manualshive.com logo in svg

Moxa Technologies ToughNet, User Manual

Share
Download
Moxa Technologies ToughNet User Manual Download Page 58

ToughNet NAT Router User's Manual 

Network Address Translation 

 

6-2 

Network Address Translation (NAT) 

NAT Concept 

NAT (Network Address Translation) is a common security function for changing the IP address during Ethernet 
packet transmission. When the user wants to hide the internal IP address (LAN) from the external network 
(WAN), the NAT function will translate the internal IP address to a specific IP address, or an internal IP address 
range to one external IP address. The benefits of using NAT include: 

 

Uses the N-1 or Port forwarding Nat function to hide the Internal IP address of a critical network or device 
to increase the level of security of industrial network applications. 

 

Uses the same private IP address for different, but identical, groups of Ethernet devices. For example, 
1-to-1 NAT makes it easy to duplicate or extend identical production lines. 

 

NOTE 

The NAT function will check if incoming or outgoing packets match the policy. It starts by checking the packet 
with the first policy (Index=1); if the packet matches this policy, the ToughNet NAT Router will translate the 
address immediately and then start checking the next packet. If the packet does not match this policy, it will 
check with the next policy. 

 

 

NOTE 

The maximum number of NAT policies for the ToughNet NAT Router is 128. 

 

1-to-1 NAT 

If the internal device and external device need to communicate with each other, choose 1-to-1 NAT, which 
offers bi-directional communication (N-to-1 and Port forwarding are both single-directional communication 
NAT functions). 

1-to-1 NAT is usually used when you have a group of internal servers with private IP addresses that must 
connect to the external network. You can use 1-to-1 NAT to map the internal servers to public IP addresses. 
The IP address of the internal device will not change. 

The figure below illustrates how a user could extend production lines, and use the same private IP addresses 
of internal devices in each production line. The internal private IP addresses of these devices will map to 
different public IP addresses. Configuring a group of devices for 1-to-1 NAT is easy and straightforward. 

 

Summary of Contents for ToughNet

Page 1: ...ToughNet NAT Router User s Manual Edition 1 0 September 2015 www moxa com product 2015 Moxa Inc All rights reserved Reproduction without permission is prohibited...

Page 2: ...reserves the right to make improvements and or changes to this manual or to the products and or the programs described in this manual at any time Information provided in this manual is intended to be...

Page 3: ...2 Link Aggregation 3 13 The Port Trunking Concept 3 13 Port Mirror 3 15 Using Virtual LAN 3 15 The VLAN Concept 3 15 Configuring Virtual LAN 3 16 Multicast 3 18 The Concept of Multicast Filtering 3 18...

Page 4: ...6 Network Address Translation 6 1 Network Address Translation NAT 6 2 NAT Concept 6 2 1 to 1 NAT 6 2 N to 1 NAT 6 3 Port Forward 6 4 7 Diagnosis 7 1 Ping 7 2 LLDP 7 2 A MIB Groups A 1...

Page 5: ...NAT Router is designed for connecting Ethernet enabled devices with network IP security The following topics are covered in this chapter Overview Package Checklist Features Industrial Networking Capa...

Page 6: ...hazardous 40 to 75 C environments Package Checklist The ToughNet NAT Routers are shipped with the following items If any of these items are missing or damaged please contact your customer service repr...

Page 7: ...know the ToughNet NAT Router s IP address The Telnet console and web browser connection methods can be used to access the ToughNet NAT Router over an Ethernet LAN or over the Internet A web browser c...

Page 8: ...omm Terminal Emulator use an RJ45 to DB9 F or RJ45 to DB25 F cable to connect the ToughNet NAT Router s RS 232 console port to your PC s COM port generally COM1 or COM2 depending on how your system is...

Page 9: ...and Line Interface exit Exit Command Line Interface reload Halt and Perform a Cold Restart terminal Configure Terminal Page Length copy Import or Export File save Save Running Configuration to Flash p...

Page 10: ...nd 7 in the RS 232 Console Configuration 115200 None 8 1 VT100 section on page 2 2 Using a Web Browser to Configure the ToughNet NAT Router The ToughNet NAT Router s web browser interface provides a c...

Page 11: ...ogin to continue Leave the Password field blank if a password has not been set NOTE The default password is blank For greater security please change the default password after the first log in You may...

Page 12: ...to introduce the ToughNet NAT Router s configuration and monitoring functions The following topics are covered in this chapter System System Information User Account Date and Time Warning Notificatio...

Page 13: ...the roles or applications of different units Example Factory Switch 1 Firewall VPN Router Router Location Setting Description Factory Default Max 80 characters This option is useful for differentiatin...

Page 14: ...min account name can t be deleted and disabled by default Active Setting Description Factory Default Checked The Moxa switch can be accessed by the activated user name Enabled Unchecked The Moxa switc...

Page 15: ...elete button to delete the account Date and Time The Moxa ToughNet NAT Router has a time calibration function based on information from an NTP server or user specified time and date Functions such as...

Page 16: ...Default Time zone Specifies the time zone which is used to determine the local time offset from GMT Greenwich Mean Time GMT Greenwich Mean Time Daylight Saving Time The Daylight Saving Time settings...

Page 17: ...with real time alarm messages Even when control engineers are out of the control room for an extended period of time they can still be informed of the status of devices almost instantaneously when ex...

Page 18: ...ay The ToughNet NAT Router supports digital inputs to integrate sensors When event is triggered the device will automate alarms by relay output Severity Severity Description Emergency System is unusab...

Page 19: ...rs You can set up to 4 email addresses to receive alarm emails from the Moxa switch None Send Test Email After you complete the email settings you should first click Apply to activate those settings a...

Page 20: ...ctory Default IP Address Enter the IP address of Syslog server 1 2 3 used by your network None Port Destination 1 to 65535 Enter the UDP port of Syslog server 1 2 3 514 NOTE The following events will...

Page 21: ...re downloading or uploading files None Configuration File Path and Name Setting Description Factory Default Max 40 Characters The path and filename of the ToughNet NAT Router s configuration file in t...

Page 22: ...te including the boot up time Upload Configuration Data To import a configuration file to the ToughNet NAT Router click Browse to select a configuration file already saved on your computer The upgrade...

Page 23: ...different ports Example PLC 1 None Speed Setting Description Factory Default Auto Allows the port to use the IEEE 802 3u protocol to negotiate with connected devices The port and connected devices wi...

Page 24: ...lowing benefits Greater flexibility in setting up your network connections since the bandwidth of a link can be doubled tripled or quadrupled Redundancy if one link is broken the remaining trunked por...

Page 25: ...t the desired Trunk Group Step 2 Select the desired Member Ports or Available Ports Step 3 Use Up and Down to modify the Group Members Trunk Group maximum of 2 trunk groups Setting Description Factory...

Page 26: ...ect this option to monitor data packets both coming into and being sent out through the Moxa ToughNet NAT Router s port Mirror Port Select the number of the port that will be used to monitor the activ...

Page 27: ...each VLAN can only communicate with other devices on the same VLAN If a device on VLAN Marketing needs to communicate with devices on VLAN Finance the traffic must pass through a routing device or Lay...

Page 28: ...s the default VLAN ID for untagged devices that connect to the port 1 Tagged VLAN Setting Description Factory Default VLAN ID from 1 4094 This field will be active only when selecting the Trunk or Hyb...

Page 29: ...rs with only one transmission It reduces the load on the source for example a server since it will not need to produce several copies of the same data It makes efficient use of network bandwidth and s...

Page 30: ...rts that want to join a multicast group and then configures its filters accordingly Query Mode Query mode allows the Moxa router to work as the Querier if it has the lowest IP address on the subnetwor...

Page 31: ...in Features Reference V1 a Periodic query RFC 1112 V2 Compatible with V1 and adds a Group specific query b Leave group messages c Resends specific queries to verify leave message was the last one in t...

Page 32: ...or layer 3 switch is connected to the network it will act as the Querier and consequently this Querier option will be disabled on all Moxa layer 2 switches If all switches on the network are Moxa lay...

Page 33: ...icast stream Member ports Ports the multicast stream is forwarded to Static Multicast MAC NOTE 01 00 5E XX XX XX on this page is the IP multicast MAC address Please activate IGMP Snooping for automati...

Page 34: ...that priority s queue is empty and then the next lower priority queue s frames egress This approach can cause the lower priorities to be starved of opportunity for transmitting any frames but ensures...

Page 35: ...combination For instance if a hot higher priority port is required for a network design Inspect TOS and Inspect CoS can be disabled This setting leaves only port default priority active which results...

Page 36: ...ific port The MAC Address table can be configured to display the following Moxa ToughNet NAT Router MAC address groups which are selected from the drop down list Drop Down List ALL Select this item to...

Page 37: ...k None LAN Create a VLAN Interface Input a name of the LAN interface select a VLAN ID that is already configured in VLAN Setting under the Layer 2 Function and assign an IP address Subnet Mask for the...

Page 38: ...Router will automatically assign an IP address to a Ethernet device from a defined IP range Dynamic IP Assignment DHCP Server Enable Disable Setting Description Factory Default Enable Disable Enable...

Page 39: ...n the LAN Static DHCP Use the Static DHCP list to ensure that devices connected to the ToughNet NAT Router always use the same IP address The static DHCP list matches IP addresses to MAC addresses In...

Page 40: ...ting Description Factory Default IP Address The DNS server for the selected device 0 0 0 0 NTP Server Setting Description Factory Default IP Address The NTP server for the selected device 0 0 0 0 Clic...

Page 41: ...0 DNS Server Setting Description Factory Default IP Address The DNS server for the connected device 0 0 0 0 NTP Server Setting Description Factory Default IP Address The NTP server for the connected d...

Page 42: ...lgorithms and data encryption key 8 character passwords and a data encryption key are the minimum requirements for authentication and encryption These parameters are configured on the SNMP page A more...

Page 43: ...y string match for authentication Public Access Control Setting Description Factory Default Read Write Access control type after matching the community string Read Write Read only Public MIB only No A...

Page 44: ...u may add or remove IP addresses to limit access to the Moxa ToughNet NAT Router When the accessible IP list is enabled only addresses on the list will be allowed access to the Moxa ToughNet NAT Route...

Page 45: ...left selection bar Monitor by System allows the user to view a graph that shows the combined data transmission activity of all of the Moxa ToughNet NAT Router s ports Click one of the three options To...

Page 46: ...kets are packets received from connected devices and Error Packets are packets that did not pass TCP IP s error checking algorithm The Total Packets option displays a graph that combines TX RX and TX...

Page 47: ...4 4 Routing The following topics are covered in this chapter Unicast Routing Static Routing RIP Routing Information Protocol Routing Table...

Page 48: ...ute will be added to the routing table and stored in the ToughNet NAT Router RIP Routing Information Protocol RIP is a distance vector based routing protocol that can be used to automatically build up...

Page 49: ...uting protocol that employs the hop count as a routing metric RIP prevents routing from looping by implementing a limit on the number of hops allowed in a path from the source to a destination The RIP...

Page 50: ...LAN Check the checkbox to enable RIP in the LAN interface Routing Table The Routing Table page shows all routing entries All Routing Entry List Setting Description Factory Default All Show all routin...

Page 51: ...5 5 Network Redundancy The following topics are covered in this chapter Layer 2 Redundant Protocols Configuring RSTP Configuring Turbo Ring V2 Layer 3 Redundant Protocols VRRP Settings...

Page 52: ...d indicates whether or not this switch is the Root of the Spanning Tree the root is determined automatically At the bottom of this page the user can configure the Settings of this function For RSTP yo...

Page 53: ...ription Factory Default Enable Disable Select to enable the port as a node on the Rapid Spanning Tree Protocol Disabled NOTE We suggest not enabling the Rapid Spanning Tree Protocol once the port is c...

Page 54: ...protocol will assign master status to one of the TN units in the ring The master is only used to determine which segment serves as the backup path Ring Port Status The Ports Status indicators show Fo...

Page 55: ...port of the device to be one of the redundant ports See the following table Layer 3 Redundant Protocols VRRP Settings Virtual Router Redundancy Protocol VRRP can solve the problem with static configur...

Page 56: ...pport one virtual router ID for each interface IDs can range from 1 to 255 0 Priority Determines priority in a VRRP group The priority value range is 1 to 255 and the 255 is the highest priority If se...

Page 57: ...6 6 Network Address Translation The following topics are covered in this chapter Network Address Translation NAT NAT Concept 1 to 1 NAT Bidirectional 1 to 1 NAT N to 1 NAT Port Forward...

Page 58: ...ing the packet with the first policy Index 1 if the packet matches this policy the ToughNet NAT Router will translate the address immediately and then start checking the next packet If the packet does...

Page 59: ...ver if this dynamic IP address is the same as the WAN IP for 1 to 1 NAT then the 1 to 1 NAT function will not work For this reason we recommend disabling the DHCP PPPoE function when using the 1 to 1...

Page 60: ...onfiguration Delete a NAT Rule Select the item in the NAT List Table then click Delete to delete the item Modify a NAT Rule Select the item in the NAT List Table Modify the attributes and click Modify...

Page 61: ...or Disable Enable or disable the selected NAT policy Enabled NAT Mode Setting Description Factory Default N 1 1 1 Port Forward Select the NAT types N 1 Protocol Port Forward mode Setting Description F...

Page 62: ...7 7 Diagnosis The ToughNet NAT Router provides Ping tools and LLDP for administrators to diagnose network systems The following topics are covered in this chapter Ping LLDP...

Page 63: ...Overview Defined by IEEE 802 11AB Link Layer Discovery Protocol LLDP is an OSI Layer 2 Protocol that standardizes the methodology of self identity advertisement It allows each networking device such a...

Page 64: ...he neighbor device Neighbor ID A unique entity that identifies a neighbor device this is typically the MAC address Neighbor Port The port number of the neighbor device Neighbor Port Description A text...

Page 65: ...le IpGroup IpBasicStatsGroup IpStatsGroup MIB II 5 ICMP Group IcmpGroup IcmpInputStatus IcmpOutputStats MIB II 6 TCP Group tcpConnTable TcpGroup TcpStats MIB II 7 UDP Group udpTable UdpStats MIB II 11...

Reviews:

No comments

Brands by name

Popular brands

Load more brands