1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRXN3205
    5. /
  5. 9
Page 41 / 218 Scroll up to view Page 36 - 40
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
LAN Configuration
3-1
v1.0, October 2008
Chapter 3
LAN Configuration
This chapter describes how to configure the advanced LAN features of your ProSafe Wireless-N
VPN Firewall.
This chapter contains the following sections:
“Configuring the LAN Setup Options” on page 3-1
“Managing Groups and Hosts (LAN Groups)” on page 3-4
“Configuring DHCP Address Reservation” on page 3-4
“Using the VPN Firewall as a DHCP Server” on page 3-3
“Configuring Multi Home LAN IP Addresses” on page 3-8
“Configuring Static Routes” on page 3-10
“Configuring Routing Information Protocol (RIP)” on page 3-11
Configuring the LAN Setup Options
The
LAN Setup
menu allows configuration of LAN IP services such as DHCP and allows you to
configure a secondary or “multi-home” LAN IP setup on the LAN. The default values are suitable
for most users and situations. These are advanced settings usually configured by a network
administrator.
To modify your LAN setup, follow these steps:
1.
Select
Network Configuration > LAN Settings
from the main/sub-menu.
The LAN Settings tabs (LAN Setup, LAN Groups, and LAN Multi-homing) are displayed
with LAN Setup as the default tab.
Page 42 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
3-2
LAN Configuration
v1.0, October 2008
.
2.
In the LAN TCP/IP Setup section, configure the following settings:
IP Address
. The LAN address of your firewall (factory default:
192.168.1.1
).
IP Subnet Mask
. The subnet mask specifies the network number portion of an IP address.
Your firewall will automatically calculate the subnet mask based on the IP address that
you assign. Unless you are implementing subnetting, use 255.255.255.0 as the subnet
mask.
3.
In the DHCP section, leave the DNCP enabled, or select
Disable DHCP Server.
The firewall will function as a DHCP server (default), providing TCP/IP configuration
settings for all the computers connected to the firewall's LAN.
If another device on your network will be the DHCP server, or if you will manually
configure all devices, click
Disable DHCP Server
.
If the DHCP server is enabled, enter the following parameters:
Domain Name.
(Optional) The DHCP will assign the entered domain to its DHCP clients.
Figure 3-1
Note:
If you change the LAN IP address of the firewall while connected through the
browser, you will be disconnected. You must then open a new connection to
the new IP address and log in again. For example, if you change the default IP
address 192.168.1.1 to 10.0.0.1, you must now enter
in your
browser to reconnect to the Web Configuration Manager.
Page 43 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
LAN Configuration
3-3
v1.0, October 2008
Starting IP Address
. Specifies the first of the contiguous addresses in the IP address pool.
Any new DHCP client joining the LAN will be assigned an IP address between this
address and the Ending IP Address. The IP address 192.168.1.2 is the default start address.
Ending IP Address
. Specifies the last of the contiguous addresses in the IP address pool.
The IP address 192.168.1.100 is the default ending address.
Primary DNS Server
. (Optional) If an IP address is specified, the firewall will provide
this address as the primary DNS server IP address. If no address is specified, the firewall
will provide its own LAN IP address as the primary DNS server IP address.
Secondary DNS Server
. (Optional) If an IP address is specified, the firewall will provide
this address as the secondary DNS server IP address.
WINS Server
. (Optional) Specifies the IP address of a local Windows NetBios Server if
one is present in your network.
Lease Time
. Specifies the duration for which a DHCP-provided IP address will be leased
to a client.
Enable DNS Proxy
. When DNS proxy is enabled (default), the DHCP server will provide
the SRXN3205 LAN IP address as the DNS server for address name resolution. If this box
is unchecked, the DHCP server will provide the ISP’s DNS server IP addresses. The
firewall will still service DNS requests sent to its LAN IP address unless you disable DNS
Proxy in the DHCP settings (see
“Attack Checks” on page 5-10
).
4.
Click
Apply
to save your settings.
Using the VPN Firewall as a DHCP Server
By default, the firewall will function as a DHCP (Dynamic Host Configuration Protocol) server,
allowing it to assign IP, DNS server, WINS Server, and default gateway addresses to all computers
connected to the LAN. The assigned default gateway address is the LAN address of the firewall. IP
Note:
The Starting and Ending DHCP addresses should be in the same subnet as
the LAN IP address of the firewall (the IP Address configured in the
LAN
TCP/IP Setup
section).
Note:
Once you have completed the LAN setup, all outbound traffic is allowed and
all inbound traffic is discarded. To change these default traffic rules, refer to
Chapter 5, “Firewall Security and Content Filtering
.
Page 44 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
3-4
LAN Configuration
v1.0, October 2008
addresses will be assigned to the attached PCs from a pool of addresses specified in this menu.
Each pool address is tested before it is assigned to avoid duplicate addresses on the LAN.
Specify the pool of IP addresses to be assigned by setting the Starting IP Address and Ending IP
Address. These addresses should be part of the same IP address subnet as the firewall’s LAN IP
address. Using the default addressing scheme, you would define a range between 192.168.1.2 and
192.168.1.100, although you may wish to save part of the range for devices with fixed addresses.
If another device on your network will be the DHCP server, or if you will manually configure the
network settings of all of your computers, clear the
Enable DHCP server
radio box by clicking
the
Disable DHCP Server
radio box. Otherwise, leave it checked.
Configuring DHCP Address Reservation
A computer (or device) will always receive the same IP address, if you specify a reserved IP
address for the computer (or device) on the LAN (based on the MAC address of the device), each
time it accesses the firewall’s DHCP server. Reserved IP addresses should be assigned to servers
or access points that require permanent IP address settings. The Reserved IP address that you
select must be outside of the DHCP Server pool.
To reserve an IP address, manually enter the device in the
LAN Groups
tab, specifying
Reserved
(DHCP Client)
,
as described in
“Adding Devices to the LAN Groups Database” on page 3-6
.
Managing Groups and Hosts (LAN Groups)
The
Known PCs and Devices
table in the
LAN Groups
menu contains a list of all known PCs
and network devices that are assigned dynamic IP addresses by the firewall, or have been
discovered by other means. Collectively, these entries make up the LAN Groups Database.
The LAN Groups Database is updated by these methods:
DHCP Client Requests
. By default, the DHCP server in this firewall is enabled, and will
accept and respond to DHCP client requests from PCs and other network devices. These
requests also generate an entry in the LAN Groups Database. Because of this, leaving the
DHCP server feature (LAN Setup tab) enabled is strongly recommended.
Note:
The reserved address will not be assigned until the next time the PC contacts the
firewall’s DHCP server. Reboot the PC or access its IP configuration and force a
DHCP release and renew.
Page 45 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
LAN Configuration
3-5
v1.0, October 2008
Scanning the Network
. The local network is scanned using ARP requests. The ARP scan will
detect active devices that are not DHCP clients. However, sometimes the name of the PC or
device cannot be accurately determined, and will appear in the database as Unknown.
Manual Entry
. You can manually enter information about a network device.
Some advantages of the LAN Groups Database are:
Generally, you do not need to enter IP addresses or MAC addresses. Instead, you can just
select the desired PC or device.
No need to reserve an IP address for a PC in the DHCP server. All IP address assignments
made by the DHCP server will be maintained until the PC or device is removed from the
database, either by expiry (inactive for a long time) or by you.
No need to use a fixed IP on PCs. Because the address allocated by the DHCP server will
never change, you don't need to assign a fixed IP to a PC to ensure it always has the same IP
address.
MAC level control over PCs. The LAN Groups Database uses the MAC address to identify
each PC or device. So changing a PC’s IP address does not affect any restrictions on that PC.
Group and individual control over PCs.
You can assign PCs to Groups and apply restrictions to each Group using the Firewall
Rules screen (see
“Using Rules & Services to Block or Allow Traffic” on page 5-2
).
You can also select the Groups to be covered by the Block Sites feature (see
“Setting
Block Sites (Content Filtering)” on page 5-18
).
If necessary, you can also create Firewall Rules to apply to a single PC (see
“Enabling
Source MAC Filtering (Address Filter)” on page 5-20
). Because the MAC address is used
to identify each PC, users cannot avoid these restrictions by changing the IP address.
A computer is identified by its MAC address—not its IP address. Hence, changing a
computer’s IP address does not affect any restrictions applied to that PC.
Viewing the LAN Groups Database
To view the LAN Groups Database, follow these steps:
1.
Select
Network Configuration > LAN Settings
from the main/sub-menu.
The LAN Setup tab displays.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top