Home
/
ZyXEL Communications
/
P-320W
/
User Manual

ZyXEL Communications P-320W, User Manual

Share

187 pages before
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215

Page: 202 / 215

ZyXEL Communications P-320W User Manual Download Page 202

P-320W User’s Guide

202

Appendix F Wireless LANs

3

The wireless station replies with identity information, including username and password.

4

The RADIUS server checks the user information against its user profile database and
determines whether or not to authenticate the wireless station.

Types of Authentication

This section discusses some popular authentication types:

EAP-MD5

,

EAP-TLS

,

EAP-

TTLS

,

PEAP

and

LEAP

.

The type of authentication you use depends on the RADIUS server or the AP. Consult your
network administrator for more information.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server
sends a challenge to the wireless station. The wireless station ‘proves’ that it knows the
password by encrypting the password with the challenge and sends back the information.
Password is not sent in plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to
get the plaintext passwords, the passwords must be stored. Thus someone other than the
authentication server may access the password file. In addition, it is possible to impersonate an
authentication server as MD5 authentication method does not perform mutual authentication.
Finally, MD5 authentication method does not support data encryption with dynamic session
key. You must configure WEP encryption keys for data encryption.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless stations
for mutual authentication. The server presents a certificate to the client. After validating the
identity of the server, the client sends a different certificate to the server. The exchange of
certificates is done in the open before a secured tunnel is created. This makes user identity
vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the
sender’s identity. However, to implement EAP-TLS, you need a Certificate Authority (CA) to
handle certificates, which imposes a management overhead.

EAP-TTLS (Tunneled Transport Layer Service)

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the
server-side authentications to establish a secure connection. Client authentication is then done
by sending username and password through the secure connection, thus client identity is
protected. For client authentication, EAP-TTLS supports EAP methods and legacy
authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.

«
...
200
201
202
203
204
...
»

Summary of Contents for P-320W

Page 1: ...P 320W 802 11g Wireless Firewall Router User s Guide Version 1 00 11 2005 Edition 1...

Page 2: ......

Page 3: ...Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey...

Page 4: ...e harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the followi...

Page 5: ...ns Commission FCC Interference Statement 5 Certifications 1 Go to www zyxel com 2 Select your product from the drop down list box on the ZyXEL home page to go to that product s page 3 Select the certi...

Page 6: ...y is damaged remove it from the power outlet Do NOT attempt to repair the power supply Contact your local vendor to order a new power supply Place connecting cables carefully so that no one will step...

Page 7: ...n act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warra...

Page 8: ...sales zyxel dk 45 39 55 07 07 FINLAND support zyxel fi 358 9 4780 8411 www zyxel fi ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland sales zyxel fi 358 9 4780 8448 FRANCE info zyxel fr 33...

Page 9: ...zyxel se 46 31 744 7700 www zyxel se ZyXEL Communications A S Sj porten 4 41764 G teborg Sweden sales zyxel se 46 31 744 7701 UKRAINE support ua zyxel com 380 44 247 69 78 www ua zyxel com ZyXEL Ukrai...

Page 10: ...P 320W User s Guide 10 Customer Support...

Page 11: ...Features 30 1 3 Applications for the Prestige 31 1 3 1 Secure Broadband Internet Access via Cable or DSL Modem 31 1 3 2 Wireless LAN Application 32 1 3 3 Front Panel LEDs 32 Chapter 2 Introducing the...

Page 12: ...Wireless Security Overview 61 4 2 1 Encryption 61 4 2 2 Authentication 61 4 2 3 Restricted Access 62 4 2 4 Hide Prestige Identity 62 4 2 5 Using OTIST 62 4 3 Configuring Wireless LAN on the Prestige...

Page 13: ...raffic Redirect 90 5 9 Traffic Redirect Screen 90 Chapter 6 LAN 93 6 1 LAN Overview 93 6 1 1 IP Pool Setup 93 6 1 2 System DNS Servers 93 6 2 LAN TCP IP 93 6 2 1 Factory LAN Defaults 93 6 2 2 IP Addre...

Page 14: ...all 109 9 1 4 Guidelines For Enhancing Security With Your Firewall 110 9 2 General Firewall Screen 110 9 3 Services Screen 111 9 3 1 Services 113 Chapter 10 Static Route Screens 115 10 1 Static Route...

Page 15: ...Dynamic DNS 136 13 3 1 DynDNS Wildcard 136 13 4 Dynamic DNS Screen 137 13 5 Time Setting Screen 137 Chapter 14 Logs 141 14 1 View Log 141 14 2 Log Settings 142 Chapter 15 Tools 145 15 1 Firmware Uplo...

Page 16: ...ava Permissions 159 16 6 2 ActiveX Controls in Internet Explorer 161 Appendix A Product Specifications 163 Appendix B IP Subnetting 165 Appendix C Setting up Your Computer s IP Address 173 Appendix D...

Page 17: ...ard STEP 2 Wireless LAN 48 Figure 16 Basic WEP Security 49 Figure 17 Extend WPA PSK Security 50 Figure 18 OTIST 51 Figure 19 Connection Wizard STEP 3 WAN Connection Type 52 Figure 20 Ethernet Connecti...

Page 18: ...ort Forwarding 104 Figure 59 NAT Port Forwarding Rule Setup 105 Figure 60 Trigger Port Forwarding Process Example 107 Figure 61 NAT Trigger Port 108 Figure 62 Firewall General 110 Figure 63 Firewall S...

Page 19: ...ure 101 Internet Options 155 Figure 102 Internet Options 156 Figure 103 Pop up Blocker Settings 157 Figure 104 Internet Options 158 Figure 105 Security Settings Java Scripting 159 Figure 106 Security...

Page 20: ...0 DNS Settings in resolv conf 187 Figure 131 Red Hat 9 0 Restart Ethernet Card 188 Figure 132 Red Hat 9 0 Checking TCP IP Properties 188 Figure 133 Single Computer per Router Hardware Configuration 1...

Page 21: ...ction Type 55 Table 16 Your IP Address 57 Table 17 Example of Network Properties for LAN Servers with Fixed IP Addresses 57 Table 18 WAN MAC Address 58 Table 19 ZyAIR Wireless Security Levels 63 Table...

Page 22: ...UPnP 126 Table 56 System General 136 Table 57 Dynamic DNS 137 Table 58 Time Setting 138 Table 59 View Log 142 Table 60 Log Settings 143 Table 61 Maintenance Firmware Upload 145 Table 62 Maintenance R...

Page 23: ...ble 81 Subnet 4 170 Table 82 Eight Subnets 170 Table 83 Class C Subnet Planning 170 Table 84 Class B Subnet Planning 171 Table 85 IEEE802 11g 199 Table 86 Comparison of EAP Authentication Types 205 Ta...

Page 24: ...P 320W User s Guide 24...

Page 25: ...nning right away They contain connection information and instructions on getting started Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary informa...

Page 26: ...320W User s Guide 26 Preface e g is a shorthand for for instance and i e means that is or in other words Graphics Icons Key Prestige Computer Notebook computer Server DSLAM Firewall Modem Switch Route...

Page 27: ...be Prestige features 1 2 1 Physical Features 10 100 Mbps Auto negotiating Ethernet Fast Ethernet Interface s This auto negotiation feature allows the Prestige to detect the speed of incoming transmiss...

Page 28: ...ring leaving your network Time and Date The Prestige allows you to get the current time and date from an external server when you turn on your Prestige You can also set the time manually Universal Plu...

Page 29: ...and version two SNMPv2 Network Address Translation NAT Network Address Translation NAT allows the translation of an Internet protocol address used within one network for example a private IP address u...

Page 30: ...N The firmware of the Prestige can be upgraded via the LAN refer to Maintenance F W Upload Screen Embedded FTP and TFTP Servers The Prestige s embedded FTP and TFTP Servers enable fast firmware upgrad...

Page 31: ...ettings WEP or WPA PSK to the ZyXEL wireless adapters that support OTIST and are within transmission range The ZyXEL wireless adapters must also have OTIST enabled Association List With the associatio...

Page 32: ...ge area and use resources on the wired network Figure 2 Internet Access Application Example 1 3 3 Front Panel LEDs Figure 3 Front Panel The following table describes the LEDs Table 1 Front Panel LEDs...

Page 33: ...ernet connection Blinking The Prestige is sending receiving data None Off The WAN connection is not ready or has failed WLAN Green On The Prestige is ready but is not sending receiving data through th...

Page 34: ...P 320W User s Guide 34 Chapter 1 Getting to Know Your Prestige...

Page 35: ...e web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissio...

Page 36: ...4 Login 5 Select your language click Apply Figure 5 Language Selection 6 You should see a screen asking you to change your password highly recommended as shown next Type a new password and retype it t...

Page 37: ...tige If you forget your password or cannot access the web configurator you will need to use the RESET button at the back of the Prestige to reload the factory default configuration file This means tha...

Page 38: ...ent wizard Click this icon to view copyright and a link for related product information Click this icon at any time to exit the web configurator Select a number of seconds or None from the drop down l...

Page 39: ...wireless LAN Channel This shows the channel number which the Prestige uses over the wireless LAN Security Mode This shows the level of wireless security the Prestige is using System Status System Upti...

Page 40: ...nd to always assign an IP address to a MAC address and host name NAT General Use this screen to enable NAT Port Forwarding Use this screen to configure servers behind the Prestige Trigger Port Use thi...

Page 41: ...e s DHCP server Figure 9 Summary DHCP Table The following table describes the labels in this screen Table 5 Summary DHCP Table LABEL DESCRIPTION This is the index number of the host computer IP Addres...

Page 42: ...s Association List LABEL DESCRIPTION This is the index number of an associated wireless station MAC Address This field displays the MAC address of an associated wireless station Association Time This...

Page 43: ...r WLAN port TxPkts This is the number of transmitted packets on this port RxPkts This is the number of received packets on this port System Up Time This is the total time the Prestige has been on Poll...

Page 44: ...P 320W User s Guide 44 Chapter 2 Introducing the Web Configurator...

Page 45: ...cess the Internet Refer to your ISP Internet Service Provider checklist in the Quick Start Guide to know what to enter in each field Leave a field blank if you don t have that information 1 After you...

Page 46: ...tart Settings and Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the System N...

Page 47: ...be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores _ are accepted Domain Name Type the domain name if you know it here If you leave this field blank the ISP may...

Page 48: ...urity with a default Pre Shared Key and only if your wireless clients support WPA PSK If you choose this option skip directly to Section 3 3 3 on page 51 Choose None to have no wireless LAN security c...

Page 49: ...ssphrase up to 32 printable characters and click Generate The Prestige automatically generates four different WEP keys Generate After you enter the passphrase click Generate to have the Prestige gener...

Page 50: ...WEP key for data transmission If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal c...

Page 51: ...to do this Back Click Back to display the previous screen Next Click Next to proceed to the next screen Exit Click Exit to close the wizard screen without saving 3 3 3 OTIST The following screen allo...

Page 52: ...me OTIST Setup Key on the Prestige and wireless clients Back Click Back to display the previous screen Next Click Next to proceed to the next screen Exit Click Exit to close the wizard screen without...

Page 53: ...PPTP option for a dial up connection 3 4 1 Ethernet Connection Type Choose Ethernet when the WAN port is used as a regular Ethernet Figure 20 Ethernet Connection Type 3 4 2 PPPoE Connection Type Poin...

Page 54: ...individual computers the computers on the LAN do not need PPPoE software installed since the Prestige does that part of the task Furthermore with NAT all of the LAN s computers will have Internet acc...

Page 55: ...estige supports one PPTP server connection at any given time Figure 22 PPTP Connection Type The following table describes the fields in this screen Table 15 PPTP Connection Type LABEL DESCRIPTION ISP...

Page 56: ...signed to you by your ISP if given Server IP Address Type the IP address of the PPTP server Connection ID Name Enter the connection ID or connection name in this field It must follow the c id and n na...

Page 57: ...dia Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You can configure the WAN port s MAC address by...

Page 58: ...onfigured the address will be copied to the rom file ZyNOS configuration file It will not change unless you change the setting or upload a different ROM file It is advisable to clone the MAC address f...

Page 59: ...igure 25 Connection Wizard Complete Click Finish to complete the wizard setup and save your configuration Figure 26 Connection Wizard Congratulation Well done You have successfully set up your Prestig...

Page 60: ...P 320W User s Guide 60 Chapter 3 Connection Wizard...

Page 61: ...authentication restricting access by device MAC address and hiding the Prestige identity 4 2 1 Encryption Use WPA security if you have WPA aware wireless clients and a RADIUS server WPA has user auth...

Page 62: ...nfigure the settings on the AP and then manually configure the exact same settings on each wireless client OTIST One Touch Intelligent Security Technology allows you to transfer your AP s SSID and WEP...

Page 63: ...Wi Fi Protected Access WPA Note You must enable the same wireless security settings on the Prestige and on all wireless clients that you want to associate with it 4 4 General Wireless LAN Screen Note...

Page 64: ...e the wireless settings of your computer to match the Prestige s new settings Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through...

Page 65: ...4 2 WEP Encryption WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private It encrypts unicast and multicast communica...

Page 66: ...enerate to have the Prestige generates four different WEP keys automatically Clear Click Clear to discard the passphrase you configured in the Passphrase field and the WEP key s generated automaticall...

Page 67: ...AP and all wireless clients The Pre Shared Key PSK must consist of between 8 and 63 ASCII characters including spaces and symbols 2 The AP checks each wireless client s password and only allows it to...

Page 68: ...llowing table describes the labels in this screen Table 23 Wireless WPA PSK LABEL DESCRIPTION Pre Shared Key The encryption mechanisms used for WPA and WPA PSK are the same The only difference between...

Page 69: ...the pair wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients Figure 32 WPA with RADIUS App...

Page 70: ...structs you to do so with additional information Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the Prestige The...

Page 71: ...the Wireless LAN link under Network to display the General screen Select 802 1x Dynamic WEP from the Security Mode list Figure 34 Wireless 802 1x and Dynamic WEP The following table describes the lab...

Page 72: ...s MUST use the same Setup key 4 5 1 1 AP You can enable OTIST using the Reset button or the web configurator 4 5 1 1 1 Reset button If you use the Reset button the default 01234567 or previous saved...

Page 73: ...en displays Figure 35 Wireless OTIST The following table describes the labels in this screen Table 26 Wireless OTIST LABEL DESCRIPTION Setup Key Type an OTIST Setup Key of exactly eight ASCII characte...

Page 74: ...WPA PSK configured in the Wireless General screen and you run OTIST with Yes selected OTIST will not replace the WPA PSK Clear the checkbox in the OTIST screen If you want OTIST to automatically gener...

Page 75: ...Figure 37 Security Key 2 This screen appears while OTIST settings are being transferred It closes when the transfer is complete Figure 38 OTIST in Progress AP Figure 39 OTIST in Progress Client In the...

Page 76: ...gain or enter them manually in the wireless client s 5 If you configure OTIST to generate a WPA PSK key this key changes each time you run OTIST Therefore if a new wireless client joins your wireless...

Page 77: ...ddresses not listed will be allowed to access the Prestige Select Allow to permit access to the Prestige MAC addresses not listed will be denied access to the Prestige Set This is the index number of...

Page 78: ...ending preamble means more time for sending data All IEEE 802 11b compliant wireless adapters support long preamble but not all support short preamble Select Long preamble if you are unsure what pream...

Page 79: ...s Guide Chapter 4 Wireless LAN 79 Apply Click Apply to save your changes back to the Prestige Reset Click Reset to reload the previous configuration for this screen Table 28 Wireless Advanced LABEL D...

Page 80: ...P 320W User s Guide 80 Chapter 4 Wireless LAN...

Page 81: ...n and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should cons...

Page 82: ...DNS Server Address Assignment Use DNS Domain Name System to map a domain name to its corresponding IP address and vice versa for instance the IP address of www zyxel com is 204 217 0 2 The DNS server...

Page 83: ...rt s MAC address by either using the factory default or cloning the MAC address from a computer on your LAN Once it is successfully configured the address will be copied to the rom file ZyNOS configur...

Page 84: ...Toshiba authentication method or Telia Login The following fields do not appear with the Standard service type WAN IP Address Assignment Get automatically from ISP Select this option If your ISP did...

Page 85: ...nting PPPoE directly on the Prestige rather than individual computers the computers on the LAN do not need PPPoE software installed since the Prestige does that part of the task Furthermore with NAT a...

Page 86: ...r and ISP carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the router rather than individual computers the computers on th...

Page 87: ...IP address in this field if you selected Use Fixed IP Address Remote IP Address Enter the Remote IP Address if your ISP gave you one in this field Remote IP Subnet Mask Enter the Rmote IP subnet Mask...

Page 88: ...er of data from a remote client to a private server creating a Virtual Private Network VPN using TCP IP based networks PPTP supports on demand multi protocol and virtual private networking over public...

Page 89: ...Name Type your identification name for the PPTP server WAN IP Address Assignment Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address This is the default sel...

Page 90: ...y to save your changes back to the Prestige Reset Click Reset to begin configuring this screen afresh 5 8 Traffic Redirect Traffic redirect forwards WAN traffic to a backup gateway when the Prestige c...

Page 91: ...using PPTP or PPPoE Encapsulation type 0 0 0 0 to configure the Prestige to check the PVC Permanent Virtual Circuit or PPTP tunnel Fail Tolerance Type the number of times your Prestige may attempt and...

Page 92: ...P 320W User s Guide 92 Chapter 5 WAN...

Page 93: ...uters for instance servers for mail FTP TFTP web etc that you may have 6 1 2 System DNS Servers Refer to the IP Address and Subnet Mask section in the Wizard Connection chapter 6 2 LAN TCP IP The Pres...

Page 94: ...LABEL DESCRIPTION LAN TCP IP IP Address Type the IP address of your Prestige in dotted decimal notation 192 168 1 1 factory default IP Subnet Mask The subnet mask specifies the network number portion...

Page 95: ...m a server You can configure the Prestige as a DHCP server or disable it When configured as a server the Prestige provides the TCP IP configuration for the clients If DHCP service is disabled you must...

Page 96: ...omain Name System server IP address in the order you specify here to the DHCP clients The Prestige only passes this information to the LAN DHCP clients when you select the Enable DHCP Server check box...

Page 97: ...to save your changes back to the Prestige Reset Click Reset to begin configuring this screen afresh 7 4 Client List Screen The DHCP table shows current DHCP client information including IP Address Hos...

Page 98: ...e to your computer six pairs of hexadecimal notation A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory This address follows an industry stand...

Page 99: ...sts while the web servers on the Internet are the outside hosts Global local denotes the IP address of a host in a packet as the packet traverses a router For example the local address refers to the I...

Page 100: ...web server and a telnet server on your local network and make them accessible to the outside world If you do not define any servers for Many to One and Many to Many Overload mapping NAT offers the add...

Page 101: ...Ns logical LANs using IP Alias behind the Prestige can communicate with three distinct WAN networks More examples follow at the end of this chapter Figure 55 NAT Application With IP Alias 8 1 5 Defaul...

Page 102: ...o specify a range of port numbers In addition to the servers for specified services NAT supports a default server A service request that does not have a server explicitly designated for it is forwarde...

Page 103: ...ind NAT Example 8 2 General NAT Screen Click the NAT link under Network to open the General screen Figure 57 NAT General The following table describes the labels in this screen Table 42 NAT General LA...

Page 104: ...y configured rules 1 to 6 in your current set and now you configure rule number 9 In the set summary screen the new rule will be rule 7 not 9 Now if you delete rule 4 rules 5 to 7 will be pushed up by...

Page 105: ...forwarding of these ports to an inside server without having to delete the entry Name This field displays a name to identify this port forwarding rule Start Port This field displays a start port numbe...

Page 106: ...forwarding port in NAT to forward a service coming in from the server on the WAN to the IP address of a computer on the client side LAN The problem is that port forwarding only forwards a service to a...

Page 107: ...he Real Audio server until the connection is closed or times out The Prestige times out in three minutes with UDP User Datagram Protocol or two hours with TCP IP Transfer Control Protocol Internet Pro...

Page 108: ...rt or range of ports to the client computer on the LAN that requested the service Start Port Type a port number or the starting port number in a range of port numbers End Port Type a port number or th...

Page 109: ...ection Firewall Stateful inspection firewalls restrict access by screening data packets against defined access rules They make access control decisions based on IP address and protocol They also inspe...

Page 110: ...b configurator 2 Think about access control before you connect to the network in any way including attaching a modem to the port 3 Limit who can access your router 4 Don t enable any local service suc...

Page 111: ...rotects against Denial of Service DoS attacks when the firewall is activated Apply Click Apply to save the settings Reset Click Reset to start configuring this screen again 9 3 Services Screen Click t...

Page 112: ...and or UDP Select from either TCP or UDP Port Number Enter the port number range that defines the service For example suppose you want to define the Gnutella service Select TCP type and enter a port...

Page 113: ...to find out if a user is logged on FTP TCP 20 21 File Transfer Program a program to enable fast transfer of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting us...

Page 114: ...nsfer Protocol is the message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP U...

Page 115: ...e the Prestige knows about network N2 in the following figure through remote node router R1 However the Prestige is unable to route a packet to network N3 because it doesn t know that there is a route...

Page 116: ...dress of the final destination Routing is always based on network number Gateway This is the IP address of the gateway The gateway is an immediate neighbor of your Prestige that will forward the packe...

Page 117: ...e IP subnet mask here Gateway IP Address Enter the IP address of the gateway The gateway is an immediate neighbor of your Prestige that will forward the packet to the destination On the LAN the gatewa...

Page 118: ...P 320W User s Guide 118 Chapter 10 Static Route Screens...

Page 119: ...rules You may manage your Prestige from a remote location via LAN only ALL LAN and WAN To disable remote management of a service select LAN in the corresponding Server Access field 11 1 1 Remote Manag...

Page 120: ...describes the labels in this screen Table 51 WWW Remote Management LABEL DESCRIPTION Server Port You may change the server port number for a service if needed however you must use the same port numbe...

Page 121: ...tware module that resides in a managed device the Prestige An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console thro...

Page 122: ...MP manager when any one of the following events occurs Table 52 SNMP Traps TRAP TRAP NAME DESCRIPTION 0 coldStart defined in RFC 1215 A trap is sent after booting power on 1 warmStart defined in RFC 1...

Page 123: ...rusted computer that is allowed to communicate with the Prestige using this service Select All to allow any computer to access the Prestige using this service Choose Selected to just allow the compute...

Page 124: ...and error reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol IP datagrams but the messages are processed by the TCP IP software and directly apparent t...

Page 125: ...icon of a UPnP device will allow you to access the information and properties of that device 12 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate through...

Page 126: ...AN Please see later in this User s Guide for examples of installing UPnP in Windows XP and Windows Me as well as an example of using UPnP in Windows 12 3 UPnP Screen Click the UPnP link under Manageme...

Page 127: ...ollow the steps below to install UPnP in Windows Me 1 Click Start and Control Panel Double click Add Remove Programs 2 Click on the Windows Setup tab and select Communication in the Components selecti...

Page 128: ...nstalling UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advan...

Page 129: ...ersal Plug and Play check box Figure 76 Networking Services Click OK to go back to the Windows Optional Networking Component Wizard window and click Next 12 5 Using UPnP in Windows XP Example This sec...

Page 130: ...12 5 1 Auto discover Your UPnP enabled Network Device 1 Click Start and Control Panel Double click Network Connections An icon displays under Internet Gateway 2 Right click the icon and select Propert...

Page 131: ...Guide Chapter 12 UPnP 131 Figure 78 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings Figure 79 Internet Connection Properties Advan...

Page 132: ...s disconnected from your computer all port mappings will be deleted automatically 6 Select Show icon in notification area when connected option and click OK An icon displays in the system tray Figure...

Page 133: ...t know the IP address of the ZyXEL device Follow the steps below to access the web configurator 1 Click Start and then Control Panel 2 Double click Network Connections 3 Select My Network Places under...

Page 134: ...84 Network Connections My Network Places 6 Right click on the icon for your Prestige and select Properties A properties window displays with basic information about the Prestige Figure 85 Network Con...

Page 135: ...provides information on the System screens 13 1 System Overview See the Wizard Setup chapter for more information on the next few screens 13 2 General Screen Click the System link under Maintenance an...

Page 136: ...em in this field New Password Type your new system password up to 30 characters Note that as you type a password the screen displays an asterisk for each character you type Retype to Confirm Type the...

Page 137: ...rovider Host Name Enter a host namesin the feld provided You can specify up to two host names in the field separated by a comma User Name Enter your user name Password Enter the password assigned to y...

Page 138: ...Manual Select this radio button to enter the time and date manually If you configure a new time and date Time Zone and Daylight Saving at the same time the new time and date you entered has priority a...

Page 139: ...aylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening Select this option if yo...

Page 140: ...P 320W User s Guide 140 Chapter 13 System...

Page 141: ...explanations 14 1 View Log The web configurator allows you to look at all of the Prestige s logs in one location Click the Logs link under Maintenance to open the View Log screen Log entries in red i...

Page 142: ...You can configure the Prestige s general log settings in one location Click the Logs link under Maintenance in the navigation panel and the Log Settings tab to open the Log Settings screen Use the Lo...

Page 143: ...want to be in the subject line of the log e mail message that the Prestige sends Not all Prestige models have this field Send Log To The Prestige sends logs to the e mail address specified in this fie...

Page 144: ...ver that will log the selected categories of logs Log Facility Select a location from the drop down list box The log facility allows you to log the messages to different files in the syslog server Ref...

Page 145: ...the system will reboot Click the Tools link under Maintenance in the navigation panel Follow the instructions in this screen to upload firmware to your Prestige Figure 91 Maintenance Firmware Upload...

Page 146: ...network disconnect In some operating systems you may see the following icon on your desktop Figure 93 Network Temporarily Disconnected After two minutes log in again and check your new firmware versio...

Page 147: ...p configuration file will be useful in case you need to return to your previous settings Click Backup to save the Prestige s current configuration to your computer 15 2 2 Restore Configuration Restore...

Page 148: ...See the appendix for details on how to set up your computer s IP address If the upload was not successful the following screen will appear Figure 98 Configuration Restore Error 15 2 3 Back to Factory...

Page 149: ...P 320W User s Guide Chapter 15 Tools 149 Figure 99 System Restart...

Page 150: ...P 320W User s Guide 150 Chapter 15 Tools...

Page 151: ...that the Prestige and the power source are both turned on Turn the Prestige off and on If the error persists you may have a hardware problem In this case you should contact your vendor 16 2 Problems w...

Page 152: ...I cannot access the Internet Make sure the Prestige is turned on and connected to the network Verify your WAN settings Refer to the chapter on WAN setup Make sure you entered the correct user name an...

Page 153: ...our WAN connection Use the Prestige s LAN IP address when configuring from the LAN Refer to for instructions on checking your LAN connection Check that you have enabled web service access If you have...

Page 154: ...p blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address 16 6...

Page 155: ...e this setting 16 6 1 1 2 Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Int...

Page 156: ...ce the web page that you do not want to have blocked with the prefix http For example http 192 168 1 1 4 Click Add to move the IP address to the list of Allowed sites Note If you change the IP address...

Page 157: ...lick Close to return to the Privacy screen 6 Click Apply to save this setting 16 6 1 2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScripts...

Page 158: ...4 Internet Options 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that En...

Page 159: ...Java Scripting 16 6 1 3 Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java perm...

Page 160: ...Figure 106 Security Settings Java 16 6 1 3 1 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected...

Page 161: ...nternet Explorer 6 are shown Steps may vary depending on your version of Internet Explorer 1 In Internet Explorer click Tools Internet Options and then the Security tab 2 In the Internet Options windo...

Page 162: ...P 320W User s Guide 162 Chapter 16 Troubleshooting Figure 109 Security Setting ActiveX Controls...

Page 163: ...net ports Operation Temperature 0 C 65 C Storage Temperature 20 60 C Operation Humidity 15 90 RH Storage Humidity 10 90 RH Table 70 Firmware Standards IEEE 802 3 Ethernet IEEE 802 3u Fast Ethernet IEE...

Page 164: ...OTIST One Touch Intelligent Security Technology IEEE 802 1x External Radius server using EAP MD5 TLS TTLS Firewall Stateful Packet Inspection Prevent Denial of Service attacks such as Fraggle SYN Flo...

Page 165: ...the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octets...

Page 166: ...twork number and which bits are part of the host ID using a logical AND operation A subnet mask has 32 is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the...

Page 167: ...55 255 224 27 1110 0000 255 255 255 240 28 1111 0000 255 255 255 248 29 1111 1000 255 255 255 252 30 1111 1100 The first mask shown is the class C natural mask Normally if no mask is specified it is u...

Page 168: ...s 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask 255 255 255 128 Subnet Mask Binary 11111111 11111111 11111111 10000000 Subnet Address 192 168 1 128 Lowest Host ID 192...

Page 169: ...IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highes...

Page 170: ...110 The following table shows class C IP address last octet values for each subnet Table 82 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63...

Page 171: ...bnetting The following table is a summary for class B subnet planning Table 84 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255...

Page 172: ...P 320W User s Guide 172 Appendix B IP Subnetting...

Page 173: ...quires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriat...

Page 174: ...crosoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need...

Page 175: ...ter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP address...

Page 176: ...the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your Prestige and restart your computer when prompted Verifying Settings 1 Click Start a...

Page 177: ...s IP Address 177 Figure 113 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 114 Windows XP Control Panel 3 Righ...

Page 178: ...tions Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties Figure 116 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Prope...

Page 179: ...additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two st...

Page 180: ...General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server ad...

Page 181: ...Connections window Network and Dial up Connections in Windows 2000 NT 11Turn on your Prestige and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then...

Page 182: ...up Your Computer s IP Address Figure 120 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 121 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select...

Page 183: ...Save if prompted to save changes to your configuration 7 Turn on your Prestige and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window...

Page 184: ...sk in the Subnet mask box Type the IP address of your Prestige in the Router address box 5 Click Apply Now and close the window 6 Turn on your Prestige and restart your computer if prompted Verifying...

Page 185: ...ow to configure your computer IP address using the KDE 1 Click the Red Hat button located on the bottom left corner select System Setting and click Network Figure 124 Red Hat 9 0 KDE Network Configura...

Page 186: ...server IP address es click the DNS tab in the Network Configuration screen Enter the DNS server information in the fields provided Figure 126 Red Hat 9 0 KDE Network Configuration DNS 5 Click the Dev...

Page 187: ...cimal notation and type NETMASK followed by the subnet mask The following example shows an example where the static IP address is 192 168 1 10 and the subnet mask is 255 255 255 0 Figure 129 Red Hat 9...

Page 188: ...s Enter ifconfig in a terminal screen to check your TCP IP properties Figure 132 Red Hat 9 0 Checking TCP IP Properties root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet a...

Page 189: ...manner similar to dial up services using PPP Benefits of PPPoE PPPoE offers the following benefits It provides you with a familiar dial up networking DUN user interface It lessens the burden on the ca...

Page 190: ...Concentrator and tunnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is betwee...

Page 191: ...that it requires one separate ATM VC per destination Figure 135 Transport PPP frames over Ethernet PPTP and the ZyWALL When the ZyWALL is deployed in such a setup it appears as a computer to the ANT I...

Page 192: ...y The phone call is between the user and the PAC and the PAC tunnels the PPP frames to the PNS The PPTP user is unaware of the tunnel between the PAC and the PNS Figure 136 PPTP Protocol Overview Micr...

Page 193: ...age Exchange between Computer and an ANT PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE General Routing Encapsulation RFC 1701 1702 The individual calls within a tunn...

Page 194: ...P 320W User s Guide 194 Appendix E PPTP...

Page 195: ...or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an Ad hoc wireless LAN Figure 138 Peer to Peer Communication in an Ad...

Page 196: ...connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network b...

Page 197: ...erlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and...

Page 198: ...ission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without th...

Page 199: ...preamble However not all wireless adapters support short preamble Use long preamble if you are unsure what preamble mode the wireless adapters support to ensure interpretability between the AP and the...

Page 200: ...reless stations RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADIUS...

Page 201: ...ed is also encrypted to protect the network from unauthorized access EAP Authentication EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE802 1x transpor...

Page 202: ...thentication server as MD5 authentication method does not perform mutual authentication Finally MD5 authentication method does not support data encryption with dynamic session key You must configure W...

Page 203: ...on EAP GTC is implemented only by Cisco LEAP LEAP Lightweight Extensible Authentication Protocol is a Cisco implementation of IEEE 802 1x WEP Encryption WEP encryption scrambles the data transmitted b...

Page 204: ...e using the AP s default WEP key If the decrypted message matches the challenge text the wireless station is authenticated When your device authentication method is set to open system it will only acc...

Page 205: ...cation Protocol EAP to authenticate wireless stations using an external RADIUS database Encryption WPA improves data encryption by using Temporal Key Integrity Protocol TKIP or Advanced Encryption Sta...

Page 206: ...rd guessing attacks but it s still an improvement over WEP as it employs an easier to use consistent single alphanumeric password Security Parameters Summary Refer to this table to see what other secu...

Page 207: ...bout the change The new information is then propagated to the other access points on the LAN An example is shown in Figure 144 If the roaming feature is not enabled on the access points information is...

Page 208: ...802 1x user authentication is enabled and to be done locally on the access point the new access point must have the user profile for the wireless station 3 The adjacent access points should use differ...

Page 209: ...rn A radiation pattern is a diagram that allows you to visualize the shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF bea...

Page 210: ...rn typically ranges from 20 degrees less directional to 90 degrees very directional The directional antennas are ideal for hallways and outdoor point to point applications Positioning Antennas In gene...

Page 211: ...e Authority 202 Certifications 5 Changes or Modifications 4 Channel 197 Interference 197 Channel ID 64 Charge 7 Circuit 4 Class B 4 Communications 4 Compliance FCC 4 Components 7 Condition 7 Configura...

Page 212: ...7 Fragmentation Threshold 198 Fragmentation threshold 198 France Contact Information 8 FTP 93 102 119 136 FTP Restrictions 119 Functionally Equivalent 7 G Gas Pipes 6 General Setup 135 General wirele...

Page 213: ...th America 6 North America Contact Information 8 Norway Contact Information 8 O Opening 6 Operating Condition 7 OTIST 72 OTIST Wizard 51 Out dated Warranty 7 Outlet 4 Outside 100 P Packet statistics 4...

Page 214: ...198 S Safety Warnings 6 Security Parameters 206 Separation Between Equipment and Receiver 4 Serial Number 8 Service 6 7 Service Personnel 6 Service Set 64 Service Type 152 Services 102 111 Shipping 7...

Page 215: ...Web Configurator 35 37 Web Site 8 WEP Wired Equivalent Privacy 31 WEP Encryption 66 68 WEP encryption 65 203 Wet Basement 6 Wi Fi Protected Access 67 Wi Fi Protected Access WPA 30 Wireless association...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands