Ethernet Interfaces - D-Link NetDefend DFL-210 User Manual

3.3.2. Ethernet Interfaces

Even though the various types of interfaces are very different in the way they are implemented and
how they work, NetDefendOS treats all interfaces as logical IP interfaces. This means that all types
of interfaces can be used almost interchangeably in the various subsystems and policies. The result
of this is a very high flexibility in how traffic can be controlled and routed in the system.
Each interface in NetDefendOS is given a unique name to be able to select it into other subsystems.
Some of the interface types provide relevant default names that are possible to modify should that be
needed, while other interface types require a user-provided name.
The any and core interfaces
In addition, NetDefendOS provides two special logical interfaces which are named any and core.
The meaning of these are:
• any represents all possible interfaces including the core interface.
• core indicates that it is NetDefendOS itself that will deal with traffic to and from this interface.
Examples of the use of core are when the D-Link Firewall acts as a PPTP or L2TP server or
responds to ICMP "Ping" requests. By specifying the Destination Interface of a route as core,
NetDefendOS will then know that it is itself that is the ultimate destination of the traffic.
Disabling an Interface
Should it be desirable to disable an interface so that no traffic can flow through it, this can be done
with the CLI using the command:
gw-world:/> set Interface Ethernet <interface-name> -disable
Where <interface-name> is the interface to be disabled. To re-enable an interface, the command is:
gw-world:/> set Interface Ethernet <interface-name> -enable
3.3.2. Ethernet Interfaces
The IEEE 802.3 Ethernet standard allows various devices to be attached at arbitrary points or
"ports" to a physical transport mechanism such as a coaxial cable. Using the CSMA/CD protocol,
each Ethernet connected device "listens" to the network and sends data to another connected device
when no other is sending. If 2 devices broadcast simultaneously, algorithms allow them to re-send at
different times. Devices broadcast data as frames and the other devices "listen" to determine if they
are the intended destination for any of these frames.
A frame is a sequence of bits which specify the originating device plus the destination device, the
data payload along with error checking bits. A pause between the broadcasting of individual frames
allows devices time to process each frame before the next arrives and this pause becomes
•
Warning
If an interface definition is removed from a NetDefendOS configuration, it is important
to first remove or change any references to that interface. For example, rules in the IP
rule set that refer to that interface should be removed or changed.
found in Section 9.5, "PPTP/L2TP".
GRE interfaces are used to establish GRE tunnels. More
information about this topic can be found in Section 3.3.5,
"GRE Tunnels".
81
Chapter 3. Fundamentals