1. Home
    2. /
  2. Manuals
    3. /
  3. Adtran
    4. /
  4. NetVanta 2100
    5. /
  5. 9
Page 41 / 210 Scroll up to view Page 36 - 40
NetVanta 2000 Series System Manual
Section 4, User Interface Guide
61200361L1-1E
© 2002 ADTRAN, Inc.
41
> C
ONFIG
> R
OUTES
> D
ESTINATION
IP
The
D
ESTINATION
IP
address field displays the IP address of the destination network for the route. The
NetVanta 2000 series uses this information when making routing decisions.
> C
ONFIG
> R
OUTES
> I
NTERFACE
N
AME
The
I
NTERFACE
N
AME
field displays the name of the interface that is accessed to send data using the listed
route. The options are:
ETH
0
(the
LAN
port located on the back panel of the unit) and
ETH
1
(the
WAN
port
located on the back panel of the unit).
> C
ONFIG
> R
OUTES
> N
ET
M
ASK
The
N
ET
M
ASK
field displays the current subnet mask used for the listed route. Subnet masks are used to
identify subnetworks to allow for IP sharing on a LAN.
> C
ONFIG
> R
OUTES
> G
ATEWAY
IP
The
G
ATEWAY
IP
field displays the IP address of the first intelligent device that intercepts and steers data
for its assigned network. The IP route table for the gateway of a network should contain routes to all
available subnets on the network.
> C
ONFIG
> R
OUTES
> H
OP
C
OUNT
The
H
OP
C
OUNT
field displays the number of gateways datagrams pass through when taking this route to
their destination.
> C
ONFIG
> R
OUTES
> T
YPE
The
T
YPE
field designates whether a route was configured or learned. Configured routes show up as
L
OCAL
. Learned routes show up as
D
YNAMIC
.
> C
ONFIG
> R
OUTES
> D
ELETE
R
OUTE
Select the routing entry you want to delete by choosing the corresponding checkbox and clicking the
D
ELETE
R
OUTE
button. This will delete the selected route entry.
> C
ONFIG
> F
IREWALL
The
F
IREWALL
C
ONFIGURATION
page can be accessed by clicking on
F
IREWALL
found in the menu list on the
left side of the display window. This page provides control to activate different cyber attack checks. The
event logging thresholds for cyber attacks are also configured on the
F
IREWALL
C
ONFIGURATION
page.
Before clicking the
D
ELETE
R
OUTE
button, make sure that you have selected the correct
routing entry. Removing the routing entry for a destination may make it inaccessible.
Page 42 / 210
Section 4, User Interface Guide
NetVanta 2000 Series System Manual
42
© 2002 ADTRAN, Inc.
61200361L1-1E
> C
ONFIG
> F
IREWALL
> IP S
POOFING
C
HECK
IP Spoofing is a network intrusion that occurs when an outside user gains access to a computer on the
network by pretending to be at a trusted IP address.
IP S
POOFING
C
HECK
is always
E
NABLED
, and the
NetVanta 2000 series discards any packets received on the WAN interface containing a source IP address
on the corporate network.
> C
ONFIG
> F
IREWALL
> P
ING
OF
D
EATH
C
HECK
Ping of Death is a denial of service attack which exploits the errors in the oversize datagram handling
mechanism of a TCP/IP stack. Many popular operating systems have difficulty handling datagrams larger
than then maximum datagram size defined by the IP standard. If hosts running these operating systems
encounter oversized ping packets, it is likely they will hang or crash causing network problems.
P
ING
OF
D
EATH
C
HECK
is always
E
NABLED
, and the NetVanta 2000 series becomes the central entry point for all
traffic entering the corporate network and it watches for such non-standard IP datagrams to filter them
before they reach vulnerable hosts on the network.
> C
ONFIG
> F
IREWALL
> L
AND
A
TTACKS
C
HECK
Land Attacks are a special type of denial of service attack on TCP-based services such as HTTP, SMTP,
and FTP. In a Land Attack an attacker forges the equal values for the source and destination port, and
source and destination IP addresses. These port values are often the well-known service port values, and
the IP addresses are the target hosts’s IP address. This attack exploits the inappropriate implementation of
the TCP connections establishment protocol in a TCP/IP stack; as a result the target server enters an
uncontrollable infinite spin and eventually the system crashes.
L
AND
A
TTACK
C
HECK
is always
E
NABLED
,
and the NetVanta 2000 series ensures that all service requests made to any of the hosts in the corporate
network are Land Attack free.
> C
ONFIG
> F
IREWALL
> R
EASSEMBLY
A
TTACK
Datagrams traveling in the Internet may pass through heterogeneous networks which require them to be
fragmented and reassembled at their destinations. Certain popular TCP/IP implementations cannot handle
all datagram reassembly scenarios properly. If an attacker sends datagram fragments to a host with limited
datagram reassembly capabilities the host is likely to behave unpredictably.
R
EASSEMBLY
A
TTACK
is always
E
NABLED
, and the NetVanta 2000 series invokes its robust datagram reassembly engine to perform the
datagram reassembly strictly conforming to IP standards.
> C
ONFIG
> F
IREWALL
> SYN F
LOODING
A
TTACK
C
HECK
SYN Flooding is a well-known denial of service attack on TCP based services. TCP requires a 3-way
handshake before the actual communications between two hosts begins. A server must allocate resources
to process new connection requests that are received. A malicious intruder is capable of transmitting large
amounts of service requests in a very short period causing servers to allocate all resources to process the
incoming requests. If
SYN F
LOODING
A
TTACK
C
HECK
is selected, the NetVanta 2000 series filters out phony
service requests and allows only legitimate requests to pass through.
Page 43 / 210
NetVanta 2000 Series System Manual
Section 4, User Interface Guide
61200361L1-1E
© 2002 ADTRAN, Inc.
43
> C
ONFIG
> F
IREWALL
> ICMP R
EDIRECT
C
HECK
ICMP Redirect is a standard ICMP message used to provide hosts with better route information to the
source. When this message is received, the recipient updates its routing table with the new routing
information provided with no authentication required. An intruder can provide a target with the route
information of his or her interest thereby gaining access to the hosts routing table. It is possible for an
intruder to access the data originated from the target hosts once the hosts routing table has been
compromised. If
ICMP R
EDIRECT
C
HECK
is
E
NABLED
, the NetVanta 2000 series discards all ICMP Redirect
messages.
> C
ONFIG
> F
IREWALL
> S
OURCE
R
OUTING
C
HECK
Strict and loose source routing (as specified in IP standard RFC 791) allows datagrams to take a predefined
path towards a destination. An intruder can gain detailed information about the corporate network by
tracking datagrams through the corporate network. If
S
OURCE
R
OUTING
C
HECK
is
E
NABLED
, the NetVanta
2000 series filters out all datagrams that contain the strict or loose source routing option.
> C
ONFIG
> F
IREWALL
> W
IN
N
UKE
A
TTACK
C
HECK
WinNuke attack is a well-known denial of service attack on hosts running Windows operating systems. A
malicious intruder sends Out of Band (OOB) data over an established connection to a Windows user.
Windows cannot properly handle the OOB data and the host reacts unpredictably. Normal shut-down of the
hosts will generally return all functionality. If
W
IN
N
UKE
A
TTACK
C
HECK
is selected, the NetVanta 2000
series filters OOB data to prevent network problems.
> C
ONFIG
> F
IREWALL
> E
VENT
L
OGGING
T
HRESHOLDS
Event logging thresholds prevent large quantities of duplicate logs if the NetVanta 2000 series or the
corporate network connected to it is under attack.
The
L
OG
A
TTACKS
FOR
E
VERY
threshold indicates the number of attack mounting attempts the NetVanta
2000 series should see before generating a log message. The default value for an attack log threshold is
100.
The
L
OG
P
OLICY
FOR
E
VERY
threshold defines the number of connections required by an access policy
through the NetVanta 2000 series before a log message is generated for that policy. The default value for
the policy access log threshold is 100.
The
L
OG
VPN
FOR
E
VERY
threshold defines the number of VPN enabled connections required by a VPN
policy before generating a log message for that policy. The default value for the VPN log threshold is 100.
> C
ONFIG
> L
OGGING
The NetVanta 2000 series periodically exports event log messages to well-secured external systems for
secondary storage. The NetVanta 2000 series provides two industry-standard ways to export the event log:
e-mail and syslog. Log messages may be e-mailed to specified addresses, exported to a standard syslog
service, or a combination of both. The Logging Configuration page is displayed by clicking on Logging in
the menu list on the left side of the display window.
Page 44 / 210
Section 4, User Interface Guide
NetVanta 2000 Series System Manual
44
© 2002 ADTRAN, Inc.
61200361L1-1E
> C
ONFIG
> L
OGGING
> L
OG
E
XPORT
S
YSTEM
The Syslog Configuration page is displayed by clicking on the
L
OG
E
XPORT
S
YSTEM
hyperlink listed as a
Logging submenu in the menu list. The configuration parameters for exporting event log messages using
the syslog service are displayed on this page.
> C
ONFIG
> L
OGGING
> L
OG
E
XPORT
S
YSTEM
> L
OG
Q
UEUE
L
ENGTH
The
L
OG
Q
UEUE
L
ENGTH
field defines the number of events to be collected in the log queue before
triggering the log export process.
> C
ONFIG
> L
OGGING
> L
OG
E
XPORT
S
YSTEM
> L
OGTIME
T
HRESHOLD
The
L
OGTIME
T
HRESHOLD
defines the maximum time interval (in minutes) which passes before triggering
the log export process.
> C
ONFIG
> L
OGGING
> L
OG
E
XPORT
S
YSTEM
> D
EVICE
N
AME
The
D
EVICE
N
AME
field is an alphanumeric string attached to each log and alert message. This helps
identify the event log messages generated by the NetVanta 2000 series in a common log file. Using a
descriptive firewall name is useful when searching through the large log files.
> C
ONFIG
> L
OGGING
> L
OG
E
XPORT
S
YSTEM
> E
NABLE
S
YSLOG
N
OTIFICATION
The
E
NABLE
S
YSLOG
N
OTIFICATION
check box configures the NetVanta 2000 series to export the log to the
syslog service.
> C
ONFIG
> L
OGGING
> L
OG
E
XPORT
S
YSTEM
> S
YSLOG
S
ERVER
The
S
YSLOG
S
ERVER
field defines the syslog server’s IP address. The syslog server should be maintained
on the corporate network.
> C
ONFIG
> L
OGGING
> L
OG
E
XPORT
S
YSTEM
> S
YSLOG
F
ACILITY
The
S
YSLOG
F
ACILITY
drop-down menu selects the syslog priority level which the NetVanta 2000 series uses for
exporting log entries to the syslog service. Nine priority levels are provided ranging from SYSLOG_LOCAL0
to SYSLOG_LOCAL8. Choose any one of these priority levels and configure the syslog service accordingly.
For configuring the syslog service on the server, refer to the syslog documentation.
> C
ONFIG
> L
OGGING
> L
OG
E
XPORT
S
YSTEM
> E
NABLE
E-M
AIL
N
OTIFICATION
The
E
NABLE
E-M
AIL
N
OTIFICATION
check box configures the NetVanta 2000 series to export event logs through
e-mail.
> C
ONFIG
> L
OGGING
> L
OG
E
XPORT
S
YSTEM
> M
AIL
S
ERVER
A
DDRESS
The
M
AIL
S
ERVER
A
DDRESS
field defines the IP address of the SMTP server used by the NetVanta 2000
series to e-mail out the log.
Page 45 / 210
NetVanta 2000 Series System Manual
Section 4, User Interface Guide
61200361L1-1E
© 2002 ADTRAN, Inc.
45
> C
ONFIG
> L
OGGING
> L
OG
E
XPORT
S
YSTEM
> R
ETURN
M
AIL
A
DDRESS
The
R
ETURN
M
AIL
A
DDRESS
field is an alphanumeric string that appears in the
‘From:’
field in all e-mail
containing the NetVanta 2000 series event log messages.
> C
ONFIG
> L
OGGING
> L
OG
E
XPORT
S
YSTEM
> EM
AIL
G
ENERAL
L
OG
TO
:
The
EM
AIL
G
ENERAL
L
OG
TO
:
address is used by the NetVanta 2000 series when exporting event log
messages via e-mail.
> C
ONFIG
> L
OGGING
> L
OG
E
XPORT
S
YSTEM
> EM
AIL
A
LERT
L
OG
TO
:
The
EM
AIL
A
LERT
L
OG
TO
:
address allows the NetVanta 2000 series to send alert logs only to the specified
address.
> C
ONFIG
> DHCP S
ERVER
The NetVanta 2000 series is equipped with Dynamic Host Configuration Protocol (DHCP) server
capabilities. A DHCP server eliminates static network configuration for hosts connected to the corporate
network by configuring them dynamically. A DHCP server manages the IP address pool in the corporate
network by leasing IP addresses to requesting hosts. It also supplies DNS configuration and default route
information to the requesting hosts. All requesting hosts must be running DHCP enabled operating
systems.
> C
ONFIG
> DHCP S
ERVER
> DHCP C
ONFIG
The
DHCP C
ONFIG
page is displayed by clicking on the
DHCP C
ONFIG
hyperlink listed as a DHCP server
submenu in the menu list. A description of the DHCP Server Configuration parameters follows.
> C
ONFIG
> DHCP S
ERVER
> DHCP C
ONFIG
> DHCP E
NABLED
The
DHCP E
NABLED
radio button allows you to enable or disable the DHCP server capabilities of NetVanta
2000 series.
> C
ONFIG
> DHCP S
ERVER
> DHCP C
ONFIG
> IP A
DDRESS
R
ANGE
IP A
DDRESS
R
ANGE
(1-3)
fields specify up to three disjoint IP address ranges for leasing IP addresses to
DHCP enabled hosts. The IP address ranges must be included in the corporate network.
> C
ONFIG
> DHCP S
ERVER
> DHCP C
ONFIG
> G
ATEWAY
IP A
DDRESS
The
G
ATEWAY
IP A
DDRESS
field specifies the default gateway supplied to DHCP enabled hosts. Normal
configuration requires this to be populated with the IP address assigned to the LAN port of NetVanta 2000
series.
> C
ONFIG
> DHCP S
ERVER
> DHCP C
ONFIG
> DNS1/DNS2
The
DNS 1-2
fields define the primary and secondary DNS server IP addresses supplied to the DHCP
enabled hosts in the corporate network.

Rate

4 / 5 based on 1 vote.

Popular Adtran Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top