Cisco RV260 series Скачать руководство пользователя страница 97 | Manualshive

Страница: 97 / 124

background image

C H A P T E R

10

VPN

A Virtual Private Network (VPN) is used to establish an encrypted connection over a less secure network.
VPN ensures the appropriate level of security to the connected systems when the underlying network
infrastructure alone cannot provide it. A tunnel is established as a private network that can send data securely
by using industry-standard encryption and authentication techniques to secure the data sent.

A secure virtual private network (VPN) connection between two endpoints is known as an IP tunnel. The
tunnel is created by an encapsulation technique, which encapsulates the data inside a known protocol (IP) that
is agreed upon by the two end points. The tunnel creates a virtual circuit-like between the two endpoints and
makes the connection appear like a dedicated connection even though it spans over the Internet infrastructure.

A remote-access VPN usually relies on either IPSec or SSL to secure the connection. VPNs provide Layer 2
access to the target network; these require a tunneling protocol such as PPTP or L2TP running across the base
IPSec connection. The IPSec VPN supports site-to-site VPN for a gateway-to-gateway tunnel and
client-to-server VPN for host-to-gateway tunnel. For example, a user can configure a VPN tunnel at a branch-site
to connect to the router at corporate-site, so that the branch-site can securely access corporate network. The
client to server VPN is useful when connecting from Laptop/PC from home to a corporate network through
VPN server.

This section describes the device's VPN features and contains the following topics:

•

VPN Setup Wizard, on page 89

•

IPSec VPN, on page 91

•

OpenVPN, on page 99

•

PPTP Server, on page 100

•

GRE Tunnel, on page 101

•

VPN Passthrough, on page 101

•

Resource Allocation, on page 102

VPN Setup Wizard

A Virtual Private Network (VPN) is used to establish an encrypted connection over a less secure network.
VPN ensures the appropriate level of security to the connected systems when the underlying network
infrastructure alone cannot provide it. A tunnel is established as a private network that can send data securely
by using industry-standard encryption and authentication techniques to secure the data sent. A remote-access
VPN usually relies on either IPSec or SSL to secure the connection. VPNs provide Layer 2 access to the target
network; these require a tunneling protocol such as PPTP or L2TP running across the base IPSec connection.
The IPSec VPN supports site-to-site VPN for a gateway-to-gateway tunnel and client-to-server VPN for

RV260x Administration Guide

89

«
...
95
96
97
98
99
...
»

Содержание RV260 series

Страница 1: ... Administration Guide First Published 2018 10 23 Americas Headquarters Cisco Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 ...

Страница 2: ... are encouraged to try to correct the interference by using one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help Modifications to this product...

Страница 3: ... Summary 11 TCP IP Services 13 Port Traffic 14 WAN QoS Statistics 15 Switch QoS Statistics 16 Connected Devices 16 Routing Table 17 DHCP Bindings 17 Mobile Network 18 VPN Status 18 View Logs 20 Captive Portal Status 21 Administration 23 C H A P T E R 3 File Management 23 Manual Upgrade 24 Auto Update 24 Firmware Auto Fallback Mechanism 25 Reboot 25 RV260x Administration Guide iii ...

Страница 4: ... 33 Time 33 Log 34 Email Server 35 Remote Syslog Servers 35 Email 36 User Accounts 36 Remote Authentication Service 38 User Groups 38 IP Address Groups 40 SNMP 40 Discovery Bonjour 41 LLDP 41 Automatic Updates 42 Schedules 43 Service Management 43 PnP Plug and Play 43 Plug and Play Connect Service 44 Creating a Controller Profile 44 Registering Devices 45 WAN 47 C H A P T E R 5 WAN Settings 47 Mul...

Страница 5: ...6 VLAN Settings 57 Option82 Settings 59 Static DHCP 60 802 1X Configuration 61 Router Advertisement 61 Wireless 63 C H A P T E R 7 Basic Settings 63 Concurrent Dual Band Selection 65 Configuring 2 4 GHz Radio 65 Configuring 5 GHz Radio 66 Advanced Settings 67 WPS 68 Captive Portal 69 Lobby Ambassador 70 Routing 73 C H A P T E R 8 Static Routing 73 RIP 74 IGMP Proxy 75 Firewall 77 C H A P T E R 9 R...

Страница 6: ... 92 Site to Site 94 Site to Site VPN Connection 94 Client to Site 97 OpenVPN 99 PPTP Server 100 GRE Tunnel 101 VPN Passthrough 101 Resource Allocation 102 Security 103 C H A P T E R 1 1 Content Filtering 103 Web Filtering 104 Cisco Small Business Web Filtering Service Supplemental End User License Agreement 105 QoS 109 C H A P T E R 1 2 Traffic Classes 109 WAN Queuing 110 WAN Policing 111 WAN Band...

Страница 7: ...Switch Classification 112 Switch Queuing 113 Where To Go 115 C H A P T E R 1 3 Where To Go From Here 115 RV260x Administration Guide vii Contents ...

Страница 8: ...RV260x Administration Guide viii Contents ...

Страница 9: ...ed connectivity with eight GbE ports RV260P VPN Router has eight GbE Ports with four ports of Power over Ethernet PoE and a 60w power budget RV260W is a wireless VPN Router 3x3 11ac WAVE2 wireless and an eight GbE port switch Flexible SFP RJ45 combination WAN Ports High performance Gigabit Ethernet ports enabling large file transfers and multiple users Web Filtering to keep users and the business ...

