Ethernet - D-Link NetDefend DFL-210 User Manual

3.3.2. Ethernet

Even though the various types of interfaces are very different in the way they are implemented and
how they work, NetDefendOS treats all interfaces as logical IP interfaces. This means that all types
of interfaces can be used almost interchangeably in the various subystems and policies. The result of
this is a very high flexibility in how traffic can be controlled and routed in the system.
Each interface in NetDefendOS is given a unique name to be able to select it into other subsystems.
Some of the interface types provide relevant default names that are possible to modify should that be
needed, while other interface types require a user-provided name.
The any and core interfaces
In addition, NetDefendOS provides two special logical interfaces named core and any:
• any represents all possible interfaces including the core interface
• core indicates that it is NetDefendOS itself that will deal with the traffic. Examples of the use of
core would be when the D-Link Firewall acts as a PPTP or L2TP server or is to respond to
ICMP "Ping" requests. By specifying the Destination Interface of a route as core, NetDefen-
dOS will then know that it is itself that is the ultimate destination of the traffic.
3.3.2. Ethernet
The IEEE 802.3 Ethernet standard allows various devices to be attached at arbitrary points or 'ports'
to a physical transport mechanism such as a coaxial cable. Using the CSMA/CD protocol, each Eth-
ernet connected device 'listens' to the network and sends data to another connected device when no
other is sending. If 2 devices broadcast simultaneously, algorithms allow them to re-send at different
times. Devices broadcast data as frames and the other devices 'listen' to determine if they are the in-
tended destination for any of these frames.
A frame is a sequence of bits which specify the originating device plus the destination device, the
data payload along with error checking bits. A pause between the broadcasting of individual frames
allows devices time to process each frame before the next arrives and this pause becomes progress-
ively smaller as the transmission rates get faster from normal to Fast and then Gigabit Ethernet.
Each Ethernet interface in a D-Link Firewall corresponds to a physical Ethernet port in the system.
The number of ports, their link speed and the way the ports are realized, is dependent on the hard-
ware model.
3.3.2.1. Ethernet Interface Basics
Ethernet Interface Names
The names of the Ethernet interfaces are pre-defined by the system, and are mapped to the names of
the physical ports; a system with a wan port will have an Ethernet inteface named wan and so forth.
The names of the Ethernet interfaces can be changed to better reflect their usage. For instance, if an
interface named dmz is connected to a wireless LAN, it might be convenient to change the interface
name to radio. For maintenance and troubleshooting, it is recommended to tag the corresponding
physical port with the new name.
Note
Some systems use an integrated layer 2 switch for providing additional physical Ether-
net ports. Such additional ports are seen as a single interface by NetDefendOS.
L2TP tunnels. For more information about PPTP/L2TP,
please see Section 9.4, "PPTP/L2TP".
41
Chapter 3. Fundamentals