Amer Networks WLO220T CLI User Manual

. . . . .

C O M M A N D D E S C R I P T I O N S

interface

CLI Reference Guide

41

Example

The following command specifies the IP address for the eth1 interface:

set interface eth1 ip 1.1.1.35

dip

set interface interface dip dip_num ip_addr1 [ ip_addr2 ]

unset interface interface dip dip_num

dip

Sets a Dynamic IP (DIP) pool. Each DIP pool consists of a range of addresses. The device can
use the pool to dynamically or deterministically allocate source addresses when the device
applies source address translation (NAT-src) to packets traversing the specified interface. This
is useful when you need to translate non-routable local IP source addresses into routable
addresses for outgoing packets. The keywords and variables for the dip option are as follows:



dip_num identifies the DIP pool.



The first IP address ip_addr1 represents the start of the IP address range. (A DIP pool

can consist of a single IP address, or one or more ranges of addresses.) The second IP
address ip_addr2 represents the end of the IP address range. ip_addr1 and ip_addr2
can have the same value specifying a DIP pool with only one address in it.

Example

The following commands allow local hosts in a non-routable subnet to communicate over a public
WAN infrastructure. The device uses a DIP pool to dynamically allocate routable source addresses
to packets sent from the local hosts to remote hosts.

• Local unroutable subnet 10.1.23.1/24

• Remote unroutable subnet 10.100.2.75/24

• DIP ID number 10, with address range from 2.1.10.2 through 2.1.10.36

set interface eth1 zone trust

set interface eth1 ip 10.1.23.1/24

set interface eth0 zone untrust

set interface eth0 ip 2.1.10.1/24

set interface eth0 dip 10 2.1.10.2 2.1.10.36

set address trust Local_Hosts 10.1.23.1/24

set address untrust Remote_Hosts 10.100.2.75/24

set policy from trust to untrust Local_Hosts Remote_Hosts http nat src dip 10 permit

fix-port

Some applications, such as NetBIOS Extended User Interface (NetBEUI) and Windows Internet
Naming Service (WINS), require specific port numbers and cannot function properly if Port
Address Translation (PAT) is applied to them. For such applications, you can specify not to perform
PAT (that is, to use a fixed port) when applying DIP. For fixed-port DIP, the security device hashes
the original host IP address and saves it in its host hash table, thus allowing the security device
to associate the right session with each host.