Viewing Article
| Nov 25 2014, 2:46 PM |
Vodafone ‘Sure Signal’ devices cannot often reliably connect in networks where there is no firewall positioned LAN-side of the Sharedband routers. A firewall featuring DHCP IP address reservation/leasing is a requirement and this guide will give an example of how best to deploy it.
The firewall should be configured using general guidance provided at http://support.sharedband.com/kb/kb20 but making sure to follow step 5 of that article.
Ongoing advice below will assume that:
a) Sharedband has been set up in the 192.168.3.x subnet, with a .250 VRRP.
b) Your local network has been set up in the 192.168.1.x subnet.
c) The only source of DHCP leasing to your network hosts must be the firewall
d) Line MTUs are 1492 (for more information please see http://support.sharedband.com/kb/kb8)
When setting up your firewall, these are example settings that you could base yours on:
1) Set the WAN port of the firewall with the below settings:
i) IP: 192.168.3.50
ii) Subnet: 255.255.255.0
iii) Gateway: 192.168.3.250
iv) Primary DNS: 192.168.3.250
v) WAN MTU: 1460
vi) STP (if necessary): Disable
2) Set the LAN side as follows:
i) Local IP address: 192.168.1.1
ii) Subnet: 255.255.255.0
iii) Gateway: 192.168.1.1
iv) Local DNS: 0.0.0.0
v) DHCP: Enabled
vi) Starting DHCP address: 192.168.1.11 (This can be any unused IP address in the 192.168.1.x range)
vii) Ending DHCP address or Maximum DHCP users: As required
Once your firewall is facilitating general internet traffic, there is a further layer of settings on the firewall that need to be applied in order to accomodate the Vodafone Sure Signal device as described below:
3) Under the static reservation/leasing section in your firewall, assign the following MAC/IP/Description:
i) MAC Address: The MAC address as labelled on the Sure Signal Device (for example: 1A:2B:3C:4D:5E:6F)
ii) IP Address: 192.168.1.11
iii) Hostname: Vodafone
4) Under 'Port Forwarding' configuration of the firewall, map the below TCP/UDP ports. Again, the below assumes that we are using 192.168.1.11 as our static lease for the Sure Signal device.
|
Port Application |
Port Number/Range |
TCP/UDP/Both |
IP Address |
|
Unassigned |
8 |
Both |
192.168.1.11 |
|
Remote Mail |
50 |
Both |
192.168.1.11 |
|
DNS |
53 |
Both |
192.168.1.11 |
|
DHCP RX |
67 |
UDP |
192.168.1.11 |
|
DHCP TX |
68 |
UDP |
192.168.1.11 |
|
NTP |
123 |
UDP |
192.168.1.11 |
|
ISAKMP |
500 |
UDP |
192.168.1.11 |
|
PPTP |
1723 |
Both |
192.168.1.11 |
|
IPSec NAT |
4500 |
UDP |
192.168.1.11 |
|
UDP TraceRT |
33434 - 33445 |
UDP |
192.168.1.11 |
5) Once port mappings have been configured, you will need to connect the firewall to Sharedband and your LAN. Do not connect the Sure Signal device at this point in time.
6) Confirm that you have internet and network access as expected.
7) Connect your Sure Signal device to your LAN and then power it on.
8) Perform a manual reset of the device using the small button provided.
9) Allow up to 24 hours for the Sure Signal device to connect.
The outcome of this work is that your Sure Signal device will obtain a reserved static IP address from the firewall. The firewall will in turn forward all necessary ports and protocols that are required.