1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS318N
    5. /
  5. 19
Page 91 / 414 Scroll up to view Page 86 - 90
LAN Configuration
91
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Hosts and routers in the LAN use NDP to determine the link-layer addresses and related
information of neighbors in the LAN that can forward packets on their behalf. The wireless
VPN firewall periodically distributes router advertisements (RAs) throughout the DMZ to
provide such information to the hosts and routers in the DMZ. RAs include IPv6 addresses,
types of prefixes, prefix addresses, prefix lifetimes, the maximum transmission unit (MTU),
and so on. In addition to configuring the RADVD, you also need to configure the prefixes that
are advertised in the DMZ RAs.
The following table provides an overview of how information is obtained in the DMZ when you
have configured a stateless DHCPv6 server and the RADVD:
When the Managed flag is set in the RADVD, the DHCPv6 server can assign IP addresses,
and the RADVD also assigns IP addresses in the sense that it provides information that
allows IPv6 clients to configure their own IPv6 address.
When the Other flag is set, the DHCPv6 server does not assign IP addresses but provides
DNS server and other configuration information only.
To configure the Router Advertisement Daemon for the DMZ:
1.
Select
Network Configuration > DMZ Setup
.
2.
In the upper right of the screen, select the
IPv6
radio button. The DMZ Setup screen
displays the IPv6 settings (see
Figure 43
on page 87).
3.
Click the
RADVD
option arrow to the right of the DMZ Setup tab. The RADVD screen for the
DMZ displays. (The following figure contains some examples.)
Table 20.
DHCPv6 and RADVD interaction in the DMZ
Flags in the RADVD
DHCPv6 Server Provides
RADVD Provides
Managed RA flag is set
• IP address assignment
• DNS server and other configuration information
• IP address assignment
• Prefix
• Prefix length
• Gateway address
Other RA flag is set
DNS server and other configuration information
• IP address assignment
• Prefix
• Prefix length
• Gateway address
Page 92 / 414
LAN Configuration
92
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Figure 45.
4.
Enter the settings as explained in the following table:
Table 21.
RADVD screen settings for the DMZ
Setting
Description
RADVD Status
Specify the RADVD status by making a selection from the drop-down list:
Enable
. The RADVD is enabled, and the RADVD fields become available for you to
configure.
Disable
. The RADVD is disabled, and the RADVD fields are masked out. This is the
default setting.
Advertise Mode
Specify the advertisement mode by making a selection from the drop-down list:
Unsolicited Multicast
. The wireless VPN firewall advertises unsolicited multicast
packets at a rate that is specified by the advertisement interval.
Unicast only
. The wireless VPN firewall responds to unicast packet requests only.
No unsolicited packets are advertised. Select this option for nonbroadcast multiple
access (NBMA) links such as ISATAP.
Advertise Interval
Enter the advertisement interval of unsolicited multicast packets in seconds. The
minimum value is 10 seconds; the maximum value is 1800 seconds.
Page 93 / 414
LAN Configuration
93
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
5.
Click
Apply
to save your changes.
Advertisement Prefixes for the DMZ
You need to configure the prefixes that are advertised in the DMZ RAs. For a 6to4 address,
you need to specify only the site level aggregation identifier (SLA ID) and the prefix lifetime.
For a global, local, or ISATAP address, you need to specify the prefix, prefix length, and
prefix lifetime.
To add an advertisement prefix for the DMZ:
1.
On the RADVD screen for the DMZ, under the List of Prefixes to Advertise table, click
Add
. The Add Advertisement Prefix screen displays:
RA Flags
Specify what type of information the DHCPv6 server provides in the DMZ by making a
selection from the drop-down list:
Managed
. The DHCPv6 server is used for autoconfiguration of the IP address.
Other
. The DHCPv6 server is not used for autoconfiguration of the IP address, but
other configuration information such as DNS information is available through the
DHCPv6 server.
Note:
Irrespective of the RA flag settings, the RADVD provides information about the
prefix, prefix length, and gateway addresses and is also used for autoconfiguration of
the IP address.
Router Preference
Specify the wireless VPN firewall’s preference in relation to other hosts and routers in
the DMZ by making a selection from the drop-down list:
Low
. The wireless VPN firewall is treated as a nonpreferred router in the DMZ.
Medium
. The wireless VPN firewall is treated as a neutral router in the DMZ.
High
. The wireless VPN firewall is treated as a preferred router in the DMZ.
MTU
The maximum transmission unit (MTU) size for a packet in one transmission over a
link. The default setting is 1500.
Router Lifetime
The router lifetime specifies how long the default route that was created as a result of
the router advertisement should remain valid.
Enter the router lifetime in seconds. This is the period that the advertised prefixes are
valid for route determination. The default period is 3600 seconds (one hour). The
minimum value is 30 seconds; the maximum value is 9000 seconds.
Table 21.
RADVD screen settings for the DMZ (continued)
Setting
Description
Page 94 / 414
LAN Configuration
94
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Figure 46.
2.
Enter the settings as explained in the following table:
3.
Click
Apply
to save your changes and add the new IPv6 address pool to the List of Prefixes
to Advertise table on the RADVD screen for the DMZ.
To edit an advertisement prefix:
1.
On the RADVD screen for the DMZ (see
Figure 45
on page 92), click the
Edit
button in
the Action column for the advertisement prefix that you want to modify. The Add
Advertisement Prefix screen displays.
2.
Modify the settings as explained in the previous table.
3.
Click
Apply
to save your settings.
Table 22.
Add Advertisement Prefix screen settings for the DMZ
Setting
Description
IPv6 Prefix Type
Specify the IPv6 prefix type by making a selection from the drop-down list:
6to4
. The prefix is for a 6to4 address. You need to complete the SLA ID field and
Prefix Lifetime field. The other fields are masked out.
Global/Local/ISATAP
. The prefix is for a global, local, or ISATAP address. This
needs to be a global prefix or a site-local prefix; it cannot be a link-local prefix. You
need to complete the IPv6 Prefix field, IPv6 Prefix Length field, and Prefix Lifetime
field. The SLA ID field is masked out.
SLA ID
Enter the site level aggregation identifier (SLA ID) for the 6to4 address prefix that
should be included in the advertisement.
IPv6 Prefix
Enter the IPv6 prefix for the wireless VPN firewall’s DMZ that should be included in the
advertisement.
IPv6 Prefix Length
Enter the IPv6 prefix length (typically 64) that should be included in the advertisement.
Prefix Lifetime
The prefix lifetime specifies how long the IP address that was created as a result of the
router advertisement should remain valid.
Enter the prefix lifetime in seconds that should be included in the advertisement. The
minimum period is 0 seconds; the maximum period is 65536 seconds.
Page 95 / 414
LAN Configuration
95
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
To delete one or more advertisement prefixes:
1.
On the RADVD screen for the DMZ screen (see
Figure 45
on page 92), select the check
box to the left of each advertisement prefix that you want to delete, or click the
Select
All
table button to select all advertisement prefixes.
2.
Click the
Delete
table button.
Manage Static IPv4 Routing
Static routes provide additional routing information to your wireless VPN firewall. Under
normal circumstances, the wireless VPN firewall has adequate routing information after it has
been configured for Internet access, and you do not need to configure additional static
routes. You should configure static routes only for unusual cases such as multiple firewalls or
multiple IP subnets located on your network.
Note:
The wireless VPN firewall automatically sets up routes between
VLANs and secondary IPv4 addresses that you have configured on
the LAN Multi-homing (IPv4) screen (see
Configure IPv4 Multihome
LAN IP Addresses on the Default VLAN
on page 62). Therefore, you
do not need to manually add an IPv4 static route between a VLAN
and a secondary IPv4 address.
Configure Static IPv4 Routes
To add an IPv4 static route to the Static Route table:
1.
Select
Network Configuration > Routing
. In the upper right of the screen, the IPv4
radio button is selected by default. The Static Routing screen displays the IPv4 settings.
(The following figure contains one example.)
Figure 47.
2.
Click the
Add
table button under the Static Routes table. The Add Static Route screen
displays:

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top