manualshive.com logo in svg

ZyXEL Communications VFG6005, User Manual

Share
Download
ZyXEL Communications VFG6005 User Manual Download Page 145

 

136 

 

EAP-MD5 (Message-Digest Algorithm 5) 

MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the 

wireless stat

ion. The wireless station ‗proves‘ that it knows the password by encrypting the password with the challenge 

and sends back the information. Password is not sent in plain text.   

However, MD5 authentication has some weaknesses. Since the authentication server needs to get the plaintext 

passwords, the passwords must be stored. Thus someone other than the authentication server may access the password 

file. In addition, it is possible to impersonate an authentication server as MD5 authentication method does not perform 

mutual authentication. Finally, MD5 authentication method does not support data encryption with dynamic session key. 

You must configure WEP encryption keys for data encryption.   

EAP-TLS (Transport Layer Security) 

With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The 

server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to 

the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity 

vulnerable to passive attacks. A digital certificate is an electronic ID card that authenticates the sender‘s identity. However, 

to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which imposes a management 

overhead.   

EAP-TTLS (Tunneled Transport Layer Service)   

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-side authentications to 

establish a secure connection. Client authentication is then done by sending username and password through the secure 

connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy 

authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.   

PEAP (Protected EAP)       

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username 

and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, 

PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for 

client authentication. EAP-GTC is implemented only by Cisco. 

LEAP 

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x.   

Dynamic WEP Key Exchange 

The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times 

out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. 

Summary of Contents for VFG6005

Page 1: ...i VFG6005 Series VPN Firewall Gateway User s Guide IP Address http 192 168 10 1 Login admin Password 1234 Firmware Version 2 07 Edition 1 5 2011 www us zyxel com ...

Page 2: ...o help you get up and running right away It contains information on setting up your network and configuring for Internet access Supporting Disc Refer to the included CD for support documents ZyXEL Web Site Please refer to www us zyxel com for additional support documentation and product certifications User Guide Feedback Help us help you Send all User Guide related comments questions or suggestion...

Page 3: ...Date that you received or purchased your device Brief description of the problem including any steps that you have taken before contacting the ZyXEL Customer Support representative Support Email 0H support zyxel com Toll Free 1 800 978 7222 Website 1H www us zyxel com Postal mail ZyXEL Communications Inc 1130 N Miller Street Anaheim CA 92806 2001 U S A ...

Page 4: ...ld font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Admin Log means you first click Admin in...

Page 5: ...v Icons Used in Figures Figures in this User s Guide may use the following generic icons The VFG icon is not an exact representation of your device ...

Page 6: ...North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution If the power adaptor or cord is damaged remove it from the power outlet Do NOT attempt to repair the power adaptor or cord Contact y...

Page 7: ...SERS 107H7 18H3 2 FOR WINDOWS 2000 USERS 108H9 19H3 3 FOR WINDOWS 98 ME USERS 109H11 20H3 4 FOR WINDOWS 7 USERS 110H13 21HCHAPTER4 ACCESSING THE GATEWAY 111H15 22H4 1 START UP AND LOG IN 112H15 23HCHAPTER5 BASIC SETTINGS 113H16 24H5 1 WAN SETUP 114H16 25H5 1 1 DHCP automatic IP address assignment 115H18 26H5 1 2 Static Fixed IP address assignment 116H18 27H5 1 3 PPPoE connected by username passwor...

Page 8: ...143H48 54H7 6 1 VPN PPTP Settings 144H48 55H7 6 2 Add VPN PPTP Rule 145H50 56H7 7 VPN L2TP SETUP 146H51 57H7 7 1 VPN L2TP Settings 147H51 58H7 7 2 Add VPN L2TP Rule 148H52 59H7 8 VPN IPsec SETUP 149H53 60H7 8 1 VPN IPsec Settings 150H53 61H7 8 2 Add VPN IPsec Rule 151H54 62HCHAPTER8 APPLICATIONS SETTINGS 152H56 63H8 1 PORT RANGE FORWARD SETUP 153H56 64H8 1 1 Port Range Forward Settings 154H57 65H8...

Page 9: ...R10 ADMIN 168H71 79H10 1 MANAGEMENT 169H71 80H10 2 SYSTEM UTILITIES 170H73 81H10 3 TIME SETUP 171H75 82H10 4 LOG 172H76 83HCHAPTER11 STATUS 173H77 84H11 1 ROUTER INFORMATION 174H77 85H11 2 TRAFFIC 175H80 86H11 3 SESSION 176H81 87H11 4 USER DHCP 177H82 88H11 5 USER Current 178H82 ...

Page 10: ...supports the latest 802 11n wireless technology VFG6005N offering a true mobile broadband sharing solution Complete Mobile Cellular USB Modem Support ZyXEL s VFG6005 Series VPN Firewall Gateway provides support for most major Mobile Cellular USB modems Simply use your existing USB modem and service provider to create a mobile broadband sharing environment Find our compatibility list here 89Hhttp w...

Page 11: ...onnectivity Does not do load sharing on both connections at the same time PPTP and IPsec VPN Server PPTP VPN support provides a secured data connection for use with Window s built in VPN Client Android or iPhone smartphones or other legacy VPN Clients IPSec VPN support provides enterprise level data security to full featured IPSec VPN Clients or other VPN gateways In either case ZyXEL s VFG6005 Se...

Page 12: ...ENT One ZyXEL VFG6005 VFG6005N Series VPN Firewall Gateway One User Manual CD One Quick Installation Guide One Power Adaptor One Ethernet Network Cable One USB extension cable Two Detachable Dipole Antennas VFG6005N only ...

Page 13: ...enabled Off Wireless connection is disabled Red On ZyXEL VFG6005 Series VPN Firewall Gateway is faulty please contact our customer service team contact info at the end of this document WAN WAN Activity Green On The Ethernet WAN port is connected Blinking Data is being transmitted via the WAN port Off Ethernet Mobile WAN is disconnected Orange On The Mobile WAN is connected LAN 1 2 3 4 LAN Activity...

Page 14: ...EL VFG6005 Series VPN Firewall Gateway will restart automatically and reset the settings to factory default USB The port for connecting your 3G USB adapter Please use USB port 1 as indicated on the top cover USB port 2 is not used LAN yellow The ports for connecting your computers printer or other devices for making a wired connection WAN blue The port for connecting your DSL or Cable Modem Power ...

Page 15: ...POWER LED is solid 2 2 2 Setup LAN Connection Take an Ethernet cable Plug one end of the cable into your computer s network port and the other end into one of The ZyXEL VFG6005 Series VPN Firewall Gateway s LAN ports yellow 2 2 3 Setup WAN Connection Choose how to connect the ZyXEL VFG6005 Series VPN Firewall Gateway to the Internet A Connecting via xDSL or cable modem take an Ethernet cable and p...

Page 16: ... your computer You can either use DHCP or Static IP for your TCP IP Settings DHCP is recommended due to its relative ease in configuration 3 1 FOR WINDOWS XP USERS 1 Select Start Settings Network Connections 2 Click on Local Area Connection and choose Properties You will now see the following screen 3 Select Internet Protocol TCP IP for your network card 4 Click on Properties You will see the foll...

Page 17: ...s to your computer To use Static IP Select Use the following IP address and enter the followings IP address 192 168 10 x x could be from 2 254 Subnet mask 255 255 255 0 Default gateway 192 168 10 1 Now select Use the following DNS server addresses and enter the following Preferred DNS server 192 168 10 1 Then click OK 6 You have now finished the network settings for your computer Please go to Chap...

Page 18: ...ngs Network and Dial up Connection 8 Right click on the Local Area Connection and select Properties You will see the following screen 9 Select the Internet Protocol TCP IP for your network card 10 Click on Properties You will see the following screen ...

Page 19: ...ss to your computer To use Static IP Select Use the following IP address and enter the followings IP address 192 168 10 x x could be from 2 254 Subnet mask 255 255 255 0 Default gateway 192 168 10 1 Now select Use the following DNS server addresses and enter the following Preferred DNS server 192 168 10 1 Then click OK 12 You have now finished the network settings of your computer Please go to Cha...

Page 20: ...lect TCP IP PCI Fast Ethernet Adapter for your network card 15 Click on Properties You will now the following screen 16 Enable DHCP or Static IP To use DHCP Select Obtain an IP Address automatically Then click OK The ZyXEL VFG6005 Series VPN Firewall Gateway will now assign an IP address to your computer ...

Page 21: ...w click on Gateway tab You will see the following screen Enter 192 168 10 1 in New Gateway and click Add Now click on the DNS Configuration tab You will see the following screen Enter 192 168 10 1 in DNS Server Search Order and click Add Then click OK 17 You have now finished the network settings of your computer Please go to Chapter 4 to continue ...

Page 22: ...d Internet Network and Sharing Center Change Adapter Settings 19 Click on Local Area Connection and choose Properties You will now see the following screen 20 Select Internet Protocol TCP IP for your network card 21 Click on Properties You will see the following screen ...

Page 23: ...14 22 Enable DHCP or Static IP ...

Page 24: ...ay 4 1 START UP AND LOG IN Open your WEB browser In the address box enter 90H HTTP 192 168 10 1 When you successfully connect to the configuration interface for the ZyXEL VFG6005 Series VPN Firewall Gateway the login screen will pop up Enter your username as admin and your password as 1234 You will now see the Router Status page of The ZyXEL VFG6005 Series VPN Firewall Gateway For initial Router S...

Page 25: ...16 CHAPTER5 BASIC SETTINGS 5 1 WAN SETUP 23 Click on Setup WAN tab You will see the following screen ...

Page 26: ... which connection type should be used and select your internet connection type from the pull down menu Whatever WAN connection type you have chosen The ZyXEL VFG6005 Series VPN Firewall Gateway will get a WAN IP and this IP will be shown in the Router Status page as below If Not Connected shows up in the setting you should check the WAN settings again to get correct connection ...

Page 27: ...ssigning an IP address In this case please key in your Host Name MTU Maximum Transmission Unit 5 1 2 Static Fixed IP address assignment The IP address subnet mask gateway and DNS server are provided by your ISP Please enter the information accordingly WAN Select Enable Disable to enable disable WAN Connection Type Static IP External IP Address The external IP addresses offered by the ISP Netmask T...

Page 28: ... up connection On Demand will connect only when there is traffic Max Idle Time PPPoE On Demand will only be activated when there is traffic When there is no traffic within the max idle time default 300 seconds the PPPoE connection will be disconnected PPP Echo Interval PPPoE echo will ensure whether the link is still up or not default interval 20 seconds PPP Retry Threshold When PPPoE echo retry e...

Page 29: ...s access to a fixed MAC address please select Enable If your ISP does not enforce access control please select Disable MAC Address If the PC you use to configure The ZyXEL VFG6005 Series VPN Firewall Gateway is the device which has the right MAC address to access the internet press Get My MAC button You can also type in the MAC Address which has been granted access by your ISP 5 1 5 Mobile WAN con...

Page 30: ...21 ...

Page 31: ...it empty if your ISP doesn t need it Authentication Choose the authentication method CHAP PAP or None User Name The user name offered by the ISP keep it empty if your ISP doesn t need it Password The password offered by the ISP keep it empty if your ISP doesn t need it Dial Number Enter Dial Number offered by the ISP Connection Mode Sets the desired connection mode and speed HSDPA UMTS EDGE GPRS P...

Page 32: ...modem please choose this WAN connection type Please enable and enter the APN PIN code user name and password provided by your ISP You may also choose from the list of profiles for well known ISP settings Please note that some information might not be needed ...

Page 33: ...cess Point Name APN Select By Service Provider for specifying the ISP you use or otherwise choose Custom to assign desired APN Personal Identification Number PIN Please enter PIN code Connection Mode Select your connection mode AUTO mode recommended WAN MTU Maximum transmission unit Bigpond Login If you are using Bigpond system please enable this item Bigpond Login Server Please choose the Bigpond...

Page 34: ...k down Detection Timeout This is the timeout time before the connection ping is considered lost External Connection Detection Select Enable Disable to enable disable connection detection This is required for failover from Ethernet WAN to Mobile WAN Detection Type Select Gateway or use your own custom Host IP The VFG6005 series will check the connection to this IP periodically If at any time the co...

Page 35: ... IP Address Please key in Internal IP Address Netmask Select Netmask from the selection list Spanning Tree Protocol STP Click Enable only if you will deploy your network in a ring topology Other switches in the LAN must also support STP A cyclic topology will cause network breakdown with STP enabled MTU Maximum transmission unit up to 1500 bytes ...

Page 36: ...IP Address The DHCP starting IP addresses offered by the DHCP Server Max DHCP Clients The maximum number of the IP addresses supported by the DHCP server Lease Please choose lease time from the selection list You can choose 1 Hour 3 Hours 6 Hours 1 Day 3 Days or 7 Days Domain Please enter the domain name DHCP DNS Server Type Select OpenDNS Server if you have an OpenDNS account for content filterin...

Page 37: ... name rather than an IP address The DDNS service helps users to locate the right IP address by the domain name For example you wish to set up a personal web server However you obtain a different IP address from your ISP every time you connect to the internet The dynamic IP address you have will cause difficulty for other internet users to find your web server In this case you will need to enable D...

Page 38: ... service Select Disable to disable DDNS service DDNS Type Select the desired DDNS service provider from the list User Name Enter your username Password Enter your password Host Name Apply for a domain name and make sure it is allocated to you Action Press Update button to immediately update DDNS information ...

Page 39: ...he wireless access provide access internet access for visitors while possessing a strong security protection system at all times 6 1 1 Settings 1 Click on Wireless Basic tab You will see the following screen 2 Configure wireless settings following the instructions below Wireless Connection Select Enable if you would like to turn on the wireless signal Select Disable if you would like to turn off t...

Page 40: ...ower the data throughput becomes 1 Click on Wireless Basic tab You will see the following screen 2 Configure SSID settings following the instructions below Wireless SSID Select Enable if you would like to turn on this SSID Select Disable if you would like to turn off this SSID Wireless SSID Name Enter the wireless station name you would like to have Wireless SSID Broadcasting The ZyXEL VFG6005 Ser...

Page 41: ...k devices connecting to this SSID Security Mode Select WEP WPA PSK WPA WPA2 PSK WPA2 for security mode WPA2 PSK recommended 6 1 3 WEP If WEP is selected WEP index and keys should be set manually WEP Key Index WEP Key Index indicates which WEP key is used for data encryption WEP Key 1 4 64 bit WEP type 10 hexadecimal digits or 5 ASCII characters 128 bit WEP type 26 hexadecimal digits or 13 ASCII ch...

Page 42: ...re shared Key or WPA2 Pre shared Key is selected a Pre shared Key is supposed to be set Key Enter the Pre Shared Key here This key will be required for wireless users to connect to the SSID Encryption Method Select TKIP AES or Mixed TKIP AES AES recommended ...

Page 43: ...ect TKIP AES or Mixed TKIP AES AES recommended Rekey Method Select Disable Time Packet Number Rekey by Time Packet Number will require the user to re authenticate with the RADIUS server after X Time Packet Number may increase overhead Rekey Time Interval Enter Rekey Time Interval Rekey Packet Interval Enter Rekey Packet Number Pre Authentication Select Enable Disable for Pre authentication If enab...

Page 44: ...35 6 2 ADVANCED SETUP 3 Click on Wireless Advanced tab You will see the following screen ...

Page 45: ... can improve the transmission efficiency Please make sure you Wireless card has this function supported HT Control Field Select Enable Disable It is useful when you need to debug the wireless network Reverse Direction Grant Select Enable Disable The response time can be shorter when enable this function Link Adapt Select Enable Disable The function is use to dynamically change the modulation and e...

Page 46: ...te PIN Code button If you are connecting to a device that has a WPS button first click the WPS Push Button and then press the WPS button on that device within 2 minutes This will connect the two devices together WPS Enable Select Enable or Disable to activate or deactivate WPS WPS Router PIN Code Click Generate PIN Code to automatically generate a random WPS PIN code WPS Push Button Click this but...

Page 47: ...tinuously wait for the incoming packets Without TCP SYN Dos Protection the resources in the server will be easily consumed completely This will then consequently result in the dysfunction of the server The ZyXEL VFG6005 Series VPN Firewall Gateway is able to detect TCP SYN DoS attacks and limits the resource consumption by lowering the incoming request rate by fast recycling the resource Therefore...

Page 48: ...der to avoid a potential ICMP broadcasting DoS attack ICMP Redirect Protection Check to enable ICMP Redirect Protection Uncheck to disable ICMP Redirect Protection An ICMP redirect message is a way to change the existing routing path Generally ICMP redirect packets should not be sent and so when there is the occurrence that ICMP redirect packets are sent it is important to note that it is very lik...

Page 49: ...ow ACL Select Enable to enable ACL Select Disable to disable ACL Default ACL Action Check Enable to enable a specific MAC Filter rule Uncheck Enable to disable a specific MAC Filter rule Type the MAC address to permit a device to access to the network Enabling MAC filtering blocks all MAC addresses which are not listed in the MAC Filter Rule Be aware that adding the MAC address of your managing co...

Page 50: ...Rule Name Name of the ACL rule Rule Enable Enable Disable this ACL rule External Interface Please select which External Interface WAN1 or WAN2 you want a packet to go through IF the packet fits the condition of this ACL rule Internal IP Range Set up the internal IP range for this ACL rule External IP Range Set up the external IP range for this ACL rule Protocol Set up the protocol TCP or UDP for t...

Page 51: ...L action rejecting the traffic going out to External IP Range at 207 46 110 24 Rule Name MSN Blocking Rule Enable Enable External Interface All complies Internal IP Range Keep it blank All complies External IP Range 207 46 110 1 207 46 110 1 254 IP address range for MSN server Protocol TCP Service Port Range Keep it blank All complies Action DENY ...

Page 52: ...able to enable disable MAC access Control Default MAC Access Control Action The default ACL action of the ACL rules When you add the individual rules it can be viewed as exceptions and take effects relating to the default action If the action of the adding rule is the same as the default action then this rule will not work 3 Click on Add tab You will see the following screen 4 Example Bind IP to a...

Page 53: ...a specified MAC network device one can follow the settings as below Sequence Number User1 Rule Name Enable MAC 00 33 44 55 66 77 Action Allow Access ACL Enable Enable Static ARP Enable Enable Static DHCP Enable Enable IP 192 168 10 100 ...

Page 54: ...DNS Service Choose Enable Disable to enable disable OpenDNS OpenDNS Username Enter OpenDNS user name OpenDNS Password Enter OpenDNS password DNS Query Redirection to OpenDNS DNS Servers Choose Enable Disable to enable disable the data flow redirect to the OpenDNS Server Users can get advanced content filtering function through the setting OpenDNS Label Enter the OpenDNS Label ...

Page 55: ...llowing the instructions below Web Filtering Choose Enable Disable to enable disable Web Filtering Activex Filtering Choose Enable Disable to enable disable Activex Filtering Java JavaScript Filtering Choose Enable Disable to enable disable Java JavaScript Filtering Proxy Filtering Choose Enable Disable to enable disable Proxy Filtering ...

Page 56: ...Sequence Number This defines the sequence priority of all the Web Filtering rules Rule Enable Choose Enable Disable to enable disable Web Filtering rule Filter Keyword Enter the Keyword Filter Type Choose URL or Sever Action Select ALLOW DENY 3 Example Block a URL with Keyword If one need to block Facebook related web page can follow the settings as below ...

Page 57: ...reate a secure VPN connection remotely to your LAN PPTP can allow you to connect using built in software clients such as Windows VPN client or smart devices such as Android phones tablets iPhones or iPads 1 Click on Security VPN PPTP tab You will see the following screen ...

Page 58: ...o enable disable Auto DNS DNS Enter DNS server if you choose Disable for Auto DNS CHAP Enable Choose Enable Disable to enable disable CHAP for VPN authentication MSCHAP Enable Choose Enable Disable to enable disable MSCHAP for VPN authentication MSCHAP2 Enable Choose Enable Disable to enable disable MSCHAP2 for VPN authentication MPP128 Enable Choose Enable Disable to enable disable MPP128 encrypt...

Page 59: ...ill see the following screen 2 Configure Add PPTP Settings following the instructions below Sequence Number This defines the sequence of the PPTP rules Rule Enable Enable Disable this PPTP rule User Name Enter PPTP user name Password Enter PPTP password ...

Page 60: ...to your LAN Because L2TP is insecure we suggest that you use PPTP or L2TP over IPSec Also both L2TP and L2TP over IPSec have the restriction that the VPN client cannot be behind a NAT router and must have a routable public IP address 1 Click on Security VPN L2TP tab You will see the following screen ...

Page 61: ...Enter DNS server if you choose Disable for Auto DNS CHAP Enable Choose Enable Disable to enable disable CHAP for VPN authentication Proxy ARP Enable Choose Enable Disable to enable disable Proxy ARP NAT Enable Choose Enable Disable to enable disable NAT 7 7 2 Add VPN L2TP Rule 3 Click on Add tab You will see the following screen 4 Configure Add PPTP Settings following the instructions below Sequen...

Page 62: ...sec SETUP 7 8 1 VPN IPsec Settings 1 Click on Security VPN IPsec tab You will see the following screen 2 Configure IPsec Settings following the instructions below IPsec Select Enable Disable to enable disable IPsec ...

Page 63: ...54 7 8 2 Add VPN IPsec Rule 1 Click on Add tab You will see the following screen ...

Page 64: ...tion This option is needed in Net to Net mode IKE Key Mode PSK Preshared Key Enter the preshared key The key should be at least 8 digit ASCII string L2TP Enable Check the local VPN gateway to enable L2TP This option is needed in Road Warrior mode Advanced Options Check it if you need to configure the advanced options Phase 1 Mode Main Phase 1 ID Enter the phase 1 ID Phase 1 Lifetime Enter the phas...

Page 65: ...ternal ports specified Therefore if users do not wish for destination port to be changed for a request the internal port range should be left empty Certain applications in a LAN are available only after activating the port range forwarding including servers and online gaming When an Internet request wants to access a port the ZyXEL VFG6005 Series VPN Firewall Gateway will dispatch it to the IP spe...

Page 66: ...ing screen 2 Configure DMZ Settings following the instructions below DMZ Select Enable to enable DMZ function Select Disable to disable DMZ function DMZ IP Address Enter the IP address of a particular host in your LAN which will receive all the packets originally going to the WAN port Public IP address above ...

Page 67: ...fits the conditions setup by the port forwarding rules the packet will then be forwarded according to the 1st rule from the top of the list Rule Name Enter the name of the port forwarding rule Rule Enable Check Uncheck to enable disable this port forwarding rule External Interface Choose WAN1 or WAN2 as the External port forwarding interface Protocol Choose TCP UDP or TCP UDP for the rule to be ap...

Page 68: ...ngs 1 Click on Applications Virtual Hosts tab You will see the following screen 8 2 2 Add 1 1 NAT Rule 1 Click on Add tab You will see the following screen 2 Configure Add Port Range Forwarding Rule Settings following the instructions below Sequence Number This defines the sequences priorities of the port forwarding rules If a packet fits the conditions setup by the port forwarding rules the packe...

Page 69: ...e Choose Ethernet WAN or Mobile WAN as the External virtual host interface External IP Address Enter the External IP Address Mapped LAN IP Address Enter the Mapped LAN IP Address this External IP Address will be mapped to ...

Page 70: ...ng Settings following the instructions below RTSP Select Enable Disable to enable disable RTSP MMS Select Enable Disable to enable disable MMS 3 Configure Video Conference Settings following the instructions below H 323 Select Enable Disable to enable disable H 323 4 Configure VPN Settings following the instructions below IPSec Pass through Select Enable Disable to enable disable IPSec Pass throug...

Page 71: ...nP NAT PMP tab You will see the following screen 2 Configure UPnP Settings following the instructions below UPnP Select Enable Disable to enable disable UPnP NAT PMP Select Enable Disable to enable disable NAT PMP UPnP Port Enter the number for UPnP port ...

Page 72: ...age On the other hand applications such as P2P and FTP are given a lower priority However when P2P software is the only application running on the network DBM is able to provide an efficient allocation and ensure that no bandwidth is wasted by being able to recognize that it is the only application running Once real time applications join the network these applications will then immediately have a...

Page 73: ...ownload Upload Select the correct bandwidth type according to your Internet service subscription If the bandwidth type is not available on the list select Custom Download Bandwidth Enter the value to customize download bandwidth Upload Bandwidth Enter the value to customize upload bandwidth Reserved Buffering Bandwidth Enter the value to provide bandwidth buffer 3 Advanced Setting Example A user s...

Page 74: ...ower this value 9 1 2 Add SBM Rules 1 Click on Add tab You will see the following screen 2 Configure Add SBM Settings following the instructions below Sequence Number This defines the sequence of the SBM rules If a packet fits the conditions set by the SBM rules the packet will then be sorted according to the first SBM rule from the top of the list Rule Name Name of the SBM rule Rule Enable Enable...

Page 75: ...sh to allow the traffic confirming this SBM rule to be able to utilize the whole bandwidth when the bandwidth is idle 3 Advanced Setting Example1 If a user needs to reverse some bandwidth for a specified application such as VoIP one can have the following configuration to reserve a 25Kbps 25Kbps bandwidth for VoIP application Rule Name VoIP Rule Enable Check the box to enable this rule Internal IP...

Page 76: ...lize Bandwidth More Than Guaranteed Uncheck this box to reserve a fixed rate for this application You may also check this box allowing this application use any free available bandwidth when it consumes more bandwidth Rule Name IP1_Rate Rule Enable Check this box to enable this rule Internal IP Address Enter the IP address this rule to be applied to Protocol Applied to both TCP and UDP External Int...

Page 77: ...le Name Name of the DBM rule Rule Enable Enable Disable this DBM rule Internal IP Range Set up the internal IP range for this DBM rule 3 DBM Setting Example The maximum DBM IPs is 8 in the VFG6005 Series The user may set the DHCP releasing range from 192 168 1 20 to 192 168 1 27 and set those IP as DBM IP accordingly In this manner all user access through this router will be controlled by DBM syst...

Page 78: ...ot change the parameters unless you wish to customize it by yourself 2 Configure Throughput Optimizer Settings following the instructions below TCP ACK Select Enable Disable to enable disable TCP ACK priority ICMP Select Enable Disable to enable disable ICMP priority DNS Select Enable Disable to enable disable DNS priority SSH Select Enable Disable to enable disable SSH priority Telnet BBS Select ...

Page 79: ...s can choose the recycle rate to optimize the connection efficiency especially during P2P downloads Setting to FAST is recommended 1 Click on Bandwidth Session Manager tab You will see the following screen 2 Configure Session Manager Settings following the instructions below Recycle Mode Select Fast Regular Slow recycle rate ...

Page 80: ...71 CHAPTER10 ADMIN 10 1 MANAGEMENT 1 Click on Admin Management tab You will see the following screen ...

Page 81: ...ble to disable Remote Management If the remote management is enabled users who are not in the LAN can connect to the ZyXEL VFG6005 Series VPN Firewall Gateway and configure it from the Internet Management Port HTTP port which users can connect to default port is 80 3 Configure Configuration Settings based on the instructions listed below Configuration Export Click Export to save your current confi...

Page 82: ...73 10 2 SYSTEM UTILITIES 1 Click on Admin System Utilities tab You will see the following screen ...

Page 83: ...d below Interface Select the interface that use to ARPing to i e LAN WAN Target Host Enter the MAC address to ARPing to Number of Packets Specify the number of the ARP request packets to send out ARPing Press the tab to start the ARPing actions 4 Using the Trace Route tool based on the instructions listed below Interface Select the interface that use to ARPing to i e WAN1 WAN2 Target Host Enter th...

Page 84: ... Server according to your location You can choose from Automatic Asia Europe North America South America or Africa Time Zone Select Time Zone according to your location Periodic Synchronization Select Enable Disable to enable disable Periodic Synchronization Daylight Savings Support Select Enable Disable to enable disable Daylight Savings Time Synchronization Interval Select from Every Hour Every ...

Page 85: ...76 10 4 LOG 1 Click on Admin Log tab You will see the following screen ...

Page 86: ...1 STATUS You can access and view all the system information regarding The ZyXEL VFG6005 Series VPN Firewall Gateway from here 11 1 ROUTER INFORMATION 1 Click on Status Router tab You will see the following screen ...

Page 87: ... The period of time The ZyXEL VFG6005 Series VPN Firewall Gateway has been running 3 WAN Ethernet Connection Status Connected Not Connected MAC Address MAC Address Connection Type The current connection type PPPoE Static IP and DHCP IP Address WAN IP Address Subnet Mask Number of subnet mask Gateway IP address of the gateway Download Download speed Upload Upload speed ...

Page 88: ... IP Address Subnet Mask The number of subnet mask in the internal network DHCP Service DHCP service enabled or disabled DHCP Start IP Address DHCP Start IP address DHCP End IP Address DHCP End IP address Max DHCP Clients The maximum IP addressed which can be assigned to PCs connecting to the network 6 Wireless Network Ethernet Wireless Channel Wireless Channel in use default is 6 Wireless SSID 1 S...

Page 89: ... 2 TRAFFIC 1 Click on Status Traffic tab and then choose the graph scale from two hours one day one week and one month You will see the following graph Now you can monitor your download and upload throughput ...

Page 90: ... 3 SESSION 1 Click on Status Session tab and choose the graph scale from two hours one day one week and one month You will now see the following graph TCP UDP ICMP and total session information is displayed ...

Page 91: ... assigned to this client MAC Address MAC address of this client Expiration Time The remaining time of the IP assignment 11 5 USER Current 1 Click on Status User Current tab You will see the following screen IP Address IP address assigned by Static ARP matching MAC Address MAC address in the Static ARP matching ARP Type Static or dynamic ...

Page 92: ...network solution You can add up to four computers to the VFG without the cost of a hub when connecting to the Internet through the WAN Add more than four computers to your LAN by using another hub or switch LEDs PWR SYS WLAN VFG6005N WAN LAN1 4 Reset Button The reset button is built into the rear panel Use this button to restore the VFG to its factory default settings Press for 1 second to restart...

Page 93: ... DHCP Pool Size Wireless LAN Same as LAN 16 from 192 168 10 20 to 192 168 10 35 Device Management Use the Web Configurator to easily configure the rich range of features on the VFG Wireless Functionality Allows IEEE 802 11b g and or IEEE 802 11n wireless clients to connect to the VFG wirelessly Enable wireless security WPA 2 PSK and or MAC filtering to protect your wireless network Note The VFG ma...

Page 94: ...allowed but you can safely browse the Internet and download files for example Content Filter The VFG blocks or allows access to web sites that you specify and blocks access to web sites with URLs that contain keywords that you specify You can use category based content filtering via OpenDNS that allows your VFG to check web sites against an external database Bandwidth Management You can efficientl...

Page 95: ...ed URL www zyxel com for example with a dynamic IP address You must register for this service with a Dynamic DNS service provider Logging Use logs for troubleshooting You can view logs in the Web Configurator PPPoE PPPoE mimics a dial up Internet access connection Universal Plug and Play UPnP The VFG can communicate with other UPnP enabled devices in a network ...

Page 96: ...ppendices and Index Pop up Windows JavaScripts and Java Permissions 258 IP Addresses and Subnetting 267 Setting up Your Computer s IP Address 281 Wireless LANs 301 Common Services 315 Legal Information 315 ...

Page 97: ...ersions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 130...

Page 98: ...blockers you may have enabled Figure 131 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab 2 Select Settings to open the Pop up Blocker Settings screen ...

Page 99: ...et Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to move the IP address to the list of Allowed sites ...

Page 100: ...creen 6 Click Apply to save this setting JavaScripts If pages of the Web Configurator do not display properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 134 Internet Options Security ...

Page 101: ... down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default 6 Click OK to close the window Figure 135 Security Settings Java Scripting ...

Page 102: ...lick Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected 5 Click OK to close the window Figure 136 Security Settings Java ...

Page 103: ...JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Click OK to close the window Figure 137 Java Sun ...

Page 104: ...95 ...

Page 105: ...n street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered Structure An IP address is made up of four parts writte...

Page 106: ...operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP addre...

Page 107: ... by the size of the network number part the bits with a 1 value For example an 8 bit mask means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes Subnet masks are expressed in dotted decimal notation just like IP addresses The following examples show the binary and decimal notation for 8 bit 16 bit 24 bit and 29 bit subnet masks Subnet Masks BINARY DECIMAL 1ST OCTET 2...

Page 108: ...sk for example As these two IP addresses cannot be used for individual hosts calculate the maximum number of possible hosts in a network as follows Maximum Host Numbers SUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS 8 bits 255 0 0 0 24 bits 2 24 2 16777214 16 bits 255 255 0 0 16 bits 2 16 2 65534 24 bits 255 255 255 0 8 bits 2 8 2 254 29 bits 255 255 255 248 3 bits 2 3 2 6 Notation Since the mas...

Page 109: ...240 28 1111 0000 240 255 255 255 248 29 1111 1000 248 255 255 255 252 30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the company network for security reasons In this example the company network address is 192 168 1 0 The first...

Page 110: ...ave a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following figure shows the company network after subnetting There are now two sub networks A and B Figure 140 Subnetting Example After Subnetting In a 25 bit subnet the host ID has 7 bits so each sub network has a maximum of 2 7 2 or 126 possible hosts a host ID of all zeroes is the subnet s address itself al...

Page 111: ... a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 2 6 2 or 62 hosts for each subnet a host ID of all zeroes is the subnet itself all ones is the subnet s broadcast address Subnet 1 IP SUBNET MASK NETWOR...

Page 112: ...dress 192 168 1 64 Lowest Host ID 192 168 1 65 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address Highest Host ID 192 1...

Page 113: ...111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Example Eight Subnets Similarly use a 27 bit mask to create eight subnets 000 001 010 011 100 101 110 and 111 The following table shows IP address last octet values for each subnet Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS ...

Page 114: ...23 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24 bit network number 24 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 ...

Page 115: ... with a 16 bit network number 16 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382 3 255 255 224 0 19 8 8190 4 255 255 240 0 20 16 4094 5 255 255 248 0 21 32 2046 6 255 255 252 0 22 64 1022 7 255 255 254 0 23 128 510 8 255 255 255 0 24 256 254 9 255 255 255 128 25 512 126 ...

Page 116: ...nternet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the VFG Once you have decided on the network number pick an IP address for your VFG that is easy to remember for instance 192 168 10 1 but make sure that no other device on your ...

Page 117: ...ation and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more informatio...

Page 118: ...rty TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP addresses that ...

Page 119: ...tworks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window click Add 2 Select Protocol and then click Add 3 Select Microsoft from the list of manufacturers 4 Select TCP IP from the list of network protocols and then click OK If you need ...

Page 120: ...IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 142 Windows 95 98 Me TCP IP Properties IP Address 3 Click the DNS Configuration tab If you do not know your DNS information select Dis...

Page 121: ...he TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your router and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default gateway...

Page 122: ... Control Panel Figure 144 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 145 Windows XP Control Panel 3 Right click Local Area Connection and then click Properties ...

Page 123: ...s Figure 147 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields Click Advanced ...

Page 124: ...ess in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Automatic...

Page 125: ...btain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them ...

Page 126: ... window Network and Dial up Connections in Windows 2000 NT 11 Turn on your router and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Windows 7 Vista 1...

Page 127: ...118 Figure 151 Windows 7 Vista 3 Click on Network and Internet Figure 152 Windows 7 Vista 4 Click on Network and Sharing Center ...

Page 128: ...side of the screen click on Change Adapter Settings Windows 7 or Manage Network Connections Vista 6 Right click on Local Area Connection and select Properties Figure 154 Windows 7 Vista 7 Highlight Internet Protocol Version 4 and click Properties ...

Page 129: ... Address and enter your IP address Subnet Mask and Default Gateway Enter your DNS server address if trying to connect to the internet and click OK Figure 156 Windows 7 Vista 9 Click OK or Close on the Local Area Connection Properties window to apply the settings ...

Page 130: ... 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 157 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 158 Macintosh OS 8 9 TCP IP ...

Page 131: ...ess box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your router and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu and click System Preferences to open the System Preferences window Figure 159 Macintosh OS X Apple Menu 2 Click Net...

Page 132: ...owing From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Prestige in the Router address box 5 Click Apply Now and close the window 6 Turn on your router and restart your computer if prompted Verifying Settings Check your TCP IP properties in the Network window ...

Page 133: ...logged in as the root administrator Using the K Desktop Environment KDE Follow the steps below to configure your computer IP address using the KDE 1 Click the Red Hat button located on the bottom left corner select System Setting and click Network Figure 161 Red Hat 9 0 KDE Network Configuration Devices 2 Double click on the profile of the network card you wish to configure The Ethernet Device Gen...

Page 134: ... click Statically set IP Addresses and fill in the Address Subnet mask and Default Gateway Address fields 3 Click OK to save the changes and close the Ethernet Device General screen 4 If you know your DNS server IP address es click the DNS tab in the Network Configuration screen Enter the DNS server information in the fields provided Figure 163 Red Hat 9 0 KDE Network Configuration DNS 5 Click the...

Page 135: ... Ethernet card Open the configuration file with any plain text editor If you have a dynamic IP address enter dhcp in the BOOTPROTO field The following figure shows an example Figure 165 Red Hat 9 0 Dynamic IP Address Setting in ifconfig eth0 DEVICE eth0 ONBOOT yes BOOTPROTO dhcp USERCTL no PEERDNS yes TYPE Ethernet If you have a static IP address enter static in the BOOTPROTO field Type IPADDR fol...

Page 136: ...at 9 0 Restart Ethernet Card root localhost init d network restart Shutting down interface eth0 OK Shutting down loopback interface OK Setting network parameters OK Bringing up loopback interface OK Bringing up interface eth0 OK 34 1 2 Verifying Settings Enter ifconfig in a terminal screen to check your TCP IP properties Figure 169 Red Hat 9 0 Checking TCP IP Properties root localhost ifconfig eth...

Page 137: ...128 Interrupt 10 Base address 0x1000 root localhost ...

Page 138: ...ervice Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an Ad hoc wireless LAN Figure 170 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point AP Intra BSS traffic is traffic between...

Page 139: ...Ps is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless stations within the same ESS must have the sa...

Page 140: ... interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range of each other The follo...

Page 141: ...es and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead ...

Page 142: ...ll IEEE 802 11b compliant wireless adapters must support long preamble However not all wireless adapters support short preamble Use long preamble if you are unsure what preamble mode the wireless adapters support to ensure interpretability between the AP and the wireless stations and to provide more reliable communication in noisy networks Select Dynamic to have the AP automatically use short prea...

Page 143: ...and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the wireless stations RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS...

Page 144: ...tween the access point and the RADIUS server for user accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by the RADIUS server to indicate that it has started or stopped accounting In order to ensure network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the networ...

Page 145: ...nerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the server side authentications ...

Page 146: ...a comparison of the features of authentication types Comparison of EAP Authentication Types EAP MD5 EAP TLS EAP TTLS PEAP LEAP Mutual Authentication No Yes Yes Yes Yes Certificate Client No Yes Optional Optional No Certificate Server No Yes Yes Yes No Dynamic Key Exchange No Yes Yes Yes Yes Credential Integrity None Strong Strong Strong Moderate Deployment Difficulty Easy Hard Moderate Moderate Mo...

Page 147: ...ong mathematical function in which the receiver and the transmitter each compute and then compare the MIC If they do not match it is assumed that the data has been tampered with and the packet is dropped By generating unique data encryption keys for every data packet and by creating an integrity checking mechanism MIC TKIP makes it much more difficult to decode data on a Wi Fi network than WEP mak...

Page 148: ...AP derives and distributes keys to the wireless clients 4 The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them Figure 174 WPA 2 PSK Authentication 34 1 3 WPA 2 with RADIUS Application Example You need the IP address of the RADIUS server its port number default is 1812 and the RADIUS shared secret A WPA 2 application example with an external RADI...

Page 149: ...to see what other security parameters you should configure for each Authentication Method key management protocol type MAC address filters are not dependent on how you configure these security features Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL ENCRYPTI ON METHOD ENTER MANUAL KEY IEEE 802 1X Open None No Disable Enable without Dynamic WEP Key Open WEP No Enab...

Page 150: ...tocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol Please refer to RFC 1700 for further information about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP ...

Page 151: ...CP UDP 53 Domain Name Server a service that matches web names for example www zyxel com to IP numbers ESP IPSEC_TUNNEL User Defined 50 The IPSEC ESP Encapsulation Security Protocol tunneling protocol uses this service FINGER TCP 79 Finger is a UNIX or Internet related command that can be used to find out if a user is logged on FTP TCP TCP 20 21 File Transfer Program a program to enable fast transf...

Page 152: ...o a specific group of hosts IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management IRC TCP UDP 6667 This is another popular Internet chat program MSN Messenger TCP 1863 Microsoft Networks messenger service uses this protocol NEW ICQ TCP 5190 An Internet chat program NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server ...

Page 153: ...s secure transfer of data over public networks This is the control channel PPTP_TUNNEL GRE User Defined 47 PPTP Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the data channel RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513...

Page 154: ...ata on many different types of database systems including mainframes midrange systems UNIX systems and network servers SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the ...

Page 155: ...ivial File Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP 7000 Another videoconferencing solution ...

Page 156: ...ke changes in any products described herein without notice This publication is subject to change without notice Certifications Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the following two conditions This device may not cause harmful interference This device must accept any interference received including interf...

Page 157: ...ed radio TV technician for help FCC Radiation Exposure Statement This transmitter must not be co located or operating in conjunction with any other antenna or transmitter IEEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 To comply with FCC RF exposure compliance requirements a separation distance of at least 20 cm must be maintained between...

Page 158: ...ence that may cause undesired operation of the device This device has been designed to operate with an antenna having a maximum gain of 2dBi Antenna having a higher gain is strictly prohibited per regulations of Industry Canada The required antenna impedance is 50 ohms To reduce potential radio interference to other users the antenna type and its gain should be so chosen that the EIRP is not more ...

Page 159: ...haser To obtain the services of this warranty contact your vendor You may also refer to the warranty policy for the region in which you bought the device at http www zyxel com web support_warranty_info php Registration Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com for global products or at www us zyxel com for North American products E...

Page 160: ...nternational treaty provisions and the applicable national laws of each respective country All rights not granted to you herein are expressly reserved by ZyXEL You may not remove any proprietary notice of ZyXEL or any of its licensors from any copy of the Software or Documentation 4 Restrictions You may not publish display disclose sell rent lease modify store loan distribute or create derivative ...

Page 161: ...AINED IN THE SOFTWARE WILL MEET ANY REQUIREMENTS OR NEEDS YOU MAY HAVE OR THAT THE SOFTWARE WILL OPERATE ERROR FREE OR IN AN UNINTERUPTED FASHION OR THAT ANY DEFECTS OR ERRORS IN THE SOFTWARE WILL BE CORRECTED OR THAT THE SOFTWARE IS COMPATIBLE WITH ANY PARTICULAR PLATFORM SOME JURISDICTIONS DO NOT ALLOW THE WAIVER OR EXCLUSION OF IMPLIED WARRANTIES SO THEY MAY NOT APPLY TO YOU IF THIS EXCLUSION I...

Page 162: ...ent 11 General This License Agreement shall be construed interpreted and governed by the laws of Republic of China without regard to conflicts of laws provisions thereof The exclusive forum for any disputes arising out of or relating to this License Agreement shall be an appropriate court or Commercial Arbitration Association sitting in ROC Taiwan if the parties agree to a binding arbitration This...

Reviews:

No comments

Brands by name

Popular brands

Load more brands