Home
/
ZyXEL Communications
/
G-2000 Plus V2
/
User Manual

ZyXEL Communications G-2000 Plus V2, User Manual

Share

Page: 147 / 440

ZyXEL Communications G-2000 Plus V2 User Manual Download Page 147

ZyXEL G-2000 Plus v2 User’s Guide

Chapter 11 Firewall Screens

147

3

Does a rule that allows Internet users access to resources on the LAN create a security
vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the
LAN, Internet users may be able to connect to computers with running FTP servers.

4

Does this rule conflict with any existing rules?

Once these questions have been answered, adding rules is simply a matter of plugging the
information into the correct fields in the web configurator screens.

11.3.3 Key Fields For Configuring Rules

11.3.3.1 Action

Should the action be to

Block

or

Forward

?

Note:

“Block” means the firewall silently discards the packet.

11.3.3.2 Service

Select the service from the

Service

scrolling list box. If the service is not listed, it is necessary

to first define it. See “Predefined Services” on page 159 for more information on predefined
services.

11.3.3.3 Source Address

What is the connection’s source address; is it on the LAN or WAN? Is it a single IP, a range of
IPs or a subnet?

11.3.3.4 Destination Address

What is the connection’s destination address; is it on the LAN or WAN? Is it a single IP, a
range of IPs or a subnet?

11.4 Connection Direction Examples

This section describes examples for firewall rules for connections going from LAN to WAN
and from WAN to LAN.

LAN to LAN/ZyXEL device and WAN to WAN/ZyXEL device rules apply to packets
coming in on the associated interface (LAN or WAN respectively). LAN to LAN/ZyXEL
device means policies for LAN-to-ZyXEL device (the policies for managing the ZyXEL
device through the LAN interface) and policies for LAN-to-LAN (the policies that control
routing between two subnets on the LAN). Similarly, WAN to WAN/ZyXEL device polices
apply in the same way to the WAN ports.

«
...
145
146
147
148
149
...
»

Summary of Contents for G-2000 Plus V2

Page 1: ...ZyXEL G 2000 Plus v2 4 port Wireless Router User s Guide Version 3 60 Edition 1 2 2006...

Page 2: ......

Page 3: ...y ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it...

Page 4: ...mful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following me...

Page 5: ...P 662H HW Dx is limited in CH1 11 from 2400 to 2483 5 MHz by specified firmware controlled in USA Certifications 1 Go to www zyxel com 2 Select your product from the drop down list box on the ZyXEL h...

Page 6: ...r supply is damaged remove it from the power outlet Do NOT attempt to repair the power supply Contact your local vendor to order a new power supply Place connecting cables carefully so that no one wil...

Page 7: ...ered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in l...

Page 8: ...enmark sales zyxel dk 45 39 55 07 07 FINLAND support zyxel fi 358 9 4780 8411 www zyxel fi ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland sales zyxel fi 358 9 4780 8448 FRANCE info zyxe...

Page 9: ...ort zyxel se 46 31 744 7700 www zyxel se ZyXEL Communications A S Sj porten 4 41764 G teborg Sweden sales zyxel se 46 31 744 7701 UKRAINE support ua zyxel com 380 44 247 69 78 www ua zyxel com ZyXEL U...

Page 10: ...ZyXEL G 2000 Plus v2 User s Guide 10 Customer Support...

Page 11: ...Firmware Features 38 1 3 Applications for the ZyXEL device 43 1 3 1 Internet Access and Wireless Network 43 1 3 2 Firewall for Secure Broadband Internet Access 44 Chapter 2 Introducing the Web Config...

Page 12: ...3 5 4 WAN MAC Address 62 3 6 Basic Setup Complete 64 Chapter 4 System Screens 67 4 1 System Overview 67 4 2 Configuring General Setup 67 4 3 Dynamic DNS 68 4 3 1 DynDNS Wildcard 68 4 4 Configuring Dy...

Page 13: ...N Overview 101 7 2 Configuring WAN ISP 101 7 2 1 Ethernet Encapsulation 101 7 2 1 1 Service Type 102 7 2 2 PPPoE Encapsulation 103 7 2 3 PPTP Encapsulation 105 7 3 Configuring WAN IP 107 7 4 Configuri...

Page 14: ...3 Stateful Inspection Firewalls 134 10 3 Introduction to ZyXEL s Firewall 134 10 4 Denial of Service 135 10 4 1 Basics 135 10 4 2 Types of DoS Attacks 136 10 4 2 1 ICMP Vulnerability 139 10 4 2 2 Tra...

Page 15: ...6 3 Configuring Custom Services 155 11 7 Example Firewall Rule 156 11 8 Predefined Services 159 Chapter 12 Content Filtering 163 12 1 Introduction to Content Filtering 163 12 2 Restrict Web Features 1...

Page 16: ...gurator Easy Access 186 Chapter 15 Internal RADIUS Server 189 15 1 Internal RADIUS Overview 189 15 2 Internal RADIUS Server Setting 191 15 3 Trusted AP Overview 193 15 4 Configuring Trusted AP 194 15...

Page 17: ...en 233 Chapter 19 Introducing the SMT 235 19 1 SMT Introduction 235 19 2 Connect to your ZyXEL device Using Telnet 235 19 2 1 Entering Password 235 19 3 Changing the System Password 236 19 4 ZyXEL dev...

Page 18: ...24 1 Introduction to Remote Node Setup 263 24 2 Remote Node Profile Setup 263 24 2 1 Ethernet Encapsulation 263 24 2 2 PPPoE Encapsulation 266 24 2 2 1 Outgoing Authentication Protocol 266 24 2 2 2 Na...

Page 19: ...a Filter Set 297 28 2 1 Configuring a Filter Rule 300 28 2 2 Configuring a TCP IP Filter Rule 300 28 2 3 Configuring a Generic Filter Rule 304 28 3 Example Filter 306 28 4 Filter Types and NAT 309 28...

Page 20: ...Backup Configuration 336 33 2 1 Backup Configuration Using FTP 336 33 2 2 Using the FTP command from the DOS Prompt 337 33 2 3 GUI based FTP Clients 338 33 2 4 TFTP and FTP over WAN Management Limita...

Page 21: ...358 Chapter 36 Call Scheduling 359 36 1 Introduction to Call Scheduling 359 Chapter 37 Troubleshooting 363 Problems Starting Up the ZyXEL device 363 Problems with the Ethernet Interface 363 Problems w...

Page 22: ...IP Classes 385 Subnet Masks 386 Subnetting 386 Example Two Subnets 387 Example Four Subnets 389 Example Eight Subnets 390 Subnetting With Class A and Class B Networks 391 Appendix F Command Interpret...

Page 23: ...TTLS Tunneled Transport Layer Service 417 PEAP Protected EAP 418 LEAP 418 Appendix K Roaming 419 Roaming Overview 419 Appendix L Antenna Selection and Positioning Recommendation 421 Antenna Character...

Page 24: ...ZyXEL G 2000 Plus v2 User s Guide 24 Table of Contents...

Page 25: ...gure 13 PPTP Encapsulation 60 Figure 14 WAN Setup 63 Figure 15 Wizard Finish 65 Figure 16 System General Setup 67 Figure 17 DDNS 69 Figure 18 Password 70 Figure 19 Time Setting 71 Figure 20 LAN IP 76...

Page 26: ...Rule Summary 151 Figure 59 Creating Editing A Firewall Rule 153 Figure 60 Creating Editing A Custom Service 155 Figure 61 Rule Summary 156 Figure 62 Rule Edit Example 157 Figure 63 Edit Custom Servic...

Page 27: ...rk Temporarily Disconnected 232 Figure 103 Configuration Upload Error 233 Figure 104 Reset Warning Message 233 Figure 105 Restart Screen 234 Figure 106 Login Screen 235 Figure 107 Login Screen 236 Fig...

Page 28: ...Menu 15 1 255 SUA Address Mapping Rules 280 Figure 142 Menu 15 1 1 First Set 281 Figure 143 Menu 15 1 1 1 Editing Configuring an Individual Rule in a Set 283 Figure 144 Menu 15 2 1 NAT Server Setup 2...

Page 29: ...6 Menu 24 3 2 System Maintenance UNIX Syslog 327 Figure 187 Call Triggering Packet Example 331 Figure 188 LAN WAN DHCP 333 Figure 189 Menu 24 5 Backup Configuration 337 Figure 190 FTP Session Example...

Page 30: ...tosh OS X Apple Menu 378 Figure 220 Macintosh OS X Network 379 Figure 221 IP Address Conflicts CaseA 381 Figure 222 IP Address Conflicts Case B 382 Figure 223 IP Address Conflicts Case C 382 Figure 22...

Page 31: ...rs with Fixed IP Addresses 63 Table 14 WAN Setup 63 Table 15 System General Setup 67 Table 16 DDNS 69 Table 17 Password 70 Table 18 Time Setting 71 Table 19 LAN IP 76 Table 20 Static DHCP 79 Table 21...

Page 32: ...164 Table 55 Remote Management WWW 169 Table 56 Remote Management Telnet 170 Table 57 Remote Management FTP 171 Table 58 SNMP Traps 173 Table 59 Remote Management SNMP 174 Table 60 Remote Management D...

Page 33: ...tatic Route 274 Table 101 Menu 14 1 Edit Dial in User 276 Table 102 Applying NAT in Menus 4 11 3 279 Table 103 SUA Address Mapping Rules 281 Table 104 Menu 15 1 1 First Set 283 Table 105 Menu 15 1 1 1...

Page 34: ...of IP Addresses 385 Table 137 Allowed IP Address Range By Class 386 Table 138 Natural Masks 386 Table 139 Alternative Subnet Mask Notation 387 Table 140 Two Subnets Example 387 Table 141 Subnet 1 388...

Page 35: ...the web configurator System Management Terminal SMT or command interpreter interface to configure your ZyXEL device Not all features can be configured through all interfaces Related Documentation Supp...

Page 36: ...or example In Windows click Start Settings Control Panel means first click the Start button then point your mouse pointer to Settings and then click Control Panel e g is a shorthand for for instance a...

Page 37: ...igure The embedded web based configurator and SNMP network management enables remote configuration and management of your ZyXEL device 1 2 Features The following sections describe the features of the...

Page 38: ...he ZyXEL device is on and blinks or breaths when data is being transmitted to from its wireless stations You may use the web configurator to turn this LED off even when the ZyXEL device is on and data...

Page 39: ...anning Tree Protocol RSTP Rapid STP R STP detects and breaks network loops and provides backup links between switches bridges or routers It allows a bridge to interact with other R STP compliant bridg...

Page 40: ...le when the ZyXEL device should perform the filtering Brute Force Password Guessing Protection The ZyXEL device has a special protection mechanism to discourage brute force password guessing attacks o...

Page 41: ...e PPPoE clients on individual computers PPTP Encapsulation Point to Point Tunneling Protocol PPTP is a network protocol that enables secure transfer of data from a remote client to a private server cr...

Page 42: ...ce The ZyXEL device supports three logical LAN interfaces via its single physical Ethernet LAN interface with the ZyXEL device itself as the gateway for each LAN network IP Policy Routing IP Policy Ro...

Page 43: ...f the wireless stations that are currently using the ZyXEL device to access your wired network Wireless LAN Channel Usage The Wireless Channel Usage screen displays whether the radio channels are used...

Page 44: ...cure Broadband Internet Access The ZyXEL device provides protection from attacks by Internet hackers By default the firewall blocks all incoming traffic from the WAN The firewall supports TCP UDP insp...

Page 45: ...tscape Navigator 7 0 and later versions with JavaScript enabled It is recommended that you set your screen resolution to 1024 by 768 pixels 2 2 Accessing the ZyXEL device Web Configurator 1 Make sure...

Page 46: ...ertificate using your ZyXEL device s MAC address that will be specific to this device Figure 4 Replace Certificate Screen You should now see the MAIN MENU screen Note The management session automatica...

Page 47: ...ntil the SYS LED LINK LED or BRI RPT LED turns red and then release it If the SYS LED begins to blink the defaults have been restored and the ZyXEL device restarts Otherwise go to step 2 2 Turn the Zy...

Page 48: ...ator The following summarizes how to navigate the web configurator from the MAIN MENU screen Table 3 Web Configurator Screens Summary LINK SUB LINK FUNCTION WIZARD SETUP Use these screens for initial...

Page 49: ...to configure content filtering settings on the ZyXEL device REMOTE MGNT Use this screen to configure port addresses and security settings for Telnet FTP WWW SNMP and DNS protocols on the ZyXEL device...

Page 50: ...ZyXEL G 2000 Plus v2 User s Guide 50 Chapter 2 Introducing the Web Configurator...

Page 51: ...ntification purposes you will then setup your wireless LAN and security The wizard will then guide you through configuring your Internet settings 3 2 General Setup General Setup contains administrativ...

Page 52: ...d and enter it as the System Name In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for...

Page 53: ...e 7 bit ASCII characters for the wireless LAN If you change this field on the ZyXEL device make sure all wireless stations use the same SSID in order to access the network Choose Channel ID To manuall...

Page 54: ...cryption Select 64 bit WEP or 128 bit WEP to allow data encryption ASCII Select this option in order to enter ASCII characters as the WEP keys HEX Select this option to enter hexadecimal characters as...

Page 55: ...Settings This screen lets you confirm your current configuration and move on to the next part of the wizard You can also click Finish if you want to stop the wizard without configuring your Internet...

Page 56: ...leave the fields set to the default 3 4 1 Ethernet Choose Ethernet when the WAN port is used as a regular Ethernet There are several service type choices to select from This screen will change dependi...

Page 57: ...ollowing fields are not applicable N A for the Standard service type User Name Type the user name given to you by your ISP Password Type the password associated with the user name above Login Server I...

Page 58: ...oftware can activate and therefore requires no new learning or procedures for Windows users One of the benefits of PPPoE is the ability to let end users access one of multiple network services a funct...

Page 59: ...Parameter for Internet Access Encapsulation Choose PPP over Ethernet from the pull down list box PPPoE forms a dial up connection Service Name Type the name of your service provider User Name Type th...

Page 60: ...ESCRIPTION ISP Parameters for Internet Access Encapsulation Select PPTP from the drop down list box User Name Type the user name given to you by your ISP Password Type the password associated with the...

Page 61: ...d if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Note Regardless of your particular situation do not create an arbitrary I...

Page 62: ...bnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the ZyXEL device unless you are instructed to do otherwise 3 5 3 DNS Server Addres...

Page 63: ...ervers with Fixed IP Addresses Choose an IP address 192 168 1 2 192 168 1 32 192 168 1 65 192 168 1 254 Subnet mask 255 255 255 0 Gateway or default route 192 168 1 1 ZyXEL device LAN IP Table 14 WAN...

Page 64: ...ays the read only DNS server IP address that the ISP assigns Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the field to the right Select None if y...

Page 65: ...ZyXEL G 2000 Plus v2 User s Guide Chapter 3 Wizard Setup 65 Figure 15 Wizard Finish Well done You have successfully set up the ZyXEL device A congratulations screen displays some information...

Page 66: ...ZyXEL G 2000 Plus v2 User s Guide 66 Chapter 3 Wizard Setup...

Page 67: ...re 16 System General Setup The following table describes the labels in this screen Table 15 System General Setup LABEL DESCRIPTION General Setup System Name Type a descriptive name to identify the ZyX...

Page 68: ...hentication Administrator Inactivity Timer Type how many minutes a management session either via the web configurator or SMT can be left idle before the session times out The default is 5 minutes Afte...

Page 69: ...lect the type of service that you are registered for from your Dynamic DNS service provider Host Names 1 3 Enter the host names in the three fields provided You can specify up to two host names in eac...

Page 70: ...automatically by the DDNS server It is recommended that you select this option Use specified IP Address Select this option to update the IP address of the host name s to the IP address specified below...

Page 71: ...me This field displays the time on your ZyXEL device Each time you reload this page If configured to use a time server the ZyXEL device synchronizes the time with the time server Current Date This fie...

Page 72: ...ly Time Server Address Enter the IP address or the URL of your time server Check with your ISP network administrator if you are unsure of this information Time Zone Setup Time Zone Choose the time zon...

Page 73: ...s the TCP IP configuration for the clients If DHCP service is disabled you must have another DHCP server on your LAN or else the computer must be manually configured 5 2 1 IP Pool Setup The ZyXEL devi...

Page 74: ...ed but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M send routing data in RIP 2 format the difference b...

Page 75: ...e address 224 0 0 2 is assigned to the multicast routers group The ZyXEL device supports both IGMP version 1 IGMP v1 and IGMP version 2 IGMP v2 At start up the ZyXEL device queries all directly connec...

Page 76: ...abled and you must have another DHCP server on your LAN or else the computers must be manually configured When set as a server fill in the following four fields IP Pool Starting Address This field spe...

Page 77: ...ter to exchange routing information with other routers The RIP Direction field controls the sending and receiving of RIP packets Select the RIP direction from Both In Only Out Only None When set to Bo...

Page 78: ...settings click LAN then the Static DHCP tab The screen appears as shown Allow between LAN and WAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN...

Page 79: ...ngle physical Ethernet interface with the ZyXEL device itself as the gateway for each LAN network To change your ZyXEL device s IP Alias settings click LAN then the IP Alias tab The screen appears as...

Page 80: ...hen set to Both or In Only it will incorporate the RIP information that it receives when set to None it will not send any RIP packets and will ignore any RIP packets received RIP Version The RIP Versi...

Page 81: ...called wireless clients The wireless clients use the access point AP to interact with other devices such as the printer or with the Internet Your ZyXEL device is the AP Every wireless network must fo...

Page 82: ...eless client see the appropriate User s Guide or other documentation You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to use the wireless network If...

Page 83: ...he secret code you cannot understand the message The types of encryption you can choose depend on the type of wireless network login See Section 6 2 3 on page 82 for information about this For example...

Page 84: ...rmation to the AP at the same time and result in information colliding and not getting through By setting this value lower than the default value the wireless devices must sometimes get permission to...

Page 85: ...computer connected to the wireless LAN and you change the ZyXEL device s SSID or WEP settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless...

Page 86: ...blinks or breaths when data is being transmitted to from its wireless stations Clear the check box to turn this LED off even when the ZyXEL device is on and data is being transmitted received 802 11 M...

Page 87: ...nfiguring WEP Encryption In order to configure and enable WEP encryption click the WIRELESS link under ADVANCED to display the Wireless screen Select Static WEP from the Security list Table 25 Wireles...

Page 88: ...c WEP encryption Passphrase Enter a Passphrase up to 32 printable characters and click Generate The ZyXEL device automatically generates a WEP key WEP Encryption Select 64 bit WEP or 128 bit WEP to en...

Page 89: ...check box in the figure below Hex Select this option in order to enter hexadecimal characters as the WEP keys The preceding 0x that identifies a hexadecimal key is entered automatically Key 1 to Key 4...

Page 90: ...conds Specify how often wireless stations have to reenter usernames and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds...

Page 91: ...cation click the WIRELESS link under ADVANCED to display the Wireless screen Select WPA or WPA2 from the Security list Note WPA and WPA2 are two separate choices in this screen The only configuration...

Page 92: ...the ZyXEL device is using WPA2 ReAuthentication Timer in seconds Specify how often wireless stations have to reenter usernames and passwords in order to stay connected Enter a time interval between 10...

Page 93: ...een The screen appears as shown See Chapter 15 on page 189 for more details on RADIUS WPA Group Key Update Timer The WPA Group Key Update Timer is the rate at which the AP if using WPA PSK key managem...

Page 94: ...s clients in other wireless networks External RADIUS Server Select the radio button to use an External RADIUS Server to authenticate the ZyXEL device s wireless clients Authentication Server Server IP...

Page 95: ...g Server Active Select the check box to enable user accounting through an external authentication server Server IP Address Enter the IP address of the external accounting server in dotted decimal nota...

Page 96: ...DESCRIPTION ReAuthentication Timer in seconds Specify how often wireless stations have to reenter usernames and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds...

Page 97: ...se correctly first Select Local User Database Only to have the ZyXEL device just check the built in trusted user database on the ZyXEL device for a wireless station s username and password Select RADI...

Page 98: ...n to block access to the ZyXEL device MAC addresses not listed will be allowed to access the ZyXEL device Select Allow Association to permit access to the ZyXEL device MAC addresses not listed will be...

Page 99: ...rom the drop down list box to enable roaming on the ZyXEL device if you have two or more ZyXEL devices on the same subnet Note All APs on the same subnet and the wireless stations must have the same S...

Page 100: ...ZyXEL G 2000 Plus v2 User s Guide 100 Chapter 6 Wireless LAN...

Page 101: ...view A WAN Wide Area Network is an outside connection to another network or the Internet 7 2 Configuring WAN ISP To change your ZyXEL device s WAN ISP settings click WAN then ISP tab The screen differ...

Page 102: ...tandard Table 33 Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet Service Type Choose from Standard RR Toshiba...

Page 103: ...elstra authentication method or Telia Login The following fields do not appear with the Standard service type User Name Type the user name given to you by your ISP Password Type the password associate...

Page 104: ...aves significant effort for both you and the ISP or carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the ZyXEL device rath...

Page 105: ...e screen shown next is for PPTP encapsulation Password Type the password associated with the User Name above Retype to Confirm Type your password again to make sure that you have entered is correctly...

Page 106: ...rameters for a PPTP connection User Name Type the user name given to you by your ISP Password Type the password associated with the user name above Retype to Confirm Type your password again to make s...

Page 107: ...nter the IP address in the field provided My IP Subnet Mask Your ZyXEL device will automatically calculate the subnet mask based on the IP address that you assign Unless you are implementing subnettin...

Page 108: ...is the default selection Use fixed IP address Select this option If the ISP assigned a fixed IP address My WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address M...

Page 109: ...number of NAT firewall sessions that a host can create Private PPPoE and PPTP only This parameter determines if the ZyXEL device will include the route to this remote node in its RIP broadcasts If se...

Page 110: ...sections 4 and 5 of RFC 2236 Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP broadcast packets that enable a computer to connect to and communicate with...

Page 111: ...s MAC address IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning Once it is successfully configured the address will be copied to the rom file ZyNOS configuratio...

Page 112: ...ZyXEL G 2000 Plus v2 User s Guide 112 Chapter 7 WAN...

Page 113: ...of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global local denotes the IP address of a host in a packet as the packet traverses a router For exa...

Page 114: ...g inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 8 1 3 How NAT Works Each packet h...

Page 115: ...tion NAT 115 Figure 39 How NAT Works 8 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the ZyXEL device can c...

Page 116: ...s This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature the SUA Only option Many to Many Overload In Many to Many Overload mode the ZyXEL device maps the multi...

Page 117: ...TP that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world You may enter a single port number or a range of port...

Page 118: ...A Server page to forward incoming service requests to the server s on your local network You may enter a single port number or a range of port numbers to be forwarded and the local IP address of the d...

Page 119: ...ind NAT Example 8 4 Configuring SUA Server Note If you do not assign a Default Server IP Address the ZyXEL device discards all packets received for ports that are not specified in this screen or remot...

Page 120: ...ZyXEL G 2000 Plus v2 User s Guide 120 Chapter 8 Single User Account SUA Network Address Translation NAT Figure 42 SUA NAT Setup The following table describes the labels in this screen...

Page 121: ...pping tab The screen appears as shown Table 41 SUA NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specified services NAT supports a default server A default server receives...

Page 122: ...ZyXEL G 2000 Plus v2 User s Guide 122 Chapter 8 Single User Account SUA Network Address Translation NAT Figure 43 Address Mapping The following table describes the labels in this screen...

Page 123: ...de Global IP Address IGA 0 0 0 0 is for a dynamic IP address from your ISP with Many to One and Server mapping types Global End IP This is the end Inside Global Address IGA This field is N A for One t...

Page 124: ...ZyXEL G 2000 Plus v2 User s Guide 124 Chapter 8 Single User Account SUA Network Address Translation NAT Figure 44 Address Mapping Edit The following table describes the labels in this screen...

Page 125: ...omputer to use the application Table 43 Address Mapping Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following 1 One to One One to one mode maps one local IP address to one...

Page 126: ...s the traffic to Jane s computer IP address 5 Only Jane can connect to the Real Audio server until the connection is closed or times out The ZyXEL device times out in three minutes with UDP User Datag...

Page 127: ...ZyXEL G 2000 Plus v2 User s Guide Chapter 8 Single User Account SUA Network Address Translation NAT 127 Figure 46 Trigger Port The following table describes the labels in this screen...

Page 128: ...e client computer on the LAN that requested the service Start Port Type a port number or the starting port number in a range of port numbers End Port Type a port number or the ending port number in a...

Page 129: ...the networks beyond For instance the ZyXEL device knows about network N2 in the following figure through remote node router R1 However the ZyXEL device is unable to route a packet to network N3 becau...

Page 130: ...ZyXEL G 2000 Plus v2 User s Guide 130 Chapter 9 Static Route Screens Figure 48 Static Route The following table describes the labels in this screen...

Page 131: ...Yes or not No Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gateway The gateway...

Page 132: ...forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyXEL device over the WAN the gateway must be the IP address of one of the Remote Nodes Metric...

Page 133: ...a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be imple...

Page 134: ...tion on page 140 for more information on Stateful Inspection Firewalls of one type or another have become an integral part of standard security solutions for enterprises 10 3 Introduction to ZyXEL s F...

Page 135: ...functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traffic by default uses TCP port 80...

Page 136: ...n unsuspecting system Systems may crash hang or reboot b Teardrop attack exploits weaknesses in the reassembly of IP packet fragments As data is transmitted through a network IP packets are often brok...

Page 137: ...blished a SYN Attack floods a targeted system with a series of SYN packets Each packet causes the targeted system to issue a SYN ACK response While the targeted system waits for the ACK that follows t...

Page 138: ...ta A Smurf hacker floods a router with Internet Control Message Protocol ICMP echo request packets pings Since the destination IP address of each packet is the broadcast address of the network the rou...

Page 139: ...echnique known as IP Spoofing as part of their attack IP Spoofing may be used to break into systems to hide the hacker s identity or to magnify the effect of the DoS attack IP Spoofing is a technique...

Page 140: ...inates from the Internet In summary stateful inspection Allows all sessions originating from the LAN local network to the WAN Internet Denies all sessions originating from the WAN to the LAN Figure 54...

Page 141: ...y additional inbound or outbound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound access list entries as required and are forward...

Page 142: ...ated on the LAN 10 5 4 UDP ICMP Security UDP and ICMP do not themselves contain any connection information such as sequence numbers However at the very minimum they contain an IP address pair source a...

Page 143: ...in any way including attaching a modem to the port Be aware that a break on the console port might give unauthorized individuals total control of the firewall even with access control configured 3 Li...

Page 144: ...h the outbound request for that packet and allowed in Conversely an incoming packet masquerading as a response to a nonexistent outbound request can be blocked The firewall uses session filtering i e...

Page 145: ...tion of travel of packets to which they apply Note The LAN includes both the LAN port and the WLAN By default the ZyXEL device s stateful packet inspection allows packets traveling in the following di...

Page 146: ...points carefully before configuring rules 11 3 1 Rule Checklist 1 State the intent of the rule For example This restricts all IRC access from the LAN to the Internet Or This allows a remote Lotus Not...

Page 147: ...ted it is necessary to first define it See Predefined Services on page 159 for more information on predefined services 11 3 3 3 Source Address What is the connection s source address is it on the LAN...

Page 148: ...figure a LAN to WAN rule you in essence want to limit some or all users from accessing certain services on the WAN See the following figure Figure 55 LAN to WAN Traffic 11 4 2 WAN to LAN Rules The def...

Page 149: ...an alert when a rule is matched in the Edit Rule screen see Figure 59 Configure the Log Settings screen to have the ZyXEL device send an immediate e mail message to you when an event generates an aler...

Page 150: ...ogy see Appendix M Packet Direction This is the direction of travel of packets W LAN to W LAN ZyXEL device W LAN to WAN WAN to W LAN WAN to WAN ZyXEL device Firewall rules are grouped based on the dir...

Page 151: ...you have created that apply to traffic traveling in the selected packet direction The firewall rules that you configure summarized below take priority over the general firewall action settings above T...

Page 152: ...s rule Enabled or not Disable Alert This field tells you whether this rule generates an alert Yes or not No when the rule is matched Move Type a rule s index number and the number for where you want t...

Page 153: ...ZyXEL G 2000 Plus v2 User s Guide Chapter 11 Firewall Screens 153 Figure 59 Creating Editing A Firewall Rule...

Page 154: ...ailable Services box on the left then click to add it to the Selected Service s box on the right To remove a service highlight it in the Selected Service s box on the right then click Custom Service A...

Page 155: ...for Matched Packets Use the drop down list box to select whether to discard Block or allow the passage of Forward packets that match this rule Apply Click Apply to save your customized settings and ex...

Page 156: ...t Direction drop down list box Figure 61 Rule Summary 2 In the Rule Summary screen type the index number for where you want to put the rule assuming you have more than one rule For example if you type...

Page 157: ...Configure it as follows and click Apply Figure 63 Edit Custom Service Example 7 In the Edit Rule screen use the arrows between Available Services and Selected Service s to configure it as follows Clic...

Page 158: ...ZyXEL G 2000 Plus v2 User s Guide 158 Chapter 11 Firewall Screens Figure 64 My Service Rule Configuration...

Page 159: ...IP protocol type For example look at the default configuration labeled DNS UDP TCP 53 means UDP port 53 and TCP port 53 Custom services may also be configured using the Custom Services function discu...

Page 160: ...arent file sharing for network environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING ICMP 0 Packet Internet Groper is a protocol tha...

Page 161: ...H TCP UDP 22 Secure Shell Remote Login Program STRMWORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for...

Page 162: ...ZyXEL G 2000 Plus v2 User s Guide 162 Chapter 11 Firewall Screens...

Page 163: ...eb features or specific URL keywords and should not be confused with packet filtering via SMT menu 21 1 To access these functions from the Main Menu click Content Filter to expand the Content Filter m...

Page 164: ...ent environment for building downloadable Web components or Internet and intranet business applications of all kinds Cookies Used by Web servers to track usage and provide service based on ID Web Prox...

Page 165: ...ton to remove all of the listed keywords Day to Block Select check boxes for the days that you want the ZyXEL device to perform content filtering Select the Everyday check box to have content filterin...

Page 166: ...ZyXEL G 2000 Plus v2 User s Guide 166 Chapter 12 Content Filtering...

Page 167: ...only or ALL LAN WAN you still need to configure a firewall rule to allow access To disable remote management of a service select Disable in the corresponding Server Access field You may only have one...

Page 168: ...Management and NAT When NAT is enabled Use the ZyXEL device s WAN IP address when configuring from the WAN Use the ZyXEL device s LAN IP address when configuring from the LAN 13 1 3 System Timeout Th...

Page 169: ...d however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access the ZyXEL device using this serv...

Page 170: ...rt number for a service if needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access...

Page 171: ...screen Reset Click Reset to begin configuring this screen afresh Table 56 Remote Management Telnet LABEL DESCRIPTION Table 57 Remote Management FTP LABEL DESCRIPTION Server Port You may change the se...

Page 172: ...ble if TCP IP is configured Note SNMP is only available if TCP IP is configured Figure 71 SNMP Management Model An SNMP managed network consists of two main types of component agents and a manager An...

Page 173: ...for object variables within an agent Trap Used by the agent to inform the manager of some events 13 5 1 Supported MIBs The ZyXEL device supports MIB II that is defined in RFC 1213 and RFC 1215 The foc...

Page 174: ...oming Get and GetNext requests from the management station The default is public and allows all requests Set Community Enter the Set community which is the password for incoming Set requests from the...

Page 175: ...er you must use the same port number in order to use that service for remote management Service Access Select the interface s through which a computer may access the ZyXEL device using this service Se...

Page 176: ...from being sent This keeps outsiders from discovering your ZyXEL device when unsupported ports are probed Table 60 Remote Management DNS LABEL DESCRIPTION Server Port The DNS service port number is 53...

Page 177: ...m finding the ZyXEL device by probing for unused ports If you select this option the ZyXEL device will not respond to port request s for unused ports thus leaving the unused ports and the ZyXEL device...

Page 178: ...ZyXEL G 2000 Plus v2 User s Guide 178 Chapter 13 Remote Management Screens...

Page 179: ...ng the icon of a UPnP device will allow you to access the information and properties of that device 14 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate...

Page 180: ...lementation supports IGD 1 0 Internet Gateway Device At the time of writing ZyXEL device s UPnP implementation supports Windows Messenger 4 6 and 4 7 while Windows Messenger 5 0 and Xbox are still bei...

Page 181: ...sers to make configuration changes through UPnP Select this check box to allow UPnP enabled applications to automatically configure the ZyXEL device so that they can communicate through the ZyXEL devi...

Page 182: ...Panel Double click Add Remove Programs 2 Click on the Windows Setup tab and select Communication in the Components selection box Click Details 3 In the Communications window select the Universal Plug...

Page 183: ...computer and the ZyXEL device 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Comp...

Page 184: ...operties 3 In the Internet Connection Properties window click Settings to see the port mappings that were automatically created 4 You may edit or delete the port mappings or click Add to manually add...

Page 185: ...ess the web based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first This is helpful if you do not know the IP address of the ZyXEL device Follow the steps b...

Page 186: ...he steps below to access the web configurator 1 Click Start and then Control Panel 2 Double click Network Connections 3 Select My Network Places under Other Places 4 An icon with the description for e...

Page 187: ...nder Other Places 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click the icon for your ZyXEL device and select Invoke The web configurator login scr...

Page 188: ...ZyXEL G 2000 Plus v2 User s Guide 188 Chapter 14 UPnP...

Page 189: ...s a built in RADIUS server that can authenticate wireless clients or other AP s in other wireless networks The ZyXEL device can function as an AP and as a RADIUS server at the same time PEAP Protected...

Page 190: ...he ZyXEL device s certificate and to activate the internal RADIUS server on your ZyXEL device Trusted AP Use the Trusted AP screen to configure which trusted AP s you can authenticate You can authenti...

Page 191: ...one that uses your ZyXEL device s MAC address This can be done when you first log in to the ZyXEL device or in the Advanced web configurator Certificates screen Note The internal RADIUS server does no...

Page 192: ...onfiguration screen see the Certificates chapter Type This field displays what kind of certificate this is REQ represents a certification request and is not yet a valid certificate Send a certificatio...

Page 193: ...IUS server and the wireless clients The wireless clients can then be authenticated by the RADIUS server Valid To This field displays the date that the certificate expires The text displays in red and...

Page 194: ...e Trusted AP tab The screen appears as shown Figure 80 Trusted AP Screen The following table describes the labels in this screen Table 65 Trusted AP LABEL DESCRIPTION This field displays the trusted A...

Page 195: ...en the trusted AP and the ZyXEL device Note The first trusted AP fields are reserved for the ZyXEL device They are grayed out and therefore cannot be configured The shared secret must be the same on t...

Page 196: ...t This name can be up to 31 alphanumeric characters long including spaces The login name on the wireless client s utility must be the same as this user name on so it can authenticate the RADIUS server...

Page 197: ...v2 User s Guide Chapter 15 Internal RADIUS Server 197 Apply Click Apply to save your changes back to the ZyXEL device Reset Click Reset to begin configuring this screen afresh Table 66 Trusted Users...

Page 198: ...ZyXEL G 2000 Plus v2 User s Guide 198 Chapter 15 Internal RADIUS Server...

Page 199: ...key is public and can be made openly available the other key is private and must be kept secure Public key encryption in general works as follows 1 Tim wants to send a private message to Jenny Tim ge...

Page 200: ...the certificates of the certification authorities that you decide to trust no matter how many devices you need to authenticate Key distribution is simple and very secure since you can freely distribu...

Page 201: ...ar is red you should consider deleting expired or unnecessary certificates before adding more certificates Replace This button displays when the ZyXEL device has the factory default certificate The fa...

Page 202: ...the certificate is about to expire or has already expired Details Click the details icon to open a screen with an in depth list of information about the certificate Click the delete icon to remove the...

Page 203: ...allows the importation of a PKS 7 file that contains a single certificate PEM Base 64 encoded PKCS 7 This Privacy Enhanced Mail PEM format uses 64 ASCII characters to convert a binary PKCS 7 certific...

Page 204: ...device create a self signed certificate enroll a certificate with a certification authority or generate a certification request see the following figure Table 68 My Certificate Import LABEL DESCRIPTIO...

Page 205: ...ZyXEL G 2000 Plus v2 User s Guide Chapter 16 Certificates 205 Figure 84 My Certificate Create...

Page 206: ...ops trailing spaces Key Length Select a number from the drop down list box to determine how many bits the key should use 512 to 2048 The longer the key the more secure it is A longer key also uses mor...

Page 207: ...Enrollment Protocol Select the certification authority s enrollment protocol from the drop down list box Simple Certificate Enrollment Protocol SCEP is a TCP based enrollment protocol that was develop...

Page 208: ...Default self signed certificate which signs the imported remote host certificates Select this check box to have the ZyXEL device use this certificate to sign the trusted remote host certificates that...

Page 209: ...authority such as Common Name Organizational Unit Organization and Country With self signed certificates this is the same as the Subject Name field Signature Algorithm This field displays the type of...

Page 210: ...copy and paste a certification request into a certification authority s web page an e mail that you send to the certification authority or a text editor and save the file on a management computer for...

Page 211: ...such as a common name organizational unit or department organization or company and country With self signed certificates this is the same information as in the Subject field Valid From This field dis...

Page 212: ...ou can save the certificate of a certification authority that you trust from your computer to the ZyXEL device Delete Click Delete to delete an existing certificate A window display asking you to conf...

Page 213: ...ck the details icon to open the Trusted CA Details screen Use this screen to view in depth information about the certification authority s certificate change the certificate s name and set whether or...

Page 214: ...fault self signed certificate which signs the imported remote host certificates Select this check box to have the ZyXEL device use this certificate to sign the trusted remote host certificates that yo...

Page 215: ...cate s issuing certification authority such as Common Name Organizational Unit Organization and Country With self signed certificates this is the same information as in the Subject Name field Signatur...

Page 216: ...icate in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII characters to convert the binary cer...

Page 217: ...ude logs about system maintenance system errors and access control You can view logs and alert messages in this page Once the log entries are all used the log will wrap around and the old logs will be...

Page 218: ...ion Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts are displayed in red and logs are displayed in black S...

Page 219: ...ZyXEL G 2000 Plus v2 User s Guide Chapter 17 Log Screens 219 Figure 90 Log Settings...

Page 220: ...he messages to different files in the syslog server Refer to the documentation of your syslog program for more details Send Log Log Schedule This drop down menu is used to configure the frequency of l...

Page 221: ...or from which the most traffic has been sent How much traffic has been sent to and from the LAN IP addresses to and or from which the most traffic has been sent Note The web site hit count may not be...

Page 222: ...ice record report data Click Stop Collection to halt the ZyXEL device from recording more data Refresh Click Refresh to update the report display The report also refreshes automatically when you close...

Page 223: ...c statistics 18 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your ZyXEL device 18 2 System Status Screen Cli...

Page 224: ...load firmware for this exact model name This field is not available on all models ZyNOS Firmware Version This is the ZyNOS Firmware version and the date created ZyNOS is ZyXEL s proprietary Network Op...

Page 225: ...erver on your LAN or else the computer must be manually configured Table 78 System Status Show Statistics LABEL DESCRIPTION Port This is the WAN LAN or WLAN port Status This shows the port speed and d...

Page 226: ...able tab Read only information here relates to your DHCP status The DHCP table shows current DHCP Client information including IP Address Host Name and MAC Address of all network clients using the DHC...

Page 227: ...er with the name in the Host Name field Every Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characte...

Page 228: ...ns in this screen to upload firmware to your ZyXEL device Figure 96 Firmware Upload The following table describes the labels in this screen Note Do not turn off the ZyXEL device while firmware upload...

Page 229: ...g a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 98 Network Temporarily Disconnect After two minutes log in again and check your new fir...

Page 230: ...nfiguration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP TFTP commands Click MAINTENANCE and then the Configuration tab Information...

Page 231: ...onfiguration file before making configuration changes The backup configuration file will be useful in case you need to return to your previous settings Click Backup to save the ZyXEL device s current...

Page 232: ...ktop Figure 102 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default Z...

Page 233: ...ollowing warning screen will appear Figure 104 Reset Warning Message You can also press the RESET button on the side panel to reset the factory defaults of your ZyXEL device Refer to the section on re...

Page 234: ...ZyXEL G 2000 Plus v2 User s Guide 234 Chapter 18 Maintenance Figure 105 Restart Screen...

Page 235: ...he bottom left corner Run and then type telnet 192 168 1 1 the default IP address and click OK 2 For your first login enter the default password 1234 As you type the password the screen displays an as...

Page 236: ...xisting system password in the Old Password field and press ENTER Figure 108 Menu 23 1 System Security Change Password 4 Type your new system password in the New Password field up to 30 characters and...

Page 237: ...e to configure your ZyXEL device Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below Table 83 Main Menu Commands OPERATION...

Page 238: ...of fields The first requires you to type in the appropriate information The second allows you to cycle through the available choices by pressing SPACE BAR Required fields or ChangeMe All fields with...

Page 239: ...r LAN 3 LAN Setup Use this menu to set up your LAN and WLAN connection 4 Internet Access Setup Configure your Internet Access setup Internet address gateway login etc with this menu 11 Remote Node Set...

Page 240: ...sword in the Old Password field for example 1234 and press ENTER Figure 112 Menu 23 System Password 4 Type your new system password in the New Password field up to 30 characters and press ENTER 5 Re t...

Page 241: ...System Name In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name fie...

Page 242: ...is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a machine before you can access it...

Page 243: ...namic DNS as shown next Figure 114 Menu 1 1 Configure Dynamic DNS Follow the instructions in the next table to configure Dynamic DNS parameters Menu 1 1 Configure Dynamic DNS Service Provider WWW DynD...

Page 244: ...ns org traffic is redirected to a URL that you have previously specified see www dyndns org for details Edit Update IP Address You can select Yes in either the Use Server Detected IP field recommended...

Page 245: ...igure the WAN using menu 2 21 1 Introduction to WAN This chapter explains how to configure settings for your WAN port 21 2 WAN Setup From the main menu enter 2 to open menu 2 Figure 115 Menu 2 WAN Set...

Page 246: ...default MAC Address Choose IP address attached on LAN to use the MAC Address of that computer whose IP you give in the following field IP Address This field is applicable only if you choose the IP add...

Page 247: ...wish to apply to the Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 117...

Page 248: ...enu 3 LAN Setup When menu 3 appears press 2 and press ENTER to display Menu 3 2 TCP IP and DHCP Ethernet Setup as shown next Figure 118 Menu 3 2 TCP IP Setup Follow the instructions in the next table...

Page 249: ...the ISP assigns Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the IP Address field below If you chose User Defined but leave the IP address set to...

Page 250: ...ly calculate the subnet mask based on the IP address that you assign Unless you are implementing subnetting use the subnet mask computed by the ZyXEL device RIP Direction Press SPACE BAR and then ENTE...

Page 251: ...rs Menu 3 2 1 IP Alias Setup IP Alias 1 No IP Address N A IP Subnet Mask N A RIP Direction N A Version N A Incoming protocol filters N A Outgoing protocol filters N A IP Alias 2 No IP Address N A IP S...

Page 252: ...cally calculate the subnet mask based on the IP address that you assign Unless you are implementing subnetting use the subnet mask computed by the ZyXEL device RIP Direction Press SPACE BAR and then E...

Page 253: ...the same ESSID Enter a descriptive name of up to 32 printable 7 bit ASCII characters Hide ESSID Press SPACE BAR and select Yes to hide the ESSID in the outgoing data frame so an intruder cannot obtain...

Page 254: ...on for details on this field Edit Roaming Configuration Press SPACE BAR to select Yes to enable roaming on the ZyXEL device if you have two or more ZyXEL devices on the same subnet Note All APs on the...

Page 255: ...Default Key 1 Key1 Key2 Key3 Key4 Authen Method Shared Key Only Menu 3 5 1 WLAN MAC Address Filter Active No Filter Action Allowed Association 1 00 00 00 00 00 00 13 00 00 00 00 00 00 25 00 00 00 00...

Page 256: ...and press ENTER MAC addresses not listed will be allowed to access the router The default action Allowed Association permits association with the ZyXEL device MAC addresses not listed will be denied...

Page 257: ...what encapsulation type you should use 23 2 Ethernet Encapsulation From the main menu type 4 to display Menu 4 Internet Access Setup If you choose Ethernet in menu 4 you will see the next menu Figure...

Page 258: ...t if the ZyXEL device does not log in periodically Type the number of minutes from 1 to 59 30 recommended for the ZyXEL device to wait between logins IP Address Assignment If your ISP did not assign y...

Page 259: ...oose PPTP as your encapsulation option This brings up the following screen Figure 125 Internet Access Setup PPTP The following table contains instructions about the new fields when you choose PPTP in...

Page 260: ...DESCRIPTION Encapsulation Press SPACE BAR and then press ENTER to choose PPTP The encapsulation method influences your choices for the IP Address field Idle Timeout This value specifies the time in se...

Page 261: ...nate from the LAN and blocks all traffic to the LAN that originates from the Internet You may deactivate the firewall in menu 21 2 or via the ZyXEL device embedded web configurator You may also define...

Page 262: ...ZyXEL G 2000 Plus v2 User s Guide 262 Chapter 23 Internet Access...

Page 263: ...emote node The following describes how to configure Menu 11 1 Remote Node Profile Menu 11 3 Remote Node Network Layer Options Menu 11 5 Remote Node Filter 24 2 Remote Node Profile Setup From the main...

Page 264: ...his menu Menu 11 1 Remote Node Profile Rem Node Name ChangeMe Route IP Active Yes ISP No Apply Alias None Encapsulation Ethernet Edit IP No Service Type Standard Session Options Service Name N A Edit...

Page 265: ...orrectly Server This field is valid only when RoadRunner is selected in the Service Type field The ZyXEL device will find the RoadRunner Server IP automatically if this field is left blank If it does...

Page 266: ...ecify the correct authentication protocol when connecting to such an implementation 24 2 2 2 Nailed Up Connection A nailed up connection is a dial up line where the connection is always up regardless...

Page 267: ...ts a ceiling for outgoing call time for this remote node The default for this field is 0 meaning no budget control Period hr This field is the time period that the budget should be reset For example i...

Page 268: ...ChangeMe Route IP Active Yes ISP No Apply Alias None Encapsulation PPTP Edit IP No Service Type Standard Telco Option Service Name N A Allocated Budget min 0 Outgoing Period hr 0 My Login Schedules M...

Page 269: ...DESCRIPTION Encapsulation Press SPACE BAR and then ENTER to select PPTP You must also go to menu 11 3 to check the IP Address setting once you have selected the encapsulation method My IP Addr Enter...

Page 270: ...any to One and Server Choose Full Feature if you have multiple public IP addresses Full Feature mapping types include One to One Many to One SUA PAT Many to Many Overload Many One to One and Server Wh...

Page 271: ...hat spaces are accepted in this field For more information on defining the filters please refer to the Filters chapter For PPPoE or PPTP encapsulation you have the additional option of specifying remo...

Page 272: ...ZyXEL G 2000 Plus v2 User s Guide 272 Chapter 24 Remote Node Configuration...

Page 273: ...w type the route number of a static route you want to configure Figure 134 Menu12 1 Edit IP Static Route The following table describes the fields for Menu 12 1 Edit IP Static Route Setup Menu 12 IP St...

Page 274: ...immediate neighbor of your ZyXEL device that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyXEL device over WAN the gateway must be t...

Page 275: ...e From the main menu enter 14 to display Menu 14 Dial in User Setup Figure 135 Menu 14 Dial in User Setup Type a number and press ENTER to edit the user profile Menu 14 Dial in User Setup 1 aj tetryeg...

Page 276: ...1 Edit Dial in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile This field is case sensitive Active Press SPACE BAR to select Yes and press...

Page 277: ...two types of mapping Many to One and Server See section Address Mapping Sets for a detailed description of the NAT set for SUA The ZyXEL device also supports Full Feature NAT to map multiple global IP...

Page 278: ...the Remote Node The following table describes the options for Network Address Translation Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation Ethernet Service Type Standard My Login N A My...

Page 279: ...for further information on these menus To configure NAT enter 15 from the main menu to bring up the following screen Figure 139 Menu 15 NAT Setup 27 3 1 Address Mapping Sets Enter 1 to bring up Menu...

Page 280: ...annot be changed Figure 141 Menu 15 1 255 SUA Address Mapping Rules The following table explains the fields in this menu Menu 15 1 Address Mapping Sets 1 NAT_SET 255 SUA read only Enter Menu Selection...

Page 281: ...1 or enter the name of a new set you want to create Idx This is the index or rule number Local Start IP Local Start IP is the starting local IP address ILA Local End IP Local End IP is the ending loc...

Page 282: ...ction and the remaining rules are ignored If there are any empty rules before your new configured rule your configured rule will be pushed up by that number of empty rules For example if you have alre...

Page 283: ...plains the fields in this menu Table 104 Menu 15 1 1 First Set FIELD DESCRIPTION Set Name Enter a name for this set of rules This is a required field If this field is left blank the entire set will be...

Page 284: ...le Local IP Only local IP fields are N A for server Global IP fields MUST be set for Server Start This is the starting local IP address ILA End This is the ending local IP address ILA If the rule is f...

Page 285: ...8 1 33 5 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC at any time to cancel You assign the private network IP addresses The...

Page 286: ...pping discussed in section General NAT Examples The SUA Only read only option from the Network Address Translation field in menus 4 and 11 3 is specifically pre configured to handle this case 27 5 2 E...

Page 287: ...FTP servers to the first two IGAs and the other LAN traffic to the remaining IGA Map the third IGA to an inside web server and mail server Four rules need to be configured two bi directional and two...

Page 288: ...tion from the Network Address Translation field in menu 4 or menu 11 3 see Figure 130 2 Then enter 15 from the main menu 3 Enter 1 to configure the Address Mapping Sets 4 Enter 1 to begin configuring...

Page 289: ...show how to configure the first rule Menu 11 3 Remote Node Network Layer Options IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Addr N A Network Address Translation Full Fe...

Page 290: ...owing menu Configure it as shown Menu 15 1 1 1 Address Mapping Rule Type One to One Local IP Start 192 168 1 10 End N A Global IP Start 10 132 50 1 End N A Press ENTER to Confirm or ESC to Cancel Pres...

Page 291: ...Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream These applications won t work through NAT even when using One to One an...

Page 292: ...er can use a trigger port range at a time Enter 3 in menu 15 to display Menu 15 3 Trigger Port Setup shown next Menu 15 1 1 1 Address Mapping Rule Type Many One to One Local IP Start 192 168 1 10 End...

Page 293: ...owing table describes the fields in this screen Menu 15 3 Trigger Port Setup Incoming Trigger Rule Name Start Port End Port Start Port End Port 1 Real Audio 6970 7170 7070 7070 2 0 0 0 0 3 0 0 0 0 4 0...

Page 294: ...ports to the client computer on the LAN that requested the service Start Port Enter a port number or the starting port number in a range of port numbers End Port Enter a port number or the ending por...

Page 295: ...be allowed to pass Data filters are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the L...

Page 296: ...device filter rules and protocol filter rules within the same set You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six ru...

Page 297: ...ort to block multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port 28 2 Configuring a Filter Set The ZyXEL device includes f...

Page 298: ...reen shows the summary of the existing rules in the filter set The following tables contain a brief description of the abbreviations used in the previous menus Menu 21 Filter and Firewall Setup 1 Filt...

Page 299: ...more rules to check which form a rule chain with the present rule An action cannot be taken until the rule chain is complete N means there are no more rules to check You can specify an action to be ta...

Page 300: ...s are provided for protocol and device filter sets If you include a protocol filter set in a device filter field or vice versa the ZyXEL device will warn you and will not allow you to save 28 2 2 Conf...

Page 301: ...rule Menu 21 1 1 1 TCP IP Filter Rule Filter 1 1 Filter Type TCP IP Filter Rule Active Yes IP Protocol 0 IP Source Route No Destination IP Addr IP Mask Port Port Comp None Source IP Addr IP Mask Port...

Page 302: ...SPACE BAR and then ENTER to select the comparison to apply to the destination port in the packet against the value given in Destination Port None Less Greater Equal Not Equal Source IP Address Enter...

Page 303: ...th All packets will be logged None Action Matched Action Not Matched Both Action Matched Press SPACE BAR and then ENTER to select the action for a matching packet Check Next Rule Forward Drop Action N...

Page 304: ...eric rules the ZyXEL device treats a packet as a byte stream as opposed to an IP or IPX packet You specify the portion of the packet to check with the Offset from 0 and the Length fields both in bytes...

Page 305: ...le as shown below Figure 165 Menu 21 1 4 1 Generic Filter Rule The following table describes the fields in the Generic Filter Rule menu Menu 21 1 4 1 Generic Filter Rule Filter 4 1 Filter Type Generic...

Page 306: ...eld is 0 to 8 0 8 Mask Enter the mask in Hexadecimal notation to apply to the data portion before comparison Value Enter the value in Hexadecimal notation to compare with the data portion More If Yes...

Page 307: ...Rules Summary 6 Enter 1 to configure the first filter rule the only filter rule of this set Make the entries in this menu as shown in the following figure Figure 167 Example Filter Menu 21 1 3 1 Sele...

Page 308: ...in this set Figure 168 Example Filter Rules Summary Menu 21 1 3 This shows you that you have configured and activated A Y a TCP IP filter rule Type IP Pr 6 for destination telnet ports DP 23 M N means...

Page 309: ...et port or any other hardware port The following diagram illustrates this Figure 169 Protocol and Device Filter Sets 28 5 Firewall Versus Filters Firewall configuration is discussed in the firewall ch...

Page 310: ...r numbers separated by commas The ZyXEL device already has filters to prevent NetBIOS traffic from triggering calls and block incoming telnet FTP and HTTP connections Figure 171 Filtering Remote Node...

Page 311: ...r is by far the most comprehensive firewall configuration tool your ZyXEL device has to offer For this reason it is recommended that you configure your firewall using the web configurator see the foll...

Page 312: ...ainst Denial of Service DoS attacks when it is active Your network is vulnerable to attacks when the firewall is turned off Refer to the User s Guide for details about the firewall default policies Yo...

Page 313: ...work The ZyXEL device supports SNMP version one SNMPv1 and version two c SNMPv2c The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured Figure 173 SNMP...

Page 314: ...manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve a...

Page 315: ...word for incoming Set requests from the management station Trusted Host If you enter a trusted host your ZyXEL device will only respond to SNMP messages from this address A blank default field means y...

Page 316: ...onFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community password 6 linkDown defined in RFC 1215 A trap is sent when the port is...

Page 317: ...23 System Security You should change the default password If you forget your password you have to restore the default configuration file Refer to the section on changing the system password in the Int...

Page 318: ...onfirm or ESC to Cancel Table 114 Menu 23 2 System Security RADIUS Server FIELD DESCRIPTION Authentication Server Active Press SPACE BAR to select Yes and press ENTER to enable user authentication thr...

Page 319: ...server in dotted decimal notation Port The default port of the RADIUS server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so with additio...

Page 320: ...tations have to enter usernames and passwords before access to the wired network is allowed Select No Access Allowed to block all wireless stations access to the wired network The following fields are...

Page 321: ...vacy for Broadcast Multicast packets field WPA Group Key Update Timer The WPA Broadcast Multicast Key Update Timer is the rate at which the AP if using WPA PSK key management or RADIUS server if using...

Page 322: ...ZyXEL G 2000 Plus v2 User s Guide 322 Chapter 31 System Security...

Page 323: ...Status is a tool that can be used to monitor your ZyXEL device Specifically it gives you information on your Ethernet and Wireless LAN status number of packets sent and received To get to System Statu...

Page 324: ...tatus This shows the status of the remote node TxPkts This is the number of transmitted packets to this remote node RxPkts This is the number of received packets from this remote node Cols This is the...

Page 325: ...Information Enter 1 in menu 24 2 to display the screen shown next Figure 183 Menu 24 2 1 System Information Information The following table describes the fields in this menu Menu 24 2 System Informat...

Page 326: ...low the procedures to view the local error trace log 1 Type 24 in the main menu to display Menu 24 System Maintenance 2 From menu 24 type 3 to display Menu 24 3 System Maintenance Log and Trace ZyNOS...

Page 327: ...are shown next Menu 24 3 System Maintenance Log and Trace 2 Syslog Logging 4 Call Triggering Packet Menu 24 3 2 System Maintenance Syslog Logging Syslog Active No Syslog Server IP Address 0 0 0 0 Log...

Page 328: ...d 0 line 0 channel 0 call 1 C01 Outgoing Call dev 2 ch 0 40002 Jul 19 11 19 32 192 168 102 2 ZYXEL board 0 line 0 channel 0 call 1 C02 OutCall Connected 64000 40002 Jul 19 11 20 06 192 168 102 2 ZYXEL...

Page 329: ...d010080 S05 R01mF Mar 03 10 41 34 202 132 155 97 ZyXEL IP Src 192 168 2 33 Dst 202 132 155 93 ICMP S04 R01mF Mar 03 11 59 20 202 132 155 97 ZyXEL GEN 00a0c5f502fnord010080 S05 R01mF Mar 03 12 00 52 20...

Page 330: ...o Source port empty means no source port information Dst Destination Address dpo Destination port empty means no destination port information prot Protocol TCP UDP ICMP IGMP GRE ESP rule a b where a m...

Page 331: ...44 Time 17 02 44 262 Frame Type IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x002C 44 Identification 0x0002 2 Flags 0x00 Fragment Offset 0x00 Time to Live 0xFE 254 Pro...

Page 332: ...ther as a WAN DHCP client IP Address Assignment field in menu 4 or menu 11 3 is Dynamic and the Encapsulation field in menu 4 or menu 11 is Ethernet or None when you have a static IP The WAN Release a...

Page 333: ...Table 119 Menu 24 4 System Maintenance Menu Diagnostic FIELD DESCRIPTION Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working WAN DHCP Release Release the IP ad...

Page 334: ...ZyXEL G 2000 Plus v2 User s Guide 334 Chapter 32 System Information and Diagnosis...

Page 335: ...ngs they can be saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename e...

Page 336: ...computer Backup is highly recommended once your ZyXEL device is functioning properly FTP is the preferred method although TFTP can also be used Please note that the terms download and upload are rela...

Page 337: ...ile on the ZyXEL device to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the FTP prompt Menu 24 5 Backup Configu...

Page 338: ...console session running 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK...

Page 339: ...estore the five minute SMT timeout default when the file transfer is complete 4 Launch the TFTP client on your computer and connect to the ZyXEL device Set the transfer mode to binary before starting...

Page 340: ...he following sections on FTP and TFTP file transfer for more details The ZyXEL device restarts automatically after the file transfer is complete 33 3 1 Restore Using FTP For details about backup using...

Page 341: ...2 Restore Using FTP Session Examplei Refer to section 33 2 4 to read about configurations that disallow TFTP and FTP over WAN Menu 24 6 Restore Configuration To transfer the firmware and the configura...

Page 342: ...stem Maintenance Upload Firmware The configuration data system related data the error log and the trace log are all stored in the configuration file Please be aware that uploading the configuration fi...

Page 343: ...remote file name on the system 4 The system reboots automatically after a successful firmware upload For details on FTP commands please consult the documentation of your FTP client program For details...

Page 344: ...ration file using TFTP Trivial File Transfer Protocol over LAN Although TFTP should work over WAN as well it is not recommended To use TFTP your computer must have both telnet and TFTP clients To tran...

Page 345: ...umentation of your TFTP client program For UNIX use get to transfer from the ZyXEL device to the computer put the other way around and binary to set binary transfer mode 33 4 5 Example TFTP Command Th...

Page 346: ...ZyXEL G 2000 Plus v2 User s Guide 346 Chapter 33 Firmware and Configuration File Maintenance...

Page 347: ...the main system firmware The CI provides much of the same functionality as the SMT while adding some low level setup and diagnostic functions Enter the CI from the SMT by selecting menu 24 8 See the i...

Page 348: ...all time exceeds the limit the current call will be dropped and any future outgoing calls will be blocked To access the call control menu select option 9 in menu 24 to go to Menu 24 9 System Maintenan...

Page 349: ...dropped and further outgoing calls to that remote node will be blocked After each period the total budget is reset The default for the total budget is 0 minutes and the period is 0 hours meaning no bu...

Page 350: ...9 1 Budget Management FIELD DESCRIPTION Remote Node Enter the index number of the remote node you want to reset just one in this case Connection Time Total Budget This is the total connection time tha...

Page 351: ...2 Then enter 10 to go to Menu 24 10 System Maintenance Time and Date Setting to update the time and date settings of your ZyXEL device as shown in the following screen Table 124 Call History Fields F...

Page 352: ...month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 None The default en...

Page 353: ...and Information 353 34 3 1 Resetting the Time The ZyXEL device resets the time in three instances 1 On leaving menu 24 10 after making changes 2 When the ZyXEL device starts up if there is a timeserv...

Page 354: ...ZyXEL G 2000 Plus v2 User s Guide 354 Chapter 34 System Maintenance and Information...

Page 355: ...which ZyXEL device interface if any from which computers You may manage your ZyXEL device from a remote location via Internet WAN only LAN only ALL LAN and WAN Neither Disable Note When you Choose WAN...

Page 356: ...to Confirm or ESC to Cancel Table 126 FIELD DESCRIPTION Telnet Server FTP Server Web Server SNMP Service DNS Service Each of these read only labels denotes a service or protocol Port This field shows...

Page 357: ...3 1 LAN or in menu 11 5 WAN is applied to block a Telnet FTP or Web service 2 You have disabled that service in menu 24 11 3 The IP address in the Secured Client IP field menu 24 11 does not match the...

Page 358: ...LAN IP address when configuring from the LAN 35 3 System Timeout There is a system timeout of five minutes 300 seconds for Telnet web FTP connections Your ZyXEL device will automatically log you out i...

Page 359: ...ed sets take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2 3 a...

Page 360: ...r ZyXEL device will not drop it Once the connection is dropped manually or it times out then that remote node can t be triggered up until the end of the Duration Menu 26 1 Schedule Set Setup Active Ye...

Page 361: ...scheduled time elapses Once Date If you selected Once in the How Often field above then enter the date the set should activate here in year month date format Weekday Day If you selected Weekly in the...

Page 362: ...to your preference s Menu 11 1 Remote Node Profile Rem Node Name MyISP Route IP Active Yes Encapsulation PPPoE Edit IP No Service Type Standard Telco Option Service Name Allocated Budget min 0 Outgoi...

Page 363: ...the power source is working properly Table 129 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyXEL device from the LAN If the ETHN light on the front panel is off...

Page 364: ...roubleshooting Telnet PROBLEM CORRECTIVE ACTION I cannot access the ZyXEL device through Telnet Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet con...

Page 365: ...ilt in Switch Four auto negotiating auto MDI MDI X 10 100 Mbps RJ 45 Ethernet ports Wireless LAN Interface One IEEE 802 11g standard based 54Mbp Access Point embedded Detachable Antennas 2 dipole Dive...

Page 366: ...tion type BPSK QPSK CCK OFDM RF Output Power 15dBm 54 Mbps OFDM typical 18 dBm 11Mbps CCK QPSK BPSK typical Security WPA 2 WPA 2 PSK IEEE 802 1x security MD 5 TLS TTLS PEAP RAW Ethernet Packet Filter...

Page 367: ...empts for five minutes after the third time an incorrect password is entered Table 135 Brute Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brut...

Page 368: ...ZyXEL G 2000 Plus v2 User s Guide 368...

Page 369: ...of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components...

Page 370: ...f you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the N...

Page 371: ...and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your info...

Page 372: ...TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyXEL device and restart your computer when prompted Verifying Settings 1 Click Start...

Page 373: ...73 Figure 211 Windows XP Start Menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 212 Windows XP Control Panel 3 Right click Local Area Co...

Page 374: ...s 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties Figure 214 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens t...

Page 375: ...click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional def...

Page 376: ...XP Internet Protocol TCP IP Properties 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connection Properties window 10Turn on your ZyXEL device an...

Page 377: ...s Guide 377 Figure 217 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 218 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server...

Page 378: ...o save changes to your configuration 7 Turn on your ZyXEL device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X...

Page 379: ...select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyXEL device in the Router address box 5 Click Apply Now and close...

Page 380: ...ZyXEL G 2000 Plus v2 User s Guide 380...

Page 381: ...omputer on the LAN Figure 221 IP Address Conflicts CaseA You must set the ZyXEL device to use different LAN and WAN IP addresses on different subnets if you enable DHCP server on the ZyXEL device For...

Page 382: ...rent subnets if you enable DHCP server on the ZyXEL device For example you set the WAN IP address to 192 59 1 1 and the LAN IP address to 10 59 1 1 Otherwise It is recommended the ZyXEL device use a p...

Page 383: ...Guide 383 In this case the subscribers are not able to access the Internet Figure 224 IP Address Conflicts Case D This problem can be solved by adding a VLAN enabled switch or set the computers to obt...

Page 384: ...ZyXEL G 2000 Plus v2 User s Guide 384...

Page 385: ...irst two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octets make u...

Page 386: ...Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Subnetting With subnetting the class arrangement of an...

Page 387: ...k of 255 255 255 0 The first three octets of the address make up the network number class C You want to have two separate networks Note Divide the network 192 168 1 0 into two separate subnets by conv...

Page 388: ...broadcast address for the first subnet Therefore the lowest IP address that can be assigned to an actual host for the first subnet is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID...

Page 389: ...ress Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highest Host...

Page 390: ...11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 147 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS L...

Page 391: ...following table is a summary for class B subnet planning Table 149 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0...

Page 392: ...ZyXEL G 2000 Plus v2 User s Guide 392...

Page 393: ...sibly render it unusable Command Syntax The command keywords are in courier new font Enter the command keywords exactly as shown do not abbreviate The required fields in a command are enclosed in angl...

Page 394: ...ZyXEL G 2000 Plus v2 User s Guide 394...

Page 395: ...xpired A DHCP client s IP address has expired DHCP server assigns s The DHCP server assigned an IP address to a client SMT Login Successfully Someone has logged on to the router s SMT interface SMT Lo...

Page 396: ...e Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragme...

Page 397: ...log Use the sys logs category display command to show the log settings for all of the log categories Use the sys logs display log category command to show the logs in an individual ZyXEL device log ca...

Page 398: ...2 22 255 255 137 ACCESS BLOCK Firewall default policy UDP set 8 1 11 11 2002 15 10 12 172 21 4 17 138 172 21 255 255 138 ACCESS BLOCK Firewall default policy UDP set 8 2 11 11 2002 15 10 11 172 17 2 1...

Page 399: ...rs like doctors and nurses access to a complete patient s profile on a handheld or notebook computer upon entering a patient s room It allows flexible workgroups a lower total cost of ownership for wo...

Page 400: ...eless station and a wired network client go through one access point AP Intra BSS traffic is traffic between wireless stations in the BSS When Intra BSS is enabled wireless station A and B can access...

Page 401: ...ch containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS An ESSID ESS IDentification uniquely ide...

Page 402: ...same access point but are not within range of each other The following figure illustrates a hidden node Both stations STA are within range of the access point AP or wireless gateway but out of range o...

Page 403: ...It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS R...

Page 404: ...a first important step in the evolutionary development of wireless networking technologies The standard was developed to maximize interoperability between differing brands of wireless LANs as well as...

Page 405: ...of IEEE 802 11 to support extended authentication as well as providing additional accounting and control features It is supported by Windows XP and a number of network devices Some advantages of IEEE...

Page 406: ...server Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication Access Request Sent by an access point requ...

Page 407: ...ible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication Finally MD5 authentication method does not support data encryption with dynamic session...

Page 408: ...e Wireless screen You may still configure and store keys here but they will not be used while Dynamic WEP is enabled Note EAP MD5 cannot be used with Dynamic WEP Key Exchange For added security certif...

Page 409: ...est to the AP which will then reply with a challenge text message The wireless station must then use the AP s default WEP key to encrypt the challenge text and return it to the AP which attempts to de...

Page 410: ...Advanced Encryption Standard AES in the Counter mode with Cipher block chaining Message authentication code Protocol CCMP to offer stronger encryption than TKIP TKIP uses 128 bit keys that are dynamic...

Page 411: ...features are optional and may not be supported in all wireless devices Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP The wireless cli...

Page 412: ...es network access accordingly 3 The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the pair wise key to dynamically gen...

Page 413: ...MAC address filters are not dependent on how you configure these security features Table 157 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL ENCRYPTION METHOD ENTER...

Page 414: ...d to periodically verify the identity of the peer station or other AP using a three way handshake The following figure depicts a typical wireless network with a ZyXEL device RADIUS server for user aut...

Page 415: ...ZyXEL G 2000 Plus v2 User s Guide 415 Figure 232 Sequences for PEAP MS CHAP V2 Authentication...

Page 416: ...ZyXEL G 2000 Plus v2 User s Guide 416...

Page 417: ...t data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certifications are needed by both the server...

Page 418: ...02 1x For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deployment a...

Page 419: ...esponsible for choosing the most appropriate access point depending on the signal strength network utilization or other factors The roaming feature on the access points allows the access points to rel...

Page 420: ...e authentication Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas 1 All the access points must be on the same subnet an...

Page 421: ...is a diagram that allows you to visualize the shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna...

Page 422: ...ennas are ideal for hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to poi...

Page 423: ...ckets between two Ethernet devices Some companies have more than one alternate route to one or more ISPs If the LAN and ISP s are in the same subnet the triangle route problem may occur The steps belo...

Page 424: ...XEL device being the gateway for each logical network By putting your LAN and Gateway B in different subnets all returning network traffic must pass through the ZyXEL device to your LAN The following...

Page 425: ...ond solution to the triangle route problem is to put all of your network gateways on the WAN side as the following figure shows This ensures that all incoming network traffic passes through your ZyXEL...

Page 426: ...ZyXEL G 2000 Plus v2 User s Guide 426...

Page 427: ...n Standard 410 Airflow 6 Allocated Budget 267 Alternative Subnet Mask Notation 387 American Wire Gauge 6 Antenna Directional 422 Omni directional 422 Antenna gain 421 AP 81 AP See also access point Ap...

Page 428: ...E 361 Precedence 359 Precedence Example 359 Certificate Authority 407 417 Certifications 5 channel 81 Channel ID 85 Charge 7 Circuit 4 Class B 4 Collision 324 Command Interpreter 347 Communications 4...

Page 429: ...ective 7 Denial of Service 134 135 311 Denmark Contact Information 8 Destination Address 147 DHCP 68 73 74 76 225 226 326 Diagnostic 332 Diagnostic Tools 323 Direct Sequence Spread Spectrum 404 Discla...

Page 430: ...Part 15 4 FCC Rules 4 Federal Communications Commission 4 FHSS 404 Filename Conventions 335 Filter 247 271 Applying 309 Example 306 Generic Filter Rule 304 Generic Rule 305 NAT 309 Remote Node 310 St...

Page 431: ...File Transfer 342 FTP Restrictions 167 FTP Server 288 Functionally Equivalent 7 G Gas Pipes 6 Gateway 274 Gateway IP Addr 270 Gateway IP Address 258 General Setup 51 67 241 Germany Contact Information...

Page 432: ...access 247 257 Internet Access Setup 258 277 Internet Control Message Protocol ICMP 138 Internet Security Gateway 37 Introduction to Filters 295 IP Address 74 77 118 119 121 250 258 270 274 326 333 I...

Page 433: ...ess Filtering 254 MAC Filter 97 MAC Filtering 40 Main Menu 238 Management Information Base MIB 173 314 Many to Many No Overload 116 Many to Many Overload 116 Many to One 116 Materials 7 Merchantabilit...

Page 434: ...Norway Contact Information 8 O One to One 116 Opening 6 Operating Condition 7 Out dated Warranty 7 Outlet 4 Outside 114 P Packet Filtering 143 Packet Filtering Firewalls 133 Packets 324 Pairwise Mast...

Page 435: ...o Communications 4 Radio Frequency Energy 4 Radio Interference 4 Radio Reception 4 Radio Technician 4 RADIUS 40 406 Shared Secret Key 407 RADIUS Message Types 406 RADIUS Messages 406 RADIUS server 83...

Page 436: ...s 7 Returns 7 RF signals 404 Rights 3 Rights Legal 7 RIP 74 270 Version 270 Risk 6 Risks 6 RMA 7 Roaming 99 419 Example 420 Requirements 420 Route 265 RTS Threshold 402 Rules 145 148 Checklist 146 Cre...

Page 437: ...Trap 314 Traps 315 Trusted Host 315 Source Address 147 154 Spain Contact Information 9 SSID 81 82 hide 82 SSID security 82 weaknesses 82 SSL Passthrough 40 Stateful Inspection 40 133 134 140 Process 1...

Page 438: ...Cord 6 Telephone 8 Television Interference 4 Television Reception 4 Telnet 356 Telnet Configuration 356 357 Telnet Under NAT 357 Temporal Key Integrity Protocol TKIP 410 TFTP Restrictions 357 TFTP Fil...

Page 439: ...se 83 RADIUS server 83 weaknesses 83 User Name 69 244 User Profiles 275 User Specified IP Addr 244 V Valid CI Commands 348 Value 7 Vendor 6 Ventilation Slots 6 Viewing Certifications 5 Voltage Supply...

Page 440: ...address filter 82 security 81 SSID 81 user authentication 82 wireless security 81 Wizard Setup 51 52 WLAN 399 Security parameters 413 Workmanship 7 Worldwide Contact Information 8 WPA 38 410 WPA2 38...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands