Lancom Systems OAP-322 61552 User Manual

N:N IP address mapping for translation of IP addresses or entire networks

N:N IP address mapping

The firewall marks packets with routing tags, e.g. for policy-based routing; Source routing tags for the creation of independent firewall rules for
different ARF contexts

Tagging

Forward, drop, reject, block sender address, close destination port, disconnect

Actions

Via e-mail, SYSLOG or SNMP trap

Notification

Dynamic bandwidth management with IP traffic shaping

Traffic shaping

Dynamic reservation of minimum and maximum bandwidths, totally or connection based, separate settings for send and receive directions. Setting
relative bandwidth limits for QoS in percent

Bandwidth reservation

Priority queuing of packets based on DiffServ/TOS fields

DiffServ/TOS

Automatic packet-size control by fragmentation or Path Maximum Transmission Unit (PMTU) adjustment

Packet-size control

Automatic or fixed translation of layer-2 priority information (IEEE 802.11p-marked Ethernet frames) to layer-3 DiffServ attributes in routing mode.
Translation from layer 3 to layer 2 with automatic recognition of 802.11p-support in the destination device

Layer 2/Layer 3 tagging

Monitoring and blocking of login attempts and port scans

Intrusion Prevention

Source IP address check on all interfaces: only IP addresses belonging to the defined IP networks are allowed

IP spoofing

Filtering of IP or MAC addresses and preset protocols for configuration access

Access control lists

Protection from fragmentation errors and SYN flooding

Denial of Service protection

Detailed settings for handling reassembly, PING, stealth mode and AUTH port

General

Filtering of unwanted URLs based on DNS hitlists and wildcard filters

URL blocker

Password-protected configuration access can be set for each interface

Password protection

Alerts via e-mail, SNMP-Traps and SYSLOG

Alerts

EAP-TLS, EAP-TTLS, PEAP, MS-CHAP, MS-CHAPv2 as EAP authentication mechanisms, PAP, CHAP, MS-CHAP and MS-CHAPv2 as PPP authentication
mechanisms

Authentication mechanisms

Limitation of the allowed transfer protocols, source and target addresses on the WLAN interface

WLAN protocol filters

Fixed redirection of any packet received over the WLAN interface to a dedicated target address

IP redirect

VRRP (Virtual Router Redundancy Protocol) for backup in case of failure of a device or remote station. Enables passive standby groups or reciprocal
backup between multiple active devices including load balancing and user definable backup priorities

VRRP

For completely safe software upgrades thanks to two stored firmware versions, incl. test mode for firmware updates

FirmSafe

Line monitoring with LCP echo monitoring, dead-peer detection and up to 4 addresses for end-to-end monitoring with ICMP polling

Line monitoring

IP and NetBIOS/IP multi-protocol router

Router

Separate processing of 16 contexts due to virtualization of the routers. Mapping to VLANs and complete independent management and configuration
of IP networks in the device, i.e. individual settings for DHCP, DNS, Firewalling, QoS, VLAN, Routing etc. Automatic learning of routing tags for
ARF contexts from the routing table

Advanced Routing and Forwarding

HTTP and HTTPS server for configuration by web interface

HTTP

DNS client, DNS server, DNS relay, DNS proxy and dynamic DNS client

DNS

DHCP client, DHCP relay and DHCP server with autodetection. Cluster of several LANCOM DHCP servers per context (ARF network) enables caching
of all DNS assignments at each router. DHCP forwarding to multiple (redundant) DHCP servers

DHCP

NetBIOS/IP proxy

NetBIOS

NTP client and SNTP server, automatic adjustment for daylight-saving time

NTP

Policy-based routing based on routing tags. Based on firewall rules, certain data types are marked for specific routing, e.g. to particular remote
sites or lines

Policy-based routing

LANCOM OAP-322

Features as of: LCOS 8.82