manualshive.com logo in svg

ZyXEL Communications ZyAIR G-2000 Plus, User Manual

The ZyXEL Communications ZyAIR G-2000 Plus is a high-performance wireless router that allows for seamless connectivity. Make sure to download the free User Manual from manualshive.com to set up and optimize your network easily. This manual provides detailed instructions and troubleshooting tips for a smooth user experience.

Share
Download
background image

ZyAIR G-2000 Plus User’s Guide

323

Chapter 29 Filter Configuration

Figure 177   

Example Filter Rules Summary: Menu 21.1.3

This shows you that you have configured and activated (

A = Y

) a TCP/IP filter rule (

Type = 

IP

Pr = 6

) for destination telnet ports (

DP = 23

).

M = N

 means an action can be taken immediately. The action is to drop the packet (

m = D

) if 

the action is matched and to forward the packet immediately (

n = F

) if the action is not 

matched no matter whether there are more rules to be checked (there aren’t in this example).

After you’ve created the filter set, you must apply it. 

1

Enter 11 from the main menu to go to menu 11.

2

Go to the 

Edit Filter Sets

 field, press 

[SPACE BAR]

 to select

 Yes

 and press 

[ENTER]

.

3

This brings you to menu 11.5. Apply a filter set (our example filter set 3).

4

Press 

[ENTER

] to confirm after you enter the set numbers and to leave menu 11.5.

29.4  Filter Types and NAT

There are two classes of filter rules, 

Generic Filter 

(Device) rules and protocol filter (

TCP/

IP

) rules. Generic filter rules act on the raw data from/to LAN and WAN. Protocol filter

 

rules 

act on the IP packets. Generic and TCP/IP filter rules are discussed in more detail in the next 
section. When NAT  (Network Address Translation) is enabled, the inside IP address and port 
number are replaced on a connection-by-connection basis, which makes it impossible to know 
the exact address and port on the wire. Therefore, the ZyAIR applies the protocol filters to the 
“native” IP address and port number before NAT for outgoing packets and after NAT for 
incoming packets. On the other hand, the generic, or device filters are applied to the raw 
packets that appear on the wire. They are applied at the point when the ZyAIR is receiving and 
sending the packets; i.e. the interface. The interface can be an Ethernet port or any other 
hardware port. The following diagram illustrates this.

                        Menu 21.1.3 - Filter Rules Summary
 # A Type                       Filter Rules                        M m n
 - - ---- --------------------------------------------------------- - - -
 1 Y IP   Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23                       N D F
 2 N
 3 N
 4 N
 5 N
 6 N
                  Enter Filter Rule Number (1-6) to Configure:

Summary of Contents for ZyAIR G-2000 Plus

Page 1: ...ZyAIR G 2000 Plus 802 11g Wireless 4 port Router User s Guide Version 3 60 12 2004...

Page 2: ......

Page 3: ...ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it...

Page 4: ...in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by t...

Page 5: ...express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind...

Page 6: ...s zyxel com GERMANY support zyxel de 49 2405 6909 0 www zyxel de ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germany sales zyxel de 49 2405 6909 99 FRANCE info zyxel fr 33 0 4 72 52 97...

Page 7: ...ZyAIR G 2000 Plus User s Guide Customer Support 6 a is the prefix number you enter to make an international telephone call...

Page 8: ...ZyAIR G 2000 Plus User s Guide 7 Customer Support...

Page 9: ...36 1 2 1 4 10 100 Mbps Ethernet WAN 37 1 2 1 5 Reset Button 37 1 2 1 6 ZyAIR LED 37 1 2 2 Firmware Features 37 1 2 2 1 Internal RADIUS Server 37 1 2 2 2 Wi Fi Protected Access 37 1 2 2 3 802 11b Wirel...

Page 10: ...2 2 31 Wireless LAN Channel Usage 42 1 3 Applications for the ZyAIR 42 1 3 1 Internet Access Application 42 Chapter 2 Introducing the Web Configurator 44 2 1 Web Configurator Overview 44 2 2 Accessin...

Page 11: ...Time Setting 68 Chapter 5 LAN Screens 70 5 1 LAN Overview 70 5 2 DHCP Setup 70 5 2 1 IP Pool Setup 70 5 2 2 System DNS Servers 70 5 3 LAN TCP IP 70 5 3 1 Factory LAN Defaults 70 5 3 2 IP Address and...

Page 12: ...troduction to RADIUS 100 7 9 1 Types of RADIUS Messages 100 7 9 1 1 Access Challenge 100 7 9 1 2 Accounting Request 101 7 9 1 3 Accounting Response 101 7 9 1 4 EAP Authentication Overview 101 7 10 Con...

Page 13: ...0 3 1 Default Server IP Address 141 10 3 2 Port Forwarding Services and Port Numbers 141 10 3 3 Configuring Servers Behind SUA Example 142 10 4 Configuring SUA Server 143 10 5 Configuring Address Mapp...

Page 14: ...nP in Windows Me 171 13 4 2 Installing UPnP in Windows XP 172 13 5 Using UPnP in Windows XP Example 173 13 5 1 Auto discover Your UPnP enabled Network Device 174 13 5 2 Web Configurator Easy Access 17...

Page 15: ...4 15 3 3 Key Fields For Configuring Rules 194 15 3 3 1 Action 194 15 3 3 2 Service 194 15 3 3 3 Source Address 194 15 3 3 4 Destination Address 194 15 4 Connection Direction Examples 195 15 4 1 LAN to...

Page 16: ...36 Chapter 19 Maintenance 240 19 1 Maintenance Overview 240 19 2 System Status Screen 240 19 2 1 System Statistics 242 19 3 DHCP Table Screen 242 19 4 Association List 243 19 5 F W Upload Screen 244 1...

Page 17: ...Alias Setup 267 23 4 Wireless LAN Setup 268 23 4 1 Configuring MAC Address Filter 270 Chapter 24 Internet Access 274 24 1 Introduction to Internet Access Setup 274 24 2 Ethernet Encapsulation 274 24...

Page 18: ...Example 2 Internet Access with an Inside Server 303 28 5 3 Example 3 Multiple Public IP Addresses With Inside Servers 304 28 5 4 Example 4 NAT Unfriendly Application Programs 308 28 6 Configuring Trig...

Page 19: ...2 System Information 340 33 2 1 System Information 340 33 2 2 Console Port Speed 341 33 3 Log and Trace 341 33 3 1 Viewing Error Log 341 33 3 2 UNIX Syslog 342 33 3 2 1 CDR 343 33 3 2 2 Packet trigger...

Page 20: ...5 Example TFTP Command 360 Chapter 35 System Maintenance and Information 362 35 1 Command Interpreter Mode 362 35 2 Call Control Support 363 35 2 1 Budget Management 364 35 2 2 Call History 364 35 3...

Page 21: ...etting 396 Appendix F Command Interpreter 404 Appendix G Log Descriptions 406 Appendix H Wireless LAN and IEEE 802 11 410 Appendix I Wireless LAN With IEEE 802 1x 414 Appendix J Types of EAP Authentic...

Page 22: ...ZyAIR G 2000 Plus User s Guide 21 Table of Contents...

Page 23: ...Figure 12 Wizard 5 WAN Setup 61 Figure 13 Wizard Finish 63 Figure 14 System General Setup 64 Figure 15 DDNS 66 Figure 16 Password 67 Figure 17 Time Setting 68 Figure 18 LAN IP 73 Figure 19 Static DHC...

Page 24: ...gure 55 NAT Application With IP Alias 139 Figure 56 Multiple Servers Behind NAT Example 143 Figure 57 SUA NAT Setup 144 Figure 58 Address Mapping 146 Figure 59 Address Mapping Edit 147 Figure 60 Trigg...

Page 25: ...99 Log Settings 234 Figure 100 Reports 237 Figure 101 System Status 241 Figure 102 System Status Show Statistics 242 Figure 103 Maintenance DHCP Table 243 Figure 104 Association List 244 Figure 105 F...

Page 26: ...capsulation 288 Figure 141 Menu 11 5 Remote Node Filter PPPoE and PPTP Encapsulation 288 Figure 142 Menu 12 IP Static Route Setup 290 Figure 143 Menu12 1 Edit IP Static Route 291 Figure 144 Menu 14 Di...

Page 27: ...ystem Security RADIUS Server 333 Figure 187 Menu 23 System Security 334 Figure 188 Menu 23 4 System Security IEEE802 1x 335 Figure 189 Menu 24 System Maintenance 338 Figure 190 Menu 24 1 System Mainte...

Page 28: ...nu 384 Figure 221 Windows XP Control Panel 384 Figure 222 Windows XP Control Panel Network Connections Properties 385 Figure 223 Windows XP Local Area Connection Properties 385 Figure 224 Windows XP A...

Page 29: ...le 12 Wizard 5 WAN Setup 61 Table 13 System General Setup 64 Table 14 DDNS 66 Table 15 Password 67 Table 16 Time Setting 68 Table 17 LAN IP 73 Table 18 Static DHCP 76 Table 19 IP Alias 77 Table 20 Wir...

Page 30: ...MP 164 Table 55 Remote Management DNS 165 Table 56 Security 167 Table 57 Configuring UPnP 170 Table 58 Common IP Ports 180 Table 59 ICMP Commands That Trigger Alerts 184 Table 60 Default Rule 197 Tabl...

Page 31: ...tic Route 291 Table 100 Menu 14 1 Edit Dial in User 293 Table 101 Applying NAT in Menus 4 11 3 296 Table 102 SUA Address Mapping Rules 298 Table 103 Menu 15 1 1 First Set 299 Table 104 Menu 15 1 1 1 E...

Page 32: ...135 Natural Masks 397 Table 136 Alternative Subnet Mask Notation 398 Table 137 Two Subnets Example 398 Table 138 Subnet 1 399 Table 139 Subnet 2 399 Table 140 Subnet 1 400 Table 141 Subnet 2 400 Table...

Page 33: ...ot configurable by web configurator Related Documentation Supporting Disk Refer to the included CD for support documents Compact Guide The Quick Start Guide is designed to help you get up and running...

Page 34: ...enu titles and labels are in Bold Times New Roman font Predefined field choices are in Bold Arial font Command and arrow keys are enclosed in square brackets ENTER means the Enter or carriage return k...

Page 35: ...ZyAIR G 2000 Plus User s Guide Preface 34 Graphics Icons Key ZyAIR Computer Notebook computer Server DSLAM Firewall Modem Switch Router Wireless Signal...

Page 36: ...ZyAIR G 2000 Plus User s Guide 35 Preface...

Page 37: ...or and SNMP network management enables remote configuration and management of your ZyAIR 1 2 ZyAIR Features The following sections describe the features of the ZyAIR 1 2 1 Physical Features 1 2 1 1 4...

Page 38: ...data is being transmitted received 1 2 2 Firmware Features 1 2 2 1 Internal RADIUS Server The ZyAIR has a built in RADIUS server that can authenticate wireless clients or other AP s in other wireless...

Page 39: ...sed on public private key pairs Certificates provide a way to exchange public keys for use in authentication 1 2 2 7 Limit the number of Client Connections You may set a maximum number of wireless sta...

Page 40: ...r denied MAC addresses 1 2 2 12 WEP Encryption WEP Wired Equivalent Privacy encrypts data frames before transmitting over the wireless network to help keep network communications private 1 2 2 13 IEEE...

Page 41: ...twork Address Translation NAT RFC 1631 allows the translations of multiple IP addresses used within one network to different IP addresses known within another network 1 2 2 19 Traffic Redirect Traffic...

Page 42: ...work administrator 1 2 2 25 SNMP SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices SNMP is a member of the TCP IP protocol suite...

Page 43: ...2 2 31 Wireless LAN Channel Usage The Wireless Channel Usage screen displays whether the radio channels are used by other wireless devices within the transmission range of the ZyAIR This allows you t...

Page 44: ...ZyAIR G 2000 Plus User s Guide 43 Chapter 1 Getting to Know Your ZyAIR...

Page 45: ...24 by 768 pixels The screens you see in the web configurator may vary somewhat from the ones shown in this document due to differences between individual firmware versions 2 2 Accessing the ZyAIR Web...

Page 46: ...te a certificate using your ZyAIR s MAC address that will be specific to this device Figure 3 Replace Certificate Screen You should now see the MAIN MENU screen Note The management session automatical...

Page 47: ...seconds or until the SYS LED LINK LED or BRI RPT LED turns red and then release it If the SYS LED begins to blink the defaults have been restored and the ZyAIR restarts Otherwise go to step 2 2 Turn t...

Page 48: ...Time Setting LAN DHCP and TCP IP Setup WLAN WLAN and WLAN Security Setup WAN SUA NAT STATIC ROUTE Route Entry FIREWALL Settings Filter and Services Internal RADIUS Server Settings Trusted AP and Trus...

Page 49: ...from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at...

Page 50: ...ment over WEP as it employs an easier to use consistent single alphanumeric password Therefore if you don t have an external RADIUS server you should use WPA PSK WPA Pre Shared Key that only requires...

Page 51: ...the System Name In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name...

Page 52: ...drop down list box Open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer to peer wireless network Security The level of Security can be selected...

Page 53: ...WEP Encryption Select 64 bit WEP or 128 bit WEP to allow data encryption ASCII Select this option in order to enter ASCII characters as the WEP keys HEX Select this option to enter hexadecimal charac...

Page 54: ...re Ethernet PPP over Ethernet or PPTP 3 5 1 Ethernet Choose Ethernet when the WAN port is used as a regular Ethernet Table 6 Wizard 3 Wireless LAN Setup Extend Security LABEL DESCRIPTION Pre Shared Ke...

Page 55: ...elia Login The following fields are not applicable N A for the Standard service type User Name Type the user name given to you by your ISP Password Type the password associated with the user name abov...

Page 56: ...ing software can activate and therefore requires no new learning or procedures for Windows users One of the benefits of PPPoE is the ability to let end users access one of multiple network services a...

Page 57: ...ION ISP Parameter for Internet Access Encapsulation Choose PPP over Ethernet from the pull down list box PPPoE forms a dial up connection Service Name Type the name of your service provider User Name...

Page 58: ...ver connection at any given time Table 9 Wizard 4 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Select PPTP from the drop down list box User Name Type the user...

Page 59: ...hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses My IP Address Type the static IP address assigned to you by your ISP M...

Page 60: ...t is easy to remember for instance 192 168 1 1 for your ZyAIR but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP...

Page 61: ...hange the setting or upload a different rom file The fifth wizard screen varies according to the type of encapsulation that you select in the third wizard screen Note ZyXEL recommends you clone the MA...

Page 62: ...WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address My WAN IP Subnet Mask Enter a Subnet Mask appropriate to your network a Gateway IP Address Enter the Gatewa...

Page 63: ...ring VPN DDNS and the time server WAN MAC Address The MAC address field allows you to configure the WAN port s MAC Address by either using the factory default or cloning the MAC address from a compute...

Page 64: ...ZyAIR G 2000 Plus User s Guide 63 Chapter 3 Wizard Setup Figure 13 Wizard Finish Well done You have successfully set up the ZyAIR A congratulations screen displays some information...

Page 65: ...gure 14 System General Setup The following table describes the labels in this screen Table 13 System General Setup LABEL DESCRIPTION General Setup System Name Type a descriptive name to identify the Z...

Page 66: ...configurator or SMT can be left idle before the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts may have security ris...

Page 67: ...the type of service that you are registered for from your Dynamic DNS service provider Host Names 1 3 Enter the host names in the three fields provided You can specify up to two host names in each fie...

Page 68: ...omatically by the DDNS server It is recommended that you select this option Use specified IP Address Select this option to update the IP address of the host name s to the IP address specified below Us...

Page 69: ...all protocols so you may have to check with your ISP network administrator or use trial and error to find a protocol that works The main difference between them is the format Daytime RFC 867 format is...

Page 70: ...y Time Zone Choose the time zone of your location This will set the time difference between your time zone and Greenwich Mean Time GMT Daylight Savings Select this option if you use daylight savings t...

Page 71: ...rovides the TCP IP configuration for the clients If DHCP service is disabled you must have another DHCP server on your LAN or else the computer must be manually configured 5 2 1 IP Pool Setup The ZyAI...

Page 72: ...P 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M send routing data in RIP 2 format the difference being that...

Page 73: ...e in IGMP The address 224 0 0 2 is assigned to the multicast routers group The ZyAIR supports both IGMP version 1 IGMP v1 and IGMP version 2 IGMP v2 At start up the ZyAIR queries all directly connecte...

Page 74: ...led and you must have another DHCP server on your LAN or else the computers must be manually configured When set as a server fill in the following four fields IP Pool Starting Address This field speci...

Page 75: ...on with other routers The RIP Direction field controls the sending and receiving of RIP packets Select the RIP direction from Both In Only Out Only None When set to Both or Out Only the ZyAIR will bro...

Page 76: ...settings click LAN then the Static DHCP tab The screen appears as shown Allow between LAN and WAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN I...

Page 77: ...ysical Ethernet interface with the ZyAIR itself as the gateway for each LAN network To change your ZyAIR s IP Alias settings click LAN then the IP Alias tab The screen appears as shown Table 18 Static...

Page 78: ...oth or In Only it will incorporate the RIP information that it receives when set to None it will not send any RIP packets and will ignore any RIP packets received RIP Version The RIP Version field con...

Page 79: ...s 6 1 1 IBSS An Independent Basic Service Set IBSS also called an Ad hoc network is the simplest WLAN configuration An IBSS is defined as two or more computers with wireless adapters within range of e...

Page 80: ...l access the wired network but cannot communicate with each other Figure 22 Basic Service set 6 1 3 ESS An Extended Service Set ESS consists of a series of overlapping BSSs each containing an access p...

Page 81: ...nels 6 2 1 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range of each other The following figure illustrates a hidden node Both stations...

Page 82: ...transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP wit...

Page 83: ...viously you set then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size 6 3 Configuring Wireless Click the WIRELESS l...

Page 84: ...WEP settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match the ZyAIR s new settings Hide ESSID Select this...

Page 85: ...place to place it is responsible for choosing the most appropriate access point depending on the signal strength network utilization or other factors The roaming feature on the access points allows th...

Page 86: ...e met in order for wireless stations to roam between the coverage areas 1 All the access points must be on the same subnet and configured with the same ESSID 2 If IEEE 802 1x user authentication is en...

Page 87: ...if you have two or more ZyAIRs on the same subnet Note All APs on the same subnet and the wireless stations must have the same ESSID to allow roaming Port Enter the port number to communicate roaming...

Page 88: ...ZyAIR G 2000 Plus User s Guide 87 Chapter 6 Wireless Configuration and Roaming...

Page 89: ...ble wireless security levels on your ZyAIR EAP Extensible Authentication Protocol is used for authentication and utilizes dynamic WEP key exchange It requires interaction with a RADIUS Remote Authenti...

Page 90: ...ts wireless stations Clear the check box to turn this LED off even when the ZyAIR is on and data is being transmitted received Preamble Select a preamble type from the drop down list menu Choices are...

Page 91: ...ovides a mechanism for encrypting data using encryption keys Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data Your ZyAIR allows you to configure up to four 6...

Page 92: ...eless station must then use the AP s default WEP key to encrypt the challenge text and return it to the AP which attempts to decrypt the message using the AP s default WEP key If the decrypted message...

Page 93: ...IR automatically generates a WEP key WEP Encryption Select 64 bit WEP or 128 bit WEP to enable data encryption Authentication Method This field is activated when you select 64 bit WEP or 128 bit WEP i...

Page 94: ...II characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You must configure all four keys but only one key can be...

Page 95: ...in which the receiver and the transmitter each compute and then compare the MIC If they do not match it is assumed that the data has been tampered with and the packet is dropped By generating unique...

Page 96: ...ess Security Figure 32 WPA PSK Authentication 7 6 Configuring WPA PSK Authentication In order to configure and enable WPA PSK Authentication click the WIRELESS link under ADVANCED to display the Wirel...

Page 97: ...0 seconds 30 minutes Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeout The ZyAIR automatically disconnects...

Page 98: ...ess accordingly 3 The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the pair wise key to dynamically generate unique d...

Page 99: ...Security 98 Figure 34 WPA with RADIUS Application Example 7 8 Configuring WPA Authentication In order to configure and enable WPA Authentication click the WIRELESS link under ADVANCED to display the...

Page 100: ...nter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds 30 minutes Note If wireless station authentication is done using a RADIUS server the reauthentication timer o...

Page 101: ...authentication Access Reject Sent by a RADIUS server rejecting access Access Accept Sent by a RADIUS server allowing access 7 9 1 1 Access Challenge Sent by a RADIUS server requesting more information...

Page 102: ...n order to support multiple types of user authentication By using EAP to interact with an EAP compatible RADIUS server the access point helps a wireless station and a RADIUS server perform authenticat...

Page 103: ...You can configure the ZyAIR to authenticate wireless clients using an external RADIUS server or have the ZyAIR itself act as a RADIUS server using the internal RADIUS server To specify a RADIUS serve...

Page 104: ...s clients in other wireless networks External RADIUS Server Select the radio button to use an External RADIUS Server to authenticate the ZyAIR s wireless clients Authentication Server Server IP Addres...

Page 105: ...in the Wireless screen Ensure that the wireless station s EAP type is configured to one of the following Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between...

Page 106: ...nfiguring 802 1x and Dynamic WEP Key Exchange In order to configure and enable 802 1x and Dynamic WEP Key Exchange click the WIRELESS link under ADVANCED to display the Wireless screen Select 802 1x D...

Page 107: ...tes Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeout The ZyAIR automatically disconnects a wireless stati...

Page 108: ...ble 802 1x and Static WEP Key Exchange click the WIRELESS link under ADVANCED to display the Wireless screen Select 802 1x Static WEP from the Security list Apply Click Apply to save your changes back...

Page 109: ...following table describes the labels in this screen Table 29 Wireless 802 1x and Static WEP LABEL DESCRIPTION Passphrase Enter a Passphrase up to 32 printable characters and click Generate The ZyAIR...

Page 110: ...in before access to the wired network is allowed The default time interval is 3600 seconds or 1 hour Authentication Databases The authentication database contains wireless station login information Th...

Page 111: ...er s Guide Chapter 7 Wireless Security 110 7 15 Configuring 802 1x In order to configure and enable 802 1x click the WIRELESS link under ADVANCED to display the Wireless screen Select 802 1x No WEP fr...

Page 112: ...nnected Enter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds 30 minutes Note If wireless station authentication is done using a RADIUS server the reauthenticatio...

Page 113: ...sure you have set up the corresponding database correctly first Select Local User Database Only to have the ZyAIR just check the built in trusted user database on the ZyAIR for a wireless station s u...

Page 114: ...Select Deny Association to block access to the ZyAIR MAC addresses not listed will be allowed to access the ZyAIR Select Allow Association to permit access to the ZyAIR MAC addresses not listed will b...

Page 115: ...l RADIUS Overview The ZyAIR has a built in RADIUS server that can authenticate wireless clients or other AP s in other wireless networks The ZyAIR can function as an AP and as a RADIUS server at the s...

Page 116: ...about the ZyAIR s certificate and to activate the internal RADIUS server on your ZyAIR Trusted AP Use the Trusted AP screen to configure which trusted AP s you can authenticate You can authenticate u...

Page 117: ...with one that uses your ZyAIR s MAC address This can be done when you first log in to the ZyAIR or in the Advanced web configurator Certificates screen Refer to the My Certificates section in the Cer...

Page 118: ...The factory default certificate is common to all ZyAIR s that use certificates You can replace the certificate when you log into the ZyAIR see the section Introducing the Web Configurator or you can...

Page 119: ...same information as in the Subject field Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificat...

Page 120: ...AP To configure trusted AP s on the ZyAIR s internal RADIUS click the AUTH SERVER link under ADVANCED and then the Trusted AP tab The screen appears as shown Figure 46 Trusted AP Screen The following...

Page 121: ...ed between the trusted AP and the ZyAIR Note The first trusted AP fields are reserved for the ZyAIR They are grayed out and therefore cannot be configured The shared secret must be the same on the tru...

Page 122: ...s name can be up to 31 alphanumeric characters long including spaces The login name on the wireless client s utility must be the same as this user name on so it can authenticate the RADIUS server usin...

Page 123: ...Plus User s Guide Chapter 8 Internal RADIUS Server 122 Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh Table 35 Trusted Users LABEL...

Page 124: ...ZyAIR G 2000 Plus User s Guide 123 Chapter 8 Internal RADIUS Server...

Page 125: ...he Internet See the Wizard Setup chapter for more background information on most fields in the WAN screens Background information on WAN fields not included in the Wizard is described here 9 2 Configu...

Page 126: ...capsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet Service Type Choose from Standard Telstra RoadRunner Telstra authenticat...

Page 127: ...ba authentication method or Telia Login The following fields do not appear with the Standard service type User Name Type the user name given to you by your ISP Password Type the password associated wi...

Page 128: ...ess one of multiple network services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE save...

Page 129: ...PoE directly on the router rather than individual computers the computers on the LAN do not need PPPoE software installed since the router does that part of the task Further with NAT all of the LAN s...

Page 130: ...twork protocol that enables secure transfer of data from a remote client to a private server creating a Virtual Private Network VPN using TCP IP based networks PPTP supports on demand multi protocol a...

Page 131: ...orking over public networks such as the Internet The ZyAIR supports only one PPTP server connection at any given time To configure a PPTP client you must configure the User Name and Password fields fo...

Page 132: ...ype of encapsulation you select If your ISP did not assign you a fixed IP address click Get automatically from ISP Default otherwise click Use fixed IP Address and enter the IP address in the field pr...

Page 133: ...s the default selection Use fixed IP address Select this option If the ISP assigned a fixed IP address My WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address My...

Page 134: ...rivate PPPoE and PPTP only This parameter determines if the ZyAIR will include the route to this remote node in its RIP broadcasts If set to Yes this route is kept private and not included in RIP broa...

Page 135: ...sections 4 and 5 of RFC 2236 Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP broadcast packets that enable a computer to connect to and communicate wit...

Page 136: ...s MAC address IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning Once it is successfully configured the address will be copied to the rom file ZyNOS configuration...

Page 137: ...packet traverses a router For example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when t...

Page 138: ...firewall protection With no servers defined your ZyAIR filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to R...

Page 139: ...lation NAT 138 Figure 54 How NAT Works 10 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the ZyAIR can commu...

Page 140: ...one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature the SUA Only option Many to Many Overload In Many to Many Overload mode the ZyAIR...

Page 141: ...e in the WAN IP screen 10 3 SUA Server A SUA server set is a list of inside behind NAT on the LAN servers for example web or FTP that you can make visible to the outside world even though SUA makes yo...

Page 142: ...ervers for example web or FTP that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world Use the SUA Server page...

Page 143: ...e example port 80 to another B in the example and assign a default server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address...

Page 144: ...Behind NAT Example 10 4 Configuring SUA Server Click SUA NAT to open the SUA Server screen Refer tosee Figure 43for port numbers commonly used for particular services Note If you do not assign a Defau...

Page 145: ...ddress the ZyAIR discards all packets received for ports that are not specified in this screen or remote management Number of an individual SUA server entry Active Select this check box to enable the...

Page 146: ...gured rule will be pushed up by that number of empty rules For example if you have already configured rules 1 to 6 in your current set and now you configure rule number 9 In the set summary screen the...

Page 147: ...This refers to the Inside Global IP Address IGA 0 0 0 0 is for a dynamic IP address from your ISP with Many to One and Server mapping types Global End IP This is the end Inside Global Address IGA This...

Page 148: ...following 1 One to One One to one mode maps one local IP address to one global IP address Note that port numbers do not change for One to one NAT mapping type 2 Many to One Many to One mode maps mult...

Page 149: ...s a response with a specific port number and protocol incoming port the ZyAIR forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that...

Page 150: ...ly Jane can connect to the Real Audio server until the connection is closed or times out The ZyAIR times out in three minutes with UDP User Datagram Protocol or two hours with TCP IP Transfer Control...

Page 151: ...fic with this port or range of ports to the client computer on the LAN that requested the service Start Port Type a port number or the starting port number in a range of port numbers End Port Type a p...

Page 152: ...ZyAIR G 2000 Plus User s Guide 151 Chapter 10 Single User Account SUA Network Address Translation NAT...

Page 153: ...of the networks beyond For instance the ZyAIR knows about network N2 in the following figure through remote node router R1 However the ZyAIR is unable to route a packet to network N3 because it doesn...

Page 154: ...e is active Yes or not No Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gateway T...

Page 155: ...s an immediate neighbor of your ZyAIR that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyAIR over the WAN the gateway must be the IP...

Page 156: ...ZyAIR G 2000 Plus User s Guide 155 Chapter 11 Static Route Screens...

Page 157: ...unning at a time The ZyAIR automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts The priorities for the different typ...

Page 158: ...management session running at one time 5 There is a firewall rule that blocks it 12 1 2 Remote Management and NAT When NAT is enabled Use the ZyAIR s WAN IP address when configuring from the WAN Use...

Page 159: ...needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access the ZyAIR using this servi...

Page 160: ...n Figure 67 Remote Management Telnet The following table describes the labels in this screen Table 51 Remote Management Telnet LABEL DESCRIPTION Server Port You may change the server port number for a...

Page 161: ...puter that is allowed to communicate with the ZyAIR using this service Select All to allow any computer to access the ZyAIR using this service Choose Selected to just allow the computer with the IP ad...

Page 162: ...only available if TCP IP is configured Figure 69 SNMP Management Model An SNMP managed network consists of two main types of component agents and a manager Secured Client IP Address A secured client i...

Page 163: ...trieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of...

Page 164: ...tab The screen appears as shown 6a For intentional reboot A trap is sent with the message System reboot by user if reboot is done intentionally for example download new files CI command sys reboot et...

Page 165: ...quests from the management station The default is public and allows all requests Trusted Host If you enter a trusted host your ZyAIR will only respond to SNMP messages from this address A blank defaul...

Page 166: ...his service Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the ZyAIR using this service Select All to allow any computer to access the ZyAIR using...

Page 167: ...g which prevents the ICMP response packet from being sent This keeps outsiders from discovering your ZyAIR when unsupported ports are probed Secured Client IP Address A secured client is a trusted com...

Page 168: ...vent hackers from finding the ZyAIR by probing for unused ports If you select this option the ZyAIR will not respond to port request s for unused ports thus leaving the unused ports and the ZyAIR unse...

Page 169: ...g the icon of a UPnP device will allow you to access the information and properties of that device 13 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate t...

Page 170: ...P Implementers Corp UIC ZyXEL s UPnP implementation supports IGD 1 0 Internet Gateway Device At the time of writing ZyXEL s UPnP implementation supports Windows Messenger 4 6 and 4 7 while Windows Mes...

Page 171: ...users to make configuration changes through UPnP Select this check box to allow UPnP enabled applications to automatically configure the ZyAIR so that they can communicate through the ZyAIR for examp...

Page 172: ...anel Double click Add Remove Programs 2 Click on the Windows Setup tab and select Communication in the Components selection box Click Details 3 In the Communications window select the Universal Plug a...

Page 173: ...work Connections window click Advanced in the main menu and select Optional Networking Components 4 The Windows Optional Networking Components Wizard window displays 5 Select Networking Service in the...

Page 174: ...XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL device Make sure the computer is connecte...

Page 175: ...nder Internet Gateway 2 Right click the icon and select Properties 3 In the Internet Connection Properties window click Settings to see the port mappings that were automatically created 4 You may edit...

Page 176: ...inding out the IP address of the ZyXEL device first This is helpful if you do not know the IP address of the ZyXEL device Follow the steps below to access the web configurator 5 Select the Show icon i...

Page 177: ...the ZyXEL device 1 Click Start and then Control Panel 2 Double click Network Connections 3 Select My Network Places under Other Places 4 An icon with the description for each UPnP enabled device disp...

Page 178: ...elect My Network Places under Other Places 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click the icon for your ZyXEL device and select Invoke The w...

Page 179: ...firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be impleme...

Page 180: ...See Stateful Inspection on page 185 for more information on Stateful Inspection Firewalls of one type or another have become an integral part of standard security solutions for enterprises 14 3 Intro...

Page 181: ...An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traffic by default uses TCP port 80 When com...

Page 182: ...unsuspecting system Systems may crash hang or reboot b Teardrop attack exploits weaknesses in the reassembly of IP packet fragments As data is transmitted through a network IP packets are often broken...

Page 183: ...lished a SYN Attack floods a targeted system with a series of SYN packets Each packet causes the targeted system to issue a SYN ACK response While the targeted system waits for the ACK that follows th...

Page 184: ...a A Smurf hacker floods a router with Internet Control Message Protocol ICMP echo request packets pings Since the destination IP address of each packet is the broadcast address of the network the rout...

Page 185: ...technique known as IP Spoofing as part of their attack IP Spoofing may be used to break into systems to hide the hacker s identity or to magnify the effect of the DoS attack IP Spoofing is a techniqu...

Page 186: ...s from the Internet In summary stateful inspection Allows all sessions originating from the LAN local network to the WAN Internet Denies all sessions originating from the WAN to the LAN Figure 78 Stat...

Page 187: ...ry entries might be modified in order to permit only packets that are valid for the current state of the connection 8 Any additional inbound or outbound packets that belong to the connection are inspe...

Page 188: ...any subsequent packet from the Internet or from the LAN its connection information is extracted and checked against the cache A packet is only allowed to pass through if it corresponds to a valid con...

Page 189: ...hat operates in this way must be supported on a case by case basis You can use the web configurator s Custom Services feature to do this 14 6 Guidelines For Enhancing Security With Your Firewall 1 Cha...

Page 190: ...er layers from the network layer IP headers up to the application layer The firewall performs stateful inspection It takes into account the state of connections it handles so that for example a legiti...

Page 191: ...ZyAIR G 2000 Plus User s Guide Chapter 14 Firewalls 190 6 The firewall can block specific URL traffic that might occur in the future The URL can be saved in an Access Control List ACL database...

Page 192: ...ZyAIR G 2000 Plus User s Guide 191 Chapter 14 Firewalls...

Page 193: ...ands 15 2 Firewall Policies Overview Firewall rules are grouped based on the direction of travel of packets to which they apply By default the ZyAIR s stateful packet inspection allows packets traveli...

Page 194: ...ult rules 15 3 Rule Logic Overview 15 3 1 Rule Checklist 1 State the intent of the rule For example This restricts all IRC access from the LAN to the Internet Or This allows a remote Lotus Notes serve...

Page 195: ...rs may be able to connect to computers with running FTP servers 4 Does this rule conflict with any existing rules Once these questions have been answered adding rules is simply a matter of plugging th...

Page 196: ...control routing between two subnets on the LAN Similarly WAN to WAN ZyAIR polices apply in the same way to the WAN ports 15 4 1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all use...

Page 197: ...ate an alert when a rule is matched in the Edit Rule screen Figure 83 Configure the Log Settings screen to have the ZyAIR send an immediate e mail message to you when an event generates an alert Refer...

Page 198: ...packets W LAN to W LAN ZyAIR W LAN to WAN WAN to W LAN WAN to WAN ZyAIR Firewall rules are grouped based on the direction of travel of packets to which they apply For example W LAN to W LAN ZyAIR mean...

Page 199: ...ated that apply to traffic traveling in the selected packet direction The firewall rules that you configure summarized below take priority over the general firewall action settings above This is your...

Page 200: ...rule Enabled or not Disable Alert This field tells you whether this rule generates an alert Yes or not No when the rule is matched Move Type a rule s index number and the number for where you want to...

Page 201: ...ZyAIR G 2000 Plus User s Guide Chapter 15 Firewall Screens 200 Figure 83 Creating Editing A Firewall Rule...

Page 202: ...Available Services box on the left then click to add it to the Selected Service s box on the right To remove a service highlight it in the Selected Service s box on the right then click Custom Servic...

Page 203: ...atched Packets Use the drop down list box to select whether to discard Block or allow the passage of Forward packets that match this rule Apply Click Apply to save your customized settings and exit th...

Page 204: ...Direction drop down list box Figure 85 Rule Summary 2 In the Rule Summary screen type the index number for where you want to put the rule assuming you have more than one rule For example if you type 6...

Page 205: ...onfigure it as follows and click Apply Figure 87 Edit Custom Service Example 7 In the Edit Rule screen use the arrows between Available Services and Selected Service s to configure it as follows Click...

Page 206: ...ZyAIR G 2000 Plus User s Guide 205 Chapter 15 Firewall Screens Figure 88 My Service Rule Configuration...

Page 207: ...rotocol type For example look at the default configuration labeled DNS UDP TCP 53 means UDP port 53 and TCP port 53 Custom services may also be configured using the Custom Services function discussed...

Page 208: ...rotocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that provides transparent file sharing for network environments NNTP TCP 119 Network News Trans...

Page 209: ...vices on your home network or upstream Internet gateways using UDP port 1900 SSH TCP UDP 22 Secure Shell Remote Login Program STRMWORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you...

Page 210: ...ZyAIR G 2000 Plus User s Guide 209 Chapter 15 Firewall Screens...

Page 211: ...in web features or specific URL keywords and should not be confused with packet filtering via SMT menu 21 1 To access these functions from the Main Menu click Content Filter to expand the Content Filt...

Page 212: ...pment environment for building downloadable Web components or Internet and intranet business applications of all kinds Cookies Used by Web servers to track usage and provide service based on ID Web Pr...

Page 213: ...utton to remove all of the listed keywords Day to Block Select check boxes for the days that you want the ZyAIR to perform content filtering Select the Everyday check box to have content filtering tur...

Page 214: ...ZyAIR G 2000 Plus User s Guide 213 Chapter 16 Content Filtering...

Page 215: ...kes the public key openly available 3 Tim uses his private key to encrypt the message and sends it to Jenny 4 Jenny receives the message and uses Tim s public key to decrypt it 5 Additionally Jenny us...

Page 216: ...e becomes more mature it may not be available in some areas You can have the ZyAIR act as a certification authority and sign its own certificates 17 3 Configuration Summary This section summarizes how...

Page 217: ...the bar is red you should consider deleting expired or unnecessary certificates before adding more certificates Replace This button displays when the ZyAIR has the factory default certificate The fact...

Page 218: ...f the certificate is about to expire or has already expired Details Click the details icon to open a screen with an in depth list of information about the certificate Click the delete icon to remove t...

Page 219: ...ly allows the importation of a PKS 7 file that contains a single certificate PEM Base 64 encoded PKCS 7 This Privacy Enhanced Mail PEM format uses 64 ASCII characters to convert a binary PKCS 7 certif...

Page 220: ...ZyAIR create a self signed certificate enroll a certificate with a certification authority or generate a certification request see the following figure Table 67 My Certificate Import LABEL DESCRIPTION...

Page 221: ...ZyAIR G 2000 Plus User s Guide Chapter 17 Certificates 220 Figure 93 My Certificate Create...

Page 222: ...ps trailing spaces Key Length Select a number from the drop down list box to determine how many bits the key should use 512 to 2048 The longer the key the more secure it is A longer key also uses more...

Page 223: ...Select the certification authority s enrollment protocol from the drop down list box Simple Certificate Enrollment Protocol SCEP is a TCP based enrollment protocol that was developed by VeriSign and...

Page 224: ...ZyAIR G 2000 Plus User s Guide 223 Chapter 17 Certificates Figure 94 My Certificate Details...

Page 225: ...ut the certificate Type This field displays general information about the certificate CA signed means that a Certification Authority signed the certificate Self signed means that the certificate s own...

Page 226: ...orithm SHA1 Fingerprint This is the certificate s message digest that the ZyAIR calculated using the SHA1 algorithm Certificate in PEM Base 64 Encoded Format This read only text box displays the certi...

Page 227: ...y such as a common name organizational unit or department organization or company and country With self signed certificates this is the same information as in the Subject field Valid From This field d...

Page 228: ...AIR Delete Click Delete to delete an existing certificate A window display asking you to confirm that you want to delete the certificate Note that subsequent certificates move up by one when you take...

Page 229: ...lick the details icon to open the Trusted CA Details screen Use this screen to view in depth information about the certification authority s certificate change the certificate s name and set whether o...

Page 230: ...ZyAIR G 2000 Plus User s Guide 229 Chapter 17 Certificates Figure 97 Trusted CA Details...

Page 231: ...tification path Certificate Information These read only fields display detailed information about the certificate Type This field displays general information about the certificate CA signed means tha...

Page 232: ...alculated using the MD5 algorithm You can use this value to verify with the certification authority over the phone for example that this is actually their certificate SHA1 Fingerprint This is the cert...

Page 233: ...about system maintenance system errors and access control You can view logs and alert messages in this page Once the log entries are all used the log will wrap around and the old logs will be deleted...

Page 234: ...ries such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts are displayed in red and logs are displayed in black Source This fiel...

Page 235: ...ZyAIR G 2000 Plus User s Guide Chapter 18 Log Screens 234 Figure 99 Log Settings...

Page 236: ...messages to different files in the syslog server Refer to the documentation of your syslog program for more details Send Log Log Schedule This drop down menu is used to configure the frequency of log...

Page 237: ...most used protocols or service ports The LAN IP addresses to and or from which the most traffic has been sent How much traffic has been sent to and from the LAN IP addresses to and or from which the...

Page 238: ...the ZyAIR record report data Click Stop Collection to halt the ZyAIR from recording more data Refresh Click Refresh to update the report display The report also refreshes automatically when you close...

Page 239: ...ZyAIR G 2000 Plus User s Guide Chapter 18 Log Screens 238 Note All of the recorded reports data is erased when you turn off the ZyAIR...

Page 240: ...ZyAIR G 2000 Plus User s Guide 239 Chapter 18 Log Screens...

Page 241: ...traffic statistics 19 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your ZyAIR 19 2 System Status Screen Clic...

Page 242: ...firmware for this exact model name This field is not available on all models ZyNOS Firmware Version This is the ZyNOS Firmware version and the date created ZyNOS is ZyXEL s proprietary Network Operat...

Page 243: ...r on your LAN or else the computer must be manually configured Table 77 System Status Show Statistics LABEL DESCRIPTION Port This is the WAN LAN or WLAN port Status This shows the port speed and duple...

Page 244: ...xt Table 78 Maintenance DHCP Table LABEL DESCRIPTION This is the index number of the host computer IP Address This field displays the IP address relative to the field listed above Host Name This field...

Page 245: ...cessful upload the system will reboot See the Firmware and Configuration File Maintenance chapter for upgrading firmware using FTP TFTP commands Click MAINTENANCE and then F W Upload Follow the instru...

Page 246: ...Table 80 Firmware Upload LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click Browse to find the bin file you want to...

Page 247: ...emporary network disconnect In some operating systems you may see the following icon on your desktop Figure 107 Network Temporarily Disconnecte After two minutes log in again and check your new firmwa...

Page 248: ...figuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP TFTP commands Click MAINTENANCE and then the Configuration tab Information...

Page 249: ...nfiguration file before making configuration changes The backup configuration file will be useful in case you need to return to your previous settings Click Backup to save the ZyAIR s current configur...

Page 250: ...tion file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyAIR IP address 192 168 1 1 See your Quick Installation Guide for details on how to se...

Page 251: ...screen The following warning screen will appear Figure 113 Reset Warning Message You can also press the RESET button on the side panel to reset the factory defaults of your ZyAIR Refer to the section...

Page 252: ...ZyAIR G 2000 Plus User s Guide 251 Chapter 19 Maintenance Figure 114 Restart Screen...

Page 253: ...ttom left corner Run and then type telnet 192 168 1 1 the default IP address and click OK 2 For your first login enter the default password 1234 As you type the password the screen displays an asteris...

Page 254: ...system password in the Old Password field and press ENTER Figure 117 Menu 23 1 System Security Change Password 4 Type your new system password in the New Password field up to 30 characters and press E...

Page 255: ...ou use to configure your ZyAIR Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below Table 82 Main Menu Commands OPERATION KE...

Page 256: ...of fields The first requires you to type in the appropriate information The second allows you to cycle through the available choices by pressing SPACE BAR Required fields or ChangeMe All fields with t...

Page 257: ...on your LAN 3 LAN Setup Use this menu to set up your LAN and WLAN connection 4 Internet Access Setup Configure your Internet Access setup Internet address gateway login etc with this menu 11 Remote No...

Page 258: ...in the Old Password field for example 1234 and press ENTER Figure 121 Menu 23 System Password 4 Type your new system password in the New Password field up to 30 characters and press ENTER 5 Re type y...

Page 259: ...yAIR System Name In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer nam...

Page 260: ...ystem is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a machine before you can acce...

Page 261: ...Address Update Policy DDNS Server Auto Detect IP Address No Use Specified IP Address No Use IP Address N A Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Table 85 Menu 1 1 Configur...

Page 262: ...k with a private IP address When both fields are set to No the ZyAIR must have a public WAN IP address in order for DDNS to work Use Server Detected IP Press SPACE BAR to select Yes and then press ENT...

Page 263: ...u 2 WAN Setup FIELD DESCRIPTION MAC Address Assigned By Press SPACE BAR and then ENTER to choose one of two methods to assign a MAC Address Choose Factory Default to select the factory assigned defaul...

Page 264: ...ZyAIR G 2000 Plus User s Guide 263 Chapter 22 Menu 2 WAN Setup...

Page 265: ...to apply to the Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 126 Menu...

Page 266: ...P Ethernet Setup DHCP Server TCP IP Setup Client IP Pool Starting Address 192 168 1 33 IP Address 192 168 1 1 Size of Client IP Pool 32 IP Subnet Mask 255 255 255 0 First DNS Server From ISP RIP Direc...

Page 267: ...Relay for a second or third DNS server that choice changes to None after you save your changes Select None if you do not want to configure DNS servers If you do not configure a DNS server you must kno...

Page 268: ...gical LAN interfaces via its single physical Ethernet interface with the ZyAIR itself as the gateway for each LAN network Figure 128 Physical Network Partitioned Logical Networks You must use menu 3 2...

Page 269: ...gle Table 89 Menu 3 2 1 IP Alias Setup FIELD DESCRIPTION IP Alias 1 2 Choose Yes to configure the LAN network for the ZyAIR IP Address Enter the IP address of your ZyAIR in dotted decimal notation IP...

Page 270: ...e the same ESSID Enter a descriptive name of up to 32 printable 7 bit ASCII characters Hide ESSID Press SPACE BAR and select Yes to hide the ESSID in the outgoing data frame so an intruder cannot obta...

Page 271: ...llowing section for details on this field ZyAIR Edit Roaming Configuration Press SPACE BAR to select Yes to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet Note All APs o...

Page 272: ...and press ENTER Menu 3 5 1 WLAN MAC Address Filter displays as shown next Menu 3 5 Wireless LAN Setup Enable Wireless LAN Yes ESSID Wireless Hide ESSID No Edit MAC Address Filter Yes Channel ID CH06 2...

Page 273: ...00 00 00 23 00 00 00 00 00 00 12 00 00 00 00 00 00 24 00 00 00 00 00 00 Enter here to CONFIRM or ESC to CANCEL Press Space Bar to Toggle Table 91 Menu 3 5 1 WLAN MAC Address Filter FIELD DESCRIPTION...

Page 274: ...ZyAIR G 2000 Plus User s Guide 273 Chapter 23 LAN Setup...

Page 275: ...ur ISP along with the instructions in this chapter to set up your ZyAIR to access the Internet There are three different menu 4 screens depending on whether you chose Ethernet PPTP or PPPoE Encapsulat...

Page 276: ...on method RR Telstra or Telia Login Choose a RoadRunner flavor if your ISP is Time Warner s RoadRunner otherwise choose Standard Note DSL users must choose the Standard option only The My Login My Pas...

Page 277: ...ate IP address used in a local network to a different IP address known within another network for example a public IP address used on the Internet Choose None to disable NAT Choose SUA Only if you hav...

Page 278: ...e Encapsulation PPTP Service Type N A My Login My Password Retype to Confirm Idle Timeout 100 IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Address N A Network Address Tra...

Page 279: ...ion in doing so See the chapters on firewall for more information on the firewall Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation PPPoE Service Type N A My Login My Password Retype to C...

Page 280: ...ZyAIR G 2000 Plus User s Guide 279 Chapter 24 Internet Access...

Page 281: ...mote node The following describes how to configure Menu 11 1 Remote Node Profile Menu 11 3 Remote Node Network Layer Options Menu 11 5 Remote Node Filter 25 2 Remote Node Profile Setup From the main m...

Page 282: ...t from Standard RR Toshiba RoadRunner Toshiba authentication method RR Manager RoadRunner Manager authentication method RR Telstra or Telia Login Choose one of the RoadRunner methods if your ISP is Ti...

Page 283: ...ts three logical LAN interfaces via its single physical Ethernet interface with the ZyAIR itself as the gateway for each LAN network Press SPACE BAR to select IP Alias 1or 2 and then press ENTER Edit...

Page 284: ...up connection is a dial up line where the connection is always up regardless of traffic demand The ZyAIR does two things when you specify a nailed up connection The first is that idle timeout is disa...

Page 285: ...ly Telco Option Allocated Budget The field sets a ceiling for outgoing call time for this remote node The default for this field is 0 meaning no budget control Period hr This field is the time period...

Page 286: ...nection No Retype to Confirm Authen CHAP PAP PPTP My IP Static Session Options My IP Addr Edit Filter Sets No My IP Mask Idle Timeout sec 100 Server IP Addr Connection ID Name Press ENTER to Confirm o...

Page 287: ...icable to PPPoE and PPTP encapsulations only Some implementations especially the UNIX derivatives require the WAN link to have a separate IP network number from the LAN and each end must have a unique...

Page 288: ...f set to Yes this route is kept private and not included in RIP broadcast If No the route to this remote node will be propagated to other hosts through RIP broadcasts RIP Direction Press SPACE BAR and...

Page 289: ...sulation Menu 11 5 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Enter here to CONFIRM or ESC to CANCEL Menu 11 5 Remote Node...

Page 290: ...ZyAIR G 2000 Plus User s Guide 289 Chapter 25 Remote Node Configuration...

Page 291: ...s 26 1 IP Static Route Setup To configure an IP static route use Menu 12 Static Routing Setup shown next Figure 142 Menu 12 IP Static Route Setup Now type the route number of a static route you want t...

Page 292: ...subnet mask for this destination Follow the discussion on IP Subnet Mask in this manual Gateway IP Address Type the IP address of the gateway The gateway is an immediate neighbor of your ZyAIR that wi...

Page 293: ...ain menu enter 14 to display Menu 14 Dial in User Setup Figure 144 Menu 14 Dial in User Setup Type a number and press ENTER to edit the user profile Menu 14 Dial in User Setup 1 aj tetryeg 9 ________...

Page 294: ...Edit Dial in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile This field is case sensitive Active Press SPACE BAR to select Yes and press E...

Page 295: ...also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types 28 2 Applying NAT You apply NAT via menus 4 or 11 3 a...

Page 296: ...that you want to configure 3 Move the cursor to the Edit IP field press SPACE BAR to select Yes and then press ENTER to bring up Menu 11 3 Remote Node Network Layer Options Menu 4 Internet Access Set...

Page 297: ...on NAT web configurator screens for further information on these menus To configure NAT enter 15 from the main menu to bring up the following screen Menu 11 3 Remote Node Network Layer Options IP Addr...

Page 298: ...g Sets Figure 149 Menu 15 1 Address Mapping Sets Enter 255 to display the next screen see the SUA Single User Account Versus NAT section The fields in this menu cannot be changed Menu 15 NAT Setup 1 A...

Page 299: ...ancel Table 102 SUA Address Mapping Rules FIELD DESCRIPTION Set Name This is the name of the set you selected in menu 15 1 or enter the name of a new set you want to create Idx This is the index or ru...

Page 300: ...cal Start IP Local End IP Global Start IP Global End IP Type 1 2 3 4 5 6 7 8 9 10 Action Edit Select Rule Press ENTER to Confirm or ESC to Cancel Note If the Set Name field is left blank the entire se...

Page 301: ...0 0 End N A Global IP Start 0 0 0 0 End N A Press ENTER to Confirm or ESC to Cancel Table 104 Menu 15 1 1 1 Editing Configuring an Individual Rule in a Set FIELD DESCRIPTION Type Press SPACE BAR and...

Page 302: ...ess ENTER to confirm prompt to save your configuration after you define all the servers or press ESC at any time to cancel You assign the private network IP addresses The NAT network appears as a sing...

Page 303: ...Example 28 5 General NAT Examples The following are some examples of NAT configuration 28 5 1 Example 1 Internet Access Only In the following Internet access example you only need one rule where the I...

Page 304: ...eld in menus 4 and 11 3 is specifically pre configured to handle this case 28 5 2 Example 2 Internet Access with an Inside Server The dynamic Inside Global Address is assigned by the ISP Menu 4 Intern...

Page 305: ...TP servers to the first two IGAs and the other LAN traffic to the remaining IGA Map the third IGA to an inside web server and mail server Four rules need to be configured two bi directional and two un...

Page 306: ...ion from the Network Address Translation field in menu 4 or menu 11 3 see Figure 139 2 Then enter 15 from the main menu 3 Enter 1 to configure the Address Mapping Sets 4 Enter 1 to begin configuring t...

Page 307: ...how how to configure the first rule Menu 11 3 Remote Node Network Layer Options IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Addr N A Network Address Translation Full Fea...

Page 308: ...wing menu Configure it as shown Menu 15 1 1 1 Address Mapping Rule Type One to One Local IP Start 192 168 1 10 End N A Global IP Start 10 132 50 1 End N A Press ENTER to Confirm or ESC to Cancel Press...

Page 309: ...rload mapping as port numbers do not change for Many to Many No Overload and One to One NAT mapping types The following figure illustrates this Menu 15 2 NAT Server Setup Rule Start Port No End Port N...

Page 310: ...able to check the settings in menu 15 1 1 as shown next Note Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream These appli...

Page 311: ...nu 15 to display Menu 15 3 Trigger Port Setup shown next Menu 15 1 1 Address Mapping Rules Set Name Example4 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 192 168 1...

Page 312: ...uding spaces Incoming Incoming is a port or a range of ports that a server on the WAN uses when it sends out a particular service The ZyAIR forwards the traffic with this port or range of ports to the...

Page 313: ...allowed to pass Data filters are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the LAN...

Page 314: ...ilter rules and protocol filter rules within the same set You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six rules you c...

Page 315: ...port to block multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port 29 2 Configuring a Filter Set The ZyAIR includes filter...

Page 316: ...e previous menus Menu 21 Filter and Firewall Setup 1 Filter Setup 2 Firewall Setup Enter Menu Selection Number Menu 21 1 Filter Set Configuration Filter Filter Set Comments Set Comments 1 ____________...

Page 317: ...nd will not allow you to save M More Y means there are more rules to check which form a rule chain with the present rule An action cannot be taken until the rule chain is complete N means there are no...

Page 318: ...Port Comp None TCP Estab N A More No Log None Action Matched Check Next Rule Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Table 108 TCP IP Filt...

Page 319: ...e match packets that want to establish a TCP connection SYN 1 and ACK 0 if No it is ignored Yes No More Press SPACE BAR and then ENTER to select Yes or No If Yes a matching packet is passed to the nex...

Page 320: ...s the logic flow of an IP filter Figure 173 Executing an IP Filter 29 2 3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule The purpose of generic rules i...

Page 321: ...e No Offset 0 Length 0 Mask N A Value N A More No Log None Action Matched Check Next Rule Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Table 109...

Page 322: ...on Matched and Action Not Matched will be No Yes No Log Select the logging option from the following None No packets will be logged Action Matched Only packets that match the rule parameters will be l...

Page 323: ...d so that the packet will be dropped if its destination is the telnet port Select Forward from the Action Not Matched field so that the packet will be forwarded if its destination is not the telnet po...

Page 324: ...lter rules Generic Filter Device rules and protocol filter TCP IP rules Generic filter rules act on the raw data from to LAN and WAN Protocol filter rules act on the IP packets Generic and TCP IP filt...

Page 325: ...g telnet FTP and HTTP connections 29 6 1 Applying LAN Filters LAN traffic filter sets may be useful to block certain packets reduce traffic and prevent security breaches Go to menu 3 1 shown next and...

Page 326: ...eir numbers separated by commas The ZyAIR already has filters to prevent NetBIOS traffic from triggering calls and block incoming telnet FTP and HTTP connections Figure 180 Filtering Remote Node Traff...

Page 327: ...is by far the most comprehensive firewall configuration tool your ZyAIR has to offer For this reason it is recommended that you configure your firewall using the web configurator see the following ch...

Page 328: ...s when the firewall is turned off Refer to the User s Guide for details about the firewall default policies You may define additional Policy rules or modify existing ones but please exercise extreme c...

Page 329: ...rk The ZyAIR supports SNMP version one SNMPv1 and version two c SNMPv2c The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured Figure 182 SNMP Manageme...

Page 330: ...he manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve...

Page 331: ...ssword for incoming Set requests from the management station Trusted Host If you enter a trusted host your ZyAIR will only respond to SNMP messages from this address A blank default field means your Z...

Page 332: ...Failure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community password 6 linkDown defined in RFC 1215 A trap is sent when the port is d...

Page 333: ...System Security You should change the default password If you forget your password you have to restore the default configuration file Refer to the section on changing the system password in the Intro...

Page 334: ...Confirm or ESC to Cancel Table 113 Menu 23 2 System Security RADIUS Server FIELD DESCRIPTION Authentication Server Active Press SPACE BAR to select Yes and press ENTER to enable user authentication t...

Page 335: ...rver in dotted decimal notation Port The default port of the RADIUS server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so with additiona...

Page 336: ...stations have to enter usernames and passwords before access to the wired network is allowed Select No Access Allowed to block all wireless stations access to the wired network The following fields a...

Page 337: ...acy for Broadcast Multicast packets field WPA Group Key Update Timer The WPA Broadcast Multicast Key Update Timer is the rate at which the AP if using WPA PSK key management or RADIUS server if using...

Page 338: ...ZyAIR G 2000 Plus User s Guide 337 Chapter 32 System Security...

Page 339: ...m Status is a tool that can be used to monitor your ZyAIR Specifically it gives you information on your Ethernet and Wireless LAN status number of packets sent and received To get to System Status typ...

Page 340: ...Status This shows the status of the remote node TxPkts This is the number of transmitted packets to this remote node RxPkts This is the number of received packets from this remote node Cols This is t...

Page 341: ...g table describes the fields in this menu Menu 24 2 System Information and Console Port Speed 1 System Information 2 Console Port Speed Note The ZyAIR also has an internal console port for support per...

Page 342: ...ollow the procedures to view the local error trace log 1 Type 24 in the main menu to display Menu 24 System Maintenance 2 From menu 24 type 3 to display Menu 24 3 System Maintenance Log and Trace ZyNO...

Page 343: ...xt Menu 24 3 System Maintenance Log and Trace 2 Syslog Logging 4 Call Triggering Packet Menu 24 3 2 System Maintenance Syslog Logging Syslog Active No Syslog Server IP Address 0 0 0 0 Log Facility Loc...

Page 344: ...0 line 0 channel 0 call 1 C01 Outgoing Call dev 2 ch 0 40002 Jul 19 11 19 32 192 168 102 2 ZYXEL board 0 line 0 channel 0 call 1 C02 OutCall Connected 64000 40002 Jul 19 11 20 06 192 168 102 2 ZYXEL b...

Page 345: ...010080 S05 R01mF Mar 03 10 41 34 202 132 155 97 ZyXEL IP Src 192 168 2 33 Dst 202 132 155 93 ICMP S04 R01mF Mar 03 11 59 20 202 132 155 97 ZyXEL GEN 00a0c5f502fnord010080 S05 R01mF Mar 03 12 00 52 202...

Page 346: ...Source port empty means no source port information Dst Destination Address dpo Destination port empty means no destination port information prot Protocol TCP UDP ICMP IGMP GRE ESP rule a b where a me...

Page 347: ...ime 17 02 44 262 Frame Type IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x002C 44 Identification 0x0002 2 Flags 0x00 Fragment Offset 0x00 Time to Live 0xFE 254 Protocol...

Page 348: ...elease and Renewal fields in menu 24 4 conveniently allow you to release and or renew the assigned WAN IP address subnet mask and default gateway in a fashion similar to winipcfg Figure 197 LAN WAN DH...

Page 349: ...osis 348 WAN DHCP Renewal Get a new IP address from the DHCP server Reboot System Reboot the ZyAIR Host IP Address If you typed 1 to Ping Host now type the address of the computer you want to ping Tab...

Page 350: ...ZyAIR G 2000 Plus User s Guide 349 Chapter 33 System Information and Diagnosis...

Page 351: ...tings they can be saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename...

Page 352: ...n to your computer Backup is highly recommended once your ZyAIR is functioning properly FTP is the preferred method although TFTP can also be used Please note that the terms download and upload are re...

Page 353: ...n the ZyAIR to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the FTP prompt Menu 24 5 Backup Configuration To tr...

Page 354: ...ole session running 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp...

Page 355: ...io 5 to restore the five minute SMT timeout default when the file transfer is complete 4 Launch the TFTP client on your computer and connect to the ZyAIR Set the transfer mode to binary before startin...

Page 356: ...se refer to the following sections on FTP and TFTP file transfer for more details The ZyAIR restarts automatically after the file transfer is complete 34 3 1 Restore Using FTP For details about backup...

Page 357: ...Session Examplei Refer to section 34 2 4 to read about configurations that disallow TFTP and FTP over WAN Menu 24 6 Restore Configuration To transfer the firmware and the configuration file follow th...

Page 358: ...the configuration file replaces everything contained within 34 4 1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration To use this feature your computer must have...

Page 359: ...e file name on the system 4 The system reboots automatically after a successful firmware upload For details on FTP commands please consult the documentation of your FTP client program For details on u...

Page 360: ...ile using TFTP Trivial File Transfer Protocol over LAN Although TFTP should work over WAN as well it is not recommended To use TFTP your computer must have both telnet and TFTP clients To transfer the...

Page 361: ...he documentation of your TFTP client program For UNIX use get to transfer from the ZyAIR to the computer put the other way around and binary to set binary transfer mode 34 4 5 Example TFTP Command The...

Page 362: ...ZyAIR G 2000 Plus User s Guide 361 Chapter 34 Firmware and Configuration File Maintenance...

Page 363: ...e main system firmware The CI provides much of the same functionality as the SMT while adding some low level setup and diagnostic functions Enter the CI from the SMT by selecting menu 24 8 See the inc...

Page 364: ...exceeds the limit the current call will be dropped and any future outgoing calls will be blocked To access the call control menu select option 9 in menu 24 to go to Menu 24 9 System Maintenance Call...

Page 365: ...ed in menu 11 1 for the remote node 35 2 2 Call History This is the second option in Menu 24 9 System Maintenance Call Control It displays information about past incoming and outgoing calls Enter 2 fr...

Page 366: ...Menu 24 10 System Maintenance Time and Date Setting to update the time and date settings of your ZyAIR as shown in the following screen Menu 24 9 4 Call History Phone Number Dir Rate call Max Min Tota...

Page 367: ...h year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 None The default enter t...

Page 368: ...aintenance and Information 35 3 1 Resetting the Time The ZyAIR resets the time in three instances 1 On leaving menu 24 10 after making changes 2 When the ZyAIR starts up if there is a timeserver confi...

Page 369: ...ccess which ZyAIR interface if any from which computers You may manage your ZyAIR from a remote location via To disable remote management of a service select Disable in the corresponding Server Access...

Page 370: ...C to Cancel Table 125 Menu 24 11 Remote Management Control FIELD DESCRIPTION Telnet Server FTP Server Web Server SNMP Service DNS Service Each of these read only labels denotes a service or protocol P...

Page 371: ...AN or in menu 11 5 WAN is applied to block a Telnet FTP or Web service 2 You have disabled that service in menu 24 11 3 The IP address in the Secured Client IP field menu 24 11 does not match the clie...

Page 372: ...P address when configuring from the LAN 36 3 System Timeout There is a system timeout of five minutes 300 seconds for Telnet web FTP connections Your ZyAIR will automatically log you out if you do not...

Page 373: ...sets take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2 3 and...

Page 374: ...to select Yes or No Choose Yes and press ENTER to activate the schedule set Start Date Enter the start date when you wish the set to take effect in year month date format Valid dates are from the pres...

Page 375: ...on field Forced Down means that the connection is blocked whether or not there is a demand call on the line Enable Dial On Demand means that this schedule permits a demand call on the line Disable Dia...

Page 376: ...ZyAIR G 2000 Plus User s Guide 375 Chapter 37 Call Scheduling...

Page 377: ...wer source is working properly Table 128 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyAIR from the LAN If the ETHN LED on the front panel is off check the Ether...

Page 378: ...cess the ZyAIR through Telnet Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet connection Table 131 Troubleshooting the WLAN Interface PROBLEM CORRE...

Page 379: ...attempts for five minutes after the third time an incorrect password is entered Table 132 Brute Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the...

Page 380: ...ZyAIR G 2000 Plus User s Guide 379 Appendix B...

Page 381: ...urchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP com...

Page 382: ...ks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In t...

Page 383: ...ntry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your...

Page 384: ...ose the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyAIR and restart your computer when prompted Verifying Settings 1 Click Start...

Page 385: ...C 384 Figure 220 Windows XP Start Menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 221 Windows XP Control Panel 3 Right click Local Are...

Page 386: ...rties 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties Figure 223 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window ope...

Page 387: ...ses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional...

Page 388: ...indows XP Internet Protocol TCP IP Properties 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connection Properties window 10Turn on your ZyAIR an...

Page 389: ...e Appendix C 388 Figure 226 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 227 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Se...

Page 390: ...ed to save changes to your configuration 7 Turn on your ZyAIR and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1...

Page 391: ...nfigure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyAIR in the Router address box 5 Click Apply Now and cl...

Page 392: ...ZyAIR G 2000 Plus User s Guide 391 Appendix C...

Page 393: ...IP address of a computer on the LAN Figure 230 IP Address Conflicts CaseA You must set the ZyAIR to use different LAN and WAN IP addresses on different subnets if you enable DHCP server on the ZyAIR...

Page 394: ...n different subnets if you enable DHCP server on the ZyAIR For example you set the WAN IP address to 192 59 1 1 and the LAN IP address to 10 59 1 1 Otherwise It is recommended the ZyAIR use a public W...

Page 395: ...ppendix D 394 In this case the subscribers are not able to access the Internet Figure 233 IP Address Conflicts Case D This problem can be solved by adding a VLAN enabled switch or set the computers to...

Page 396: ...ZyAIR G 2000 Plus User s Guide 395 Appendix D...

Page 397: ...he first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octets ma...

Page 398: ...ID Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Subnetting With subnetting the class arrangement of...

Page 399: ...ally if no mask is specified it is understood that the natural mask is being used Example Two Subnets As an example you have a class C address 192 168 1 0 with subnet mask of 255 255 255 0 The first t...

Page 400: ...1 and the highest is 192 168 1 126 Similarly the host ID range for the second subnet is 192 168 1 129 to 192 168 1 254 Note In the following charts shaded bolded last octet bit values indicate host ID...

Page 401: ...Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highest...

Page 402: ...1111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 144 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRE...

Page 403: ...The following table is a summary for class B subnet planning Table 146 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 19...

Page 404: ...ZyAIR G 2000 Plus User s Guide 403 Appendix E...

Page 405: ...keywords exactly as shown do not abbreviate The required fields in a command are enclosed in angle brackets The optional fields in a command are enclosed in square brackets The symbol means or For ex...

Page 406: ...ZyAIR G 2000 Plus User s Guide 405 Appendix F...

Page 407: ...d A DHCP client s IP address has expired DHCP server assigns s The DHCP server assigned an IP address to a client SMT Login Successfully Someone has logged on to the router s SMT interface SMT Login F...

Page 408: ...t 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment re...

Page 409: ...Use the sys logs category display command to show the log settings for all of the log categories Use the sys logs display log category command to show the logs in an individual ZyAIR log category Use...

Page 410: ...72 22 255 255 137 ACCESS BLOCK Firewall default policy UDP set 8 1 11 11 2002 15 10 12 172 21 4 17 138 172 21 255 255 138 ACCESS BLOCK Firewall default policy UDP set 8 2 11 11 2002 15 10 11 172 17 2...

Page 411: ...rs access to the network as they move from meeting to meeting getting up to date access to information and the ability to communicate decisions while on the go It provides campus wide networking mobil...

Page 412: ...Ad hoc Network Infrastructure Wireless LAN Configuration For Infrastructure WLANs multiple Access Points APs link the WLAN to the wired network and allow users to efficiently share network resources T...

Page 413: ...ZyAIR G 2000 Plus User s Guide Appendix H 412 Figure 235 ESS Provides Campus Wide Coverage...

Page 414: ...ZyAIR G 2000 Plus User s Guide 413 Appendix H...

Page 415: ...does not provide any central user account management User access control is done through manual modification of the MAC address table on the access point Although WEP data encryption offers a form of...

Page 416: ...e Authentication Mutual Authentication with Internal RADIUS server Microsofts Challenge Handshake Authentication Protocol MS CHAP V2 is used to periodically verify the identity of the peer station or...

Page 417: ...ZyAIR G 2000 Plus User s Guide Appendix I 416 Figure 237 Sequences for PEAP MS CHAP V2 Authentication...

Page 418: ...ZyAIR G 2000 Plus User s Guide 417 Appendix I...

Page 419: ...pport data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certifications are needed by both the se...

Page 420: ...EEE802 1x For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deploymen...

Page 421: ...he shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for b...

Page 422: ...r point to point applications Positioning Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to point application position both transmitti...

Page 423: ...Consumption 10 W Safety Standards UL CUL UL 1310 CSA C22 2 No 223 M91 Table 155 EUROPEAN PLUG STANDARDS AC Power Adaptor Model AD 1201200DV Input Power AC230Volts 50Hz 0 2A Output Power DC12Volts 1 2A...

Page 424: ...423 Appendix L Table 158 Australia and New Zealand plug standards AC Power Adaptor Model AD 1201200DS or AD 121200DS Input Power AC240Volts 50Hz 0 2A Output Power DC12Volts 1 2A Power Consumption 10 W...

Page 425: ...Force Password Guessing Protection 39 BSS 78 411 Budget Management 364 C CA 418 Cable Modem 179 Call Control 363 Call History 364 Call Scheduling 372 Maximum Number of Schedule Sets 372 PPPoE 374 Pre...

Page 426: ...ucture 313 Finger 142 Firewall Access Methods 192 326 Address Type 201 Alerts 196 Connection Direction 195 Creating Editing Rules 199 Custom PortsSee Custom Ports 202 Firewall Vs Filters 188 Guideline...

Page 427: ...39 Local 136 Local User Database 120 Log Descriptions 406 Login Name 275 Logs 124 232 M MAC Address 262 MAC Address Filter Action 113 MAC Address Filtering 112 270 MAC Filter 112 MAC Filtering 39 Main...

Page 428: ...5 Restrict Web Features 211 RF signals 410 RIP 71 287 Version 287 Roaming 84 Example 84 Requirements 85 Route 282 RTS Threshold 80 Rules 192 195 Checklist 193 Creating Custom 192 Key Fields 194 LAN to...

Page 429: ...e Setting 68 Time Zone 366 Timeout 277 278 284 Trace Records 341 Traceroute 184 Traffic Redirect 40 Trigger Port Forwarding 310 Process 148 Troubleshooting Accessing ZyAIR 377 Ethernet Port 376 Start...

Page 430: ...ZyAIR G 3000 User s Guide 429 Index ZyNOS F W Version 351 ZyXEL s Firewall Introduction 179...

Reviews:

No comments

Related manuals for ZyAIR G-2000 Plus

IgniteNet AC866 Quick Start Manual preview
AC866
Brand: IgniteNet Pages: 63
NC-link NC-AP212 User Manual preview
NC-AP212
Brand: NC-link Pages: 13
Beats Electronics Studio3 Setup And Use preview
Studio3
Brand: Beats Electronics Pages: 8
Airlink101 AP671W User Manual preview
AP671W
Brand: Airlink101 Pages: 56
Linksys WAP300N Manual preview
WAP300N
Brand: Linksys Pages: 44
D-Link DSL-2740U/NRU Quick Installation Manual preview
DSL-2740U/NRU
Brand: D-Link Pages: 16
Siemens RUGGEDCOM WIN5137 Installation Manual preview
RUGGEDCOM WIN5137
Brand: Siemens Pages: 38
Siemens RUGGEDCOM WIN5214 Installation Manual preview
RUGGEDCOM WIN5214
Brand: Siemens Pages: 42
Siemens HiPath V6R1 Installation Manual preview
HiPath V6R1
Brand: Siemens Pages: 54
Siemens SCALANCE W700 Reference Manual preview
SCALANCE W700
Brand: Siemens Pages: 92
Siemens 6GK5748-1GY01-0AA0 Operating Instructions Manual preview
6GK5748-1GY01-0AA0
Brand: Siemens Pages: 91
Siemens SCALANCE W744-1 Compact Operating Instructions preview
SCALANCE W744-1
Brand: Siemens Pages: 99
Siemens SCALANCE W1750D UI Configuration Manual preview
SCALANCE W1750D UI
Brand: Siemens Pages: 570
PHICOMM M1 User Manual preview
M1
Brand: PHICOMM Pages: 58
Constructor 5411074162344 Original Instructions Manual preview
5411074162344
Brand: Constructor Pages: 34
Amer WAP123N User Manual preview
WAP123N
Brand: Amer Pages: 59
USR IOT USR-G808 User Manual preview
USR-G808
Brand: USR IOT Pages: 66
u-blox EVK-R4 Series User Manual preview
EVK-R4 Series
Brand: u-blox Pages: 31

Brands by name

Popular brands

Load more brands