Страница 10: ...s 802 1X Port Security Dual Stack 6rd 6in4 IPv6 Dynamic Host Configuration Protocol DHCP client static IP Point to Point Protocol over Ethernet PPPoE PPTP L2TP transparent bridge WAN 3x3 11ac WAVE2 WLAN Security Stateful Packet Inspection SPI Firewall Firewall Port Forwarding and Triggering Denial of Service prevention DoS IP access control lists Access Control HTTPS username password complexity S...

Страница 11: ... mirroring Software configurable DMZ to any LAN IP address Session Initiation Protocol SIP Application Layer Gateways ALG Network Protocols Static routing IGMP proxy Dynamic routing RIP v1 and v2 RIP for IPv6 RIPng Inter VLAN routing Routing Protocols Port Address Translation PAT Network Address Port Translation NAPT Port forwarding One to one NAT VPN NAT Transversal Session Initiation SIP Applica...

Страница 12: ...tization QoS Supports Jumbo Frame on Gigabit ports at least 1536B Jumbo Frame Support Performance 800 Mbps NAT Throughput 25 000 Concurrent Sessions 75 Mbps IPsec VPN Throughput Configuration Browser based configuration HTTP HTTPS Web based User Interface Web based User Interface SNMP v3 Bonjour Universal Plug and Play UPnP Management FindIT Support for Monitoring and Management Local Syslog email...

Страница 13: ...489 1 and 17 Europe RV260 RV260P rackmount Class A Certifications Getting Started Your device comes with default settings that are optimized for many small businesses However your network demands or Internet Service Provider ISP might require you to modify a few of these settings You can do so using the web interface that is using Internet Explorer Firefox or Safari for Mac on a PC To launch the w...

Страница 14: ...tion Reset the modem and the device by powering off both devices Next power on the modem and let it sit idle for about 2 minutes Then power on the device You should now receive a WAN IP address If you have a DSL modem ask your ISP to put the DSL modem into bridge mode Note Also you can use a wireless PC to configure the RV160W and RV260W router models When the router boots up from the factory defa...

Страница 15: ...are Upgrade Router Firmware Link to the Firewall Basic Settings page where you can enable the basic features of the device Configure Remote Management Access Link to the Config Management page where you can manage the router s configuration Backup Device Configuration Device Status Link to the System Summary page that displays the IPv4 and IPv6 configuration and firewall status on the device Syste...

Страница 16: ...ation for the router About The firmware version information for the router Logout Click to log out of the router Icon Legend This table displays the most common icons found throughout the router s graphical interface and their meanings Add Click to add an entry Edit Click to edit an entry Delete Click to delete an entry Refresh Click to refresh the data Reset counters Click to reset the counters C...

Страница 17: ...tions Popup Windows Some links and buttons launch popup windows that display more information or related configuration pages If the web browser displays a warning message about the popup window allow the blocked content RV260x Administration Guide 9 Getting Started User Interface ...

Страница 18: ...RV260x Administration Guide 10 Getting Started User Interface ...

Страница 19: ...e Portal Status on page 21 System Summary The System Summary provides a snapshot of the settings on your device It displays your device s firmware serial number port traffic routing status VPN server settings and mobile networks To view this System Summary click Status and Statistics System Summary System Information Serial Number The serial number of the device System Up Time The active length of...

Страница 20: ...ction diplays the following IP Address IP address assigned to the interface Default Gateway Default gateway for the interface DNS IP address of the DNS server A DNS server is a computer server that contains a database of public IP addresses and their associated hostnames Dynamic DNS Dynamic domain name system DNS is a method of automatically updating a name server in the DNS often in real time wit...

Страница 21: ...or network resource unavailable to its intended users Block WAN Request Makes it difficult for outside users to work their way into your network by hiding the network ports from Internet devices and preventing the network from being pinged or detected by other Internet users Remote Management Indicates that a remote connection for managing the device is allowed or denied Access Rule Number of acce...

Страница 22: ...evice connected Foreign Port Port of the device connected Status Connection status of the session Port Traffic The Port Traffic page displays the statistics and status of the interfaces of the device To view the device s Port Traffic page click Status and Statistics Port Traffic Port Traffic Port ID Port ID Port Label Port label Link Status Status of the interface RX Packets Number of packets rece...

Страница 23: ...us Duplex mode Half or Full Auto Negotiation Status of the auto negotiation parameter When On it detects the duplex mode If the connection requires a crossover it automatically chooses the MDI or MDIX configuration that matches the other end of the link WAN QoS Statistics The WAN QoS Statics page displays the statistics of the outbound and inbound WAN QoS To view the device s WAN QoS Statics page ...

Страница 24: ...lear Counters To reset all the table statistics LAN Queue Number of outbound queues Port Port number Packets Sent Number of outbound packets of the traffic class sent Link Aggregation Queue Number of outbound queues Group Group name Packets Sent Number of outbound packets of the traffic class sent Connected Devices The Connected Devices page lists all the connected devices on the router To view th...

Страница 25: ...ubnet mask of the connection Next Hop IP address of the next hop Hop Count Number of intermediate devices like routers through which data must pass between the source and the destination Interface Name of the interface to which the route is attached to Source Source of the route DHCP Bindings The DHCP Bindings page displays the IP and MAC address Lease Expire Time and Type of Binding static or dyn...

Страница 26: ... Usage Monthly data usage Click Clear to clear the monthly usage data Data Card Status Manufacturer Manufacturer of the device Card Firmware Firmware version provided by the manufacturer SIM Status Status of the SIM IMSI Unique number of the device Carrier Name or type of data carrier Service Type Data service type Signal Strength Strength of data signal Card Status Balance of data on card VPN Sta...

Страница 27: ...wing Group Tunnel Name Name of the VPN tunnel This is for reference purposes only and does not match the name used at the other end of the tunnel Connections Status of the connection Phase2 Enc Auth Grp Phase 2 encryption type NULL DES 3DES AES 128 AES 192 AES 256 authentication method NULL MD5 SHA1 and DH group number 1 2 5 Local Group IP address and subnet mask of the local group Action Action s...

Страница 28: ...e of the tunneling time Action Connect or disconnect the tunnel View Logs The View Logs page displays all of the device s logs You can filter these logs based on category severity or keyword You can also refresh clear and export these logs to a PC or USB To view the device s logs follow these steps Step 1 Click Status and Statistics View Logs Step 2 Under Logs Filtered By select the appropriate op...

Страница 29: ...tus and Statistics Captive Portal Status Then select the SSID from the drop down list and the Captive Portal User Connected Status is displayed for the selected SSID User Name Name of the connected user SSID Name of the network IP Address IP address served by the service provider MAC Address Mask served by the service provider Auth Default gateway served by the service provider Tx Bytes Number of ...

Страница 30: ...RV260x Administration Guide 22 Status and Statistics Captive Portal Status ...

Страница 31: ...he following information System Information Device Model Model number of the device PID VID PID and VID number of the router Current Firmware Version Current firmware version Latest Firmware Version Latest firmware version Firmware Last Updated Last date when the firmware was updated USB Dongle Driver Current Dongle Driver Version Current version of the USB dongle driver Last Update Date of the la...

Страница 32: ...co com click Upgrade to upgrade the firmware or Download to USB to save the firmware image file b If you select PC or USB click Browse to locate the firmware file on your PC and click Upgrade Step 4 Check Reset all configuration setting to factory defaults to reset all the configuration and apply factory defaults Step 5 Click Upgrade to upload the selected image to the device Auto Update The route...

Страница 33: ...sm so that the device can automatically switch to the secondary firmware when the active firmware is corrupted or cannot bootup successfully after five trials The Auto Fallback Mechanism operates as follows Step 1 The device will boot up with the active firmware Step 2 If the firmware is corrupted it will switch to the secondary firmware automatically after the active firmware has failed to boot u...

Страница 34: ... To perform a DNS lookup enter the IP address or domain name in the Perform a DNS Lookup and click Lookup Step 5 You can export the technical support report by selecting from one of the following options Export to PC to export the technical support report to a PC Export to USB to export the technical support report to a USB Email to to email the report to an email address Certificate Certificates ...

Страница 35: ...icate Select this certificate and provide relevant details You must provide the valid duration in days b CA Certificate Select this certificate type and provide relevant details to get it signed by self c Certificate Signing Request Select this certificate type and provide the relevant details d Certificate Signed by CA Certificate Select this certificate type and provide relevant details to get t...

Страница 36: ...iguration Management Configuration Management page provides details on the router s current file configurations Configuration File Name Displays the last changed time details Copy Save Configuration Displays the default configuration of the device uses the running configuration file which is unstable and does not retain the settings between reboots You can save this running configuration file to t...

Страница 37: ...ave Configuration section select the Source from the drop down list Step 2 In Destination section select the destination that the configuration file will be copied to from the drop down list Step 3 Click Apply RV260x Administration Guide 29 Administration Copy Save Configuration ...

Страница 38: ...RV260x Administration Guide 30 Administration Copy Save Configuration ...

Страница 39: ...n and configure the basic router settings on the Initial Setup Wizard page From the Run Setup Wizard page you can follow the instructions that guide you through the process for configuring the device Step 1 Click System Configuration Initial Router Setup to access the Router Setup Wizard Step 2 Click Next to go to Check Connection page If your router has detected a connection the connection detail...

Страница 40: ...sword Confirm Password Step 8 If you select PPTP or L2TP click Next and configure these settings Enter the account name Account Name Enter the password Password Confirm the password Confirm Password Enter the static IP address Static IP Address Enter the subnet mask Subnet Mask Enter the gateway IP Gateway IP Enter the DNS DNS Step 9 Select the router s time zone from the Time Zone drop down list ...

Страница 41: ...int security settings to print a copy of the router s security settings Step 20 Click Apply System Assign a host name and a domain name to identify your device to ensure that it is easily identified y other devices Step 1 Click System Configuration System Step 2 In the Host Name field enter a name to identify the device uniquely on your network For example Router001 Step 3 In the Domain Name field...

Страница 42: ...the Log section check Enable Step 3 In the Log Buffer field enter the number of KB Range 1 KB to 4096 KB Default is 1024 KB Step 4 Severity select the appropriate log severity level from the drop down list They are listed from the highest to the lowest Level 0 which means that the system is unusable Emergency Level 1 which indicates that immediate action is needed Alert Level 2 which indicates tha...

Страница 43: ...on such as email addresses password message digest optional parameters SMTP server port number SSL TLS Step 1 In the Email Syslogs section check Enable to enable the email syslogs Step 2 In the Email Settings section click Link to Email Setting page to configure your email settings Step 3 In the Email Subject section enter the subject Step 4 In the Severity section select the severity level from t...

Страница 44: ...ption method Email Encryption Select the type of authentication from the drop down list None Cleartext MD5 or Login Authentication Enter a username Username Enter a password Password Enter an email address to send to Send Email to 1 Enter an email address to send to optional Send Email to 2 Enter an email address to send from From Email Address Step 3 Click Apply and Test Connectivity to Email Ser...

Страница 45: ...h is 8 Minimal password length Enter the minimum number of character classes to be used while creating the new password The range is 0 to 4 and the default number is 3 The four classes are upper case lower case numbers and special characters Minimal number of character classes Enable this check box to require the user to enter a different password when the current password expires The new password...

Страница 46: ...nnect and use a network service Active Directory a Windows OS directory service that facilitates working with interconnected complex and different network resources in a unified manner Authentication Type Enter the IP address of the primary server Primary Server Enter the backup port of the server Port Enter the base dn to begin the search Base dn Step 2 Click Apply to save the settings Click Edit...

Страница 47: ... privileges to configure and read the system status Web Login NETCONF RESTCONF Click Add to open the Add Feature List pop up Select a profile from the drop down list and click Add Site to Site VPN Click Add to open the Add Feature List pop up Select a profile from the drop down list and click Add Client to Site VPN Click On to enable the Open VPN or Off to disable Select a profile drop down list O...

Страница 48: ... managed devices on the IP networks It allows network administrators to manage monitor and receive notifications of critical events as they occur on the network The device supports version v1 v2c and v3 The device acts as an SNMP agent that replies to the SNMP commands from the SNMP Network Management Systems The command it supports are the standard SNMP commands get next set It also generates tra...

Страница 49: ...imple toolbar on the web browser called FindIt The FindIT Discovery Utility discovers Cisco devices in the network and display basic information such as serial numbers and IP addresses For more information and to download the FindIT Discovery Utility visit www cisco com go findit Note To enable Discovery Bonjour follow these steps Step 1 Select System Configuration Discovery Bonjour Step 2 Check E...

Страница 50: ...notifications on important firmware updates for your device The information can be configured to be sent at specified intervals and for specific types of network events Before you can configure these notifications the email server should be configured To configure the Automatic Updates follow these steps Step 1 Select System Configuration Automatic Updates Step 2 From the Check Every drop down lis...

Страница 51: ...rmation on the system configuration You can add a new entry to the Service Management list or to change an entry To configure the Service Management follow these steps Step 1 Click System Configuration Service Management Step 2 In the Service Table click Add Step 3 In the Name field enter a name for the service management Step 4 In the Protocol field select the Layer 4 protocol that the service us...

Страница 52: ...Plug and Play Connect is a Cisco provided service that is the last resort used by a Network Plug and Play enabled device to discover the server To use Plug and Play Connect for server discovery you must first create a Controller Profile representing the Manager and then register each of your devices with the Plug and Play Connect Service To access the Plug and Play Connect Service Follow these ste...

Страница 53: ...d to be registered manually To register the devices with Plug and Play Connect follow these steps Step 1 Open the Plug and Play Connect web page https software cisco com module pnp in your browser If necessary select the correct Virtual Account to use Step 2 Select the Devices link and then click Add Devices You may need to be approved to manually add devices to your account This is a one time pro...

Страница 54: ...RV260x Administration Guide 46 System Configuration Registering Devices ...

Страница 55: ...o physical WAN and VLAN interfaces on the router that can be configured To configure the WAN settings follow these steps Step 1 Select WAN WAN Settings Step 2 Click on the labeled tabs and configure the settings for the IPv4 IPv6 or Advanced Settings Step 3 For an IPv4 connection click the IPv4 tab for an IPv6 connection click IPv6 and select the connection type Step 4 If IPv4 or IPv6 uses DHCP to...

Страница 56: ... do not allow to ping the default gateway especially for the PPPoE connection Please go to Multi WAN page to disable the Network Service Detection feature or choose a valid host to detect Otherwise the traffic will not be forwarded by the device Note If the IPv4 uses PPTP to connect configure the following For DCHP select this option to enable DHCP to provide an IP address For Static IP select thi...

Страница 57: ...to re establish the connection when it is disconnected Keep Alive Select the authentication type from the drop down list Auto Negotiation PAP CHAP MS CHAP MS CHAPv2 Authentication Type If the IPv6 Uses SLAAC to Connect In the SLAAC Settings section enter the following information Enter the IP address of the primary and or secondary Static DNS Static DNS 1 2 Check to enable and enter a prefix name ...

Страница 58: ...ction column click Advanced Configuration and configure the following a Check Enable Network Service Detection to allow the device to detect network connectivity by pinging specified devices and enter the settings as described here Retry Count Number of times to ping a device The range is 1 to 10 and the default is 3 Retry Timeout Number of seconds to wait between the pings The range is 1 to 300 a...

Страница 59: ...Service Name Enter the name of the service Authentication Select the option to authenticate Step 4 Select one for the following for the Connect Mode Connection on Demand It specifies the connection timers after which the connection is terminated if there is inactivity Enter the Max Idle Time in seconds to wait before terminating the connection due to inactivity Default is 5 minutes Keep Alive It c...

Страница 60: ...licy configuration Step 5 Select the name of service provider from the Provider drop down list Step 6 Enter a Username and Password for the DDNS account To display the password check Enable in the Show Password field Step 7 Enter the full name of the device including the domain name in Fully Qualified Domain Name Step 8 Check Enable to receive updates to Dynamic DNS provider and select the periodi...

Страница 61: ...he description Step 4 The Local Interface and Local IPv4 Address display the selected interface Step 5 Click Apply IPv6 in IPv4 Tunnel 6in4 To add IPv4 Tunnel 6in4 enter the following information Step 1 Click the IPv6 in IPv4 Tunnel 6in4 tab Step 2 Enter the remote IPv4 address Step 3 Enter the local IPv6 address and length Step 4 Enter the remote IPv6 address and length Step 5 Click Apply IPv6 Ra...

Страница 62: ...ngth c Enter the IPv6 Prefix Length The IPv6 network subnetwork is identified by the prefix All hosts in the network have the identical initial bits for their IPv6 address Enter the number of common initial bits in the network addresses Default is 64 Step 4 Click Apply RV260x Administration Guide 54 WAN IPv6 Rapid Deployment 6rd ...

Страница 63: ...e 55 PoE Settings RV260P on page 56 VLAN Settings on page 57 Option82 Settings on page 59 Static DHCP on page 60 802 1X Configuration on page 61 Router Advertisement on page 61 Port Settings The Port Settings page displays the ports for EEE Flow Control Mode Port Mirror Jumbo Frame and Link Aggregation To configure the port settings for the LAN follow these steps Step 1 Select LAN Port Settings St...

Страница 64: ...he appropriate LAN from 1 to 8 Unassigned Select to add a port to LAG Select the appropriate LAN from 1 to 8 LAG1 and LAG2 Step 4 Click Apply PoE Settings RV260P Power over Ethernet PoE is a technology for local area networks LANs that allows a device to be operated by an electrical current which is transported by data cables rather than by electrical wires For PoE to work the electrical current m...

Страница 65: ...w Allocated Power Set the power to 0w Available Power Click Edit to edit the PoE Settings Table Port Limit Mode The PoE Settings Table displays the levels used in the PoE LAN1 LAN4 Port Check to enable PoE PoE Enable Select a priority level Critical High or Low Power Priority Level Enter the milliwatts mW Range 0 to 30000 Default 15000 Administrative Power Allocation Class level setting Class Maxi...

Страница 66: ...lue of 5 to 43 200 minutes Default is 1440 minutes equal to 24 hours Range Start and Range End Enter the range start and end of IP addresses that can be assigned dynamically DNS Server Select to use DNS server as proxy or from ISP from the drop down list WINS Server Enter the WINS server name DHCP Options Option 66 Enter the IP address of the TFTP server Option 150 Enter the IP address of a list o...

Страница 67: ...ns the VLAN as Untagged Select Untagged from the drop down list to untag the port Tagged Includes the port as a member for the selected VLAN and packets from this port destined to the chosen VLAN has the packet tagged with the VLAN ID Select Tagged from the drop down list to include the port as a member for the selected VLAN Packets sent from this port destined to the chosen VLAN has the packets t...

Страница 68: ...68 1 1 the starting value must be 192 168 1 2 or greater Range Start and Range End DNS service type where the DNS server IP address is acquired DNS Server Static IP address of a DNS Server Optional if you enter a second DNS server the device uses the first DNS server to respond to a request Static DNS 1 and Static DNS 2 Optional IP address of a Windows Internet Naming Service WINS server that reso...

Страница 69: ...is not needed At least one LAN port must be set to force authorized Step 4 Port State displays the status of the link whether up or down along with authentication status Step 5 Click Apply Router Advertisement The Router Advertisement Daemon RADVD is used for defining interface settings prefixes routes and announcements The hosts rely on the routers to facilitate communication to all other hosts e...

Страница 70: ...d hosts have access to multiple routers Router Preference helps a host to choose an appropriate router There are three preferences to choose from such as High Medium or Low The default setting is High Select the preference from the drop down list Router Preference Maximum Transmission Unit MTU is the size of the largest packet that can be sent over the network MTUs are used in Router Advertisement...

Страница 71: ... page 70 Basic Settings The device provides Wireless LAN WLAN with all ports LAN and WLAN on single broadcast domain The router supports 802 11ac standard and concurrent dual band selection at 2 4 and 5 GHz Depending on the radio you can select the frequency or channel for WLAN network data transmission and reception Selecting the appropriate channel width for each radio can improve the WLAN throu...

Страница 72: ...PA or WPA2 security The WEP Key is a string of 26 hexadecimal characters WPA2 Personal Select Wi Fi Protected Access II WPA2 security protocol for stronger security If selected enter an alphanumeric pass phrase WPA2 Personal Mixed Select this security protocol for stronger security when you allow both WPA and WPA2 clients to connect simultaneously If selected enter an alphanumeric passphrase WPA2 ...

Страница 73: ...ss to the wireless network based on the MAC hardware address of the requesting device Check to enable MAC filtering for the SSID If enabled click Configure and specify the MAC blacklist devices to be prevented from accessing and white list devices to be permitted to access for the wireless network MAC Filtering Check Enable to enable the Captive Portal verification for the SSID Next select a porta...

Страница 74: ...n t a great idea as it will interfere with other 2 4GHz users In this case it is best to select the 20 40 MHz option Note Step 5 Select the primary channel by clicking the Lower or Upper radio button You cannot select a primary channel if you have selected 20 MHz bandwidth in Step 4 or Auto from the channel drop down list below Note Step 6 Select an appropriate wireless channel from the drop down ...

Страница 75: ...e wireless channel from the drop down list You may select Auto and let the system select the channel Step 7 If you are using battery powered equipment and want to enable the Unscheduled Automatic Power Save Delivery U APSD mode check the U APSD WMM Power Save Step 8 Enter the number of clients in the MAX number of Associated clients to be associated simultaneously Step 9 Check Multi User MIMO to e...

Страница 76: ...ize the wireless network and the time at which a node like an AP must send a beacon is known as Target Beacon Transmission Time TBIT expressed in Time Unit TU The range is 40 to 3500 milliseconds default is 100 Beacon Interval Specify the delivery traffic indication map interval This informs the clients about the presence of buffered multicast broadcast data on the Access Point It is generated wit...

Страница 77: ...age to authenticate clients before they can use the Internet The client can resolve DNS and web browser websites specifically added to such a walled garden Authentication uses a captive portal that initiates authentication When an unauthenticated client tries to connect to a web page on port 80 the request is intercepted by a daemon and redirected to the captive portal UI port You can configure Ca...

Страница 78: ...Check Enable to accept the terms of use Show Agreement Enter a title for the Agreement text Agreement Title Enter the Agreement terms to be displayed Agreement Message Step 5 Click Preview to preview the new settings Step 6 Click Apply Lobby Ambassador A lobby ambassador can create and manage guest user accounts on the wireless router The lobby ambassador has limited configuration privileges and c...

Страница 79: ...nt when it expires or Suspend guest account when it expires to delete or suspend the lobby ambassador account Step 8 In the SSID field enter the SSID by selecting the options from the drop down list Step 9 Click Add to add the new configurations or Reset to reset and start over Step 10 To edit or delete an existing Lobby Ambassador under Guest click Edit or Delete Step 11 Click Apply to save the s...

Страница 80: ...RV260x Administration Guide 72 Wireless Lobby Ambassador ...

Страница 81: ...logy static routing can be configured to communicate between the routers Static Routing uses less network resources than dynamic routing because they do not constantly calculate the next route to take To configure static routing follow these steps Step 1 Select Routing Static Routing Step 2 For IPv4 Routes under the WAN Table click Add and specify the following You can edit an existing route by ch...

Страница 82: ... RIP advertisement on WAN interface is automatically disabled if NAT is enabled Note Check Enable in the corresponding Interface to allow routes from upstream to be received Checking Enable for an interface automatically checks RIP version 1 RIP version 2 RIPng IPv6 and Authentication for that interface Similarly unchecking Enable unchecks all Note Interface This protocol uses classful routing and...

Страница 83: ... The Internet Group Management Protocol IGMP is a protocol that is used for multicasting The protocol operates between routers and hosts that belong to multicast groups Multicast IP addresses are a special range of IP addresses that are dedicated to reduce traffic on the network When a multicast group is assigned a multicast address any multicast traffic for the group will be sent to this IP addre...

Страница 84: ...RV260x Administration Guide 76 Routing IGMP Proxy ...

Страница 85: ...nd configure the basic settings You can also add trusted domains to this list To configure the basic settings follow these steps Step 1 Click Firewall Basic Settings and enter the following information Check Enable to enable the firewall settings uncheck Enable to disable Firewall Check Enable to enable DoS DoS blocks attacks such as Ping of Death SYN Flood Detect Rate max sec IP Spoofing Echo Sto...

Страница 86: ...ack to the packet SIP ALG Session Initiation Protocol Application Layer Gateway Enter the port number The default value is 21 FTP ALG port translates the FTP packets FTP ALG Port Check Enable to enable UPnP UPnP is a set of networking protocols that permits network devices PCs printers Internet gateways Wi Fi access points and mobile devices to seamlessly discover each other s presence on the netw...

Страница 87: ...terface from the drop down list Source Interface Select the source IP address to which the rule is applied and enter the following Any Select to match all IP addresses Single Enter an IP address Subnet Enter a subnet of a network IP Range Enter the range of IP addresses Source Address Select the source interface from the drop down list Destination Interface Select the source IP address to which th...

Страница 88: ...k To configure NAT follow these steps Step 1 Click Firewall Network Address Translation Step 2 In the NAT Table check Enable NAT to enable the interfaces on the Interface list Step 3 Click Apply Static NAT Static NAT is used to protect the LAN devices from discovery and attack Static NAT creates a relationship that maps a valid WAN IP address to LAN IP addresses that are hidden from the WAN Intern...

Страница 89: ... Port forwarding opens a port range for services such as Internet gaming that uses alternate ports to communicate between the server and the LAN host To configure the port forwarding follow these steps Step 1 Click Firewall Port Forwarding Step 2 In the Port Forwarding Table click Add or select the row and click Edit and configure the following Check Enable to enable port forwarding Enable Select ...

Страница 90: ...the port triggering table configure the following Step 1 Click Add or select the row and click Edit and enter the information Check to enable port triggering Enable Enter the name of the application Application Name Select a service from the drop down list If a service is not listed you can add or modify the list by following the instructions in the Service Management section Trigger Service Selec...

Страница 91: ... the Source Address section select Any or Use a new IP Group to create a new address Next check the Translated box and select an option from the drop down list Step 8 In the Destination Address section select Any or Use a new IP Group to create a new address Next check the Translated box and select an option from the drop down list Step 9 In the Service section select an option from the drop down ...

Страница 92: ...10 LAN RV260W WAN Internet PC2 PC1 192 168 1 111 PC10 192 168 1 10 RV260W LAN 192 168 1 1 RV260W WAN 172 16 1 1 24 PC 172 16 1 100 Goal Use the source address to let the PC translate to a specific public address while the others will still translate to a WAN address Address Object Configure the address on PC1 to 192 168 1 111 PC10 to 192 168 1 10 wan_alias to 172 16 1 10 and wan_alias2 to 172 16 1...

Страница 93: ...translated to WAN IP address when accessing the Internet The OpenVPN client is translated to another public address when accessing the Internet Address Object Configure the WAN_alias to 172 16 1 10 and the OpenVPN to 10 1 4 0 24 Result The PC accesses the Internet server and the general LAN user is translated to WAN IP 172 16 1 1 The OpenVPN client PC2 is translated to 172 16 1 10 Case 6 Only allo...

Страница 94: ... session to time out after a period of idleness To configure the Session Timeout follow these steps Step 1 Click Firewall Session Timeout Step 2 Enter the following Enter the timeout value in seconds for TCP sessions Inactive TCP sessions are removed from the session table after this duration Default 1800 Range 30 to 1800 TCP Session Timeout Enter the timeout value in seconds for UDP sessions Inac...

Страница 95: ...h as Internet gaming video conferencing web or email servers Access to the DMZ Host from the Internet can be restricted by using firewall access rules Please be careful when you enable DMZ host because all the services of this host will be exposed to the Internet To configure the DMZ Host follow these steps Step 1 Choose Firewall DMZ Host Step 2 In DMZ Host check Enable Step 3 Enter the DMZ Host I...

Страница 96: ...RV260x Administration Guide 88 Firewall DMZ Host ...

Страница 97: ...o server VPN for host to gateway tunnel For example a user can configure a VPN tunnel at a branch site to connect to the router at corporate site so that the branch site can securely access corporate network The client to server VPN is useful when connecting from Laptop PC from home to a corporate network through VPN server This section describes the device s VPN features and contains the followin...

Страница 98: ...If you select Subnet enter the IP address and subnet mask If you select Single enter the IP address Step 8 Under Remote Traffic Selection select the Remote IP Subnet or Single from the drop down list If you select Subnet then enter the IP address and subnet mask If you select Single enter the IP address Step 9 Click Next Step 10 In the Local and Remote Networks section select a name for IPSec prof...

Страница 99: ...rom the drop down list Method determines the algorithm used to encrypt or decrypt ESP ISAKMP packets Encryption Select an authentication MD5 SHA1 or SHA2 256 Authentication Amount of time a VPN tunnel IPSec SA is active in this phase The default value for Phase 2 is 3600 seconds SA Lifetime Sec Provide a name for the new profile Save as a new profile When Perfect Forward Secrecy PFS is enabled IKE...

Страница 100: ... VPN IPSec VPN IPSec Profiles Step 2 In the IPSec Profiles table click Add Step 3 Enter a profile name and select the keying mode Step 4 For auto keying mode select the IKE Version Step 5 In the Phase 1 Options section configure the following DH is a key exchange protocol with two groups of different prime key lengths 1 024 bits and 1 536 bits Select an option from the drop down list Diffie Hellma...

Страница 101: ...FFFF Default 100 SPI Outgoing Select an encryption option 3DES AES 128 AES 192 or AES 256 from the drop down list This method determines the algorithm used to encrypt or decrypt ESP ISAKMP packets Encryption Enter a number Hex 48 characters Key for decrypting ESP packets received in hex format Key In Enter a number Hex 48 characters Key for encrypting the plain packets in hex format Key Out The au...

Страница 102: ...er router Router B enter its settings in the Local Group Setup section and enter the Router A settings in the Remote Group Setup To configure the Site to Site VPN follow these steps Step 1 Click VPN IPSec VPN Site to Site Step 2 In the Site to Site table the following is displayed The name of the VPN tunnel connection created using VPN Setup Wizard It does not have to match the name used at the ot...

Страница 103: ... Pre shared Key This shows the strength of the preshared key through colored bars Preshared Key Strength Meter Check Enable to enable the minimum preshared key complexity Minimum Preshared Key Complexity The digital certificate is a package that contains information such as a certificate bearer s identity name or IP address the certificate s serial number the certificate s expiration date and a co...

Страница 104: ...forwarded over a VPN tunnel However you can check this box to allow NetBIOS broadcasts from one end of the tunnel to be rebroadcast to the other end NetBIOS Broadcast Attempts to re establish the VPN connection in regular intervals of time Keepalive Enter the number of seconds to set the keepalive monitoring interval Range is 10 300 seconds Keepalive Monitoring Interval Check DPD Enabled to enable...

Страница 105: ...e establish the VPN tunnel by using either an alternate IP address for the remote peer or an alternate local WAN This feature is available only if DPD is enabled Tunnel Backup Enter the IP address for the remote peer or reenter the WAN IP address that was already set for the remote gateway Remote Backup IP Address Select the local interface WAN1 WAN2 USB1 or USB2 from the drop down list Local Inte...

Страница 106: ... Select the remote identifier from the drop down list IP Address FQDN or User FQDN Next enter the IP address for the remote identifier Remote Identifier Check Extended Authentication to enable and select from the existing options or click Add to add a new name Extended Authentication Check Pool Range for Client LAN to enable and complete the following Start IP Enter the start IP address for the po...

Страница 107: ...Internet All clients have full access to Internet The client uses the server to terminate all of its Internet traffic after getting connected to the server OpenVPN creates secure Ethernet bridges using virtual tap devices To configure the OpenVPN follow these steps Step 1 Click VPN OpenVPN Step 2 Check Enable to enable the VPN and provide the following information Select the interface option from ...

Страница 108: ... GRE tunnel operating to encapsulate PPP packets Up to 20 PPTP Point to Point Tunneling Protocol VPN tunnels can be enabled for users who are running PPTP client software on the RV260 series routers In the Wizard the user selects the option to create a connection to the workplace by using a VPN connection The user must know the WAN IP address of the device For more information refer to the documen...

Страница 109: ... the Add Edit a GRE tunnel section configure the following Enter the name of the interface to connect to tunnel Interface Name Check to enable the interface Enable Select the tunnel source from the drop down list Tunnel Source Enter the tunnel destination Static IP or FQDN Tunnel Destination Enter the IP address of the GRE tunnel which carries the transport protocol IP Address of GRE tunnel Enter ...

Страница 110: ...VPN Resource Allocation allows you to assign resources to the VPN To configure the VPN Resource Allocation follow these steps Step 1 Select VPN Resource Allocation Step 2 In the VPN Type table configure the maximum connections for each of the VPNs IPSec VPN Enter a number of connections Maximum connections 20 PPTP VPN Enter a number of connections Maximum connections 20 OpenVPN Enter a number of c...

Страница 111: ...ptions Check Block Matching URLs to block specific domains and keywords Block Matching URLs Check Allow Only Matching URLs to allow only the specified domains and keywords Allow Only Matching URLs Step 4 Under Filter by Domain click Add Step 5 Enter the domain to filter or allow in the Domain Name column Step 6 To specify when the content filtering rules are active select the schedule from the Sch...

Страница 112: ...r a description for the policy Description Check Enable to activate the policy Enable Click Edit and select the desired Filtering Level select the appropriate web categories to be filtered Choose High Medium Low or Custom to quickly define the filtering extent You can also choose the items from the Adult or Mature Content business orInvestment Entertainment Illegal or Questionable IT Resources Lif...

Страница 113: ...r the End User License Agreement EULA between you and Cisco collectively the Terms Capitalized terms used in this SEULA but not defined will have the meanings assigned to them in the EULA To the extent that there is a conflict between the terms and conditions of the EULA and this SEULA the terms and conditions of this SEULA will take precedence In addition to the limitations set forth in the EULA ...

Страница 114: ...l business rv series routers eos eol notice listing html 3 3 End User may terminate these Terms upon thirty 30 days prior written notice to Cisco if End User does not agree to a change of scope or content made by Cisco in accordance with Section 1 4 OWNERSHIP AND LICENSE 4 1 Ownership End User agrees that Cisco and or Service Provider own all right title and interest including intellectual propert...

Страница 115: ...SLY ACKNOWLEDGES AND AGREES THAT IT IS SOLELY RESPONSIBLE FOR YOUR DATA AND ANY OTHER DATA UPLOADED TO OR DOWNLOADED USING THE SERVICE IN NO EVENT SHALL CISCO OR SERVICE PROVIDER BE LIABLE FOR THE ACCURACY OR COMPLETENESS OF THE INFORMATION PROVIDED IN CONNECTION WITH THE SERVICE CISCO S AND SERVICE PROVIDER S TOTAL LIABILITY TO END USER IN CONNECTION WITH CLAIMS ARISING UNDER THESE TERMS SHALL BE...

Страница 116: ...hreatened acts of terrorism fire epidemics and similar occurrences 7 4 No Waiver No waiver of rights under these Terms by either party shall constitute a subsequent waiver of this or any other right under these Terms 7 5 Survival The following sections shall survive the termination of these Terms Sections 3 Term and Termination 4 Ownership and License 5 Data Usage and Protection 6 Limited Warranty...

Страница 117: ...page 109 WAN Queuing on page 110 WAN Policing on page 111 WAN Bandwidth Management on page 112 Switch Classification on page 112 Switch Queuing on page 113 Traffic Classes Traffic classes allow you to classify the traffic to a desired queue based on the service The service can be Layer 4 TCP or UDP port application Source or Destination IP Address DSCP Receive interface OS and Device type You can ...

Страница 118: ...chniques that offer better network service to the selected traffic during high network traffic Congestion management uses queuing on the interface of network devices to accommodate temporary congestion that stores the excess packets in buffers until bandwidth becomes available The configuration of queues ensures that the higher priority traffic gets serviced in times of congestion Thus the Interne...

Страница 119: ...or the policy and provide the description Next in the Queuing Priority Table select the traffic class to be attached to each queue Configure the bandwidth share value for each queue The traffic without any traffic classification record attached to it is treated as default queue Note Low latency Step 3 Click Apply WAN Policing In WAN Policing the rate control mode supports eight queues Each queue c...

Страница 120: ...ct Downstream kb s Select the outbound queuing policy to be applied to the WAN interface Outbound Queuing Policy Select the inbound policing from the drop down list Inbound Policing Step 3 Click Apply Switch Classification In QoS modes such as Port based DSCP based and CoS based the packets are sent out To configure QoS Switch Classification click QoS Switch Classification and follow these steps S...

Страница 121: ...rvice CoS bits and classifies the packet to the user configured queue Based on the CoS value of the incoming packet select a queue from the drop down list to map the traffic CoS based Step 2 Click Apply Switch Queuing In Switch Queuing the queue weight for the four queues per port can be configured by assigning weights to each queue The range of weights can be from 1 to 100 When LAG is enabled you...

Страница 122: ...RV260x Administration Guide 114 QoS Switch Queuing ...

Страница 123: ...ware Downloads If you wish to receive a copy of the source code to which you are entitled under the applicable free open source license s such as the GNU Lesser General Public License please send your request to external opensource requests cisco com In your requests please include the Cisco product name version and the 18 digit reference number for example 7XEEX17D99 3X49X08 1 found in the produc...

Страница 124: ...RV260x Administration Guide 116 Where To Go Where To Go From Here ...

Отзывы:

Нет отзывов

Похожие инструкции для RV260 series

Бренд: Watchguard Страницы: 24

Бренд: NetBurner Страницы: 15

OCTOPUS 5TX-EEC

Бренд: Hirschmann Страницы: 6

Бренд: Toto Link Страницы: 55

Бренд: Jøtul Страницы: 20

Бренд: UHP Страницы: 15

Бренд: Ubiquiti Страницы: 21

IPS Pro-Module-24C-GE-BP-TM

Бренд: Trend Micro Страницы: 3

Бренд: SainSmart Страницы: 12

Бренд: TRENDnet Страницы: 57

Бренд: IBM Страницы: 90

EonStor GS 3000 Series

Бренд: Infortrend Страницы: 134

Compressor DW-CP04

Бренд: Digital Watchdog Страницы: 73

ISDN Router ISDN

Бренд: Ringdale Страницы: 165

Бренд: Cavalry Страницы: 16

Compact Performance CP-FB9-E

Бренд: Festo Страницы: 103

interchange vs1000

Бренд: Comtrol Страницы: 46

Бренд: Comtrend Corporation Страницы: 90

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды