LANCOM Reference Manual LCOS 3.50 Chapter 2: System design
14
System design
LANCOM Wireless acces s points resp. LANCOM rout ers with wireless
modules offer additionally one or, depending on the respective model,
also two wireless interfaces for the connection of Wireless LANs.
A DMZ interface enables for some models a ’demilitarized zone’ (DMZ),
which is also physically separated within the LAN bridge from other LAN
interfaces.
The LAN bridge provides a protocol filter that enables blocking of dedi-
cated protocols on the LAN. Additionally, single LAN interfaces can be
separated by the “isolated mode”. Due to VLAN functions, virtual LANs
may be installed in the LAN bridge, which permit the operating of several
logical networks on a physical cabling.
Applications can communicate with different IP modules (NetBIOS, DNS,
DHCP server, RADIUS, RIP, NTP, SNMP, SYSLOG, SMTP) either via the IP
router, or directly via the LAN bridge.
The functions “IP masquerading” and “N:N mapping” provide suitable IP
address translations between private and public IP ranges, or also
between multiple private networks.
Provided according authorization, direct access to the configuration and
management services of the devices (WEBconfig, Telnet, TFTP) is provided
from the LAN and also from the WAN side. These services are protected
by filters and login barring, but do not require any processing by the fire-
wall. Nevertheless, a direct access from WAN to LAN (or vice versa) using
the internal services as a bypass for the firewall is not possible.
The IPX router and the LANCAPI access on the WAN side only the ISDN
interface. Both modules are independent from the firewall, which controls
only data traffic through the IP router.
The VPN services (including PPTP) enable data encryption in the Internet
and thereby enable virtual private networks over public data connections.
Depending on the specific model, either xDSL/Cable, ADSL or ISDN are
available as different WAN interfaces.
The DSLoL interface (DSL over LAN) is no physical WAN interface, but
more a “virtual WAN interface”. With appropriate LCOS settings, it is pos-
sible to use on some models a LAN interface as an additional xDSL/Cable
interface.