Internet behavior control of wireless access terminals

1 demand

When the wireless terminal through the wireless router (AP) access to the company's local area network access public network, if you want to deploy in the LAN export Network behavior management equipment (such as deep convincing AC) to conduct terminal Internet behavior control, for wireless access terminals need to have the following requirements.

1, the wireless access terminal can not be accessed via the AP NAT address conversion and access to the company's local area network;

2, wireless access terminals need to obtain the company's local area network IP address;

2 analysis

For the above 2 points, the reasons are as follows.

1, if the wireless access terminal is through the AP access to the independent IP segment address (this address segment and the company LAN IP segment address regardless), and through the AP for NAT address conversion, the AC recorded only the AP's WAN address, unable to record the IP address of the wireless terminal, therefore, All Internet behavior logging is not matched to the wireless terminal. Therefore, it is not possible to access the company LAN via the AP for NAT address transfer;

This column more highlights: http://www.bianceng.cn/Network/wxwl/

2. Similarly, each wireless access terminal needs to obtain the IP address of the company's local area network instead of the address after the NAT address conversion through other devices to ensure that each wireless access terminal is authenticated as a single terminal or individual user on AC.

3 method

Depending on the above requirements, the AP should be configured as follows.

1, the AP does not need to configure WAN port, only need to configure LAN port, configure a company LAN IP address, this address only for wireless router management;

2, turn off the AP's DHCP function;

3, Configuration good wireless SSID configuration ap;

4, the company LAN network cable access to the AP's random LAN Kou;

Wireless terminal through the AP's wireless SSID access network, and through the company's local area network DHCP to obtain dynamic IP address, can be in the AC control.