Symbol Technologies WS 2000 manual Gateway Services, Network Address Translation NAT

Page 13

Gateway Services

Gateway Services

Network Address Translation (NAT)

NAT provides the translation of an Internet Protocol (IP) address within one network to a different, known IP address within another network. One network is designated the private network, while the other is the public. NAT provides a layer of security by translating local, private network addresses to one or more global, public IP addresses through a corporate firewall. The translation process provides an opportunity to authenticate outgoing or incoming requests or match these requests to a previous request. NAT allows a company to use a single IP address to communicate with the Internet community.

The WS 2000 Wireless Switch provides service, or forward, and reverse NAT translation on packets to and from the WAN and is fully compliant with RFC 1631.

WS 2000 Wireless provides network administrators with the following implementation options:

Mapping up to 8 public IP addresses to private IP address ranges.

Client IP addresses on the private side have IP addresses translated to ports or IP addresses on the WAN. Administrators can configure connections to originate from either end.

One-to-one mapping with a private IP address or a range of private IP addresses.

Private side IP address can belong to any of the private side subnets.

Ranges can be specified from each of the private side subnets.

WS 2000 Wireless Switch Firewall

The firewall includes a proprietary CyberDefense Engine to protect internal networks from known Internet attacks, including FTP Bounce, MIME Flood, IP Spoofing, Land Attack, Ping of Death, Reassembly, SYN Flooding, and Winnuke. It also provides additional protection by performing the following checks: source routing, IP unaligned timestamp, and sequence number prediction.

Firewall features include:

Stateful Inspection Engine

The firewall inspects incoming packets based on security policies before processing them in higher-level protocols. This feature significantly boosts performance, as packets do not require copying from the operating system to user space for inspection.

Access Policies

Access policies define how network services, including source and destination IP addresses, range or subnet IP address, ports, and access time windows, work. Administrators organize the user community in different user groups and define access policies on per user group basis.

Administration Management

Administrators change access policies locally or remotely, using the web-based user interface (UI) or by modifying text-based configuration files.

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

13

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

 

Page 12 Page 14
Image 13
Page 12 Page 14
Contents System Reference WS 2000 Wireless Switch Version72E-67701-01 Rev a March Patents CopyrightTable of Contents Chapter Advanced Configuration Chapter Field Office Example 111 About this Document WS 2000 Wireless Switch System Reference GuideDocument Conventions Wireless LAN Wlan Security Management of Access PortsSystem Overview Firewall SecurityPhysical Specifications Technical SpecificationsHardware Overview Cell Controller Services Operating System OS ServicesPower Specifications Environmental SpecificationsGateway Services 802.11b Support 802.11a SupportAccess Ports WS 2000 Wireless Switch Firewall Gateway ServicesNetwork Address Translation NAT Snmp Management Support Layer 3 RoutingDhcp Client and Server OverviewWEP 64 40-bit key 802.1x with Radius AuthenticationWEP 128 104-bit Key Kerberos Authentication 802.1x with Shared Key AuthenticationKeyGuard-MCM Support Wireless Protected Access WPASet up Communication to the Switch Installing the SwitchGetting Started Overview Getting Started Overview Changing the Administrator Password Configuring the Switch Configure the LAN InterfaceField Description Defining the SubnetsInterfaces Configure SubnetsDhcp Configuration Advanced Dhcp Settings Communicating with the Outside World Configure the WAN InterfaceSetting Up Point-to-Point over Ethernet PPPoE Communication Chap Enable Wireless LANs WLANsWireless Summary Area Access Port Adoption Configure WLANsField Description Name Configure Wlan SecuritySubnet 802.1x EAP Authentication Setting the Authentication MethodKerberos Authentication Setting the Encryption MethodConfiguring WEP Encryption Configuring WPA-TKIP Configure Wlan Security No Encryption KeyGuard-MCMMobile Unit Access Control List ACL Configure Access PortsConfigure Access Ports Name Configure Subnet AccessAccess Exception Area Access Overview TableColor Access Type Description Green YellowHttp Protocol Transport Description Port UsedALL Transport DescriptionWLAN-How to Configure Advanced Settings Advanced ConfigurationWLAN-Setting Default Access Port Settings WLAN-Setting Default Access Port Settings Dtim Period Beacon IntervalPrimary Wlan WLAN-Advanced Access Port SettingsSecurity Beacon WLAN-Advanced Access Port Settings Beacon is a packet broadcast by the adopted access ports to Gateway-How to Configure Network Address Translation NAT Gateway-How to Configure Network Address Translation NAT Always On Firewall Filters Gateway-How to Configure the WS 2000 FirewallConfigurable Firewall Filters Mime Flood Attack Check Gateway-How to Configure Static RoutesDefining Routes Setting the RIP ConfigurationNo RIP RIPRIP v2 Security-How to Configure 802.1x EAP AuthenticationCompat NoneSecurity-How to Configure 802.1x EAP Authentication Security-How to Configure 802.1x EAP Authentication Security-How to Configure Kerberos Authentication Security-How to Specify a Network Time Protocol NTP Server WS 2000 Wireless Switch LED Functions Switch SettingsOverview Location DescriptionChanging the Name of the Switch Location field Change the Location and Country Settings of the WSUpdating the WS 2000 Wireless Switch’s Firmware How to Restart the WS 2000 Wireless SwitchPerforming the Firmware Update Checking for and Downloading Firmware updatesExporting and Importing Wireless Switch Settings System ConfigurationTo Import Settings to a Local File To Import or Export Settings to an FTP SiteTo Export Settings to a Local File How to Restore Default Configuration Settings Property Value How to Configure Snmp Traps Remote AdministrationSetting the Snmp Version Configuration Setting Up Snmp v1/v2c Community DefinitionsNoAuth Setting Up Snmp v3 Community DefinitionsAuthNoPriv AuthPrivSetting the Trap Configuration Setting Up the Access Control ListConfiguration AuthenticationTrap Trap Name Generates a Trap when… Category Cold StartSetting the Trap Configuration for Snmp v1/v2c Setting the Trap Configuration for Snmp Configure Administrator AccessAccess Port Description Configure Management AccessSetup AirBEAM Software Access Access Port StatisticsChanging the Administrator and Manager Passwords Statistics and LogsGeneral Access Port Information Associated Mobile Units Received and Transmitted TablesSubnet Statistics Transmitted Description Field Received Field DescriptionInterfaces WAN StatisticsReceived Field Description Viewing the Log on the Switch Setting Up and Viewing the System LogSetting Up a Log Server Background Retail Use CasesPlan Contacting the Wireless Switch Configuring the System SettingsEntering the Basic System Settings Setting Access Control IP Address Plan Configuring the SubnetsSubnet IP Address Range For each subnet Configuring POS SubnetConfiguring the Printer Subnet Retail Use Cases Configuring the Cafe Subnet Retail Use Cases Configuring the WAN Interface Configuring Network Address Translation NAT Retail Use Cases Setting Access Port Defaults Configuring the Access PortsSwitch Port Connected to Inspecting the FirewallNaming the POS Access Port Configuring the Printer Access Port Configuring the Cafe Access Port Associating the Access Ports to the WLANs Configuring the Cafe Wlan Configuring the WLANsName Printer Configuring the Printer WlanFor the POS WLAN, she makes the following choices Configuring the POS WlanSetting Subnet Access Retail Use Cases Configuring the Clients Testing ConnectionsWireless Authentication Encryption Channel Client IP Address Subnet Mask Gateway PortField Office Example Plan Configuring the System Settings Entering the Basic System Settings Setting Access Control Field Office Example Configuring the Engineering LAN Configuring the LANField Office Example Field Office Example Configuring the Sales Subnet Configuring the WAN Field Office Example Setting Up Network Address Translation Field Office Example Adopting Access Ports Confirm Firewall ConfigurationMAC Address Location Adoption List LabelField Office Example Configuring the WLANs Security Field Office Example Wlan Field Office Example Field Office Example Field Office Example Access Port Channel Configuring Subnet Access Installing the Access Ports and Testing Appendix A. Sample Configuration File NTP menu Wlan 1 configuration set mode 1 enable Wlan 3 configuration set mode 3 disable Default 802.11 a radio configuration set reg a in/out 149 Access Port configuration LAN Dhcp configuration network Firewall configuration set syn enable Outbound 1-To-Many NAT configuration set outb map s1 Page Index FTP Snmp 802.1x EAP authentication
Top Page Image Contents