NETGEAR SRX5308 Router Manual PDF (Setup & Configuration Guide)

Page 86 / 469 Scroll up to view Page 81 - 85

LAN Configuration

86

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Assign and Manage VLAN Profiles



To assign VLAN profiles to the LAN ports and manage VLAN profiles:

1.

Select

Network Configuration > LAN Setting

. In the upper right of the screen, the IPv4

radio button is selected by default. The LAN submenu tabs display, with the LAN Setup

screen in view, displaying the IPv4 settings. (The following figure contains some VLAN

profiles as an example.)

Figure 50.

For each VLAN profile, the following fields display in the VLAN Profiles table:

•

Check box

.

Allows you to select the VLAN profile in the table.

•

Status icon

. Indicates the status of the VLAN profile:

-

Green circle

. The VLAN profile is enabled.

-

Gray circle

. The VLAN profile is disabled.

•

Profile Name

. The unique name assigned to the VLAN profile.

•

VLAN ID

. The unique ID (or tag) assigned to the VLAN profile.

•

Subnet IP

. The subnet IP address for the VLAN profile.

•

DHCP Status

. The DHCP server status for the VLAN profile, which can be either

DHCP Enabled or DHCP Disabled.

•

Action

. The Edit table button, which provides access to the Edit VLAN Profile screen.

2.

Assign a VLAN profile to a LAN port by selecting a VLAN profile from the drop-down list. The

enabled VLAN profiles are displayed in the drop-down lists.

3.

Click

Apply

to save your settings.

Page 87 / 469

LAN Configuration

87

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

VLAN DHCP Options

For each VLAN, you need to specify the Dynamic Host Configuration Protocol (DHCP)

options (see

Configure a VLAN Profile

on page

88). The configuration of the DHCP options

for the VPN firewall’s default VLAN, or VLAN 1, is described in

Configure the IPv4 Internet

Connection and WAN Settings

on page

29.

This section provides further information about

the DHCP options.

DHCP Server

The default VLAN (VLAN 1) has the DHCP server option enabled by default, allowing the

VPN firewall to assign IP, DNS server, WINS server, and default gateway addresses to all

computers connected to the VPN firewall’s LAN. The assigned default gateway address is

the LAN address of the VPN firewall. IP addresses are assigned to the attached computers

from a pool of addresses that you need to specify. Each pool address is tested before it is

assigned to avoid duplicate addresses on the LAN. When you create a VLAN, the DHCP

server option is disabled by default.

For most applications, the default DHCP server and TCP/IP settings of the VPN firewall are

satisfactory.

The VPN firewall delivers the following settings to any LAN device that requests DHCP:

•

An IP address from the range that you have defined

•

Subnet mask

•

Gateway IP address (the VPN firewall’s LAN IP address)

•

Primary DNS server (the VPN firewall’s LAN IP address)

•

WINS server (if you entered a WINS server address in the DHCP Setup screen)

•

Lease time (the date obtained and the duration of the lease)

DHCP Relay

DHCP relay options allow you to make the VPN firewall a DHCP relay agent for a VLAN. The

DHCP relay agent makes it possible for DHCP broadcast messages to be sent over routers

that do not support forwarding of these types of messages. The DHCP relay agent is

therefore the routing protocol that enables DHCP clients to obtain IP addresses from a DHCP

server on a remote subnet. If you do not configure a DHCP relay agent for a VLAN, its clients

can obtain IP addresses only from a DHCP server that is on the same subnet. To enable

clients to obtain IP addresses from a DHCP server on a remote subnet, you need to

configure the DHCP relay agent on the subnet that contains the remote clients, so that the

DHCP relay agent can relay DHCP broadcast messages to your DHCP server.

DNS Proxy

When the DNS proxy option is enabled for a VLAN, the VPN firewall acts as a proxy for all

DNS requests and communicates with the ISP’s DNS servers (as configured on the WAN

IPv4 ISP Settings screens). All DHCP clients receive the primary and secondary DNS IP

addresses along with the IP address where the DNS proxy is located (that is, the VPN

Page 88 / 469

LAN Configuration

88

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

firewall’s LAN IP address). When the DNS proxy option is disabled for a VLAN, all DHCP

clients receive the DNS IP addresses of the ISP but without the DNS proxy IP address.

LDAP Server

A Lightweight Directory Access Protocol (LDAP) server allows a user to query and modify

directory services that run over TCP/IP. For example, clients can query email addresses,

contact information, and other service information using an LDAP server. For each VLAN,

you can specify an LDAP server and a search base that defines the location in the directory

(that is, the directory tree) from which the LDAP search begins.

Configure a VLAN Profile

For each VLAN on the VPN firewall, you can configure its profile, port membership, LAN

TCP/IP settings, DHCP options, DNS server, and inter-VLAN routing capability.



To add a VLAN profile:

1.

Select

Network Configuration > LAN Settings

. In the upper right of the screen, the

IPv4 radio button is selected by default. The LAN submenu tabs display, with the LAN

Setup screen in view, displaying the IPv4 settings. (The following figure contains some

VLAN profiles as an example.)

Note:

For information about how to manage VLANs, see

Port-Based

VLANs

on page

85. The following information describes how to

configure a VLAN profile.

Figure 51.

2.

Click the

Add

table button under the VLAN Profiles table. The Add VLAN Profile screen

displays:

Page 89 / 469

LAN Configuration

89

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Figure 52.

3.

Enter the settings as described in the following table:

Table 16.

Add VLAN Profile screen settings

Setting

Description

VLAN Profile

Profile Name

Enter a unique name for the VLAN profile.

VLAN ID

Enter a unique ID number for the VLAN profile. No two VLANs can have the same

VLAN ID number.

Note:

You can enter VLAN IDs from 2 to 4089. VLAN ID 1 is reserved for the

default VLAN; VLAN ID 4094 is reserved for the DMZ interface.

Page 90 / 469

LAN Configuration

90

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Port Membership

Port 1, Port 2, Port 3,

Port 4 / DMZ

Select one, several, or all port check boxes to make the ports members of this

VLAN.

Note:

A port that is defined as a member of a VLAN profile can send and receive

data frames that are tagged with the VLAN ID.

IP Setup

IP Address

Enter the IP address of the VPN firewall (the factory default address is

192.168.1.1).

Note:

Ensure that the LAN port IP address and DMZ port IP address are in

different subnets.

Note:

If you change the LAN IP address of the VLAN while being connected

through the browser to the VLAN, you are disconnected. You then need to open

a new connection to the new IP address and log in again. For example, if you

change the default IP address 192.168.1.1 to 10.0.0.1, you now need to enter

https://10.0.0.1

in your browser to reconnect to the web management interface.

Subnet Mask

Enter the IP subnet mask. The subnet mask specifies the network number portion

of an IP address. Based on the IP address that you assign, the VPN firewall

automatically calculates the subnet mask. Unless you are implementing

subnetting, use 255.255.255.0 as the subnet mask (computed by the VPN

firewall).

DHCP

Disable DHCP Server

If another device on your network is the DHCP server for the VLAN, or if you

intend to manually configure the network settings of all of your computers, select

the

Disable DHCP Server

radio button to disable the DHCP server. Except for

the default VLAN for which the DHCP server is enabled, this is the default setting.

Table 16.

Add VLAN Profile screen settings (continued)

Setting

Description

Rate

Popular NETGEAR Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share