1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 13
Page 61 / 414 Scroll up to view Page 56 - 60
LAN Configuration
61
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
To edit a VLAN profile:
1.
On the LAN Setup screen for IPv4 (see
Figure 29
on page 56), click the
Edit
button in
the Action column for the VLAN profile that you want to modify. The Edit VLAN Profile
screen displays. This screen is identical to the Add VLAN Profile screen (see the
previous figure).
2.
Modify the settings as explained in the previous table.
3.
Click
Apply
to save your settings.
To enable, disable, or delete one or more VLAN profiles:
1.
On the LAN Setup screen for IPv4 (see
Figure 29
on page 56), select the check box to
the left of each VLAN profile that you want to enable, disable, or delete, or click the
Select All
table button to select all profiles. (You cannot select the default VLAN profile.)
2.
Click one of the following table buttons:
Enable
.
Enables the VLAN or VLANs. The ! status icon changes from a gray circle to
a green circle, indicating that the selected VLAN or VLANs are enabled. (By default,
when a VLAN is added to the table, it is automatically enabled.)
Disable
.
Disables the VLAN or VLANs. The ! status icon changes from a green circle
to a gray circle, indicating that the selected VLAN or VLANs are disabled.
Delete
.
Deletes the VLAN or VLANs.
Configure VLAN MAC Addresses and LAN Advanced Settings
By default, all configured VLAN profiles share the same single MAC address as the LAN
ports. (All LAN ports share the same MAC address.) However, you can change the VLAN
MAC settings to allow up to 16 VLANs to each be assigned a unique MAC address.
You can also enable or disable the broadcast of Address Resolution Protocol (ARP) packets
for the default VLAN. If the broadcast of ARP packets is enabled, IP addresses can be
mapped to physical addresses (that is, MAC addresses).
To configure a VLAN to have a unique MAC address:
1.
Select
Network Configuration > LAN Setup
. In the upper right of the screen, the IPv4
radio button is selected by default. The LAN submenu tabs display, with the LAN Setup
screen in view, displaying the IPv4 settings (see
Figure 29
on page 56).
2.
Click the
Advanced
option arrow in the upper middle of the LAN Setup screen. The IPv4
LAN Advanced screen displays:
Page 62 / 414
LAN Configuration
62
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Figure 31.
3.
From the MAC Address for VLANs drop-down list, select
Unique
. (The default is Same.)
4.
As an option, you can disable the broadcast of ARP packets for the default VLAN by
clearing the
Enable ARP Broadcast
check box. (The broadcast of ARP packets is enabled
by default for the default VLAN.)
5.
Click
Apply
to save your settings.
Note:
If you attempt to configure more than 16 VLANs while the MAC
address for VLANs is set to Unique on the LAN Advanced screen,
the MAC addresses that are assigned to each VLAN might no longer
be distinct.
Configure IPv4 Multihome LAN IP Addresses on the
Default VLAN
If you have computers using different IPv4 networks in the LAN, (for example, 172.124.10.0
or 192.168.200.0), you can add aliases to the LAN ports and give computers on those
networks access to the Internet, but you can do so only for the default VLAN. The IP address
that is assigned as a secondary IP address needs to be unique and cannot be assigned to a
VLAN.
Make sure that any secondary LAN addresses are different from the primary LAN, WAN, and
DMZ IP addresses and subnet addresses that are already configured on the wireless VPN
firewall. The following is an example of correctly configured IPv4 addresses:
WAN IP address. 10.0.0.1 with subnet 255.0.0.0
DMZ IP address. 176.16.2.1 with subnet 255.255.255.0
Page 63 / 414
LAN Configuration
63
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Primary LAN IP address. 192.168.1.1 with subnet 255.255.255.0
Secondary LAN IP address. 192.168.20.1 with subnet 255.255.255.0
To add a secondary LAN IPv4 address:
1.
Select
Network Configuration > LAN Setup > LAN Multi-homing
. In the upper right of
the screen, the IPv4 radio button is selected by default. The LAN Multi-homing screen
displays the IPv4 settings. (The following figure contains one example.)
Figure 32.
The Available Secondary LAN IPs table displays the secondary LAN IP addresses added
to the wireless VPN firewall.
2.
In the Add Secondary LAN IP Address section of the screen, enter the following settings:
IP Address
. Enter the secondary address that you want to assign to the LAN ports.
Subnet Mask
. Enter the subnet mask for the secondary IP address.
3.
Click the
Add
table button in the rightmost column to add the secondary IP address to the
Available Secondary LAN IPs table.
Repeat
Step 2
and
Step 3
for each secondary IP address that you want to add to the
Available Secondary LAN IPs table.
Note:
Secondary IP addresses cannot be configured in the DHCP server.
The hosts on the secondary subnets need to be manually configured
with the IP addresses, gateway IP address, and DNS server IP
addresses.
To edit a secondary LAN IP address:
1.
On the LAN Multi-homing screen for IPv4 (see the previous figure), click the
Edit
button
in the Action column for the secondary IP address that you want to modify. The Edit
LAN Multi-homing screen displays.
2.
Modify the IP address or subnet mask, or both.
Page 64 / 414
LAN Configuration
64
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
3.
Click
Apply
to save your settings.
To delete one or more secondary LAN IP addresses:
1.
On the LAN Multi-homing screen for IPv4 (see the previous figure), select the check box
to the left of each secondary IP address that you want to delete, or click the
Select All
table button to select secondary IP addresses.
2.
Click the
Delete
table button.
Manage IPv4 Groups and Hosts (IPv4 LAN Groups)
The Known PCs and Devices table on the LAN Groups (IPv4) screen (see
Figure 33
on
page 65) contains a list of all known computers and network devices that are assigned
dynamic IP addresses by the wireless VPN firewall, have been discovered by other means,
or were entered manually. Collectively, these entries make up the network database.
The network database is updated by these methods:
DHCP client requests
. When the DHCP server is enabled, it accepts and responds to
DHCP client requests from computers and other network devices. These requests also
generate an entry in the network database. This is an advantage of enabling the DHCP
server feature.
Scanning the network
. The local network is scanned using Address Resolution Protocol
(ARP) requests. The ARP scan detects active devices that are not DHCP clients.
Note:
In large networks, scanning the network might generate unwanted
traffic.
Note:
When the wireless VPN firewall receives a reply to an ARP request,
it might not be able to determine the device name if the software
firewall of the device blocks the name.
Manual entry
. You can manually enter information about a network device.
These are some advantages of the network database:
Generally, you do not need to enter an IP address or a MAC address. Instead, you can
just select the name of the desired computer or device.
There is no need to reserve an IP address for a computer in the DHCP server. All IP
address assignments made by the DHCP server are maintained until the computer or
device is removed from the network database, either by expiration (inactive for a long
time) or by you.
Page 65 / 414
LAN Configuration
65
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
There is no need to use a fixed IP address on a computer. Because the IP address
allocated by the DHCP server never changes, you do not need to assign a fixed IP
address to a computer to ensure that it always has the same IP address.
A computer is identified by its MAC address—not its IP address. The network database
uses the MAC address to identify each computer or device. Therefore, changing a
computer’s IP address does not affect any restrictions applied to that computer.
Control over computers can be assigned to groups and individuals:
-
You can assign computers to groups (see
Manage the Network Database
on this
page) and apply restrictions (outbound rules and inbound rules) to each group (see
Overview of Rules to Block or Allow Specific Kinds of Traffic
on page 126).
-
You can select groups that are allowed access to URLs that you have blocked for
other groups, or the other way around, block access to URLs that you have allowed
access to for groups (see
Configure Content Filtering
on page 174).
-
If necessary, you can also create firewall rules to apply to a single computer (see
Enable Source MAC Filtering
on page 179). Because the MAC address is used to
identify each computer, users cannot avoid these restrictions by changing their IP
address.
Manage the Network Database
You can view the network database, manually add or remove database entries, and edit
database entries.
To view the network database, select
Network Configuration > LAN Setup > LAN Groups
.
The LAN Groups screen displays. (The following figure shows some manually added devices
in the Known PCs and Devices table as an example.)
Figure 33.

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top