Interfaces: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
 
(15 intermediate revisions by 5 users not shown)
Line 12: Line 12:
{{TriScreenshot|config|network|interfaces}}
{{TriScreenshot|config|network|interfaces}}


The are several columns along the top of the grid that show the current interface status and configuration. Some are hidden by default and can be shown by using the dropdown at the top of the column.
The are several columns along the top of the grid that show the current interface status and configuration. Some are hidden by default.


'''Columns'''
'''Columns'''
Line 34: Line 34:
| Device
| Device
| This shows the current network device (physical NIC card or wireless card) mapped to this interface.
| This shows the current network device (physical NIC card or wireless card) mapped to this interface.
|-
| Physical Device
| Hidden by default, this shows the current "Physical Device" for this interface.
|-
| System Device
| Hidden by default, this shows the current "System Device" for this interface.
|-
| Symbolic Device
| Hidden by default, this shows the current "Symbolic Device" for this interface.


|-
|-
Line 60: Line 48:


|-
|-
| Delete
| Edit
| This column shows an delete button on VLAN Tagged Interfaces to delete the interface. Physical interfaces can not be deleted, unless their their physical devices have been removed from the system.
| This column shows an edit button to edit the configuration of this interface.


|-
|-
| Edit
| Delete
| This column shows an edit button to edit the configuration of this interface.
| This column shows an delete button on VLAN Tagged Interfaces to delete the interface. Physical interfaces cannot be deleted, unless their their physical devices have been removed from the system.


|}
|}


There are also several options along the bottom.
There are also several additional options on this page:


* Remap Interfaces
* Remap Interfaces
** This utility can be used to change the mapping between physical devices and the corresponding interface configurations. This is useful if you want to use certain physical devices for certain purpose. For example, the gigabit cards for internal and external networks and the 100Mbit card for wireless because its only wireless.
** This utility can be used to change the mapping between physical devices and the corresponding interface configurations. This is useful if you want to use certain physical devices for certain purposes.
* Refresh Device Status
* Refresh Device Status
** This refreshes the "Connected" column in the interfaces grid. To verify your interface mapping plug/unplug one network card at a time and hit ''Refresh Device Status'' to verify that the expected interface changes the Connected status.
** This refreshes the "Connected" column in the interfaces grid. To verify your interface mapping plug/unplug one network card at a time and hit ''Refresh Device Status'' to verify that the expected interface changes the Connected status.
* Add VLAN Tagged Interface
* Add VLAN Tagged Interface
** This allows for additional of 802.1q VLAN tagged interfaces. For more information read [[Network Configuration#VLANs]].
** This allows for additional of 802.1q VLAN tagged interfaces. For more information read [[Network Configuration#VLANs]].
* Test Connectivity
** This button launches the connectivity test to verify the server is online.
* Ping Test
** This button launches the ping test for troubleshooting configuration.


== Interface Configuration ==
== Interface Configuration ==
Line 137: Line 120:
| SSID
| SSID
| The broadcasted [https://en.wikipedia.org/wiki/Service_set_(802.11_network) Service Set Identifier (SSID)] for the wireless network.  
| The broadcasted [https://en.wikipedia.org/wiki/Service_set_(802.11_network) Service Set Identifier (SSID)] for the wireless network.  
|-
| Mode
| '''AP''' (Access Point) or '''Client'''.
|-
| Visibility
| Select whether to advertise or hide the SSID.


|-  
|-  
Line 145: Line 136:
| Password
| Password
| When encryption is enabled, a password will be required to access the network.  
| When encryption is enabled, a password will be required to access the network.  
|-
| Regulatory Country
| Choose the country in which this NG Firewall is based. This is required to comply with regulations around Wi-Fi bands & frequencies.


