAC address.

1.4) Go to the

menu Configuration -> Communications -> Protocols -> PPP list

menu Communication → Protocols → PPP list and Add a new entry.

Enter the

user

user Purchasing as remote site into the PPP list without a user name but with a shared password, which is to be used by all employees in the department. Set authentication (encrypted) as CHAP. IPv4 routing is activated for this PPP user.

Image Removed

Image Added

1.5)

The

The firewall can be used to control which services are available for the employees in the Purchasing department. In this example the services WEB and MAIL are to be released.

Go to the

menu Configuration ->

menu Firewall/QoS

->

→ Rules and Add a new rule.