ESR Series Routers Operation Manual
27
5
INITIAL ROUTER CONFIGURATION
5.1
ESR router factory settings
The device is shipped to the consumer with the factory configuration installed which includes
essential basic settings. Factory configuration allows you to use the router as a gateway with SNAT
without applying any additional settings. Also, factory configuration contains settings that allow you to
obtain network access to the device for advanced configuration.
Description of factory settings
To establish network connection, the configuration features 2 security zones named 'Trusted' for
local area network and 'Untrusted' for public network. All interfaces are divided between two security
zones:
1. 'Untrusted
'
zone
is meant for a public network (WAN) connection. In this zone, DHCP ports are
open in order to obtain dynamic IP address from the provider. All incoming connections from this zone to
the router are blocked.
This security zone includes the following interfaces:
For ESR-100 and ESR-200: GigabitEthernet 1/0/1;
For ESR-1000 and ESR-1200: GigabitEthernet1/0/1, TengigabitEthernet1/0/1,
TengigabitEthernet1/0/2.
Zone interfaces are grouped into a single L2 segment via
Bridge 2
network bridge.
2. 'Trusted' zone
is meant for a local area network (LAN) connection. In this zone, the following
ports are open: Telnet and SSH ports for remote access, ICMP ports for router availability test, DHCP ports
for clients obtaining IP addresses from the router. Outgoing connections from this zone into the Untrusted
zone are allowed.
This security zone includes the following interfaces:
For ESR-100: GigabitEthernet 1/0/2-4;
For ESR-200: GigabitEthernet1/0/2-8;
For ESR-1000: GigabitEthernet1/0/2-24;
For ESR-1200: GigabitEthernet1/0/2-16, TengigabitEthernet1/0/3-8;
Zone interfaces are grouped into a single L2 segment via
Bridge 1
network bridge.
On the
Bridge 2
interface, DHCP client is enabled to obtain dynamic IP address from the provider.
On
Bridge 1
interface, static IP address 192.168.1.1/24 is configured. Created IP address acts as a gateway
for LAN clients. For LAN clients, DHCP address pool 192.168.1.2-192.168.1.254 is configured with the mask
255.255.255.0. For clients in order to access the Internet, the router should have Source NAT service
enabled.