From the Configure menu, select Ports, Port Settings.
F I G U R E 4 3 Port Settings Configuration
The Configuration Settings tab (shown in Figure 43) allows you to enable and disable ports, set duplex and speed, and enable or disable PoE negotiation.
The Runtime Status tab shows what the port is actually doing. (In contrast to the setting of Auto in the Configuration tab, here you see that ports have actually negotiated Full Duplex/100 Mbps and PoE.) At the top of the table you can see the allocated PoE, expressed as Consumed and Remaining values. The display shows Unknown, Cisco, and IEEE under the Device column; these relate to the different PoE delivery types (IEEE being the current standard, and Cisco being the prestandard proprietary implementation. Unknown typically means the attached device does not need PoE).
Security
Under the Security menu, you will find submenus for NAT, V P N Server, Security Audit, and Firewall and D M Z . NAT
Network Address Translation serves three purposes: First, it hides internal addresses from the outside network (typically the Internet). Second, it can allow many internal addresses to access the Internet using a single, registered Internet IP.
F I G U R E 4 5 The NAT Page
These first two capabilities are enabled by default on the S B C S . Third, it can provide selective access to internal IPO addresses from the outside in a controlled manner; this is useful for reaching mail and F T P servers from the Internet, for example.
The NAT page allows you to configure these specific server targets, as well as firewall service configuration.
VPN Server
The V P N Server page lists and allows you to create the user accounts that can access the system via V P N (to a maximum of 10 concurrent sessions). You must define a preshared key, which is used in the authentication and encryption process.
Next, define the IP address range that will be assigned to remote clients connecting to the system. T h e option of enabling Split Tunneling allows clients to use their own Internet connection for any network other than the ones listed; this is commonly used if security is less of a concern.
Security Audit
The Security Audit link allows you to inspect and report on the security configuration of a particular device. You are presented with a list of security checks and an indication of whether the device has passed the check; from here, you can
select one or more checks and click OK to have the C C A fix the security problem automatically. Although it is conven-ient and simple, be aware that increasing the security settings of a device may block connectivity to some applications. If this is the case, the change can also be undone in this interface, until the best course of action to both resolve the security issue and allow the intended operation can be determined.
Firewall and DMZ
The Firewall and D M Z page allows you to configure the basic security level (High, Medium, or Low) of the firewall to apply a preconfigured set of typical restrictions, define which interfaces are trusted and untrusted, and also to define which interface is the D M Z (Demilitarized Z o n e — a term that describes a screened network where certain servers and resources are placed so that controlled access to them can be provided without risking the private network).
Routing
Although the SBCS does not typically run dynamic routing protocols (being designed for smaller installations where such power is not required or will be handled by other devices), you do have the ability to configure static routes to ensure the device can reach remote subnets not directly connected.
DHCP
Configuring a D H C P server allows the SNCS to allocate IP address, subnet mask, and default gateway values to hosts on the L A N . The interface allows you to create a scope of addresses for each V L A N . (A typical system will have one V L A N for the phones and at least one more for the data devices, such as PCs.) You can also configure static D H C P bindings (so that you can predict what IP a given M A C address will be assigned) and which addresses or range of addresses will be excluded from the D H C P scope. The SBCS D H C P server is suited to the task of a small network deployment and should not be used for larger environments.
Smartports
F I G U R E 4 6 Smartports
The Smartports feature allows for rapid configuration of common interface settings appropriate to different device types;
for example, selecting Switch or Router from the pull-down list associated with a port will activate the 802.1Q trunking protocol; selecting IP Phone + Desktop will configure multiple-VLAN functionality and QoS settings. The interface also allows you to view and set the Access (data) and Voice V L A N s per port. You can also view the port configuration for the entire device by clicking its image and then clicking Details.
Wireless
If the SBCS is equipped with or connected to a wireless device, by selecting Configure, W L A N s you can view and change settings for the SSIDs for data and voice (for use with wireless IP Phones such as the 7920 and 7921). Selecting an SSID allows you to view and configure the wireless settings for the SSID, including the following:
• B r o a d c a s t in B e a c o n : Select whether to make the SSID visible to wireless devices.
• V L A N : Change the V L A N to which the SSID belongs.
• S e c u r i t y S e t t i n g s : Change from the default of no security to a setting that m a y include authentication, encryption, or both, using WEP, LEAP, WPA, or WPA2, among others.