Security for your LAN, Access control via TCP/IP | ELSA Cable

30Operating modes and functions

a password to gain access to a network, a computer or another device. In order to do so, a computer can, for example, go through all the possible combinations of letter and numbers until the right password is found.

As a measure of protection against such attacks, the maximum allowed number of unsuccessful attempts to Login can be set. If this limit is reached, the access will be barred for a certain length of time.

These parameters apply LANconfig and SNMP). automatically barred too.

globally to	all configuration options	(telnet,	TFTP/ELSA
If barring	is activated on one port	all other	ports are

The following entries are provided in the configuration tool ELSA LANconfig for configuring login barring in the 'Management' configuration area on the 'Security' tab or under /Setup/Config-Modulein the menu:

K'Lock configuration after' (Login-errors)

K'Lock configuration for' (Lock-minutes)

Access control via TCP/IP

Access to the internal functions of the devices through TCP/IP can be restricted using a special filter list. Internal functions in this case means Telnet or TFTP sessions to configure the ELSA LANconfig.

This table is empty by default and so access to the router can therefore be obtained by TCP/IP using Telnet or TFTP from computers with any IP address. The filter is activated when the first IP address with its associated network mask is entered and from that point on only those IP addresses contained in this initial entry will be permitted to use the internal functions. The circle of authorized users can be expanded by inputting further entries. The filter entries can describe both individual computers and whole networks.

The access list can be found in the configuration tool ELSA LANconfig in the 'TCP/IP' configuration section on the 'General' tab, or in the /Setup/TCP-IP Module/ Access List menu.

Security for your LAN

You certainly would not like any outsider to access or edit the data on your computers. A ELSA MicroLink Cable offers you various ways of restricting access from outside:

KData encryption

KData packet filtering

KIP masquerading (also known as NAT or PAT)

ELSA MicroLink Cable

Image 38

ELSA Cable manual Security for your LAN, Access control via TCP/IP, Globally to

Contents

Manual Aachen ELSA, IncSonnenweg Germany Thank you for placing your trust in this Elsa product Introducing the Elsa MicroLink CablePage Content Elsa Cable Modem VI Content Setup/SNMP-module Viii Content Elsa MicroLink Cable What does the unit look like?Introducing the Elsa MicroLink Cable Meanings of the specific blink codes Sync BC D E F G These LEDs show the corresponding network controller status Fast Internet Highlights of the Elsa MicroLink CableNode or hub? Cable network More than just Internet Regional contentInternet at all times-always online Backbone Proxy servers CE conformity and FCC radiation standard CE and FCC Introducing the Elsa MicroLink Cable Installation and configuration Elsa MicroLink Cable Configuring the Elsa MicroLink Cable First Steps Preparations Quick Start Quick configurationsConfiguration as a bridge LAN Configuration as a router Off you go into the Web with a whole new sensation of speed On the Router tab, enable the IP Router option Obtain IP addresses automatically use Dhcp TCP/IP installationConfiguring fixed IP addresses not using Dhcp Checking the IP configuration User-friendly method inband Requirements for inband configurationConfiguration modes Starting inband configuration using Elsa LANconfig Start up inband configuration using telnet Configuration commands This command Means this For instance Set/se/snmp/admin The Administrator Whats happening on the line? How to start a traceCommand to call up a trace follows this syntax Trace Outputs Examples New firmware with FirmSafeThis is how FirmSafe works How to load new software Elsa LANconfig Configuration using Snmp General Tftp Command Target/Source Function Accessing tables and parameters using SnmpAccess protection in Snmp IP address IP-netmask Router name Distance Deleting rows in tables using SnmpAppending rows to tables using Snmp Error messages via Snmp trap Management Information Base MIB Configuration modes Login barring Security for your configurationPassword protection Operating modes and functions Globally to Access control via TCP/IPSecurity for your LAN Hiding place-IP masquerading NAT, PAT EncryptionTCP/IP packet filters IP address IP netmask Router Dis Tance IP routingIP routing table IP address IP netmask Router name Dist This is what happens 192.168.130.0 255.255.255.0 What do the entries mean? Dynamic routing with IP/RIPWhat information is propagated by IP/RIP? IP address IP netmask Time Distance Router Local routing Interaction of static and dynamic tables IP masquerading NAT, PAT Two addresses for the router Cable TV net How does IP masquerading work?Simple and inverse masquerading Work Only small difference is that Which protocols can be transmitted using IP masquerading?DNS forwarding Bridging Rator Automatic address administration with Dhcp What are the filter options? Cable modem really belongs to two LANs Dhcp clientDhcp server IP address Network mask Broadcast address How are the addresses assigned? Default state is autoDhcp on, off or auto? IP address assignment Broadcast address assignment Default gateway assignmentNetwork mask assignment DNS server assignment Priority for the Dhcp server Request assignment Priority for a workstation-overwriting an assignment Operating modes and functions Operating modes and functions Elsa MicroLink Cable Cable modem technology AccessTwo standards get around this problem Standards Operator Work Registration in the cable networkNetwork of the cable network Cable TV net Registration Connection modes Network technologyNetwork and its components Host IP addressing Kinds of networks This address Bytes Looks like this in bits ExamplesSame IP address, this time with another netmask IP address Netmask Remark 10.0.0.0 255.0.0.0 There are two considerations when using these IP addresses IP routing and hierarchical IP addressing Host Smith External host Marketing Example Expansion through local networks Easy as possible Why a LAN is called multiprotocol-capable80-C7-6D-A4-6E That is processed by all computers in the LAN LAN as easy as possible Data transfer within the LANInterface only understands MAC addresses Host Smith Data transfer from the LAN onto the Internet LAN coupling on MAC basis Technical basics Elsa MicroLink Cable Technical data Appendix Package contents Service Warranty period Warranty conditionsWarranty coverage Warranty procedure Operating mistakes Additional regulations Declaration of conformity Typenbezeichnung Appendix Elsa MicroLink Cable Index 17, 32 Inde7032, 40 Gateway Heap reserve 17, 18 Setup Trace Wireless links Inde72 Symbols Description of the menu options R73 R74 Description of the menu options Overview of the menus Status Running status displays StatusDescription of the menu options R75 Status/Cable-statistics Status/Operating-timeStatus/Current-time R76 Description of the menu options LAN-statistics Running status displays Status/LAN-statisticsDescription of the menu options R77 Cannot be modified manually Status/Bridge-statisticsR78 Description of the menu options Bridge-statistics Running status displays Status/TCP-IP-statistics/ARP-statistics Status/TCP-IP-statisticsDescription of the menu options R79 These statistics include the following values Status/TCP-IP-statistics/ICMP-statistics R80 Description of the menu optionsStatus/TCP-IP-statistics/IP-statistics Status/TCP-IP-statistics/TFTP-statistics Description of the menu options R81Status/TCP-IP-statistics/TCP-statistics R82 Description of the menu options Status/TCP-IP-statistics/DHCP-statistics Shrinks accordingly. It has the following layout Status/IP-router-statisticsDescription of the menu options R83 IP-router-statistics Statistics from the IP router area Protocol LAN-tx Cable-tx R84 Description of the menu optionsStatus/IP-router-statistics/RIP-statistics IP-address IP-netmask Time Distance Router Status/Queue-statistics Status/Config-statisticsConfig-statistics Remote configuration statistics Description of the menu options R85 R86 Description of the menu options IPr-RIP-queue-packets Description of the menu options R87 Status/MCNS-statisticsStatus/Init-status MCSN-statistics Status/DHCP-client-statistics SetupSystem configuration R88 Description of the menu options Entering the following command Setup/Cable-moduleSetup/LAN-module Default configuration, no name is entered Setup/Bridge-module R90 Description of the menu options MAC-address field Setup/TCP-IP-moduleDescription of the menu options R91 Configuration, the TCP/IP module is activated R92 Description of the menu options Description of the menu options R93 IP-address Node-ID Last-access Connect Setup/IP-router-moduleConfiguration, the IP router module is activated IP-router-module IP router module settings Description of the menu options R95 IP-address IP netmask Router-name Distance R96 Description of the menu options Setup/IP-router-module/Routing-methodRouting-method Routing method settings Settings have the following meaning Setup/IP-router-module/RIP-configurationDifferent settings have the following meaning Description of the menu options R97 Following layout Setup/IP-router-module/MasqueradingR98 Description of the menu options Setup/IP-router-module/firewall Description of the menu options R99 R10 Description of the menu options Description of the menu options R10 Setup/SNMP-moduleSetup/DHCP-server-module On The device operates as a Dhcp server Off The device does not operate as a Dhcp server Default value of 6000 minutes equals approximately 4 daysR102 Description of the menu options Network mask is assigned in the same way as the IP address Config-module Configuration module settings Setup/Config-moduleIP-address Node-ID Timeout Hostname Type Description of the menu options R103 R104 Description of the menu options Firmware Display and keyboard settingsFirmware Position Status Version Date Size Index Description of the menu options R105Module Version R106 Description of the menu options This option allows you to reboot the deviceOther Other menu allows you to manage the following functions