Description:
This document outlines the parameters and functions of the "Advanced Routing and Forwarding" featur=
e for LANCOM routers without WLAN.
Scenario:
The aim is to restrict access between the networks Net 1, Net 2 and Net 3 on the LAN side of t=
he router.
- Net 1 is a network for employees and should provide ac=
cess to all other networks and to the Internet.
- Net 2 is a network for visitors and should provide acc=
ess to the Internet only.
- Net 3 is a server network and should not have active a=
ccess to any other network; however, Net 1 should have acc=
ess to these servers.
Net 1: Interface LAN1 (ETH -1), Network ID: 172.16.1.0
Net 2: Interface LAN2 (ETH =
-2), Network ID: 172.16.2.0
Net 3: Interfaces LAN3 (Eth=
-3) and LAN4 (Eth-3), Network ID: 172.16.3.0
<=
strong>Procedure:
LANconfig is used to perform the configuration. A LANCOM 1781A=
is used for this example scenario.
- Interface tags can be allocated to the IP networks. This gives you cont=
rol over the communication between the networks. Routing tags can be alloca=
ted in the routing table.
- When combined with the interface tags, these make it possible to contro=
l which route may be used by which local network.
Step 1: Allocating the interfaces to=
the networks.
1. Open your router's configuration with LANconfig.
2. Allocate Ethernet interface 1 to the logical LAN-1=
.
3. Allocate Ethernet interface 2 to the logical LAN-2=
.
4. Allocate Ethernet interfaces 3 and 4 to the logical LAN-3=
strong>.
Step 2: Allocating physical interfac=
es and interface tags to the IP networks.
1. Open your router's configuration with LANconfig.
2. Allocate the interface and the interface tag to the IP networks.
- IP networks with the interface tag '0' can access all other networks.=
li>
- IP networks with a tag in the range 1 1-65535 can only access IP networ=
ks that use the same interface tag.
3. Net 1 operates on interface LAN-1=
and uses interface tag 0, i.e. it can access all other ne=
tworks.
4. Net 2 operates on interface LAN-2=
and is allocated interface tag 1, i.e. it cannot access a=
ny other local network.
5. Net 3 operates on interface LAN-3=
and is allocated interface tag 2, i.e. it cannot access a=
ny other local network.
Step 3: Creating the routing entry.<=
/strong>
Clients from the networks can us all routes with routing tag 0. If the rout=
ing tag is no equal to 0 and not equal to the client=E2=80=99s own interfac=
e tag, the route from this network cannot be used.
A default route with routing tag 0 can be used as a connection by all netwo=
rks.
|