ZyXEL Communications ZyAIR B-5000 User Manual Download Page 267 | Manualshive

Page: 267 / 287

background image

ZyAIR B-5000 User’s Guide

Types of EAP Authentication E-1

Appendix E

Types of EAP Authentication

This appendix discusses two popular EAP authentication types:

EAP-MD5

and

EAP-TLS

. The type of

authentication you use depends on the RADIUS server. Consult your network administrator for more
information.

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server sends a
challenge to the wireless station. The wireless station ‘proves’ that it knows the password by encrypting the
password with the challenge and sends back the information. Password is not sent in plain text.

However, MD5 authentication has some weaknesses. Since the authentication server needs to get the
plaintext passwords, the passwords must be stored. Thus someone other than the authentication server may
access the password file. In addition, it is possible to impersonate an authentication server, as MD5
authentication method does not perform mutual authentication. Finally, MD5 authentication method does
not support data encryption with dynamic session key. You must configure WEP encryption keys for data
encryption.

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual
authentication. The server presents a certificate to the client. After validating the identity of the server, the
client sends a different certificate to the server. The exchange of certificates is done in the open before a
secured tunnel is created. This makes user identity vulnerable to passive attacks. A digital certificate is an
electronic ID card that authenticates the sender’s identity. However, to implement EAP-TLS, you need a
Certificate Authority (CA) to handle certificates, which imposes a management overhead.

For added security, certificate-based authentications such as EAP-TLS use dynamic keys for data
encryption. They are often deployed in corporate environments, but for public deployment, simple user
name and password pair is more practical. The following table is a comparison of the features of two
authentication types used in the ZyAIR.

«
...
265
266
267
268
269
...
»

Summary of Contents for ZyAIR B-5000

Page 1: ...ZyAIR B 5000 Outdoor Access Point Bridge User s Guide Version 1 5 8 200 February 2004 ...

Page 2: ...yXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein...

Page 3: ...dio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or reloc...

Page 4: ... by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages ...

Page 5: ... com ftp zyxel com WORLDWIDE sales zyxel com tw 886 3 578 2439 ftp europe zyxel com ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan support zyxel com 1 800 255 4101 www us zyxel com NORTH AMERICA sales zyxel com 1 714 632 0858 ftp us zyxel com ZyXEL Communications Inc 1130 N Miller St Anaheim CA 92806 U S A support zyxel dk 45 3955 0700 www zyxel dk ...

Page 6: ...ZyAIR B 5000 User s Guide vi ...

Page 7: ...3 1 1 13 Full Network Management 1 3 1 1 14 Embedded TFTP Client Address 1 3 Chapter 2 Web Configurator Overview 2 1 2 1 Web Configurator Overview 2 1 2 2 Accessing the ZyAIR Web Configurator 2 1 2 3 Resetting the ZyAIR 2 5 Chapter 3 Quick Setup 3 1 3 1 Quick Setup Overview 3 1 3 1 1 PPPoE 3 1 3 1 2 IP Address 3 1 3 1 3 Bridge 3 1 3 1 4 Router 3 1 3 2 Configuring the ZyAIR Using the Quick Setup 3 ...

Page 8: ...eview 5 18 5 5 Quick Setup Restart System 5 20 Chapter 6 Basic Configuration System Setup 6 1 6 1 Basic Configuration 6 1 6 2 Configuring System Setup 6 3 Chapter 7 Interface Parameters 7 1 7 1 Interface Parameters Overview 7 1 Chapter 8 Configuration Parameters 8 5 8 1 Configuration Parameters Overview 8 5 Chapter 9 ISP Parameters 9 1 9 1 ISP Parameters Overview 9 1 Chapter 10 DHCP Parameters 10 ...

Page 9: ...asic Configuration Save and Restart 15 1 Chapter 16 Advanced Configuration 16 1 16 1 Advanced Configuration Overview 16 1 Chapter 17 Static Route 17 1 17 1 Static Route Overview 17 1 17 2 Configuring IP Static Route 17 1 17 3 Configuring Route Entry 17 3 Chapter 18 Bridging Parameters 18 1 19 1 Bridging Overview 18 1 18 2 Configuring Bridging Parameters 18 1 Chapter 19 SNMP 19 1 19 1 SNMP Overview...

Page 10: ...mote Wireless Router 21 14 21 2 8 Remote Wireless Bridge to Central Wireless Bridge 21 15 21 2 9 Remote Wireless Router to Central Wireless Bridge 21 16 21 2 10Remote Wireless Bridge to Central Wireless Router 21 17 21 2 11Remote Wireless Router to Central Wireless Router 21 18 Chapter 22 Utility 22 1 22 1 Utility Overview 22 1 22 2 Utility Tutorial Screen 22 1 22 3 General System Information 22 2...

Page 11: ...apter 28 Firewall 28 1 28 1 Background Information 28 1 28 2 Firewall Overview 28 1 28 3 Introduction to ZyXEL s Firewall 28 2 28 4 Denial of Service 28 2 28 4 1 Basics 28 3 28 4 2 Types of DoS Attacks 28 3 28 5 Enabling the Firewall 28 6 28 6 Firewall Access Control 28 7 28 6 1 TCP 28 8 28 6 2 UDP 28 8 28 6 3 ICMP 28 8 28 6 4 IP 28 8 28 6 5 Configuring Firewall Access Control 28 8 28 7 Anti Denia...

Page 12: ...ZyAIR B 5000 User s Guide xii Table of Contents ...

Page 13: ...Wireless Bridge Mode 5 6 Figure 5 5 Quick Setup TCP IP Settings Central Wireless Router PPPoE Mode 5 8 Figure 5 6 Quick Setup TCP IP Settings Central Wireless Router DHCP Mode 5 10 Figure 5 7 Quick Setup TCP IP Settings Central Wireless Router Static IP Mode 5 12 Figure 5 8 Quick Setup TCP IP Settings Remote Wireless Bridge Mode 5 14 Figure 5 9 Quick Setup TCP IP Settings Remote Wireless Router Mo...

Page 14: ...4 Figure 19 4 Advanced Configuration SNMP Trap 19 6 Figure 19 5 Advanced Configuration SNMP Trap Modify 19 7 Figure 20 1 Advanced Configuration Overview 20 2 Figure 20 2 Advanced Configuration Save Restart 20 3 Figure 22 1 Wireless Access Bridge 21 2 Figure 22 2 Wireless Access Router with PPP over Ethernet PPPoE 21 4 Figure 22 3 Wireless Access Router with Dynamic IP Address DHCP Client 21 5 Figu...

Page 15: ...itor 26 3 Figure 26 6 SU System 26 3 Figure 26 7 SU Interface 26 3 Figure 26 8 SU Packet Filter 26 4 Figure 26 9 SU PPP 26 5 Figure 26 10 SU ISP 26 5 Figure 26 11 SU IP_Share 26 5 Figure 26 12 SU DHCP 26 6 Figure 26 13 SU DHCP clt 26 6 Figure 26 14 SU DNS_proxy 26 7 Figure 26 15 SU SNMP 26 7 Figure 26 16 SU TFTP 26 7 Figure 26 17 SU Route 26 7 Figure 26 18 Bridge 26 7 Figure 26 19 SU WLAN 26 8 Fig...

Page 16: ...esetting Your ZyAIR 27 10 Figure 27 11 Resetting To Default 27 11 Figure 28 1 Firewall Tutorial Screen 28 2 Figure 28 2 Three Way Handshake 28 4 Figure 28 3 SYN Flood 28 5 Figure 28 4 Smurf Attack 28 6 Figure 28 5 Firewall General Parameters 28 7 Figure 28 6 Firewall Config Access Control 28 9 Figure 28 7 Firewall Config Denial of Service 28 11 ...

Page 17: ...uick Setup TCP IP Settings Remote Wireless Bridge Mode 5 14 Table 5 9 Quick Setup TCP IP Settings Remote Wireless Router Mode 5 16 Table 6 1 Basic Configuration System Setup 6 3 Table 7 1 Basic Configuration Interface Parameters 7 2 Table 7 2 Basic Configuration Interface Parameters 7 3 Table 8 1 Basic Configuration Parameters 8 6 Table 8 2 Basic Configuration User profile 8 8 Table 9 1 Basic Conf...

Page 18: ...anced Configuration Save Restart 20 3 Table 22 1 Utility General System Information 22 3 Table 22 2 Utility Software Upgrade 22 5 Table 22 3 Utility Wireless Link Info 22 7 Table 24 1 SMT Main Screen via Telnet or HyperTerminal 24 2 Table 24 2 SMT Navigation Controls 24 2 Table 24 3 Sys_info Mode 24 4 Table 26 1 Password Information 26 11 Table 27 1 Filename Conventions 27 1 Table 28 1 Common IP P...

Page 19: ... an online glossary of networking terms Syntax Conventions Enter means for you to type one or more characters and press the carriage return Select or Choose means for you to use one predefined choices Enter or carriage return key ESC means the escape key and SPACE BAR means the space bar UP and DOWN are the up and down arrow keys Mouse action sequences are denoted using a comma For example click t...

Page 20: ...ZyAIR B 5000 User s Guide xx Preface ...

Page 21: ...OVERVIEW I Part I OVERVIEW This part introduces the main features and applications of the ZyAIR and shows how to access the web configurator and use the Quick Setup screens for initial configuration ...

Page 22: ......

Page 23: ...epending on your Ethernet network 1 1 2 10 Mbps Auto crossover Ethernet Interface The LAN interface automatically adjusts to either a crossover or straight through Ethernet cable 1 1 3 802 11b Wireless LAN Standard ZyAIR products containing the letter B in the model name such as ZyAIR B 5000 comply with the 802 11b wireless standard The 802 11b data rate and corresponding modulation techniques are...

Page 24: ... protocol that supports multiple types of authentication 1 1 6 Wireless LAN MAC Address Filtering On a local area network LAN or other network the MAC Media Access Control address is a wireless LAN client s unique hardware number On an Ethernet LAN it s the same as your Ethernet address Your ZyAIR checks the MAC address of a wireless station against a list of allowed or denied MAC addresses 1 1 7 ...

Page 25: ...P Simple Network Management Protocol is a protocol used for exchanging management information between network devices SNMP is a member of the TCP IP protocol suite Your ZyAIR supports SNMP agent functionality which allows a manager station to manage and monitor the ZyAIR through the network The ZyAIR supports SNMP version 1 SNMPv1 and version 2c SNMPv2c 1 1 13 Full Network Management The embedded ...

Page 26: ......

Page 27: ...omputer will need to be set if you are configuring the ZyAIR for the first time see Setting Up Your Computer s IP Address in the appendix of this User s Guide 2 2 Accessing the ZyAIR Web Configurator Step 1 Make sure your ZyAIR hardware is properly connected refer to the Quick Installation Guide Step 2 Prepare your computer to connect to the ZyAIR refer to Setting Up Your Computer s IP Address in ...

Page 28: ...A company with many employees working outdoors can also use the ZyAIR to extend the existing network without expensive network cables Wireless stations can move freely anywhere in the coverage area and use resources on the wired network Wireless Bridge Application You can use the ZyAIR as a bridge or router to form a wireless point to point or point to multipoint backbone connection With the bridg...

Page 29: ...uide Web Configurator Overview 2 3 Figure 2 3 Operating Mode Step 7 You should now see the Quick Setup web configuration Tutorial screen The following summarizes how to navigate the web configurator from the Tutorial screen ...

Page 30: ...RAL Firewall setup and click ACCESS CONTROL to configure user management accessibility Click ANTI DENIAL OF SERVICE to access denial of services setup Click ADVANCED CONFIG to configure advanced features such as STATIC ROUTE BRIDGING SNMP COMMUNITY SNMP TRAP CONFIGURATION OVERVIEW SAVE RESTART Click Quick Setup for initial configuration including Operation Mode TCP IP WIRELESS and CONFIGURATION RE...

Page 31: ...factory default configuration file Uploading this configuration file replaces the current configuration file with the factory default configuration file This means that you will lose all configurations that you had previously and the speed of the console port will be reset to the default of 115200bps with 8 data bit no parity one stop bit and flow control set to none The password will be reset to ...

Page 32: ......

Page 33: ... One PVC can support any number of PPP sessions from your LAN PPPoE provides access control and billing functionality in a manner similar to dial up services using PPP See the appendices for more information on PPPoE 3 1 2 IP Address Routers route based on the network number The router that delivers the data packet to the correct destination host uses the host ID See the appendices for more inform...

Page 34: ...ons to access your wired LAN and set up Internet access 3 2 1 Common Screen Command Buttons The following table shows common command buttons found on many web configurator screens LABEL DESCRIPTION Back Click Back to return to the previous screen NEXT Click NEXT to save your changes back to the ZyAIR Help Click Help to go to the Tutorial Quick Setup screen Table 3 1 Configuration Commands ...

Page 35: ...creen 2nd Operation Mode screen TUTORIAL QUICK SETUP Figure 3 1 Layout of ZyAIR Operating Modes To show some possibilities of wireless topologies see the Quick Installation Guide and Part IV of this User s Guide ACCESS POINT BRIDGE WIRELESS ACCESS BRIDGE WIRELESS ACCESS ROUTER PPP over Ethernet PPPoE Dynamic IP Address DHCP Client Static IP Address Fixed IP CENTRAL WIRELESS ROUTER BRIDGE REMOTE WI...

Page 36: ......

Page 37: ...Bridge or Wireless Access Router For the Wireless Access Router option the Ethernet connection type will have to be specified see Figure 2 3 for an overview of the configurator operating modes and see Figure 4 1 to get to the first Quick Setup Operation Mode screen An access point in bridge mode can function as a wireless network bridge allowing you to connect two wired network segments The peer d...

Page 38: ... be either static or dynamically assigned by the ISP Back Click Back to go to the tutorial screen NEXT Click NEXT to continue 4 2 Quick Setup TCP IP Use this screen to configure the TCP IP screen 4 2 1 IP Address Assignment Every computer on the Internet must have a unique IP address If your networks are isolated from the Internet for instance only between your two branch offices you can assign an...

Page 39: ...old otherwise Let s say you select 192 168 1 0 as the network number which covers 254 individual addresses from 192 168 1 1 to 192 168 1 254 zero and 255 are reserved In other words the first three numbers specify the network number while the last number identifies an individual computer on that network Once you have decided on the network number pick an IP address that is easy to remember for ins...

Page 40: ...t Configuration Protocol DHCP Dynamic Host Configuration Protocol allows the individual clients computers to obtain the TCP IP configuration at start up from a centralized DHCP server The ZyAIR has built in DHCP server capability It can assign IP addresses an IP default gateway and DNS servers to DHCP clients The ZyAIR also acts as a surrogate DHCP server DHCP Relay where it relays IP address assi...

Page 41: ...P Server Parameters DHCP Service Select Enable or Disable to activate or deactivate DHCP Service Disable is the factory default When configured as a server the ZyAIR provides the TCP IP configuration for the clients If this is set to Disable DHCP service will be disabled and you must have another DHCP server on your LAN or else the computers must be manually configured Assign Default Gateway Enter...

Page 42: ...ZyAIR B 5000 User s Guide 4 6 Access Point Quick Setup Figure 4 3 Quick Setup TCP IP Settings Wireless Access Router PPPoE Mode The following table describes the labels in this screen ...

Page 43: ... to a different IP address known within another network None Select this to disable NAT on all interfaces Wireless LAN Select this to activate NAT on the wireless LAN interface Ethernet Select this to activate NAT on the Ethernet interface PPPoE Select this to activate NAT on the PPP over Ethernet interface General DHCP Server Parameters DHCP Service Select Enable or Disable to activate or deactiv...

Page 44: ...oint Quick Setup LABEL DESCRIPTION Back Click Back to return to the previous screen NEXT Click NEXT to continue Figure 4 4 Quick Setup TCP IP Settings Wireless Access Router DHCP Mode The following table describes the labels in this screen ...

Page 45: ...he Ethernet interface General DHCP Server Parameters DHCP Service Select Enable or Disable to activate or deactivate DHCP Service Disable is the factory default When configured as a server the ZyAIR provides the TCP IP configuration for the clients If this is set to Disable DHCP service will be disabled and you must have another DHCP server on your LAN or else the computers must be manually config...

Page 46: ...ZyAIR B 5000 User s Guide 4 10 Access Point Quick Setup Figure 4 5 Quick Setup TCP IP Settings Wireless Access Router Static IP Mode The following table describes the labels in this screen ...

Page 47: ...n of an Internet protocol address used within one network to a different IP address known within another network None Select this to disable NAT on all interfaces Wireless LAN Select this to activate NAT on the wireless LAN interface Ethernet Select this to activate NAT on the Ethernet interface General DHCP Server Parameters DHCP Service Select Enable or Disable to activate or deactivate DHCP Ser...

Page 48: ...ic routing can arise in cases where RIP Routing Information Protocol is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node Use the Quick Setup Static Route screen to configure static routes This screen only applies to the ZyAIR set up as an access point Figure 4 6 Quick Setup Static Route The following table describes the labels in this screen Tab...

Page 49: ...alled a channel Channels available depend on your geographical area You may have a choice of channels for your region so you should use a different channel than an adjacent AP to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overl...

Page 50: ...equest To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer their transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Reques...

Page 51: ...S CTS value see previously you set then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size 4 4 5 ESS ID An Extended Service Set ESS is a group of access points or wireless gateways connected to a wired LAN on the same subnet An ESS ID uniquely identifies each set All access points or wireless gateways and their asso...

Page 52: ...ZyAIR B 5000 User s Guide 4 16 Access Point Quick Setup Figure 4 8 Quick Setup Wireless ...

Page 53: ...er connected to the wireless LAN and you change the ZyAIR s ESSID or WEP settings you will lose your wireless connection when you click FINISH You must then change the wireless settings of your computer to match the ZyAIR s new settings Hide ESSID Select this check box to hide the ESSID in the outgoing beacon frame so a station cannot obtain the ESSID through passive scanning using a site survey t...

Page 54: ...haracters or 26 hexadecimal characters 0 9 A F You must configure all four keys but only one key can be activated at any one time The default key is key 1 KeyGen If you choose to enable WEP then WEP keys for 64 bit or 128 bit will be generated when you click this button Back Click Back to go to the previous screen NEXT Click NEXT to save the changes back to your ZyAIR 4 5 Quick Setup Configuration...

Page 55: ...ZyAIR B 5000 User s Guide Access Point Quick Setup 4 19 Figure 4 9 Quick Setup Configuration Review ...

Page 56: ...inal screen click RESTART to apply your configuration changes to the ZyAIR The system restarts Click CANCEL to return to the previous screen If the configuration review screen has been saved these changes will be retained if you click CANCEL in the Restart System screen Figure 4 10 Restart screen ...

Page 57: ...modes and see Figure 2 3 to get to the first operation mode screen Figure 5 1 Bridge Operation Mode Table 5 1 Bridge Operation Mode LABEL DESCRIPTION Central Wireless Router Bridge If you select Bridge in Operating Mode see Figure 2 3 then you can select Central Wireless Router Bridge See Part IV of this User s Guide for configuration examples of bridging Remote Wireless Router Bridge If you selec...

Page 58: ... 2 Central Wireless Operation Mode LABEL DESCRIPTION Central Wireless Bridge If you select Central Wireless Router Bridge in the previous Operation Mode see Figure 5 1 then you can select Central Wireless Bridge See Part IV of this User s Guide for configuration examples of bridging Central Wireless Router If you select Central Wireless Router Bridge in the previous Operation Mode see Figure 5 1 t...

Page 59: ... Dynamic IP Address DHCP Client if you would like to obtain an IP address automatically each time you log on Static IP Address Fixed IP Static IP Address Fixed IP The ZyAIR must have a static IP address in this case This information can be obtained from your Internet service provider Back Click Back to go to the tutorial screen NEXT Click NEXT to continue 5 1 2 Remote Wireless Operation Mode Use t...

Page 60: ...also functions as a dial up connection Therefore you ll also need a username and password and possibly the PPPoE service name This information can be obtained from your Internet service provider Dynamic IP Address DHCP Client Choose Dynamic IP Address DHCP Client if you would like to obtain an IP address automatically each time you log on Static IP Address Fixed IP Static IP Address Fixed IP The Z...

Page 61: ...creen Table 5 4 Quick Setup TCP IP Settings Central Wireless Bridge Mode LABEL DESCRIPTION TCP IP Settings Bridge IP Address Type the IP address of your ZyAIR in dotted decimal notation for example 192 168 1 1 is the factory default Bridge Subnet Mask Type the subnet mask assigned to you by your ISP if given Default Gateway Enter the IP address of the default gateway ...

Page 62: ...et to Disable DHCP service will be disabled and you must have another DHCP server on your LAN or else the computers must be manually configured Assign Default Gateway Enter the IP address of the default gateway Assign net Mask The DHCP server assigns a subnet mask to the PHCP clients DHCP Start End IP DHCP Start IP and End IP provide a range of addresses for your network Apply Interface Use the dr...

Page 63: ...ZyAIR B 5000 User s Guide Bridge Quick Setup 5 7 Figure 5 5 Quick Setup TCP IP Settings Central Wireless Router PPPoE Mode The following table describes the labels in this screen ...

Page 64: ... DNS server information and the ZyAIR s WAN IP address The field displays the DNS server IP address that the ISP assigns NAT PAT Network Address Translation Port Address Translation allows the translation of an Internet protocol address used within one network to a different IP address known within another network None Select this to disable NAT on all interfaces Wireless LAN Select this to activa...

Page 65: ...own list to select WLAN to make DHCP services available for the wireless network or select Ethernet to make DHCP services available for the wired network Back Click Back to return to the previous screen NEXT Click NEXT to continue to the wireless setup screen Figure 5 6 Quick Setup TCP IP Settings Central Wireless Router DHCP Mode The following table describes the labels in this screen ...

Page 66: ...the Ethernet interface General DHCP Server Parameters DHCP Service Select Enable or Disable to activate or deactivate DHCP Service factory default is Disabled When configured as a server the ZyAIR provides the TCP IP configuration for the clients If this is set to Disable DHCP service will be disabled and you must have another DHCP server on your LAN or else the computers must be manually configur...

Page 67: ...ZyAIR B 5000 User s Guide Bridge Quick Setup 5 11 Figure 5 7 Quick Setup TCP IP Settings Central Wireless Router Static IP Mode The following table describes the labels in this screen ...

Page 68: ...ress used within one network to a different IP address known within another network None Select this to disable NAT on all interfaces Wireless LAN Select this to activate NAT on the wireless LAN interface Ethernet Select this to activate NAT on the Ethernet interface General DHCP Server Parameters DHCP Service Select Enable or Disable to activate or deactivate DHCP Service factory default is Disab...

Page 69: ...de Bridge Quick Setup 5 13 LABEL DESCRIPTION NEXT Click NEXT to continue to the wireless setup screen Figure 5 8 Quick Setup TCP IP Settings Remote Wireless Bridge Mode The following table describes the labels in this screen ...

Page 70: ...sable to activate or deactivate DHCP Service factory default is Disabled When configured as a server the ZyAIR provides the TCP IP configuration for the clients If this is set to Disable DHCP service will be disabled and you must have another DHCP server on your LAN or else the computers must be manually configured Assign Default Gateway Enter the IP address of the default gateway Assign net Mask ...

Page 71: ...ZyAIR B 5000 User s Guide Bridge Quick Setup 5 15 Figure 5 9 Quick Setup TCP IP Settings Remote Wireless Router Mode The following table describes the labels in this screen ...

Page 72: ...he ISP assigns NAT PAT Network Address Translation Port Address Translation allows the translation of an Internet protocol address used within one network to a different IP address known within another network None Select this to disable NAT on all interfaces Wireless LAN Select this to activate NAT on the wireless LAN interface Ethernet Select this to activate NAT on the Ethernet interface Genera...

Page 73: ...ick Back to return to the previous screen NEXT Click NEXT to continue to the wireless setup screen 5 3 Quick Setup Wireless Use the next Quick Setup screen to set up the wireless LAN and see section 4 4 of this User s Guide for more information Figure 5 10 Quick Setup Wireless ...

Page 74: ... WEP is enabled for wireless communication See Table 4 8 for information on the configurator screen of your wireless quick setup 5 4 Quick Setup Configuration Review Review the settings of the ZyAIR in this screen See the rest of this chapter for label descriptions Click Back to go to the previous screen Click SAVE to go to the Restart screen ...

Page 75: ...ZyAIR B 5000 User s Guide Bridge Quick Setup 5 19 Figure 5 11 Quick Setup Configuration Review ...

Page 76: ...l screen click RESTART to apply your configuration changes to the ZyAIR The system restarts Click CANCEL to return to the previous screen If the configuration review screen has been saved these changes will be retained if you click CANCEL in the Restart System screen Figure 5 12 Restart screen ...

Page 77: ...BASIC CONFIGURATION II Part II BASIC CONFIGURATION This part discusses SYSTEM INTERFACE TELNET CONSOLE ISP DHCP SERVER MAPPING WIRELESS LAN CONFIGURATION OVERVIEW SAVE RESTART setup screens ...

Page 78: ......

Page 79: ...Basic Configuration to see the Basic Configuration Tutorial screen as shown in Figure 6 1 Please read it carefully before configuring the screens in Basic Configuration From here you can enter the System Setup screen There is no distinction made between the access point and bridge in the basic configuration please see Part I and Part IV of the User s Guide for network topologies ...

Page 80: ...ZyAIR B 5000 User s Guide 6 2 System Setup Figure 6 1 Basic Configuration Tutorial ...

Page 81: ... Setup This section provides information on configuring the system setup Enter the system authentication administration IP address and up to three DNS server addresses Figure 6 2 Basic Configuration System Setup The following table describes the labels in this screen ...

Page 82: ...to HWLAN This name can be up to 16 ASCII characters Domain Name Type the domain name if you know it here If you leave this field blank the ISP may assign a domain name via DHCP The domain name entered by you is given priority over the ISP assigned domain name Default Route IP Address Type the IP address of the remote network or gateway The gateway is an immediate neighbor of your ZyAIR that will f...

Page 83: ...rameters Screen 7 1 Interface Parameters Overview This screen allows you to select an interface and modify the status interface IP address NAT and bridging parameters Select Interface Parameters in BASIC CONFIG of your web configurator Select MODIFY to change the interface parameters Figure 7 1 Basic Configuration Interface Parameters ...

Page 84: ...ess known within another network The ZyAIR uses a many to one NAT In Many to One mode the ZyAIR maps multiple local IP addresses to one global IP address For more information about NAT refer to the NAT chapter in this User s Guide Bridging Bridging provides LAN to LAN frame forwarding services between two or more LANs Frames from one LAN are forwarded across a bridge to a connected LAN although fi...

Page 85: ...without saving changes Figure 7 2 Basic Configuration Interface Parameters The following table describes the labels in this screen Table 7 2 Basic Configuration Interface Parameters LABEL DESCRIPTION Table of Current Interface Parameters No Select the number of the interface that you want to modify and click OK Status Select Active or Disable to activate or deactivate an interface ...

Page 86: ...formation about NAT refer to the NAT chapter in this User s Guide Bridging Bridging provides LAN to LAN frame forwarding services between two or more LANs Frames from one LAN are forwarded across a bridge to a connected LAN although filtering can be employed to selectively forward frames The bridging displays Join or Not Join depending on whether the ZyAIR has been configured as a bridge or an acc...

Page 87: ...pter provides information on the Configuration Parameters screen 8 1 Configuration Parameters Overview The Basic Configuration Configuration Parameters screen allows you to adjust the Telnet Console parameters create a user profile and the legal address pool Figure 8 1 Basic Configuration Parameters ...

Page 88: ...ofile and relates to telnet commands 1 User Mode enables you to view system information and ping a computer from the ZyAIR 2 Root Mode enables you to change to supervisor mode see chapter Supervisor Mode in Part VI of this User s Guide 3 Configure Mode enables you to change the configuration in supervisor mode see chapter Supervisor Mode in Part VI of this User s Guide Unlimited unlimited privileg...

Page 89: ...d host in dotted decimal notation default is set as shown in Figure 8 1 Add Click Add button to add Legal Address Pool parameters to the selected ID profile Delete Click Delete button to remove Legal Address Pool parameters from the selected ID profile Modify Click Modify button to change Legal Address Pool parameters in an existing selected ID profile FINISH Click FINISH button to save the change...

Page 90: ...EL DESCRIPTION User Profile of Configuration User Name Type a user name to identify the profile in less than 20 ASCII characters This user name gives access to SMT main menu through Telnet or Console User Password Type a password in less than 20 ASCII characters This password gives access to SMT main menu through Telnet or Console Password Confirm Retype the new user profile password for confirmat...

Page 91: ...this User s Guide Unlimited unlimited privileges enables all modes Show Mode Set as Menu or Command Mode This affects the number of menus shown to the user see Console and Telnet chapters in this User s Guide Max Screen Line Enter the maximum no of characters allowable greater than 13 but less than or equal to 24 Keyboard Type Select the type of keyboard interface VT100 ANSI Linux or X Window Clie...

Page 92: ......

Page 93: ...following screen allows you to modify or delete existing ISP profiles In BASIC CONFIG click ISP to go to the ISP Parameters screen Figure 9 1 Basic Configuration ISP Parameters The following table describes the labels in this screen Table 9 1 Basic Configuration ISP Parameters LABEL DESCRIPTION Table of Current ISP Pool Index Select the Index radio button to allow you to add delete or modify your ...

Page 94: ... Click CANCEL to begin configuring the ISP Parameters screen afresh The following table is used to edit the ISP Parameters in the basic configuration Figure 9 2 Basic Configuration ISP Parameters Edit The following table describes the labels in this screen Table 9 2 Basic Configuration ISP Parameters Edit LABEL DESCRIPTION ISP Parameters ISP Name Type a name for each new address in the ISP Pool IS...

Page 95: ...irm Retype the password associated with the user name above to confirm OK Click OK to save changes that have been made to the ZyAIR and return to the ISP Parameters screen Back Click Back to begin configuring this ISP Parameters Edit screen afresh CANCEL Click CANCEL to begin configuring this ISP Parameters Edit screen afresh ...

Page 96: ......

Page 97: ...er or disable it When configured as a server the ZyAIR provides the TCP IP configuration for the clients If set to Disable DHCP service will be disabled and you must have another DHCP server on your LAN or else the computers must be manually configured 10 3 IP Pool Setup The ZyAIR can allocate fixed IP addresses in the fixed DHCP pool This configuration leaves nine IP addresses excluding the ZyAIR...

Page 98: ...N DHCP Client Setting Interface The ZyAIR acts as a DHCP client It receives an IP address subnet mask and default gateway IP address from a DHCP server Select Disable Wireless or Ethernet If you Disable this then you must assign the ZyAIR a static IP address When not disabled select the interface Wireless or Ethernet on which it can receive IP address information from a DHCP server General DHCP Se...

Page 99: ...ry default The IP address range is 192 168 1 1 to 192 168 1 253 DHCP End IP Start defines the range of IP addresses that will be assigned by the ZyAIR to the client computer Type the end IP address for your DHCP server 192 168 1 254 is the factory default The IP address range is 192 168 1 1 to 192 168 1 253 Interface Select WLAN or Ethernet Table of Fixed Host Entries Read Only Index This is a num...

Page 100: ...DHCP Parameters Edit LABEL DESCRIPTION DHCP Client Setting Read Only Interface The ZyAIR acts as a DHCP client It receives an IP address subnet mask and default gateway IP address from a DHCP server Select Disable Wireless or Ethernet If you Disable this then you must assign the ZyAIR a static IP address When not disabled select the interface Wireless or Ethernet on which it can receive IP address...

Page 101: ... for your DHCP server Interface This displays the interface of the current client WLAN or Ethernet Table of Fixed Host Entries Index This is a number given to each new host entry to the pool Ethernet Address Enter an Ethernet address This field specifies the Ethernet address or MAC address of the fixed host entry in the address pool Internet Address This field specifies the Internet address of the...

Page 102: ......

Page 103: ... Virtual Server behind the ZyAIR In this way it is visible to the outside world The Protocol TCP or UDP and Port number define the service For example TCP port 80 is for web HTTP service In addition to the servers for specified services NAT supports a default server A service request that does not have a server explicitly designated for it is forwarded to the default server If the default server i...

Page 104: ...col 25 DNS Domain Name System 53 Finger 79 HTTP Hyper Text Transfer protocol or WWW Web 80 POP3 Post Office Protocol 110 NNTP Network News Transport Protocol 119 SNMP Simple Network Management Protocol 161 SNMP trap 162 PPTP Point to Point Tunneling Protocol 1723 Figure 11 1 Basic Configuration Server Mapping The following table describes the labels in this screen ...

Page 105: ...II of this User s Guide for information on port numbers Virtual Server IP Address This displays the IP address of your virtual server in dotted decimal notation Port Number This is the number of the port you want to use see Part VII of this User s Guide for information on port numbers Pool is Empty You must select Add to add entries to the table of virtual servers otherwise the table will be empty...

Page 106: ...ocol Select TCP or UDP see sections 11 1 and 11 2 Public Access Interface Select the interface you want to map from public access Ethernet or Wireless Port Number Enter the number of the port you want to map Virtual Server IP Address Enter the IP address of your virtual server in dotted decimal notation Port Number Enter the number of the port you want to use OK Click OK to add the virtual server ...

Page 107: ... each other that from an independent wireless network without the need of an access point AP Figure 12 1 IBSS Ad hoc Wireless LAN 12 1 2 BSS A Basic Service Set BSS exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point Intra BSS traffic is traffic between wireless stations in the BSS When Intra BSS is enabled w...

Page 108: ...ach containing an access point with each access point connected together by a wired network This wired connection between access points is called a Distribution System DS An ESSID ESS Identification uniquely identifies each ESS All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate ...

Page 109: ...tation Threshold 12 2 Configuring Wireless If you are configuring the ZyAIR from a computer connected to the wireless LAN and you change the ZyAIR s ESSID or WEP settings you will lose your wireless connection when you press FINISH You must then change the wireless settings of your computer to match the ZyAIR s new settings Please refer to Part I for more background information on this chapter ...

Page 110: ...ides a mechanism for encrypting data using encryption keys Both the access point and the wireless stations must use the same WEP key to encrypt and decrypt data Your ZyAIR allows you to configure up to four 64 bit or 128 bit WEP keys but only one key can be enabled at any one time The following screen allows you to configure all wireless LAN parameters including Channels ESS ID and WEP security Cl...

Page 111: ...ZyAIR B 5000 User s Guide Wireless 12 5 Figure 12 4 Basic Configuration Wireless LAN The following table describes the labels in this screen ...

Page 112: ...s you will lose your wireless connection when you click FINISH You must then change the wireless settings of your computer to match the ZyAIR s new settings Hide ESSID Select this check box to hide the ESSID in the outgoing beacon frame so a station cannot obtain the ESSID through passive scanning using a site survey tool Deny any You can set the ZyAIR to block access for wireless LAN clients that...

Page 113: ...128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You must configure all four keys but only one key can be activated at any one time The default key is key 1 KeyGen If you choose to enable WEP then WEP keys for 64 bit or 128 bit will be generated when you click this button FINISH Click FINISH to save the changes to your ZyAIR CANCEL Click CANCEL to begin configuring t...

Page 114: ......

Page 115: ...pports authentication and accounting where the access point is the client and the server is the RADIUS server The RADIUS server handles the following tasks among others Authentication Determines the identity of the users Accounting Keeps track of the client s network activity RADIUS user is a simple package exchange in which your ZyAIR acts as a message relay between the wireless station and the n...

Page 116: ...ation exchanged is also encrypted to protect the wired network from unauthorized access 13 2 1 EAP Authentication Overview EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE802 1x transport mechanism in order to support multiple types of user authentication By using EAP to interact with an EAP compatible RADIUS server the access point helps a wireless...

Page 117: ...ic WEP Key Exchange The ZyAIR maps a unique key that is generated with the RADIUS server This key expires when the wireless connection times out disconnects or reauthentication times out A new WEP key is generated each time reauthentication is performed If this feature is enabled it is not necessary to configure a default encryption key in the Wireless screen You may still configure and store keys...

Page 118: ...tion 802 1x LABEL DESCRIPTION 802 1x Access Control 802 1x services Select Enable to allow for authentication services on the ZyAIR if you have two or more ZyAIR s on the same subnet All access points on the same subnet and wireless stations must have the same ESSID to allow for authentication This is set to Disable by default when you do not want authentication services ...

Page 119: ...s your network administrator instructs you to do so with additional information Radius accounting Port Enter the port number of the external accounting server The default port number is 1813 You need not change this value unless your network administrator instructs you to do so with additional information Local User Database No The local user is given a number in the database Maximum amount of all...

Page 120: ... Profile Username Enter the user name up to 24 ASCII characters for this user profile Password Type a password up to 8 ASCII characters for this user profile Note that as you type a password the screen displays a for each character you type Confirm Password Retype the password for confirmation FINISH Click FINISH to save your changes back to the ZyAIR Back Click Back to change to return to the 802...

Page 121: ...very Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC address of the devices to configure this screen To change your ZyAIR s MAC filter settings click BASIC CONFIG Wireless LAN and then MAC Filter The screen appears as shown Figure 14 1 ...

Page 122: ... users is 20 MAC Address MAC addresses in XX XX XX XX XX XX format of the wireless station that are allowed or denied access to the ZyAIR in these address fields Pool is Empty You must click Add to add to the table of MAC address entries otherwise the table will be empty Add Click Add to add more MAC address parameters FINISH Click FINISH to save your changes back to the ZyAIR CANCEL Click CANCEL ...

Page 123: ... access the table of MAC address entries Select Disable for no filtering Table of Current MAC Entries This is a list of MAC addresses that are allowed to access the ZyAIR No This is the index number of a MAC address entry MAC Address Enter the MAC addresses in XX XX XX XX XX XX format of the wireless station that are allowed access to the ZyAIR in these address fields Ok Click Ok to change the con...

Page 124: ......

Page 125: ... Save and Restart 15 1 Configuration Overview Use this screen to review all the settings in your basic configuration This page presents the current configuration settings These can be modified if desired by selecting the required hyperlink Figure 15 1 Basic Configuration Overview 15 2 Basic Configuration Save and Restart Click Save Restart in BASIC CONFIG to move to the following screen ...

Page 126: ...our configuration changes even after turning off the device s power Click Restart after you save in order to have your configuration changes take effect RESTART Click RESTART to have the device perform a software restart Any configuration changes you have made since your last save will be lost Wait a minute before logging into the device again Default Click Default to clear all user entered config...

Page 127: ...ZyAIR B 5000 User s Guide Configuration Overview Save Restart 15 3 Table 15 1 Basic Configuration Save Restart LABEL DESCRIPTION CANCEL Click CANCEL to go to the previous screen ...

Page 128: ......

Page 129: ...ADVANCED CONFIGURATION III Part III ADVANCED CONFIGURATION This part discusses STATIC ROUTE BRIDGING SNMP COMMUNITY SNMP TRAP CONFIGURATION SAVE RESTART setup screens ...

Page 130: ......

Page 131: ...orial screen shows all of the configuration screens in this part 16 1 Advanced Configuration Overview The Advanced Configuration allows you to set static route parameters bridging parameters SNMP and review your saved settings See the tutorial screen for information regarding the ZyAIR s advanced configuration features ...

Page 132: ...ZyAIR B 5000 User s Guide 16 2 Advanced Configuration Figure 16 1 Advanced Configuration Tutorial ...

Page 133: ... in the following figure through remote node Router 1 However the ZyAIR is unable to route a packet to network N3 because it doesn t know that there is a route through the same remote node Router 1 via gateway Router 2 The static routes are for you to tell the ZyAIR about the networks beyond the remote nodes Figure 17 1 Example of Static Routing Topology 17 2 Configuring IP Static Route Click ADVA...

Page 134: ... the final destination Gateway This field displays the IP address of the gateway The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyAIR Add To add a static route to your table type Network Address Subnet Mask and Gateway parameters into the empty spaces of the last index entry with...

Page 135: ...save the static routes to your ZyAIR CANCEL Click CANCEL to begin configuring the screen afresh 17 3 Configuring Route Entry Select a static route index number and click Modify The screen shown next appears Fill in the required information for the selected static route Figure 17 3 Static Route Parameters Modify The following table describes the labels in this screen Table 17 2 Static Route Paramet...

Page 136: ...way This field displays the IP address of the gateway The gateway is an immediate neighbor of your ZyAIR that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyAIR Type a new address into the gateway that you would like to modify Ok Click Ok to update the changes that you have made and return to the first static route parameters screen...

Page 137: ...g can be employed to selectively forward frames See the section on Interface Parameters in Basic Configuration of Part I in this User s Guide for more information 18 2 Configuring Bridging Parameters Click ADVANCED CONFIG and BRIDGING to go to the general bridge parameters configuration screen This screen allows you to disable or enable the bridge function of your ZyAIR and allows you to enter you...

Page 138: ...er or a bridge See Part IV for more information on setting this up IP Address This parameter specifies the IP bridge address of the gateway 192 168 1 1 is the factory default the default IP address of the ZyAIR Subnet Mask This parameter specifies the subnet mask of the final destination 255 255 255 0 is the factory default the subnet mask of the ZyAIR FINISH Click FINISH to save the parameters ba...

Page 139: ...n from devices on the network 19 2 Configuring SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices SNMP is a member of the TCP IP protocol suite Your ZyAIR supports SNMP agent functionality which allows a manager station to manage and monitor the ZyAIR through the network The ZyAIR supports SNMP version one SNMPv1 and version 2c ...

Page 140: ...ing the following protocol operations Get Allows the manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations Set Allows the manager to set values fo...

Page 141: ...munity index number Validity This can be set to Disable or Enable Disable does not permit access to the SNMP Community Access Right This field displays the host access as Deny Read Write or Create Community This displays the trap community which is the password sent with each trap to the SNMP manager Modify Click Modify to make changes to your current community pool FINISH Click FINISH to save you...

Page 142: ...ent Community Pool Index This field displays the selected individual community index number Validity This can be set to Disable or Enable Disable does not permit access to the SNMP Community Access Right Host access may be set to Deny Read Write or Create Community Type the trap community which is the password sent with each trap to the SNMP manager Ok Click Ok to update your changes back to the Z...

Page 143: ...19 3 SNMP Traps TRAP TRAP NAME DESCRIPTION 1 coldStart defined in RFC 1215 A trap is sent after booting power on 2 warmStart defined in RFC 1215 A trap is sent after booting software reboot The following table maps the physical port and encapsulation to the interface type Table 19 4 Ports and Interface Types PHYSICAL PORT ENCAP INTERFACE TYPE LookBack virtual if0 Wireless if1 enet encap Ethernet i...

Page 144: ...e trap version Disable ZyAIR does not send out an SNMP trap Version 1 This is the SNMP trap Version 1 Version 2 This is the SNMP trap Version 2 IP Address This is the IP address of the station where you will send your SNMP traps Community This is the trap community which is the password sent with each trap to the SNMP manager Modify Select an Index beside the community that you would like to modif...

Page 145: ... To change your ZyAIR s SNMP Trap settings click ADVANCED CONFIG SNMP TRAP and Modify The screen appears as shown Figure 19 5 Advanced Configuration SNMP Trap Modify The following table describes the labels in this screen Table 19 6 Advanced Configuration SNMP Trap Modify LABEL DESCRIPTION Table of Current Trap Host Pool Index This field displays an individual trap index number ...

Page 146: ...e SNMP trap Version 1 Version 2 This is the SNMP trap Version 2 IP Address Type the IP address of the station where you will send your SNMP traps Community Type the trap community which is the password sent with each trap to the SNMP manager Ok Click Ok save your changes back to the ZyAIR Cancel Click Cancel begin configuring the screen afresh FINISH Click FINISH to save your changes back to the Z...

Page 147: ...e Restart This chapter gives an overview of the ADVANCED CONFIG setup SAVE RESTART screens 20 1 Advanced Configuration Setup Overview The overview of the ZyAIR advanced configuration allows you to modify any of the configuration screens in ADVANCED CONFIG Advanced Configuration Overview ...

Page 148: ...ZyAIR B 5000 User s Guide 20 2 Configuration Save Restart Figure 20 1 Advanced Configuration Overview ...

Page 149: ...on volatile memory Do this to keep your configuration changes even after turning off the device s power Click Restart after you save in order to have your configuration changes take effect Restart Click Restart to have the device perform a software restart Any configuration changes you have made since your last save will be lost Wait a minute before logging into the device again Default Click Defa...

Page 150: ...ZyAIR B 5000 User s Guide 20 4 Configuration Save Restart Table 20 1 Advanced Configuration Save Restart LABEL DESCRIPTION CANCEL Click CANCEL to go to the previous screen ...

Page 151: ...CONFIGURATION EXAMPLES IV Part IV CONFIGURATION EXAMPLES This part shows how to configure the examples expressed in Part I of this User s Guide ...

Page 152: ......

Page 153: ...gies the following examples are provided Wireless Access Bridge Wireless Access Router with PPP over Ethernet PPPoE Wireless Access Router with Dynamic IP Address DHCP Client Wireless Access Router with Static IP Address Fixed IP The following network topologies use the Web Configurator Review Parts I II III of this User s Guide thoroughly to familiarize yourself with the configurator screens The ...

Page 154: ...1 1 Wireless Access Bridge 21 1 2 Configure the ZyAIR as a Wireless Access Router with PPP over Ethernet PPPoE Step 1 Select ACCESS POINT as the operating mode click NEXT Step 2 Click ADVANCED CONFIG Step 3 Select Bridging Parameters Step 4 Select Disable for Bridge Function Step 5 Click FINISH Step 6 If you are an PPPoE subscriber you will need to specify your ISP PPPoE username and password to e...

Page 155: ...e configured in Step 1 After that follow the default setting Step 15 Click the OK button to return to the Interface Parameters window Step 16 Click FINISH Ensure that interface 3 within Status is set to Disable Choose NAT PAT in each interface to enable NAT PAT services For example ensure PPPoE interface within NAT PAT is set to On and the others are set to Off This means that every communication ...

Page 156: ...k BASIC CONFIG Step 7 Select Interface Parameters Step 8 Click a radio button and select MODIFY to choose the interface that you want to change Step 9 In interface 1 ensure that the wireless interface Status is Active and enter the IP address and wireless interface Net Mask that is suitable for your wireless network Turn NAT PAT off Step 10 In interface 2 Ensure that the ethernet interface Status ...

Page 157: ...IC CONFIG select DHCP Parameters and apply the DHCP Client Setting running as interface 2 Ethernet Interface Click FINISH Step 14 Set Basic Configuration Wireless LAN parameters on the ZyAIR Channel and SSID Step 15 Turn on the DHCP server on the ZyAIR and assign IP addresses to PC1 PC2 and PC3 Step 16 Set wireless parameters on client stations PC1 PC2 and PC3 SSID wireless Figure 21 3 Wireless Ac...

Page 158: ...the Interface Parameters window Step 14 Click FINISH Make sure interface 3 within Status is set to Disable In order to enable NAT PAT service choose the NAT PAT in the interface Wireless and Ethernet For example make sure Ethernet interface within NAT PAT is set to On and Wireless interface in NAT PAT is set to Off This means that every communication through the PPPoE interface is applied to NAT P...

Page 159: ...ZyAIR B 5000 User s Guide Configuration Scenarios 21 7 Figure 21 4 Wireless Access Router with Static IP Address Fixed IP ...

Page 160: ... the individual network nodes may be Remote Wireless Router or Remote Wireless Bridge To show some possibilities of Point to Multipoint topologies the following examples are provided Remote Wireless Bridge to Central Wireless Bridge Remote Wireless Router to Central Wireless Bridge Remote Wireless Bridge to Central Wireless Router Remote Wireless Router to Central Wireless Router 21 2 1 Configure ...

Page 161: ...tep 5 Enter the Bridge IP Address and Bridge Subnet Mask that are suitable for your network domain Click NEXT Step 6 Configure IEEE 802 11b WLAN Parameters Step 7 Enter the Channel rts Threshold frag Threshold SSID and Station Name that are suitable for your wireless network Click the radio button to disable WEP or enable 64 128 bit WEP services if WEP is enabled you must input a corresponding Def...

Page 162: ...nd DNS tabs of each wireless client s computer to surf the Internet or you can enable DHCP server services for all wireless clients default DHCP server setting of the ZyAIR is set to disable in the wireless network In General DHCP Server Parameters enter the Assign Default Gateway Assign Net Mask Assign Name Server DHCP Start IP DHCP End IP and choose Apply Interface as HWLAN to make your DHCP ser...

Page 163: ...are suitable for your radio network and then click the radio button to disable WEP or enable 64 128 bit WEP services if WEP is enabled you must input a corresponding Default Key index and WEP Key Click NEXT Step 10 Review the configured settings of the ZyAIR Step 11 Click the SAVE button to store the changes back to your ZyAIR Step 12 Click the RESTART button to take effect the configuration chang...

Page 164: ...DGE as the operating mode click NEXT Step 2 Click QUICK CONFIG select Remote Wireless Bridge and click NEXT Step 3 Enter the Wireless interface IP and Wireless interface Net Mask that are suitable for your wireless network enter the Ethernet IP address and Ethernet Net Mask of the Ethernet interface Enter the Default Gateway as the Wireless IP address of the ZyAIR and the IP address of the DNS ser...

Page 165: ...igure the ZyAIR as a Remote Wireless Bridge Remote Extension Bridge 1 ROOT ZyAIR Remote Extension Bridge 2 WIRELESS LINK Wireless IP 192 168 1 1 SSID ZyAIR_Example Channel 1 Ethernet IP 192 168 2 1 Default Route 192 168 2 254 Static Route 192 168 10 0 24 192 168 1 2 192 168 20 0 24 192 168 1 3 Wireless IP 192 168 1 3 SSID ZyAIR_Example Channel 1 Station Name ext2 Ethernet IP 192 168 20 1 Default R...

Page 166: ...t IP address 192 168 2 1 is the factory default and Ethernet Net Mask default is 255 255 255 0 of the Ethernet interface that is suitable for your Ethernet network Click NEXT Step 8 Configure Wireless parameters Enter the Channel rts Threshold frag Threshold SSID and Station Name that are suitable for your wireless network and then you can click the radio button to disable WEP or enable 64 128 bit...

Page 167: ...Bridge see section 21 2 2 bridge IP address as 192 168 1 1 Step 2 Set the Remote Wireless Router Bridge as a Remote Wireless Bridge see section 21 2 6 bridge IP address as 192 168 1 2 Step 3 Set wireless parameters on Remote Wireless Bridge Channel and SSID these parameters must be the same as the Central Wireless Bridge Step 4 The left side subnet is transparent to the right side Step 5 Have a DH...

Page 168: ... Step 2 Set wireless parameters on Central Wireless Bridge Channel and SSID Step 3 Set the Remote Wireless Router Bridge as a Remote Wireless Router see section 21 2 7 wireless interface IP is 192 168 1 2 Step 4 Set wireless parameters on Remote Wireless Router Channel and SSID these parameters must be the same as the Central Wireless Bridge Step 5 Set the DHCP server service on the Remote Wireles...

Page 169: ...oute is 192 168 2 254 Step 2 Set wireless parameters on the Central Wireless Router Channel and SSID Step 3 Set the DHCP server service on the Central Wireless Router and apply it on Wireless Interface Step 4 Set the Remote Wireless Router Bridge as a Remote Wireless Bridge see section 21 2 6 Bridge Interface IP is 192 168 1 2 Step 5 Set Wireless parameters on Remote Wireless Bridge Channel 1 and ...

Page 170: ... is 192 168 1 2 Ethernet Interface IP is 192 168 10 1 192 168 1 1 is the factory default Step 4 Set wireless parameters on Remote Wireless Router Channel and SSID these parameters must be the same as the Central Wireless Router Step 5 Set the DHCP server service on the Remote Wireless Router and apply it to the Ethernet Interface Step 6 The Remote Wireless Router assigns IP address to PC1 and PC2 ...

Page 171: ...ior on Central Wireless Router and turn on NAT PAT behavior on Remote Wireless Router Central Wireless Router turn on NAT PAT on Wireless Interface and turn on NAT PAT on Ethernet interface Remote Wireless Router turn on NAT PAT on Wireless Interface and turn on NAT PAT on Ethernet interface ...

Page 172: ......

Page 173: ...UTILITY V Part V UTILITY This part provides information and configuration instructions for UTILITY SYSTEM INFO SOFTWARE UPGRADE and WIRELESS LINK INFORMATION ...

Page 174: ......

Page 175: ... screens 22 1 Utility Overview Click UTILITY to show a list of the web configurator screens that allow you to view general system information upgrade software and view the wireless link information when the ZyAIR has been saved as a Remote Wireless Bridge 22 2 Utility Tutorial Screen See the screen for information regarding the ZyAIR s utility features see Figure 22 1 ...

Page 176: ...ide 22 2 Utility Figure 22 1 Utility Tutorial Screen 22 3 General System Information The following screen shows some general system information Please refer to the Appendix for a more comprehensive listing of specifications ...

Page 177: ...mber CPU This displays the type and speed of the Central Processing Unit RAM This displays the Random Access Memory of the ZyAIR Flash This displays the nonvolatile storage that can be electrically erased and reprogrammed so that data can be stored booted and rewritten as necessary Chipset This displays the chip model Firmware Version This displays the most recent firmware upgrade number Host Name...

Page 178: ...EP You can Enable or Disable WEP Wired Equivalent Privacy key to encrypt data 22 4 Uploading Software Click UTILITY and select SOFTWARE UPGRADE to upgrade the ZyAIR s firmware 22 4 1 TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP File Transfer Protocol but it is scaled back in functionality so that it requires fewer resources to run TFTP uses the UDP User ...

Page 179: ...The following table describes the labels in this screen Table 22 2 Utility Software Upgrade LABEL DESCRIPTION Upgrade Mode TFTP Parameters TFTP Server IPAddress This is the IP address of the TFTP Server You must therefore setup a TFTP file with an IP address and at least one new image to upgrade which has been previously saved Select Select the check boxes to select the upgrade file type ...

Page 180: ...d the trace log Refer to the Firmware and Configuration File Maintenance Chapter Upgrade Filename This displays the upgrade filenames soho bin This is a binary file of firmware pfs img This is a web configurator image file soho cfg This is the ZyAIR configuration file OK Click OK to start the upgrade CANCEL Click CANCEL to begin configuring the Software Upgrade screen afresh 22 5 Wireless Link Inf...

Page 181: ... Table 22 3 Utility Wireless Link Info LABEL DESCRIPTION Current Wireless Link Information Link Quality This displays the link quality in decibels Signal strength This displays the signal strength in decibels Current Tx Rate This displays the transmission speed in bytes per second REFRESH Click REFRESH to reload the Wireless Link Info table ...

Page 182: ......

Page 183: ...CONFIGURATION VIA TELNET CONSOLE VI Part VI CONFIGURATION VIA TELNET CONSOLE This part provides configuration information using Telnet or Console Port ...

Page 184: ......

Page 185: ... access the ZyAIR using Telnet or Console Port 23 1 Telnet Overview You can use a Telnet session to manage the ZyAIR 23 2 Using Telnet Example Follow these steps to access the ZyAIR using Telnet in the Windows 2000 operating system Step 1 Click Start and Run Step 2 Enter telnet a space and the default IP address of the ZyAIR Step 3 Click OK Figure 23 1 Telnet Window ...

Page 186: ... main screen as shown in Figure 23 3 See section 26 3 to change the user name and password Figure 23 2 Login via Telnet Figure 23 3 Main Screen via Telnet ZyAIR B5000 RS232 Daemon Version 1 5 8 200 su Change to superviser root mode sys_info Show system information ping Ping test exit Disable privilidge command or disconnect Privilege USER Command su password Message UP DOWN Move RIGHT LEFT Select ...

Page 187: ...le Ethernet cable into the special Ethernet port on the bottom of the ZyAIR Step 3 Connect the RJ 45 Ethernet connector into the POWER DATA OUT port on the inline power injector Step 4 Use the MIL C 5015 style RS232 console port cable to connect computer COM port and the ZyAIR console port Step 5 You can now access the ZyAIR via a terminal emulator such as HyperTerminal 23 4 Accessing the ZyAIR vi...

Page 188: ...yAIR B 5000 User s Guide 23 4 Accessing the ZyAIR via Telnet or Console Port Figure 23 4 HyperTerminal Access Step 2 After the HyperTerminal window appears give a new connection a name for example B 5000 ...

Page 189: ...ZyAIR B 5000 User s Guide Accessing the ZyAIR via Telnet or Console Port 23 5 Figure 23 5 Connection Description Step 3 Select the COM port that is connected to the ZyAIR Figure 23 6 COM1 PORT ...

Page 190: ...the ZyAIR via Telnet or Console Port Step 4 Set baud rate as 115200 data bit as 8 parity as None stop bits as 1 and flow control as None Then click the OK button to bring up the HyperTerminal window see Figure 23 7 Figure 23 7 COM1 Properties ...

Page 191: ...ZyAIR B 5000 User s Guide Accessing the ZyAIR via Telnet or Console Port 23 7 Step 5 When you first enter HyperTerminal you will see a blank screen Figure 23 8 HyperTerminal ...

Page 192: ...ask RUNTASK dhcp_daemon RUNTASK telnetd_main RUNTASK httpd RUNTASK snmp_task RUNTASK 802dot1x RUNTASK Notify_Trap Starting Multitask Software Version HWLAN 1 5 8 200 Current Network Status Central Wireless Bridge Bridge IP Address 192 168 1 1 Ethernet 00090A020069 Wireless 00026F0553D0 Bridge MAC address cloned using wireless interface MAC Wireless LAN Channel 1 SSID wireless Press s or S to show ...

Page 193: ...PoE based Central Wireless Router Wireless Interface IP 192 168 2 1 Wireless MAC Address 00 02 6F 05 53 D0 Wireless LAN Channel 1 SSID wireless Ethernet Interface IP 192 168 1 1 Ethernet MAC Address 00 09 0A 02 00 69 PPPoE Interface IP 192 168 3 1 PPPoE MAC Address 00 09 0A 02 00 69 Press s or S to show Current Network Status Press d or D to reset to default Press Esc to reboot ...

Page 194: ...e next chapter for more information Loading exml bin Initializing extended memory Loading usstart bin flash_to_exm Src 00004000 Dest 00070000 Size 0x000400 Total moved 1024bytes Loading soho cfg flash_to_exm Src 00020000 Dest 00200000 Size 0x020000 Total moved 131072bytes Loading soho bin flash_to_exm Src 00040000 Dest 00220000 Size 0x100000 Total moved 1048576bytes Loading pfs img flash_to_exm Sr...

Page 195: ... Screen Overview You can access the following screen via Telnet or a terminal emulation programme such as HyperTerminal Figure 24 1 SMT Main Screen via Telnet or HyperTerminal ZyAIR B5000 RS232 Daemon Version 1 5 8 200 su Change to supervisor root mode sys_info Show system information ping Ping test exit Disable privilidge command or disconnect Privilege USER Command su password Message UP DOWN Mo...

Page 196: ...configure the SU settings If you select Enable in SU mode you will have CONF privileges You can configure the ZyAIR from here Command This is the command used to change the configuration of the selection Message This help message displays information for the associated command above 24 2 SMT Navigation Controls The following table shows the keys required to navigate the SMT main menu Table 24 2 SM...

Page 197: ... information See Part V UTILITY chapter for more on General System information Figure 24 2 Sys_info Mode ZyAIR B5000 RS232 Daemon Version 1 5 8 200 Status Window 1 General system information Model ZyAIR Software Version HWLAN 1 5 8 200 Build CPU ELANSC400 at 66MHz RAM 4MB Flash 2MB Chipset Intersil PRISM2 Firmware Version Server IP Address 192 168 1 1 Hostname HWLAN Press Any Key to Return Menu Wi...

Page 198: ...oted and rewritten as necessary Chipset This displays the chip model Firmware Version This displays the most recent firmware upgrade number Server IP Address This field displays the server IP address that the ISP assigns to the ZyAIR Host Name This is the host name for the Bridge and Access Point high speed WLAN in this case 24 5 Ping Test The following screen shows the information required for a ...

Page 199: ...w Supervisor mode allows you to access the SMT configuration menu and allows you to make configuration changes to the ZyAIR through submenus Select su by using the Right or L or ENTER keys and keying in the supervisor password 1234 is the factory default Then press ENTER See section Table 24 2 SMT Navigation Controls for a list of the command controls ...

Page 200: ...ord packet_filter Packet filter rules manager WLAN Wireless LAN configuration configuration Telnet RS232 Configuration Setting show Showing system configuration write Write configuration and restart system reboot Restart system and activate new system configuration su Change to superviser root mode sys_info Show system information ping Ping test exit Disable privilidge command or disconnect Privil...

Page 201: ...stem to new version Enable configuration mode CONF privileges Monitor the system running status Change the supervisor password View the packet filter rules manager View the wireless LAN configuration Check Telnet RS232 Configuration Settings Show the system configuration Write a configuration and restart system Reboot the ZyAIR 25 1 1 Enable configuration mode The Enable configuration mode allows ...

Page 202: ...arameter configuration dhcp DHCP parameter configuration dhcp_clt DHCP client configuration dns_proxy DNS Server parameter configuration snmp SNMP parameter configuration tftp Default TFTP parameter configuration route Routing parameter configuration bridge Transparent bridging parameter configuration WLAN Wireless LAN configuration configuration Telnet RS232 Configuration Setting show Showing sys...

Page 203: ...ackets Predefined selections are enclosed in angle brackets separated with the symbol meaning or For example System Bridge Enable Disable This means that you must specify whether to enable or disable the operating mode as a bridge or not The following are a list of tables that contain the configuration controls for the ZyAIR These are accessed through the supervisor configuration mode 26 2 Command...

Page 204: ...p netmask Attrib Enable Disable Global Virtual Bridge Enable Disable Wan Address ip netmask Link_type Disable Ethernet PPP PPPoE Attrib Enable Disable Global Virtual Bridge Enable Disable Ether_interface interface ISP ISP Index idle disconnect time Dial priority PPP Peer_address ip User_profile name pass_set0 ISP ISP_profile ISP name ISP destination account_profile Access account Passwd Configurat...

Page 205: ...Figure 26 5 SU Monitor Monitor Route CR WAN CR Config_access Generic Profile Pool Filter_rule Enable Disable Figure 26 6 SU System System OP_mode Router Bridge Host hostname name Figure 26 7 SU Interface Interface LAN 1 Address ip netmask Link type Disable Ethernet Attrib Disable Enable Global Virtual Bridge Disable Enable LAN 2 Address ip netmask Link type Disable Ethernet ...

Page 206: ...P ISP Index dialup timeout Dial priority WAN 2 Address ip netmask Link type Disable Ethernet PPP PPPoE Attrib Disable Enable Global Virtual Bridge Disable Enable Ether_interface interface ISP ISP Index Idle disconnect time Dial priority Figure 26 8 SU Packet Filter Packet Filter Module Attrib Disable Enable Add Protocol IP TCP UDP ICMP Source add source Any ip Any netmask port Destination add dest...

Page 207: ...10 SU ISP ISP 1 Isp_profile ISP name destination string Account Profile name pass set 1 2 Isp_profile ISP name destination string Account Profile name pass set 1 3 Isp_profile ISP name destination string Account Profile name pass set 1 4 Isp_profile ISP name destination string Account Profile name pass set 1 Figure 26 11 SU IP_Share IP_Share PAT Add Protocol TCPIUDP Port 1 65534 Interface 1 2 Serv...

Page 208: ... 1 5 Global Range 1 5 ip 1 253 Interface 1 5 1 5 Delete 1 5 Fixed Range 1 128 ip ip Interface 1 128 1 5 Delete 1 128 Figure 26 12 SU DHCP DHCP Generic Service Disable Enable Interface 1 2 Gateway ip Netmask netmask Ip range ip number Name server 1 ip Name server 2 ip Name server 3 ip Fixed Add mac ip Delete Figure 26 13 SU DHCP clt DHCP Clt dhcp_clt interface 1 4 ...

Page 209: ...string Delete The following mode allows you to change the setting of the upgrade TFTP address and to change the upgrade file name the default is soho bin in UTILITY Figure 26 16 SU TFTP TFTP tftp ip file Figure 26 17 SU Route Route Static add route_entry netmask ip delete 1 20 Figure 26 18 Bridge Bridge Generic Disable Enable ip netmask Static Add Mac address mac LAN1_port Filter Forward Dynamic L...

Page 210: ...N1_port Filter Forward Dynamic LAN2_port Filter Forward Dynamic WAN1_port Filter Forward Dynamic WAN2_port Filter Forward Dynamic Figure 26 19 SU WLAN WLAN Channel 1 14 WEPLevel Disable Enable Rts threshold 0 3000 Frag threshold 256 2346 SSID string stationName Defaultkeyld 1 4 Defaultkeys 1 4 hex Figure 26 20 SU Configuration Configuration Max_user 1 5 telnet_port 1 65534 ...

Page 211: ...onf Level 1 Level 2 Level 3 Unlimited Delete 1 5 Attrib 13 30 command Menu VT100 ANSI LINUX X Term Source 1 10 Profile name pass_conf Level 1 Level 2 Level 3 Unlimited Modify Attrib 13 30 command Menu VT100 ANSI LINUX X Term Source 1 10 Profile name pass_conf Level 1 Level 2 Level 3 Unlimited Legal address Modify 1 10 ip Delete 1 10 Figure 26 21 SU Show Show Interface PPP Ip_share Dhcp Dhcp_clt Sn...

Page 212: ...ds should be changed initially The SMT su mode password can be changed in su mode in the SMT The following Figure 26 22 shows the Supervisor ID and Supervisor Password found in the web configurator BASIC CONFIG Basic Configuration System Setup Figure 26 22 Login Username Password Change The following Figure 26 23 shows the User Name and User Password found in the web configurator BASIC CONFIG Teln...

Page 213: ...here they can be changed Table 26 1 Password Information DEFAULT USERNAME DEFAULT PASSWORD ACCESS CHANGE LOCATION admin 1234 Web configurator Basic Configuration System Setup user1 test SMT Sys_info and Ping Web Configurator BASIC CONFIG Telnet Console Configuration Parameters Modify 1234 SMT Configurator passwd selection in Telnet or Console SMT su mode ...

Page 214: ......

Page 215: ...ame extension If your TFTP client does not allow you to have a destination filename different than the source you will need to rename them as the ZyAIR only recognizes soho and pfs Be sure you keep unaltered copies of both files for later use The following table is a summary Please note that the internal filename refers to the filename on the ZyAIR and the external filename refers to the filename ...

Page 216: ...on When you upload new software your configuration is lost Perform a configuration backup before you upload the software and configuration restore after you upload the software Backup is highly recommended once your ZyAIR is functioning properly Any serial communications program should work fine however you must use 1K Xmodem protocol to perform the download upload and you don t have to rename the...

Page 217: ...P does not have any security checks the ZyAIR records the IP address of the telnet client and accepts TFTP requests only from this address Follow these steps to save the ZyAIR s configuration file on your computer Step 1 Enter HyperTerminal and type ESC to go to the status screen This will reboot the ZyAIR Step 2 When the HyperTerminal screen shows EDORAM Testing enter X to go to a console mode Fi...

Page 218: ...K Xmodem Click Receive Step 7 Type a Filename and click OK This name does not have to be soho cfg but must have a cfg filename extension Figure 27 3 Receive Filename The following message appears The configuration file has now been saved on your computer Type a location for storing the configuration file or click Browse to look for one Choose the 1K Xmodem protocol Then click Receive This displays...

Page 219: ...r the file transfer is complete Step 1 Enter HyperTerminal and type ESC to go to the status screen This will reboot the ZyAIR Step 2 When the HyperTerminal screen shows EDORAM Testing enter X to go to a console mode Step 3 A cursor appears Type DLSC and press ENTER Step 4 When CCC appears you will need to restore the file Step 5 Click Transfer and Send File in the Hyperterminal window Step 6 Choos...

Page 220: ...ENTLY DAMAGE YOUR ZyAIR When the Restore Configuration process is complete the ZyAIR will automatically restart Type the configuration file s location or click Browse to search for it Choose the 1K Xmodem protocol Then click Send dlsc Download SOHO CFG Start Address 20000 Size 20000 Erasing flash sector 01 20000 done Wait 60 seconds to select binary file CCC XMODEM End of Transfer SOHO CFG Upgrade...

Page 221: ...P clients To transfer the firmware and the configuration file follow the procedure shown next This procedure is a HyperTerminal example The procedure for other serial communications programs should be similar Use telnet from your computer to connect to the ZyAIR and log in Because TFTP does not have any security checks the ZyAIR records the IP address of the telnet client and accepts TFTP requests...

Page 222: ...name SOHO BIN and path Step 7 Click Send to start the firmware upload When this is successful proceed to the following image file upload section ABCDEFGHIJK1234LM BIOS DATE 04 22 2002 BIOS Version 1 01 EDORAM Testing 4096KB Ethernet ID READ SUCCESS Clock Rate is 66MHz À Loading exml bin Loading Xmodem bin Identifying Flash ROM MX29F1610A dlx Download X BIN Start Address 0 Size 20000 Wait 60 second...

Page 223: ...ile Step 1 Type DLP and press ENTER Step 2 When CCC appears select Transfer and Send File in the Hyperterminal window Step 3 Set Protocol as 1K Xmodem Step 4 Type the correct filename PFS IMG and path Step 5 Click Send to start configuration image restore When this is successful close the HyperTerminal window to exit Type the configuration file s location or click Browse to search for it Choose th...

Page 224: ...ation console Step 1 Enter HyperTerminal and type ESC to go to the status screen This will reboot the ZyAIR Step 2 Type d or D to reset Figure 27 10 Resetting Your ZyAIR Step 3 You will be given a choice to erase configuration to default Step 4 Type y and ENTER to reset to the default configuration Type the configuration file s location or click Browse to search for it Choose the 1K Xmodem protoco...

Page 225: ...ZyAIR B 5000 User s Guide Firmware and Configuration File Maintenance 27 11 Figure 27 11 Resetting To Default Are you sure to clear config to default and reboot y n Do not erase config to default ...

Page 226: ......

Page 227: ...FIREWALL VII Part VII FIREWALL This part introduces firewalls in general and the ZyAIR firewall ...

Page 228: ......

Page 229: ... of the mechanisms used to establish a network security perimeter in support of a network security policy It should never be the only mechanism or method employed For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be implemented within the firewall itself ...

Page 230: ...sed to prevent theft destruction and modification of data as well as log events which may be important to the security of your network The ZyAIR also has packet filtering capabilities 28 4 Denial of Service Denials of Service DoS attacks are aimed at devices and networks with a connection to the Internet Their goal is not to steal information but to disable a device or network so users no longer h...

Page 231: ...rt Some of the most common IP ports are Table 28 1 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 28 4 2 Types of DoS Attacks There are four types of DoS attacks 1 Those that exploit bugs in a TCP IP implementation 2 Those that exploit weaknesses in the TCP IP specification 3 Brute force attacks that flood a network with useless data 4 IP Spoofing 5 IP Zero Length 1 Ping of Death...

Page 232: ...g server The receiver sends back an ACK acknowledgment packet and its own SYN and then the initiator responds with an ACK acknowledgment After this handshake a connection is established 2 a SYN Attack floods a targeted system with a series of SYN packets Each packet causes the targeted system to issue a SYN ACK response While the targeted system waits for the ACK that follows the SYN ACK it queues...

Page 233: ...Smurf hacker floods a router with Internet Control Message Protocol ICMP echo request packets pings Since the destination IP address of each packet is the broadcast address of the network the router will broadcast the ICMP echo request packet to all hosts on the network If there are numerous hosts this will create a large amount of ICMP echo request and response traffic If a hacker chooses to spoo...

Page 234: ...aders so that it appears that the packets originate from a trusted host and should be allowed through the router or firewall The ZyAIR blocks all IP Spoofing attempts 5 An IP Zero Length Attack is the use of data sizes zero times a normal packet to flood the communications that are coming from within a trusted network These data packets are checked and the victim network wastes time in attempting ...

Page 235: ... http 192 168 1 1 2000 to enter the web configurator Disable Remote Manager from WAN Side Select this to disallow web configurator access from the WAN By default you connect to web configurator System Setup page from the WAN side or the LAN side wireless LAN Disable Ping from WAN Side Select this to not respond to pings from any host on the WAN side FINISH Click FINISH to save your changes back to...

Page 236: ...nning on a host via a port number without setting up a connection session 28 6 3 ICMP Internet Control Message Protocol is a message control and error reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol IP datagrams but the messages are processed by the TCP IP software and are not directly apparent to the application user 28 6 4 IP Internet Protocol I...

Page 237: ...ton to Enable or Disable firewall access control If you select Disable then the ZyAIR will not use firewall services even if the On is selected in the source and destination addresses and a protocol and action has been selected On Select the check box for each entry that requires access control Access control will be made available only if the Access Control Activation radio button is set to Enabl...

Page 238: ... addresses Netmask Enter the destination subnet mask or range of subnet masks to which this firewall rule applies Please note that a blank subnet mask is equivalent to any number of subnet masks Port Enter the port number range that defines the service This range is between 1 and 65535 For example suppose you want to define the Gnutella service Select TCP type and enter a port range from 6345 6349...

Page 239: ...information on the following web configurator screen Figure 28 7 Firewall Config Denial of Service Table 28 4 Firewall Config Denial of Service LABEL DESCRIPTION Please Choose the Following Denial of Services Reject Land Attack Select this to prevent hackers from flooding the network with spoofed source IP addresses of the targeted system Reject IP Zero Length Attack Select this to prevent hackers...

Page 240: ... Spoofing which may be used to break into systems to hide the hacker s identity or to magnify the effect of the DoS attack Reject Smurf Attack Select this to prevent a Smurf attack that quickly floods the target network with useless data FINISH Click FINISH to save your changes back to the ZyAIR CANCEL Click CANCEL to begin configuring this screen afresh ...

Page 241: ...her information on Site Planning and Site Installation Setting up Your Computer s IP Address Wireless LAN With IEEE 802 1x Types of EAP Authentication Troubleshooting Technical Specifications Power Adapter Specifications Approvals Packaging Specifications and Index ...

Page 242: ......

Page 243: ...ath be carefully examined With this knowledge components and network requirements can be correctly planned for your specific application This Appendix provides insight into the planning necessary to prepare your site for your outdoor wireless bridge General Considerations A basic consideration is the physical location of the sites at each end of the link Because microwave signals travel in a strai...

Page 244: ...d in this guide operates at frequencies below 6 GHz so rain is not a concern Except in extreme conditions attenuation weakening of the signal due to rain does not present a serious problem for frequencies up to the range of 6 to 8 GHz When microwave frequencies are at 11 GHz and above attenuation due to rain becomes more of a concern especially in areas where rainfall is of high density and long d...

Page 245: ...en planning a wireless link There are a variety of lightning protection and grounding devices whether located inside or outside the site which could be potentially damaged by a lightning strike Lightning protection requirements are based on the level of site exposure the cost in the event of a link downtime local building codes and electrical codes If the link is critical and the site is in an act...

Page 246: ...o operate on a specific group of frequencies The manufacturer also fixes other specific attributes such as beam width and gain Antennas should be selected and placed according to your site and your application In general the larger the antenna the higher the gain and the larger the mast required It is best to use the smallest antenna that will provide sufficient protection from interference and en...

Page 247: ...d receiving antennas should be both polarized either horizontally or vertically Adjacent antennas on different frequencies can be cross polarized to help reduce interference between the two if your operating license permits this Towers When planning antenna placement it might be necessary to build a freestanding tower for the antenna Regulations and limitations define the height and location of th...

Page 248: ...an shorter paths Larger fade margins yield better link availability The International Telecommunications Union ITU publishes a reference for link planning which is available at http www itu ch ITU Recommendation G 826 contains definitions for availability and related terms used to describe link quality It also contains recommendations for link quality objectives ITU Recommendation P 530 contains i...

Page 249: ...st situations mounting an antenna directly to the wall will not allow you to properly align the antenna with the corresponding antenna at the opposite end of your wireless link As poor alignment will typically result in poor performance we advise you to always mount the Outdoor Wireless Bridge to a mast Antenna Mast Antenna Requirements To accommodate the ZyAIR the mast must satisfy the following ...

Page 250: ...ge protection devices The energy is dissipated through heat and is also diverted to the ground Why is Additional Protection Recommended Lightning even with the built in protection can still damage ZyAIR equipment This can occur for any number of reasons such as an improperly grounded installation or if the amount of transient energy from nearby lightning exceeds what the devices can handle If the ...

Page 251: ...eiling point the antenna down For a single AP application place omni directional antennas as close to the center of the coverage area as possible For directional antennas point the antenna in the direction of the desired coverage area Connector Type The ZyAIR is equipped with a reverse polarity SMA jack so it will work with any 2 4GHz wireless antenna with a reverse polarity SMA plug ...

Page 252: ......

Page 253: ...e installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP addresses that place them in the same subnet as the ZyAIR Windows 95 ...

Page 254: ...click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks a Click Add b Select Client and then click Add c Select Microsoft from the list of manufacturers d Select Client for Microsoft Networks from the list of network clients and then click OK e Restart your computer so the changes you...

Page 255: ...ically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields 2 Click the DNS Configuration tab If you do not know your DNS information select Disable DNS If you know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in ...

Page 256: ...Add 4 Click OK to save and close the TCP IP Properties window 5 Click OK to close the Network window Insert the Windows CD if prompted 6 Turn on your ZyAIR and restart your computer when prompted Verifying Your Computer s IP Address 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your co...

Page 257: ...ows 2000 NT XP 1 For Windows XP click start Control Panel In Windows 2000 NT click Start Settings Control Panel 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections 3 Right click Local Area Connection and then click Properties ...

Page 258: ... XP and click Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields Click Advanced ...

Page 259: ...ddress in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Automa...

Page 260: ...e DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connection Properties window 10 Turn on your ZyAIR and restart your computer if prompted Verifying Your Computer s IP Address 1 Click Start All Programs Accessories and then Command ...

Page 261: ...er s Guide Setting Up Your Computer s IP Address C 9 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel 2 Select Ethernet built in from the Connect via list ...

Page 262: ... address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyAIR in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your ZyAIR and restart your computer if prompted Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu and cli...

Page 263: ...he IP address of your ZyAIR in the Router address box 5 Click Apply Now and close the window 6 Turn on your ZyAIR and restart your computer if prompted Checking Updating Your Computer s IP Address 1 In the computer click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER to verify that your computer s static IP address is in the...

Page 264: ...s ENTER and the reply messages displays Your computer can now communicate with the ZyAIR using the LAN port C ping 192 168 1 1 Pinging 192 168 1 1 with 32 bytes of data Reply from 192 168 1 1 bytes 32 time 10ms TTL 254 Reply from 192 168 1 1 bytes 32 time 10ms TTL 254 Reply from 192 168 1 1 bytes 32 time 10ms TTL 254 Reply from 192 168 1 1 bytes 32 time 10ms TTL 254 Ping statistics for 192 168 1 1...

Page 265: ...standard does not provide any central user account management User access control is done through manual modification of the MAC address table on the access point Although WEP data encryption offers a form of data security you have to reset the WEP key on the clients each time you change your WEP key on the access point IEEE 802 1x In June 2001 the IEEE 802 1x standard was designed to extend the f...

Page 266: ...tication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL EAP Over LAN Diagram D 1 Sequences for EAP MD5 Challenge Authentication Client computer access authorized Client computer access not authorized ...

Page 267: ... perform mutual authentication Finally MD5 authentication method does not support data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certifications are needed by both the server and the wireless stations for mutual authentication The server presents a certificate to the client After validating th...

Page 268: ...tion EAP MD5 EAP TLS Mutual Authentication No Yes Certificate Client No Yes Certificate Server No Yes Dynamic Key Exchange No Yes Credential Security None Strong Deployment Difficulty Easy Hard Wireless Security Poor Best Client Identity Protection No No ...

Page 269: ...propriate power source Check that the power source is turned on If the problem persists you may have a hardware problem In this case you should contact your local vendor Problems with Console Port Access Chart F 2 Troubleshooting Console Port Access PROBLEM CORRECTIVE ACTION 1 Check to see if the ZyAIR is connected to your computer s console port VT100 terminal emulation 115200 bps is the default ...

Page 270: ... F 4 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION I cannot access the ZyAIR from the Ethernet If all of the LEDs on the inline power injector are on check the Ethernet cable connection between your ZyAIR and the computer connected to the DATA IN port on the inline power injector Check for faulty Ethernet cables Make sure the computer s Ethernet adapter is installed and working ...

Page 271: ...art F 6 Troubleshooting Telnet PROBLEM CORRECTIVE ACTION I cannot access the ZyAIR through Telnet Refer to the Telnet and Console chapters Make sure you enter the correct user name and password Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet connection Problems with the WLAN Interface Chart F 7 Troubleshooting the WLAN Interface PROBLEM CORRECTI...

Page 272: ......

Page 273: ...TION 15 35 NORMAL 35 EXTREME 70 STORAGE 30 to 80 HUMIDITY non condensing 5 to 95 RH typical Chart G 2 Inspection Channel CH1 CH7 CH13 Tx Rx FREQUENCY MHZ 1 st Lo FREQUENCY MHZ 2 nd Lo FREQUENCY MHZ CH1 2412 2038 CH7 2442 2068 CH13 2472 2098 VCO 748 IF 374 Hardware Specification Chart G 3 Hardware Specifications Ethernet Interface One 1 10Base T RJ45 Access Protocol CSMA CA ...

Page 274: ...ety Certifications FCC Part 15 Class B R TTE Directive 1999 5 EC EN 300 328 2 EN 301 489 1 EN 301 489 17 EN 60950 IP68 Compatibility Fully interoperable with IEEE802 11b compliant products Power Supply 100 240VAC 50 60Hz 800mA at 48VDC PoE RADIO SPECIFICATIONS Chart G 4 Radio Specifications FREQUENCY BAND 2 4 2 4835 GHz RADIO TYPE Direct Sequence Spread Spectrum DSSS MODULATION TYPE Mbps CCK 11 5 ...

Page 275: ...uence Spread Spectrum DSSS MODULATION TYPE Mbps CCK 11 5 5 DQPSK 2 DBPSK 1 OPERATION CHANNELS CH European Community ETSI 13 RF OUTPUT POWER dBm FCC Excluding antenna gain 19 ETSI Excluding antenna gain 14 BAND EDGE dBc FCC 30 ETSI 30 CHART G 5 RX SENSITIVITY FER 0 08 11 Mbps 5 5 Mbps 2 Mbps 1 Mbps FCC dBm 85 86 89 92 ETSI dBm 85 86 89 92 ...

Page 276: ...ier Only 60KHz 120KHz 25 20 70 Power Ramp On Tx power on 90 of Pmax 3us 20 70 Power Ramp Off Tx power off 10 of Pmax 3us 20 70 Carrier Suppression Modulation Carrier Suppression 20dBr 20 70 Spurious Emission 1GHz 16GHz 41dBm 25 Chart G 7 RECEIVING SYSTEM PARAMETER TEST CONDITION SPECIFICATION TEMP DEG C Rx Sensitivity FER FER 8 Pin 85dBm Pin 83dBm 25 20 70 Rx Sensitivity Throughput THP 3Mbps Pin 8...

Page 277: ...ation mode in the chamber The same as 25 Deg C No Damage In Cosmetics Or Error In Function Low Temperature Operation Temp Storage Test Spec 20 Deg C 24 hours Operation mode in the chamber The same as 25 Deg C No Damage In Cosmetics Or Error In Function High Temperature Storage Temp Storage Test Spec 80 Deg C 24 hours Operation mode in room temperature 4 hours after the storage The same as 25 Deg C...

Page 278: ...g C No Damage In Cosmetics Or Error In Function Spec The same as 25 Deg C High Temperature High Humidity Temp Humidity Storage Test Spec 40 Deg C 95 RH non condensing 72 hours Operation mode in room temperature 4 hours after the storage The same as 25 Deg C No Damage In Cosmetics Or Error In Function Temperature Recycle Temp Cycle Test 20 0 20 0 20 40 60 40 20 Operation in the chamber 1 hour after...

Page 279: ...er DC48Volts 0 8A Power Consumption Tx 7 2 W Rx 3 84 W Standby 2 4 W Safety Standards UL UL 1950 CSA CSA 22 2 EUROPEAN PLUG STANDARDS AC Power Cord Europe Input Power AC100 240Volts 50 60Hz Output Power DC48Volts 0 8A Power Consumption Tx 7 2 W Rx 3 84 W Standby 2 4 W Safety Standards CE mark EN60950 2001 UNITED KINGDOM PLUG STANDARDS AC Power Cord UK Input Power AC100 240Volts 50 60Hz Output Powe...

Page 280: ...ZyAIR B 5000 User s Guide H 2 Power Specifications Power Consumption Tx 7 2 W Rx 3 84 W Standby 2 4 W Safety Standards TUV CE EN 60950 BS7002 ...

Page 281: ...an Union CE mark EN55022 Class B EN61000 3 2 EN61000 3 3 EMS European Union CE mark Electrostatic Discharge EN61000 4 2 Radio Frequency Electromagnetic Field EN61000 4 3 EFT Burst EN61000 4 4 Surge EN61000 4 5 Conducted Susceptibility EN61000 4 6 Power Magnetic EN61000 4 8 Voltage Dips Interruption EN61000 4 11 EM Field from Digital Telephones ENV50204 LAN compatibility SmartBit For Wireless PC Ca...

Page 282: ......

Page 283: ...utput 800mA at 48VDC 1 Wall plug AC Power Cord 1 8m 1 RS232 Console Cable MIL C 5015 STP 2 0m 1 Uplink Ethernet Cable MIL C 5015 UTP 1 8m 1 Grounding Cable UL1015 3 0m 1 RJ45 Ethernet Cable MIL C 5015 STP 30 0m 1 Antennas 5dBi omni direction rubber antenna 2 Mounting Brackets Wall mount brackets Mast mount brackets 1 1 Spanner Installation tool 1 CD ROM Quick Installation Guide English and Product...

Page 284: ......

Page 285: ...mer Support v D Data encryption 4 15 Denial of Service 28 2 DHCP 1 3 4 3 4 4 10 1 Domain Name 4 3 11 2 DoS Basics 28 3 Types 28 3 DoS Denial of Service 1 2 E EAP 1 2 13 2 EAP Authentication IX E 1 MD5 E 1 TLS E 1 ECHO 11 1 Encapsulation PPP over Ethernet 3 1 ESS See Extended Service Set ESS ID 4 15 Ethernet 4 2 5 4 5 5 Extended Service Set 12 2 Extended Service Set IDentification 4 17 12 6 F FCC i...

Page 286: ...See MD5 N NAT 4 3 Network Management 1 3 11 2 Network Topology With RADIUS Server Example D 2 NNTP 11 2 P Ping of Death 28 3 Point to Point Tunneling Protocol 11 2 POP3 11 2 28 3 Port Numbers 11 1 PPPoE 4 2 5 4 5 5 PPTP 11 2 Private IP Address 4 2 Q Quick Installation Guide xx 2 1 R RADIUS 1 2 13 1 Related Documentation xx Remote Authentication Dial In User Service See RADIUS Restore Configuration...

Page 287: ...ty See TLS Troubleshooting Accessing ZyAIR F 3 Ethernet Port F 2 Password F 1 Start Up F 1 U UDP See User Datagram Protocol Upload Firmware 27 7 User Datagram Protocol 11 1 28 8 User Datagram Protocol UDP 28 8 W Warranty iv Web Configurator 2 1 28 2 WEP 4 15 13 3 WEP Encryption 4 17 12 6 Wireless LAN 4 13 Wizard Setup 3 1 WLAN See Wireless LAN X XMODEM protocol 27 2 Z ZyNOS 22 6 27 2 ZyXEL Limited...

Reviews:

No comments

Related manuals for ZyAIR B-5000

Brand: Audiovox Pages: 8

ProSafe ANT224D10

Brand: NETGEAR Pages: 2

Brand: Sirius XM RAdio Pages: 9

KINGSAT Maritime VSAT P8

Brand: EARDATEK Pages: 88

Brand: SteppIR Pages: 36

Brand: SteppIR Pages: 52

Brand: Lava Pages: 2

Brand: SELFSAT Pages: 89

Brand: Radio Shack Pages: 4

OPTIMUS 15-1843

Brand: Radio Shack Pages: 2

Brand: Satfi Pages: 12

Brand: Simrad Pages: 16

Brand: RFS Pages: 8

Brand: Laird Pages: 2

Brand: Laird Pages: 2

Brand: Laird Pages: 4

Brand: Laird Pages: 3

ET-X-TU-42-15-37-18-iR-RA

Brand: KMW Communications Pages: 3

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands