ELSA Lancom DSL/10 Office Скачать руководство пользователя страница 30 | Manualshive

Страница: 30 / 106

background image

Operating modes and functions

ELSA LANCOM DSL/10 Office

22

Login barring

The configuration in the

ELSA LANCOM DSL/10 Office

is protected against “brute force

attacks“ by barring logins. A brute-force attack is the attempt of an unauthorized person
to crack a password to gain access to a network, a computer or another device. In order
to do so, a computer can, for example, run through all the possible combinations of letters
and numbers until the right password is found.

As a measure of protection against such attacks, the maximum allowed number of
unsuccessful attempts to log in can be set. If this limit is reached, access will be barred
for a certain length of time.

If barring is activated on one port all other ports are automatically barred too.

The following entries are provided in the

ELSA LANconfig

for configuring login barring in

the 'Management' configuration area on the 'Security' tab or under

/Setup/Config-

module

in the menu:

K

'Lock configuration after' (

Login-errors

)

K

'Lock configuration for' (

Lock-minutes

)

Access control via TCP/IP

Access to the internal functions of the devices through TCP/IP can be restricted using a
special filter list. Internal functions in this case means telnet or TFTP sessions to
configure the

ELSA LANconfig

.

This table is empty by default and so access to the router can therefore be obtained by
TCP/IP using telnet or TFTP from computers with any IP address.  The filter is activated
when the first IP address with its associated network mask is entered and from that point
on only those IP addresses contained in this initial entry will be permitted to use the
internal functions.  The circle of authorized users can be expanded by inputting further
entries.  The filter entries can describe both individual computers and whole networks.

The access list can be found in the

ELSA LANconfig

in the 'TCP/IP' configuration section

on the 'General' tab, or in the

/Setup/TCP-IP-module/Access List

menu.

Security for your LAN

You certainly would not like any outsider to have easy access to or to be able to modify
the data on your computers. The

ELSA LANCOM DSL/10 Office

offers you various ways

of restricting access from outside:

K

Data packet filtering

K

IP masquerading (also known as NAT or PAT)

«
...
28
29
30
31
32
...
»

Содержание Lancom DSL/10 Office

Страница 1: ...M ELSA LANCOM TM DSL 10 Office 20554 0200...

Страница 2: ...ations that arise as the result of technical development ELSA is DIN EN ISO 9001 certified The accredited T V CERT certification authority has confirmed ELSA conformity to the worldwide ISO 9001 stand...

Страница 3: ...functions and operating modes and examples of configurations K CD containing electronic documentation Basic technical information e g on xDSL general network technology TCP IP workshop with comprehen...

Страница 4: ......

Страница 5: ...ss administration with the DHCP server 12 Beginning configuration using ELSA LANconfig 12 Start up inband configuration using telnet 13 Configuration commands 13 New firmware with FirmSafe 14 This is...

Страница 6: ...a 41 Declaration of conformity 42 Warranty conditions 43 Index 45 Description of the menu options on CD only R1 Status R3 Status Connection state R4 Status Current time R4 Status Operating time R4 Sta...

Страница 7: ...WAN module R26 Setup Charges module R29 Setup LAN module R30 Setup TCP IP module R31 Setup IP router module R34 Setup SNMP module R42 Setup DHCP server module R43 Setup DNS module R45 Setup Config mo...

Страница 8: ...Contents ELSA LANCOM DSL 10 Office VIII...

Страница 9: ...8 Kbps This section is a brief introduction to the device and its functions See the following sections for a detailed description of the functions the software and how to use it and an introduction to...

Страница 10: ...also shield your network against access from outside What does the ELSA LANCOM DSL 10 Office offer The following is an outline of the principal features of the device giving you a quick overview of it...

Страница 11: ...a transmission error the functioning previous version is automatically reactivated DHCP Thus you can define a certain range of IP addresses which the DHCP server then independently assigns to the indi...

Страница 12: ...ters or networks The correct route can be directly assigned on queries for known computer names The DNS server can also access the name and IP information from the DHCP server The DNS server can also...

Страница 13: ...Package contents Please check the package contents for completeness before starting the installation The following components should be in the box K Power supply unit K LAN connection cable K xDSL co...

Страница 14: ...ges so long as the DSL Chan LED is green LAN tx rx LAN Coll Link LAN FDpx Fast These LEDs show the corresponding network controller status Off Device off red 1 x short Boot procedure test and load sta...

