Zhone 2208 User Guide

Page of 243
C o n f i g u r a t i o n
Creating a Firewall via IP Filtering and NAT
IP Filtering, in conjunction with NAT, can provide a Firewall for securing the 
local network from unwanted and possibly harmful traffic. By defining a set 
of rules (IP Filtering) and open ports (NAT), you may selectively block traffic 
and deny access to the local network.
IP Filtering controls IP traffic traveling through an interface by selectively 
passing or discarding IP packets based on criteria expressed in the form of a 
“filter.” A filter is simply a set of rules that determine whether a packet 
should be passed or discarded as it crosses an interface. An interface is any 
port that carries IP traffic. On the IAD, it can be one of the following: 
Ethernet port, PPP connection, ATM PVC, or FR DCLI.
IP Filtering can selectively pass or discard IP packets based on one or more of 
the following properties:
Protocol (IP, ICMP, TCP, and UDP)
Protocol flags (for TCP and ICMP only)
Source and/or Destination IP address
Source and/or Destination port number
For more information on defining and using a filter rule set, see IP Filtering 
Application note on page C-4.
For more information, see Configure IP Filtering on page 4-43.
DHCP Server Configuration
This section describes the tasks required to configure the Dynamic Host 
Configuration Protocol (DHCP) server on the LAN connection.
DHCP allows for dynamic allocation of network addresses and configurations 
to newly attached hosts. DHCP reduces the amount of work required to 
administer a large network.
Basic DHCP Server Setup Tasks
When DHCP is enabled, it dynamically assigns an IP address to each device 
assigned to the DHCP server on the IAD. You must identify the Ethernet 
Interface to correctly implement DHCP Server on your IAD.
You must complete at least these tasks to configure the DHCP server:
Enable DHCP (default is disabled) (page 4-78)
Configure the DHCP address range pool (page 4-79)
DHCP Server Configuration Menu
The DHCP Server commands are all displayed on the DHCP Server 
Configuration menu, which is displayed by typing “D” on the Main menu