1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 19
Page 91 / 469 Scroll up to view Page 86 - 90
LAN Configuration
91
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Enable DHCP Server
Select the
Enable DHCP Server
radio button to enable the VPN firewall to
function as a Dynamic Host Configuration Protocol (DHCP) server, providing
TCP/IP configuration for all computers connected to the VLAN. (For the default
VLAN, the DHCP server is enabled by default.) Enter the following settings:
Domain Name
This setting is optional. Enter the domain name of the VPN
firewall.
Start IP Address
Enter the start IP address. This address specifies the first of
the contiguous addresses in the IP address pool. Any new
DHCP client joining the LAN is assigned an IP address
between this address and the end IP address. For the default
VLAN, the default start IP address is 192.168.1.100.
End IP Address
Enter the end IP address. This address specifies the last of
the contiguous addresses in the IP address pool. Any new
DHCP client joining the LAN is assigned an IP address
between the start IP address and this IP address. For the
default VLAN, the default end IP address is 192.168.1.254.
The start and end DHCP IP addresses should be in the same
network
as the LAN IP address of the VPN firewall (that is, the
IP address in the IP Setup section as described earlier in this
table).
Primary DNS
Server
This setting is optional. If an IP address is specified, the VPN
firewall provides this address as the primary DNS server IP
address. If no address is specified, the VPN firewall uses the
VLAN IP address as the primary DNS server IP address.
Secondary DNS
Server
This setting is optional. If an IP address is specified, the VPN
firewall provides this address as the secondary DNS server IP
address.
WINS Server
This setting is optional. Enter a WINS server IP address to
specify the Windows NetBIOS server, if one is present in your
network.
Lease Time
Enter a lease time. This specifies the duration for which IP
addresses are leased to clients.
DHCP Relay
To use the VPN firewall as a DHCP relay agent for a DHCP server somewhere
else in your network, select the
DHCP Relay
radio button. Enter the following
setting:
Relay Gateway
The IP address of the DHCP server for which the VPN firewall
serves as a relay.
Table 16.
Add VLAN Profile screen settings (continued)
Setting
Description
Page 92 / 469
LAN Configuration
92
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
4.
Click
Apply
to save your settings.
Note:
Once you have completed the LAN setup, all outbound traffic is
allowed and all inbound traffic is discarded except responses to
requests from the LAN side. For information about how to change
these default traffic rules, see
Chapter 4, Firewall Protection
.
Enable LDAP
information
To enable the DHCP server to provide Lightweight Directory Access Protocol
(LDAP) server information, select the
Enable LDAP information
check box.
Enter the following settings:
LDAP Server
The IP address or name of the LDAP server.
Search Base
The search objects that specify the location in the directory
tree from which the LDAP search begins. You can specify
multiple search objects, separated by commas. The search
objects include:
CN (for common name)
OU (for organizational unit)
O (for organization)
C (for country)
DC (for domain)
For example, to search the Netgear.net domain for all last
names of Johnson, you would enter:
cn=Johnson,dc=Netgear,dc=net
Port
The port number for the LDAP server. The default setting is 0
(zero).
DNS Proxy
Enable DNS Proxy
This setting is optional. To enable the VPN firewall to provide a LAN IP address
for DNS address name resolution, select the
Enable DNS Proxy
check box. This
setting is disabled by default.
Note:
When the DNS proxy option is disabled for a VLAN, all DHCP clients
receive the DNS IP addresses of the ISP but without the DNS proxy IP address.
Inter VLAN Routing
Enable Inter VLAN
Routing
This setting is optional. To ensure that traffic is routed only to VLANs for which
inter-VLAN routing is enabled, select the
Enable Inter VLAN Routing
check box.
This setting is disabled by default. When the Enable Inter VLAN Routing check
box is not selected, traffic from this VLAN is not routed to other VLANs, and traffic
from other VLANs is not routed to this VLAN.
Table 16.
Add VLAN Profile screen settings (continued)
Setting
Description
Page 93 / 469
LAN Configuration
93
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
To edit a VLAN profile:
1.
On the LAN Setup screen for IPv4 (see
Figure
51
on page
88), click the
Edit
button in
the Action column for the VLAN profile that you want to modify. The Edit VLAN Profile
screen displays. This screen is identical to the Add VLAN Profile screen (see
Figure
52
on page
89).
2.
Modify the settings as described in the previous table.
3.
Click
Apply
to save your settings.
To enable, disable, or delete one or more VLAN profiles:
1.
On the LAN Setup screen for IPv4 (see
Figure
51
on page
88), select the check box to
the left of each VLAN profile that you want to enable, disable, or delete, or click the
Select All
table button to select all profiles. (You cannot select the default VLAN profile.)
2.
Click one of the following table buttons:
Enable
.
Enables the VLAN or VLANs. The ! status icon changes from a gray circle to
a green circle, indicating that the selected VLAN or VLANs are enabled. (By default,
when a VLAN is added to the table, it is automatically enabled.)
Disable
.
Disables the VLAN or VLANs. The ! status icon changes from a green circle
to a gray circle, indicating that the selected VLAN or VLANs are disabled.
Delete
.
Deletes the VLAN or VLANs.
Configure VLAN MAC Addresses and LAN Advanced
Settings
By default, all configured VLAN profiles share the same single MAC address as the LAN
ports. (All LAN ports share the same MAC address.) However, you can change the VLAN
MAC settings to allow up to 16 VLANs to each be assigned a unique MAC address.
You can also enable or disable the broadcast of Address Resolution Protocol (ARP) packets
for the default VLAN. If the broadcast of ARP packets is enabled, IP addresses can be
mapped to physical addresses (that is, MAC addresses).
To configure a VLAN to have a unique MAC address:
1.
Select
Network Configuration > LAN Settings
. In the upper right of the screen, the
IPv4 radio button is selected by default. The LAN submenu tabs display, with the LAN
Setup screen in view, displaying the IPv4 settings (see
Figure
51
on page
88).
2.
Click the
Advanced
option arrow in the upper middle of the LAN Setup screen. The IPv4
LAN Advanced screen displays:
Page 94 / 469
LAN Configuration
94
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 53.
3.
From the MAC Address for VLANs drop-down list, select
Unique
. (The default is Same.)
4.
As an option, you can disable the broadcast of ARP packets for the default VLAN by
clearing the
Enable ARP Broadcast
check box. (The broadcast of ARP packets is enabled
by default for the default VLAN.)
5.
Click
Apply
to save your settings.
Note:
If you attempt to configure more than 16 VLANs while the MAC
address for VLANs is set to Unique on the IPv4 LAN Advanced
screen, the MAC addresses that are assigned to each VLAN might
no longer be distinct.
Note:
For information about how to configure and enable the LAN traffic
meter, see
Configure and Enable the LAN Traffic Meter
on
page
359.
Configure IPv4 Multihome LAN IP Addresses on the
Default VLAN
If you have computers using different IPv4 networks in the LAN (for example, 172.124.10.0 or
192.168.200.0), you can add aliases to the LAN ports and give computers on those networks
access to the Internet, but you can do so only for the default VLAN. The IP address that is
assigned as a secondary IP address needs to be unique and cannot be assigned to a VLAN.
Make sure that any secondary LAN addresses are different from the primary LAN, WAN, and
DMZ IP addresses and subnet addresses that are already configured on the VPN firewall.
Page 95 / 469
LAN Configuration
95
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
The following is an example of correctly configured IPv4 addresses:
WAN IP address. 10.0.0.1 with subnet 255.0.0.0
DMZ IP address. 176.16.2.1 with subnet 255.255.255.0
Primary LAN IP address. 192.168.1.1 with subnet 255.255.255.0
Secondary LAN IP address. 192.168.20.1 with subnet 255.255.255.0
To add a secondary LAN IPv4 address:
1.
Select
Network Configuration > LAN Settings > LAN Multi-homing
. In the upper
right of the screen, the IPv4 radio button is selected by default. The LAN Multi-homing
screen displays the IPv4 settings. (The following figure contains one example.)
Figure 54.
The Available Secondary LAN IPs table displays the secondary LAN IP addresses added
to the VPN firewall.
2.
In the Add Secondary LAN IP Address section of the screen, enter the following settings:
IP Address
. Enter the secondary address that you want to assign to the LAN ports.
Subnet Mask
. Enter the subnet mask for the secondary IP address.
3.
Click the
Add
table button in the rightmost column to add the secondary IP address to the
Available Secondary LAN IPs table.
Repeat
Step
2
and
Step
3
for each secondary IP address that you want to add to the
Available Secondary LAN IPs table.
Note:
Secondary IP addresses cannot be configured in the DHCP server.
The hosts on the secondary subnets need to be manually configured
with the IP addresses, gateway IP address, and DNS server IP
addresses.
To edit a secondary LAN IP address:
1.
On the LAN Multi-homing screen for IPv4 (see the previous figure), click the
Edit
button
in the Action column for the secondary IP address that you want to modify. The Edit
LAN Multi-homing screen displays.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top