IAC-BOX Network Integration. IAC-BOX Network Integration IACBOX.COM. Version 2.0.1 English 24.07.2014



Similar documents
Application Description

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Chapter 3 Security and Firewall Protection

Quick Start Guide UTM 110/120

Knowledgebase Solution

Evaluation guide. Vyatta Quick Evaluation Guide

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

How To Connect A Webadmin To A Powerpoint (Utm) From A Usb To A Usb (Net) Or Ipa (Netlan) Device (Netbook) From Your Computer Or Ipam (Netnet

Dial-Up VPN auf eine Juniper

1 PC to WX64 direction connection with crossover cable or hub/switch

Using VDOMs to host two FortiOS instances on a single FortiGate unit

Firewall Defaults and Some Basic Rules

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Best Practices: Pass-Through w/bypass (Bridge Mode)

Jetzt können Sie den Befehl 'nsradmin' auch für diverse Check-Operationen verwenden!

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

Configuring Static IP for your Pace Devices

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Multi-Homing Security Gateway

Configuring a customer owned router to function as a switch with Ultra TV

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

HREP Series DVR DDNS Configuration Application Note

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

Chapter 4 Customizing Your Network Settings

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

LAN TCP/IP and DHCP Setup

Multi-Homing Dual WAN Firewall Router

Load Balancing Router. User s Guide

Broadband Phone Gateway BPG510 Technical Users Guide

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

DSL-G604T Install Guides

Chapter 3 LAN Configuration

Chapter 4 Customizing Your Network Settings

Lab Configuring Access Policies and DMZ Settings

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Technical Support Information

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab

SSVP SIP School VoIP Professional Certification

Digi Connect WAN Application Helper Configuring and Testing the Digi Connect WAN GSM

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

UIP1868P User Interface Guide

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

IP Address and Pre-configuration Information

Trouble Shooting SiteManager to GateManager access

FAQs: MATRIX NAVAN CNX200. Q: How to configure port triggering?

Multi-Homing Gateway. User s Manual

Load Balancer LB-2. User s Guide

This article describes a detailed configuration example that demonstrates how to configure Cyberoam to provide the access of internal resources.

STATIC IP SET UP GUIDE VERIZON 7500 WIRELESS ROUTER/MODEM

BR Load Balancing Router. Manual

Networking Basics for Automation Engineers

Basic IPv6 WAN and LAN Configuration

Supporting Multiple Firewalled Subnets on SonicOS Enhanced

1. Hardware Installation

How to configure your Thomson SpeedTouch 780WL for ADSL2+

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R

Device Interface IP Address Subnet Mask Default Gateway

The Use of Mikrotik Router Boards With Radius Server for ISPs.

QAS DEBUG - User und Computer

Accessing Remote Devices via the LAN-Cell 2

PC/POLL SYSTEMS Version 7 Polling SPS2000 Cash Register TCP/IP Communications

quick documentation Die Parameter der Installation sind in diesem Artikel zu finden:

Draytek Vigor 2820/2830 Configuration. A guide for Exa Resellers and IT Contractors

Wireless G Broadband quick install

Copyright 2006 Comcast Communications, Inc. All Rights Reserved.

(1) Network Camera

MULTI WAN TECHNICAL OVERVIEW

Setting up IP address distribution in a LAN

Load Balance Router R258V

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Metering PDU Manual DN DN-95602

Com.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May Far South Networks

Quick Guide of HiDDNS Settings (with UPnP)

Using Remote Desktop Software with the LAN-Cell

PFSENSE Load Balance with Fail Over From Version Beta3

How To Set Up A Pploe On A Pc Orca On A Ipad Orca (Networking) On A Macbook Orca 2.5 (Netware) On An Ipad 2.2 (Netrocessor

Virtual Address Mapping

VoIP Gateway Routers. SmartNode Model 1200, 1400 & Quick Start Guide

Multifunctional Broadband Router User Guide. Copyright Statement

H0/H2/H4 -ECOM100 DHCP & HTML Configuration. H0/H2/H4--ECOM100 DHCP Disabling DHCP and Assigning a Static IP Address Using HTML Configuration

Configuration Guide for connecting the Eircom Advantage 4800/1500/1200 PBXs to the Eircom SIP Voice platform.