Страница 15: ...able supplied into the 10 100Base T network terminal of the device and into a free network connector on your local network or into a free socket on a hub in your LAN Connect the device to the Ethernet...

Страница 16: ...ndows Explorer click on autorun exe on the CD ELSA LANCOM and follow the instructions in the install program Basic configuration The IP address for the access point is set during the basic configurati...

Страница 17: ...etworks and IP addresses and one of the following conditions applies You have not used any IP addresses previously in your network but would now like to do so However you wish to set the IP address fo...

Страница 18: ...module language english Intranet address and network mask set setup TCP IP module Intranet adr 10 0 0 1 set setup TCP IP module Intranet mask 255 255 255 0 After changing the Intranetaddress the teln...

Страница 19: ...t of a network fault or if an IP network is not installed On the other hand whether or not you will need additional software or hardware The inband configuration requires one of the computers already...

Страница 20: ...ically When using the DHCP server you can have the IP addresses for all computers on the network assigned automatically see also chapter Automatic Address Administration with DHCP The router can also...

Страница 21: ...n establish a connection with the device using the IP address After entering the password if you have set one to protect the configuration all commands are available from the Configuration commands se...

Страница 22: ...een all entries in table rows An leaves the entry unchanged set setup name AACHEN assigns the name AACHEN to the device set VALUE shows you which values can be specified here del VALUE deletes a a tab...

Страница 23: ...tomatically loads the previous firmware version and reboots with it K Manual With the third option you can define a time period during which you want to test the new firmware yourself The device will...

Страница 24: ...sing Telix click on the Upload button specify XModem for the transfer and select the desired file for the upload K If you are using Hyperterminal click on Transfer E Send File select the file specify...

Страница 25: ...s SNMP V 1 has only a very limited set of commands at its disposal as the table below shows These commands can be used for central monitoring and configuration of SNMP capable devices on a network The...

Страница 26: ...ss the router If the trapping mechanism is enabled and a failed access attempt is detected an Authentication Failed trap is triggered and sent to the manager s in the SNMP trap table Bear in mind that...

Страница 27: ...s for someEntry in the SNMP syntax K With SNMP managers that do not allow index values to be entered any existing index entry of a row can be changed to the new index value of the new row The row whic...

Страница 28: ...p messages using the setup SNMP module Send Traps switch SNMP and ELSA LANmonitor The following three entries setup SNMP module Register monitor Delete Monitor and Monitor table are only relevant for...

Страница 29: ...the exchange of data are established in the configuration of the device These include the security of your network monitoring of costs and the authorizations for the individual network users Needless...

Страница 30: ...es Access control via TCP IP Access to the internal functions of the devices through TCP IP can be restricted using a special filter list Internal functions in this case means telnet or TFTP sessions...

Страница 31: ...n and source as well as the source and destination IP addresses with a data packet The destination port in a data packet stands for the service to be addressed in the TCP IP network The destination po...

Страница 32: ...ettings for the ELSA LANconfig can be found in the Management configuration section on the Charges tab or under Setup Charge module during telnet or terminal sessions The current charge and connect ti...

Страница 33: ...nnection on the xDSL line and indicate that it wants a connection to the access concentrator of Provider A and to use Service X there Once the connection has been established the router can forward th...

Страница 34: ...d If a zero is given as time out the connection will not be automatically terminated K Access Concentrator The access concentrator represents the server that can be accessed over this connection If mo...

Страница 35: ...ing An IP router works between networks which use TCP IP as the network protocol This only allows data transmissions to destination addresses entered in the routing table This chapter explains the str...

Страница 36: ...ndicates what should happen with the data packets that match the IP address and network mask Routes with the router name 0 0 0 0 identify exclusion routes Data packets for this zero route are rejected...

Страница 37: ...ng in ELSA LANconfig in the TCP IP configuration section on the Router tab or in the Setup IP Router module Local Routing On menu This is how you tell the router in your device to send the data packet...

Страница 38: ...5 5 minutes Now if the router receives an IP RIP packet it must decide whether or not to incorporate the route contained into its dynamic table This is done as follows K The route is incorporated if i...

Страница 39: ...in an internal table It also enters this port on the table and forwards the packet with the new information The entry in the internal table allows the router to assign this response to the original se...

Страница 40: ...request What IP address belongs to www domain com K Initially the router checks whether a DNS server has been entered in its own settings in ELSA LANconfig in the TCP IP configuration section on the A...

Страница 41: ...passes the following parameters to the workstation computers K IP address K Network mask K Broadcast address K DNS server K NBNS server K Default gateway K Period of validity for the parameters assig...

Страница 42: ...h an activated DHCP module will offer this computer an address assignment A valid address is taken from the pool as an IP address If the computer was already assigned an IP address at some point in th...

Страница 43: ...ximum period of validity that the DHCP server assigns a host If a host requests a validity in excess of 6000 minutes this will nevertheless be the maximum available validity The default setting is 600...

Страница 44: ...determined that the address has already been assigned to another computer Unfortunately the DHCP server has no means of obtaining additional information on this computer K status A computer has infor...

Страница 45: ...idual computers simply by specifying the domain name When processing requests for specific names the DNS server takes advantage of all of the information available to it K First the DNS server checks...

Страница 46: ...a the router For example if would like to access the mail server at your headquarters name mail yourdomain com IP 10 0 0 99 via the router from a branch office enter cd setup dns module dns table set...

Страница 47: ...s for exactly one character and for a random number of characters are valid when entering the domain For example if only a single computer IP 10 0 0 123 is to be prohibited from accessing de domains e...

Страница 48: ...Operating modes and functions ELSA LANCOM DSL 10 Office 40...

Страница 49: ...t IP services such as web server Management V 24 V 28 outband interface 8 pin mini DIN TFTP configuration and firmware upload SNMP management via SNMP v 1 or v 2 WAN or LAN accesses can be activated s...

Страница 50: ...the Niederspannungs Richtlinie 73 23 EWG Low Voltage Directive 73 23 EEC EMV Richtlinie 89 336 EWG EMC Directive 89 336 EEC Zur Beurteilung der Konformit t wurden folgende Normen herangezogen The ass...

Страница 51: ...d The warranty period for ELSA products is six years Excepted from this warranty period are ELSA color monitors and ELSA videoconferencing systems with a warranty period of 3 years This period begins...

Страница 52: ...no entitlement to additional claims such as any refund in full or in part Compensation claims regardless of the legal basis are excluded This does not apply if e g injury to persons or damage to priv...

Страница 53: ...aging minute s R47 Configuration 3 Commands 13 methods 11 SNMP 17 Configuration interface 11 Configuration options R46 Connect R28 Connection control 23 Connection time outs R27 Connections 7 Connecto...

Страница 54: ...Inband 11 Inband configuration 11 Install software 14 Installation 2 Interfaces 7 Internet 2 Internet service provider 1 Intranet R32 Intranet mask R32 Inverse masquerading R40 IP R39 IP access list 1...

Страница 55: ...nd 11 Outband configuration 11 K P Package contents 5 PAP R27 password R32 Password Authentication Protocol R27 Password protection 3 21 Password required R46 PAT 22 23 31 Period of validity 33 35 Pow...

Страница 56: ...R42 K T Table ARP R34 Table RIP R40 TCP R37 R41 TCP max connections R34 TCP IP 8 11 27 TCP IP networks 36 TCP aging minute s R34 Technical data 41 Teleworkers R38 Telnet 3 10 Telnet server R32 Termin...

Страница 57: ...ays menus and actions along with their associated parameters default settings and input options You can access the menus when configuring via telnet or terminal programs and via SNMP also see Configur...

Страница 58: ...rsion table Table firmsafe Mode firmsafe Timeout firmesafe Test firmware Firmware upload Status Connection Current time Operating time WAN statistics LAN statistics PPP statistics TCP IP statistics IP...

Страница 59: ...tus of the WAN route Current time Current time in device Operating time Period of time the device has operated since it was last switched on WAN statistics Displays WAN statistics LAN statistics Displ...

Страница 60: ...eful information on WAN port utilization errors that have occurred and the internal resources of the devices that are available in the current operating state The Status WAN statistics menu has the fo...

Страница 61: ...tus WAN statistics Error statistics menu option provides statistics on the transmission errors that have occurred on this interface The table maintained here has the following layout Ifc CRx bytes Rx...

Страница 62: ...Stack error Number of stack errors for data received Stack errors are caused when frames are received that cannot be assigned to an internal processing procedure e g IP router Tx error Number of trans...

Страница 63: ...TX 100 Mbit half duplex FD100B TX 100 Mbit full duplex If Auto is set under Setup LAN then this is the connection type the two units have negotiated This corresponds to the Fast and FDpx LEDs on the...

Страница 64: ...of each field PPP statistics Running status displays PPP phases Statistics relating to the status of PPP protocol negotiation for each interface LCP statistics Displays PPP LCP statistics PAP statist...

Страница 65: ...acknowledge packets received Rx config reject Number of configure reject packets received for LCP Rx terminate request Number of terminate request packets received for LCP Rx terminate ack Number of...

Страница 66: ...f the meanings of the parameters for these statistics Rx discarded Number of PAP packets discarded Rx request Number of PAP request packets received Rx success Number of PAP success packets received R...

Страница 67: ...packets sent for IPCP Tx config ack Number of configure acknowledge packets sent for IPCP Tx config nak Number of configure negative acknowledge packets sent Tx config reject Number of configure rejec...

Страница 68: ...ccepted Tx config reject Number of CCP queries rejected by the remote station for other reasons Tx terminate request Number of CCP queries sent after releasing the compression Tx terminate ack Number...

Страница 69: ...in the Tx options DNS default NBNS default TCP IP statistics Statistics from the TCP IP area ARP statistics Statistics from the ARP area IP statistics Statistics from the IP area ICMP statistics Stati...

Страница 70: ...IP WAN fragmentation errors Number of unfragmentable IP packets to be sent to the WAN IP WAN fragmentations Number of fragmented IP packets sent to the WAN IP WAN forced fragmentations Number of IP p...

Страница 71: ...TCP connections from the WAN Delete values Deletes TCP statistics TFTP LAN rx Number of TFTP packets received from the LAN TFTP LAN rx read request Number of TFTP read requests received from the LAN...

Страница 72: ...packets repeatedly sent to the WAN TFTP WAN connections Number of TFTP connections established to the WAN Delete values Deletes TFTP statistics DHCP LAN rx Number of DHCP packets received from the LAN...

Страница 73: ...ame Assignment type LAN rx Number of DNS packets received by the LAN LAN tx Number of DNS packets sent on the LAN WAN rx Number of DNS packets received by the WAN WAN tx Number of DNS packets sent on...

Страница 74: ...LAN network errors Number of LAN packets that were not routed IPr LAN routing errors Number of LAN packets that must be sent to another router IPr LAN ttl errors Number of LAN packets with an expired...

Страница 75: ...nce Status IP router statistics RIP statistics This option allows you to display the IP RIP packets received by the device These substatistics provide you with the following entries Table RIP The asso...

Страница 76: ...urrent number of active configuration connections from the LAN LAN total connections Total number of configuration connections from the LAN up until the present WAN active connections Current number o...

Страница 77: ...the LANCOM DSL tx broadcast Number of broadcasts sent to the DSL interface DSL tx unicast Number of packets sent directly to the AC Connection established Display of link status of the DSL connection...

Страница 78: ...mber of IP packets in the secured queue ICMP queue packets Number of ICMP packets TCP queue packets Number of TCP packets TFTP queue packets Number of TFTP packets SNMP queue packets Number of SNMP pa...

Страница 79: ...detailed description of the meaning of each field Status Remote statistics This table shows the last hundred connections of the ELSA LANCOMs with information on the remote station Ifc Connection Error...

Страница 80: ...out Below is a detailed description of the meaning of each field Conn start Remote ID Conn time 0T 00 20 57 BERLIN 50 0T 00 20 46 CHEMNITZ 230 Conn start Time at which the connection was established E...

Страница 81: ...s the logical channel for the router Conn time Duration of the last connection on this channel Extra Additional information on the connection e g the name of the remote station for router connections...

Страница 82: ...ation by PAP or CHAP In addition the device names you assign must be unique For example you might match the device names to the location e g Aachen Berlin Provider etc Setup WAN module This menu group...

Страница 83: ...Name of desired service If nothing is input the LANCOM will accept every service offered Device name Auth Key Tim e Try Conf Fail Term Username AACHEN CHAP 0 5 10 5 2 ELSA Device name In the Device n...

Страница 84: ...to the remote station specified does not exist there is no further response However if a remote station name is not entered all existing connections will be released Try In this column you can specify...

Страница 85: ...stablished after the minutes budget has been used Minutes budget This option allows you to define the number of charge monitoring online minutes that are to be available These minutes can only be ente...

Страница 86: ...as a 12 digit hexadecimal value with the first six digits 00a057 standing for an ELSA device Spare heap The spare heap blocks for the local network affect the number of buffers that are always availa...

