More services
BAT54-Rail/F..
Release
7.54
06/08
12.8
PPPoE Servers
495
Note: Real-time based rules can only be executed if the device has a time
from a relevant source, e.g. via NTP.
12.8PPPoE Servers
12.8.1 Introduction
In accordance with the widespread availability of DSL, PPPoE clients have
now been widely integrated into all operating systems. These can be used to
"log on to the network" as well as to manage access rights to services such
as the Internet, e-mail or remote stations.
12.8.2 Example application
All employees in the 'Purchasing' department must first authenticate them-
selves to the BAT using PPoE (IP routing, PAP check) in order to access the
Internet.
Constraint: The BAT can be accessed directly by the users in the LAN as a
router, firewall and gateway, i.e. there are no other routers in between them.
The computers in Purchasing are assigned with an IP address from a certain
address range (e.g. 192.168.100.200 to 192.168.100.254) from the list of ad-
dresses for dial-in connections (LANconfig
TCP/IP Addresses).
Note: The BAT itself is in a different IP address range!
U PPPoE can only be used on a network segment.
As it is what is known as a "Layer 2" technology, PPPoE can only be used
within a network segment, i.e. it cannot be used across IP subnets. The
PPPoE connection cannot be established across network segment limits,
such as via a router.
After a user logs on to the LAN (e.g. username: 'Purchasing', password:
'secret') using a specified PPPoE logon, further rights can be regulated via
the firewall. This enters the PPPoE user name as a 'remote station' in the
firewall. With a deny all rule, and a PPPoE rule in the following format, user
Anyone can be permitted to use the Internet with Web and FTP:
D Source: Anyone
D Target: All stations
D Services: WWW, FTP
To Next Page
Loading...
