Xsr with firewall, pppoe and dhcp, Xsr with firewall, pppoe and dhcp -26 – Enterasys Networks Security Router X-PeditionTM User Manual

Page 412

Advertising
background image

Configuration Examples

16-26 Configuring Security on the XSR

XSR(config)#interface fastethernet 2
XSR(config-if<F2>)#ip address 220.150.2.17 255.255.255.0
XSR(config-if<F1>)#no shutdown

XSR(config)#interface serial 1/0:0
XSR(config-if<S1/0:0>)#ip address 206.12.44.16/24
XSR(config-if<S1/0:0>)#no shutdown

Globally enable the firewall. Even though you have configured and loaded the firewall, only
invoking the following command “turns on” the firewall. Once enabled, if you are remotely
connected, the firewall will close your session. Simply login again.

XSR(config)#ip firewall enable

XSR with Firewall, PPPoE and DHCP

In this scenario, shown in

Figure 16-15

, the branch office uses a private address for its hosts.

Access to the external networks configured with PPPoE DSL service on the FastEthernet 2
interface/sub-interface and DHCP set on the FastEthernet 1 interface. A global IP address is
available for a Web server and a static NAT entry is set for them. Also, all Java and ActiveX pages,
IP options, IP broadcast and multicast packets are banned.

Policies apply to the private addresses as outbound filtering is performed before NAT and inbound
filtering after NAT. This is key because the firewall is oblivious to the global IP address used. Some
commands are abbreviated.

Figure 16-15 XSR Firewall with PPPoE (DSL) and DHCP

Configure the LAN interfaces, enable DHCP, and disable the firewall on both LAN ports:

XSR(config)#interface FastEthernet1
XSR(config-if<F1>)#ip address 10.10.10.1 255.255.255.0
XSR(config-if<F1>)#ip dhcp server
XSR(config-if<F1>)#ip firewall disable
XSR(config-if<F1>)#no shutdown

XSR(config)#interface FastEthernet2
XSR(config-if<F2>)#ip firewall disable
XSR(config-if<F2>)#no shutdown

Enable the PPPoE interface with a negotiable IP address, adjusted MTU packet size, PAP
authentication, and NAT enabled:

XSR(config-if<F2>)#interface FastEthernet 2.1
XSR(config-if)#encapsulate ppp

XSR

FE2

FE1

Internet

10.10.10.1

PPPoE/NAT/Firewall

Advertising
See also other documents in the category Enterasys Networks Hardware: