Configuring a Multiple Ethernet Connection

Configuring a Multiple Ethernet Connection
Service Managed GatewayTM
Configuring a Multiple Ethernet
Connection
Issue
1.3
Date
21 August 2008
Table of contents
1
About this document ............................................................................... 3
1.1
Scope ..................................................................................................... 3
1.2
Readership ............................................................................................. 3
1.3
More information.................................................................................... 3
2
Introduction ............................................................................................ 4
2.1
Security and multiple LANs .................................................................... 4
2.2
The physical configuration of the Ethernet ports.................................... 4
2.3
The benefits of the Ethernet switch........................................................ 5
3
Configuring Ethernet interfaces............................................................... 6
3.1
Open the LAN configuration window ...................................................... 6
3.2
Ensure that the service type is correct ................................................... 7
3.3
Configure the Ethernet connections on an ADSL or T1/E1 SMG .............. 7
3.4
Configure the Ethernet connections on an Ethernet SMG ....................... 9
3.5
Configure local address settings for an Ethernet interface ................... 10
3.6
Save the Ethernet switch configuration................................................ 12
4
Configuring firewall rules for each Ethernet interface ........................... 13
5
Examples of LAN configurations using an Ethernet switch .................... 14
5.1
A simple Ethernet configuration on an ADSL or T1/E1 SMG.................. 14
5.2
A simple Ethernet configuration on an Ethernet SMG ........................... 16
5.3
An example of a complex Ethernet configuration ................................. 17
© 2008 Virtual Access (Irl) Ltd. This material is protected by copyright. No part of this material may be reproduced, distributed,
or altered without the written consent of Virtual Access. All rights reserved. All trademarks, service marks, registered
trademarks and registered service marks are the property of their respective owners. Virtual Access is an ISO 9001 certified
company.
Configuring a Multiple Ethernet Connection
Issue 1.3
Page 2 of 19
1: About this document
1 About this document
1.1 Scope
This document explains:
•
what an Ethernet switch is,
•
the benefits of an Ethernet switch, and
•
how to configure multiple LANs with an Ethernet switch.
This document also gives an example of a simple Ethernet switch configuration and a
complex Ethernet switch configuration.
1.2 Readership
This document is for end users or engineers who need to configure LANs on the Service
Managed Gateway (SMG).
1.3 More information
For information on how to configure firewalls on a LAN, read the guide ‘Configuring a
Firewall’.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 3 of 19
2:Introduction
2 Introduction
2.1 Security and multiple LANs
The GW4000 and GW5000 Series Gateways support up to 4 separate Ethernet LANs and
can route data packets between these LANs. You can apply firewall rules to the traffic
routing between each LAN, which allows for each of the LANs to have a different function,
and for security to be applied between these functions.
2.2
The physical configuration of the Ethernet ports
Your Service Managed Gateway features four-port Fast Ethernet ports. This enables the
SMG to interconnect and control the traffic between up to four local area networks (LANs)
and the Internet.
Figure 1: The four-port Ethernet interface on the back of the GW4000 Series SMG
Figure 2: The four-port Ethernet interface on the front of the GW5000 Series SMG
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 4 of 19
2:Introduction
The interface for the Ethernet switch in the web of your SMG enables you to assign
different LANs and public servers to the Ethernet interface ports. You can assign any port
to any Ethernet interface. Figure 3 shows the factory configuration of the Ethernet
switch.
Figure 3: The Ethernet switch in the SMG web.
If you need help using the Ethernet switch in the web, read section 3.0, How to use the
multiple Ethernet switch to configure Ethernet interfaces.
2.3 The benefits of the Ethernet switch
If two or more ports are on the same LAN, then there is Ethernet switching between the
ports, using the features that are listed below.
Address matching: every time a new packet arrives into one of the ports that
are on the same LAN, the switch searches an internal table to match the physical
port number to the packet’s destination MAC address. When it finds a match, the
switch forwards the packet only through the port that it matched to the packet. It
does not send the packet to other ports on the same LAN, including the SMG
processor. Address matching results in faster performance.
Learning: After the switch forwards the packet, it records the packet’s source
MAC address and the port that the packet was received from into the table. When
response packets come from other ports, the switch already knows where to
forward them. Learning results in faster performance.
Aging: users can dynamically change cables into different ports at any time. To
allow for cables that change ports, the switch clears its internal routing table after
a certain amount of inactivity.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 5 of 19
3: Configuring Ethernet interfaces
3 Configuring Ethernet interfaces
3.1 Open the LAN configuration window
To configure multiple Ethernet connections, first type fast.start in the Address field of
your browser.
You may need a password to log in to your SMG. If you do, type the password into the
Password field that appears. Then click Login.
Figure 4: The Password field in the SMG web
The home page of your SMG appears.
Figure 5: The home page of the SMG
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 6 of 19
3: Configuring Ethernet interfaces
Click the Fast.Start icon. The Fast.Start Welcome page appears.
Figure 6: The Fast.Start Welcome page
3.2 Ensure that the service type is correct
Make sure that the service type is correct before you configure the Ethernet switch.
Look at the Service type field. It should show the correct connection type for your SMG.
If it does not, select the correct connection type from the Service type drop-down list.
If you need to configure the Ethernet connections on an ADSL or T1/E1 SMG, please read
section 3.3, How to configure the Ethernet connections on an ADSL or T1/E1 SMG.
If you need to configure the Ethernet connections on an Ethernet SMG, please read
section 3.4, How to configure the Ethernet connections on an Ethernet SMG.
3.3 Configure the Ethernet connections on an ADSL or T1/E1 SMG
To configure your Ethernet connections, click LAN Wizard on the Welcome page. The
LAN Configuration page appears, which contains the Ethernet switch.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 7 of 19
3: Configuring Ethernet interfaces
Figure 7: The LAN Configuration window
You can configure any port to any Ethernet interface.
To assign an Ethernet interface to a port, click the down-pointing arrow next to the Port
drop-down list and select the interface you want to assign.
Figure 8: How to select the Ethernet interface that you want to assign to a port
Please go to section 2.5, How to configure local address settings for an Ethernet
interface.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 8 of 19
3: Configuring Ethernet interfaces
3.4 Configure the Ethernet connections on an Ethernet SMG
To configure your Ethernet connections, click LAN Wizard on the Welcome page. The
LAN Configuration page appears which contains the Ethernet switch.
Figure 9: The LAN Configuration window
You can configure any port to any Ethernet interface, but we recommend that you use
the configurations in Table 1.
The number
of LAN
connections
you need
Port A is
configured
as
1
Eth-0
Eth-0
Eth-0
Eth-1
Port D
2
Eth-0
Eth-0
Eth-1
Eth-2
Port C
3
Eth-0
Eth-1
Eth-2
Eth-3
Port B
Port B is
configured
as
Port C is
configured
as
Port D is
configured
as
Your WAN
connection
is
Table 1: The Ethernet port configurations that we recommend for an Ethernet SMG
If your SMG was automatically activated, Eth-1 was assigned to the WAN Internet
connection. This assignment automatically applies WAN firewall rules to Eth-1. If you
manually activate your SMG, we recommend that you assign Eth-1 to the WAN Internet
connection. For more information about manually activating your SMG, please read the
configuration guide that is relevant to your type of connection.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 9 of 19
3: Configuring Ethernet interfaces
To configure an Ethernet interface on a port, click the down-pointing arrow next to the
Port drop-down list and select the interface you want.
Figure 10: How to select the Ethernet interface that you want to configure on a port
3.5 Configure local address settings for an Ethernet interface
You may need to configure local address settings for the Ethernet interfaces that you
assigned to ports. On the LAN Configuration page, click IP Details under the port that
you need to specify address settings for.
Figure 11: The IP Details button, which opens the Ethernet LAN Configuration window
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 10 of 19
3: Configuring Ethernet interfaces
Figure 12: The Ethernet LAN Configuration window
Type the IP address for the Ethernet interface in the IP address field. Type the IP
address mask in the IP address mask field.
To prevent the Dynamic Host Configuration Protocol from automatically assigning
addresses to devices on the LAN, select no from the Enabled drop-down list in the
Provide DHCP Addresses section of the window. No is the default setting.
To automatically assign dynamic IP addresses to the devices on the LAN, select yes from
the Enabled drop-down list. Specify the range of addresses to be used in the
Addresses from and to fields.
Click OK to return to the LAN Configuration window.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 11 of 19
3: Configuring Ethernet interfaces
3.6 Save the Ethernet switch configuration
To save the changes you made using the Ethernet switch, click OK in the LAN
Configuration window.
Figure 13: The LAN Configuration window
A dialog box appears.
Figure 14: The dialog box that appears when you click OK in the LAN Configuration window
Click OK to update the configuration of your SMG. Click Cancel to return to the LAN
Configuration window.
If you decide that you do not want to change your Ethernet configuration, click the Back
button in the LAN Configuration window to return to the Fast.Start Welcome window.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 12 of 19
4: Configuring firewall rules for each Ethernet interface
4 Configuring firewall rules for each Ethernet interface
We recommend that you configure firewall rules for each Ethernet interface after you
configure the Ethernet switch.
Use the Fast.Start Firewall Wizard to configure firewall rules. For more information,
please read Configuring a Firewall.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 13 of 19
5: Examples of LAN configurations using an Ethernet switch
5 Examples of LAN configurations using an Ethernet switch
5.1 A simple Ethernet configuration on an ADSL or T1/E1 SMG
Suppose that you must configure an Ethernet connection on an ADSL or T1/E1 GW4000
Series SMG, and you have a single LAN. You need to connect to the Internet and
configure only one Ethernet interface.
Figure 15: The DSL/WAN port and the Ethernet ports on a GW4000 Series
When you assemble the SMG, you connect the black DSL/WAN cable to the DSL/WAN
port. This is your Internet connection. You can connect the cream-colored Ethernet cable
to any of the four Ethernet ports. Let’s suppose that you put the Ethernet cable into
Ethernet port A. Figure 16 shows these physical connections, which are the connections
that we recommend for an ADSL or T1/E1 connection with one LAN.
Figure 16: An ADSL or T1/E1 GW4000 with an Internet connection
and one Ethernet connection
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 14 of 19
5: Examples of LAN configurations using an Ethernet switch
The default settings for port A is Eth-0. When you have only one LAN, it is a good idea to
assign the same Ethernet interface to all the Ethernet ports on the SMG. Figure 17 shows
this configuration. This configuration means that you can connect your Ethernet cable to
any port and your LAN connection will function.
Figure 17: All the ports are configured as Eth-0
After you configure the Ethernet connections, you may need to configure IP details for
the private Ethernet interface and Dynamic Host Configuration Protocol (DHCP). For more
information, read section 2.5, How to configure local address settings for an
Ethernet interface.
After you configure Ethernet connections, you may want to configure or modify your
firewall rules. You can read about this in the guide Configuring a Firewall.
To configure the Ethernet connections for a GW5000 ADSL or T1/E1 SMG, follow the
procedure that is explained in this section.
To read a step-by-step explanation of how to use the Ethernet switch, read section 3.0,
How to use the multiple Ethernet switch to configure Ethernet interfaces.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 15 of 19
5: Examples of LAN configurations using an Ethernet switch
5.2 A simple Ethernet configuration on an Ethernet SMG
Suppose that you must configure an Ethernet SMG for an office with a single LAN. One of
the Ethernet ports must be configured as a WAN connection for the Internet. The other
three ports can be configured as LANs.
When you assemble the SMG, you connect the cream-colored Ethernet cable to port A.
You connect the black WAN cable to port D. Figure 18 shows these physical connections,
which are the connections that we recommend for an Ethernet connection with one LAN.
Figure 18: An Ethernet GW4000. The cable below port A is the Ethernet connection.
The cable below port D is the WAN Internet connection.
The default setting for port A is Eth-0. When you have only one LAN, it is a good idea to
configure the ports that you do not use with the same Ethernet interface that you use for
your LAN. This means that you can connect the LAN cable to any of these ports and the
LAN will function. So, in this example, you configure port B and C as Eth-0.
If the SMG was automatically Activated, Eth-1 was automatically configured as a WAN
connection. You decided to configure port D as the Internet connection. So you configure
port D as Eth-1. Figure 19 shows this configuration. We recommend that you configure
your switch this way if you have only one LAN and you are using an Ethernet SMG.
Figure 19: Ports A, B, and C are configured as Eth-0 for the LAN.
Port D is configured as Eth-1 for the Internet WAN connection
After you configure the Ethernet connections, you may need to configure IP details for
the private Ethernet interface and Dynamic Host Configuration Protocol (DHCP). For more
information, read section 2.5, How to configure local address settings for an
Ethernet interface.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 16 of 19
5: Examples of LAN configurations using an Ethernet switch
After you assign Ethernet ports, you should configure your firewall using the Firewall
Wizard. Please read the guide Configuring a Firewall.
To configure the Ethernet connections for a GW5000 Ethernet SMG, follow the procedure
that is explained in this section.
To read a step-by-step explanation of how to use the Ethernet switch, read section 2.0,
How to use the multiple Ethernet switch to configure Ethernet interfaces.
5.3 An example of a complex Ethernet configuration
Suppose that you must configure multiple Ethernet connections on an Ethernet SMG for a
school. Your school maintains three LANs:
a secure LAN for teachers and administrative staff, where they share resources,
administrative materials, and student reports;
a LAN for students that includes Internet filtering software and WAN firewall
settings; and
a LAN for the library that has WAN firewall settings because there are publicly
accessible servers, such as a web server, on that LAN.
The multiple Ethernet switch enables you to connect these three LANs to the Internet
through a single SMG. The switch ensures that:
the teachers’ LAN is secure,
the students’ LAN is safe from inappropriate material, and
the entire school network is less open to outside attacks.
There is also an Internet connection that uses one of the Ethernet ports.
You decide that
the teachers’ LAN is on Eth-0,
the Internet WAN connection is on Eth-1,
the library LAN is on Eth-2, and
the students’ LAN is on Eth-3.
When you assemble the SMG, you connect cream-colored Ethernet cables to ports A, C,
and D. You connect a black WAN cable to port B. Figure 20 shows this physical
configuration. We recommend these connections when you have three LANs connecting
to an Ethernet SMG.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 17 of 19
5: Examples of LAN configurations using an Ethernet switch
Figure 20: An Ethernet GW4000. Ports A, C, and D are LAN connections.
Port B is the WAN connection for the Internet
After the SMG is activated, you must configure interfaces on all the ports. You use the
Ethernet switch in the SMG web to configure the interfaces on the ports.
The default settings are the same as what you need for your network configuration, so
you do not need to change the settings in the Ethernet switch.
Figure 21: Port 1 is assigned to the teachers' LAN; Port 2 is assigned to the Internet; Port 3 is
assigned to the LAN that has publicly accessible servers; and Port 4 is assigned to the
students’ LAN
In this example, you must also assign IP addresses to the different Ethernet interfaces.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 18 of 19
5: Examples of LAN configurations using an Ethernet switch
You click IP Details under Port 1 to assign an IP address to the teachers’ LAN. Suppose
that the address is 10.1.1.141. You type this into the IP address field of the Eth-0 LAN
Configuration window. The information for the subnet mask and DHCP addressing is
correct, so you click OK and return to the LAN Configuration window.
Figure 22: Assigning an IP address to the teachers' LAN
Eth-1 is your Internet connection. If your SMG was automatically activated, the correct
IP address was assigned to Eth-1 and you do not need to specify IP details in the Eth-1
LAN Configuration window.
There are public servers on Eth-2, so you want to apply WAN firewall rules to this
connection. Your service provider gives you an IP address for this connection. You click
IP Details under port C. Then you type the IP address that your service provider gives
you into the IP address field of the Eth-2 LAN Configuration window. You do not need to
change anything else, so you click OK and return to the LAN Configuration window.
The students’ LAN is on Eth-3. You click IP Details under Port 4 to assign an IP address
to the students’ LAN. Suppose that the address is 10.1.1.0. You type this into the IP
address field of the Eth-3 LAN Configuration window. The information for the subnet
mask and DHCP addressing is correct, so you click OK and return to the LAN
Configuration window.
Next you click OK to save your new Ethernet configuration. The SMG reloads and then
closes the web. We recommend that you reopen the SMG web and use the Fast.Start
Firewall Wizard to assign firewall rules. Please read the guide ‘Configuring a Firewall’.
To configure the Ethernet connections for a GW5000 Ethernet SMG, follow the procedure
that is explained in this section.
To read a step-by-step explanation of how to use the Ethernet switch, read section 3.0,
How to use the multiple Ethernet switch to configure Ethernet interfaces.
Configuring a Multiple Ethernet Connection
Issue 1.3
© Virtual Access Ltd.
Page 19 of 19
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising