Configuration Examples

XSR(config)#interface fastethernet 2

XSR(config-if<F2>)#ip address 220.150.2.17 255.255.255.0

XSR(config-if<F1>)#no shutdown

XSR(config)#interface serial 1/0:0

XSR(config-if<S1/0:0>)#ip address 206.12.44.16/24

XSR(config-if<S1/0:0>)#no shutdown

Globally enable the firewall. Even though you have configured and loaded the firewall, only invoking the following command “turns on” the firewall. Once enabled, if you are remotely connected, the firewall will close your session. Simply login again.

XSR(config)#ip firewall enable

XSR with Firewall, PPPoE and DHCP

In this scenario, shown in Figure 16-15, the branch office uses a private address for its hosts. Access to the external networks configured with PPPoE DSL service on the FastEthernet 2 interface/sub-interface and DHCP set on the FastEthernet 1 interface. A global IP address is available for a Web server and a static NAT entry is set for them. Also, all Java and ActiveX pages, IP options, IP broadcast and multicast packets are banned.

Policies apply to the private addresses as outbound filtering is performed before NAT and inbound filtering after NAT. This is key because the firewall is oblivious to the global IP address used. Some commands are abbreviated.

Figure 16-15 XSR Firewall with PPPoE (DSL) and DHCP

PPPoE/NAT/Firewall

XSR

 

Internet

10.10.10.1

FE1

FE2

Configure the LAN interfaces, enable DHCP, and disable the firewall on both LAN ports:

XSR(config)#interface FastEthernet1

XSR(config-if<F1>)#ip address 10.10.10.1 255.255.255.0

XSR(config-if<F1>)#ip dhcp server

XSR(config-if<F1>)#ip firewall disable

XSR(config-if<F1>)#no shutdown

XSR(config)#interface FastEthernet2

XSR(config-if<F2>)#ip firewall disable

XSR(config-if<F2>)#no shutdown

Enable the PPPoE interface with a negotiable IP address, adjusted MTU packet size, PAP authentication, and NAT enabled:

XSR(config-if<F2>)#interface FastEthernet 2.1

XSR(config-if)#encapsulate ppp

16-26 Configuring Security on the XSR

Page 412
Image 412
Enterasys Networks X-PeditionTM manual XSR with Firewall, PPPoE and Dhcp, XSR Firewall with PPPoE DSL and Dhcp