advertisement
4.3.2.5.
Using Novell Security Manager
PPTPoE/PPPoA-DSL Connections
This type of interface is required for DSL connections using the PPP
over ATM protocol. To configure such a connection, you will need an unused Ethernet interface on the Security Manager as well as an
ADSL modem with an Ethernet port. The connection to the Internet proceeds through two separate connections (see graphic): Between the Security Manager and the ADSL modem, a connection using the
PPTP over Ethernet protocol is established.
The ADSL modem is, in turn, connected to the
ISP using the PPP over ATM dialing protocol.
The configuration will require the DSL connection information, including username and password, provided by your Internet Service
Provider.
Note:
The installation and specific settings required for DSL connections is described in the DSL Network guide. Also note that, once the DSL connection is activated, Novell Security Manager will be connected to your
ISP 24 hours a day. You should therefore ensure that your ISP bills on a flat-rate or bandwidth-based system rather than based on connection time.
The DSL Network guide is available at http://www.novell.com/
documentation/nsma51.
Configuring PPTP over Ethernet (PPPoA-DSL):
1. In the Network tab, open the Interfaces menu.
2. Click the New button to open the Add Interface window.
3. In the Name entry field, enter a descriptive name for the interface.
4. Use the Hardware drop-down menu to select a network card.
111
Using Novell Security Manager
Tip:
For an external connection (e.g., to the Internet) choose the card with
Sys ID eth1.
You cannot choose a network card that has already been configured with a primary network address.
5. Use the Type drop-down menu to select the PPTP over Ethernet
(PPPoA-DSL) connection interface type.
You will need the connection settings provided by your ISP to configure the following settings.
Address: If you have not been assigned a static IP address by your provider, keep the default Assigned by remote setting here.
If you have a static IP address, choose Static from the drop-down menu and enter the address in the entry field.
Important Note:
If you wish to configure the Uplink Failover on Interface function, observe the description of this function while entering the network!
Default Gateway: You should probably keep the default setting
Assigned by remote. Other possible values are Static and None.
Modem IP Address: Enter the IP address of your ADSL modem here.
This address will usually be provided by your ISP or the modem hardware, and cannot be changed.
Example: 10.0.0.138 (with AonSpeed)
NIC IP Address: Enter the IP address of the network card on the
Security Manager which is attached to the modem here. This address must be in the same subnet as the modem.
Example: 10.0.0.140 (with AonSpeed)
NIC Netmask: Enter the network mask to use here.
Example: 255.255.255.0 (with AonSpeed)
Address to Ping: In order to test the connection between the
Security Manager and the external network, you can enter an IP address of a host on the Internet (e.g., the DNS server of your ISP) here. The Security Manager will send ping requests to this host: if no answer is received, the connection will be broken.
Username: Enter the username, provided by your ISP.
Password: Enter the password, provided by your ISP.
Uplink Failover on Interface: This function will only be displayed if the Assigned by remote or Static is selected in the Default
Gateway drop-down menu.
You can setup a failover on an interface to the Internet with the help of a second Internet access and an additional network card. Please,
112
Using Novell Security Manager remember in doing so that Novell Security Manager supports only one
DSL connection. A failover for the Internet access can, for example, consist of a permanent communication line and a DSL access! If the primary connection fails, the Uplink will automatically be performed by the second Internet connection. In order to monitor the connection, the primary network card sends four ping requests to the Uplink
Failover check IP every five seconds. Only if all four ping requests are not replied to the Backup Interface is loaded.
When the Internet connection is established via the Backup Interface, the ping requests are still sent by the Primary Interface. As soon as the Security Manager receives the corresponding reply packages again, the Internet connection is again established by the Primary
Interface.
Important Note:
When the Uplink Failover on Interface function is used, two different networks must be defined on the Primary and Backup
Interface. Therefore you need next to the additional network card for the Backup Interface two separate Internet accesses.
Uplink Failover on Interface is by default disabled (Off). If you wish to use this virtual interface as primary connection, select
Primary Interface from the drop-down menu. If this interface shall contain the standby connection, select the Backup Interface configuration.
Uplink Failover check IP: This entry field will be displayed if the
Primary Interface setting has been selected for the Uplink Failover
on Interface function. Enter the IP address of a host here, which replies to the ICMP Ping requests and which, in addition to that, is always reachable! The Security Manager will send ping requests to this host: if no answer is received, the backup interface will be enabled by the failover. In this entry field, there must always be an IP address for the failover!
QoS Status: In order to use Quality of Service (QoS) bandwidth management on an interface, enable this option. To enable the
Quality of Service (QoS) function, select On from the drop-down menu.
Important Note:
For the bandwidth management Quality of Service (QoS) you must define the values for Uplink Bandwidth (kbits) and Downlink
Bandwidth (kbits). These values are used as basis for the bandwidth management system: incorrect values can lead to poor management of the data flow. The Quality of Service (QoS) function is described in chapter 4.5.1.
113
Using Novell Security Manager
Uplink Bandwidth (kbits): These settings will only appear, if the
QoS function is enabled. In this entry menu, enter the available bandwidth for the Uplink in full kilobits. This value can be determined either from the values of the upstream interface or from the router.
On an interface to the Internet, this value corresponds to the bandwidth of the Internet connection - on an ADSL access the Uplink bandwidth amounts to 128 kBit/s and on a 2-Megabit fixed connection to
2048 kBit/s.
Downlink Bandwidth (kbits): These settings will only appear, if the
QoS function is enabled. In this entry menu, enter the available bandwidth for the Downlink in full kilobits. On an interface to the Internet, this value corresponds to the bandwidth of the Internet connection - on an ADSL access the Uplink bandwidth amounts to 768 kBit/s and on a 2-Megabit fixed connection to 2048 kBit/s.
MTU Size: The MTU is the size (in bytes) of the largest transmittable packet. MTU stands for Maximum Transfer Unit. For connections, using the TCP/IP protocol, the data will be subdivided into packets. A maximum size will be defined for these packets. Packets larger than this value will be considered too long for the connection and fragmented into smaller ones before transmission. These data packets will be sent again. However, the performance can be limited, if the upper value is too low.
The following values are the defaults for the PPP over Ethernet
(PPPoA-DSL) connection: 1460 Byte.
6. Confirm these settings by clicking Add.
The system will now check the address and network mask for semantic validity. After a successful check, the new interface will appear in the Current Interface Status table. The interface is not yet enabled (status light is red).
7. Enable the interface by clicking the status light.
The interface is now enabled (status light shows green). The Oper column will at first show that the interface is Down: the system requires a short time to configure and load the settings.
8. Click the Refresh button to load the menu again.
Further information about the Refresh function can be found in chapter 3.5 on page 31.
When the message Up appears, the interface is fully operational. The network card settings are displayed in the Parameters column.
114
advertisement
