SMC Networks SMCWHSG44-G manual Vlan, Firewall, To set a rule for packet filtering

Page 80

To set a rule for packet filtering:

1.Specify the protocol type, source IP address, source IP mask, destination IP address, destination IP mask, and destination port for the rule. Then specify in the Action setting how to deal with a packet that meets the rule.

2.Select the corresponding Enabled check box.

NOTE: Set the rules with great care since incorrect rules would make the Router inaccessible. The last resort to restore the Router to service may be resetting its configuration to factory-set values by pressing the reset button on the back of the Router.

2.8.1.2. VLAN

Fig. 101. VALN Settings.

VLAN (Virtual Local Area Network) settings are for traffic isolation. When the Block wireless-to-Ethernet-LAN traffic check box is selected, the Router does not forward packets between the wireless network interface and the Ethernet LAN interface-traffic is allowed only between the Ethernet WAN interface and the wireless network interface.

2.8.1.3. Firewall

Fig. 102. Packet Filters and Firewall Settings.

SPI analyzes incoming and outgoing packets based on a set of criteria for abnormal content. Therefore, SPI can detect hacker attacks, and can sum- marily reject an attack if the packet fits a suspicious profile. To enable SPI, select the Enable Stateful Packet Inspection (SPI) check box.

Some DoS (Denial of Service) attacks are based on sending invalid ICMP request packets to hosts. The Router can be set to not accept any ICMP requests on the Ethernet WAN interface to defend against attacks of this kind. Enable this capability by selecting the Block ICMP PING from Internet check box.

NOTE: SPI can detect hacker attacks, including IP-Spoofing, Zero IP Length, Land, Smurf, Fraggle, Teardrop, Ping of Death, Syn-Flood, and X-Tree.

NOTE: Because some of the Router's CPU resources are spent in checking packets for these security features, you may notice network performance degradation if the security functions are enabled.

79

Image 80

Contents SMCWHSG44-G Page Copyright TrademarksLimited Warranty Page Industry Canada Class B Federal Communication Commission Interference StatementFCC Radiation Exposure Statement EC Conformance Declaration Safety Compliance Power Cord SafetySchuko Page Wichtige Sicherheitshinweise Germany Schuko Page Table of Contents System Page SMCWHSG44-G SMCWHS-POS Introduction Ieee 802.11b/g Compliant Wireless Operation Overview FeaturesUser Authentication, Authorization, and Accounting AAA Internet Connection Sharing Network Security Firmware Tools Rear Panel Package ChecklistLED Definition Selecting a Power Supply Method POE enabled LAN Port PositionMounting the SMCWHSG44-G on a Wall Preparing for Configuration Changing the TCP/IP Settings of the Managing ComputerConfiguring the SMCWHSG44-G Entering the PasswordSetup Wizard Selecting an Operational Mode HomePage Router with a DHCP-Based DSL/Cable Connection Router with a Static-IP DSL/Cable ConnectionRouter with Multiple DSL/Cable Connections Setup Wizard Configuring Dhcp Server Settings Setup Wizard Configuring Ieee 802.11 SettingsConfiguring User Authentication Settings Web RedirectionLocal Authentication Sever Authentication protocolPage How to Setup the Mini-POS Ticket Printer Account Table ListIeee Configuring Radius Settings Radius Settings Allowable Authentication ModesSetting up Client Computers Deploying the SMCWHSG44-GConfiguring TCP/IP-Related Settings Configuring Ieee 802.11-Related SettingsTo establish a wireless link to an AP Page Authentication Success Logout OverviewMenu Structure Page Status Associated Wireless Clients Save, Save & Restart, and Cancel CommandsHome and Refresh Commands Authenticated Users Account TableSession List Managed LAN DevicesSpecifying Operational Mode SystemChanging Password Managing FirmwareUpgrading Firmware by Http Backing up and Restoring Configuration Settings by HttpTo upgrade firmware of the SMCWHSG44-G by Http To upgrade firmware of the SMCWHSG44-G by Tftp Upgrading Firmware by TftpBacking up and Restoring Configuration Settings by Tftp To back up configuration of the SMCWHSG44-G by TftpTo restore configuration of the SMCWHSG44-G by Tftp Time Zone Resetting Configuration to Factory DefaultsConfiguring TCP/IP Related Settings Address Router with a DHCP-Based DSL/Cable Connection Router with a Static-IP DSL/Cable Connection DNS DNS Proxy Host Address Resolution NAT BasicDhcp Server To expose preset internal serversVirtual Server Mappings Dhcp Server Basic Ii. Static Dhcp MappingsTo always assign an IP address to a specific Dhcp client Dhcp RelayLoad Balancing Zero Client Reconfiguration Configuring Ieee 802.11-Related Settings Wireless BasicWireless Distribution System Wireless Distribution System Settings To enable a WDS linkSecurity Network Topology Containing a LoopPage MAC-Address-Based Access Control MAC-Address-Based Access Control SettingsIeee 802.1x/RADIUS To deny wireless clients access to the wireless networkTo grant wireless clients access to the wireless network Ieee 802.1x/RADIUS Settings Configuring Authentication Settings AAA Basic Default Authentication Failure Warning Unrestricted Clients To specify an uncontrolled computer by MAC addressWalled Garden Radius BasicRobustness Authentication Session Control Log-On Page Customization SettingsAuthentication Success Page Customization Settings Advertisement Links Settings DdnsIcmp TCP UDP To set a rule for packet filtering VlanFirewall To block Http traffic to an unwelcome Web site URL FiltersManagement Basic UPnP System LogAccess Rules SnmpUnrestricted Host MAC Address Settings LAN Device ManagementExample for LAN Device Management To specify a LAN device to manageDefault Settings Appendix aLED Definitions TCP/IP Setting Problems Page Wireless Settings Problems Other ProblemsAppendix C Distances and Data Rates Network Configuration Transmission output PowerConfiguration and Management StandardsKeypad Access Point AuthenticationBasic Service Set BSS Ad HocDynamic Host Configuration Protocol Dhcp Extended Service Set ESSExtensible Authentication Protocol EAP EncryptionInter Access Point Protocol Iapp Power over Ethernet PoEInfrastructure Local Area Network LANService Set Identifier Ssid Wireless Distribution System WDSWi-Fi Protected Access Session KeyWired Equivalent Privacy WEP WPA Pre-shared Key PSKPage For Technical SUPPORT, Call