EN WLC
Дерево страниц

Сравнение версий

Старая версия 1

changes.mady.by.user Отдел Документации

Сохранено

по сравнению с

Новая версия 2

changes.mady.by.user Отдел Документации

Сохранено

Ключ

  • Эта строка добавлена.
  • Эта строка удалена.
  • Изменено форматирование.

...

  1. 'Untrusted' zone is meant for a public network (WAN) connection. In this zone, DHCP ports are open in order to obtain dynamic IP address from the provider. All incoming connections from this zone to the router are blocked.

    This security zone includes the following interfaces:

    • for WLC-15: GigabitEthernet 1/0/1, GigabitEthernet 1/0/6;
    • for WLC-30: GigabitEthernet 1/0/1, Tengigabitethernt 1/0/1-2;
    • for WLC-3200: TwentyfivegigabitEthernet 1/0/1-2;

    • for ESR-10/12V: GigabitEthernet 1/0/1;

    • for ESR-12VF/ESR-14VF: GigabitEthernet 1/0/1; GigabitEthernet 1/0/9;

    • for ESR-15: GigabitEthernet 1/0/1; GigabitEthernet 1/0/6;

    • for ESR-20: GigabitEthernet 1/0/1;

    • for ESR-21: GigabitEthernet 1/0/1;

    • for ESR-30: GigabitEthernet 1/0/1; GigabitEthernet 1/0/1-2;

    • for ESR-100/200: GigabitEthernet 1/0/1;

    • for ESR-1000/1500/3100: GigabitEthernet 1/0/1, TengigabitEthernet 1/0/1-2;

    • for ESR-1200/1700: GigabitEthernet 1/0/1, TengigabitEthernet 1/0/1, TengigabitEthernet 1/0/2;

    • for ESR-1511: GigabitEthernet 1/0/1, FortygigabitEthernet 1/0/1-2;
    • for ESR-3200: GigabitEthernet 1/0/1-2.

      Zone interfaces are grouped into a single L2 segment via Bridge 2 network bridge.
  2. 'Trusted' zone is meant for a local area network (LAN) connection. Telnet and SSH ports for remote access, ICMP ports for router availability test, DHCP ports for clients obtaining IP addresses from the router. Outgoing connections from this zone into the Untrusted zone are allowed.

    This security zone includes the following interfaces:

    • for WLC-15: GigabitEthernet 1/0/2-5;
    • for WLC-30: GigabitEthernet 1/0/2-4;
    • for WLC-3200: TwentyfivegigabitEthernet 1/0/3-12;

    • for ESR-10: GigabitEthernet 1/0/2-6;

    • for ESR-12V(F)/ESR-14VF: GigabitEthernet 1/0/2-8;

    • for ESR-15: GigabitEthernet 1/0/2-5;

    • for ESR-20: GigabitEthernet 1/0/2-4;

    • for ESR-21: GigabitEthernet 1/0/2-12;

    • for ESR-30: GigabitEthernet 1/0/3-4;

    • for ESR-100: GigabitEthernet 1/0/2-4;

    • for ESR-200: GigabitEthernet 1/0/2-8;

    • for ESR-1000: GigabitEthernet 1/0/2-24;

    • for ESR-1200: GigabitEthernet 1/0/2-16, TengigabitEthernet 1/0/3-8;

    • for ESR-1500: GigabitEthernet 1/0/2-8, TengigabitEthernet 1/0/3-4;

    • for ESR-1511: GigabitEthernet 1/0/2-8, TengigabitEthernet 1/0/1-4;

    • for ESR-1700: GigabitEthernet 1/0/2-4, TengigabitEthernet 1/0/3-12;

    • for ESR-3100: GigabitEthernet 1/0/2-8, TengigabitEthernet 1/0/3-8;

    • for ESR-3200: Twentyfivegigabitethernet 1/0/3-12.

      Zone interfaces are grouped into a single L2 segment via Bridge 2 network bridge.

...

Security zone policies have the following configuration:

Table 57 65 – Security zone policy description

...

Router connection and configuration

ESR series routers and WLC controllers are intended to perform border gateway functions and securing the user network when it is connected to public data networks.

...