|-
|-
| Channel
| Channel
| Choose from the available channels available and 2.4GHz or 5GHz frequencies. The options available here are dependent on your wireless card. It is recommended to choose Automatic (2.4GHz or 5GHz) to automatically select the best channel.
| Choose from the available channels available and 2.4GHz or 5GHz frequencies. The options available here are dependent on your wireless card. '''WARNING:''' Many chips/drivers do not correctly implement "Automatic" (ACS or Automatic Channel Survey) so it may not work depending on your card. '''NOTICE:''' Automatic channel selection has been removed from modern builds due to lack of support and usability issues.


|}
|}
Line 161: Line 156:
|-  
|-  
| style="width: 20%;" | Config Type
| style="width: 20%;" | Config Type
| This is the IPv4 configuration type. ''Static'' means this interface has a static IPv4 address. ''Auto (DHCP)'' means this interface will use DHCP to automatically acquired an address. ''PPPoE'' means this interface will use PPPoE to acquire an address. This option is only available for WAN interfaces because non-WANs can only be statically configured.
| This is the IPv4 configuration type. ''Static'' means this interface has a static IPv4 address. ''Auto (DHCP)'' means this interface will use DHCP to automatically acquire an address. ''PPPoE'' means this interface will use PPPoE to acquire an address. This option is only available for WAN interfaces because non-WANs can only be statically configured.


|-
|-
Line 181: Line 176:
|-
|-
| Secondary DNS
| Secondary DNS
| This is the primary DNS used for DNS resolution. It is only shown if Config Type is ''Static''
| This is the secondary DNS used for DNS resolution. It is only shown if Config Type is ''Static''


|-
|-
Line 266: Line 261:
|-
|-
| Secondary DNS
| Secondary DNS
| This is the primary DNS used for DNS resolution. It is only shown if Config Type is ''Static''
| This is the secondary DNS used for DNS resolution. It is only shown if Config Type is ''Static''
|-
|-


Line 280: Line 275:




'''DHCP Configuration''' - This configures the DHCP serving options on this interfaces. DHCP Serving is only available on ''Addressed'' non-WAN interfaces.
'''DHCP Configuration''' (server) - This configures the DHCP serving options on this interface. DHCP Serving is only available on ''Addressed'' non-WAN interfaces.


{| border="1" cellpadding="2"
{| border="1" cellpadding="2"
Line 287: Line 282:


|-
|-
| style="width: 20%;" | Enable DHCP Serving
| style="width: 20%;" | Server
| If checked, DHCP will be served to this interface so that machines can automatically acquire addresses.
| If selected, DHCP will be served to this interface so that machines can automatically acquire addresses.


|-
|-
| Range Start
| Range Start
| The start of the DHCP range. If blank and DHCP Serving is enabled a start range will
| The start of the DHCP range.
automatically be chosen.


|-
|-
| Range end
| Range end
| The end of the DHCP range. If blank and DHCP Serving is enabled a start range will automatically be chosen.
| The end of the DHCP range.


|-
|-
Line 305: Line 299:
|-
|-
| Gateway Override
| Gateway Override
| If set, this value will be provided as the gateway in the DHCP leases. If unset, the static IPv4 address of this interface will be provided as the gateway.
| If set, this value will be provided as the gateway in the DHCP leases. Otherwise the static IPv4 address of this interface will be provided as the gateway.


|-
|-
| Netmask Override
| Netmask Override
| If set, this value will be provided as the netmask in the DHCP leases. If unset, the static IPv4 netmask of this interface will be provided as the netmask.
| If set, this value will be provided as the netmask in the DHCP leases. Otherwise the static IPv4 netmask of this interface will be provided as the netmask.


|-
|-
| DNS Override
| DNS Override
| If set, this value will be provided as the DNS in the DHCP leases. If unset, the static IPv4 address of this interface will be provided as the DNS. A single IPv4 address or a comma-separated list of IPv4 addresses is accepted.
| If set, this value will be provided as the DNS in the DHCP leases. Otherwise the static IPv4 address of this interface will be provided as the DNS. A single IPv4 address or a comma-separated list of IPv4 addresses is accepted.


|-  
|-  
| DHCP Options
| DHCP Options
| This is a list of DHCP options for dnsmasq. '''WARNING:''' this option is for advanced users. The specified [http://www.networksorcery.com/enp/protocol/bootp/options.htm DHCP options] will be used on this interface. For example, to specify an NTP server use enabled = true, description = "time server", and value = "42,192.168.1.2". For multiple DNS override servers specify enabled = true, description = "DNS", and value = "6,192.168.1.1,192.168.1.2". The value must be specified in a valid dnsmasq format as described in the [http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html dnsmasq documentation]
| This is a list of DHCP options for dnsmasq. '''WARNING:''' this option is for advanced users. The specified [http://www.networksorcery.com/enp/protocol/bootp/options.htm DHCP options] will be used on this interface. For example, to specify an NTP server use enabled = true, description = "time server", and value = "42,192.168.1.2". For multiple DNS override servers specify enabled = true, description = "DNS", and value = "6,192.168.1.1,192.168.1.2". The value must be specified in a valid dnsmasq format as described in the [http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html dnsmasq documentation]
|}
'''DHCP Configuration''' (relay) - This configures DHCP relay on this interface.
{| border="1" cellpadding="2"
|+
! Option !! Description
|-
| style="width: 20%;" | Relay
| If selected, DHCP requests received on this interface will be forwarded to a specified DHCP server.
|-
| Relay Host Address
| The IP address of the relay host server.


|}
|}
Line 338: Line 349:
|-
|-
| VRRP Priority
| VRRP Priority
| The VRRP Priority of this server. Higher value is a higher priority. (1-25%)
| The VRRP Priority of this server. Higher value is a higher priority. (1-255)


|-
|-
Line 345: Line 356:


|}
|}


== Interface Status ==
== Interface Status ==


The ''status'' button on the interface brings up a window showing some of the statistics about the interface. This includes statistics, the ARP table, and the connected clients if its a wireless interface.
The ''status'' button on the interface brings up a window showing some of the statistics about the interface. This includes statistics, the ARP table, and the connected clients if its a wireless interface.

Latest revision as of 21:24, 20 April 2023

Interfaces

The Interfaces page configures the network interfaces or the server.

Interfaces Grid

The Interfaces tab shows the current interfaces and the current status and some configuration information.

The are several columns along the top of the grid that show the current interface status and configuration. Some are hidden by default.

Columns

Column Description
Id The Id is a unique integer primary key of the interface. All configuration of interfaces will refer to Id.
Name This is a name/description of the interface. It is recommended to choose names representative of their purpose.
Connected This shows the current "connected" state of the device currently mapped to this interface. This may not display correctly for all network interface cards.
Device This shows the current network device (physical NIC card or wireless card) mapped to this interface.
Config This shows the current type of configuration for this interface. ADDRESSED, BRIDGED, or DISABLED.
Current Address This shows the current address if there is one of the interface.
is WAN This shows true if the interface is configured as a WAN, false otherwise.
Edit This column shows an edit button to edit the configuration of this interface.
Delete This column shows an delete button on VLAN Tagged Interfaces to delete the interface. Physical interfaces cannot be deleted, unless their their physical devices have been removed from the system.

There are also several additional options on this page:

  • Remap Interfaces
    • This utility can be used to change the mapping between physical devices and the corresponding interface configurations. This is useful if you want to use certain physical devices for certain purposes.
  • Refresh Device Status
    • This refreshes the "Connected" column in the interfaces grid. To verify your interface mapping plug/unplug one network card at a time and hit Refresh Device Status to verify that the expected interface changes the Connected status.
  • Add VLAN Tagged Interface

Interface Configuration

Clicking the edit button on an interface will open the interface configuration settings for that interface.

An interface can be configured in many ways. Some settings and configuration options are only relevant and/or available in certain configurations. As such, based on an interface's configuration certain options may appear and disappear. For example, when checking 'is WAN' the options available to WAN interfaces will appear. After unchecking 'is WAN' the WAN options will disappear and the options for non-WAN interfaces will appear. Because of this it is suggested to configure your interface from the top of the page downward.

The table below shows the various configuration options and their meanings.


Interface Options

Option Description
Interface Name This is a name/description of the interface. It is recommended to choose names representative of their purpose.
is VLAN (802.1q) Interface This is true if this a tagged VLAN interface. Otherwise this is not shown
Parent Interface This is the parent interface for this tagged VLAN interface. This is only shown for VLAN interfaces.
802.1q Tag This is the VLAN tag for this interface. This is only shown for VLAN interfaces.
Is Wireless Interface This is available if the interface is detected as a wireless (wlan) interface. Otherwise this is not shown.
Config Type This is the basic configuration type of this interfaces. Addressed means this interface has its own address and configuration. Bridged means this interface is bridged to another interface. Disabled means this interface is entirely disabled.
is WAN Interface This should be checked if this is a WAN (Wide Area Network) interface. This means it is connected to your ISP or an internet connection. This should be unchecked if this interface is connected to a private/local network.


Wireless Configuration - This section configures the wireless settings for wireless interfaces. This is only shown for wireless interfaces.

Option Description
SSID The broadcasted Service Set Identifier (SSID) for the wireless network.
Mode AP (Access Point) or Client.
Visibility Select whether to advertise or hide the SSID.
Encryption Encryption method used for the wireless signal. WPA2 is recommended.
Password When encryption is enabled, a password will be required to access the network.
Regulatory Country Choose the country in which this NG Firewall is based. This is required to comply with regulations around Wi-Fi bands & frequencies.
Channel Choose from the available channels available and 2.4GHz or 5GHz frequencies. The options available here are dependent on your wireless card. WARNING: Many chips/drivers do not correctly implement "Automatic" (ACS or Automatic Channel Survey) so it may not work depending on your card. NOTICE: Automatic channel selection has been removed from modern builds due to lack of support and usability issues.


IPv4 Options - This section configures the IPv4 (Internet Protocol v4) settings of this interface.

Option Description
Config Type This is the IPv4 configuration type. Static means this interface has a static IPv4 address. Auto (DHCP) means this interface will use DHCP to automatically acquire an address. PPPoE means this interface will use PPPoE to acquire an address. This option is only available for WAN interfaces because non-WANs can only be statically configured.
Address This is the IPv4 static address. It is only shown if Config Type is Static
Netmask This is the IPv4 static netmask. It is only shown if Config Type is Static
Gateway This is the IPv4 static gateway. It is only shown if Config Type is Static
Primary DNS This is the primary DNS used for DNS resolution. It is only shown if Config Type is Static
Secondary DNS This is the secondary DNS used for DNS resolution. It is only shown if Config Type is Static
Address Override If set, this address will be used instead of the one in the offered DHCP lease. It is only shown if Config Type is Auto (DHCP)
Netmask Override If set, this netmask will be used instead of the one in the offered DHCP lease. It is only shown if Config Type is Auto (DHCP)
Gateway Override If set, this gateway will be used instead of the one in the offered DHCP lease. It is only shown if Config Type is Auto (DHCP)
Primary DNS Override If set, this will be used instead of the one in the offered DHCP lease. It is only shown if Config Type is Auto (DHCP)
Secondary DNS Override If set, this will be used instead of the one in the offered DHCP lease. It is only shown if Config Type is Auto (DHCP)
Username This is the PPPoE username. It is only shown in Config Type PPPoE
Password This is the PPPoE password. It is only shown in Config Type PPPoE
Use Peer DNS If checked the server will use the DNS provided by the PPPoE server for DNS resolution. It is only shown in Config Type PPPoE
Primary DNS The primary DNS to be used for DNS resolution. It is only shown in Config Type PPPoE and Use Peer DNS is unchecked.
Secondary DNS The secondary DNS to be used for DNS resolution. It is only shown in Config Type PPPoE and Use Peer DNS is unchecked.
IPv4 Aliases This is a list of alias addresses. This is an additional list of addresses that this interface will have along with their associated netmasks.
IPv4 Options - NAT traffic exiting this interface (and bridged peers) This option is only available on WAN Interfaces and defaults to checked. If checked all traffic exiting this interface and interfaces bridged to it will be NATd, and all incoming sessions from this interface will be blocked unless they are forwarded via a port forward or destined to the local server.
IPv4 Options - NAT traffic coming from this interface (and bridged peers) This option is only available on non-WAN Interfaces and defaults to unchecked. If checked all traffic coming from this interface and interfaces bridged to it will be NATd, and all incoming sessions to this interface will be blocked unless they are forwarded via a port forward.


IPv6 Options - This section configures the IPv6 (Internet Protocol v6) settings of this interface.

Option Description
Config Type This is the IPv6 configuration type. Disabled means the interface has no IPv6 configuration. Static means this interface has a static IPv6 address. Auto (SLAAC/RA) means this interface will use SLAAC to automatically acquired an address. This option is only available for WAN interfaces because non-WANs can only be statically configured.
Address This is the IPv6 static address. Blank is allowed and means no IPv6 address will be given. It is only shown if Config Type is Static
Prefix This is the IPv6 static prefix. It is only shown if Config Type is Static
Gateway This is the IPv6 static gateway. It is only shown if Config Type is Static
Primary DNS This is the primary DNS used for DNS resolution. It is only shown if Config Type is Static
Secondary DNS This is the secondary DNS used for DNS resolution. It is only shown if Config Type is Static
IPv6 Aliases This is a list of alias addressed. This is an additional list of addresses that this interface will have along with their associated netmasks. This is only available on non-WAN interfaces.
IPv6 Options - Send Router Advertisements If checked route advertisements are sent on this interface. This is only available on non-WAN interfaces.


DHCP Configuration (server) - This configures the DHCP serving options on this interface. DHCP Serving is only available on Addressed non-WAN interfaces.

Option Description
Server If selected, DHCP will be served to this interface so that machines can automatically acquire addresses.
Range Start The start of the DHCP range.
Range end The end of the DHCP range.
Lease duration The duration of the provided DHCP leases in seconds.
Gateway Override If set, this value will be provided as the gateway in the DHCP leases. Otherwise the static IPv4 address of this interface will be provided as the gateway.
Netmask Override If set, this value will be provided as the netmask in the DHCP leases. Otherwise the static IPv4 netmask of this interface will be provided as the netmask.
DNS Override If set, this value will be provided as the DNS in the DHCP leases. Otherwise the static IPv4 address of this interface will be provided as the DNS. A single IPv4 address or a comma-separated list of IPv4 addresses is accepted.
DHCP Options This is a list of DHCP options for dnsmasq. WARNING: this option is for advanced users. The specified DHCP options will be used on this interface. For example, to specify an NTP server use enabled = true, description = "time server", and value = "42,192.168.1.2". For multiple DNS override servers specify enabled = true, description = "DNS", and value = "6,192.168.1.1,192.168.1.2". The value must be specified in a valid dnsmasq format as described in the dnsmasq documentation


DHCP Configuration (relay) - This configures DHCP relay on this interface.

Option Description
Relay If selected, DHCP requests received on this interface will be forwarded to a specified DHCP server.
Relay Host Address The IP address of the relay host server.


Redundancy (VRRP) Configuration - This configures the VRRP redundancy options for this interface. VRRP is only available on statically assigned interfaces. VRRP documentation is here.

Option Description
Enable VRRP If checked, VRRP is enabled on this interface.
VRRP ID The VRRP (group) ID of this server. Must match the VRRP ID of peers, but must be unique on the server.
VRRP Priority The VRRP Priority of this server. Higher value is a higher priority. (1-255)
VRRP Aliases The list of VRRP Virtual Addresses. This list should be the same on all VRRP peers.

Interface Status

The status button on the interface brings up a window showing some of the statistics about the interface. This includes statistics, the ARP table, and the connected clients if its a wireless interface.