Forgot password?
 Register now

Welcome to use this form to feedback your problems with Ruijie Community

The category of your feedback

Your Feedback

Your Email address (optional):

How to use custom policies to restrict the traffic with specific IP address? Reply

GTAC-Sophia

Level 5

Ruijie Staff

How to use custom policies to restrict the traffic with specific IP address?
1558 0 2024-4-7 15:27:49
Original
1. Overview
Custom policies are used to restrict the traffic with specific IP addresses based on the smart flow control function,thereby meeting the bandwidth requirements of specific users or servers. When you create a custom flow control policy, you can flexibly configure the limited user range, the bandwidth limit, the limited application traffic, and the ratelimit mode. When a custom policy is enabled, it takes precedence over the smartflow control configuration.
Custom policies fall into common policies and VPN policies.
Common policies include the custom policies configured on the Eweb or Ruijie Cloud and the flow control policies configured on Ruijie Cloud for authentication accounts. Common policies manage common traffic.
Common policies and VPN policies are used tomanage common traffic and VPN traffic, respectively.
2. Getting Started
Before you configure a custom policy, enablesmart flow control first. For details, see: community.ruijienetworks.com/forum.php?mod=viewthread&tid=7935&extra=page%3D1
3. Configuration Steps
Choose One-Device >Gateway > Config > Behavior>Flow Control > Custom Policy.
(1) Set Policy Type.

*Note
The flow control policies configured on Ruijie Cloud and Eweb are displayed in the Normal Policy list. The flow control policies for authentication accounts configured on Ruijie Cloud cannot be edited or deleted on Eweb. You can only enable or disable these policies and change the priority of them.
(2) (Optional) Switch the application library
*Note
This feature is only supported on RG-EG105G-V2and RG-EG210G.
  • The application lists vary in different regions. The Chinese and International versions of the application library are provided. Please select the version based on the regions.
  • Click to select Application Library Version and click OK. The version is switched after a few minutes.
*Caution
  • It takes about one minute to switch the application library version. Please wait.
  • If you switch the application library, the template of the application priority will be reset, and the old application control policy may be inactive. Please proceed with caution.

(3)Set a custom policy
  • Set a custom policy
         Set Policy Type to Normal Policy and click Add tocreate a custom flow control policy.
  a. Set a custom policy.
        You can setup to 30 custom common policies, including the custom policies configured on Eweband Ruijie Cloud.
        You can setup to 20 flow control policies for authentication accounts on Ruijie Cloud. TheEweb only displays these policies.   
b. Configure items related to a common policy
Table 1-1 Configuration of a Custom Policy
   Parameter      Description   
  Policy Name    A policy name uniquely identifies a custom  flow control policy. It cannot be modified.  
  Type    The type of a flow control policy can be  set to the following:
>User Group: Indicates that the policy is  applied to users in a specified user group. You need to select a user group  to be managed.  
>Custom: Indicates that the policy is  applied to users in a specified IP address segment. You need to manually  enter the IP address range to be managed.  
  User Group    Select a user to be managed by the policy  from the user group list.
If you select all members of a user group,  the policy takes effect on the entire user group (it also takes effect on  members added to the user group later).  
This parameter is required when Type is set to User Group.   
  IP/IP Range    Specify the IP address range  for the flow control policy to take effect. When Type is set to Custom,  enter the IP address manually. You can enter a single IP address or an IP  address segment.

  This parameter is required when Type is set to Client.
The IP address range must be  within a LAN segment.
You can choose One-Device  > Gateway > Monitor > Ethernet status to check the  network segment of the current LAN port. For example, the network  segment of the LAN port shown in the figure below is 192.168.2.0/24.




                                                                          
  Bandwidth Type>Shared: Indicates that all users in a  user group (all IP addresses in an address range) share the configured uplink  and downlink bandwidths, and the bandwidth of a single user is not limited.  l   >
Independent: Indicates that all users in a  user group (all IP addresses in an address range) share the configured uplink  and downlink bandwidths, and the maximum bandwidth of a single user can be  limited.  
  Application   When Bandwidth Type  is set to Shared, the flow control policy can be configured to take  effect only on specified applications.
>All Applications: Indicates that the flow  control policy takes effect on all applications in the current application  library.  
>Custom: Indicates that the flow  control policy takes effect only on specified applications in the application  list.  
>Application Group:Indicates that the flow control policy  takes effect only on specified applications in the application list.  
When Bandwidth Type is set to Independent,  some models do not support application selection and the flow control policy  takes effect on all applications in the current application library by  default.  
For the models, contact technical support  engineers.  
  Application List   When Application is set to Custom,  it specifies the applications, on which the policy takes effect. The traffic  of the selected applications is subject to the policy.  
  Application Group    When Application is  set to Application Group, it specifies the application groups, on  which the policy takes effect. The traffic of the selected application group  is subject to the policy.
  
  Channel Priority    Specify the traffic  guarantee level. The value range is from 0 to 7. A smaller value indicates a  higher priority and the value 0 indicates the highest priority.
  
Different traffic priority  values correspond to different application groups in an application template.  2 indicates the key group, 4 indicates the normal group, and 6  indicates the suppression group.
  Bandwidth Limit    Configure whether to limit  the bandwidth.
  >Limit Kbps: You can set the uplink and  downlink bandwidth limits as needed.
  >No Limit: When the bandwidth is  sufficient, the maximum bandwidth is not limited. When the bandwidth is  insufficient, the minimum bandwidth cannot be guaranteed.  
  Uplink Bandwidth    Configure the data  transmission rate in uploading, in Kbps. It includes Limit-at, Max-Limit, and  Max-Limit per User.

>Limit-at: Specifies the minimum bandwidth that can be shared by all users when  the bandwidth is insufficient.
>Max-Limit: Specifies the total maximum  bandwidth that can be occupied by all users when the bandwidth is sufficient.
>Max-Limit per User: Specifies the maximum  bandwidth that can be occupied by each user when multiple users share the  bandwidth. It is optional and can be configured only when >Bandwidth Type  is set to Independent. The rate is not limited by default.  
  Downlink Rate    Configure the data  transmission rate in uploading and downloading, in Kbps. It includes  Limit-at, Max-Limit, and Max-Limit per User.
>Limit-at: Specifies the minimum bandwidth that can be shared by all users when  the bandwidth is insufficient.
>Max-Limit: Specifies the total maximum  bandwidth that can be occupied by all users when the bandwidth is sufficient.
>Max-Limit per User: Specifies the maximum  bandwidth that can be occupied by each user when multiple users share the  bandwidth. It is optional and can be configured only when Bandwidth Type is set to Independent. The rate is not limited by default.  
  Interface  Specify the WAN port, on  which the policy takes effect. When it is set to All WAN Ports, the  policy will be applied to all WAN ports.
  
  Enabled  Set whether to enable the  flow control policy. If it is disabled, the policy does not take effect.
  
*Caution
After switching the application library version, you may need to reconfigure the application list.
c. Click OK.
  • Set a custom VPN policy.
a. Set Policy Type to VPN Policy and click Add tocreate a custom VPN flow control policy.
A maximum of 10 VPN policies can be configured.

b. Configure items related to a VPN policy
Table 1-2 Configuration of a Custom VPN Policy
   Parameter      Description   
  Policy Name    A policy name uniquely identifies a custom  flow control policy. It cannot be modified.  
  Type    The type of a flow control policy can be  set to the following:
>User Group: Indicates that the policy is  applied to users in a specified user group. You need to select a user group  to be managed.
>Custom: Indicates that the policy is  applied to users in a specified IP address segment. You need to manually  enter the IP address range to be managed.  
  User Group    Select a user to be managed by the policy  from the user group list.
If you select all members of a user group,  the policy takes effect on the entire user group (it also takes effect on  members added to the user group later).  This parameter is required when Type is set to User Group.  
  IP/IP Range    Enter an IP address or IP range manually.  This parameter is required when Type is set to Client.  
  Effective User    Specify the type of effective users. It  can be set to the following:
>Internal IP/User: For a gateway, IP addresses  of clients connected to the gateway are internal IP addresses.
>External IP/External User: For a gateway, non-gateway  internal IP addresses are external IP addresses.  
The configuration suggestions are as  follows:  
1. When clients are configured to  control VPN traffic, select Internal IP/ User to control the traffic  of internal network users. When the VPN server is configured to control the  VPN traffic, select External IP/External User to control the traffic  of external network users.

2. For the VPN of the NAT model,  the external IP address of the server must be in the IP address segment of  the VPN address pool.
3. For the VPN in router mode, the  IP address segment must be set to IP addresses of restricted users. For the  VPN in router mode, to configure flow control on internal IP addresses of  clients, set internal IP addresses to the IP addresses of the flow control  objects.  
Note:  The external IP address configured by the Open VPN server is the IP address  of the address pool. The internal IP address configured by the client is the  actual IP address of the client.   
  Application    When Bandwidth Type  is set to Shared, the flow control policy can be configured to take  effect only on specified applications.

1. All Applications: Indicates that the flow  control policy takes effect on all applications in the current application  library.
2. Custom: Indicates that the flow  control policy takes effect only on specified applications in the application  list.
3. Application Group: Indicates that the flow control  policy takes effect only on specified application groups. The traffic of  applications involved in the application group is subject to the policy.
When Bandwidth Type is set to Independent,  some models do not support application selection and the flow control policy  takes effect on all applications in the current application library by  default.  
For the models, contact technical support  engineers.  
  Application List   When Application is  set to Custom, it specifies the applications, on which the policy  takes effect. The traffic of the selected applications is subject to the  policy.
  
  Application Group    When Application is  set to Application Group, it specifies the application group, on which  the policy takes effect. The traffic of the selected application group is  subject to the policy.
  
  Bandwidth Limit    Configure whether to limit  the bandwidth.
>Limit:  You can set uplink and downlink bandwidth limits as needed.
>No Limit:  When the bandwidth is sufficient, the maximum bandwidth is not limited. When  the bandwidth is insufficient, the minimum bandwidth is not guaranteed.  
  Uplink Bandwidth    Configure the maximum uplink  bandwidth shared by VPN users matching the policy in Kbps.
  When the bandwidth is shared  by multiple users, you can also set the maximum uplink bandwidth per user in  Kbps. The uplink bandwidth is not limited by default. Note: The parameter is  valid when Bandwidth Limit is set  to Limit Kbps.
  
  Downlink Rate    Configure the maximum  downlink bandwidth shared by VPN users matching the policy in Kbps.
  When the  bandwidth is shared by multiple users, you can also set the maximum downlink  bandwidth per user in Kbps. The downlink bandwidth is not limited by default.
  
Note: The parameter is valid  when Bandwidth Limit is set to Limit Kbps.
  
  Interface    Specify the VPN port, on  which the policy takes effect. When it is set to All VPN Ports, the  policy will be applied to all VPN ports.
  
  Enabled    Set whether to enable the  flow control policy. If it is disabled, the policy does not take effect.
  
c   Click OK.
(4) View Custom Policies
The currentcustom policies are displayed in the PolicyList section. You can modify and delete a custom policy. To delete multiplecustom policies in a batch, select the desired policies and click Delete Selected.
Normal policy list

VPN policy list

Table 1-3 Policy list information
   Parameter
   
   Description
   
  Application List    The Application  List contains the applications to which the policy is valid. If the Application Library matches with the Application that is set to Custom andsupported by the policy,                                                                        is displayed in the Application List. If not,       is displayed.   
  Status
  
  Indicate  whether the current policy is enabled. You can click to edit the status. If  the Application Library does not  match with the Application that is  set to Custom and supported by the  policy, you cannot edit the Status  directly. Please click Edit in the  action bar to edit the policy or switch the application library.
  
  Effective  State
  
  Indicate  whether the policy is effective in the current system. If Inactive is displayed, check whether  the policy is enabled, whether the policy-enabled port exists, and whether  the Application Library matches  with the Application to which the  policy is valid.
  
  Match  Order
  
  All  the created custom policies are displayed in the policy list, with the latest  policy listed on the top. The device matches the policies according to their  sorting in the list. You can manually adjust the policy matching sequence by  clicking       or       in the list.
  
  Action
  
  You  can modify and delete the custom policy.
  
RG-EG105G V2

Configuration Router
There are no replies.
Related Posts
Product Model

Share this topic to

Cancel

This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.

More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.

©2000-2023 Ruijie Networks Co,Ltd