Introduction to security router user management for Small and Medium-sized Enterprises

Bkjia.com exclusive Article] user management is a very common problem for network management of small and medium-sized enterprises. For example, how do I allocate a limited IP address? How do I control the Internet access permissions of different employees? How to block visitors from using the enterprise network? How do I allocate more bandwidth to executives or CEOs? These problems affect the security of the enterprise network. Therefore, to ensure network security, the network management must do a good job of user management. All these problems can be solved through the vro user management function. Qno xiaonuo technology offers a comprehensive introduction to the user management problems frequently encountered by small and medium-sized enterprises.
The management of Intranet users can be divided into three aspects: reasonable allocation of Intranet addresses in the enterprise LAN, addition of Intranet user control, and effective control of Intranet users. If there is no reasonable and effective management mechanism, it will bring a lot of negative impact and economic losses in network management and security.
In summary, common user management problems and corresponding vro functions are as follows:

User Management	FAQs	Product Features
Reasonable Address Allocation	How do I assign an IP address to a user? How can public IP addresses and virtual IP addresses coexist?	Dynamic/static IP Address Allocation, One-to-one NAT
New User Control	How to block non-corporate computers from accessing the internet?	IP/MAC binding
Internet User Control	How to manage different users? How do I reserve bandwidth for important personnel?	IP group management, QoS bandwidth management

The above internal network management can be achieved through the relevant functions of the Qno chinamoocs router, to achieve network security. The Qno na router provides dynamic IP Address Allocation and static IP Address allocation functions to meet the different needs of internal IP address allocation. The vro also provides the IP Group management function to set groups that require different Internet access permissions for different departments, facilitating unified management. Use the IP/MAC binding function to avoid network management difficulties caused by IP address abuse in internal networks. You can also use QoS settings to manage the bandwidth for Intranet users to access the Internet, ensure that enterprise leaders want to ensure smooth connection to the Internet, ensure that the company's important business information is not delayed, and that important application services are online smoothly.

IP Address Allocation
The first consideration for an enterprise is IP Address Allocation Management. Dynamic IP Address Allocation uses DHCP servers. The advantage is that clients do not need to be configured, but only need to configure servers. Static IP addresses must be configured on the client, which is relatively rigorous and fully controlled.
The Qno na router provides dynamic IP Address Allocation and static IP Address allocation functions to meet the different needs of internal IP address allocation. Qno vro provides the smart DHCP function for Dynamic IP Address allocation. It supports Class c ip addresses. You can set the IP Address allocation range and address lease time. Go to "DHCP configuration" for "DHCP function ".

DHCP configuration display issuance range

Learn about the internal network IP address allocation through "DHCP server status display, we can learn about the DHCP server and the "host name", "ip address", "MAC address", and "current lease time" of the internal network users ".

Figure: DHCP server status display

Static IP Address Allocation, As long as DHCP is not activated. However, the IP address configured on the client must be consistent with the vro configuration range. You can also use the DHCP function in combination with a static IP address, that is, some of the IP addresses configured in the router are issued using DHCP, and some use static IP addresses. For example, in-plant computers do not often move, but static IP addresses can be used. Business personnel computers often move, but dynamic IP addresses are used.
Proper IP Address allocation is the basis for subsequent security management. It is necessary to properly balance security and convenience.

One-to-one NAT
Some enterprises have several public IP addresses for special purposes. For example, the Headquarters server can only contact a fixed public IP address to enhance security. In this case, the public IP address is not enough for all computers in the office. In this case, you can configure one-to-one NAT to correspond several public IP addresses to the internal computer, in this case, the public IP address and the virtual IP Address can coexist in the LAN.

Figure: one-to-one NAT

Use this function to separate different IP addresses to avoid data outflow from the internal network.

IP/MAC binding
The DHCP server automatically allocates IP addresses of internal network users. You do not need to manually set IP addresses. However, DHCP is not easy to manage. You can add a user to the internal network to obtain a valid IP address within the DHCP range by Automatically Obtaining the IP address. Some attackers may access the enterprise LAN through a wireless network. Or in the case of static IP Address Allocation, some employees will change to the IP address of executives or leaders on their own to avoid control. These functions can be reflected through the IP/MAC binding function provided by the Qno na router product, and achieve security management.
To bind an IP address or MAC address to a CEN instance, you must enter the MAC address of the enterprise intranet computer to the vro and create a table with the IP address. If the MAC address of the computer that the router finds to request an IP address from the DHCP server is not listed in the table, no response will be given. Therefore, the network management can bind MAC of computers in the enterprise, so that external computers cannot enter the enterprise network, and internal employees can avoid modifying their own IP addresses to avoid control measures.
The IP binding function is very simple. On the "DHCP configuration" page of the "DHCP function" of Qno no router, "IP binding to MAC ", click "show new IP Address" to add the IP address/MAC address of the internal network to the IP address and MAC binding list. You can also manually add the IP address or MAC address.

Figure 4: IP-and-MAC-binding Screen

The IP/MAC binding function solves the problems of Intranet users evading management and managing new Internet users that may be added. It is also a necessary means of security management.
IP Group Management
Most enterprise network administrators want to grant different permissions to people in different departments. For example, if a business unit needs to communicate externally, the relative manufacturer or public institution needs to communicate externally. However, for internal Internet users, IP address access permission configuration requires a lot of work, and errors may occur during the input process, or even some omissions may occur. In this case, the IP Group Management Function of Qno xiaonuo router is available, multiple users, such as all the IP addresses of a department, can form a group to solve the problem.
For example, the IP address assigned to department A of an enterprise is 192.168.1.100 ~ 192.168.1.110: the IP address assigned to department B is 192.168.1.111 ~ 192.168.1.120. We can group these consecutive IP addresses to facilitate unified settings. Reduce the workload of network administrators and avoid error-prone IP address input. At the same time, when a large number of IP addresses need to be managed in the internal network, these consecutive IP groups need to be configured in the same group.
The "ip gpoup" on the "DHCP configuration" page of the "DHCP function" in the Qno xiaonuo vro. 5. After Entering the relevant information, you can complete the setting of the IP Group.

Figure 5: IP-and-MAC-binding Screen

QoS bandwidth management
Some enterprises want to configure specific users, such as special internal network users such as managers and directors) it provides large bandwidth, internal network users can select a specific WAN to access the external network, and specific lines to specific users. The above functions can be achieved through QoS bandwidth management.
The Qno xiaonuo router allows you to select a single IP address, a series of IP addresses, or an IP group of an internal network, by effectively managing the upload and download speeds, the bandwidth management function can be achieved to ensure that intranet users can use the bandwidth reasonably and that special users can access the Internet without restrictions, ensure high bandwidth usage. For example, you can set a large minimum bandwidth for important executives, or reserve a specific wide area network port to a specific IP group,

Figure 6: bandwidth management settings page

Summary
Based on the management of LAN users in small and medium-sized enterprises and through the Policy Management Function of Qno xiaonuo security router, this article gives a preliminary introduction to some common problems. I believe it will be of great help to the daily management of enterprise network management. User management is the most basic work of network security. If network management can put this work in place from the very beginning, it is believed that it can reduce many problems in the future.