27
User Manual
MN032EN
Effective October 2017
215U-2 802.11
wireless I/O and gateway
EATON
www.eaton.com
For more complex networks, where Easy IP Filtering does not
provide the necessary functionality, you may need to set up multiple
filtering rules to fully manage the network traffic.
IP Whitelist or Blackliste:
Set this to “Whitelist” if you want to allow
messages that meet the IP Filter Rules. Set this to “Blacklist” if you
want to exclude messages that meet the IP Filtering Rules.
otee:
N
If you set this to Blacklist, and you haven’t selected “Only allow IPv4
and ARP” above, then the filter will block the specified messages, but any
non-IP protocol messages will pass through the filter.
IP Filter Rulese:
These rules apply by checking the source address
and destination IP addresses and ports of the message. A rule will
match a message if the IP address is within the defined range, and
the Port number is within the defined range.
Use the “Add Entry”, “Insert Entry” and “Delete Entry” buttons to
manipulate the rows in the table. For each row in the table, enter
the parameters:
Enable
Check this to enable the rule. To temporarily
disable a rule you can clear this checkbox.
IP Address
Min/Max
These are the first and last IP addresses that this
rule applies to.
Port Min/Maxe:
This is the range of IP Port numbers (TCP or
UDP Ports) that the rule applies to.
Protocol
You can set this to allow only one protocol type
(TCP, UDP or ICMP) or all three protocol types.
otee:
N
When you select any of these protocols, ARP messages for the
corresponding IP address range are also allowed by default. Also, the Port
range values do not apply and are ignored for ICMP type messages.
MAC Filter Rulese:
These rules apply by checking the source MAC
of the message. A rule will match a message if the source MAC
matches the configured value.
otee:
N
Messages that match any of the MAC filter rules are immediately
passed (whitelist) or dropped (blacklist), and are not checked by the IP Filter
Rules. Messages that do not match any filter rules in the whitelist are also
immediately dropped. Messages that do not match any rules in a blacklist are
passed and subsequently checked by the IP Filter Rules.
Use the “Add Entry”, “Insert Entry” and “Delete Entry” buttons to
manipulate the rows in the table. For each row in the table, enter
the parameters:
Enable
Check this to enable the rule. To temporarily
disable a rule you can clear this checkbox.
MAC Address
This is the MAC address that this rule applies to.
Save Changese:
Clicking this button saves changes to non-volatile
storage. Changes don’t take effect until the device has been
restarted. If you plan to make changes to multiple pages, use this
button before navigating to another page.
Save Change and Resete:
Clicking this button immediately applies
the changes on you have made by saving the new configuration to
non-volatile storage, then forcing the device to reset immediately.
Once the device has booted, the new changes will be in effect.
DHCP Server
You can configure one device in your network to act as a DHCP
server for other devices in the network. This lets you automatically
assign IP addresses to devices that join the network. This is most
useful when you want to access the network with a device such as
tablet or PC to connect to the devices in the network at their fixed
network addresses.
otee:
N
You must ensure there is only one DHCP server on your local bridged
network. When your Base site is configured as a Bridge (Default), this
includes DHCP servers connected to the Ethernet network that is connected
to your Base station. When your Base site is configured as a Router, the
DHCP server will only operate on the radio network.
Enable
Check this box to enable the DHCP server
functionality
IP Range
Minimum/
Maximum
This sets the range of IP Addresses that are
assigned to devices that connect to the network.
Make sure that this address range does not
overlap any existing fixed address assignments
you have made on your network. Normally
this range will be part of the same IP network
address range as the other devices on your
network.
Gateway IP
Address
If the connected devices need a default gateway,
you can enter this IP address here. Otherwise,
leave this blank.
Primary/
Secondary DNS
Server
If the connected devices will be using DNS
(Domain Name Service) to register or lookup
device names, enter the IP addresses of the
primary (and secondary) DNS Servers here.
Otherwise, leave these blank.
Lease Timee:
This is the amount of time that connected
devices are allocated an IP address. Once the
lease time expires, the IP address becomes
available for allocation to other DHCP client
devices. The lease time in conjunction with the
IP range limits the number of devices that can
be assigned DHCP addresses within a particular
period. If all of the available IP addresses are
allocated to devices then new devices won’t
be able to join the network until some of the
existing leases expire.
Save Changese:
Clicking this button saves changes to non-volatile
storage. Changes don’t take effect until the device has been
restarted. If you plan to make changes to multiple pages, use this
button before navigating to another page.
Save Change and Resete:
Clicking this button immediately applies
the changes on you have made by saving the new configuration to
non-volatile storage, then forcing the device to reset immediately.
Once the device has booted, the new changes will be in effect.
VLAN Configuration
VLAN (Virtual Local Area Network) provides a method of segregating
a single bridged network into multiple virtual networks that are
logically separated. This allows segregation and prioritization of traffic
in your network.
otee:
N
VLAN is an advanced networking technique. You should only need to
configure VLAN functionality if you have to interoperate with a network that
already uses VLAN.
The following configuration items are available for VLAN.
VLAN Mode
To disable VLAN functionality, select mode
“VLAN Passthrough”. To enable the VLAN, select
mode “VLAN Aware”.
otee:
N
When you select mode “VLAN Aware”, the IP
Address and Subnet Mask settings on the main Quick
Start page are ignored. The settings for Management
IP/Netmask on this page are used instead.
otee:
N
It is possible to configure a VLAN setup that stops your PC from
accessing the device’s web pages. If you are unable to access the device
from the Ethernet port after configuring VLAN rules, you can either: Access
the device from the USB connection; or restore the device’s default network
settings. For instructions, see “Restoring the factory default connection
settings” on P19.
