For each VLAN on the wireless VPN firewall, you can configure its profile, port membership, LAN TCP/IP settings, DHCP options, DNS server, and inter-VLAN routing capability.
To add a VLAN profile:
1. Select Network Configuration > LAN Setup. In the upper right of the screen, the IPv4 radio button is selected by default. The LAN submenu tabs display, with the LAN Setup screen in view, displaying the IPv4 settings. (The following figure contains some VLAN profiles as an example.)
Note: For information about how to manage VLANs, see Port-Based VLANs on page57. The following information describes how to configure a VLAN profile.
Figure 32.
LAN Configuration
ProSAFE Wireless-N 8-Port Gigabit VPN Firewall FVS318N
2. Click the Add table button under the VLAN Profiles table. The Add VLAN Profile screen displays:
Figure 33.
3. Enter the settings as described in the following table:
Table 11. Add VLAN Profile screen settings
Setting Description
VLAN Profile
Profile Name Enter a unique name for the VLAN profile.
VLAN ID Enter a unique ID number for the VLAN profile. No two VLANs can have the same VLAN ID number.
Note: You can enter VLAN IDs from 2 to 4089. VLAN ID 1 is reserved for the default VLAN; VLAN ID 4094 is reserved for the DMZ interface.
Port Membership Port 1, Port 2, Port 3, Port 4, Port 5, Port 6, Port 7, and
Port 8 / DMZ
Select one, several, or all port check boxes to make the ports members of this VLAN.
Note: A port that is defined as a member of a VLAN profile can send and receive data frames that are tagged with the VLAN ID.
IP Setup
IP Address Enter the IP address of the wireless VPN firewall (the factory default address is 192.168.1.1).
Note: Ensure that the LAN port IP address and DMZ port IP address are in different subnets.
Note: If you change the LAN IP address of the VLAN while being connected through the browser to the VLAN, you are disconnected. You then need to open a new connection to the new IP address and log in again. For example, if you change the default IP address 192.168.1.1 to 10.0.0.1, you now need to enter https://10.0.0.1 in your browser to reconnect to the web management interface.
Subnet Mask Enter the IP subnet mask. The subnet mask specifies the network number portion of an IP address. Based on the IP address that you assign, the wireless VPN firewall automatically calculates the subnet mask. Unless you are implementing subnetting, use 255.255.255.0 as the subnet mask (computed by the wireless VPN firewall).
DHCP
Disable DHCP Server If another device on your network is the DHCP server for the VLAN, or if you intend to manually configure the network settings of all of your computers, select the Disable DHCP Server radio button to disable the DHCP server. Except for the default VLAN for which the DHCP server is enabled, this is the default setting.
LAN Configuration
ProSAFE Wireless-N 8-Port Gigabit VPN Firewall FVS318N
Enable DHCP Server Select the Enable DHCP Server radio button to enable the wireless VPN firewall to function as a Dynamic Host Configuration Protocol (DHCP) server, providing TCP/IP configuration for all computers connected to the VLAN. (For the default VLAN, the DHCP server is enabled by default.) Enter the following settings:
Domain Name This setting is optional. Enter the domain name of the wireless VPN firewall.
Start IP Address Enter the start IP address. This address specifies the first of the contiguous addresses in the IP address pool. Any new DHCP client joining the LAN is assigned an IP address between this address and the end IP address. For the default VLAN, the default start IP address is 192.168.1.100.
End IP Address Enter the end IP address. This address specifies the last of the contiguous addresses in the IP address pool. Any new DHCP client joining the LAN is assigned an IP address between the start IP address and this IP address. For the default VLAN, the default end IP address is 192.168.1.254.
The start and end DHCP IP addresses should be in the same network as the LAN IP address of the wireless VPN firewall (that is, the IP address in the IP Setup section as described earlier in this table).
Primary DNS Server
This setting is optional. If an IP address is specified, the wireless VPN firewall provides this address as the primary DNS server IP address. If no address is specified, the wireless VPN firewall uses the VLAN IP address as the primary DNS server IP address.
Secondary DNS Server
This setting is optional. If an IP address is specified, the wireless VPN firewall provides this address as the secondary DNS server IP address.
WINS Server This setting is optional. Enter a WINS server IP address to specify the Windows NetBIOS server, if one is present in your network.
Lease Time Enter a lease time. This specifies the duration for which IP addresses are leased to clients.
DHCP Relay To use the wireless VPN firewall as a DHCP relay agent for a DHCP server somewhere else in your network, select the DHCP Relay radio button. Enter the following setting:
Relay Gateway The IP address of the DHCP server for which the wireless VPN firewall serves as a relay.
Table 11. Add VLAN Profile screen settings (continued)
Setting Description
4. Click Apply to save your settings.
Note: Once you have completed the LAN setup, all outbound traffic is allowed and all inbound traffic is discarded except responses to requests from the LAN side. For information about how to change these default traffic rules, see Chapter 5, Firewall Protection.
Enable LDAP information
To enable the DHCP server to provide Lightweight Directory Access Protocol (LDAP) server information, select the Enable LDAP information check box.
Enter the following settings:
LDAP Server The IP address or name of the LDAP server.
Search Base The search objects that specify the location in the directory tree from which the LDAP search begins. You can specify multiple search objects, separated by commas. The search objects include:
For example, to search the Netgear.net domain for all last names of Johnson, you would enter:
cn=Johnson,dc=Netgear,dc=net
Port The port number for the LDAP server. The default setting is 0 (zero).
DNS Proxy
Enable DNS Proxy This setting is optional. To enable the wireless VPN firewall to provide a LAN IP address for DNS address name resolution, select the Enable DNS Proxy check box. This setting is disabled by default.
Note: When the DNS proxy option is disabled for a VLAN, all DHCP clients receive the DNS IP addresses of the ISP but without the DNS proxy IP address.
Inter VLAN Routing Enable Inter VLAN Routing
This setting is optional. To ensure that traffic is routed only to VLANs for which inter-VLAN routing is enabled, select the Enable Inter VLAN Routing check box.
This setting is disabled by default. When the Enable Inter VLAN Routing check box is not selected, traffic from this VLAN is not routed to other VLANs, and traffic from other VLANs is not routed to this VLAN.
Table 11. Add VLAN Profile screen settings (continued)
Setting Description
LAN Configuration
ProSAFE Wireless-N 8-Port Gigabit VPN Firewall FVS318N
To edit a VLAN profile:
1. On the LAN Setup screen for IPv4 (see Figure32 on page60), click the Edit button in the Action column for the VLAN profile that you want to modify. The Edit VLAN Profile screen displays. This screen is identical to the Add VLAN Profile screen (see the previous figure).
2. Modify the settings as described in the previous table.
3. Click Apply to save your settings.
To enable, disable, or delete one or more VLAN profiles:
1. On the LAN Setup screen for IPv4 (see Figure32 on page60), select the check box to the left of each VLAN profile that you want to enable, disable, or delete, or click the Select All table button to select all profiles. (You cannot select the default VLAN profile.) 2. Click one of the following table buttons:
• Enable. Enables the VLAN or VLANs. The ! status icon changes from a gray circle to a green circle, indicating that the selected VLAN or VLANs are enabled. (By default, when a VLAN is added to the table, it is automatically enabled.)
• Disable. Disables the VLAN or VLANs. The ! status icon changes from a green circle to a gray circle, indicating that the selected VLAN or VLANs are disabled.
• Delete. Deletes the VLAN or VLANs.