Страница 87: ...ask The network mask belonging to the IP address must be entered here The default setting is 255 255 255 0 class C network A network mask of 255 255 255 255 means that there is only one computer in th...

Страница 88: ...ree digits of the sending device XXX XXX XXX YYY The device can then be reached by dialing the IP address XXX XXX XXX 254 In the event that such an address already exists in the network a different ad...

Страница 89: ...ally given by the provider There are then two possible settings in the router K 0 0 0 0 is entered as the address of the DNS server All computers in the local network can then use the provider s DNS s...

Страница 90: ...atically release the TCP connection on expiry of the time entered here Possible settings are from 1 to 99 minutes The default setting is 15 minutes TCP max conn The maximum number of allowable connect...

Страница 91: ...K Off Masquerading is switched off K Static IP masquerading is switched on and functions with assignment of a static IP address previously assigned by the remote station In this procedure the router q...

Страница 92: ...d in the first column Because it contains the IP network mask 0 0 0 0 this line is always appropriate after the rest of the table has been searched Therefore the router sends everything that it cannot...

Страница 93: ...k mask of 0 0 0 0 means that the filter is applied to all networks which also means all computers K Prot Protocol that is to be filtered Possible entries are TCP UDP ICMP and all The setting all filte...

Страница 94: ...others pass the router unfiltered The tables are processed from top to bottom As soon as a matching filter is found the packet is handled accordingly Proxy ARP This option allows you to activate or de...

Страница 95: ...he Internet protocol K If you select Reliable all ICMP packets received are placed in the reliable queue Setup IP router module RIP configuration This option allows you to enter settings for the manag...

Страница 96: ...255 0 0 yield the IP network mask 255 128 0 0 Table RIP This option allows you to display the entries in the current dynamic IP routing table An IP RIP routing table might for example have the followi...

Страница 97: ...ctly to a news server that can be reached via a router with the IP address 192 38 50 100 Table masquerading With IP masquerading the IP addresses of computers in the local network are rendered invisib...

Страница 98: ...used to direct the router to enter the given address in the monitor table and to send traps to it If the traps are not received within the set hold time the address will be automatically deleted from...

Страница 99: ...as follows K If only the IP address or only the Intranet address is entered the start or end of the pool is determined by means of the associated network mask K If both addresses have been specified t...

Страница 100: ...imum period of validity that the DHCP server assigns a host The DEFAULT value of 6000 minutes equals approximately 4 days Default lease time minute s Here you can enter the period of validity that is...

Страница 101: ...ger names are not necessarily practical in a local network Filter list The filter list contains the entries for prohibited domains In addition it is possible to specify for whom a given domain will be...

Страница 102: ...onfiguration options The menu has the following layout LAN config This option allows you to define whether remote configuration from the LAN side is possible On is not possible Off or is possible only...

Страница 103: ...ly one access on an older ELSA LANconfig In this case obtain an updated ELSA LANconfig version over our online media Lock minutes This entry has two meanings It indicates how long the access is blocke...

Страница 104: ...loaded and then operates as desired Everything is then in order However if the new firmware does not operate correctly it may not be possible to communicate with the device after the restart If an er...

Страница 105: ...purposes Boot system This option allows you to reboot the device Before executing the command all open connections DSL or TCP will be released or closed Reset system This option resets all the setting...

Страница 106: ...Description of the menu options ELSA LANCOM DSL 10 Office R50...

Отзывы:

Нет отзывов

Похожие инструкции для Lancom DSL/10 Office

PowerLine DHP-W611AV

Бренд: D-Link Страницы: 78

Бренд: D-Link Страницы: 28

Бренд: D-Link Страницы: 2

DIR-655 - Xtreme N Gigabit Router Wireless

Бренд: D-Link Страницы: 3

Бренд: D-Link Страницы: 11

Бренд: D-Link Страницы: 35

Бренд: D-Link Страницы: 12

Бренд: D-Link Страницы: 12

Бренд: D-Link Страницы: 24

Бренд: D-Link Страницы: 20

Бренд: D-Link Страницы: 44

Бренд: D-Link Страницы: 52

Бренд: D-Link Страницы: 103

Бренд: H3C Страницы: 45

Бренд: H3C Страницы: 80

Бренд: H3C Страницы: 46

Бренд: H3C Страницы: 45

Бренд: H3C Страницы: 4

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды