Administration Guide
Page 4
Contents Configuring the LAN 43 About the Default LAN Settings 43 Configuring the LAN 44 Viewing the LAN Status 46 VLAN Configuration 46 DHCP Reserved IPs 52 DHCP Leased Clients 53 Configuring an IGMP Proxy 53 Configuring the Optional Port as a LAN Port 53 Configuring the ... 72 Traffic Selectors 73 LAN QoS 74 Enabling LAN QoS 74 Port CoS Mapping 75 Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
Contents Configuring the LAN 43 About the Default LAN Settings 43 Configuring the LAN 44 Viewing the LAN Status 46 VLAN Configuration 46 DHCP Reserved IPs 52 DHCP Leased Clients 53 Configuring an IGMP Proxy 53 Configuring the Optional Port as a LAN Port 53 Configuring the ... 72 Traffic Selectors 73 LAN QoS 74 Enabling LAN QoS 74 Port CoS Mapping 75 Port DSCP Mapping 75 DSCP Remarking 75 Dynamic DNS 76 Cisco SA500 Series Security Appliances Administration Guide 4
Administration Guide
Page 8
...License Management Chapter 9: Network Management RMON (Remote Management) CDP SNMP Configuring SNMP Configuring SNMP System Info UPnP Bonjour Configuring Bonjour Associating VLANs Chapter 10: Status Device Status Device Status Resource Utilization Interface Statistics Port Statistics Wireless Statistics for the SA520W VPN Status IPsec VPN... Status SSL VPN Status Quick VPN Status Active Users View Logs Cisco SA500 Series Security Appliances Administration Guide Contents 185 187 188 189 190 193 194 197 197 199 199 200 200 201 ...
...License Management Chapter 9: Network Management RMON (Remote Management) CDP SNMP Configuring SNMP Configuring SNMP System Info UPnP Bonjour Configuring Bonjour Associating VLANs Chapter 10: Status Device Status Device Status Resource Utilization Interface Statistics Port Statistics Wireless Statistics for the SA520W VPN Status IPsec VPN... Status SSL VPN Status Quick VPN Status Active Users View Logs Cisco SA500 Series Security Appliances Administration Guide Contents 185 187 188 189 190 193 194 197 197 199 199 200 200 201 ...
Administration Guide
Page 28
... page 26. 2. Configure a static IP route from the WAN port of the UC500 to an available LAN port of 192.168.75.x. Cisco SA500 Series Security Appliances Administration Guide 28 With the default configuration, the security appliance acts as needed. Because the security appliance will provide the ..., click the DHCP Reserved IPs link under WAN & LAN Connectivity on the UC500. If you want to assign a static IP address to the UC 500 data VLANs (192.168.10.x). For more information, see DHCP Reserved IPs, page 52. 4. For more information, see Static Routing, page 68. 5. IP ...
... page 26. 2. Configure a static IP route from the WAN port of the UC500 to an available LAN port of 192.168.75.x. Cisco SA500 Series Security Appliances Administration Guide 28 With the default configuration, the security appliance acts as needed. Because the security appliance will provide the ..., click the DHCP Reserved IPs link under WAN & LAN Connectivity on the UC500. If you want to assign a static IP address to the UC 500 data VLANs (192.168.10.x). For more information, see DHCP Reserved IPs, page 52. 4. For more information, see Static Routing, page 68. 5. IP ...
Administration Guide
Page 36
It includes the following sections: • Configuring the WAN Connection • Configuring the LAN • Configuring the Optional WAN • Configuring a DMZ • VLAN Configuration • Routing • Port Management • QoS Bandwidth Profiles • Dynamic DNS • Configuring IPv6 Addressing To access the Networking pages click Networking from the Configuration Utility menu bar. Cisco SA500 Series Security Appliances Administration Guide 36 2 Networking This chapter describes how to configure the Networking features for your router.
It includes the following sections: • Configuring the WAN Connection • Configuring the LAN • Configuring the Optional WAN • Configuring a DMZ • VLAN Configuration • Routing • Port Management • QoS Bandwidth Profiles • Dynamic DNS • Configuring IPv6 Addressing To access the Networking pages click Networking from the Configuration Utility menu bar. Cisco SA500 Series Security Appliances Administration Guide 36 2 Networking This chapter describes how to configure the Networking features for your router.
Administration Guide
Page 38
...: Check this option if your ISP has not assigned an IP address to enable a connection on a VLAN tagged WAN interlace. • VLAN ID: Specify the VLAN ID. Get Dynamically from ISP: Choose this box to you. - You can be passed on a specific day. Use Static IP Address: ...server. Choose Default to specify another size. Get Dynamically from your ISP. • DNS Server Source: DNS servers map Internet domain names (example: www.cisco.com) to you log in bytes, of the following information under Internet (IP) Address and Dynamic Name System (DNS) Servers: • IP Address...
...: Check this option if your ISP has not assigned an IP address to enable a connection on a VLAN tagged WAN interlace. • VLAN ID: Specify the VLAN ID. Get Dynamically from ISP: Choose this box to you. - You can be passed on a specific day. Use Static IP Address: ...server. Choose Default to specify another size. Get Dynamically from your ISP. • DNS Server Source: DNS servers map Internet domain names (example: www.cisco.com) to you log in bytes, of the following information under Internet (IP) Address and Dynamic Name System (DNS) Servers: • IP Address...
Administration Guide
Page 43
... default, the security appliance acts as a Dynamic Host Configuration Protocol (DHCP) server to change these and other devices on the LAN. Cisco SA500 Series Security Appliances Administration Guide 43 It can automatically assign IP addresses and DNS server addresses to the PCs and other settings. ...8226; About the Default LAN Settings • Configuring the LAN • Viewing the LAN Status • VLAN Configuration • DHCP Reserved IPs • DHCP Leased Clients • Configuring an IGMP Proxy • Configuring the Optional Port as a LAN...
... default, the security appliance acts as a Dynamic Host Configuration Protocol (DHCP) server to change these and other devices on the LAN. Cisco SA500 Series Security Appliances Administration Guide 43 It can automatically assign IP addresses and DNS server addresses to the PCs and other settings. ...8226; About the Default LAN Settings • Configuring the LAN • Viewing the LAN Status • VLAN Configuration • DHCP Reserved IPs • DHCP Leased Clients • Configuring an IGMP Proxy • Configuring the Optional Port as a LAN...
Administration Guide
Page 46
... Connectivity, page 221 in Appendix A, "Troubleshooting." Cisco SA500 Series Security Appliances Administration Guide 46 The LAN Status window opens. You can create new VLAN. The default configuration provides for the default VLANs, and you can change the settings for a data VLAN and a voice VLAN, which allow you enable inter VLAN routing. This page displays the following...
... Connectivity, page 221 in Appendix A, "Troubleshooting." Cisco SA500 Series Security Appliances Administration Guide 46 The LAN Status window opens. You can create new VLAN. The default configuration provides for the default VLANs, and you can change the settings for a data VLAN and a voice VLAN, which allow you enable inter VLAN routing. This page displays the following...
Administration Guide
Page 47
... IP Address: 10.1.1.254 - Subnet Mask: 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 47 Data, IP Address: See Product Tab - VLAN - Data, Subnet Mask: 255.255.255.0 - HTTP Remote Access: disable - IP Address Distribution: DHCP Server - VLAN - Lease Time in Minutes: 1440 (24hours) - Data, Start IP Address: 192.168.75...
... IP Address: 10.1.1.254 - Subnet Mask: 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 47 Data, IP Address: See Product Tab - VLAN - Data, Subnet Mask: 255.255.255.0 - HTTP Remote Access: disable - IP Address Distribution: DHCP Server - VLAN - Lease Time in Minutes: 1440 (24hours) - Data, Start IP Address: 192.168.75...
Administration Guide
Page 48
To disable VLAN support, uncheck the box. The default VLAN ID is enabled. Cisco SA500 Series Security Appliances Administration Guide 48 Networking Configuring the LAN 2 Enabling or Disabling VLAN Support By default, VLAN support is 1. STEP 1 Click Networking > VLAN > Available VLANs. To select all entries in the List of the heading row. After you can disable VLAN support. If...
To disable VLAN support, uncheck the box. The default VLAN ID is enabled. Cisco SA500 Series Security Appliances Administration Guide 48 Networking Configuring the LAN 2 Enabling or Disabling VLAN Support By default, VLAN support is 1. STEP 1 Click Networking > VLAN > Available VLANs. To select all entries in the List of the heading row. After you can disable VLAN support. If...
Administration Guide
Page 49
.... If you want to allow the SA500 to route traffic between this VLAN and other data is tagged. Data that also have interVLAN routing enabled. Cisco SA500 Series Security Appliances Administration Guide 49 Access mode is recommended if the port is connected to a single end-user device... which is used . • Inter VLAN Routing Enable: Check the box if you choose this option, also enter a VLAN ID for the...
.... If you want to allow the SA500 to route traffic between this VLAN and other data is tagged. Data that also have interVLAN routing enabled. Cisco SA500 Series Security Appliances Administration Guide 49 Access mode is recommended if the port is connected to a single end-user device... which is used . • Inter VLAN Routing Enable: Check the box if you choose this option, also enter a VLAN ID for the...
Administration Guide
Page 50
... packets coming into the port is not forwarded, except for each VLAN. All VLANs from the Networking > LAN > Available VLANs page appear in the List of the page, choose the DHCP mode: Cisco SA500 Series Security Appliances Administration Guide 50 Trunk: The port is ... If you chose Access or General mode, enter the Port VLAN ID to be used to a VLAN-aware switch or router. If you configure VLAN subnets, the security appliance routes traffic between VLANs. STEP 1 Click Networking > VLAN > Multiple VLAN Subnets. Networking Configuring the LAN 2 General mode is recommended if...
... packets coming into the port is not forwarded, except for each VLAN. All VLANs from the Networking > LAN > Available VLANs page appear in the List of the page, choose the DHCP mode: Cisco SA500 Series Security Appliances Administration Guide 50 Trunk: The port is ... If you chose Access or General mode, enter the Port VLAN ID to be used to a VLAN-aware switch or router. If you configure VLAN subnets, the security appliance routes traffic between VLANs. STEP 1 Click Networking > VLAN > Multiple VLAN Subnets. Networking Configuring the LAN 2 General mode is recommended if...
Administration Guide
Page 51
...the ISP. Networking Configuring the LAN 2 • None: Choose this option if you do not want to enable a DHCP server for this VLAN. • DHCP Server: Choose this option to allow the security appliance to communicate with the DNS servers of the ISP. When this feature .... • Lease Time: Enter the maximum connection time in hours that a dynamic IP address is automatically assigned a new dynamic IP address. Cisco SA500 Series Security Appliances Administration Guide 51 The default is assigned an IP address between this address and the Ending IP Address. • Ending IP...
...the ISP. Networking Configuring the LAN 2 • None: Choose this option if you do not want to enable a DHCP server for this VLAN. • DHCP Server: Choose this option to allow the security appliance to communicate with the DNS servers of the ISP. When this feature .... • Lease Time: Enter the maximum connection time in hours that a dynamic IP address is automatically assigned a new dynamic IP address. Cisco SA500 Series Security Appliances Administration Guide 51 The default is assigned an IP address between this address and the Ending IP Address. • Ending IP...
Administration Guide
Page 74
...Traffic Selector Match Type: Choose the method for implementing Quality of the page. Then enter the IP Address, MAC Address, Port Name, or VLAN, based on your requirements. Enabling LAN QoS STEP 1 Click Networking > QoS > LAN QoS. Uncheck the box to higher-priority traffic, such ...as telephone calls. Cisco SA500 Series Security Appliances Administration Guide 74 STEP 3 Enter the following information: • Available Profiles: Select the bandwidth profile which will apply....
...Traffic Selector Match Type: Choose the method for implementing Quality of the page. Then enter the IP Address, MAC Address, Port Name, or VLAN, based on your requirements. Enabling LAN QoS STEP 1 Click Networking > QoS > LAN QoS. Uncheck the box to higher-priority traffic, such ...as telephone calls. Cisco SA500 Series Security Appliances Administration Guide 74 STEP 3 Enter the following information: • Available Profiles: Select the bandwidth profile which will apply....
Administration Guide
Page 143
...• Allow user to change password?: If you chose Cisco QuickVPN for the Remote Peer Type, you can be part of the LAN or VLAN IP addresses. • Subnet Mask: Enter the subnet mask for the local subnet. Cisco SA500 Series Security Appliances Administration Guide 143 This option should ... IPsec standard that you entered in native IPsec to save your settings. QuickVPN is a propriety Cisco/Linksys client which the remote user will have access. STEP 4 Click Apply to provide user credentials. Cisco QuickVPN X-Auth is specific only to the list of IPsec VPN, page 144. • ...
...• Allow user to change password?: If you chose Cisco QuickVPN for the Remote Peer Type, you can be part of the LAN or VLAN IP addresses. • Subnet Mask: Enter the subnet mask for the local subnet. Cisco SA500 Series Security Appliances Administration Guide 143 This option should ... IPsec standard that you entered in native IPsec to save your settings. QuickVPN is a propriety Cisco/Linksys client which the remote user will have access. STEP 4 Click Apply to provide user credentials. Cisco QuickVPN X-Auth is specific only to the list of IPsec VPN, page 144. • ...
Administration Guide
Page 202
...the menu bar, and then click Bonjour > Bonjour Configuration. You can either enable Bonjour or disable it. By default, LAN/Default-VLAN is enabled. Uncheck the Block Multicast Packets box and then click Apply to save your savings. The Bonjour Configuration window opens. STEP 3... Click Apply to bind with. Cisco SA500 Series Security Appliances Administration Guide 202 STEP 2 Click Network Management on the router when Bonjour is the broadcasting domain. STEP 1 Click ...
...the menu bar, and then click Bonjour > Bonjour Configuration. You can either enable Bonjour or disable it. By default, LAN/Default-VLAN is enabled. Uncheck the Block Multicast Packets box and then click Apply to save your savings. The Bonjour Configuration window opens. STEP 3... Click Apply to bind with. Cisco SA500 Series Security Appliances Administration Guide 202 STEP 2 Click Network Management on the router when Bonjour is the broadcasting domain. STEP 1 Click ...
Administration Guide
Page 203
Cisco SA500 Series Security Appliances Administration Guide 203 Network Management Bonjour 9 To dissociate the VLAN from the service, check the box next the appropriate VLAN and click Delete. .
Cisco SA500 Series Security Appliances Administration Guide 203 Network Management Bonjour 9 To dissociate the VLAN from the service, check the box next the appropriate VLAN and click Delete. .
Administration Guide
Page 231
..., Lease Time in Minutes HTTP Remote Access Setting Voice VLAN 100 10.1.1.1 DHCP Server 10.1.1.50 10.1.1.254 255.255.255.0 1440 disable disable Data VLAN 1 See Product Tab DHCP Server 192.168.x.50 192.168.x.254 255.255.255.0 1440 enable Cisco SA500 Series Security Appliances Administration Guide D 231 Data, Lease Time...
..., Lease Time in Minutes HTTP Remote Access Setting Voice VLAN 100 10.1.1.1 DHCP Server 10.1.1.50 10.1.1.254 255.255.255.0 1440 disable disable Data VLAN 1 See Product Tab DHCP Server 192.168.x.50 192.168.x.254 255.255.255.0 1440 enable Cisco SA500 Series Security Appliances Administration Guide D 231 Data, Lease Time...
Administration Guide
Page 232
...disable disable disable DHCP client 1500 disable disable disable disable enable / disable on DMS VLAN disable IPv4 Only Automatic enable 192.168.10.0 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 232 Signaling Authentication - Outgoing Traffic Bandwidth Limit Allow... ICMP echo replies (good for validating connectivity) HTTPS Remote Access Routing (RIP1/2) Inter-VLAN routing Static Routing IPv4 and IPv6 IPSec ...
...disable disable disable DHCP client 1500 disable disable disable disable enable / disable on DMS VLAN disable IPv4 Only Automatic enable 192.168.10.0 255.255.255.0 Cisco SA500 Series Security Appliances Administration Guide 232 Signaling Authentication - Outgoing Traffic Bandwidth Limit Allow... ICMP echo replies (good for validating connectivity) HTTPS Remote Access Routing (RIP1/2) Inter-VLAN routing Static Routing IPv4 and IPv6 IPSec ...
Administration Guide
Page 234
Signaling Authentication - Phase 2 - Data, VLAN Number 1 (untagged packets) VLAN - Data, Name (optional) Data VLAN Cisco SA500 Series Security Appliances Administration Guide D 234 Data, IP Address Assignment (Management) DHCP Client VLAN - Factory Default Settings Wireless Settings Feature IPSec - Voice, Name (optional) Voice VLAN SSID Name cisco-voice SSID Broadcast disable Wireless Isolation (within SSID): disable 802.1q Priority 5 802...
Signaling Authentication - Phase 2 - Data, VLAN Number 1 (untagged packets) VLAN - Data, Name (optional) Data VLAN Cisco SA500 Series Security Appliances Administration Guide D 234 Data, IP Address Assignment (Management) DHCP Client VLAN - Factory Default Settings Wireless Settings Feature IPSec - Voice, Name (optional) Voice VLAN SSID Name cisco-voice SSID Broadcast disable Wireless Isolation (within SSID): disable 802.1q Priority 5 802...
Administration Guide
Page 237
unlimited) in KB/s Disconnect Idle Sessions 5 minutes Cisco SA500 Series Security Appliances Administration Guide 237 Data, Subnet Mask (Failover when no DHCP Server Available) VLAN - Data, IP Address (Failover See Product Tab when no DHCP Server Available) 255.255.255.0...Drive Spin Down (1-8 hours, 8 hours 1 day) Public access to share Read-only Idle Disconnect Timeout 5 minutes Banner Welcome to the Cisco Small Business FTP Server Allow Anonymous Access disable Allow Anonymous File Upload disable Allow Anonymous File Download enable Maximum Anonymous Transfer 0 Rate (0 ...
unlimited) in KB/s Disconnect Idle Sessions 5 minutes Cisco SA500 Series Security Appliances Administration Guide 237 Data, Subnet Mask (Failover when no DHCP Server Available) VLAN - Data, IP Address (Failover See Product Tab when no DHCP Server Available) 255.255.255.0...Drive Spin Down (1-8 hours, 8 hours 1 day) Public access to share Read-only Idle Disconnect Timeout 5 minutes Banner Welcome to the Cisco Small Business FTP Server Allow Anonymous Access disable Allow Anonymous File Upload disable Allow Anonymous File Download enable Maximum Anonymous Transfer 0 Rate (0 ...