ZyXEL Communications G-2000 Plus V2 Скачать руководство пользователя страница 144 | Manualshive

Страница: 144 / 440

ZyXEL Communications G-2000 Plus V2 Скачать руководство пользователя страница 144

ZyXEL G-2000 Plus v2 User’s Guide

144

Chapter 10 Firewalls

10.7.1.1 When To Use Filtering

1

To block/allow LAN packets by their MAC addresses.

2

To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets.

3

To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic
between the specific inside host/network "A" and outside host/network "B". If the filter
blocks the traffic from A to B, it also blocks the traffic from B to A. Filters cannot
distinguish traffic originating from an inside host or an outside host by IP address.

4

To block/allow IP trace route.

10.7.2 Firewall

• The firewall inspects packet contents as well as their source and destination addresses.

Firewalls of this type employ an inspection module, applicable to all protocols, that
understands data in the packet is intended for other layers, from the network layer (IP
headers) up to the application layer.

• The firewall performs stateful inspection. It takes into account the state of connections it

handles so that, for example, a legitimate incoming packet can be matched with the
outbound request for that packet and allowed in. Conversely, an incoming packet
masquerading as a response to a nonexistent outbound request can be blocked.

• The firewall uses session filtering, i.e., smart rules, that enhance the filtering process and

control the network session rather than control individual packets in a session.

• The firewall provides e-mail service to notify you of routine reports and when alerts

occur.

10.7.2.1 When To Use The Firewall

1

To prevent DoS attacks and prevent hackers cracking your network.

2

A range of source and destination IP addresses as well as port numbers can be specified
within one firewall rule making the firewall a better choice when complex rules are
required.

3

To selectively block/allow inbound or outbound traffic between inside host/networks and
outside host/networks. Remember that filters cannot distinguish traffic originating from
an inside host or an outside host by IP address.

4

The firewall performs better than filtering if you need to check many rules.

5

Use the firewall if you need routine e-mail reports about your system or need to be alerted
when attacks occur.

6

The firewall can block specific URL traffic that might occur in the future. The URL can
be saved in an Access Control List (ACL) database.

«
...
142
143
144
145
146
...
»

Содержание G-2000 Plus V2

Страница 1: ...ZyXEL G 2000 Plus v2 4 port Wireless Router User s Guide Version 3 60 Edition 1 2 2006...

Страница 2: ......

Страница 3: ...y ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it...

Страница 4: ...mful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following me...

Страница 5: ...P 662H HW Dx is limited in CH1 11 from 2400 to 2483 5 MHz by specified firmware controlled in USA Certifications 1 Go to www zyxel com 2 Select your product from the drop down list box on the ZyXEL h...

Страница 6: ...r supply is damaged remove it from the power outlet Do NOT attempt to repair the power supply Contact your local vendor to order a new power supply Place connecting cables carefully so that no one wil...

Страница 7: ...ered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in l...

Страница 8: ...enmark sales zyxel dk 45 39 55 07 07 FINLAND support zyxel fi 358 9 4780 8411 www zyxel fi ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland sales zyxel fi 358 9 4780 8448 FRANCE info zyxe...

Страница 9: ...ort zyxel se 46 31 744 7700 www zyxel se ZyXEL Communications A S Sj porten 4 41764 G teborg Sweden sales zyxel se 46 31 744 7701 UKRAINE support ua zyxel com 380 44 247 69 78 www ua zyxel com ZyXEL U...

Страница 10: ...ZyXEL G 2000 Plus v2 User s Guide 10 Customer Support...

Страница 11: ...Firmware Features 38 1 3 Applications for the ZyXEL device 43 1 3 1 Internet Access and Wireless Network 43 1 3 2 Firewall for Secure Broadband Internet Access 44 Chapter 2 Introducing the Web Config...

Страница 12: ...3 5 4 WAN MAC Address 62 3 6 Basic Setup Complete 64 Chapter 4 System Screens 67 4 1 System Overview 67 4 2 Configuring General Setup 67 4 3 Dynamic DNS 68 4 3 1 DynDNS Wildcard 68 4 4 Configuring Dy...

Страница 13: ...N Overview 101 7 2 Configuring WAN ISP 101 7 2 1 Ethernet Encapsulation 101 7 2 1 1 Service Type 102 7 2 2 PPPoE Encapsulation 103 7 2 3 PPTP Encapsulation 105 7 3 Configuring WAN IP 107 7 4 Configuri...

Страница 14: ...3 Stateful Inspection Firewalls 134 10 3 Introduction to ZyXEL s Firewall 134 10 4 Denial of Service 135 10 4 1 Basics 135 10 4 2 Types of DoS Attacks 136 10 4 2 1 ICMP Vulnerability 139 10 4 2 2 Tra...

Страница 15: ...6 3 Configuring Custom Services 155 11 7 Example Firewall Rule 156 11 8 Predefined Services 159 Chapter 12 Content Filtering 163 12 1 Introduction to Content Filtering 163 12 2 Restrict Web Features 1...

Страница 16: ...gurator Easy Access 186 Chapter 15 Internal RADIUS Server 189 15 1 Internal RADIUS Overview 189 15 2 Internal RADIUS Server Setting 191 15 3 Trusted AP Overview 193 15 4 Configuring Trusted AP 194 15...

Страница 17: ...en 233 Chapter 19 Introducing the SMT 235 19 1 SMT Introduction 235 19 2 Connect to your ZyXEL device Using Telnet 235 19 2 1 Entering Password 235 19 3 Changing the System Password 236 19 4 ZyXEL dev...

Страница 18: ...24 1 Introduction to Remote Node Setup 263 24 2 Remote Node Profile Setup 263 24 2 1 Ethernet Encapsulation 263 24 2 2 PPPoE Encapsulation 266 24 2 2 1 Outgoing Authentication Protocol 266 24 2 2 2 Na...

Страница 19: ...a Filter Set 297 28 2 1 Configuring a Filter Rule 300 28 2 2 Configuring a TCP IP Filter Rule 300 28 2 3 Configuring a Generic Filter Rule 304 28 3 Example Filter 306 28 4 Filter Types and NAT 309 28...

Страница 20: ...Backup Configuration 336 33 2 1 Backup Configuration Using FTP 336 33 2 2 Using the FTP command from the DOS Prompt 337 33 2 3 GUI based FTP Clients 338 33 2 4 TFTP and FTP over WAN Management Limita...

Страница 21: ...358 Chapter 36 Call Scheduling 359 36 1 Introduction to Call Scheduling 359 Chapter 37 Troubleshooting 363 Problems Starting Up the ZyXEL device 363 Problems with the Ethernet Interface 363 Problems w...

Страница 22: ...IP Classes 385 Subnet Masks 386 Subnetting 386 Example Two Subnets 387 Example Four Subnets 389 Example Eight Subnets 390 Subnetting With Class A and Class B Networks 391 Appendix F Command Interpret...

Страница 23: ...TTLS Tunneled Transport Layer Service 417 PEAP Protected EAP 418 LEAP 418 Appendix K Roaming 419 Roaming Overview 419 Appendix L Antenna Selection and Positioning Recommendation 421 Antenna Character...

Страница 24: ...ZyXEL G 2000 Plus v2 User s Guide 24 Table of Contents...

Страница 25: ...gure 13 PPTP Encapsulation 60 Figure 14 WAN Setup 63 Figure 15 Wizard Finish 65 Figure 16 System General Setup 67 Figure 17 DDNS 69 Figure 18 Password 70 Figure 19 Time Setting 71 Figure 20 LAN IP 76...

Страница 26: ...Rule Summary 151 Figure 59 Creating Editing A Firewall Rule 153 Figure 60 Creating Editing A Custom Service 155 Figure 61 Rule Summary 156 Figure 62 Rule Edit Example 157 Figure 63 Edit Custom Servic...

Страница 27: ...rk Temporarily Disconnected 232 Figure 103 Configuration Upload Error 233 Figure 104 Reset Warning Message 233 Figure 105 Restart Screen 234 Figure 106 Login Screen 235 Figure 107 Login Screen 236 Fig...

Страница 28: ...Menu 15 1 255 SUA Address Mapping Rules 280 Figure 142 Menu 15 1 1 First Set 281 Figure 143 Menu 15 1 1 1 Editing Configuring an Individual Rule in a Set 283 Figure 144 Menu 15 2 1 NAT Server Setup 2...

Страница 29: ...6 Menu 24 3 2 System Maintenance UNIX Syslog 327 Figure 187 Call Triggering Packet Example 331 Figure 188 LAN WAN DHCP 333 Figure 189 Menu 24 5 Backup Configuration 337 Figure 190 FTP Session Example...

Страница 30: ...tosh OS X Apple Menu 378 Figure 220 Macintosh OS X Network 379 Figure 221 IP Address Conflicts CaseA 381 Figure 222 IP Address Conflicts Case B 382 Figure 223 IP Address Conflicts Case C 382 Figure 22...

Страница 31: ...rs with Fixed IP Addresses 63 Table 14 WAN Setup 63 Table 15 System General Setup 67 Table 16 DDNS 69 Table 17 Password 70 Table 18 Time Setting 71 Table 19 LAN IP 76 Table 20 Static DHCP 79 Table 21...

Страница 32: ...164 Table 55 Remote Management WWW 169 Table 56 Remote Management Telnet 170 Table 57 Remote Management FTP 171 Table 58 SNMP Traps 173 Table 59 Remote Management SNMP 174 Table 60 Remote Management D...

Страница 33: ...tatic Route 274 Table 101 Menu 14 1 Edit Dial in User 276 Table 102 Applying NAT in Menus 4 11 3 279 Table 103 SUA Address Mapping Rules 281 Table 104 Menu 15 1 1 First Set 283 Table 105 Menu 15 1 1 1...

Страница 34: ...of IP Addresses 385 Table 137 Allowed IP Address Range By Class 386 Table 138 Natural Masks 386 Table 139 Alternative Subnet Mask Notation 387 Table 140 Two Subnets Example 387 Table 141 Subnet 1 388...

Страница 35: ...the web configurator System Management Terminal SMT or command interpreter interface to configure your ZyXEL device Not all features can be configured through all interfaces Related Documentation Supp...

Страница 36: ...or example In Windows click Start Settings Control Panel means first click the Start button then point your mouse pointer to Settings and then click Control Panel e g is a shorthand for for instance a...

Страница 37: ...igure The embedded web based configurator and SNMP network management enables remote configuration and management of your ZyXEL device 1 2 Features The following sections describe the features of the...

Страница 38: ...he ZyXEL device is on and blinks or breaths when data is being transmitted to from its wireless stations You may use the web configurator to turn this LED off even when the ZyXEL device is on and data...

Страница 39: ...anning Tree Protocol RSTP Rapid STP R STP detects and breaks network loops and provides backup links between switches bridges or routers It allows a bridge to interact with other R STP compliant bridg...

Страница 40: ...le when the ZyXEL device should perform the filtering Brute Force Password Guessing Protection The ZyXEL device has a special protection mechanism to discourage brute force password guessing attacks o...

Страница 41: ...e PPPoE clients on individual computers PPTP Encapsulation Point to Point Tunneling Protocol PPTP is a network protocol that enables secure transfer of data from a remote client to a private server cr...

Страница 42: ...ce The ZyXEL device supports three logical LAN interfaces via its single physical Ethernet LAN interface with the ZyXEL device itself as the gateway for each LAN network IP Policy Routing IP Policy Ro...

Страница 43: ...f the wireless stations that are currently using the ZyXEL device to access your wired network Wireless LAN Channel Usage The Wireless Channel Usage screen displays whether the radio channels are used...

Страница 44: ...cure Broadband Internet Access The ZyXEL device provides protection from attacks by Internet hackers By default the firewall blocks all incoming traffic from the WAN The firewall supports TCP UDP insp...

Страница 45: ...tscape Navigator 7 0 and later versions with JavaScript enabled It is recommended that you set your screen resolution to 1024 by 768 pixels 2 2 Accessing the ZyXEL device Web Configurator 1 Make sure...

Страница 46: ...ertificate using your ZyXEL device s MAC address that will be specific to this device Figure 4 Replace Certificate Screen You should now see the MAIN MENU screen Note The management session automatica...

Страница 47: ...ntil the SYS LED LINK LED or BRI RPT LED turns red and then release it If the SYS LED begins to blink the defaults have been restored and the ZyXEL device restarts Otherwise go to step 2 2 Turn the Zy...

Страница 48: ...ator The following summarizes how to navigate the web configurator from the MAIN MENU screen Table 3 Web Configurator Screens Summary LINK SUB LINK FUNCTION WIZARD SETUP Use these screens for initial...

Страница 49: ...to configure content filtering settings on the ZyXEL device REMOTE MGNT Use this screen to configure port addresses and security settings for Telnet FTP WWW SNMP and DNS protocols on the ZyXEL device...

Страница 50: ...ZyXEL G 2000 Plus v2 User s Guide 50 Chapter 2 Introducing the Web Configurator...

Страница 51: ...ntification purposes you will then setup your wireless LAN and security The wizard will then guide you through configuring your Internet settings 3 2 General Setup General Setup contains administrativ...

Страница 52: ...d and enter it as the System Name In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for...

Страница 53: ...e 7 bit ASCII characters for the wireless LAN If you change this field on the ZyXEL device make sure all wireless stations use the same SSID in order to access the network Choose Channel ID To manuall...

Страница 54: ...cryption Select 64 bit WEP or 128 bit WEP to allow data encryption ASCII Select this option in order to enter ASCII characters as the WEP keys HEX Select this option to enter hexadecimal characters as...

Страница 55: ...Settings This screen lets you confirm your current configuration and move on to the next part of the wizard You can also click Finish if you want to stop the wizard without configuring your Internet...

Страница 56: ...leave the fields set to the default 3 4 1 Ethernet Choose Ethernet when the WAN port is used as a regular Ethernet There are several service type choices to select from This screen will change dependi...

Страница 57: ...ollowing fields are not applicable N A for the Standard service type User Name Type the user name given to you by your ISP Password Type the password associated with the user name above Login Server I...

Страница 58: ...oftware can activate and therefore requires no new learning or procedures for Windows users One of the benefits of PPPoE is the ability to let end users access one of multiple network services a funct...

Страница 59: ...Parameter for Internet Access Encapsulation Choose PPP over Ethernet from the pull down list box PPPoE forms a dial up connection Service Name Type the name of your service provider User Name Type th...

Страница 60: ...ESCRIPTION ISP Parameters for Internet Access Encapsulation Select PPTP from the drop down list box User Name Type the user name given to you by your ISP Password Type the password associated with the...

Страница 61: ...d if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Note Regardless of your particular situation do not create an arbitrary I...

Страница 62: ...bnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the ZyXEL device unless you are instructed to do otherwise 3 5 3 DNS Server Addres...

Страница 63: ...ervers with Fixed IP Addresses Choose an IP address 192 168 1 2 192 168 1 32 192 168 1 65 192 168 1 254 Subnet mask 255 255 255 0 Gateway or default route 192 168 1 1 ZyXEL device LAN IP Table 14 WAN...

Страница 64: ...ays the read only DNS server IP address that the ISP assigns Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the field to the right Select None if y...

Страница 65: ...ZyXEL G 2000 Plus v2 User s Guide Chapter 3 Wizard Setup 65 Figure 15 Wizard Finish Well done You have successfully set up the ZyXEL device A congratulations screen displays some information...

Страница 66: ...ZyXEL G 2000 Plus v2 User s Guide 66 Chapter 3 Wizard Setup...

Страница 67: ...re 16 System General Setup The following table describes the labels in this screen Table 15 System General Setup LABEL DESCRIPTION General Setup System Name Type a descriptive name to identify the ZyX...

Страница 68: ...hentication Administrator Inactivity Timer Type how many minutes a management session either via the web configurator or SMT can be left idle before the session times out The default is 5 minutes Afte...

Страница 69: ...lect the type of service that you are registered for from your Dynamic DNS service provider Host Names 1 3 Enter the host names in the three fields provided You can specify up to two host names in eac...

Страница 70: ...automatically by the DDNS server It is recommended that you select this option Use specified IP Address Select this option to update the IP address of the host name s to the IP address specified below...

Страница 71: ...me This field displays the time on your ZyXEL device Each time you reload this page If configured to use a time server the ZyXEL device synchronizes the time with the time server Current Date This fie...

Страница 72: ...ly Time Server Address Enter the IP address or the URL of your time server Check with your ISP network administrator if you are unsure of this information Time Zone Setup Time Zone Choose the time zon...

Страница 73: ...s the TCP IP configuration for the clients If DHCP service is disabled you must have another DHCP server on your LAN or else the computer must be manually configured 5 2 1 IP Pool Setup The ZyXEL devi...

Страница 74: ...ed but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M send routing data in RIP 2 format the difference b...

Страница 75: ...e address 224 0 0 2 is assigned to the multicast routers group The ZyXEL device supports both IGMP version 1 IGMP v1 and IGMP version 2 IGMP v2 At start up the ZyXEL device queries all directly connec...

Страница 76: ...abled and you must have another DHCP server on your LAN or else the computers must be manually configured When set as a server fill in the following four fields IP Pool Starting Address This field spe...

Страница 77: ...ter to exchange routing information with other routers The RIP Direction field controls the sending and receiving of RIP packets Select the RIP direction from Both In Only Out Only None When set to Bo...

Страница 78: ...settings click LAN then the Static DHCP tab The screen appears as shown Allow between LAN and WAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN...

Страница 79: ...ngle physical Ethernet interface with the ZyXEL device itself as the gateway for each LAN network To change your ZyXEL device s IP Alias settings click LAN then the IP Alias tab The screen appears as...

Страница 80: ...hen set to Both or In Only it will incorporate the RIP information that it receives when set to None it will not send any RIP packets and will ignore any RIP packets received RIP Version The RIP Versi...

Страница 81: ...called wireless clients The wireless clients use the access point AP to interact with other devices such as the printer or with the Internet Your ZyXEL device is the AP Every wireless network must fo...

Страница 82: ...eless client see the appropriate User s Guide or other documentation You can use the MAC address filter to tell the AP which wireless clients are allowed or not allowed to use the wireless network If...

Страница 83: ...he secret code you cannot understand the message The types of encryption you can choose depend on the type of wireless network login See Section 6 2 3 on page 82 for information about this For example...

Страница 84: ...rmation to the AP at the same time and result in information colliding and not getting through By setting this value lower than the default value the wireless devices must sometimes get permission to...

Страница 85: ...computer connected to the wireless LAN and you change the ZyXEL device s SSID or WEP settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless...

Страница 86: ...blinks or breaths when data is being transmitted to from its wireless stations Clear the check box to turn this LED off even when the ZyXEL device is on and data is being transmitted received 802 11 M...

Страница 87: ...nfiguring WEP Encryption In order to configure and enable WEP encryption click the WIRELESS link under ADVANCED to display the Wireless screen Select Static WEP from the Security list Table 25 Wireles...

Страница 88: ...c WEP encryption Passphrase Enter a Passphrase up to 32 printable characters and click Generate The ZyXEL device automatically generates a WEP key WEP Encryption Select 64 bit WEP or 128 bit WEP to en...

Страница 89: ...check box in the figure below Hex Select this option in order to enter hexadecimal characters as the WEP keys The preceding 0x that identifies a hexadecimal key is entered automatically Key 1 to Key 4...

Страница 90: ...conds Specify how often wireless stations have to reenter usernames and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds...

Страница 91: ...cation click the WIRELESS link under ADVANCED to display the Wireless screen Select WPA or WPA2 from the Security list Note WPA and WPA2 are two separate choices in this screen The only configuration...

Страница 92: ...the ZyXEL device is using WPA2 ReAuthentication Timer in seconds Specify how often wireless stations have to reenter usernames and passwords in order to stay connected Enter a time interval between 10...

Страница 93: ...een The screen appears as shown See Chapter 15 on page 189 for more details on RADIUS WPA Group Key Update Timer The WPA Group Key Update Timer is the rate at which the AP if using WPA PSK key managem...

Страница 94: ...s clients in other wireless networks External RADIUS Server Select the radio button to use an External RADIUS Server to authenticate the ZyXEL device s wireless clients Authentication Server Server IP...

Страница 95: ...g Server Active Select the check box to enable user accounting through an external authentication server Server IP Address Enter the IP address of the external accounting server in dotted decimal nota...

Страница 96: ...DESCRIPTION ReAuthentication Timer in seconds Specify how often wireless stations have to reenter usernames and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds...

Страница 97: ...se correctly first Select Local User Database Only to have the ZyXEL device just check the built in trusted user database on the ZyXEL device for a wireless station s username and password Select RADI...

Страница 98: ...n to block access to the ZyXEL device MAC addresses not listed will be allowed to access the ZyXEL device Select Allow Association to permit access to the ZyXEL device MAC addresses not listed will be...

Страница 99: ...rom the drop down list box to enable roaming on the ZyXEL device if you have two or more ZyXEL devices on the same subnet Note All APs on the same subnet and the wireless stations must have the same S...

Страница 100: ...ZyXEL G 2000 Plus v2 User s Guide 100 Chapter 6 Wireless LAN...

Страница 101: ...view A WAN Wide Area Network is an outside connection to another network or the Internet 7 2 Configuring WAN ISP To change your ZyXEL device s WAN ISP settings click WAN then ISP tab The screen differ...

Страница 102: ...tandard Table 33 Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet Service Type Choose from Standard RR Toshiba...

Страница 103: ...elstra authentication method or Telia Login The following fields do not appear with the Standard service type User Name Type the user name given to you by your ISP Password Type the password associate...

Страница 104: ...aves significant effort for both you and the ISP or carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the ZyXEL device rath...

Страница 105: ...e screen shown next is for PPTP encapsulation Password Type the password associated with the User Name above Retype to Confirm Type your password again to make sure that you have entered is correctly...

Страница 106: ...rameters for a PPTP connection User Name Type the user name given to you by your ISP Password Type the password associated with the user name above Retype to Confirm Type your password again to make s...

Страница 107: ...nter the IP address in the field provided My IP Subnet Mask Your ZyXEL device will automatically calculate the subnet mask based on the IP address that you assign Unless you are implementing subnettin...

Страница 108: ...is the default selection Use fixed IP address Select this option If the ISP assigned a fixed IP address My WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address M...

Страница 109: ...number of NAT firewall sessions that a host can create Private PPPoE and PPTP only This parameter determines if the ZyXEL device will include the route to this remote node in its RIP broadcasts If se...

Страница 110: ...sections 4 and 5 of RFC 2236 Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP broadcast packets that enable a computer to connect to and communicate with...

Страница 111: ...s MAC address IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning Once it is successfully configured the address will be copied to the rom file ZyNOS configuratio...

Страница 112: ...ZyXEL G 2000 Plus v2 User s Guide 112 Chapter 7 WAN...

Страница 113: ...of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global local denotes the IP address of a host in a packet as the packet traverses a router For exa...

Страница 114: ...g inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 8 1 3 How NAT Works Each packet h...

Страница 115: ...tion NAT 115 Figure 39 How NAT Works 8 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the ZyXEL device can c...

Страница 116: ...s This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature the SUA Only option Many to Many Overload In Many to Many Overload mode the ZyXEL device maps the multi...

Страница 117: ...TP that you can make visible to the outside world even though SUA makes your whole inside network appear as a single computer to the outside world You may enter a single port number or a range of port...

Страница 118: ...A Server page to forward incoming service requests to the server s on your local network You may enter a single port number or a range of port numbers to be forwarded and the local IP address of the d...

Страница 119: ...ind NAT Example 8 4 Configuring SUA Server Note If you do not assign a Default Server IP Address the ZyXEL device discards all packets received for ports that are not specified in this screen or remot...

Страница 120: ...ZyXEL G 2000 Plus v2 User s Guide 120 Chapter 8 Single User Account SUA Network Address Translation NAT Figure 42 SUA NAT Setup The following table describes the labels in this screen...

Страница 121: ...pping tab The screen appears as shown Table 41 SUA NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specified services NAT supports a default server A default server receives...

Страница 122: ...ZyXEL G 2000 Plus v2 User s Guide 122 Chapter 8 Single User Account SUA Network Address Translation NAT Figure 43 Address Mapping The following table describes the labels in this screen...

Страница 123: ...de Global IP Address IGA 0 0 0 0 is for a dynamic IP address from your ISP with Many to One and Server mapping types Global End IP This is the end Inside Global Address IGA This field is N A for One t...

Страница 124: ...ZyXEL G 2000 Plus v2 User s Guide 124 Chapter 8 Single User Account SUA Network Address Translation NAT Figure 44 Address Mapping Edit The following table describes the labels in this screen...

Страница 125: ...omputer to use the application Table 43 Address Mapping Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following 1 One to One One to one mode maps one local IP address to one...

Страница 126: ...s the traffic to Jane s computer IP address 5 Only Jane can connect to the Real Audio server until the connection is closed or times out The ZyXEL device times out in three minutes with UDP User Datag...

Страница 127: ...ZyXEL G 2000 Plus v2 User s Guide Chapter 8 Single User Account SUA Network Address Translation NAT 127 Figure 46 Trigger Port The following table describes the labels in this screen...

Страница 128: ...e client computer on the LAN that requested the service Start Port Type a port number or the starting port number in a range of port numbers End Port Type a port number or the ending port number in a...

Страница 129: ...the networks beyond For instance the ZyXEL device knows about network N2 in the following figure through remote node router R1 However the ZyXEL device is unable to route a packet to network N3 becau...

Страница 130: ...ZyXEL G 2000 Plus v2 User s Guide 130 Chapter 9 Static Route Screens Figure 48 Static Route The following table describes the labels in this screen...

Страница 131: ...Yes or not No Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gateway The gateway...

Страница 132: ...forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyXEL device over the WAN the gateway must be the IP address of one of the Remote Nodes Metric...

Страница 133: ...a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be imple...

Страница 134: ...tion on page 140 for more information on Stateful Inspection Firewalls of one type or another have become an integral part of standard security solutions for enterprises 10 3 Introduction to ZyXEL s F...

Страница 135: ...functions An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traffic by default uses TCP port 80...

Страница 136: ...n unsuspecting system Systems may crash hang or reboot b Teardrop attack exploits weaknesses in the reassembly of IP packet fragments As data is transmitted through a network IP packets are often brok...

Страница 137: ...blished a SYN Attack floods a targeted system with a series of SYN packets Each packet causes the targeted system to issue a SYN ACK response While the targeted system waits for the ACK that follows t...

Страница 138: ...ta A Smurf hacker floods a router with Internet Control Message Protocol ICMP echo request packets pings Since the destination IP address of each packet is the broadcast address of the network the rou...

Страница 139: ...echnique known as IP Spoofing as part of their attack IP Spoofing may be used to break into systems to hide the hacker s identity or to magnify the effect of the DoS attack IP Spoofing is a technique...

Страница 140: ...inates from the Internet In summary stateful inspection Allows all sessions originating from the LAN local network to the WAN Internet Denies all sessions originating from the WAN to the LAN Figure 54...

Страница 141: ...y additional inbound or outbound packets that belong to the connection are inspected to update the state table entry and to modify the temporary inbound access list entries as required and are forward...

Страница 142: ...ated on the LAN 10 5 4 UDP ICMP Security UDP and ICMP do not themselves contain any connection information such as sequence numbers However at the very minimum they contain an IP address pair source a...

Страница 143: ...in any way including attaching a modem to the port Be aware that a break on the console port might give unauthorized individuals total control of the firewall even with access control configured 3 Li...

Страница 144: ...h the outbound request for that packet and allowed in Conversely an incoming packet masquerading as a response to a nonexistent outbound request can be blocked The firewall uses session filtering i e...

Страница 145: ...tion of travel of packets to which they apply Note The LAN includes both the LAN port and the WLAN By default the ZyXEL device s stateful packet inspection allows packets traveling in the following di...

Страница 146: ...points carefully before configuring rules 11 3 1 Rule Checklist 1 State the intent of the rule For example This restricts all IRC access from the LAN to the Internet Or This allows a remote Lotus Not...

Страница 147: ...ted it is necessary to first define it See Predefined Services on page 159 for more information on predefined services 11 3 3 3 Source Address What is the connection s source address is it on the LAN...

Страница 148: ...figure a LAN to WAN rule you in essence want to limit some or all users from accessing certain services on the WAN See the following figure Figure 55 LAN to WAN Traffic 11 4 2 WAN to LAN Rules The def...

