luxul.com

|

357 South 670 West

|

Suite 160

|

Lindon, UT 84042

|

p: 801-822-5450

|

f: 801-822-5460

User Guide

31

±

Schedule:

The name of the desired Schedule

±

URL String:

The String you would like to filter (i.e. test, yahoo, facebook, etc)

±

Extension:

Domains or extension suffix (i.e. .com, .biz, .org, .exe, .rar, etc.)

NOTE:

The configured Client Filter will only affect the devices in the

range of the specified IP Group during the schedule you have

selected. All other traffic will be allowed to pass.

Example:

If you do not want the computers with IP addresses of 192.168.0.20 to

192.168.0.30 (IP Group=Test) to visit HTTP websites associated with “Yahoo” from

06:00-19:00 (Schedule=work days) Monday through Friday, you would set the Client

Filter rule as follows:

This is what the created Rule will look like after clicking on “Save”

5.4.5 Bandwidth/NAT

The Bandwidth/NAT section has two submenus: Bandwidth Settings and NAT

Settings. These settings allow for the control of how much Bandwidth is available

to client devices, as well as which WAN IP Address is used for NAT on a specific

range of devices.

5.4.5.1 Bandwidth Settings

Bandwidth Settings allows the control of bandwidth allocated to each device on

the network. The XBR-2300 can control the bandwidth for up to 256 individual

client devices. IP address ranges are also supported.

User Guide

32

© Copyright 2011 Luxul. All rights reserved. Trademarks & Registered Trademarks are property of respective holders.

±

Enable:

Enables or Disables Bandwidth control for the specified device(s)

±

IP Address:

Sets the IP Address(es) for bandwidth controlled devices

±

Uplink Range:

Maximum upload data rate per device

±

Downlink Range:

Maximum download data rate per device

±

Uplink /Downlink Mode:

Selects whether the specified limits are to be shared

by devices in the range or if each individual device is allocated this limit

±

Uplink/Downlink Policy:

Selects whether or not surplus bandwidth can be used

NOTE:

if you choose “when the bandwidth has a surplus, you can use

more bandwidth”, the XBR-2300 will automatically manage the

upload and download flow.

±

Description:

Name of Bandwidth Control Rule

5.4.5.2 NAT Settings

NAT Settings allow for the specification of the maximum number of NAT Table

entries created by a device or group of devices on the network. This basically limits

the number of websites a device can visit at any given time.

luxul.com

|

357 South 670 West

|

Suite 160

|

Lindon, UT 84042

|

p: 801-822-5450

|

f: 801-822-5460

User Guide

33

±

Starting IP Address/Ending IP Address:

Enter the IP address range you would

like to control

±

Type:

Select the NAT Setting control type (Independent or Shared)

w

Independent: Takes effect on each IP address and controls the maximum NAT

entries of each device

w

Shared: Takes effect on the whole IP group and controls the total entries of

the devices within the IP group

±

NAT Connection Limit:

Indicates the maximum NAT entries allowed. This can be

a range from 1 to 9999

±

Enable:

Enables the NAT Connection Limit function

NOTE:

In order for the new NAT Settings to take effect, the XBR-2300

must be rebooted .

5.5 Security

The Security section consists of the following submenus:

±

5.5.1 MAC Filter

±

5.5.2 ARP Defense

±

5.5.3 WAN Attack Defense

±

5.5.4 LAN Attack Defense

±

5.5.5 IP-MAC Binding

±

5.5.6 Attack List

5.5.1 MAC Filter

The XBR-2300 has the ability to limit Internet access by MAC Address. This function

can be used to block unknown devices from accessing the Internet.

User Guide

34

© Copyright 2011 Luxul. All rights reserved. Trademarks & Registered Trademarks are property of respective holders.

±

Internet Access:

Enable or Disable the Internet Access of a specified device

w

Disable: Blocks the MAC Address listed from connecting to the Internet

w

Enable: Allows the MAC Address listed access to the Internet

±

Remark:

Name of the MAC Address filter (user defined)

±

MAC:

The MAC Address of the device to be filtered

±

Time:

The Start and End time of the rule. The default value is 000-2400 hours

±

Day:

Selects the days of the week the filter should be in effect

5.5.2 ARP Defense

This function helps prevent ARP attacks and cheats. To protect the network, the

ARP defense is enabled by default within the XBR-2300. The default ARP broadcast

interval is one second and can be set from 1-60 seconds.

5.5.3 WAN Attack Defense

The XBR-2300 can block the following primary types of attacks: Scan Attacks, DoS

Attacks, Suspicious Packets, Packets Containing IP Options and Other Attacks (i.e.

Shockwave, Sasser, and other Viruses).

luxul.com

|

357 South 670 West

|

Suite 160

|

Lindon, UT 84042

|

p: 801-822-5450

|

f: 801-822-5460

User Guide

35

Scan Attacks Defense

±

IP Scan:

A source IP sends ICMP request packets to 10 different destination IP

addresses within the defined time limit. The XBR-2300 drops all ICMP requests

once the limit is reached

±

Port Scan:

A source IP sends TCP SYN request packets to 10 different ports of

one destination address within the defined time limit. The XBR-2300 drops all

request packets once the limit is reached

±

IP Cheat:

Attempts to block LAN devices using an Internet Proxy to bypass

access restrictions.

NOTE:

This function takes effect on LAN ports

Denial of Service (DoS) Attacks Defense

±

ICMP Flood:

If ICMP request packets exceed the specified limit, all ICMP

traffic will be blocked

±

UDP Flood:

If UDP packets exceed the specified limit, all UDP traffic will

be blocked

±

SYN Flood:

If TCP SYN packets targeted to a specific IP Address exceed the

specified limit, all TCP SYN requests will be blocked

±

LAND Attack:

When enabled, the XBR-2300 will attempt to drop all traffic

that matches the following definition: SYN packets that include the device’s IP

address as both the source and destination IP address