Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
371372373374375376377378379380
342 XSR Users Guide
Configuration Examples Chapter 13
Configuring Security on the XSR
XSR with Firewall, PPPoE and DHCP
In this scenario, shown in Figure 58, the branch office uses a private address
for its hosts. Access to the external networkis configured with PPPoE DSL
service on the FastEthernet 2 interface/sub-interface and DHCP set on the
FastEthernet 1 interface. A global IP address is available for a Web server and
a static NAT entry is set for them. Also, all Java and ActiveX pages, IP
options, IP broadcast and multicast packets are banned.
Policies apply to the private addresses as outbound filtering is performed
before NAT and inbound filtering after NAT. This is key because the firewall is
oblivious to the global IP address used. Some commands are abbreviated.
Figure 58 XSR Firewall with PPPoE (DSL) and DHCP
Begin by configuring the LAN interfaces, enabling DHCP, and disabling the
firewall on both LAN interfaces:
XSR(config)#interface FastEthernet1
XSR(config-if<F1>)#ip address 10.10.10.1 255.255.255.0
XSR(config-if<F1>)#ip dhcp server
XSR(config-if<F1>)#ip firewall disable
XSR(config-if<F1>)#no shutdown
XSR(config)#interface FastEthernet2
XSR(config-if<F2>)#ip firewall disable
XSR(config-if<F2>)#no shutdown
Enable the PPPoE interface with a negotiable IP address, adjusted MTU
packet size, PAP authentication, and NAT enabled:
XSR(config-if<F2>)#interface FastEthernet 2.1
XSR(config-if)#encapsulate ppp
XSR
FE2
FE1
Internet
10.10.10.1
PPPoE/NAT/Firewall