Manualshelf

User guide

ManualsBrandsMotorola ManualsNetwork CardCanopy Backhaul Module
111112113114115116117118119120
Designing Your Canopy Network March 2005
Through Software Release 6.1
Issue 1 Page 117 of 425
Canopy System User Guide
13.3 NETWORK ADDRESS TRANSLATION (NAT)
13.3.1 NAT, DHCP Server, DHCP Client, and DMZ in SM
In Release 4.1 and later releases, the Canopy system provides NAT (network address
translation for SMs in the following combinations of NAT and DHCP (Dynamic Host
Confiuration Protocol):
NAT Disabled (as in earlier releases)
NAT with DHCP Client and DHCP Server
NAT with DHCP Client
NAT with DHCP Server
NAT without DHCP
NAT
NAT isolates the SMs from the Internet. This both enhances SM security and obviates
the need for a special assignment scheme of IP addresses that identify the SMs. Where
NAT is active, the SM serves as a Layer 3 switch. (By contrast, where NAT is not active,
the SM serves as a Layer 2 bridge.)
In the Canopy system, NAT supports HTTP, ICMP (Internet Control Message Protocols),
and FTP (File Transfer Protocol), but does not support IPsec (IP Secure) except as
described under NAT Pass-through of VPN as L2TP over IPSec on Page 122.
DHCP
DHCP enables a device to be assigned a new IP address and TCP/IP parameters,
including a default gateway, whenever the device reboots. Thus DHCP reduces
configuration time, conserves IP addresses, and allows modules to be moved to a
different network within the Canopy system.
In conjunction with the NAT features, each SM provides
a DHCP server that assigns IP addresses to computers connected to the SM by
Ethernet protocol.
a DHCP client that receives an IP address for the SM from a network DHCP
server.
DMZ
In conjunction with the NAT features, a DMZ (demilitarized zone) allows the assignment
of one IP address behind the SM for a device to logically exist outside the firewall and
receive network traffic. The first three octets of this IP address must be identical to the
first three octets of the NAT private IP address.