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

SURF Feed Connection Guide

Quick Installation Guide Network Management Card

Sicurezza nelle reti

estadium Project Lab 8: Wireless Mesh Network Setup with DD WRT

For extra services running behind your router. What to do after IP change

ZTE Australia Help Guides MF91

Load Balancing ContentKeeper With RadWare

Check Point Software Technologies LTD. Creating A Generic Service Proxy (GSP) Using Network Address Translation (NAT)

Prestige 324. Prestige 324. Intelligent Broadband Sharing Gateway. Version 3.60 January 2003 Quick Start Guide

F-SECURE MESSAGING SECURITY GATEWAY

Chapter 5 Customizing Your Network Settings

Using Cisco UC320W with Windows Small Business Server

Basic Network Configuration

Chapter 9 Monitoring System Performance

Broadband Router ESG-103. User s Guide

How To: Configure a Cisco ASA 5505 for Video Conferencing

Network Load Balancing

Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0

Transcription:

IAC-BOX Network Integration Version 2.0.1 English 24.07.2014 In this HOWTO the basic network infrastructure of the IAC-BOX is described. IAC-BOX Network Integration TITLE

Contents Contents... 1 1. Hints... 2 2. Network Integration... 3 3. Interfaces... 4 3.1. Office-LAN... 4 3.2. Surf-LAN... 4 3.3. Management-LAN... 5 4. Other Network Devices... 5 5. Plug & Play... 6 6. Port Forwarding/DNAT... 6 7. Routing... 7 IAC-BOX Network Integration s 1 7

1. Hints Please note the following hints: The Surf-LAN needs to be bridged (not mandatory if IAC-BOX is installed in routing mode) Proxy DHCP, Proxy ARP and similar services must not be enabled at the Surf-LAN Office-LAN and Surf-LAN must be separated properly IAC-BOX Network Integration s 2 7

2. Network Integration On the picture below you can see a common network structure with IAC- BOX. In this example, the third interface of the IAC-BOX (Management-LAN) is connected to the DMZ. The Office LAN interface serves only as an uplink to the WAN. The access points in the Surf-LAN must be bridged to ensure the correct operation of the IAC-BOX. Routing and NAT in the Surf-LAN is not allowed, the same applies to functions like proxy DHCP and proxy ARP. IAC-BOX Network Integration s 3 7

3. Interfaces 3.1. Office-LAN The Office-LAN interface is used as uplink to the WAN and it its the interface which is used to manage the IAC-BOX. The default settings for the Office- LAN are: IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.1.254 DNS Server: 192.168.2.1 3.2. Surf-LAN Das Surf-LAN Interface stellt die Verbindung zum Client/Gäste Netzwerk dar in welchem sich die Benutzer an der IAC-BOX authentifizieren müssen. Dafür macht die IAC-BOX im Surf-LAN DHCP. Die Standard-Einstellungen für das Surf-LAN sind: Geschützter DHCP Bereich: 172.29.0.0/20 (standardmäßig aktiviert)ungeschützter DHCP Bereich: 172.30.0.0/22 Fehlerursache in Verbindung mit der PMS-Konfiguration ist der Umstand, dass die IAC-BOX keine Verbindung mit dem PMS-System herstellen kann. Die Ursache dafür kann entweder sein, dass das PMS-System im Netzwerk gar nicht erreichbar (Ping) ist, oder dass eine Verbindung über den angegebenen Port nicht erlaubt ist (Connection Refused). Hier ist die Konfiguration des PMS-Systems zu überprüfen. Um dies testen zu können, versuchen Sie mit einem Client eine Telnet- Verbindung zum PMS-System herzustellen (Bsp.: telnet 192.168.1.10 9099). Eine genauere Beschreibung des geschützten bzw. ungeschützten DHCP Bereichs finden Sie in dem folgenden HowTo auf Seite 4: http://www.iacbox.com/uploads/media/howto_netzwerk_migration_de. pdf IAC-BOX Network Integration s 4 7

3.3. Management-LAN The optional Management-LAN allows you to separate the uplink and the administration of IAC-BOX. Therefore the Office-LAN can be use for the uplink only and the administration of the system can be done via Management-LAN (connected to DMZ). The default settings for the Management-LAN are: IP Address: 10.10.10.254 Subnet Mask: 255.255.255.0 4. Other Network Devices Since the Surf-LAN must be bridged, the network devices are not allowed to modify the traffic between the clients and the IAC-BOX. This is because the IAC-BOX needs the original client IP and client MAC in order to function properly. There are the following options to configure acces points and other network devices in the Surf-LAN: Manual configuration of the network settings directly on the devices The devices get their network settings via DHCP from the IAC-BOX (like normal clients) For each device there is a static lease configured on the IAC-BOX. The devices will get the configured static lease per DHCP. Thereby network settings outside of the default Surf-LAN range are possible. Note that the access points do not need to be online for the operation of the IAC-BOX. IAC-BOX Network Integration s 5 7

5. Plug & Play The plug & play of IAC-BOX allows devices to still connect to the customer logon site without having network settings within the default Surf-LAN range. This fuction is realized with ARP and DNS spoofing. In order to make it possible for specific network devices to communicate with each other (e.g. access points, access point controller, etc.), they can be excluded from the plug & play of IAC-BOX. Therefore, enter the MAC address of the devices in the WebAdmin menu Modules/Plug & Play Ignored Devices as ignored devices. 6. Port Forwarding/DNAT Port forwarding/dnat allows you to make network devices in the Surf-LAN accessible from the Office-LAN/Management-LAN. For example to manage access points, switches and other network devices without beeing connected to the Surf-LAN. Therefore it is important that the device to manage has the IAC-BOX Surf- LAN site configured as gateway. Otherwise it is not possible to establish a connection. Example: Surf-LAN access point with the IP address 172.30.0.10 should be managed from the Office-LAN. Therefore the following DNAT rule is defined in the WebAdmin menu Security/Port Forwarding: - Destination IP address: 172.30.0.10 - Local Port: 9080 (between 9000 and 65000) - Destination Port: 80 (Web-Interface of the access point) - Protocol: TCP - Interface: Office-LAN With this DNAT rule, the access point will be accessable from the Office- LAN via the Office-LAN IP address of the IAC-BOX and the configured local port (e.g. 192.168.1.1:9080). IAC-BOX Network Integration s 6 7

7. Routing By special routes on the IAC-BOX, certain services and other network components, such as server and printer, can be made accessible. By default, two routes are already predefined, one for the Office-LAN and one for the Management-LAN (if enabled). For both of them the firewall protection is enabled. These routes are necessary so that the devices from the Surf-LAN can not access the Office-LAN and Management-LAN. Example 1: You want to make some devices/services within an isolated network (192.168.22.0/24) behind the Office-LAN (192.168.1.0/24) accessable for devices in the Surf-LAN (172.30.3.254/22). The configuration for the new route is as follows: - Destination Address: 192.168.22.0 - Gateway: 192.168.1.250 - Subnet Mask: 255.255.255.0 - Firewall Protection: deactivated Beispiel 2: You want to connect a PMS system (10.10.20.5) to the IAC-BOX which is located in an isolated network (10.10.20.0/24) behind the Management- LAN (10.10.10.0/24). The configuration for this route is as follows: - Destination Address: 10.10.20.5 - Gateway: 10.10.10.200 - Subnet Mask: 255.255.255.255 (host route) Firewall Protection: activated (the PMS system should be connected to the IAC-BOX but should not be accessable from the Surf-LAN) IAC-BOX Network Integration s 7 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information