1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 22
Page 106 / 469 Scroll up to view Page 101 - 105
LAN Configuration
106
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
4.
Click
Apply
to save your changes.
IPv6 LAN Address Pools
If you configure a
stateful
DHCPv6 server for the LAN, you need to add local DHCP IPv6
address pools so the DHCPv6 server can control the allocation of IPv6 addresses in the LAN.
To add an IPv6 LAN address pool:
1.
On the LAN Setup screen for IPv6, under the List of IPv6 Address Pools table, click
Add
. The LAN IPv6 Config screen displays:
DHCP Status
(continued)
Server Preference
Enter the DHCP server preference value. The possible values
are 0–255, with 255 as the default setting.
This is an optional setting that specifies the server’s preference
value in a server advertise message. The client selects the
server with the highest preference value as the preferred server.
DNS Servers
Select one of the DNS server options from the drop-down lists:
Use DNS Proxy
. The VPN firewall acts as a proxy for all
DNS requests and communicates with the ISP’s DNS
servers that you configured on the WAN IPv6 ISP Settings
screen (see
Configure a Static IPv6 Internet Connection
on
page
58).
Use DNS from ISP
. The VPN firewall uses the ISP’s DNS
servers that you configured on the WAN IPv6 ISP Settings
screen (see
Configure a Static IPv6 Internet Connection
on
page
58).
Use below
. When you select this option, the DNS server
fields become available for you to enter IP addresses.
Primary DNS Server
Enter the IP address of the primary
DNS server for the LAN.
Secondary DNS Server
Enter the IP address of the secondary
DNS server for the LAN.
Lease/Rebind Time
Enter the period after which the DHCP lease is renewed with the
original DHCP server or rebound with another DHCP server to
extend the existing DHCP lease. The default period is
86400
seconds (24 hours).
Table 18.
LAN Setup screen settings for IPv6 (continued)
Setting
Description
Page 107 / 469
LAN Configuration
107
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 59.
2.
Enter the settings as described in the following table:
3.
Click
Apply
to save your changes and add the new IPv6 address pool to the List of IPv6
Address Pools table on the LAN Setup screen for IPv6.
To edit an IPv6 LAN address pool:
1.
On the LAN Setup screen for IPv6 (see
Figure
58
on page
104), click the
Edit
button in
the Action column for the address pool that you want to modify. The LAN IPv6 Config
screen displays.
2.
Modify the settings as described in the previous table.
3.
Click
Apply
to save your settings.
To delete one or more IPv6 LAN address pools:
1.
On the LAN Setup screen for IPv6 (see
Figure
58
on page
104), select the check box to
the left of each address pool that you want to delete, or click the
Select All
table button
to select all address pools.
2.
Click the
Delete
table button.
IPv6 LAN Prefixes for Prefix Delegation
If you configure a
stateless
DHCPv6 server for the LAN and select the Prefix Delegation
check box (both on the ISP IPv6 WAN Settings screen and on the LAN Setup screen for
IPv6, a prefix delegation pool is automatically added to the List of Prefixes for Prefix
Delegation table. You can also manually add prefixes to the List of Prefixes for Prefix
Table 19.
LAN IPv6 Config screen settings
Setting
Description
Start IPv6 Address
Enter the start IP address. This address specifies the first of the contiguous
addresses in the IP address pool. Any new DHCPv6 client joining the LAN is
assigned an IP address between this address and the end IP address.
End IPv6 Address
Enter the end IP address. This address specifies the last of the contiguous
addresses in the IP address pool. Any new DHCPv6 client joining the LAN is
assigned an IP address between the start IP address and this IP address.
Prefix Length
Enter the IPv6 prefix length, for example, 10 or 64.
Page 108 / 469
LAN Configuration
108
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Delegation table to enable the DHCPv6 server to assign these prefixes to its IPv6 LAN
clients.
To add an IPv6 prefix:
1.
On the LAN Setup screen for IPv6, under the List of Prefixes for Prefix Delegation table,
click
Add
. The Add Prefix Delegation Prefixes screen displays:
Figure 60.
2.
Enter the following settings:
IPv6 Prefix
. Enter a prefix, for example, 2001:db8::.
IPv6 Prefix Length
. Enter the IPv6 prefix length, for example, 64.
3.
Click
Apply
to save your changes and add the new prefix to the List of Prefixes for Prefix
Delegation table on the LAN Setup screen for IPv6.
To edit a prefix:
1.
On the LAN Setup screen for IPv6 (see
Figure
58
on page
104), click the
Edit
button in
the Action column for the prefix that you want to modify. The Edit Prefix Delegation
Prefixes screen displays.
2.
Modify the settings as described in
Step
2
of the previous procedure.
3.
Click
Apply
to save your settings.
To delete one or more prefixes:
1.
On the LAN Setup screen for IPv6 (see
Figure
58
on page
104), select the check box to
the left of each prefix that you want to delete, or click the
Select All
table button to
select all prefixes.
2.
Click the
Delete
table button.
Page 109 / 469
LAN Configuration
109
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Configure the IPv6 Router Advertisement Daemon and
Advertisement Prefixes for the LAN
Note:
If you do not configure stateful DHCPv6 for the LAN but use
stateless DHCPv6, you need to configure the Router Advertisement
Deamon (RADVD) and advertisement prefixes.
The RADVD is an application that uses the Neighbor Discovery Protocol (NDP) to collect
link-local advertisements of IPv6 addresses and IPv6 prefixes in the LAN. The RADVD then
distributes this information in the LAN, which allows IPv6 clients to configure their own IPv6
address.
Hosts and routers in the LAN use NDP to determine the link-layer addresses and related
information of neighbors in the LAN that can forward packets on their behalf. The VPN
firewall periodically distributes router advertisements (RAs) throughout the LAN to provide
such information to the hosts and routers in the LAN. RAs include IPv6 addresses, types of
prefixes, prefix addresses, prefix lifetimes, the maximum transmission unit (MTU), and so on.
In addition to configuring the RADVD, you also need to configure the prefixes that are
advertised in the LAN RAs.
The following table provides an overview of how information is obtained in the LAN when you
have configured a stateless DHCPv6 server and the RADVD:
When the Managed flag is set in the RADVD, the DHCPv6 server can assign IP addresses,
and the RADVD also assigns IP addresses in the sense that it provides information that
allows IPv6 clients to configure their own IPv6 address.
When the Other flag is set, the DHCPv6 server does not assign IP addresses but provides
DNS server and other configuration information only.
Table 20.
DHCPv6 and RADVD interaction in the LAN
Flags in the RADVD
DHCPv6 Server Provides
RADVD Provides
Managed RA flag is set
IP address assignment
DNS server and other configuration
information
IP address assignment
Prefix
Prefix length
Gateway address
Other RA flag is set
DNS server and other configuration information
IP address assignment
Prefix
Prefix length
Gateway address
Page 110 / 469
LAN Configuration
110
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
To configure the Router Advertisement Daemon for the LAN:
1.
Select
Network Configuration > LAN Settings
.
2.
In the upper right of the screen, select the
IPv6
radio button. The LAN Setup screen displays
the IPv6 settings (see
Figure
58
on page
104.)
3.
To the right of the LAN Setup tab, click the
RADVD
option arrow. The RADVD screen for the
LAN displays. (The following figure contains some examples.)
Figure 61.
4.
Enter the settings as described in the following table:
Table 21.
RADVD screen settings for the LAN
Setting
Description
RADVD Status
Specify the RADVD status by making a selection from the drop-down list:
Enable
. The RADVD is enabled, and the RADVD fields become available for you
to configure.
Disable
. The RADVD is disabled, and the RADVD fields are masked out. This is
the default setting.
Advertise Mode
Specify the advertisement mode by making a selection from the drop-down list:
Unsolicited Multicast
. The VPN firewall advertises unsolicited multicast packets
at a rate that is specified by the advertisement interval.
Unicast only
. The VPN firewall responds to unicast packet requests only. No
unsolicited packets are advertised. Select this option for nonbroadcast multiple
access (NBMA) links such as ISATAP.
Advertise Interval
Enter the advertisement interval of unsolicited multicast packets in seconds. The
minimum value is 10 seconds; the maximum value is 1800 seconds.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top