MAC Addresses and Address Resolution Protocol | NETGEAR fvs114

Reference Manual for the ProSafe VPN Firewall FVS114

MAC Addresses and Address Resolution Protocol

An IP address alone cannot be used to deliver data from one LAN device to another. To send data between LAN devices, you must convert the IP address of the destination device to its media access control (MAC) address. Each device on an Ethernet network has a unique MAC address, which is a 48-bit number assigned to each device by the manufacturer. The technique that associates the IP address with a MAC address is known as address resolution. Internet Protocol uses the Address Resolution Protocol (ARP) to resolve MAC addresses.

If a device sends data to another station on the network and the destination MAC address is not yet recorded, ARP is used. An ARP request is broadcast onto the network. All stations on the network receive and read the request. The destination IP address for the chosen station is included as part of the message so that only the station with this IP address responds to the ARP request. All other stations discard the request.

Related Documents

The station with the correct IP address responds with its own MAC address directly to the sending device. The receiving station provides the transmitting station with the required destination MAC address. The IP address data and MAC address data for each station are held in an ARP table. The next time data is sent, the address can be obtained from the address information in the table.

For more information about address assignment, refer to the IETF documents RFC 1597, Address Allocation for Private Internets, and RFC 1466, Guidelines for Management of IP Address Space.

For more information about IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).

Domain Name Server

Many of the resources on the Internet can be addressed by simple descriptive names such as www.NETGEAR.com. This addressing is very helpful at the application level, but the descriptive name must be translated to an IP address in order for a user to actually contact the resource. Just as a telephone directory maps names to phone numbers, or as an ARP table maps IP addresses to MAC addresses, a domain name system (DNS) server maps descriptive names of network resources to IP addresses.

Network, Routing, and Firewall Basics

B-9

202-10098-01, April 2005

Image 159

NETGEAR fvs114 manual MAC Addresses and Address Resolution Protocol, Related Documents, Domain Name Server

Contents

Reference Manual for the ProSafe VPN Firewall FVS114 Certificate of the Manufacturer/Importer TrademarksStatement of Conditions EN 55 022 Declaration of Conformance Product and Publication Details 202-10098-01, April Contents Chapter Firewall Protection Content Filtering Chapter Advanced Virtual Private Networking Chapter Advanced Configuration Appendix C Virtual Private Networking Appendix D Preparing Your Network Contents Xii Contents Manual Scope Chapter About This ManualAudience, Scope, Conventions, and Formats Typographical Conventions How to Use This Manual Printing the Full Manual How to Print this ManualPrinting a Page in the Html View Printing a Chapter Reference Manual for the ProSafe VPN Firewall FVS114 Chapter Introduction Key Features of the VPN Firewall Security Powerful, True Firewall with Content Filtering Extensive Protocol Support Autosensing Ethernet Connections with Auto Uplink Maintenance and Support Easy Installation and Management Package Contents LED Descriptions FVS114 Rear Panel NETGEAR-Related Products DC power input ON/OFF switchNETGEAR-Related Products Netgear Product Registration, Support, and Documentation Reference Manual for the ProSafe VPN Firewall FVS114 Connecting the Firewall to the Internet Prepare to Install Your FVS114 ProSafe VPN FirewallFirst, Connect the FVS114 Modem VPN Firewall Restart Your Network in the Correct Sequence Status lights Now, Configure the FVS114 for Internet Access Netgear Smart Wizard Configuration Assistant welcome screen Make sure the Ethernet cables are securely plugged Troubleshooting TipsMake sure the network settings of the computer are correct Be sure to restart your network in this sequence Ways to access the firewall Overview of How to Access the FVS114 VPN Firewall Login URL Login result FVS114 home How to Bypass the Configuration Assistant Using the Smart Setup Wizard ISP Does Not Require Login How to Manually Configure Your Internet Connection Reference Manual for the ProSafe VPN Firewall FVS114 10 Basic Settings ISP list Reference Manual for the ProSafe VPN Firewall FVS114 Firewall Protection and Content Filtering Overview Chapter Firewall Protection Content Filtering Block Sites menu Block Sites Using Rules to Block or Allow Specific Kinds of Traffic Rules menu Reference Manual for the ProSafe VPN Firewall FVS114 Inbound Rule Example a Local Public Web Server Inbound Rules Port Forwarding Rule example a local public Web server Considerations for Inbound Rules Outbound Rules Service Blocking Rule example blocking Instant Messenger Outbound Rule Example Blocking Instant Messenger Rules table Order of Precedence for Rules Services menu Services Add Custom Service menu Schedule Using a Schedule to Block or Allow Specific Traffic Time Zone 10 E-mail menu Getting E-Mail Notifications of Event Logs and Alerts Reference Manual for the ProSafe VPN Firewall FVS114 11 Logs menu Viewing Logs of Web Access or Attempted Web Access Log entry descriptions SyslogLog entries are described in Table Log action buttons are described in Table Chapter Basic Virtual Private Networking VPN Tunnel Single Advanced methods see , Advanced Virtual Private Networking VPN Tunnel Configuration VPN Wizard start screen Configuring the Client-to-Gateway VPN Tunnel on the FVS114 Connection Name and Remote IP Type Summary screen below displays Vpnc Recommended Settings Configuring the Netgear ProSafe VPN Client on the Remote PC Security Policy Editor new connection Select Secure in the Connection Security check box 11 Security Policy Editor Security Policy 12 Security Policy Editor My Identity 13 Security Policy Editor Pre-Shared Key 15 Security Policy Editor Key Exchange 16 Running a Ping test to the LAN from the PC 18 Log Viewer screen Exporting a Security Policy Transferring a Security Policy to Another Client Importing a Security Policy Select Export Security Policy from the File pulldown Scenario1 Select the security policy to import FVS114 VPN Firewall PCs 23 VPN Wizard start screen Procedure to Configure a Gateway-to-Gateway VPN Tunnel 25 Remote IP 27 VPN Wizard Summary 28 VPN Recommended Settings 30 VPN Status/Log screen Activating a VPN Tunnel Start Using a VPN Tunnel to Activate ItUsing the VPN Status Page to Activate a VPN Tunnel VPN Tunnel Control 32 VPN Status/Log screen Activate the VPN Tunnel by Pinging the Remote Endpoint Type ping Type ping -t 192.168.3.1 and then click OK 36 Pinging test results Verifying the Status of a VPN Tunnel 38 Current VPN Tunnels SAs screen Deactivating a VPN Tunnel 39 VPN Policies Using the VPN Status Page to Deactivate a VPN Tunnel 41 Current VPN Tunnels SAs screen Deleting a VPN Tunnel Virtual Private Using Automatic Key Management Using Policies to Manage VPN Traffic IKE Policy Configuration Menu IKE Policies’ Automatic Key and Authentication Management Field Description General IKE Policy Configuration fields Field Description Remote VPN Policy Configuration for Auto Key Negotiation VPN Auto Policy menu VPN Auto Policy fields are defined in the following table VPN Auto Policy Configuration Fields Authenticating Header AH Netbios Enable VPN Policy Configuration for Manual Key Exchange VPN Manual Policy menu VPN Manual Policy fields are defined in the following table VPN Manual Policy Configuration Fields Value in its Authentication Algorithm Key Out field Netbios Enable Certificate Revocation List CRL Walk-Through of Configuration Scenarios on the FVS114 VPN Consortium Scenario Are IPv4 From Settings menu FVS114 Internet IP Address menu WAN IP addresses LAN IP Setup menu Scenario 1 IKE Policy Set up the IKE Policy illustrated below on the FVS114 10 Scenario 1 VPN Auto Policy Set up the FVS114 VPN -Auto Policy illustrated below Testing the Gateway a FVS114 LAN and the Gateway B LAN How to Check VPN Connections Create a certificate request for the FVS114 Install the trusted CA certificate for the Trusted Root CAFVS114 Scenario 2 FVS114 to FVS114 with RSA Certificates Obtain a root certificate 11 Generate Self Certificate Request menu 12 Self Certificate Request data Highlight, copy and paste this data into a text file 13 Self Certificate Requests table Click the Upload Certificate button 14 Self Certificates table Set up Certificate Revocation List CRL checking Reference Manual for the ProSafe VPN Firewall FVS114 Viewing VPN Firewall Status Information Chapter Maintenance FVS114 Status fields This screen shows the following parameters Connection Status action buttons Click Show WAN Status to display the WAN connection statusThis screen shows the following statistics Connection Status fields Click Show Statistics to display firewall usage statistics WAN Status action buttons are described in the table belowRouter Statistics fields Upgrading the Firewall Software Viewing a List of Attached Devices Router Upgrade menu Configuration File Management Backing Up the Configuration Restoring the ConfigurationErasing the Configuration Diagnostics Changing the Administrator Password Ping or Trace an IP address Diagnostics menu Reference Manual for the ProSafe VPN Firewall FVS114 WAN Setup Chapter Advanced Configuration Default DMZ Server Respond to Ping on Internet WAN Port How to Configure Dynamic DNSTo assign a computer or server to be a Default DMZ server Click Default DMZ Server Dynamic DNS Configuring LAN TCP/IP Setup Parameters Using the LAN IP Setup Options Reference Manual for the ProSafe VPN Firewall FVS114 Using Address Reservation Using the Firewall as a Dhcp server Click Edit or Delete Configuring Static Routes Static Routes table Static Route Example Enabling Remote Management Access Remote Management menu Https//134.177.0.1238080 UPnP menu UPnP Reference Manual for the ProSafe VPN Firewall FVS114 Chapter Troubleshooting Power LED Not OnBasic Functioning LAN or Internet Port LEDs Not On LEDs Never Turn Off Troubleshooting the Web Configuration Interface Troubleshooting the ISP Connection Testing the LAN Path to Your Firewall Troubleshooting a TCP/IP Network Using a Ping Utility Ping -n 10 IP address Testing the Path from Your PC to a Remote DeviceIf the path is working, you see this message If the path is not working, you see this message Problems with Date and Time Restoring the Default Configuration and Password Reference Manual for the ProSafe VPN Firewall FVS114 Appendix a Technical Specifications Data and Routing ProtocolsPPP over Ethernet PPPoE Interface Specifications 10BASE-T or 100BASE-Tx, RJ-45Electromagnetic Emissions Related Publications Basic Router Concepts Appendix B Network, Routing, and Firewall Basics Is normally written as What is a Router?IP Addresses and the Internet Routing Information Protocol Figure B-1 Three Main Address Classes Netmask Combined withEquals Figure B-2 Example of Subnetting a Class B Address Subnet Addressing Table B-2. Netmask formats Table B-1 Netmask notation translation table for one octet Table B-2 Netmask formats Private IP Addresses Figure B-3 Single IP Address Operation Using NAT Single IP Address Operation Using NAT MAC Addresses and Address Resolution Protocol Related DocumentsDomain Name Server Internet Security and Firewalls IP Configuration by Dhcp Stateful Packet Inspection What is a Firewall?Denial of Service Attack Ethernet Cabling Category 5 Cable Quality Table B-3 UTP Ethernet cable wiring, straight-through Figure B-4illustrates straight-through twisted pair cable Inside Twisted Pair Cables Uplink Switches, Crossover Cables, and MDI/MDIX Switching Reference Manual for the ProSafe VPN Firewall FVS114 Reference Manual for the ProSafe VPN Firewall FVS114 Appendix C Virtual Private Networking What is a VPN? IPSec contains the following elements What Is IPSec and How Does It Work?IPSec Security Features IPSec Components Encapsulating Security Payload ESP IKE Security Association Authentication Header AH Mode Key Management Understand the Process Before You Begin VPN Process Overview AddressesIt functions as a VPN Tunnel Between Gateways FirewallsTable C-2 Subnet addressing IPSec Security Association SA negotiation IPSec Security Association IKE VPN Tunnel Negotiation Steps Vpnc IKE Security Parameters Vpnc IKE Phase I Parameters Testing and Troubleshooting Vpnc IKE Phase II ParametersAdditional Reading Relevant RFCs listed numerically Preparing Your Computers for TCP/IP Networking Appendix D Preparing Your Network Install or Verify Windows Networking Components Configuring Windows 95, 98, and Me for TCP/IP Networking Select TCP/IP, and then click OK Select Microsoft Enabling Dhcp to Automatically Configure TCP/IP Settings Choose Settings, and then Control PanelRestart your PC for the changes to take effect Primary Network Logon is set to Windows logon Selecting Windows’ Internet Access Method Verifying TCP/IP PropertiesClick OK to continue Restart the PC Double-click the Network and Dialup Connections icon Configuring Windows NT4, 2000 or XP for IP Networking Dhcp Configuration of TCP/IP in Windows XP Then, restart your PCLocate your Network Neighborhood icon Reference Manual for the ProSafe VPN Firewall FVS114 Dhcp Configuration of TCP/IP in Windows Reference Manual for the ProSafe VPN Firewall FVS114 Obtain an IP address automatically is selected Dhcp Configuration of TCP/IP in Windows NT4 Reference Manual for the ProSafe VPN Firewall FVS114 TCP/IP Properties dialog box now displays Verifying TCP/IP Properties for Windows XP, 2000, and NT4 MacOS Configuring the Macintosh for TCP/IP NetworkingDefault gateway is Type exit MacOS 8.6 or Verifying TCP/IP Properties for Macintosh Computers Are Login Protocols Used? What Is Your Configuration Information?Verifying the Readiness of Your Internet Account Select the Gateway tab Select the IP Address tab Reference Manual for the ProSafe VPN Firewall FVS114 Restarting the Network Reference Manual for the ProSafe VPN Firewall FVS114 Numeric List of Glossary Terms AES Packet sent to all devices on a network DNS See Internet Control Message Protocol Internet service provider Megabits per second Set of rules for communication between devices on a network Radius See Wide Area Network Reference Manual for the ProSafe VPN Firewall FVS114 Reference Manual for the ProSafe VPN Firewall FVS114