background image

47 
 

 

Firewall Configuration 

Configuring LAN to WAN Firewall 

The device supports three kinds of filter Port Filtering, IP Filtering and MAC Filtering.  All the entries in current filter table are 

used to restrict certain types of packets from your local network through the device. Use of such filters can be helpful in 

securing or restricting your local network. 

Port Filtering 

When you enable the Port Filtering function, you can specify a single port or port ranges in the current filter table. When the 

source port of outgoing packets matches the port definition or falls within the port ranges in the table, the firewall will block 

those packets from LAN to WAN. 

 

IP Filtering 

When you enable the IP Filtering function, you can specify local IP Addresses in the current filter table. When the source IP 

address of outgoing packets matches the IP Addresses in the table the firewall will block this packet from LAN to WAN. 

 

MAC Filtering 

When you enable the MAC Filtering function, you can specify the MAC Addresses in the current filter table. When the source 

MAC Address of outgoing packets matches the MAC Addresses in the table the firewall will block this packet from LAN to 

Summary of Contents for DBL2119

Page 1: ...DLB21XX WLAN Indoor Outdoor Radio User Manual Version 1 0 0 06 21 2007...

Page 2: ...n 22 Basic Settings 22 Disable Wireless LAN Interface 22 Band 22 Mode 22 Network Type 23 SSID 23 Channel Number 23 Advanced Settings 25 Authentication Type 25 Fragment Threshold 25 RTS Threshold 25 Be...

Page 3: ...figuring VPN 50 Management Configuration 51 Quality of Service QoS 51 QoS Rule settings 52 Current QoS setting table 52 Bandwidth Control 53 SNMP Agent 54 Upgrade Firmware 57 Firmware Types 57 Upgradi...

Page 4: ...the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from where the receiver is connected Consult the dealer or...

Page 5: ...ogy of wireless local area networks NOTE Only those antennas that are of the same type and with lesser gain than those that are certified with this device may be used legally by the installer Packing...

Page 6: ...f the DLB21XX units Access Point Bridged This is how the radio is configured by default This configuration bridges the ethernet and wireless interfaces and disables all NAT firewall functions The firs...

Page 7: ...on This is all you have to do for a basic bridged access point You will need to reboot the unit for the changes to take effect Access Point Router This configuration is an access point with NAT enabl...

Page 8: ...Access Point with routing first change the Operation Mode to Router For ease of management you may also want to change the LAN IP address to reside on the subnet your other PCs will be on when connec...

Page 9: ...LAN Interface checkbox needs to be unchecked The SSID can also be changed at this point if desired These settings enable a basic routing access point Access Point Client Mode This device can be config...

Page 10: ...connect then press Apply Changes button to apply the change Check the status of connection in the Status web page The alternative way to configure is as follows In the Wireless Site Survey page selec...

Page 11: ...ion and data encryption you need to setup the authentication and encryption before step1 and all the settings must be as same as the Access Point or Station For more information about the detail authe...

Page 12: ...fer the security section AP Client Router WISP The AP Client in Router or WISP mode is similar to the basic AP client but instead of all the interfaces being bridged together the WLAN interface is tre...

Page 13: ...d then press Connect button to establish the link If the link is established successfully it will show the message Connect successfully Then press OK Then you can check the linking information in Stat...

Page 14: ...m and Shared Key Although the default setting is Auto not every Access Points can support Auto mode If the authentication type on the Access Point is known by the user we suggest setting the authentic...

Page 15: ...configuring the TCP IP LAN interface This defines what happens to any connections made through the ethernet port In this case DHCP server is enabled so any connections made will be assigned an IP in...

Page 16: ...both units are in Bridge mode Then under Wireless Basic Settings set the wireless radio on both units to WDS mode Radio A and Radio B both need to use the same Channel Number in order for WDS to conne...

Page 17: ...e next step is to add the MAC address of the wireless interface in the WDS bridge in Radio B in the WDS section in Radio A NOTE The MAC address of the wireless interface in Radio B can be found on the...

Page 18: ...ll need to be done on both radios The WDS should then be established NOTE Be careful not to create a network loop without having STP Spanning Tree Protocol enabled on both units Configuring Universal...

Page 19: ...Table that you want Then click the Apply Changes button Click the Refresh button to refresh the table NOTE Universal Repeater Mode is only available under AP WDS and AP WDS mode Enter specific SSID in...

Page 20: ...n the same subnet as the device such as 192 168 2 X for LAN 172 1 1 X for WAN NOTE By default the DHCP server is enabled Do not have multiple DHCP servers in your network environment otherwise it will...

Page 21: ...rement Bridge The wired Ethernet and wireless NIC are bridged together Once Bridge mode is selected all the WAN related functions will be disabled WISP Wireless ISP This mode allows the wireless NIC t...

Page 22: ...e the same public IP address from your ISP WDS Wireless Distribution System This mode serves as a wireless repeater the device forwards the packets to another AP with WDS function When this mode is se...

Page 23: ...eless clients to join a wireless local network Client Support Infrastructure and Ad hoc network types to act as a wireless adapter WDS This mode serves as a wireless repeater the device forwards the p...

Page 24: ...nection In client mode the device can not support the Router mode functions including Firewall and WAN settings SSID The SSID is a unique identifier that wireless networking devices use to establish a...

Page 25: ...s EMEA Japan Israel and China 7 2442 Americas EMEA Japan Israel and China 8 2447 Americas EMEA Japan Israel and China 9 2452 Americas EMEA Japan Israel and China 10 2457 Americas EMEA Japan and China...

Page 26: ...ng one of the two types Fragment Threshold The fragmentation threshold determines the size at which packets are fragmented sent as several pieces instead of as one block Use a low setting in areas whe...

Page 27: ...the SSID will let your wireless clients find the device automatically If you are building a public Wireless Network disabling this function can provide better security Every wireless station located...

Page 28: ...ion output power levels 100 and 50mW for OFDM 802 11g mode You can adjust the power level to change the coverage of the device Every wireless station located within the coverage of the device also nee...

Page 29: ...d in this device to prevent unauthorized access to your wireless network The WEP setting must be the same as each client in your wireless network For more secure data transmission you can change the e...

Page 30: ...t unauthorized access If you use the WEP encryption you can also use the RADIUS server to check the admission of the users In this way every user must use a valid account before accessing the Wireless...

Page 31: ...ation that supports WPA PSK The WPA PSK settings include Key Format Length and Value They must be the same as each wireless client in your wireless network When the Key format is Passphrase the key va...

Page 32: ...setup four kinds of network topologies bus star ring and mesh In this case there are five devices with WDS enabled WDS1 WDS2 WDS3 WDS4 and WDS5 Bus topology Device Entries of WDS AP List Spanning Tree...

Page 33: ...Device Entries of WDS AP List Spanning Tree Protocol Required WDS1 The MAC Addresses of WDS2 and WDS5 Yes WDS2 The MAC Addresses of WDS1 and WDS3 Yes WDS3 The MAC Addresses of WDS2 and WDS4 Yes WDS4 T...

Page 34: ...S1 WDS2 WDS3 and WDS4 Yes Wireless Repeater A Wireless Repeater can be used to increase the coverage area of another device Parent AP Between the Parent AP and the Wireless Repeater wireless stations...

Page 35: ...SID Choose WDS mode for only wireless backbone extension purpose You can use any network topology please refer the WDS topology section Site Survey This tool allows you to scan for nearby wireless net...

Page 36: ...35...

Page 37: ...resses as shown in the following page When the DHCP server is enabled and also the device router mode is enabled then the default gateway for all the DHCP client hosts will be set to the IP address of...

Page 38: ...of the DNS addresses IP Address The Internet Protocol IP address of WAN interface provided by your ISP or MIS The address will be your network identifier outside of your local network Subnet Mask The...

Page 39: ...destination DNS 1 3 The IP addresses of DNS provided by your ISP DNS Domain Name Server is used to map domain names to IP addresses The DNS maintains central lists of domain name IP addresses and map...

Page 40: ...equests to other servers on the Internet until the specified web site is found Clone MAC Address Clone device MAC address to the specific MAC address required by your ISP Enable uPnP Enable uPnP this...

Page 41: ...need to change the MTU for optimal performance with your specific ISP DNS 1 3 The IP addresses of DNS provided by your ISP DNS Domain Name Server is used to map domain names to IP addresses The DNS ma...

Page 42: ...U for optimal performance with your specific ISP DNS 1 3 The IP addresses of DNS provided by your ISP DNS Domain Name Server is used to map domain names to IP addresses The DNS maintains central lists...

Page 43: ...42 Clone MAC address for Static IP WAN access type Clone MAC address for PPPoE WAN access type...

Page 44: ...43 Clone MAC address for PPTP WAN access type Physical LAN interface MAC address clone...

Page 45: ...tton Static Route Setup You can set the routing information to let the Router know what routing is correct if it cannot learn automatically through other means For example if the user wants to link th...

Page 46: ...nge button In Static Route Table there have two routings for Network 3 and Network 4 Dynamic Route Setup The Dynamic Route utilizes RIP1 2 to transmit and receive the route information with other Rout...

Page 47: ...46 In the Dynamic Routing Table there are two routings for Network 3 and Network 4...

Page 48: ...table When the source port of outgoing packets matches the port definition or falls within the port ranges in the table the firewall will block those packets from LAN to WAN IP Filtering When you enab...

Page 49: ...en used port numbers are shown in the following table Services Port Number ECHO 7 FTP File Transfer Protocol 21 Telnet 23 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Finger 79 HTTP...

Page 50: ...cessible to Internet traffic such as Web HTTP servers FTP servers SMTP e mail servers and DNS servers All inbound packets will be redirected to the computer you set It also is useful if you run some a...

Page 51: ...50 Configuring VPN...

Page 52: ...m 30 and Low 20 The following table describes the priorities that you can apply to bandwidth Priority Level Description High Typically used for voice or video applications that is especially sensitive...

Page 53: ...sk Once the source destination IP Address is entered the subnet mask address must be filled in this field MAC Address Enter source destination MAC Address Port range You can enter specific port number...

Page 54: ...le User C wants to use software phone to connect with customer Since VoIP traffic is sensitive to variations in delay jitter you can set High priority for User C However because the FTP transmission m...

Page 55: ...a that from Wireless interface to Ethernet interface Downstream Latency Similar a waiting time the data queuing time Downstream Burst Packet Similar a buffer the data will into the buffer while the da...

Page 56: ...boot the device linkDown 2 The trap is sent when any of the links are down See the following table linkup 3 The trap is sent when any of the links are UP See the following table authenticationFailure...

Page 57: ...6 1 4 1 99 1 Mode 1 3 6 1 4 1 99 2 SSID 1 3 6 1 4 1 99 3 Channel 1 3 6 1 4 1 99 4 Band 1 3 6 1 4 1 99 5 RSSI 1 3 6 1 4 1 99 6 Active_Clients 1 3 6 1 4 1 99 7 Active_Clients_List 1 3 6 1 4 1 99 8 Encr...

Page 58: ...fault setting upon rebooting and the original configuration data will be lost To upgrade the firmware just enter the file name with full path and click the Upload button Memory Limitation To make sure...

Page 59: ...our local host then you can back up the configuration data to local host or restore configuration data to the device Password The Web Browser interface has password protection To disable the Web Brows...

Page 60: ...n your firmware version Once the user has logged in to the device then the password can be changed by CLI command Execute CLI program This program won t execute automatically when user logs in to the...

Page 61: ...IP receive from LAN Static Route F Static Route G Add Static Route Setting H Delete Static Route Setting I Delete all Static Route Setting J Current Static Route Setting List Route Table K Show Route...

Page 62: ...61...

Page 63: ...ur network and you would see the basic information about these devices such as SSID IP Address Subnet Mask Channel number MAC Address Setup IP After you press the Setup IP button you will see Setup IP...

Page 64: ...63 Detail If you want to see more detailed information you could press the Detail button and then you will see the Detail Information window...

Page 65: ...you will see the WDS List window Active Clients After pressing the Active Clients button you will see the WLAN AP Active Clients window with information such as Connect to Web Server If you want conne...

Reviews: