For the network management of small and medium-sized enterprises, user management is a very common problem. For example: How is a limited IP allocated? How to control the Internet access for different employees? How do you block visitors from using the corporate network? How to assign more bandwidth to executives or bosses? These problems, all affect the security of the Enterprise network, so network management to do the security, it must from the basic user management work well. These problems can be achieved through the user management function of routers. The following we on the small and medium-sized enterprises often encounter the user management problem, to qno the router as an example to make a comprehensive introduction.
The management of Internet users in intranet can be divided into three aspects, such as reasonable distribution of intranet address, internal control of new Internet users, and effective control of internal Internet users. Without a reasonable and effective management mechanism, there will be a lot of negative impacts and economic losses on the network management and security.
To sum up, common user management problems and corresponding router functions are as follows:
User Management FAQ corresponding product features
How to assign an IP address to a user with a reasonable allocation of addresses? Dynamic/static IP address assignment, one-to-one NAT
How do public IP and virtual IP coexist?
How do new user controls prevent non-corporate computers from surfing the internet? Ip/mac binding function
How do Internet users regulate different users? IP Group management, QoS bandwidth management
How do I keep bandwidth to important people?
All of these internal network management can be achieved through the related functions of qno, to achieve the goal of network security. Qno-Knight routers provide dynamic IP address assignment and static IP address allocation function to meet the different needs of internal Internet users ' IP address allocation. Routers also provide IP group management functions, to solve different departments need different access to the group settings, convenient unified management. With Ip/mac binding function to avoid the internal network abuse of IP address caused by network management difficulties, at the same time, through the setting of QoS to the intranet users a certain amount of bandwidth management, to ensure that the enterprise leaders hope that the speed of networking can be maintained unimpeded traffic congestion, to ensure that the company's important business information does Important application services are required to be online smoothly.
IP address Assignment
Enterprise is the first consideration is the allocation of IP address management, dynamic IP address allocation using a DHCP server, the advantage is that the client does not need to configure, just configure the server, simple configuration. Static IP must be in the client IP configuration, relatively rigorous, more complete control.
Qno-Knight routers provide dynamic IP address assignment and static IP address allocation function to meet the different needs of internal Internet users ' IP address allocation. The qno router provides dynamic IP address allocation wit (DHCP function), supports class C IP addresses, and sets the range of IP address assignments and address lease times. Enter DHCP configuration for DHCP features.
Figure I: DHCP configuration displays a total of 50 computers between 192.168.1.100~192.168.1.49, with an address lease time of 1440 minutes.
Through the "DHCP Server status display" To understand the internal network IP address allocation, we can learn about the DHCP server and the internal network user's "host name", "IP Address", network card "MAC address", "Current lease time."
Figure II: DHCP Server status display. The router also supports static IP allocation, as long as it guarantees that its IP address does not conflict with the DHCP scope.
Static IP assignment, as long as the DHCP feature is not activated. However, the IP address configured by the client and the scope of the router configuration must match. DHCP can also be used in conjunction with static IP, that is, in the IP range of the entire router configuration, part of the use of DHCP distribution, the partial use of static IP. For example: the use of computers in the factory is not often mobile, you can use static IP, business staff computers are often mobile, the use of dynamic IP.
Proper IP address allocation is the basis for subsequent security management, and it is necessary to strike a balance between security and convenience.
One-to-one NAT
Some enterprises have several public IP, used for special purposes, such as the headquarters server only and fixed public network IP contact to enhance security. In this case, often occurs public network IP not enough office all computer use, then can carry on one-to-one NAT configuration, several public network IP corresponds to the internal computer, at this time can reach the public network IP and virtual IP together in the LAN coexistence purposes.
Figure three: One-to-one NAT function can allow common network IP and virtual IP to exist together LAN, can be applied to the communication application that pays attention to information security.
Use this feature appropriately, separating different IPs to avoid data outflows from the internal network.
Ip/mac binding function
The DHCP server automatically assigns the IP address of the internal network user, and the user can not set the IP address manually. However, DHCP is not easy to manage, the internal network to join a user to automatically obtain the IP address can be in the DHCP scope to obtain a legitimate IP address. Some attackers will enter the enterprise LAN via wireless networks. Or, in the case of static IP allocations, some employees will modify the IP address of the executive or leader themselves to evade control. These are all available through the Qno Ip/mac binding function to respond to and achieve security management functions.
The Enterprise network management carries on the IP/MAC binding, must the enterprise intranet computer MAC address all type to the router, and establishes the comparison table with the IP address. If a router discovers that the Mac of the computer that is requesting IP from the DHCP server is not in the table column, it will not respond. Therefore, the network management can be the enterprise computer Mac binding, then the external computer can not enter the enterprise network, but also to avoid internal staff to modify the IP to evade control measures.
The function of IP binding is simple, qno the "IP and Mac bindings" of the DHCP configuration page of DHCP features, click "Show newly added IP address" to add the IP address/mac of the internal network to the IP and Mac bindings list, but also to join by manual mode.
Figure IV: IP and MAC binding screen.
You can "√" to block the IP address in the corresponding list, the wrong MAC address "Prevents internal network users from modifying IP addresses to evade network management, such as" √ "select" Blockade is not in the corresponding list of MAC address ", you can block the internal network and did not pass the consent of webmaster personnel to join the Internet users.
The Ip/mac binding function solves the problem that the intranet user escapes the management and manages the new Internet users who may join, and is also a necessary means of security management.
IP Group Management
Most of the enterprise network management wants to give different authority to various departments, such as business units need more external contact, relative manufacturing units or institutions need less external contact. However, for the internal Internet users IP address access rights configuration, heavy workload, the input process is also prone to errors, and sometimes missing things, in this case qno the IP Group management function of the router, can be multiple users, such as a department of all IP addresses, to form a group to solve this problem.
For example, a division of an enterprise's IP address is the 192.168.1.100~192.168.1.110,B division to the IP address is 192.168.1.111~192.168.1.120, we can these consecutive IP address group together, Easy to do unified settings. Reduce the workload of network administrators, but also avoid a wide range of IP address input error prone. At the same time, the internal network needs a large number of IP addresses need to do the same management when the continuous IP group to a group to do the same settings.
Qno the "IP gpoup" of the DHCP configuration page of DHCP features in the router, the IP group settings can be completed after the corresponding input information is determined in figure five.
Figure five: IP Group Management Settings screen
QoS Bandwidth Management features
Some enterprises want to configure for specific users, such as the internal network of special users (such as managers, chairman, etc.) to give large bandwidth, internal network users choose a specific WAN access to the external network, specific lines for specific users, and so on. The above functions can be achieved through QoS bandwidth management functions.
Qno the router allows you to select a single IP address to set up an internal network, a series of IP address, or an IP group, through effective management of upload and download speed to achieve the bandwidth management function, to ensure that intranet users can reasonably use bandwidth, but also to ensure that special users access to the Internet is not restricted, Guarantee large bandwidth to enjoy. For example, you can set a large minimum bandwidth for an important executive, or keep a specific WAN port for a specific IP group,
Figure VI: Bandwidth management feature Settings page
Summary
The above for small and medium-sized enterprise Intranet user management, through QNO security router Strategy management function, in view of the problems often encountered, made a preliminary introduction. Believe that the enterprise network management in the day-to-day administration, there is considerable help. User management is the most basic work of network security, if network management can in the beginning of this work in place, I believe that can reduce many follow-up problems.