Cisco RV340 Series Скачать руководство пользователя страница 88 | Manualshive

Страница: 88 / 110

background image

Select Local WAN IP, Local FQDN, or Local User FQDN from the drop-down list.

Remote Identifier Type

Enter the identifier name or IP Address based on your selection

Remote Identifier

Select

IP address

or

Subnet

from the drop-down list.

Remote IP Type

Enter the IP address of the device that can use this tunnel.

IP Address

Enter the subnet mask.

Subnet Mask

Step 2

On the Advanced Settings tab, provide the following:

There are two modes of IKE SA negotiation

—

Main Mode

and

Aggressive Mode

.

Main mode is recommended when the network's security is preferred. If network speed
is preferred, Aggressive Mode is recommended. Check

Enable

to enable Aggressive

Mode, or uncheck

Enable

to use the Main Mode.

If the Remote Security Gateway Type is one of the Dynamic IP types, Aggressive Mode
is required. The box is checked automatically, and this setting cannot be changed.

Aggressive Mode

A protocol that reduces the size of IP datagrams. Check Compress to enable the router
to propose compression when it starts a connection. If the responder rejects this proposal,
then the router does not implement compression. When the router is the responder, it
accepts compression, even if compression is not enabled. If you enable this feature for
this router, also enable it on the router at the other end of the tunnel.

Compress

Broadcast messages used for name resolution in Windows networking to identify
resources such as computers, printers, and file servers. These messages are used by
some software applications and Windows features such as Network Neighborhood.
LAN broadcast traffic is typically not forwarded over a VPN tunnel. However, you can
check this box to allow NetBIOS broadcasts from one end of the tunnel to be rebroadcast
to the other end.

NetBIOS Broadcast

Attempts to re-establish the VPN connection in regular intervals of time.

Keep-Alive

Click

DPD

to enable DPD. It sends periodic HELLO/ACK messages to check the status

of the VPN tunnel. DPD option must be enabled on both ends of the VPN tunnel. Specify
the interval between HELLO/ACK messages in the Interval field by entering the
following:

•

Delay Time

: Enter the time delay between each Hello message.

•

Detection Timeout

: Enter the timeout to declare that the peer is dead.

•

Delay Action

: Action to be taken after DPD timeout. Select

Clear

or

Restart

from the drop-down list.

Dead Peer Detection (DPD)
Enable

Check

Extended Authentication

to enable.

For a single user, select

User

and enter the username and password.

For a group, select

Group Name

, and select

admin

or

guest

from the drop-down list.

Extended Authentication

RV345/345P Administration Guide

82

VPN

Create a Site-to-Site VPN Connection

«
...
86
87
88
89
90
...
»

Содержание RV340 Series

Страница 1: ... Administration Guide First Published Last Modified Americas Headquarters Cisco Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 ...

Страница 2: ...e encouraged to try to correct the interference by using one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help Modifications to this product no...

Страница 3: ...ary 5 TCP IP Services 7 Port Traffic 7 WAN QoS Statistics 8 Application Statistics 9 Connected Devices 10 Routing Status 10 DHCP Bindings 10 Mobile Network 11 VPN Status 11 View Logs 13 C H A P T E R 3 Administration 15 Reboot 15 File Management 16 Manual Upgrade 17 Auto Update 17 Diagnostic 18 License 19 Smart License Usage 19 Certificate 20 RV345 345P Administration Guide iii ...

Страница 4: ...emote Authentication Service 30 User Groups 31 IP Address Group 32 SNMP 33 Discovery Bonjour 33 LLDP 34 Automatic Updates 35 Service Management 36 Schedule 36 C H A P T E R 5 WAN 37 WAN Settings 37 Multi WAN 40 Mobile Network 42 Mobile Network Setup 42 Bandwidth Cap Setting 43 Dynamic DNS 43 Hardware DMZ 44 IPv6 Transition 44 IPv6 in IPv4 Tunnel 6in4 45 IPv6 Rapid Deployment 6rd 45 RV345 345P Admi...

Страница 5: ...s 55 LAN DHCP Settings 56 Static DHCP 59 802 1X Configuration 59 DNS Local Database 60 Router Advertisement 60 C H A P T E R 8 Routing 63 IGMP Proxy 63 RIP 64 Static Routing 65 C H A P T E R 9 Firewall 67 Basic Settings 67 Access Rules 68 Network Address Translation 70 Static NAT 70 Port Forwarding 71 Port Triggering 72 Session Timeout 73 DMZ Host 73 C H A P T E R 1 0 VPN 75 RV345 345P Administrat...

Страница 6: ... Site 85 Teleworker VPN Client 89 PPTP Server 91 L2TP Server 91 SSL VPN 92 VPN Passthrough 94 C H A P T E R 1 1 Security 97 Application Control Wizard 97 Application Control 98 Web Filtering 99 Content Filtering 100 IP Source Guard 100 C H A P T E R 1 2 Where To Go From Here 103 Where To Go From Here 103 RV345 345P Administration Guide vi Contents ...

Страница 7: ... To start the router follow these steps Step 1 Connect a PC to a numbered LAN port on the device If the PC is configured to become a DHCP client an IP address in the 192 168 1 x range is assigned to the PC Step 2 Start a web browser Step 3 In the address bar enter the default IP address of the device 192 168 1 1 The browser might issue a warning that the website is untrusted Continue to the websit...

Страница 8: ...reen when the DMZ is enabled Off when the DMZ is disabled DMZ Off when no VPN tunnel is defined or all defined VPN tunnels have been disabled Solid green when at least one VPN tunnel is up Flashing green when sending or receiving data over VPN tunnel Solid amber when no enabled VPN tunnel is up VPN Off when no USB device is connected or is inserted but not recognized Solid green when the USB dongl...

Страница 9: ...strator Password Directs you to the WAN Settings page where you can modify the WAN parameters Configure WAN Settings Directs you to the Mobile Network page where you can modify the USB configurations Configure USB Settings Directs you to the VLAN Membership page where you can configure the VLAN Configure LAN Settings Quick Access Directs you to the File Management page where you can update the dev...

Страница 10: ...et connection Reset the modem and the device by powering off both devices Next power on the modem and let it sit for about 2 minutes Then power on the device You should now receive a WAN IP address If you have a DSL modem ask your ISP to put the DSL modem into bridge mode User Interface The user interface is designed to make it easy for you to set up and manage your device Navigation The major mod...

Страница 11: ...rk page 11 VPN Status page 11 View Logs page 13 System Summary The System Summary provides a snapshot of the settings on your device It displays your device s firmware serial number port traffic routing status mobile networks and VPN server settings To view this System Summary click Status and Statistics System Summary System Information Host Name Name of host Serial Number Serial number of the de...

Страница 12: ...nabled Renew Click to renew the IP address Release Click to release the interface VPN Status Type Type of the VPN tunnel Active Is Enabled or Disabled Configured VPN tunnel s status whether it is configured or not Max Supported Sessions The maximum number of tunnels supported on the device Connected Session Status of the tunnel Firewall Setting Status Stateful Packet Inspection SPI also known as d...

Страница 13: ... Services Port Listen Status Protocol Type of protocol used for communication Listen IP Address The listening IP address on the device Listen Port The listening port on the device Established Connection Status Protocol Type of protocol used for communication Local IP Address IP address of the system Local Port Listening ports on different services Foreign Address IP address of the device connected...

Страница 14: ...n enabled On it detects the duplex mode and if the connection requires a crossover automatically chooses the MDI or MDIX configuration that matches the other end of the link WAN QoS Statistics The WAN QoS Statics page displays the statistics of the outbound and inbound WAN QoS To view the device s WAN QoS Statics page click Status and Statistics WAN QoS Statistics Interface Name of the interface P...

Страница 15: ...ories accessed Traffic Volume Traffic volume in megabytes Top Applications by Name Applications List of applications accessed Traffic Volume Traffic volume in megabytes Top Talkers Talkers List of IP addresses accessed Traffic Volume Traffic volume in megabytes Top Talkers by Device Type Device List of devices accessed Traffic Volume Traffic volume in megabytes Top Talkers by OS Type OS List of op...

Страница 16: ...opology of the network immediately around it To view the device s Routing Status for IPv4 and IPv6 click Status and Statistics Routing Status IPv4 and IPv6 Routes Destination IP Address and subnet mask of the connection Next Hop IP address of the next hop Maximum number of hops the maximum is 15 hops that a packet passes through Metric Number of routing algorithms when determining the optimal rout...

Страница 17: ...Subnet Mask Mask served by the service provider Default Gateway Default gateway served by the service provider Connection Up Time Time duration of connected device Current Dial Up Session Usage Data usage per session Monthly Usage Monthly data usage Data Card Status Manufacturer Manufacturer of the device Card Firmware Firmware version provided by the manufacturer SIM Status Status of the SIM IMSI...

Страница 18: ...ion type NULL DES 3DES AES 128 AES 192 AES 256 authentication method NULL MD5 SHA1 and DH group number 1 2 5 Local Group IP address and subnet mask of the local group SSL VPN Status A Secure Sockets Layer virtual private network SSLVPN allows users to establish a secure remote access VPN tunnel to this device by using a web browser SSL VPN provides secure easy access to a broad range of web resour...

Страница 19: ...PN connection Tunnel s available Available tunnels for the L2TP connection The Connection Table Shows the status of the established tunnels You can also connect or disconnect these connections Session ID Session ID of the proposed or current connection Username Name of the connected user Remote Access IP address of the remotely connected or proposed connection Tunnel IP IP address of the tunnel Co...

Страница 20: ... keyword to display the logs based on the keyword Keyword Step 3 Click Show Logs To configure log settings see Log on page 26 Note Step 4 Click any of the following options Refresh Click to refresh logs Clear Logs Click to clear logs Export Logs to PC Click to export logs to PC Export Logs to USB Click to export logs on to a USB storage device RV345 345P Administration Guide 14 Status and Statisti...

Страница 21: ... with active or inactive images To access Reboot page follow these steps Step 1 Click Administration Reboot Step 2 In the Active Image after Reboot section select an option Active Image x x xx xx or Inactive Image x x xx xx from the drop down list Step 3 Select the preferred reboot option Reboot the device Return to factory default settings after reboot Return to factory default settings including...

Страница 22: ... performed Latest Version Available on Cisco com Latest signature version Last Checked Date when last checked USB Dongle Driver Current Dongle Driver Version Version of built in USB dongle driver Last Update Last date of when an update was performed Latest Version Available on Cisco com Latest dongle driver version Last Checked Date when last checked Language Package Current Language Package Versi...

Страница 23: ... Step 4 Check Reset all configuration setting to factory defaults to reset all the configuration and apply factory defaults Step 5 Click Upgrade to upload the selected image to the device Auto Update The router supports loading a firmware from USB flash drive if the USB stick is present during the system bootup The router will search the USB flash drive for a firmware image file whose name has one...

Страница 24: ... Fallback Mechanism operates as follows 1 The device first boots up with the active firmware 2 If the firmware is corrupted it will switch to the secondary firmware automatically after the active firmware has failed to boot up after 5 times If the router gets stuck does not reboot automatically you can turn off the power power on wait for 30 seconds then turn off the power for 5 times to switch to...

Страница 25: ...he Cisco software is used Smart Software Licensing Status The Smart Software Licensing Status section displays your device s license information Registration Status Registered or Unregistered and date of registration License Authorization Status Authorized or Evaluation Mode or Out of Compliance or Authorization Expired or Evaluation Period Expired and the date of license authorization Export Cont...

Страница 26: ...certificate that is listed in the Certificate Table Import Certificate To import a certificate follow these steps Step 1 Click Import Certificate Step 2 Select the type of certificate to import from the drop down list Local Certificate CA Certificate PKCS 12 encoded file Step 3 Enter a certificate name For PKCS 12 you must enter a password Step 4 Check Import from PC and click Choose File to uploa...

Страница 27: ...le Name The Configuration File Name displays the last changed time details on the following Running Configuration Startup Configuration Mirror Configuration Backup Configuration Copy Apply Configuration The Copy Apply Configuration section displays the default configuration of the device uses the running configuration file which is unstable and does not retain the settings between reboots You can ...

Страница 28: ...RV345 345P Administration Guide 22 Administration Config Management ...

Страница 29: ...ion contains the following topics Initial Setup Wizard page 24 System page 25 Time page 25 Log page 26 Email page 28 User Accounts page 29 User Groups page 31 IP Address Group page 32 SNMP page 33 Discovery Bonjour page 33 LLDP page 34 Automatic Updates page 35 Service Management page 36 Schedule page 36 RV345 345P Administration Guide 23 ...

Страница 30: ...xt Step 7 If you select Static IP Address click Next and configure the settings below Enter the static IP address Static IP Address Enter the subnet mask Subnet Mask Enter the gateway IP Gateway IP Enter the IP address of the DNS DNS Step 8 If you select PPPoE click Next and configure the settings below Enter the account name Account Name Enter the password Password Confirm the password Confirm Pa...

Страница 31: ...ign a hostname and a domain name to identify your device or require you to specify the same In the former case the default values can be changed as needed Follow these steps to assign a host and domain name Step 1 Click System Configuration System Step 2 In the Host Name field enter a host name Step 3 In the Domain Name field enter a domain name Step 4 Click Apply Time Setting the time is critical...

Страница 32: ...rity Configure Log Settings To configure the log settings follow these steps Step 1 Click System Configuration Log Step 2 Under Log Setting in the Log section check Enable Step 3 In the Log Buffer field enter the number of KB Range 1 KB to 4096 KB Default is 1024 KB Step 4 Severity select the appropriate log severity level from the drop down list They are listed from the highest to the lowest Leve...

Страница 33: ...related to application control Application Control Logs related to routing DHCP WAN LAN and QoS Network Logs related to users activities Users VPN related logs including instances like VPN tunnel establishment failure VPN gateway failure and so on VPN Logs from the 3G 4G dongles which are plugged into the router 3G 4G Logs related to SSLVPN SSLVPN Step 6 In Save to USB Automatically check Enable t...

Страница 34: ...ows you to separate the software that generates the messages and events from the system that stores and analyzes them When enabled the network driver sends messages to a syslog server on the local Intranet or Internet through a VPN tunnel The syslog server can be configured by specifying the name or IP address Step 1 In the Syslog Server section check Enable to enable sending system logs to a remo...

Страница 35: ...r Accounts Step 2 Under Local Users Password Complexity check Enable to enable the password complexity Step 3 Configure the password complexity settings Enter the minimum length of the password to create a new password Range 0 to 64 Default 8 Minimal password length Enter the minimum number of character classes that should be used for the new password Range 0 to 4 Default 3 Compose a password usin...

Страница 36: ... LDAP use the Remote Authentication Service Step 1 Under the Remote Authentication Service Table click Add and enter the following information Specify a name for the domain Name Select an authentication type from the drop down list RADIUS a networking protocol that provides centralized Authentication Authorization and Accounting AAA management for users who connect and use a network service Active...

Страница 37: ...ss multiple services like Web Login PPTP L2TP and EzVPN To create user groups follow these steps Step 1 Select System Configuration User Groups Step 2 Under the User Groups Table click Add to create a new user group Step 3 In the Group Name field enter a name for the group Step 4 Under the Local User Membership List check the desired check boxes in the Join column to attach the list of users to th...

Страница 38: ...figure and manage the application control policies and web filtering you must set up the IP address groups To configure the IP address groups follow these steps Step 1 Click System Configuration IP Address Group Step 2 In the IP Address Group Table click Add to add a group and enter a name To delete a group click Delete Step 3 Click Add and enter the following information Select either IPv4 or IPv...

Страница 39: ...system location System Location Enter a name for the community Get Community Enter a name for the community Set Community Trap Configuration Using Trap configurations you can set the source address of every SNMP trap packet sent by the router to a single address regardless of the outgoing interface Step 2 To configure the SNMP trap enter the following information Enter the IP address Trap Receiver...

Страница 40: ...formation is sent by the device s interface at a fixed interval in the form of an Ethernet frame Each frame contains one LLDP Data Unit LLDPDU Each LLDPDU is a sequence of type length value TLV structure To configure LLDP follow these steps Step 1 Select System Configuration LLDP Step 2 In the LLDP section check Enable It is enabled by default Step 3 In the LLDP Port Setting Table check Enable LLD...

Страница 41: ... Updates Step 2 From the Check Every drop down list choose how often the device should automatically check Never Week or Month for possible firmware revisions Click Check Now to check immediately Step 3 In the Notify via field check Email to and enter the email address The notifications are sent to a configured email address If you haven t configured an email server you should click the link in th...

Страница 42: ...ick Apply Schedule The network devices should be protected against intentional attacks and viruses that could compromise confidentiality or result in data corruption or denial of service Schedules can be created to apply firewall or port forwarding rules on specific days or time of day To configure the schedule follow these steps Step 1 Select System Configuration Schedule Step 2 In the Schedule T...

Страница 43: ...dd Step 3 Select the Interface WAN1 or WAN 2 Based on the interface selected a subinterface name will appear just below Add this subinterface to the Multi WAN table to forward the default route traffic or it will only forward the connected route traffic based on the routing table Step 4 Enter the VLAN ID Step 5 Configure the settings for the IPv4 IPv6 or Advanced Step 6 Click Apply IPv4 and IPv6 C...

Страница 44: ...he ISP Password Select Use PPPoE Provided DNS Server or Use DNS DNS Server Enter the IP address of the primary and or secondary Static DNS in the fields Static DNS 1 2 Select Connect on Demand if your ISP charges when connected Enter the maximum idle time in seconds to wait before terminating the connection due to inactivity Default is 5 minutes Select Keep Alive to periodically check the connecti...

Страница 45: ... MPPE encryption MPPE Encryption When the IPv4 connection uses L2TP In the L2TP Settings section enter the following information For DCHP select this option to enable DHCP to provide an IP address For Static IP select this option and provide an IP address netmask and the IP address of the default gateway IP Assignment Enter the name of the server L2TP Server IP FQDN The username assigned to you by...

Страница 46: ... the clone MAC address for the device MAC Address Clone When MAC Address Clone is enabled the port mirroring does not work Note Step 11 Click Apply Add any of these sub interfaces to the Multi WAN table to forward the default route traffic Or it will only forward the connected route traffic based on the routing table Note Multi WAN WAN failover and load balancing features provide efficient utiliza...

Страница 47: ...ork Service Detection Check to allow the device to detect network connectivity by pinging specified devices and enter the settings as described here Retry Count Number of times to ping a device The range is 1 to 10 and the default is 3 Retry Timeout Number of seconds to wait between the pings The range is 1 to 300 and the default is 5 seconds Detect Destination Select Default Gateway or Remote Hos...

Страница 48: ...h the connection Step 4 In the Service Type select the type of service from the drop down list Mobile Network Setup To configure the Mobile Network Setup follow these steps Step 1 In the Configuration Mode select Auto to connect to the network automatically Step 2 Enter the SIM PIN the pin code associated with your SIM card Step 3 Or select Manual and to connect to the network manually and configu...

Страница 49: ...te Select number of days to apply the bandwidth cap settings Monthly Bandwidth Cap Enter the size of the data Send an email to administrator if 3G 4G usage has reached percentage of monthly bandwidth cap Select the percentage of data for monthly bandwidth cap When the cap is reached an email alert is sent to the administrator Step 2 Click Apply Dynamic DNS Dynamic Domain Name System DDNS is a meth...

Страница 50: ...g your WAN port to a specific IP address You can configure the firewall rules to allow access to specific services and ports in the DMZ from both the LAN and WAN If there is an attack on any of the DMZ nodes the LAN is not necessarily vulnerable We recommend that you place hosts that must be exposed to the WAN such as web or email servers in the DMZ network To configure the hardware DMZ configurat...

Страница 51: ... 4 Enter the Remote IPv6 Address Step 5 Click Apply IPv6 Rapid Deployment 6rd In IPv6 Rapid Deployment 6rd each ISP uses one of its own IPv6 prefixes instead of the special 2002 16 prefix standardized for 6to4 Hence a provider is guaranteed for its 6rd hosts availability from all native IPv6 hosts that can reach their IPv6 network To add IPv6 Rapid Deployment 6rd enter the following information St...

Страница 52: ...entified by the prefix All hosts in the network have the identical initial bits for their IPv6 address Enter the number of common initial bits in the network addresses Default is 64 Step 4 Click Apply RV345 345P Administration Guide 46 WAN IPv6 Rapid Deployment 6rd ...

Страница 53: ...Switch Classification page 50 Switch Queuing page 51 Traffic Classes Traffic classes channel Internet traffic to a desired queue based on the service The service can be Layer 4 TCP or UDP port application Source or Destination IP Address DSCP Receive interface OS and Device type To configure the Traffic Classes follow these steps Step 1 Click QoS Traffic Classes Step 2 In the Traffic Table click A...

Страница 54: ... type of device from the drop down list from which the traffic is initiated Device Type Select the Operating System of the device from the drop down list from which the traffic is initiated OS Type The DSCP matches the traffic class value in the IPv6 header for the IPv6 traffic The traffic class value is 4 times the configured value For example if the user configures the matched DSCP as 10 then re...

Страница 55: ...Class and configure the bandwidth share value for each queue Step 7 Click Apply WAN Policing In WAN Policing the rate control mode supports eight queues Each queue can be configured with a maximum rate To configure the WAN Policing page follow these steps Step 1 Click QoS WAN Policing Step 2 Check Enable policing of traffic on WAN interfaces Step 3 In the Policy Class Table configure the following...

Страница 56: ...oS Mode Port based DSCP based or CoS based The incoming packets on each LAN port which are mapped to specific queues based on the mappings LAN Port Queue Select the LAN Port Queue to map the traffic coming on the individual LAN ports LAG Port Queue When LAG is enabled all traffic entering this LAG interface is mapped using a configured queue Port based For IPv6 traffic the DSCP matches the traffic...

Страница 57: ...he range of weights can be from 1 to 100 When LAG is enabled the user can define the queue weights for all four queues If the weight is 0 this means that the queue is in highest priority queue Note To configure LAN Port Queue Weight click QoS Switch Queuing and complete the following steps Step 1 In LAN Port Queue Weight select the appropriate weight for each of the queues Step 2 Click Apply Step ...

Страница 58: ...RV345 345P Administration Guide 52 QoS Switch Queuing ...

Страница 59: ...tisement page 60 Port Settings The Port Settings page displays the ports for EEE Flow Control Mode Port Mirror and Link Aggregation To configure the port settings for the LAN follow these steps Step 1 Select LAN Port Settings Step 2 In the Basic Per Port Configuration table configure the following Lists the ports currently available on the router Port Check to enable the port to allow the settings...

Страница 60: ...ect to apply link aggregation on appropriate port for traffic Select anyone of the LANs LAN1 to LAN16 from the drop down list LAG1 All the existing configurations on the ports which are going to be part of LAG are lost Warning Step 5 Click Apply PoE Settings RV345P Power over Ethernet PoE is a technology for LANs local area networks that allows a device to be operated by electrical current which i...

Страница 61: ...or Low Administrative Power Allocation Enter the milliwatts mW Range 0 30000 Default 30000 Step 5 For Class Limit configure the following PoE Enable Check to enable Power Priority Level Select a priority level Critical High or Low Step 6 Click Apply Step 7 To enable Legacy PoE check Enable Step 8 Simple Network Management Protocol SNMP Traps enable an agent to notify the management station of sign...

Страница 62: ...AN When the untagged VLANs are excluded from a port the port automatically joins the default VLAN Step 9 Click Apply LAN DHCP Settings DHCP setup configures the DHCP server for relay or Option 82 DHCP relay agent information option for LAN clients to obtain IP addresses DHCP server maintains local pools and leases It also allows LAN clients to connect to a remote server for obtaining IP address Op...

Страница 63: ...e WINS server that resolves NetBIOS names to IP addresses Default is 0 0 0 0 WINS Server Option 66 Enter the IP address or the hostname of a single TFTP server Option 150 Enter the IP addresses of a list of TFTP servers Option 67 Enter the boot filename DHCP Options Configuring DHCP type for IPv6 Step 6 To configure the DHCP Mode for IPv6 enter the following Disables the DHCP on this device There ...

Страница 64: ...ime in minutes Valid values are 5 to 3200 minutes Default is 1460 minutes 24 hours Client Lease Time The range start and end of IP addresses that can be assigned dynamically The range can be up to the maximum number of IP addresses that the server can assign without overlapping the PPTP and SSL VPN For example if the router uses the default LAN IP address 192 168 1 1 the starting value must be 192...

Страница 65: ... must be successfully authorized for all hosts to be granted network access If the port becomes unauthorized re authorization fails or an EAPOL logoff message is received all attached clients are denied access to the network To configure port based authentication Step 1 Select LAN 802 1X Configuration Step 2 Check Enable Port Based Authentication to enable the feature 802 1X requires the use of RA...

Страница 66: ...ter periodically and in response to solicitations A host uses the information to learn the prefixes and parameters for the local network Disabling this feature effectively disables auto configuration requiring manual configuration of the IPv6 address subnet prefix and default gateway on each device To configure the Router Advertisement follow these steps Step 1 Select LAN Router Advertisement Step...

Страница 67: ...e same MTU value when the LAN MTU is not well known The default setting is 1500 bytes which is the standard value for Ethernet networks For PPPoE connections the standard is 1492 bytes Unless your ISP requires a different setting this setting should not be changed Enter a value between 1280 and 1500 Maximum Transmission Unit MTU Enter the time in seconds for the router advertisement messages to ex...

Страница 68: ...RV345 345P Administration Guide 62 LAN Router Advertisement ...

Страница 69: ... behind it To enable the IGMP proxy follow these steps Step 1 Select Routing IGMP Proxy Step 2 Check Enable IGMP Proxy to allow the router and the nodes to communicate with each other Step 3 Select the Upstream Interface from the drop down list WAN Auto The router can support multi WAN If selecting the WAN auto mode the router will select the active WAN as the upstream port If multiple WANs are up...

Страница 70: ...d Checking Enable for an interface automatically checks RIP version 1 RIP version 2 RIPng IPv6 and Authentication for that interface Similarly unchecking Enable unchecks all Note Interface This protocol uses classful routing and does not include subnet information or authentication Check Enable to enable sending and receiving routing information on RIP version 1 Check Passive to disable routing in...

Страница 71: ...hway that a packet must travel to reach a destination If there is no communication between the routers on the current network topology static routing can be configured to communicate between the routers Static Routing uses less network resources than dynamic routing because they do not constantly calculate the next route to take To configure static routing follow these steps Step 1 Select Routing ...

Страница 72: ... the IP address of the router of the last resort Next Hop The value in the Metric field represents the number of routers between your network and the destination This is a direct connection so it can be set to the minimum value of 1 Metric Choose the interface to use for this static route from the drop down list Interface Step 5 Click Apply RV345 345P Administration Guide 66 Routing Static Routing...

Страница 73: ...age 72 Session Timeout page 73 DMZ Host page 73 Basic Settings On the Basic Settings page you can enable and configure the basic settings You can also add trusted domains to this list To configure the basic settings follow these steps Step 1 Click Firewall Basic Settings and enter the following information Check Enable to enable the firewall settings uncheck Enable to disable Firewall Check Enable...

Страница 74: ...sal Plug and Play Check to restrict the following web features Java Blocks Web Java feature Cookies Blocks cookies ActiveX Blocks ActiveX Access to HTTP Proxy Server Blocks HTTP proxy servers Restrict Web Features Check Enable to allow only the selected web features such as Java Cookies ActiveX or Access to HTTP Proxy Servers and restrict all others Exception Step 2 In the Trusted Domains Table ch...

Страница 75: ...ace Select the source IP address to which the rule is applied and enter the following Any Single IP Enter an IP address IP Range Enter the range of IP addresses Subnet Enter a subnet of a network Destination Address Select Business Evening hours Marketing or Work from the drop down list to apply the firewall rule Then click on the link to configure the schedules Schedule Name Step 3 Click Apply St...

Страница 76: ...T creates a relationship that maps a valid WAN IP address to LAN IP addresses that are hidden from the WAN Internet by NAT Step 1 Click Firewall Static NAT Step 2 Click Add or select the row and click Edit and enter the information Enter the starting IP address of the internal IP address range to map to the public range Private IP Range Begin Enter the starting IP address of the public IP address ...

Страница 77: ...an external service from the drop down list If a service is not listed you can add or modify the list by following the instructions in the Service Management section External Service Select an internal service from the drop down list If a service is not listed you can add or modify the list by following the instructions in the Service Management section Internal Service Enter the internal IP addre...

Страница 78: ... the application Application Name Select a service from the drop down list If a service is not listed you can add or modify the list by following the instructions in the Service Management section Trigger Service Select a service from the drop down list If a service is not listed you can add or modify the list by following the instructions in the Service Management section Incoming Service Select ...

Страница 79: ...P sessions Inactive ICMP sessions are removed from the session table after this duration ICMP Session Timeout Enter the maximum number of concurrent connections allowed Maximum Concurrent Connection Displays the number of current connections Current Connections Click to clear the current connections Clear Connections Step 3 Click Apply DMZ Host DMZ is a subnetwork that is open to the public but be...

Страница 80: ...configure the DMZ follow these steps Step 1 Choose Firewall DMZ Step 2 In DMZ Host check Enable Step 3 Enter the DMZ Host IP Address Step 4 Click Apply RV345 345P Administration Guide 74 Firewall DMZ Host ...

Страница 81: ... Site page 75 IPsec Profiles page 77 Site to Site page 80 Client to Site page 85 Teleworker VPN Client page 89 PPTP Server page 91 L2TP Server page 91 SSL VPN page 92 VPN Passthrough page 94 VPN Setup Wizard Site to Site The VPN allows a remote host to act as if they were located on the same local network The router supports 50 tunnels The VPN Setup Wizard guides in configuring a secure connection...

Страница 82: ...lect a DH group Group 2 or Group 5 from the drop down list DH is a key exchange protocol with two groups of different prime key lengths Group 2 has up to 1 024 bits and Group 5 has up to 1 536 bits For faster speed and lower security choose Group 2 For slower speed and higher security choose Group 5 Group 2 is selected by default Diffie Hellman DH Group Select an encryption option 3DES AES 128 AES...

Страница 83: ...or data encryption and enter the encryption AH Select this for data integrity in situations where data is not secret but must be authenticated Protocol Selection Select an encryption option 3DES AES 128 AES 192 or AES 256 from the drop down list This method determines the algorithm used to encrypt or decrypt ESP ISAKMP packets Encryption Select an authentication MD5 SHA1 or SHA2 256 Authentication...

Страница 84: ...roduces a 128 bit digest The SHA1 is a one way hashing algorithm that produces a 160 bit digest The SHA1 is recommended because it is more secure Make sure that both ends of the VPN tunnel use the same authentication method Select an authentication MD5 SHA1 or SHA2 256 Authentication Amount of time an IKE SA is active in this phase The default value for Phase 1 is 28 800 seconds SA Lifetime Sec Ch...

Страница 85: ...method determines the algorithm used to encrypt or decrypt ESP ISAKMP packets Encryption Enter a number Hex 48 characters Key for decrypting ESP packets received in hex format Key In Enter a number Hex 48 characters Key for encrypting the plain packets in hex format Key Out The authentication method determines how the Encapsulating Security Payload Protocol ESP header packets are validated The MD5...

Страница 86: ...uter B enter its settings in the Local Group Setup section and enter the Router A settings in the Remote Group Setup section To configure the Site to Site VPN follow these steps Step 1 Click VPN Site to Site Step 2 In the Site to Site table the following will be displayed The name of the VPN tunnel connection created using VPN Setup Wizard It does not have to match the name used at the other end o...

Страница 87: ...PSec peer must be configured with the Pre shared key of every other peer with which it establishes a session Enter the Pre shared Key and click Enable to enable the Minimum Pre shared Key Complexity Preshared Key The digital certificate is a package that contains information such as a certificate bearer s identity name or IP address the certificate s serial number the certificate s expiration date...

Страница 88: ...for this router also enable it on the router at the other end of the tunnel Compress Broadcast messages used for name resolution in Windows networking to identify resources such as computers printers and file servers These messages are used by some software applications and Windows features such as Network Neighborhood LAN broadcast traffic is typically not forwarded over a VPN tunnel However you ...

Страница 89: ... using either an alternate IP address for the remote peer or an alternate local WAN interface This feature is available only if DPD is enabled Tunnel Backup Enter the IP address for the remote peer or reenter the WAN IP address that was already set for the remote gateway Remote Backup IP Address Select the local interface WAN1 WAN2 USB1 or USB2 from the drop down list Local Interface To enable the...

Страница 90: ...g the other peer Pre shared keys do not scale well because each IPSec peer must be configured with the Pre shared key of every other peer with which it establishes a session Enter the Pre shared Key and click Enable to enable the Minimum Pre shared Key Complexity Pre shared Key The digital certificate is a package that contains information such as a certificate bearer s identity name or IP address...

Страница 91: ...tunnel to allow teleworkers and business travelers to access your network by using third party VPN client software To configure the Client to Site follow these steps Step 1 Click VPN Client to Site Step 2 Click Add and the IPsec Client to Site Groups table will be displayed Step 3 To add a Client to Site connection click Add Step 4 In the Add a New Group section select an option Cisco VPN Client o...

Страница 92: ...ines the data structure for certificates Select the certificate from the drop down list IKE Authentication Method Click Group Name and select the user group admin or guest Click Add or Delete to modify the User Group User Group Select the mode from the options Client Client request for IP address and server supplies the IP addresses from the configured address range Select Client and enter the sta...

Страница 93: ... independently using its Pre shared key it knows that both peers must share the same secret thus authenticating the other peer Pre shared keys do not scale well because each IPSec peer must be configured with the Pre shared key of every other peer with which it establishes a session Enter the Pre shared Key and click Enable to enable the Minimum Pre shared Key Complexity Certificate The digital ce...

Страница 94: ... The backup server 1 has the highest priority and the backup server 3 has the lowest priority Back Server 1 2 3 Check to enable split tunnel Then click Add to enter an IP address and netmask for the split tunnel You can add edit or delete a split tunnel Split Tunnel Check to enable split DNS Then click Add to enter an domain name for the split DNS You can add edit or delete a split tunnel Split DN...

Страница 95: ...n active connection at startup If you enable one Teleworker VPN Client on startup it will disable this option on other client rules Teleworker VPN Client Check On or Off Auto Initiation Retry Enter the time in seconds Range 120 to 1800 Retry Interval Enter the maximum number of retries Range 0 to 16 Retry Limit Step 2 Click Apply Step 3 In the Teleworkers VPN Client table click Add Step 4 Provide ...

Страница 96: ...te and select Default IKE Authentication Method Client Client request for IP address and server supplies the IP addresses from the configured address range Select Client and enter the username and password Network Extension Mode NEM Clients propose their subnet for which VPN services need to be applied on traffic between LAN behind server and subnet proposed by client The ezvpn client NEM mode onl...

Страница 97: ...PN connections 128 bit key MPPE encryption schemes are supported Select the MPPE encryption None or 128 bits from the drop down list Microsoft Point to Point MPPE Encryption Step 2 Click Apply L2TP Server Layer Two Tunneling Protocol L2TP is an extension of the PPTP used by an Internet service provider ISP to enable VPN over the Internet L2TP does not provide encryption for the data it tunnels Ins...

Страница 98: ...tricted networks using a secure and authenticated pathway by encrypting the network traffic The router supports Cisco AnyConnect VPN client which can be downloaded at http www cisco com go anyconnect The router supports 2 SSL VPN tunnels by default and the user can register a license to support up to 50 tunnels Once installed and activated the SSL VPN will establish a secure remote access VPN tunn...

Страница 99: ...out Sends periodic HELLO ACK messages to check the status of the VPN tunnel This feature must be enabled on both ends of the VPN tunnel Specify the interval between HELLO ACK messages in the Interval field Enter the gateway DPD timeout in seconds Range 0 to 3600 Gateway DPD Timeout Ensures that your router is always connected to the Internet Attempts to re establish the VPN connection if it is dro...

Страница 100: ...ernet destined traffic to be sent unencrypted directly to the Internet Full Tunneling sends all traffic to the end device where it is then routed to destination resources eliminating the corporate network from the path for web access Enable Split Tunneling Select Include Traffic to include traffic or Exclude Traffic when applying the split tunneling Split Selection Step 6 In the Split Network Tabl...

Страница 101: ... PPTP Passthrough Point to Point Tunneling Protocol PPTP allows the Point to Point Protocol PPP to be tunneled through an IP network L2TP Passthrough Layer 2 Tunneling Protocol is the method used to enable Point to Point sessions by using the Internet at Layer 2 Step 3 Click Apply RV345 345P Administration Guide 95 VPN VPN Passthrough ...

Страница 102: ...RV345 345P Administration Guide 96 VPN VPN Passthrough ...

Страница 103: ...ication Control Wizard To add configure or modify the application control policies follow these steps Step 1 Click Security Application Control Wizard Step 2 On the Application Control page select On and enter a name for the policy Step 3 Click Next and above the Application List Table click Edit to configure the application names to be filtered blocked or logged etc Click Apply once you have sele...

Страница 104: ...or logged etc from the list and click Apply Application Lists the Category Application and Behavior of the configured filters Application List Table Select the device type from the drop down list Device Type Select the OS from the drop down list OS Type Select an IP Group from the drop down list to apply the policy IP Groups Under Exclusion List Table click Add and configure the following Type Sel...

Страница 105: ...re Content business Investment Entertainment Illegal Questionable IT Resources Lifestyle Culture Other and Security categories The incoming URL belonging to the selected items are blocked Click Apply to go back to Web Filtering Add Edit Policy page You can see the selected web content listed in the Application List Table under Category Click Restore to Default Categories to restore default setting...

Страница 106: ...ep 5 Enter a domain you want to filter allow in the Domain Name column Step 6 To specify when the content filtering rules are active select the schedule from the Schedule drop down list Step 7 Under Filter by Keyword click Add Step 8 Enter the keywords to be blocked allowed in the Keyword Name column Step 9 To specify when the content filtering rules are active select the schedule from the Schedul...

Страница 107: ...of the IP Address Step 4 In the IP MAC Binding Table click Add and enter the Static IPv4 address and MAC address for binding Step 5 Click Apply Step 6 Click Edit or Delete to edit or delete and existing address The DHCP Lease Table list all available Static DHCP and Dynamic leases from the DHCP server relay Click Add to IP MAC Binding Table to add the available leases to the binding table Note RV3...

Страница 108: ...RV345 345P Administration Guide 102 Security IP Source Guard ...

Страница 109: ... required Cisco Firmware Downloads If you wish to receive a copy of the source code to which you are entitled under the applicable free open source license s such as the GNU Lesser General Public License please send your request to external opensource requests cisco com In your requests please include the Cisco product name version and the 18 digit reference number for example 7XEEX17D99 3X49X08 1...

Страница 110: ...RV345 345P Administration Guide 104 Where To Go From Here Where To Go From Here ...

Отзывы:

Нет отзывов

Похожие инструкции для RV340 Series

Бренд: H3C Страницы: 37

Бренд: H3C Страницы: 41

Бренд: Maestro Страницы: 4

Бренд: Mafell Страницы: 162

Бренд: Nexxt Страницы: 2

MSR900-E Routers

Бренд: H3C Страницы: 2

Бренд: Ericsson Страницы: 8

Бренд: Ubiquiti Страницы: 13

Бренд: NETGEAR Страницы: 2

ZoneFlex series

Бренд: Ruckus Wireless Страницы: 68

Бренд: ALCON Страницы: 47

Бренд: EINHELL Страницы: 32

UniFi AP BeaconHD

Бренд: Ubiquiti Страницы: 11

Бренд: peplink Страницы: 30

Rocket5AC R5AC-PTP

Бренд: Ubiquiti Страницы: 13

Бренд: Billion Страницы: 48

Бренд: Linksys Страницы: 30

Бренд: Linksys Страницы: 31

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды