User ManualTable of Contents1 Preface102 System design133 Configuration and management153.1 Configuration tools and approaches153.2 Configuration software163.2.1 Configuration using LANconfig163.2.2 Configuration with WEBconfig183.2.3 Configuration using Telnet193.2.4 Configuration using SNMP203.3 Remote configuration via Dial-Up Network203.3.1 This is what you need for ISDN remote configuration213.3.2 The first remote connection using Dial-Up Networking213.3.3 The first remote connection using a PPP client and Telnet213.4 LANmonitor-know what's happening233.4.1 Extended display options243.4.2 Monitor Internet connection243.5 Trace information-for advanced users263.5.1 How to start a trace263.5.2 Overview of the keys273.5.3 Overview of the parameters273.5.4 Combination commands283.5.5 Examples293.6 Working with configuration files293.7 New firmware with LANCOM FirmSafe303.7.1 This is how LANCOM FirmSafe works303.7.2 How to load new software313.8 Command line interface323.8.1 Command line reference333.9 Scheduled Events344 Management374.1 N:N mapping374.1.1 Application examples384.1.2 Configuration424.1.3455 Diagnosis465.1 LANmonitor-know what's happening465.1.1 Extended display options465.1.2 Monitor Internet connection475.2 Trace information-for advanced users485.2.1 How to start a trace485.2.2 Overview of the keys495.2.3 Overview of the parameters495.2.4 Combination commands505.2.5 Examples516 Security526.1 Protection for the configuration526.1.1 Password protection526.1.2 Login barring546.1.3 Restriction of the access rights on the configuration556.2 Protecting the ISDN connection586.2.1 Identification control586.2.2 Callback606.3 The security checklist617 Routing and WAN connections647.1 General information on WAN connections647.1.1 Bridges for standard protocols647.1.2 What happens in the case of a request from the LAN?647.2 IP routing667.2.1 The IP routing table667.2.2 Local routing687.2.3 Dynamic routing with IP RIP697.2.4 SYN/ACK speedup737.3 The hiding place-IP masquerading (NAT, PAT)747.3.1 Simple masquerading747.3.2 Inverse masquerading787.3.3 Unmasked Internet access for server in the DMZ797.4 N:N mapping807.4.1 Application examples817.4.2 Configuration857.5 Configuration of remote stations897.5.1 Name list897.5.2 Layer list907.6 Establishing connection with PPP917.6.1 The protocol927.6.2 Everything o.k.? Checking the line with LCP947.6.3 Assignment of IP addresses via PPP947.6.4 Settings in the PPP list967.7 Extended connection for flat rates-Keep-alive977.8 Callback functions987.8.1 Callback for Microsoft CBCP987.8.2 Fast callback using the LANCOM process997.8.3 Callback with RFC 1570 (PPP LCP extensions)1007.8.4 Overview of configuration of callback function1007.9 Channel bundling with MLPPP1018 Firewall1048.1 Threat analysis1048.1.1 The dangers1048.1.2 The ways of the perpetrators1058.1.3 The methods1058.1.4 The victims1068.2 What is a Firewall?1078.2.1 Tasks of a Firewall1078.2.2 Different types of Firewalls1088.3 The LANCOM Firewall1148.3.1 How the LANCOM Firewall inspects data packets1158.3.2 Special protocols1198.3.3 General settings of the Firewall1218.3.4 Parameters of Firewall rules1258.3.5 Alerting functions of the Firewall1318.3.6 Strategies for Firewall settings1348.3.7 Hints for setting the Firewall1378.3.8 Configuration of Firewall rules1418.3.9 Firewall diagnosis1518.3.10 Firewall limitations1598.4 Protection against break-in attempts: Intrusion Detection1608.4.1 Examples for break-in attempts1608.4.2 Configuration of the IDS1618.5 Protection against “Denial of Service” attacks1628.5.1 Examples of Denial of Service attacks1628.5.2 Configuration of DoS blocking1658.5.3 Configuration of ping blocking and Stealth mode1669 Quality of Service1689.1 Why QoS?1689.2 Which data packets to prefer?1689.2.1 Guaranteed minimum bandwidths1719.2.2 Limited maximum bandwidths1729.3 The queue concept1729.3.1 Queues in transmission direction1729.3.2 Queues for receiving direction1759.4 Reducing the packet length1769.5 QoS parameters for Voice over IP applications1789.6 QoS in sending or receiving direction1829.7 QoS configuration1839.7.1 Evaluating ToS and DiffServ fields1839.7.2 Defining minimum and maximum bandwidths1859.7.3 Adjusting transfer rates for interfaces1879.7.4 Sending and receiving direction1899.7.5 Reducing the packet length18910 Virtual LANs (VLANs)19210.1 What is a Virtual LAN?19210.2 This is how a VLAN works19210.2.1 Frame tagging19310.2.2 Conversion within the LAN interconnection19410.2.3 Application examples19510.3 Configuration of VLANs19810.3.1 The network table19810.3.2 The port table19910.3.3 Configuration with LANconfig20010.3.4 Configuration with WEBconfig or Telnet20111 Wireless LAN - WLAN20311.1 What is a Wireless LAN?20311.1.1 Standardized radio transmission by IEEE20311.1.2 Operation modes of Wireless LANs and base stations20611.2 Developments in WLAN security21311.2.1 Some basic concepts21411.2.2 WEP21511.2.3 WEPplus21911.2.4 EAP and 802.1x22011.2.5 TKIP and WPA22311.2.6 AES and 802.11i23011.2.7 Summary23111.3 Protecting the wireless network23211.4 Configuration of WLAN parameters23311.4.1 WLAN security23411.4.2 General WLAN settings24311.4.3 The physical WLAN interfaces24411.4.4 The logical WLAN interfaces25011.4.5 Additional WLAN functions25411.5 Establishing outdoor wireless networks25611.5.1 Geometrical layout of the transmission path25611.5.2 Antenna power25811.5.3 Emitted power and maximum distance26111.5.4 Transmission power reduction26412 Office communications with LANCAPI26512.1 What are the advantages of LANCAPI?26512.2 The client and server principle26512.2.1 Configuring the LANCAPI server26512.2.2 Installing the LANCAPI client26812.2.3 Configuration of the LANCAPI clients26912.3 How to use the LANCAPI27012.4 The LANCOM CAPI Faxmodem27013 Server services for the LAN27213.1 Automatic IP address administration with DHCP27213.1.1 The DHCP server27213.1.2 DHCP-'on', 'off' or 'auto'?27313.1.3 How are the addresses assigned?27413.2 DNS27713.2.1 What does a DNS server do?27713.2.2 DNS forwarding27913.2.3 Setting up the DNS server28013.2.4 URL blocking28313.2.5 Dynamic DNS28413.3 Call charge management28513.3.1 Charge-based ISDN connection limits28513.3.2 Time dependent ISDN connection limit28613.3.3 Settings in the charge module28713.4 The SYSLOG module28713.4.1 Setting up the SYSLOG module28813.4.2 Example configuration with LANconfig28814 Virtual Private Networks-VPN29114.1 What does VPN offer?29114.1.1 Private IP addresses on the Internet?29314.1.2 Secure communications via the Internet?29414.2 LANCOM VPN: an overview29514.2.1 VPN example application29514.2.2 Advantages of LANCOM VPN29614.2.3 LANCOM VPN functions29714.3 VPN connections in detail29814.3.1 LAN-LAN coupling29814.3.2 Dial-in connections (Remote Access Service)29914.4 What is LANCOM Dynamic VPN ?30014.4.1 A look at IP addressing30014.4.2 This is how LANCOM Dynamic VPN works30114.5 Configuration of VPN connections30614.5.1 VPN tunnel: Connections between VPN gateways30714.5.2 Set up VPN connections with the Setup Wizard30814.5.3 Inspect VPN rules30914.5.4 Manually setting up VPN connections30914.5.5 Prepare VPN network relationships31114.5.6 Configuration with LANconfig31414.5.7 Configuration with WEBconfig31814.5.8 Diagnosis of VPN connections32214.6 Specific examples of connections32214.6.1 Static/static32314.6.2 Dynamic/static32314.6.3 Static/dynamic (with LANCOM Dynamic VPN)32414.6.4 Dynamic/dynamic (with LANCOM Dynamic VPN)32514.7 How does VPN work?32614.7.1 IPSec-The basis for LANCOM VPN32714.7.2 Alternatives to IPSec32814.8 The standards behind IPSec32914.8.1 IPSec modules and their tasks32914.8.2 Security Associations - numbered tunnels32914.8.3 Encryption of the packets - the ESP protocol33014.8.4 Authentication - the AH protocol33214.8.5 Key management - IKE33515 Appendix: Overview of functions for LANCOM models and LCOS versions33716 Index338Size: 5.41 MBPages: 346Language: EnglishOpen manual