Страница 149: ...an alert when a rule is matched in the Edit Rule screen see Figure 59 Configure the Log Settings screen to have the ZyXEL device send an immediate e mail message to you when an event generates an aler...

Страница 150: ...ogy see Appendix M Packet Direction This is the direction of travel of packets W LAN to W LAN ZyXEL device W LAN to WAN WAN to W LAN WAN to WAN ZyXEL device Firewall rules are grouped based on the dir...

Страница 151: ...you have created that apply to traffic traveling in the selected packet direction The firewall rules that you configure summarized below take priority over the general firewall action settings above T...

Страница 152: ...s rule Enabled or not Disable Alert This field tells you whether this rule generates an alert Yes or not No when the rule is matched Move Type a rule s index number and the number for where you want t...

Страница 153: ...ZyXEL G 2000 Plus v2 User s Guide Chapter 11 Firewall Screens 153 Figure 59 Creating Editing A Firewall Rule...

Страница 154: ...ailable Services box on the left then click to add it to the Selected Service s box on the right To remove a service highlight it in the Selected Service s box on the right then click Custom Service A...

Страница 155: ...for Matched Packets Use the drop down list box to select whether to discard Block or allow the passage of Forward packets that match this rule Apply Click Apply to save your customized settings and ex...

Страница 156: ...t Direction drop down list box Figure 61 Rule Summary 2 In the Rule Summary screen type the index number for where you want to put the rule assuming you have more than one rule For example if you type...

Страница 157: ...Configure it as follows and click Apply Figure 63 Edit Custom Service Example 7 In the Edit Rule screen use the arrows between Available Services and Selected Service s to configure it as follows Clic...

Страница 158: ...ZyXEL G 2000 Plus v2 User s Guide 158 Chapter 11 Firewall Screens Figure 64 My Service Rule Configuration...

Страница 159: ...IP protocol type For example look at the default configuration labeled DNS UDP TCP 53 means UDP port 53 and TCP port 53 Custom services may also be configured using the Custom Services function discu...

Страница 160: ...arent file sharing for network environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING ICMP 0 Packet Internet Groper is a protocol tha...

Страница 161: ...H TCP UDP 22 Secure Shell Remote Login Program STRMWORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for...

Страница 162: ...ZyXEL G 2000 Plus v2 User s Guide 162 Chapter 11 Firewall Screens...

Страница 163: ...eb features or specific URL keywords and should not be confused with packet filtering via SMT menu 21 1 To access these functions from the Main Menu click Content Filter to expand the Content Filter m...

Страница 164: ...ent environment for building downloadable Web components or Internet and intranet business applications of all kinds Cookies Used by Web servers to track usage and provide service based on ID Web Prox...

Страница 165: ...ton to remove all of the listed keywords Day to Block Select check boxes for the days that you want the ZyXEL device to perform content filtering Select the Everyday check box to have content filterin...

Страница 166: ...ZyXEL G 2000 Plus v2 User s Guide 166 Chapter 12 Content Filtering...

Страница 167: ...only or ALL LAN WAN you still need to configure a firewall rule to allow access To disable remote management of a service select Disable in the corresponding Server Access field You may only have one...

Страница 168: ...Management and NAT When NAT is enabled Use the ZyXEL device s WAN IP address when configuring from the WAN Use the ZyXEL device s LAN IP address when configuring from the LAN 13 1 3 System Timeout Th...

Страница 169: ...d however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access the ZyXEL device using this serv...

Страница 170: ...rt number for a service if needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access...

Страница 171: ...screen Reset Click Reset to begin configuring this screen afresh Table 56 Remote Management Telnet LABEL DESCRIPTION Table 57 Remote Management FTP LABEL DESCRIPTION Server Port You may change the se...

Страница 172: ...ble if TCP IP is configured Note SNMP is only available if TCP IP is configured Figure 71 SNMP Management Model An SNMP managed network consists of two main types of component agents and a manager An...

Страница 173: ...for object variables within an agent Trap Used by the agent to inform the manager of some events 13 5 1 Supported MIBs The ZyXEL device supports MIB II that is defined in RFC 1213 and RFC 1215 The foc...

Страница 174: ...oming Get and GetNext requests from the management station The default is public and allows all requests Set Community Enter the Set community which is the password for incoming Set requests from the...

Страница 175: ...er you must use the same port number in order to use that service for remote management Service Access Select the interface s through which a computer may access the ZyXEL device using this service Se...

Страница 176: ...from being sent This keeps outsiders from discovering your ZyXEL device when unsupported ports are probed Table 60 Remote Management DNS LABEL DESCRIPTION Server Port The DNS service port number is 53...

Страница 177: ...m finding the ZyXEL device by probing for unused ports If you select this option the ZyXEL device will not respond to port request s for unused ports thus leaving the unused ports and the ZyXEL device...

Страница 178: ...ZyXEL G 2000 Plus v2 User s Guide 178 Chapter 13 Remote Management Screens...

Страница 179: ...ng the icon of a UPnP device will allow you to access the information and properties of that device 14 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate...

Страница 180: ...lementation supports IGD 1 0 Internet Gateway Device At the time of writing ZyXEL device s UPnP implementation supports Windows Messenger 4 6 and 4 7 while Windows Messenger 5 0 and Xbox are still bei...

Страница 181: ...sers to make configuration changes through UPnP Select this check box to allow UPnP enabled applications to automatically configure the ZyXEL device so that they can communicate through the ZyXEL devi...

Страница 182: ...Panel Double click Add Remove Programs 2 Click on the Windows Setup tab and select Communication in the Components selection box Click Details 3 In the Communications window select the Universal Plug...

Страница 183: ...computer and the ZyXEL device 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Comp...

Страница 184: ...operties 3 In the Internet Connection Properties window click Settings to see the port mappings that were automatically created 4 You may edit or delete the port mappings or click Add to manually add...

Страница 185: ...ess the web based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first This is helpful if you do not know the IP address of the ZyXEL device Follow the steps b...

Страница 186: ...he steps below to access the web configurator 1 Click Start and then Control Panel 2 Double click Network Connections 3 Select My Network Places under Other Places 4 An icon with the description for e...

Страница 187: ...nder Other Places 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click the icon for your ZyXEL device and select Invoke The web configurator login scr...

Страница 188: ...ZyXEL G 2000 Plus v2 User s Guide 188 Chapter 14 UPnP...

Страница 189: ...s a built in RADIUS server that can authenticate wireless clients or other AP s in other wireless networks The ZyXEL device can function as an AP and as a RADIUS server at the same time PEAP Protected...

Страница 190: ...he ZyXEL device s certificate and to activate the internal RADIUS server on your ZyXEL device Trusted AP Use the Trusted AP screen to configure which trusted AP s you can authenticate You can authenti...

Страница 191: ...one that uses your ZyXEL device s MAC address This can be done when you first log in to the ZyXEL device or in the Advanced web configurator Certificates screen Note The internal RADIUS server does no...

Страница 192: ...onfiguration screen see the Certificates chapter Type This field displays what kind of certificate this is REQ represents a certification request and is not yet a valid certificate Send a certificatio...

Страница 193: ...IUS server and the wireless clients The wireless clients can then be authenticated by the RADIUS server Valid To This field displays the date that the certificate expires The text displays in red and...

Страница 194: ...e Trusted AP tab The screen appears as shown Figure 80 Trusted AP Screen The following table describes the labels in this screen Table 65 Trusted AP LABEL DESCRIPTION This field displays the trusted A...

Страница 195: ...en the trusted AP and the ZyXEL device Note The first trusted AP fields are reserved for the ZyXEL device They are grayed out and therefore cannot be configured The shared secret must be the same on t...

Страница 196: ...t This name can be up to 31 alphanumeric characters long including spaces The login name on the wireless client s utility must be the same as this user name on so it can authenticate the RADIUS server...

Страница 197: ...v2 User s Guide Chapter 15 Internal RADIUS Server 197 Apply Click Apply to save your changes back to the ZyXEL device Reset Click Reset to begin configuring this screen afresh Table 66 Trusted Users...

Страница 198: ...ZyXEL G 2000 Plus v2 User s Guide 198 Chapter 15 Internal RADIUS Server...

Страница 199: ...key is public and can be made openly available the other key is private and must be kept secure Public key encryption in general works as follows 1 Tim wants to send a private message to Jenny Tim ge...

Страница 200: ...the certificates of the certification authorities that you decide to trust no matter how many devices you need to authenticate Key distribution is simple and very secure since you can freely distribu...

Страница 201: ...ar is red you should consider deleting expired or unnecessary certificates before adding more certificates Replace This button displays when the ZyXEL device has the factory default certificate The fa...

Страница 202: ...the certificate is about to expire or has already expired Details Click the details icon to open a screen with an in depth list of information about the certificate Click the delete icon to remove the...

Страница 203: ...allows the importation of a PKS 7 file that contains a single certificate PEM Base 64 encoded PKCS 7 This Privacy Enhanced Mail PEM format uses 64 ASCII characters to convert a binary PKCS 7 certific...

Страница 204: ...device create a self signed certificate enroll a certificate with a certification authority or generate a certification request see the following figure Table 68 My Certificate Import LABEL DESCRIPTIO...

Страница 205: ...ZyXEL G 2000 Plus v2 User s Guide Chapter 16 Certificates 205 Figure 84 My Certificate Create...

Страница 206: ...ops trailing spaces Key Length Select a number from the drop down list box to determine how many bits the key should use 512 to 2048 The longer the key the more secure it is A longer key also uses mor...

Страница 207: ...Enrollment Protocol Select the certification authority s enrollment protocol from the drop down list box Simple Certificate Enrollment Protocol SCEP is a TCP based enrollment protocol that was develop...

Страница 208: ...Default self signed certificate which signs the imported remote host certificates Select this check box to have the ZyXEL device use this certificate to sign the trusted remote host certificates that...

Страница 209: ...authority such as Common Name Organizational Unit Organization and Country With self signed certificates this is the same as the Subject Name field Signature Algorithm This field displays the type of...

Страница 210: ...copy and paste a certification request into a certification authority s web page an e mail that you send to the certification authority or a text editor and save the file on a management computer for...

Страница 211: ...such as a common name organizational unit or department organization or company and country With self signed certificates this is the same information as in the Subject field Valid From This field dis...

Страница 212: ...ou can save the certificate of a certification authority that you trust from your computer to the ZyXEL device Delete Click Delete to delete an existing certificate A window display asking you to conf...

Страница 213: ...ck the details icon to open the Trusted CA Details screen Use this screen to view in depth information about the certification authority s certificate change the certificate s name and set whether or...

Страница 214: ...fault self signed certificate which signs the imported remote host certificates Select this check box to have the ZyXEL device use this certificate to sign the trusted remote host certificates that yo...

Страница 215: ...cate s issuing certification authority such as Common Name Organizational Unit Organization and Country With self signed certificates this is the same information as in the Subject Name field Signatur...

Страница 216: ...icate in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII characters to convert the binary cer...

Страница 217: ...ude logs about system maintenance system errors and access control You can view logs and alert messages in this page Once the log entries are all used the log will wrap around and the old logs will be...

Страница 218: ...ion Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts are displayed in red and logs are displayed in black S...

Страница 219: ...ZyXEL G 2000 Plus v2 User s Guide Chapter 17 Log Screens 219 Figure 90 Log Settings...

Страница 220: ...he messages to different files in the syslog server Refer to the documentation of your syslog program for more details Send Log Log Schedule This drop down menu is used to configure the frequency of l...

Страница 221: ...or from which the most traffic has been sent How much traffic has been sent to and from the LAN IP addresses to and or from which the most traffic has been sent Note The web site hit count may not be...

Страница 222: ...ice record report data Click Stop Collection to halt the ZyXEL device from recording more data Refresh Click Refresh to update the report display The report also refreshes automatically when you close...

Страница 223: ...c statistics 18 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your ZyXEL device 18 2 System Status Screen Cli...

Страница 224: ...load firmware for this exact model name This field is not available on all models ZyNOS Firmware Version This is the ZyNOS Firmware version and the date created ZyNOS is ZyXEL s proprietary Network Op...

Страница 225: ...erver on your LAN or else the computer must be manually configured Table 78 System Status Show Statistics LABEL DESCRIPTION Port This is the WAN LAN or WLAN port Status This shows the port speed and d...

Страница 226: ...able tab Read only information here relates to your DHCP status The DHCP table shows current DHCP Client information including IP Address Host Name and MAC Address of all network clients using the DHC...

Страница 227: ...er with the name in the Host Name field Every Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characte...

Страница 228: ...ns in this screen to upload firmware to your ZyXEL device Figure 96 Firmware Upload The following table describes the labels in this screen Note Do not turn off the ZyXEL device while firmware upload...

Страница 229: ...g a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 98 Network Temporarily Disconnect After two minutes log in again and check your new fir...

Страница 230: ...nfiguration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP TFTP commands Click MAINTENANCE and then the Configuration tab Information...

Страница 231: ...onfiguration file before making configuration changes The backup configuration file will be useful in case you need to return to your previous settings Click Backup to save the ZyXEL device s current...

Страница 232: ...ktop Figure 102 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default Z...

Страница 233: ...ollowing warning screen will appear Figure 104 Reset Warning Message You can also press the RESET button on the side panel to reset the factory defaults of your ZyXEL device Refer to the section on re...

Страница 234: ...ZyXEL G 2000 Plus v2 User s Guide 234 Chapter 18 Maintenance Figure 105 Restart Screen...

Страница 235: ...he bottom left corner Run and then type telnet 192 168 1 1 the default IP address and click OK 2 For your first login enter the default password 1234 As you type the password the screen displays an as...

Страница 236: ...xisting system password in the Old Password field and press ENTER Figure 108 Menu 23 1 System Security Change Password 4 Type your new system password in the New Password field up to 30 characters and...

Страница 237: ...e to configure your ZyXEL device Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below Table 83 Main Menu Commands OPERATION...

Страница 238: ...of fields The first requires you to type in the appropriate information The second allows you to cycle through the available choices by pressing SPACE BAR Required fields or ChangeMe All fields with...

Страница 239: ...r LAN 3 LAN Setup Use this menu to set up your LAN and WLAN connection 4 Internet Access Setup Configure your Internet Access setup Internet address gateway login etc with this menu 11 Remote Node Set...

Страница 240: ...sword in the Old Password field for example 1234 and press ENTER Figure 112 Menu 23 System Password 4 Type your new system password in the New Password field up to 30 characters and press ENTER 5 Re t...

Страница 241: ...System Name In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name fie...

Страница 242: ...is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a machine before you can access it...

Страница 243: ...namic DNS as shown next Figure 114 Menu 1 1 Configure Dynamic DNS Follow the instructions in the next table to configure Dynamic DNS parameters Menu 1 1 Configure Dynamic DNS Service Provider WWW DynD...

Страница 244: ...ns org traffic is redirected to a URL that you have previously specified see www dyndns org for details Edit Update IP Address You can select Yes in either the Use Server Detected IP field recommended...

Страница 245: ...igure the WAN using menu 2 21 1 Introduction to WAN This chapter explains how to configure settings for your WAN port 21 2 WAN Setup From the main menu enter 2 to open menu 2 Figure 115 Menu 2 WAN Set...

Страница 246: ...default MAC Address Choose IP address attached on LAN to use the MAC Address of that computer whose IP you give in the following field IP Address This field is applicable only if you choose the IP add...

Страница 247: ...wish to apply to the Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 117...

Страница 248: ...enu 3 LAN Setup When menu 3 appears press 2 and press ENTER to display Menu 3 2 TCP IP and DHCP Ethernet Setup as shown next Figure 118 Menu 3 2 TCP IP Setup Follow the instructions in the next table...

Страница 249: ...the ISP assigns Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the IP Address field below If you chose User Defined but leave the IP address set to...

Страница 250: ...ly calculate the subnet mask based on the IP address that you assign Unless you are implementing subnetting use the subnet mask computed by the ZyXEL device RIP Direction Press SPACE BAR and then ENTE...

Страница 251: ...rs Menu 3 2 1 IP Alias Setup IP Alias 1 No IP Address N A IP Subnet Mask N A RIP Direction N A Version N A Incoming protocol filters N A Outgoing protocol filters N A IP Alias 2 No IP Address N A IP S...

Страница 252: ...cally calculate the subnet mask based on the IP address that you assign Unless you are implementing subnetting use the subnet mask computed by the ZyXEL device RIP Direction Press SPACE BAR and then E...

Страница 253: ...the same ESSID Enter a descriptive name of up to 32 printable 7 bit ASCII characters Hide ESSID Press SPACE BAR and select Yes to hide the ESSID in the outgoing data frame so an intruder cannot obtain...

Страница 254: ...on for details on this field Edit Roaming Configuration Press SPACE BAR to select Yes to enable roaming on the ZyXEL device if you have two or more ZyXEL devices on the same subnet Note All APs on the...

Страница 255: ...Default Key 1 Key1 Key2 Key3 Key4 Authen Method Shared Key Only Menu 3 5 1 WLAN MAC Address Filter Active No Filter Action Allowed Association 1 00 00 00 00 00 00 13 00 00 00 00 00 00 25 00 00 00 00...

Страница 256: ...and press ENTER MAC addresses not listed will be allowed to access the router The default action Allowed Association permits association with the ZyXEL device MAC addresses not listed will be denied...

Страница 257: ...what encapsulation type you should use 23 2 Ethernet Encapsulation From the main menu type 4 to display Menu 4 Internet Access Setup If you choose Ethernet in menu 4 you will see the next menu Figure...

Страница 258: ...t if the ZyXEL device does not log in periodically Type the number of minutes from 1 to 59 30 recommended for the ZyXEL device to wait between logins IP Address Assignment If your ISP did not assign y...

Страница 259: ...oose PPTP as your encapsulation option This brings up the following screen Figure 125 Internet Access Setup PPTP The following table contains instructions about the new fields when you choose PPTP in...

Страница 260: ...DESCRIPTION Encapsulation Press SPACE BAR and then press ENTER to choose PPTP The encapsulation method influences your choices for the IP Address field Idle Timeout This value specifies the time in se...

Страница 261: ...nate from the LAN and blocks all traffic to the LAN that originates from the Internet You may deactivate the firewall in menu 21 2 or via the ZyXEL device embedded web configurator You may also define...

Страница 262: ...ZyXEL G 2000 Plus v2 User s Guide 262 Chapter 23 Internet Access...

Страница 263: ...emote node The following describes how to configure Menu 11 1 Remote Node Profile Menu 11 3 Remote Node Network Layer Options Menu 11 5 Remote Node Filter 24 2 Remote Node Profile Setup From the main...

Страница 264: ...his menu Menu 11 1 Remote Node Profile Rem Node Name ChangeMe Route IP Active Yes ISP No Apply Alias None Encapsulation Ethernet Edit IP No Service Type Standard Session Options Service Name N A Edit...

Страница 265: ...orrectly Server This field is valid only when RoadRunner is selected in the Service Type field The ZyXEL device will find the RoadRunner Server IP automatically if this field is left blank If it does...

Страница 266: ...ecify the correct authentication protocol when connecting to such an implementation 24 2 2 2 Nailed Up Connection A nailed up connection is a dial up line where the connection is always up regardless...

Страница 267: ...ts a ceiling for outgoing call time for this remote node The default for this field is 0 meaning no budget control Period hr This field is the time period that the budget should be reset For example i...

Страница 268: ...ChangeMe Route IP Active Yes ISP No Apply Alias None Encapsulation PPTP Edit IP No Service Type Standard Telco Option Service Name N A Allocated Budget min 0 Outgoing Period hr 0 My Login Schedules M...

Страница 269: ...DESCRIPTION Encapsulation Press SPACE BAR and then ENTER to select PPTP You must also go to menu 11 3 to check the IP Address setting once you have selected the encapsulation method My IP Addr Enter...

Страница 270: ...any to One and Server Choose Full Feature if you have multiple public IP addresses Full Feature mapping types include One to One Many to One SUA PAT Many to Many Overload Many One to One and Server Wh...

Страница 271: ...hat spaces are accepted in this field For more information on defining the filters please refer to the Filters chapter For PPPoE or PPTP encapsulation you have the additional option of specifying remo...

Страница 272: ...ZyXEL G 2000 Plus v2 User s Guide 272 Chapter 24 Remote Node Configuration...

Страница 273: ...w type the route number of a static route you want to configure Figure 134 Menu12 1 Edit IP Static Route The following table describes the fields for Menu 12 1 Edit IP Static Route Setup Menu 12 IP St...

Страница 274: ...immediate neighbor of your ZyXEL device that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyXEL device over WAN the gateway must be t...

Страница 275: ...e From the main menu enter 14 to display Menu 14 Dial in User Setup Figure 135 Menu 14 Dial in User Setup Type a number and press ENTER to edit the user profile Menu 14 Dial in User Setup 1 aj tetryeg...

Страница 276: ...1 Edit Dial in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile This field is case sensitive Active Press SPACE BAR to select Yes and press...

Страница 277: ...two types of mapping Many to One and Server See section Address Mapping Sets for a detailed description of the NAT set for SUA The ZyXEL device also supports Full Feature NAT to map multiple global IP...

Страница 278: ...the Remote Node The following table describes the options for Network Address Translation Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation Ethernet Service Type Standard My Login N A My...

Страница 279: ...for further information on these menus To configure NAT enter 15 from the main menu to bring up the following screen Figure 139 Menu 15 NAT Setup 27 3 1 Address Mapping Sets Enter 1 to bring up Menu...

Страница 280: ...annot be changed Figure 141 Menu 15 1 255 SUA Address Mapping Rules The following table explains the fields in this menu Menu 15 1 Address Mapping Sets 1 NAT_SET 255 SUA read only Enter Menu Selection...

Страница 281: ...1 or enter the name of a new set you want to create Idx This is the index or rule number Local Start IP Local Start IP is the starting local IP address ILA Local End IP Local End IP is the ending loc...

Страница 282: ...ction and the remaining rules are ignored If there are any empty rules before your new configured rule your configured rule will be pushed up by that number of empty rules For example if you have alre...

Страница 283: ...plains the fields in this menu Table 104 Menu 15 1 1 First Set FIELD DESCRIPTION Set Name Enter a name for this set of rules This is a required field If this field is left blank the entire set will be...

Страница 284: ...le Local IP Only local IP fields are N A for server Global IP fields MUST be set for Server Start This is the starting local IP address ILA End This is the ending local IP address ILA If the rule is f...

Страница 285: ...8 1 33 5 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC at any time to cancel You assign the private network IP addresses The...

Страница 286: ...pping discussed in section General NAT Examples The SUA Only read only option from the Network Address Translation field in menus 4 and 11 3 is specifically pre configured to handle this case 27 5 2 E...

Страница 287: ...FTP servers to the first two IGAs and the other LAN traffic to the remaining IGA Map the third IGA to an inside web server and mail server Four rules need to be configured two bi directional and two...

Страница 288: ...tion from the Network Address Translation field in menu 4 or menu 11 3 see Figure 130 2 Then enter 15 from the main menu 3 Enter 1 to configure the Address Mapping Sets 4 Enter 1 to begin configuring...

Страница 289: ...show how to configure the first rule Menu 11 3 Remote Node Network Layer Options IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Addr N A Network Address Translation Full Fe...

Страница 290: ...owing menu Configure it as shown Menu 15 1 1 1 Address Mapping Rule Type One to One Local IP Start 192 168 1 10 End N A Global IP Start 10 132 50 1 End N A Press ENTER to Confirm or ESC to Cancel Pres...

Страница 291: ...Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream These applications won t work through NAT even when using One to One an...

Страница 292: ...er can use a trigger port range at a time Enter 3 in menu 15 to display Menu 15 3 Trigger Port Setup shown next Menu 15 1 1 1 Address Mapping Rule Type Many One to One Local IP Start 192 168 1 10 End...

Страница 293: ...owing table describes the fields in this screen Menu 15 3 Trigger Port Setup Incoming Trigger Rule Name Start Port End Port Start Port End Port 1 Real Audio 6970 7170 7070 7070 2 0 0 0 0 3 0 0 0 0 4 0...

Страница 294: ...ports to the client computer on the LAN that requested the service Start Port Enter a port number or the starting port number in a range of port numbers End Port Enter a port number or the ending por...

Страница 295: ...be allowed to pass Data filters are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the L...

Страница 296: ...device filter rules and protocol filter rules within the same set You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six ru...

Страница 297: ...ort to block multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port 28 2 Configuring a Filter Set The ZyXEL device includes f...

Страница 298: ...reen shows the summary of the existing rules in the filter set The following tables contain a brief description of the abbreviations used in the previous menus Menu 21 Filter and Firewall Setup 1 Filt...

Страница 299: ...more rules to check which form a rule chain with the present rule An action cannot be taken until the rule chain is complete N means there are no more rules to check You can specify an action to be ta...

Страница 300: ...s are provided for protocol and device filter sets If you include a protocol filter set in a device filter field or vice versa the ZyXEL device will warn you and will not allow you to save 28 2 2 Conf...

Страница 301: ...rule Menu 21 1 1 1 TCP IP Filter Rule Filter 1 1 Filter Type TCP IP Filter Rule Active Yes IP Protocol 0 IP Source Route No Destination IP Addr IP Mask Port Port Comp None Source IP Addr IP Mask Port...

Страница 302: ...SPACE BAR and then ENTER to select the comparison to apply to the destination port in the packet against the value given in Destination Port None Less Greater Equal Not Equal Source IP Address Enter...

Страница 303: ...th All packets will be logged None Action Matched Action Not Matched Both Action Matched Press SPACE BAR and then ENTER to select the action for a matching packet Check Next Rule Forward Drop Action N...

Страница 304: ...eric rules the ZyXEL device treats a packet as a byte stream as opposed to an IP or IPX packet You specify the portion of the packet to check with the Offset from 0 and the Length fields both in bytes...

Страница 305: ...le as shown below Figure 165 Menu 21 1 4 1 Generic Filter Rule The following table describes the fields in the Generic Filter Rule menu Menu 21 1 4 1 Generic Filter Rule Filter 4 1 Filter Type Generic...

Страница 306: ...eld is 0 to 8 0 8 Mask Enter the mask in Hexadecimal notation to apply to the data portion before comparison Value Enter the value in Hexadecimal notation to compare with the data portion More If Yes...

Страница 307: ...Rules Summary 6 Enter 1 to configure the first filter rule the only filter rule of this set Make the entries in this menu as shown in the following figure Figure 167 Example Filter Menu 21 1 3 1 Sele...

Страница 308: ...in this set Figure 168 Example Filter Rules Summary Menu 21 1 3 This shows you that you have configured and activated A Y a TCP IP filter rule Type IP Pr 6 for destination telnet ports DP 23 M N means...

Страница 309: ...et port or any other hardware port The following diagram illustrates this Figure 169 Protocol and Device Filter Sets 28 5 Firewall Versus Filters Firewall configuration is discussed in the firewall ch...

Страница 310: ...r numbers separated by commas The ZyXEL device already has filters to prevent NetBIOS traffic from triggering calls and block incoming telnet FTP and HTTP connections Figure 171 Filtering Remote Node...

Страница 311: ...r is by far the most comprehensive firewall configuration tool your ZyXEL device has to offer For this reason it is recommended that you configure your firewall using the web configurator see the foll...

Страница 312: ...ainst Denial of Service DoS attacks when it is active Your network is vulnerable to attacks when the firewall is turned off Refer to the User s Guide for details about the firewall default policies Yo...

Страница 313: ...work The ZyXEL device supports SNMP version one SNMPv1 and version two c SNMPv2c The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured Figure 173 SNMP...

Страница 314: ...manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve a...

Страница 315: ...word for incoming Set requests from the management station Trusted Host If you enter a trusted host your ZyXEL device will only respond to SNMP messages from this address A blank default field means y...

Страница 316: ...onFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community password 6 linkDown defined in RFC 1215 A trap is sent when the port is...

Страница 317: ...23 System Security You should change the default password If you forget your password you have to restore the default configuration file Refer to the section on changing the system password in the Int...

Страница 318: ...onfirm or ESC to Cancel Table 114 Menu 23 2 System Security RADIUS Server FIELD DESCRIPTION Authentication Server Active Press SPACE BAR to select Yes and press ENTER to enable user authentication thr...

Страница 319: ...server in dotted decimal notation Port The default port of the RADIUS server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so with additio...

Страница 320: ...tations have to enter usernames and passwords before access to the wired network is allowed Select No Access Allowed to block all wireless stations access to the wired network The following fields are...

Страница 321: ...vacy for Broadcast Multicast packets field WPA Group Key Update Timer The WPA Broadcast Multicast Key Update Timer is the rate at which the AP if using WPA PSK key management or RADIUS server if using...

Страница 322: ...ZyXEL G 2000 Plus v2 User s Guide 322 Chapter 31 System Security...

Страница 323: ...Status is a tool that can be used to monitor your ZyXEL device Specifically it gives you information on your Ethernet and Wireless LAN status number of packets sent and received To get to System Statu...

Страница 324: ...tatus This shows the status of the remote node TxPkts This is the number of transmitted packets to this remote node RxPkts This is the number of received packets from this remote node Cols This is the...

Страница 325: ...Information Enter 1 in menu 24 2 to display the screen shown next Figure 183 Menu 24 2 1 System Information Information The following table describes the fields in this menu Menu 24 2 System Informat...

Страница 326: ...low the procedures to view the local error trace log 1 Type 24 in the main menu to display Menu 24 System Maintenance 2 From menu 24 type 3 to display Menu 24 3 System Maintenance Log and Trace ZyNOS...

Страница 327: ...are shown next Menu 24 3 System Maintenance Log and Trace 2 Syslog Logging 4 Call Triggering Packet Menu 24 3 2 System Maintenance Syslog Logging Syslog Active No Syslog Server IP Address 0 0 0 0 Log...

Страница 328: ...d 0 line 0 channel 0 call 1 C01 Outgoing Call dev 2 ch 0 40002 Jul 19 11 19 32 192 168 102 2 ZYXEL board 0 line 0 channel 0 call 1 C02 OutCall Connected 64000 40002 Jul 19 11 20 06 192 168 102 2 ZYXEL...

Страница 329: ...d010080 S05 R01mF Mar 03 10 41 34 202 132 155 97 ZyXEL IP Src 192 168 2 33 Dst 202 132 155 93 ICMP S04 R01mF Mar 03 11 59 20 202 132 155 97 ZyXEL GEN 00a0c5f502fnord010080 S05 R01mF Mar 03 12 00 52 20...

Страница 330: ...o Source port empty means no source port information Dst Destination Address dpo Destination port empty means no destination port information prot Protocol TCP UDP ICMP IGMP GRE ESP rule a b where a m...

Страница 331: ...44 Time 17 02 44 262 Frame Type IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x002C 44 Identification 0x0002 2 Flags 0x00 Fragment Offset 0x00 Time to Live 0xFE 254 Pro...

Страница 332: ...ther as a WAN DHCP client IP Address Assignment field in menu 4 or menu 11 3 is Dynamic and the Encapsulation field in menu 4 or menu 11 is Ethernet or None when you have a static IP The WAN Release a...

Страница 333: ...Table 119 Menu 24 4 System Maintenance Menu Diagnostic FIELD DESCRIPTION Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working WAN DHCP Release Release the IP ad...

Страница 334: ...ZyXEL G 2000 Plus v2 User s Guide 334 Chapter 32 System Information and Diagnosis...

Страница 335: ...ngs they can be saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename e...

Страница 336: ...computer Backup is highly recommended once your ZyXEL device is functioning properly FTP is the preferred method although TFTP can also be used Please note that the terms download and upload are rela...

Страница 337: ...ile on the ZyXEL device to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the FTP prompt Menu 24 5 Backup Configu...

Страница 338: ...console session running 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK...

Страница 339: ...estore the five minute SMT timeout default when the file transfer is complete 4 Launch the TFTP client on your computer and connect to the ZyXEL device Set the transfer mode to binary before starting...

Страница 340: ...he following sections on FTP and TFTP file transfer for more details The ZyXEL device restarts automatically after the file transfer is complete 33 3 1 Restore Using FTP For details about backup using...

Страница 341: ...2 Restore Using FTP Session Examplei Refer to section 33 2 4 to read about configurations that disallow TFTP and FTP over WAN Menu 24 6 Restore Configuration To transfer the firmware and the configura...

Страница 342: ...stem Maintenance Upload Firmware The configuration data system related data the error log and the trace log are all stored in the configuration file Please be aware that uploading the configuration fi...

Страница 343: ...remote file name on the system 4 The system reboots automatically after a successful firmware upload For details on FTP commands please consult the documentation of your FTP client program For details...

Страница 344: ...ration file using TFTP Trivial File Transfer Protocol over LAN Although TFTP should work over WAN as well it is not recommended To use TFTP your computer must have both telnet and TFTP clients To tran...

Страница 345: ...umentation of your TFTP client program For UNIX use get to transfer from the ZyXEL device to the computer put the other way around and binary to set binary transfer mode 33 4 5 Example TFTP Command Th...

Страница 346: ...ZyXEL G 2000 Plus v2 User s Guide 346 Chapter 33 Firmware and Configuration File Maintenance...

Страница 347: ...the main system firmware The CI provides much of the same functionality as the SMT while adding some low level setup and diagnostic functions Enter the CI from the SMT by selecting menu 24 8 See the i...

Страница 348: ...all time exceeds the limit the current call will be dropped and any future outgoing calls will be blocked To access the call control menu select option 9 in menu 24 to go to Menu 24 9 System Maintenan...

Страница 349: ...dropped and further outgoing calls to that remote node will be blocked After each period the total budget is reset The default for the total budget is 0 minutes and the period is 0 hours meaning no bu...

Страница 350: ...9 1 Budget Management FIELD DESCRIPTION Remote Node Enter the index number of the remote node you want to reset just one in this case Connection Time Total Budget This is the total connection time tha...

Страница 351: ...2 Then enter 10 to go to Menu 24 10 System Maintenance Time and Date Setting to update the time and date settings of your ZyXEL device as shown in the following screen Table 124 Call History Fields F...

Страница 352: ...month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 None The default en...

Страница 353: ...and Information 353 34 3 1 Resetting the Time The ZyXEL device resets the time in three instances 1 On leaving menu 24 10 after making changes 2 When the ZyXEL device starts up if there is a timeserv...

Страница 354: ...ZyXEL G 2000 Plus v2 User s Guide 354 Chapter 34 System Maintenance and Information...

Страница 355: ...which ZyXEL device interface if any from which computers You may manage your ZyXEL device from a remote location via Internet WAN only LAN only ALL LAN and WAN Neither Disable Note When you Choose WAN...

Страница 356: ...to Confirm or ESC to Cancel Table 126 FIELD DESCRIPTION Telnet Server FTP Server Web Server SNMP Service DNS Service Each of these read only labels denotes a service or protocol Port This field shows...

Страница 357: ...3 1 LAN or in menu 11 5 WAN is applied to block a Telnet FTP or Web service 2 You have disabled that service in menu 24 11 3 The IP address in the Secured Client IP field menu 24 11 does not match the...

Страница 358: ...LAN IP address when configuring from the LAN 35 3 System Timeout There is a system timeout of five minutes 300 seconds for Telnet web FTP connections Your ZyXEL device will automatically log you out i...

Страница 359: ...ed sets take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2 3 a...

Страница 360: ...r ZyXEL device will not drop it Once the connection is dropped manually or it times out then that remote node can t be triggered up until the end of the Duration Menu 26 1 Schedule Set Setup Active Ye...

Страница 361: ...scheduled time elapses Once Date If you selected Once in the How Often field above then enter the date the set should activate here in year month date format Weekday Day If you selected Weekly in the...

Страница 362: ...to your preference s Menu 11 1 Remote Node Profile Rem Node Name MyISP Route IP Active Yes Encapsulation PPPoE Edit IP No Service Type Standard Telco Option Service Name Allocated Budget min 0 Outgoi...

Страница 363: ...the power source is working properly Table 129 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyXEL device from the LAN If the ETHN light on the front panel is off...

Страница 364: ...roubleshooting Telnet PROBLEM CORRECTIVE ACTION I cannot access the ZyXEL device through Telnet Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet con...

Страница 365: ...ilt in Switch Four auto negotiating auto MDI MDI X 10 100 Mbps RJ 45 Ethernet ports Wireless LAN Interface One IEEE 802 11g standard based 54Mbp Access Point embedded Detachable Antennas 2 dipole Dive...

Страница 366: ...tion type BPSK QPSK CCK OFDM RF Output Power 15dBm 54 Mbps OFDM typical 18 dBm 11Mbps CCK QPSK BPSK typical Security WPA 2 WPA 2 PSK IEEE 802 1x security MD 5 TLS TTLS PEAP RAW Ethernet Packet Filter...

Страница 367: ...empts for five minutes after the third time an incorrect password is entered Table 135 Brute Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brut...

Страница 368: ...ZyXEL G 2000 Plus v2 User s Guide 368...

Страница 369: ...of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components...

Страница 370: ...f you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the N...

Страница 371: ...and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your info...

Страница 372: ...TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyXEL device and restart your computer when prompted Verifying Settings 1 Click Start...

Страница 373: ...73 Figure 211 Windows XP Start Menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 212 Windows XP Control Panel 3 Right click Local Area Co...

Страница 374: ...s 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties Figure 214 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens t...

Страница 375: ...click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional def...

Страница 376: ...XP Internet Protocol TCP IP Properties 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connection Properties window 10Turn on your ZyXEL device an...

Страница 377: ...s Guide 377 Figure 217 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 218 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server...

Страница 378: ...o save changes to your configuration 7 Turn on your ZyXEL device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X...

Страница 379: ...select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyXEL device in the Router address box 5 Click Apply Now and close...

Страница 380: ...ZyXEL G 2000 Plus v2 User s Guide 380...

Страница 381: ...omputer on the LAN Figure 221 IP Address Conflicts CaseA You must set the ZyXEL device to use different LAN and WAN IP addresses on different subnets if you enable DHCP server on the ZyXEL device For...

Страница 382: ...rent subnets if you enable DHCP server on the ZyXEL device For example you set the WAN IP address to 192 59 1 1 and the LAN IP address to 10 59 1 1 Otherwise It is recommended the ZyXEL device use a p...

Страница 383: ...Guide 383 In this case the subscribers are not able to access the Internet Figure 224 IP Address Conflicts Case D This problem can be solved by adding a VLAN enabled switch or set the computers to obt...

Страница 384: ...ZyXEL G 2000 Plus v2 User s Guide 384...

Страница 385: ...irst two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octets make u...

Страница 386: ...Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Subnetting With subnetting the class arrangement of an...

Страница 387: ...k of 255 255 255 0 The first three octets of the address make up the network number class C You want to have two separate networks Note Divide the network 192 168 1 0 into two separate subnets by conv...

Страница 388: ...broadcast address for the first subnet Therefore the lowest IP address that can be assigned to an actual host for the first subnet is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID...

Страница 389: ...ress Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highest Host...

Страница 390: ...11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 147 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS L...

Страница 391: ...following table is a summary for class B subnet planning Table 149 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0...

Страница 392: ...ZyXEL G 2000 Plus v2 User s Guide 392...

Страница 393: ...sibly render it unusable Command Syntax The command keywords are in courier new font Enter the command keywords exactly as shown do not abbreviate The required fields in a command are enclosed in angl...

Страница 394: ...ZyXEL G 2000 Plus v2 User s Guide 394...

Страница 395: ...xpired A DHCP client s IP address has expired DHCP server assigns s The DHCP server assigned an IP address to a client SMT Login Successfully Someone has logged on to the router s SMT interface SMT Lo...

Страница 396: ...e Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragme...

Страница 397: ...log Use the sys logs category display command to show the log settings for all of the log categories Use the sys logs display log category command to show the logs in an individual ZyXEL device log ca...

Страница 398: ...2 22 255 255 137 ACCESS BLOCK Firewall default policy UDP set 8 1 11 11 2002 15 10 12 172 21 4 17 138 172 21 255 255 138 ACCESS BLOCK Firewall default policy UDP set 8 2 11 11 2002 15 10 11 172 17 2 1...

Страница 399: ...rs like doctors and nurses access to a complete patient s profile on a handheld or notebook computer upon entering a patient s room It allows flexible workgroups a lower total cost of ownership for wo...

Страница 400: ...eless station and a wired network client go through one access point AP Intra BSS traffic is traffic between wireless stations in the BSS When Intra BSS is enabled wireless station A and B can access...

Страница 401: ...ch containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS An ESSID ESS IDentification uniquely ide...

Страница 402: ...same access point but are not within range of each other The following figure illustrates a hidden node Both stations STA are within range of the access point AP or wireless gateway but out of range o...

Страница 403: ...It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS R...

Страница 404: ...a first important step in the evolutionary development of wireless networking technologies The standard was developed to maximize interoperability between differing brands of wireless LANs as well as...

Страница 405: ...of IEEE 802 11 to support extended authentication as well as providing additional accounting and control features It is supported by Windows XP and a number of network devices Some advantages of IEEE...

Страница 406: ...server Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication Access Request Sent by an access point requ...

Страница 407: ...ible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication Finally MD5 authentication method does not support data encryption with dynamic session...

Страница 408: ...e Wireless screen You may still configure and store keys here but they will not be used while Dynamic WEP is enabled Note EAP MD5 cannot be used with Dynamic WEP Key Exchange For added security certif...

Страница 409: ...est to the AP which will then reply with a challenge text message The wireless station must then use the AP s default WEP key to encrypt the challenge text and return it to the AP which attempts to de...

Страница 410: ...Advanced Encryption Standard AES in the Counter mode with Cipher block chaining Message authentication code Protocol CCMP to offer stronger encryption than TKIP TKIP uses 128 bit keys that are dynamic...

Страница 411: ...features are optional and may not be supported in all wireless devices Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP The wireless cli...

Страница 412: ...es network access accordingly 3 The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the pair wise key to dynamically gen...

Страница 413: ...MAC address filters are not dependent on how you configure these security features Table 157 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL ENCRYPTION METHOD ENTER...

Страница 414: ...d to periodically verify the identity of the peer station or other AP using a three way handshake The following figure depicts a typical wireless network with a ZyXEL device RADIUS server for user aut...

Страница 415: ...ZyXEL G 2000 Plus v2 User s Guide 415 Figure 232 Sequences for PEAP MS CHAP V2 Authentication...

Страница 416: ...ZyXEL G 2000 Plus v2 User s Guide 416...

Страница 417: ...t data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certifications are needed by both the server...

Страница 418: ...02 1x For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deployment a...

Страница 419: ...esponsible for choosing the most appropriate access point depending on the signal strength network utilization or other factors The roaming feature on the access points allows the access points to rel...

Страница 420: ...e authentication Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas 1 All the access points must be on the same subnet an...

Страница 421: ...is a diagram that allows you to visualize the shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna...

Страница 422: ...ennas are ideal for hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to poi...

Страница 423: ...ckets between two Ethernet devices Some companies have more than one alternate route to one or more ISPs If the LAN and ISP s are in the same subnet the triangle route problem may occur The steps belo...

Страница 424: ...XEL device being the gateway for each logical network By putting your LAN and Gateway B in different subnets all returning network traffic must pass through the ZyXEL device to your LAN The following...

Страница 425: ...ond solution to the triangle route problem is to put all of your network gateways on the WAN side as the following figure shows This ensures that all incoming network traffic passes through your ZyXEL...

Страница 426: ...ZyXEL G 2000 Plus v2 User s Guide 426...

Страница 427: ...n Standard 410 Airflow 6 Allocated Budget 267 Alternative Subnet Mask Notation 387 American Wire Gauge 6 Antenna Directional 422 Omni directional 422 Antenna gain 421 AP 81 AP See also access point Ap...

Страница 428: ...E 361 Precedence 359 Precedence Example 359 Certificate Authority 407 417 Certifications 5 channel 81 Channel ID 85 Charge 7 Circuit 4 Class B 4 Collision 324 Command Interpreter 347 Communications 4...

Страница 429: ...ective 7 Denial of Service 134 135 311 Denmark Contact Information 8 Destination Address 147 DHCP 68 73 74 76 225 226 326 Diagnostic 332 Diagnostic Tools 323 Direct Sequence Spread Spectrum 404 Discla...

Страница 430: ...Part 15 4 FCC Rules 4 Federal Communications Commission 4 FHSS 404 Filename Conventions 335 Filter 247 271 Applying 309 Example 306 Generic Filter Rule 304 Generic Rule 305 NAT 309 Remote Node 310 St...

Страница 431: ...File Transfer 342 FTP Restrictions 167 FTP Server 288 Functionally Equivalent 7 G Gas Pipes 6 Gateway 274 Gateway IP Addr 270 Gateway IP Address 258 General Setup 51 67 241 Germany Contact Information...

Страница 432: ...access 247 257 Internet Access Setup 258 277 Internet Control Message Protocol ICMP 138 Internet Security Gateway 37 Introduction to Filters 295 IP Address 74 77 118 119 121 250 258 270 274 326 333 I...

Страница 433: ...ess Filtering 254 MAC Filter 97 MAC Filtering 40 Main Menu 238 Management Information Base MIB 173 314 Many to Many No Overload 116 Many to Many Overload 116 Many to One 116 Materials 7 Merchantabilit...

Страница 434: ...Norway Contact Information 8 O One to One 116 Opening 6 Operating Condition 7 Out dated Warranty 7 Outlet 4 Outside 114 P Packet Filtering 143 Packet Filtering Firewalls 133 Packets 324 Pairwise Mast...

Страница 435: ...o Communications 4 Radio Frequency Energy 4 Radio Interference 4 Radio Reception 4 Radio Technician 4 RADIUS 40 406 Shared Secret Key 407 RADIUS Message Types 406 RADIUS Messages 406 RADIUS server 83...

Страница 436: ...s 7 Returns 7 RF signals 404 Rights 3 Rights Legal 7 RIP 74 270 Version 270 Risk 6 Risks 6 RMA 7 Roaming 99 419 Example 420 Requirements 420 Route 265 RTS Threshold 402 Rules 145 148 Checklist 146 Cre...

Страница 437: ...Trap 314 Traps 315 Trusted Host 315 Source Address 147 154 Spain Contact Information 9 SSID 81 82 hide 82 SSID security 82 weaknesses 82 SSL Passthrough 40 Stateful Inspection 40 133 134 140 Process 1...

Страница 438: ...Cord 6 Telephone 8 Television Interference 4 Television Reception 4 Telnet 356 Telnet Configuration 356 357 Telnet Under NAT 357 Temporal Key Integrity Protocol TKIP 410 TFTP Restrictions 357 TFTP Fil...

Страница 439: ...se 83 RADIUS server 83 weaknesses 83 User Name 69 244 User Profiles 275 User Specified IP Addr 244 V Valid CI Commands 348 Value 7 Vendor 6 Ventilation Slots 6 Viewing Certifications 5 Voltage Supply...

Страница 440: ...address filter 82 security 81 SSID 81 user authentication 82 wireless security 81 Wizard Setup 51 52 WLAN 399 Security parameters 413 Workmanship 7 Worldwide Contact Information 8 WPA 38 410 WPA2 38...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды