ZyXEL Communications P-2612HW-F1 - Скачать руководство пользователя | Manualshive

Страница: 516 / 547

background image

Appendix D Wireless LANs

P-2612HW Series User’s Guide

516

Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key
expires when the wireless connection times out, disconnects or reauthentication
times out. A new WEP key is generated each time reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default encryption key
in the wireless security configuration screen. You may still configure and store
keys, but they will not be used while dynamic WEP is enabled.

Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange

For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and
PEAP) use dynamic keys for data encryption. They are often deployed in corporate
environments, but for public deployment, a simple user name and password pair
is more practical. The following table is a comparison of the features of
authentication types.

WPA and WPA2

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2
(IEEE 802.11i) is a wireless security standard that defines stronger encryption,
authentication and key management than WPA.

Key differences between WPA or WPA2 and WEP are improved data encryption and
user authentication.

If both an AP and the wireless clients support WPA2 and you have an external
RADIUS server, use WPA2 for stronger data encryption. If you don't have an
external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that
only requires a single (identical) password entered into each access point, wireless
gateway and wireless client. As long as the passwords match, a wireless client will
be granted access to a WLAN.

Table 183

Comparison of EAP Authentication Types

EAP-MD5

EAP-TLS

EAP-TTLS

PEAP

LEAP

Mutual Authentication

No

Yes

Yes

Yes

Yes

Certificate – Client

No

Yes

Optional

Optional

No

Certificate – Server

No

Yes

Yes

Yes

No

Dynamic Key Exchange

No

Yes

Yes

Yes

Yes

Credential Integrity

None

Strong

Strong

Strong

Moderate

Deployment Difficulty

Easy

Hard

Moderate

Moderate

Moderate

Client Identity
Protection

No

No

Yes

Yes

No

«
...
514
515
516
517
518
...
»

Содержание P-2612HW-F1 -

Страница 1: ...Wireless ADSL VoIP IAD Copyright 2009 ZyXEL Communications Corporation Firmware Version 3 70 Edition 2 5 2009 Default Login Details IP Address http 192 168 1 1 User Login User Name user Password user...

Страница 2: ......

Страница 3: ...support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications User Guide Feedback Help us help you Send all User Guide related comments...

Страница 4: ...This User s Guide P 2612HW Series User s Guide 4 Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to sol...

Страница 5: ...font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press t...

Страница 6: ...ide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook computer...

Страница 7: ...e for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord D...

Страница 8: ...Safety Warnings P 2612HW Series User s Guide 8...

Страница 9: ...ork Address Translation NAT 169 Voice 185 Phone Usage 221 Firewall 229 Content Filtering 251 VPN 257 Certificates 291 Static Route 321 802 1Q 1P 325 Quality of Service QoS 337 Dynamic DNS Setup 353 Re...

Страница 10: ...Contents Overview P 2612HW Series User s Guide 10...

Страница 11: ...27 1 2 Ways to Manage the ZyXEL Device 27 1 3 Good Habits for Managing the ZyXEL Device 28 1 4 LEDs Lights 28 1 5 The RESET Button 29 1 6 The WLAN Button 30 Chapter 2 Introducing the Web Configurator...

Страница 12: ...d Scenario 66 4 3 2 Configuring the WAN Connection with a Static IP Address 67 4 3 3 Public IP Address Mapping 70 4 3 4 Forwarding Traffic from the WAN to a Local Computer 74 4 3 5 Allow WAN to LAN Tr...

Страница 13: ...c Redirect 119 Chapter 7 LAN Setup 121 7 1 Overview 121 7 1 1 What You Can Do in the LAN Screens 121 7 1 2 What You Need To Know About LAN 122 7 1 3 Before You Begin 122 7 2 The LAN IP Screen 122 7 2...

Страница 14: ...8 9 4 Wireless Distribution System WDS 160 8 9 5 WiFi Protected Setup 161 Chapter 9 Network Address Translation NAT 169 9 1 Overview 169 9 1 1 What You Can Do in the NAT Screens 169 9 1 2 What You Ne...

Страница 15: ...13 2 SIP 206 10 13 3 Quality of Service QoS 215 10 13 4 Phone Services Overview 216 Chapter 11 Phone Usage 221 11 1 Overview 221 11 2 Dialing a Telephone Number 221 11 3 Using Speed Dial to Dial a Te...

Страница 16: ...ring 251 13 1 3 Before You Begin 251 13 1 4 Content Filtering Example 252 13 2 The Keyword Screen 254 13 3 The Schedule Screen 255 13 4 The Trusted Screen 256 Chapter 14 VPN 257 14 1 Overview 257 14 1...

Страница 17: ...rtificate Create 301 15 5 Trusted CAs 304 15 6 Trusted CA Import 306 15 7 Trusted CA Details 307 15 8 Trusted Remote Hosts 311 15 9 Trusted Remote Host Certificate Details 312 15 10 Trusted Remote Hos...

Страница 18: ...c DNS Setup 353 19 1 Overview 353 19 1 1 What You Can Do in the DDNS Screen 353 19 1 2 What You Need To Know About DDNS 353 19 2 Configuring Dynamic DNS 354 Chapter 20 Remote Management Configuration...

Страница 19: ...o Know About Logs 391 23 2 The View Log Screen 391 23 3 The Log Settings Screen 392 23 4 SMTP Error Messages 395 23 4 1 Example E mail Log 395 23 5 Log Descriptions 396 Chapter 24 Call History 407 24...

Страница 20: ...FTP File Upload Command from the DOS Prompt Example 430 25 7 2 FTP Session Example of Firmware File Upload 431 25 7 3 TFTP File Upload 431 25 7 4 TFTP Upload Command Example 432 Chapter 26 Diagnostic...

Страница 21: ...Table of Contents P 2612HW Series User s Guide 21 Appendix C IP Addresses and Subnetting 495 Appendix D Wireless LANs 507 Appendix E Common Services 531 Appendix F Legal Information 535 Index 537...

Страница 22: ...Table of Contents P 2612HW Series User s Guide 22...

Страница 23: ...23 PART I Introduction Introducing the ZyXEL Device 25 Introducing the Web Configurator 31 Wizards 39 Tutorial 57...

Страница 24: ...24...

Страница 25: ...embedded mini PCI module for IEEE 802 11g wireless LAN connectivity All wireless features documented in this user s guide refer to the W models only Only use firmware for your ZyXEL Device s specific...

Страница 26: ...ely browse the Internet and download files Use content filtering to block access to specific web sites with URLs containing keywords that you specify You can define time periods and days during which...

Страница 27: ...ur calls to either VoIP or PSTN phones 1 2 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device Web Configurator This is recommended for everyday management of t...

Страница 28: ...ttings If you backed up an earlier configuration file you would not have to totally re configure the ZyXEL Device You could simply restore your last configuration 1 4 LEDs Lights The following graphic...

Страница 29: ...s up Blinking The ZyXEL Device is sending or receiving IP traffic Red On The ZyXEL Device attempted to make an IP connection but failed Possible causes are no response from a DHCP server no PPPoE resp...

Страница 30: ...he POWER LED begins to blink and then release it When the POWER LED begins to blink the defaults have been restored and the device restarts 1 6 The WLAN Button Use the WLAN button on the top of the de...

Страница 31: ...se the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java perm...

Страница 32: ...e password and click Login Click Cancel to revert to the default password in the password field If you have changed the password enter your password and click Login Figure 4 Password Screen Note For s...

Страница 33: ...igurator Main Screen Figure 5 Main Screen As illustrated above the main screen is divided into these parts A title bar B navigation panel C main window D status bar 2 2 1 Title Bar The title bar allow...

Страница 34: ...s screen to configure LAN TCP IP settings DHCP settings enable Any IP and configure other advanced properties Client List Use this screen to view current DHCP client information and to always assign s...

Страница 35: ...and call service mode Phone Book Speed Dial Use this screen to configure speed dial for SIP phone numbers that you call often Incoming Call Policy Use this screen to configure call forwarding SIP Pre...

Страница 36: ...esses of directory servers that contain lists of valid and revoked certificates Advanced Static Route Static Route Use this screen to configure IP static routes to tell your device about networks beyo...

Страница 37: ...eral Use this screen to configure your device s name domain name management inactivity timeout and password Time Setting Use this screen to change your ZyXEL Device s time and date Logs View Log Use t...

Страница 38: ...nformation and configuration fields It is discussed in the rest of this document Right after you log in the Status screen is displayed See Chapter 5 on page 89 for more information about the Status sc...

Страница 39: ...n these fields 3 2 Internet Access Wizard Setup 1 Click the wizard icon in the top right corner of the web configurator to go to the wizards The Internet access wizard is not available when you set th...

Страница 40: ...Internet setup information as provided to you by your ISP See Section 3 2 1 on page 42 for more details If you would like to skip your Internet setup and configure the wireless LAN settings leave Yes...

Страница 41: ...1 3c The following screen appears if the ZyXEL device detects a connection but not the connection type Click Next and refer to Section 3 2 1 on page 42 on how to manually configure the ZyXEL Device fo...

Страница 42: ...to detect your DSL connection type but the physical line is connected enter your Internet access information in the wizard screen exactly as your service provider gave it to you Leave the defaults in...

Страница 43: ...you select Bridge in the Mode field the ZyXEL Device uses RFC 1483 If you select Routing in the Mode field select DHCP ENET ENCAP or PPPoE Multiplexing Select the multiplexing method used by your ISP...

Страница 44: ...le describes the fields in this screen Table 5 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned If assigned a name in the form user domain wh...

Страница 45: ...namic IP address Static IP Address Select Static IP Address if your ISP gave you an IP address to use IP Address Enter your ISP assigned IP address Subnet Mask Enter a subnet mask in dotted decimal no...

Страница 46: ...the Internet Wireless Setup Wizard to verify your Internet access settings Figure 14 Connection Test Failed 2 3 3 Wireless Connection Wizard Setup See the back panel for the ZyXEL Device s unique wir...

Страница 47: ...activate the wireless LAN Click Next to continue Figure 16 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen Table 7 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Ac...

Страница 48: ...e ZyXEL Device make sure all wireless stations use the same SSID in order to access the network Channel Selection The range of radio frequencies used by IEEE 802 11b g wireless devices is called a cha...

Страница 49: ...s the labels in this screen Table 9 Manually Assign a WPA key LABEL DESCRIPTION Pre Shared Key Type from 8 to 63 case sensitive ASCII characters You can set up the most secure wireless connection by c...

Страница 50: ...Wireless LAN Setup 3 Table 10 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data Both the ZyXEL Device and the wireless stations must use the same WEP key for data...

Страница 51: ...Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features If you cannot access the Internet open the web configurator again to confirm that the Inte...

Страница 52: ...use up to 127 printable ASCII characters SIP Server Address Enter the IP address or domain name of the SIP server provided by your VoIP service provider You can use up to 95 printable ASCII characters...

Страница 53: ...the user name for registering this SIP account exactly as it was given to you You can use up to 95 printable ASCII Extended set characters Check here to set up SIP settings Select this if you want to...

Страница 54: ...table describes the labels in this screen Table 12 VoIP Setup Wizard Registration Complete Success LABEL DESCRIPTION Return to Wizard Main Page Click this to open the main wizard screen See Section 3...

Страница 55: ...this if you want the ZyXEL Device to try to register your SIP account s again Exit Click this to close this screen and return to the main screen The ZyXEL Device saves the information you provided Ta...

Страница 56: ...Chapter 3 Wizards P 2612HW Series User s Guide 56...

Страница 57: ...ient for wireless communication using the following parameters The wireless clients can access the Internet through the ZyXEL Device wirelessly 4 2 1 Example Parameters An access point AP or wireless...

Страница 58: ...P 1 Open the Network Wireless LAN AP screen in the AP s web configurator Figure 25 AP Wireless LAN AP 2 Make sure Active Wireless LAN is selected 3 Enter SSID_Example3 as the SSID and select a channel...

Страница 59: ...n and select Mixed in the 802 11 Mode field Click Apply Figure 26 AP Wireless LAN AP Advanced Setup 6 Open the Status screen Verify your wireless and wireless security settings under Device Informatio...

Страница 60: ...othing and leave the wireless client to automatically scan for and connect to any available network that has no wireless security configured Manually connect to a network Configure a profile to have t...

Страница 61: ...ss network available within range Make sure the AP or peer computer is turned on or move the wireless client closer to the AP or peer computer 3 When you try to connect to an AP with security configur...

Страница 62: ...heck the network information in the Link Info screen to verify that you have successfully connected to the selected network If the wireless client is not connected to a network the fields in this scre...

Страница 63: ...ey is ThisismyWPA PSKpre sharedkey You have chosen the profile name PN_Example3 1 Open the ZyXEL utility and click the Profile tab to open the screen shown next Click Add to configure a new profile Fi...

Страница 64: ...K Figure 35 ZyXEL Utility Profile Security 5 This screen varies depending on the encryption method you selected in the previous screen Enter the pre shared key and leave the encryption type at the def...

Страница 65: ...the ZyXEL utility returns to the Link Info screen while it connects to the AP using your settings When the wireless link is established the ZyXEL utility icon in the system tray turns green and the L...

Страница 66: ...3 respectively for traffic in both directions Map the first public address 1 2 3 4 to outgoing traffic from other local computers Map the first public address 1 2 3 4 to incoming traffic from the WAN...

Страница 67: ...WAN Connection with a Static IP Address The following table shows the information your ISP gave you for Internet connection Follow the steps below to configure your ZyXEL Device for Internet access us...

Страница 68: ...t box 4 Enter the information such as the user name password and VPI VCI value provided by your ISP If your ISP didn t give you the service name leave the field blank 5 In the IP Address section selec...

Страница 69: ...Chapter 4 Tutorial P 2612HW Series User s Guide 69 7 Click Apply to save your changes Figure 42 Tutorial Example WAN Screen...

Страница 70: ...s The ZyXEL Device forwards traffic that is initiated from either the LAN or the WAN to the destination IP address Note The many to one or many to many NAT address mapping rules are for outgoing conne...

Страница 71: ...specify You should put any one to one rules before a many to one rule 1 Click Network NAT General 2 Enable NAT and select Full Feature as you have multiple public IP addresses to map to private IP add...

Страница 72: ...g Rule screen Figure 46 Tutorial Example NAT Address Mapping 5 Map a public IP address to the web server Select the One to One type and enter 192 168 1 12 as the local start IP address and 1 2 3 5 as...

Страница 73: ...ress Click Apply Figure 48 Tutorial Example NAT Address Mapping Edit One to One 2 8 Click the third rule s Edit icon 9 Map a public IP address to other outgoing LAN traffic Select the Many to One type...

Страница 74: ...rwarding Traffic from the WAN to a Local Computer A server NAT address mapping rule allows computers behind the NAT be accessible to the outside world To have the ZyXEL Device forward incoming traffic...

Страница 75: ...ress Click Add to add the rule to the table 5 Click Apply to go back to the Edit Address Mapping Rule screen Click Apply again Figure 53 Tutorial Example NAT Port Forwarding 4 3 5 Allow WAN to LAN Tra...

Страница 76: ...ample Allow WAN to LAN Traffic 1 Click Security Firewall 2 Make sure the firewall is enabled and traffic from the WAN to the LAN is dropped Figure 55 Tutorial Example Firewall General 3 Go to the Rule...

Страница 77: ...56 Tutorial Example Firewall Rules WAN to LAN 5 Configure a firewall rule to allow traffic from the WAN to the web server Select Any in the Destination Address List box and click Delete Select Single...

Страница 78: ...User s Guide 78 6 Select Any All in the Available Services box on the left and click Add to add it to the Selected Services box on the right Click Apply Figure 58 Tutorial Example Firewall Rule WAN t...

Страница 79: ...ewall rule to allow traffic from the WAN to the mail server Select Any in the Destination Address List box and click Delete Select Single Address as the destination address type Enter 192 168 1 13 and...

Страница 80: ...User s Guide 80 8 Select Any All in the Available Services box on the left and click Add to add it to the Selected Services box on the right Click Apply Figure 60 Tutorial Example Firewall Rule WAN t...

Страница 81: ...wall rule to allow FTP traffic from the WAN to the FTP server Select Any in the Destination Address List box and click Delete Select Single Address as the destination address type Enter 192 168 1 39 a...

Страница 82: ...able Services box on the left and click Add to add it to the Selected Services box on the right Click Apply Figure 62 Tutorial Example Firewall Rule WAN to LAN Service Edit for FTP Server 11 When you...

Страница 83: ...ssing the FTP server 1 2 3 4 from the outside network to send or retrieve a file If you cannot access the FTP server make sure the NAT port forwarding rule is active and there is a firewall rule to al...

Страница 84: ...n page 75 for more information 4 5 How to Make a VoIP Call You can register a SIP account with the SIP server and make voice calls over the Internet to another VoIP device 4 5 1 VoIP Calls With a Regi...

Страница 85: ...1 2 Analog Phone Configuration 1 Click VoIP Phone to open the Analog Phone screen 2 Select Phone1 to configure the first phone port 3 Select SIP1 from the SIP Account drop down list box in the Outgoin...

Страница 86: ...Figure 66 Tutorial Example Analog Phone 4 5 1 3 Making a VoIP Call 1 Make sure you connect a telephone to the first phone port on the ZyXEL Device 2 Make sure the ZyXEL Device is on and connected to t...

Страница 87: ...N 137 Network Address Translation NAT 169 Voice 185 Phone Usage 221 Firewall 229 Content Filtering 251 VPN 257 Certificates 291 Static Route 321 802 1Q 1P 325 Quality of Service QoS 337 Dynamic DNS Se...

Страница 88: ...88...

Страница 89: ...nd WLAN and SIP accounts You can also register and unregister SIP accounts The Status screen also provides detailed information from Any IP and DHCP and statistics from VoIP and traffic 5 1 Status Scr...

Страница 90: ...ification You can change this in the Maintenance System General screen s System Name field Model Number This is the model name of your device MAC Address This is the MAC Media Access Control or Ethern...

Страница 91: ...LAN Choices are Server The ZyXEL Device is a DHCP server in the LAN It assigns IP addresses to other computers in the LAN Relay The ZyXEL Device acts as a surrogate DHCP server and relays DHCP request...

Страница 92: ...ce unplug the power for a few seconds Interface Status Interface This column displays each interface the ZyXEL Device has Status This field indicates whether or not the ZyXEL Device is using the inter...

Страница 93: ...have to register SIP accounts with a SIP server to use VoIP If the SIP account is already registered with the SIP server Click Unregister to delete the SIP account s registration in the SIP server Th...

Страница 94: ...o access this screen Use this screen to view the wireless stations that are currently associated to the ZyXEL Device Figure 70 WLAN Status Table 15 Any IP Table LABEL DESCRIPTION This field is a seque...

Страница 95: ...erval s The Poll Interval s field is configurable The screen varies slightly depending on the WAN mode you set using the DSL WAN switch Figure 71 Packet Statistics Table 16 WLAN Status LABEL DESCRIPTI...

Страница 96: ...ing Ethernet encapsulation and Down line is down Up line is up or connected Idle line ppp idle Dial starting to trigger a call and Drop dropping a call if you re using PPPoE encapsulation TxPkts This...

Страница 97: ...evice automatically tries to register the SIP account when you turn on the ZyXEL Device or when you activate it Inactive The SIP account is not active You can activate it in VoIP SIP SIP Settings Last...

Страница 98: ...all through a phone port Peer Number This field displays the SIP number of the party that is currently engaged in a VoIP call through a phone port Duration This field displays how long the current cal...

Страница 99: ...so that a computer in one location can communicate with computers in other locations Figure 73 LAN and WAN 6 1 1 What You Can Do in the WAN Screens Use the Internet Access Setup screen Section 6 2 on...

Страница 100: ...P address for the ZyXEL Device which makes it accessible from an outside network It is used by the ZyXEL Device to communicate with other devices in other networks It can be static fixed or dynamicall...

Страница 101: ...1 6 2 The Internet Access Setup Screen Use this screen to change your ZyXEL Device s WAN settings Click Network WAN Internet Access Setup The screen differs by the WAN mode and encapsulation you selec...

Страница 102: ...he ZyXEL Device Encapsulation Select the method of encapsulation used by your ISP from the drop down list box Choices vary depending on the mode you select in the Mode field If you select Bridge in th...

Страница 103: ...he IP address set to 0 0 0 0 UserDefined changes to None after you click Apply If you set a second choice to User Defined and enter the same IP address the second UserDefined changes to None after you...

Страница 104: ...Protocol allows a router to exchange routing information with other routers Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet Select the RIP dire...

Страница 105: ...o not require closely controlled delay and delay variation Peak Cell Rate Divide the DSL line rate bps by 424 the size of an ATM cell to find the Peak Cell Rate PCR This is the maximum rate at which t...

Страница 106: ...Select the check box to enable it Name This is the name you gave to the Internet connection VPI VCI This field displays the Virtual Path Identifier VPI and Virtual Channel Identifier VCI numbers confi...

Страница 107: ...nnection Figure 77 Network WAN More Connections Edit The following table describes the labels in this screen Table 22 Network WAN More Connections Edit LABEL DESCRIPTION Active Select the check box to...

Страница 108: ...is assigned a specific virtual circuit for example VC1 will carry IP If you select VC specify separate VPI and VCI numbers for each protocol For LLC based multiplexing or PPP encapsulation one VC carr...

Страница 109: ...nnect on Demand The default setting is 0 which means the Internet session will not timeout NAT SUA only is available only when you select Routing in the Mode field Select SUA Only if you have one publ...

Страница 110: ...Both In Only and Out Only RIP Version Select the RIP version from RIP 1 RIP 2B and RIP 2M Multicast IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in...

Страница 111: ...mum Burst Size Maximum Burst Size MBS refers to the maximum number of cells that can be sent at the peak rate Type the MBS which is less than 65535 MTU The Maximum Transmission Unit MTU defines the si...

Страница 112: ...L Device periodically ping the IP addresses configured in the Check WAN IP Address fields Check WAN IP Address1 3 Configure this field to test your ZyXEL Device s WAN accessibility Type the IP address...

Страница 113: ...is field if your network is busy or congested Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet Active Traffic Redirect Select...

Страница 114: ...work services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE saves significant effort fo...

Страница 115: ...advantageous if it is not practical to have a separate VC for each carried protocol for example if charging heavily depends on the number of simultaneous VCs 6 5 3 VPI and VCI Be sure to use the corr...

Страница 116: ...be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connection and the cost is of no concern 6 5 6...

Страница 117: ...t is dependent on the line speed Sustained Cell Rate SCR is the mean cell rate of each bursty traffic source It specifies the maximum average rate at which cells can be sent over the virtual connectio...

Страница 118: ...that require closely controlled delay and delay variation It also provides a fixed amount of bandwidth a PCR is specified but is only available when data is being sent An example of an VBR RT connect...

Страница 119: ...gateway is connected to the LAN Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network Put the protected LAN in one subne...

Страница 120: ...Chapter 6 WAN Setup P 2612HW Series User s Guide 120...

Страница 121: ...endix C on page 495 for more information on IP addresses and subnetting 7 1 1 What You Can Do in the LAN Screens Use the LAN IP screen Section 7 2 on page 122 to set the LAN IP address and subnet mask...

Страница 122: ...configuration at start up from a server This ZyXEL Device has a built in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability DNS DNS Domain...

Страница 123: ...actory default Your ZyXEL Device automatically computes the subnet mask based on the IP address you enter so do not change this field unless you are instructed to do so DHCP Setup DHCP If set to Serve...

Страница 124: ...e same IP address the second User Defined changes to None after you click Apply Select DNS Relay to have the ZyXEL Device act as a DNS proxy only when the ISP uses IPCP DNS server extensions The ZyXEL...

Страница 125: ...n wide use 7 2 2 Configuring the Advanced LAN Setup Screen Use this screen to edit your ZyXEL Device s RIP multicast Any IP and Windows Networking settings Click the Advanced Setup button in the LAN I...

Страница 126: ...t through the ZyXEL Device Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP packets that enable a computer to connect to and communicate with a LAN For s...

Страница 127: ...splays the IP address relative to the field listed above MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal no...

Страница 128: ...h IP alias you can also configure firewall rules to control access between the LAN s logical networks subnets The following figure shows a LAN divided into subnets A B and C Figure 86 Physical Network...

Страница 129: ...When set to Both or Out Only the ZyXEL Device will broadcast its routing table periodically When set to Both or In Only it will incorporate the RIP information that it receives when set to None it wil...

Страница 130: ...ion for the clients If you turn DHCP service off you must have another DHCP server on your LAN or else the computer must be manually configured IP Pool The ZyXEL Device is pre configured with a pool o...

Страница 131: ...n the DHCP Setup screen 7 5 4 TCP IP The ZyXEL Device has built in DHCP server capability that assigns IP addresses and DNS servers to systems on the LAN that support DHCP client capability IP Address...

Страница 132: ...You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can prov...

Страница 133: ...e to read more detailed information about interoperability between IGMP version 2 and version 1 please see sections 4 and 5 of RFC 2236 The class D IP address is used to identify host groups and can b...

Страница 134: ...ential house where a ZyXEL Device is installed you can still use the computer to access the Internet without changing the network settings even when the IP addresses of the computer and the ZyXEL Devi...

Страница 135: ...way an ARP request is broadcast on the LAN 3 The ZyXEL Device receives the ARP request and replies to the computer with its own MAC address 4 The computer updates the MAC address for the default gatew...

Страница 136: ...Chapter 7 LAN Setup P 2612HW Series User s Guide 136...

Страница 137: ...AP to access other devices such as the printer or the Internet Your ZyXEL Device works as an AP when you install a compatible WLAN card Figure 90 Example of a Wireless Network 8 1 1 What You Can Do i...

Страница 138: ...rmation about the ZyXEL Device s WPS status Use the WPS Station see Section 8 6 on page 153 screen to set up WPS by pressing a button or using a PIN Use the WDS screen see Section 8 7 on page 154 to s...

Страница 139: ...ork It can also protect the information that is sent in the wireless network Use the strongest security that every wireless client in the wireless network supports Note WPA2 or WPA2 PSK security is re...

Страница 140: ...o the other wireless devices support WPA PSK for example What is the best one to use Do the other wireless devices support WPS Wi Fi Protected Setup If so you can set up a well secured network very ea...

Страница 141: ...u must then change the wireless settings of your computer to match the ZyXEL Device s new settings Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obt...

Страница 142: ...less security on your ZyXEL Device your network is accessible to any wireless networking device that is within range Figure 92 Network Wireless LAN AP No Security Cancel Click Cancel to reload the pre...

Страница 143: ...Network Wireless LAN AP Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop down list box Passphrase Enter a passphrase up to 32 printable characters and clicking Gen...

Страница 144: ...Network Wireless LAN AP WPA 2 PSK LABEL DESCRIPTION Security Mode Choose WPA PSK or WPA2 PSK from the drop down list box WPA Compatible This field is only available for WPA2 PSK Select this if you wa...

Страница 145: ...fter a period of inactivity The wireless station needs to enter the username and password again before access to the wired network is allowed The default time interval is 3600 seconds or 1 hour Group...

Страница 146: ...ect WPA or WPA2 from the Security Mode list Figure 95 Network Wireless LAN AP WPA 2 The following table describes the wireless LAN security labels in this screen Table 33 Network Wireless LAN AP WPA 2...

Страница 147: ...mode The ZyXEL Device default is 1800 seconds 30 minutes Authentication Server IP Address Enter the IP address of the external authentication server in dotted decimal notation Port Number Enter the po...

Страница 148: ...in the area decrease the output power of the ZyXEL Device to reduce interference with other APs See the product specifications for more information on your ZyXEL Device s output power Preamble Select...

Страница 149: ...rofile is the set of parameters relating to one of the ZyXEL Device s BSSs The SSID Service Set IDentifier identifies the Service Set with which a wireless device is associated This field displays the...

Страница 150: ...d you change the ZyXEL Device s SSID or security settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match th...

Страница 151: ...ble 37 Network Wireless LAN MAC Filter LABEL DESCRIPTION Active MAC Filter Select the check box to enable MAC address filtering Filter Action Define the filter action for the list of MAC addresses in...

Страница 152: ...es of the wireless devices that are allowed or denied access to the ZyXEL Device in these address fields Enter the MAC addresses in a valid MAC address format that is six hexadecimal character pairs f...

Страница 153: ...rity settings have been changed The current wireless and wireless security settings also appear in the screen This displays Unconfigured if WPS is disabled and there is no wireless or wireless securit...

Страница 154: ...ocumentation Table 39 Network Wireless LAN WPS Station LABEL DESCRIPTION Push Button Click this button to add another WPS enabled wireless device within wireless range of the ZyXEL Device to your wire...

Страница 155: ...P Select this to use TKIP Temporal Key Integrity Protocol encryption AES Select this to use AES Advanced Encryption Standard encryption This is the index number of the individual WDS link Active Selec...

Страница 156: ...ESCRIPTION Enable Wireless LAN Scheduling Select this to activate wireless LAN scheduling on your ZyXEL Device WLAN status Select On or Off to enable or disable the wireless LAN Day Select the day s y...

Страница 157: ...reless devices are sometimes not aware of each other s presence This may cause them to send information to the AP at the same time and result in information colliding and not getting through By settin...

Страница 158: ...he wireless network Furthermore there are ways for unauthorized wireless devices to get the MAC address of an authorized device Then they can use that MAC address to use the wireless network 8 9 2 3 U...

Страница 159: ...s two devices Device A only supports WEP and device B supports WEP and WPA Therefore you should set up Static WEP in the wireless network Note It is recommended that wireless networks use WPA PSK WPA...

Страница 160: ...ar each other s communications but not communicate with each other MBSSID should not replace but rather be used in conjunction with 802 1x security 8 9 4 Wireless Distribution System WDS The ZyXEL Dev...

Страница 161: ...nfiguration PBC is initiated by pressing a button on each WPS enabled device and allowing them to connect automatically You do not need to enter any information Not every WPS enabled device has a phys...

Страница 162: ...eps to set up a WPS connection between an access point or wireless router referred to here as the AP and a client device using the PIN method 1 Ensure WPS is enabled on both devices 2 Access the WPS s...

Страница 163: ...device acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the...

Страница 164: ...rollee All WPS certified APs can be a registrar and so can some WPS enabled wireless clients By default a WPS devices is unconfigured This means that it is not part of an existing network and can act...

Страница 165: ...Network Step 1 In step 2 you add another wireless client to the network You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you m...

Страница 166: ...ing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devi...

Страница 167: ...e if this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens...

Страница 168: ...Chapter 8 Wireless LAN P 2612HW Series User s Guide 168...

Страница 169: ...Use the Address Mapping screen Section 9 4 on page 176 to change your ZyXEL Device s address mapping settings Use the SIP ALG screen Section 9 4 2 on page 178 to enable and disable the SIP VoIP ALG in...

Страница 170: ...e inside network appear as a single computer to the outside world SUA Single User Account Versus NAT SUA Single User Account is a ZyNOS implementation of a subset of NAT that supports two types of map...

Страница 171: ...r of NAT sessions a single client can establish this can result in all of the available NAT sessions being used In this case no additional NAT sessions can be established and users may not be able to...

Страница 172: ...dix E on page 531 Please refer to RFC 1700 for further information about port numbers Note Many residential broadband ISP accounts do not allow you to run any server processes such as a Web or FTP ser...

Страница 173: ...e 111 Multiple Servers Behind NAT Example 9 3 1 Configuring the Port Forwarding Screen Click Network NAT Port Forwarding to open the following screen See Appendix E on page 531 for port numbers common...

Страница 174: ...dress of the server for the specified service Add Click this button to add a rule to the table below This is the rule index number read only Active This field indicates whether the rule is active or n...

Страница 175: ...is port forwarding rule Start Port Enter a port number in this field To forward only one port enter the port number again in the End Port field To forward a series of ports enter the start port number...

Страница 176: ...5 to 7 will be pushed up by 1 rule so old rules 5 6 and 7 become new rules 4 5 and 6 To change your ZyXEL Device s address mapping settings click Network NAT Address Mapping to open the following scr...

Страница 177: ...to one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported only M M Ov Overload Many to Many Overload...

Страница 178: ...shared global IP addresses Many to Many No Overload Many to Many No Overload mode maps each local IP address to unique global IP addresses Server This type allows you to specify inside servers of dif...

Страница 179: ...cket as the packet traverses a router for example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the...

Страница 180: ...onal benefit of firewall protection With no servers defined your ZyXEL Device filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address...

Страница 181: ...estored The following figure illustrates this Figure 117 How NAT Works 192 168 1 13 192 168 1 10 192 168 1 11 192 168 1 12 SA 192 168 1 10 SA IGA1 Inside Local IP Address 192 168 1 10 192 168 1 11 192...

Страница 182: ...to One mode the ZyXEL Device maps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address translation ZyXEL s Single User Account feature that pre...

Страница 183: ...s Server This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world Port numbers do NOT change for One to One and Many to Many No Overloa...

Страница 184: ...Chapter 9 Network Address Translation NAT P 2612HW Series User s Guide 184...

Страница 185: ...Quality of Service for VoIP calls QoS can give VoIP traffic higher priority on the network so it gets dealt with more quickly Use the Analog Phone screen Section 10 5 on page 194 to control which SIP...

Страница 186: ...another In VoIP these messages are about phone calls over the network For example when you dial a number on your ZyXEL Device it sends a SIP message over the network asking the other device the numbe...

Страница 187: ...order to make or receive a VoIP call you need to enable and configure a SIP account and map it to a phone port The SIP account contains information that allows your ZyXEL Device to connect to your VoI...

Страница 188: ...evice to use this account Clear it if you do not want the ZyXEL Device to use this account Number Enter your SIP number In the full SIP URI this is the part before the symbol You can use up to 127 pri...

Страница 189: ...p to 127 printable ASCII Extended set characters Send Caller ID Select this if you want to send identification when you make VoIP phone calls Clear this if you do not want to send identification Authe...

Страница 190: ...SIP Setup Screen Click VoIP SIP SIP Settings to open the SIP Settings screen Select a SIP account and click Advanced Setup to open the Advanced SIP Setup screen Use this screen to maintain advanced s...

Страница 191: ...ly disconnects the session Min SE Enter the minimum number of seconds the ZyXEL Device lets a SIP session remain idle without traffic before it automatically disconnects the session When two SIP devic...

Страница 192: ...of NAT router and eliminates the need for STUN or a SIP ALG Turn off any SIP ALG on a NAT router in front of the ZyXEL Device to keep it from re translating the IP address since this is already handl...

Страница 193: ...ons The ZyXEL Device creates Type of Service priority tags with this priority to voice traffic that it transmits RTP TOS Priority Setting Enter the priority for RTP voice transmissions The ZyXEL Devic...

Страница 194: ...rt Settings This is the phone port in the ZyXEL Device SIP Account Select the SIP account you want to use when making outgoing calls with the analog phone connected to this phone port Incoming Call ap...

Страница 195: ...the ZyXEL Device generates comfort noise when the other party is not speaking The comfort noise lets you know that the line is still connected as total silence could easily be mistaken for a lost conn...

Страница 196: ...Interval Selection Enter the number of seconds the ZyXEL Device should wait after you stop dialing numbers before it makes the phone call The value depends on how quickly you dial phone numbers If yo...

Страница 197: ...ones When you dial a group number all of the phones with the same group number ring The phone that picks up first gets the line and the other phones stop ringing Click VoIP Phone Ext Table to access t...

Страница 198: ...hone 1 picks up the line first it gets the line and Phone 2 stops ringing Sub Number Enter a sub number for this phone The maximum length of a sub number is two digits When the check box of Enable Gro...

Страница 199: ...e Immediate Dial Select this if you want to use the pound key to tell the ZyXEL Device to make the phone call immediately instead of waiting the number of seconds you selected in the Dialing Interval...

Страница 200: ...going through a VoIP service provider s SIP server Select Non Proxy Use IP or URL in the Type column and enter the callee s IP address or domain name The ZyXEL Device Table 60 VoIP Phone Region LABEL...

Страница 201: ...the speed dial number Name Enter a name to identify the party you call when you dial the speed dial number You can use up to 127 printable ASCII characters Type Select Use Proxy if you want to use one...

Страница 202: ...our SIP accounts Otherwise this field shows the IP address or domain name of the SIP server or other party This field corresponds with the Type field in the Speed Dial section Modify Use this field to...

Страница 203: ...the following table Table 62 Phone Book Incoming Call Policy LABEL DESCRIPTION Table Number Select the call forwarding table you want to see in this screen If you change this field the screen automati...

Страница 204: ...plies Activate Select this to enable this rule Clear this to disable this rule Incoming Call Number Enter the phone number to which this rule applies Forward to Number Enter the phone number to which...

Страница 205: ...field is described in the following table Table 63 Phone Book SIP Prefix LABEL DESCRIPTION SIP Selection by Prefix Select the index number of the rule you want to edit Prefix Enter the prefix number...

Страница 206: ...f voice and multimedia sessions over the Internet SIP signaling is separate from the media for which it handles sessions The media that is exchanged during the session can use a different path from th...

Страница 207: ...hen VoIP provider com is the SIP service domain SIP Registration Each ZyXEL Device is an individual SIP User Agent UA To provide voice service it has a public IP address for SIP and RTP protocols to c...

Страница 208: ...s to the SIP requests When you use SIP to make a VoIP call it originates at a client and terminates at a server A SIP client could be a computer or a SIP phone One device can act as both a SIP client...

Страница 209: ...to the device that sent the request Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server Redirect servers do not i...

Страница 210: ...user name and password when you register RTP When you make a VoIP call using SIP the RTP Real time Transport Protocol is used to handle voice data transfer See RFC 1889 for details on RTP Pulse Code...

Страница 211: ...est and the call is terminated SIP Call Progression Through Proxy Servers Usually the SIP UAC sets up a phone call by sending a request to the SIP proxy server Then the proxy server looks up the desti...

Страница 212: ...ng table shows the SIP call progression 1 User Agent 1 sends a SIP INVITE request to Proxy 1 This message is an invitation to User Agent 2 to participate in a SIP telephone call Proxy 1 sends a respon...

Страница 213: ...upports the following codecs G 711 is a Pulse Code Modulation PCM waveform codec PCM measures analog signal amplitudes at regular time intervals and converts them into digital samples G 711 provides v...

Страница 214: ...and on hold tones Recording Custom Tones Use the following steps if you would like to create new tones or change your tones 1 Pick up the phone and press on your phone s keypad and wait for the messa...

Страница 215: ...to deliver data with minimum delay and the networking methods used to provide bandwidth for real time multimedia applications Type of Service ToS Network traffic can be classified by setting the ToS T...

Страница 216: ...marked for different priorities of forwarding Resources can then be allocated according to the DSCP values and the configured policies VLAN Tagging Virtual Local Area Network VLAN allows a physical ne...

Страница 217: ...supplementary services by using the flash key Europe Type Supplementary Phone Services This section describes how to use supplementary phone services with the Europe Type Call Service Mode Commands fo...

Страница 218: ...irectory number If there is a second call to a telephone number you will hear a call waiting tone Take one of the following actions Reject the second call Press the flash key and then press 0 Disconne...

Страница 219: ...es how to use supplementary phone services with the USA Type Call Service Mode Commands for supplementary services are listed in the table below After pressing the flash key if you do not issue the su...

Страница 220: ...he second party answers it hang up the phone USA Three Way Conference Use the following steps to make three way conference calls 1 When you are on the phone talking to someone party A press the flash...

Страница 221: ...10 10 on page 200 for peer to peer calls or SIP numbers that use letters Dial the speed dial entry on your telephone s keypad Use your VoIP service provider s dialing plan to call regular telephone nu...

Страница 222: ...receiver 11 6 Auto Provisioning and Auto Firmware Upgrade If your service provider uses an auto provisioning server to set up your device you must first enter the HTTP pincode supplied by your service...

Страница 223: ...vider 11 7 1 The Flash Key Flashing means to press the hook for a short period of time a few hundred milliseconds before releasing it On newer telephones there should be a flash key button that genera...

Страница 224: ...This allows you to place a call on hold while you answer another incoming call on the same telephone directory number If there is a second call to a telephone number you will hear a call waiting tone...

Страница 225: ...or the second party answers it hang up the phone 11 7 2 4 European Three Way Conference Use the following steps to make three way conference calls 1 When you are on the phone talking to someone press...

Страница 226: ...ll to your telephone number you will hear a call waiting tone Press the flash key to put the first call on hold and answer the second call 11 7 3 3 USA Call Transfer Do the following to transfer an in...

Страница 227: ...FUNCTION DESCRIPTION 99 HTTP pincode Use this if your service provider gave you a personal identification number to enter in order to start using the service See Section 11 6 on page 222 99 Enable fi...

Страница 228: ...calls See Section 10 11 on page 203 23 No answer forward Forward incoming calls if you do not answer See Section 10 11 on page 203 24 Busy forward Forward calls if you are already making a call See Se...

Страница 229: ...s the default firewall action User A can initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the W...

Страница 230: ...i probing which prevents the ICMP response packet from being sent This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed ICMP Internet Control Message Protocol ICMP...

Страница 231: ...ur new rule becomes number 7 and the previous rule 7 if there is one becomes rule 8 4 Click Add to display the firewall rule configuration screen 5 In the Edit Rule screen click the Edit Customized Se...

Страница 232: ...the destination address screen as follows and click Add Figure 138 Firewall Example Edit Rule Destination Address 9 Use the Add and Remove buttons between Available Services and Selected Services lis...

Страница 233: ...s show up with an before their names in the Services list box and the Rules list box Figure 139 Firewall Example Edit Rule Select Customized Services On completing the configuration procedure for this...

Страница 234: ...from the WAN to IP addresses 10 0 0 10 through 10 0 0 15 on the LAN Figure 140 Firewall Example Rules MyService 12 2 The Firewall General Screen Use this screen to configure the firewall settings Cli...

Страница 235: ...Direction This is the direction of travel of packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they appl...

Страница 236: ...en the amount of space used is over 80 the bar is red Packet Direction Use the drop down list box to select a direction of travel of packets for which you want to configure firewall rules Create a new...

Страница 237: ...eset packet or an ICMP destination unreachable message to the sender Reject or allows the passage of packets Permit Schedule This field tells you whether a schedule is specified Yes or not No Log This...

Страница 238: ...se this screen to configure firewall rules In the Rules screen select an index number and click Add or click a rule s Edit icon to display this screen and refer to the following table for information...

Страница 239: ...can add multiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select it from the box and click Edit Delete Highlight an existing source or destin...

Страница 240: ...check box to have the ZyXEL Device generate an alert when the rule is matched Back Click this to return to the previous screen without saving Apply Click this to save your changes Cancel Click this to...

Страница 241: ...ssions These thresholds apply globally to all sessions Table 76 Security Firewall Rules Edit Edit Customized Services Config LABEL DESCRIPTION Config Service Name Type a unique name for your custom po...

Страница 242: ...could indicate a DOS attack 12 4 1 Threshold Values If everything is working properly you probably do not need to change the threshold settings as the default threshold values should work for most sm...

Страница 243: ...Threshold to bring up the next screen Figure 147 Security Firewall Threshold The following table describes the labels in this screen Table 77 Security Firewall Threshold LABEL DESCRIPTION Denial of Se...

Страница 244: ...High to lower than the current Maximum Incomplete Low number For example if you set the maximum incomplete high to 100 the ZyXEL Device starts deleting half open sessions when the number of existing h...

Страница 245: ...stateful packet inspection allows packets traveling in the following directions LAN to LAN Router These rules specify which computers on the LAN can manage the ZyXEL Device remote management and commu...

Страница 246: ...protocols such as Telnet to authorized users on the LAN These custom rules work by comparing the source IP address destination IP address and IP protocol type of network traffic to rules set by the ad...

Страница 247: ...example if FTP ports TCP 20 21 are allowed from the Internet to the LAN Internet users may be able to connect to computers with running FTP servers 4 Does this rule conflict with any existing rules On...

Страница 248: ...e ZyXEL Device allow triangle route sessions traffic from the WAN can go directly to a LAN computer without passing through the ZyXEL Device and its firewall protection Another solution is to use IP a...

Страница 249: ...EL Device reroutes the packet to Gateway A which is in Subnet 2 3 The reply from the WAN goes to the ZyXEL Device 4 The ZyXEL Device then sends it to the computer on the LAN in Subnet 1 Figure 150 IP...

Страница 250: ...Chapter 12 Firewall P 2612HW Series User s Guide 250...

Страница 251: ...tion 13 4 on page 256 to exclude computers and other devices on your LAN from the keyword blocking filter 13 1 2 What You Need to Know About Content Filtering URL The URL Uniform Resource Locator iden...

Страница 252: ...ocking 3 In the Keyword field type keywords to identify websites to be blocked 4 Click Add Keyword for each keyword to be entered 5 Click Apply Figure 151 Security Content Filter Keyword Example Bob s...

Страница 253: ...cluded from keyword blocking Bob s home network is on the domain 192 168 1 xxx Bob gave his home computer a static IP address of 192 168 1 2 and the study computer a static IP address of 192 168 1 3 T...

Страница 254: ...Filtering Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature Block Websites that contain these keywords in the URL This box contains the list of all the key...

Страница 255: ...Table 78 Security Content Filtering Keyword continued LABEL DESCRIPTION Table 79 Security Content Filter Schedule LABEL DESCRIPTION Schedule Select Block Everyday to make the content filtering active...

Страница 256: ...reviously saved settings Table 79 Security Content Filter Schedule continued LABEL DESCRIPTION Table 80 Security Content Filter Trusted LABEL DESCRIPTION Start IP Address Type the IP address of a comp...

Страница 257: ...communications across a public network like the Internet IPSec is built around a number of standardized cryptographic techniques to provide confidentiality data integrity and authentication at the IP...

Страница 258: ...ple a computer in network A is exchanging data with a computer in network B Inside networks A and B the data is transmitted the same way data is normally transmitted in the networks Between routers X...

Страница 259: ...s are updated with the remote gateway s new WAN IP address Dynamic Secure Gateway Address If the remote secure gateway has a dynamic WAN IP address and does not use DDNS enter 0 0 0 0 as the secure ga...

Страница 260: ...dresses must be static Click Security VPN to open the VPN Setup screen This is a menu of your IPSec rules tunnels The IPSec summary menu is read only Edit a VPN by selecting an index number and then c...

Страница 261: ...displays N A when the Secure Gateway Address field displays 0 0 0 0 In this case only the remote IPSec router can initiate the VPN The same static IP address is displayed twice when the Remote Addres...

Страница 262: ...edit VPN policies Figure 161 Security VPN Setup Edit The following table describes the fields in this screen Table 82 Security VPN Setup Edit LABEL DESCRIPTION IPSec Setup Active Select this check bo...

Страница 263: ...If there is a private DNS server that services the VPN type its IP address here The ZyXEL Device assigns this additional DNS server to the ZyXEL Device s DHCP clients that have IP addresses in this IP...

Страница 264: ...ange for a specific range of IP addresses Select Subnet to specify IP addresses on a network by their subnet mask IP Address Start When the Remote Address Type field is configured to Single enter a st...

Страница 265: ...The following applies if this field is configured as 0 0 0 0 The ZyXEL Device uses the current ZyXEL Device WAN IP address static or dynamic to set up the VPN tunnel Peer ID Type Select IP to identif...

Страница 266: ...k the button to use a pre shared key for authentication and type in your pre shared key A pre shared key identifies a communicating party during a phase 1 IKE negotiation It is called pre shared becau...

Страница 267: ...oughput This implementation of AES uses a 128 bit key AES is faster than 3DES Select NULL to set up a tunnel without encryption When you select NULL you do not enter an encryption key Authentication A...

Страница 268: ...etection As a VPN setup is processing intensive the system is vulnerable to Denial of Service DoS attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay at...

Страница 269: ...3DES or AES from the drop down list box When you use one of these encryption algorithms for data communications both the sending device and the receiving device must use the same secret key which can...

Страница 270: ...henticate packet data The SHA1 algorithm is generally considered stronger than MD5 but is slower Select MD5 for minimal security and SHA 1 for maximum security SA Life Time Seconds Define the length o...

Страница 271: ...protocol This data allows for the multiplexing of SAs to a single gateway The SPI Security Parameter Index along with a destination IP address uniquely identify a particular Security Association SA Th...

Страница 272: ...Setup Manual Key screen as shown next Figure 163 Security VPN Setup Manual Key The following table describes the fields in this screen Table 84 Security VPN Setup Manual Key LABEL DESCRIPTION IPSec S...

Страница 273: ...fy IP addresses on a network by their subnet mask IP Address Start When the Local Address Type field is configured to Single enter a static IP address on the LAN behind your ZyXEL Device When the Loca...

Страница 274: ...ty Protocol IPSec Protocol Select ESP if you want to use ESP Encapsulation Security Payload The ESP protocol RFC 2406 provides encryption as well as some of the services offered by AH If you select ES...

Страница 275: ...t no inbound traffic the SA times out automatically after two minutes A tunnel with no outbound or inbound traffic is idle and does not timeout until the SA lifetime period expires See Section Authent...

Страница 276: ...ABEL DESCRIPTION No This is the security association index number Name This field displays the identification name for this VPN policy Encapsulation This field displays Tunnel or Transport mode IPSec...

Страница 277: ...ble 86 Security VPN Global Setting LABEL DESCRIPTION Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP packets that enable a computer to find other comput...

Страница 278: ...use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provide an authentication mechanism...

Страница 279: ...ontents in this case the entire original packet are encrypted The encrypted contents but not the new headers are signed with a hash value appended to the packet Tunnel mode ESP with authentication is...

Страница 280: ...B checks the UDP port 500 header and IPSec routers A and B build the IKE SA For NAT traversal to work you must Use ESP security protocol in either transport or tunnel mode Use IKE keying mode Enable N...

Страница 281: ...integrity against the data With the use of AH as the security protocol protection is extended forward into the IP header to verify the integrity of the entire packet by use of portions of the original...

Страница 282: ...rithm Choose a Diffie Hellman public key cryptography key group DH1 or DH2 Set the IKE SA lifetime This field allows you to determine how long an IKE SA should stay up before it times out An IKE SA ti...

Страница 283: ...icating parties are negotiating authentication phase 1 However the trade off is that faster speed limits its negotiating power and it also does not provide identity protection It is useful in remote a...

Страница 284: ...cess the computers on the remote network 14 9 9 ID Type and Content With aggressive negotiation mode seeSection 14 9 6 on page 283 the ZyXEL Device identifies incoming SAs by ID type and content since...

Страница 285: ...the IP address of your computer or leave the field blank to have the ZyXEL Device automatically use its own IP address DNS Type a domain name up to 31 characters by which to identify this ZyXEL Devic...

Страница 286: ...session keys 768 bit Group 1 DH1 and 1024 bit Group 2 DH2 Diffie Hellman groups are supported Upon completion of the Diffie Hellman exchange the two peers have a shared secret but the IKE SA is not a...

Страница 287: ...ic WAN IP addresses use Dynamic DNS to do this With aggressive negotiation mode see Section 14 9 6 on page 283 the ZyXEL Device can use the ID types and contents to distinguish between VPN rules Telec...

Страница 288: ...ters by resolving their domain names Figure 172 Telecommuters Using Unique VPN Rules Example Table 94 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules All...

Страница 289: ...68 3 2 Secure Gateway Address telecommuterb com Remote Address 192 168 3 2 Telecommuter C telecommuterc dydns org Headquarters ZyXEL Device Rule 3 Local ID Type E mail Peer ID Type E mail Local ID Con...

Страница 290: ...Chapter 14 VPN P 2612HW Series User s Guide 290...

Страница 291: ...ates of trusted CAs to the ZyXEL Device You can also export the certificates to a computer Use the Trusted Remote Hosts screens see Section 15 8 on page 311 to import self signed certificates from tru...

Страница 292: ...method used to secure the data that you send through an established connection depends on the type of connection For example a VPN tunnel might use the triple DES encryption algorithm The certificati...

Страница 293: ...ed CA or trusted remote host certificate into the ZyXEL Device you should verify that you have the actual certificate This is especially true of trusted CA certificates since the ZyXEL Device also tru...

Страница 294: ...croll down to the Thumbprint Algorithm and Thumbprint fields Figure 174 Certificate Details 4 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algori...

Страница 295: ...yXEL Device has the factory default certificate The factory default certificate is common to all devices of this model ZyXEL recommends that you use this button to replace the factory default certific...

Страница 296: ...con to remove the certificate A window displays asking you to confirm that you want to delete the certificate You cannot delete a certificate that one or more features is configured to use Do the foll...

Страница 297: ...e 175 on page 295 Click the edit icon to open the My Certificate Details screen Use this screen to view in depth certificate information and change the certificate s name If it is a self signed certif...

Страница 298: ...self is the only one in the list The ZyXEL Device does not trust the certificate and displays Not trusted in this field if any certificate on the path has expired or been revoked Refresh Click Refresh...

Страница 299: ...th Constraint 1 means that there can only be one certification authority in the certificate s path MD5 Fingerprint This is the certificate s message digest that the ZyXEL Device calculated using the M...

Страница 300: ...ard that defines the general syntax for data including digital signatures that may be encrypted The ZyXEL Device currently allows the importation of a PKS 7 file that contains a single certificate PEM...

Страница 301: ...abels in this screen 15 4 My Certificate Create Click Security Certificates My Certificates Create to open the My Certificate Create screen Use this screen to have the ZyXEL Device create a Table 97 S...

Страница 302: ...mon Name is mandatory The certification authority may add fields such as a serial number to the subject information when it issues a certificate It is recommended that each certificate have unique sub...

Страница 303: ...it to send to the certification authority Copy the certification request from the My Certificate Details screen see Section 15 3 on page 297 and then send it to the certification authority Create a ce...

Страница 304: ...at you have set the ZyXEL Device to accept as trusted The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being CA Certificate Select the certification a...

Страница 305: ...the name used to identify this certificate Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization...

Страница 306: ...Issues certificate revocation lists CRL check box in the certificate s details screen to have the ZyXEL Device check the CRL before trusting any certificates issued by the certification authority Othe...

Страница 307: ...tion authority s certificate change the certificate s name and set whether or not you want the ZyXEL Device to check a Table 100 Security Certificates Trusted CA Import LABEL DESCRIPTION File Path Typ...

Страница 308: ...ficates P 2612HW Series User s Guide 308 certification authority s list of revoked certificates before trusting a certificate issued by the certification authority Figure 181 Security Certificates Tru...

Страница 309: ...the certification path Certificate Information These read only fields display detailed information about the certificate Type This field displays general information about the certificate CA signed m...

Страница 310: ...s the certificate s message digest that the ZyXEL Device calculated using the MD5 algorithm You can use this value to verify with the certification authority over the phone for example that this is ac...

Страница 311: ...te Hosts The following table describes the labels in this screen Table 102 Security Certificates Trusted Remote Hosts LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the...

Страница 312: ...tificate has not yet become applicable Valid To This field displays the date that the certificate expires The text displays in red and includes an Expiring or Expired message if the certificate is abo...

Страница 313: ...this certificate If you want to change the name type up to 31 characters to identify this key certificate You may use any character not including spaces Certificate Path Click the Refresh button to ha...

Страница 314: ...if the certificate has not yet become applicable Valid To This field displays the date that the certificate expires The text displays in red and includes an Expiring or Expired message if the certific...

Страница 315: ...cate in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII characters to convert the binary cert...

Страница 316: ...certificates that have been saved into the ZyXEL Device If you decide to have the ZyXEL Device check incoming certificates against the issuing certification authority s list of revoked certificates t...

Страница 317: ...ding more certificates The index number of the directory server The servers are listed in alphabetical order Name This field displays the name used to identify this directory server Address This field...

Страница 318: ...own list box to select the access protocol used by the directory server LDAP Lightweight Directory Access Protocol is a protocol over TCP that specifies how clients access directories of certificates...

Страница 319: ...ually a certification authority Back Click Back to return to the Directory Servers screen Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel to quit configuring this s...

Страница 320: ...Chapter 15 Certificates P 2612HW Series User s Guide 320...

Страница 321: ...Device s LAN interface The ZyXEL Device routes most traffic from A to the Internet through the ZyXEL Device s default gateway R1 You create one static route to connect to services offered by your ISP...

Страница 322: ...ter specifies the IP network address of the final destination Routing is always based on network number Netmask This parameter specifies the IP network subnet mask of the final destination Gateway Thi...

Страница 323: ...oute Destination IP Address This parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a sub...

Страница 324: ...Chapter 16 Static Route P 2612HW Series User s Guide 324...

Страница 325: ...the ports Figure 190 802 1Q 1P 17 1 1 What You Can Do in the 802 1Q 1P Screens Use the Group Setting screen Section 17 2 on page 332 to activate 802 1Q 1P specify the management VLAN group display the...

Страница 326: ...tagged Frames Each port on the device is capable of passing tagged or untagged frames To forward a frame from an 802 1Q VLAN aware device to an 802 1Q VLAN unaware device the ZyXEL Device first decide...

Страница 327: ...into one VLAN VLAN2 and then set them to use a PVC PVC1 with a high priority service level You would start with the following steps 1 Click Advanced 802 1Q 1P Group Setting Edit to display the follow...

Страница 328: ...P Group Setting Edit Example To set a high priority for VoIP traffic follow these steps 1 Click Advanced 802 1Q 1P Port Setting to display the following screen 2 Type 2 in the 802 1Q PVID column for L...

Страница 329: ...rnet traffic You want to set a lower priority for this type of traffic so you want to group these ports and PVC2 into one VLAN VLAN3 PVC2 priority is set to low level of service SSID1 and SSID2 are tw...

Страница 330: ...1Q 1P P 2612HW Series User s Guide 330 Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4 The summary screen should display as follows Figure 194 Advanced 802 1Q 1P Group...

Страница 331: ...Chapter 17 802 1Q 1P P 2612HW Series User s Guide 331 The port screen should look like this Figure 195 Advanced 802 1Q 1P Port Setting Example This completes the 802 1Q 1P setup...

Страница 332: ...anced 802 1Q 1P Group Setting The following table describes the labels in this screen Table 109 Advanced 802 1Q 1P Group Setting LABEL DESCRIPTION 802 1P 1Q Active Select this check box to activate th...

Страница 333: ...ID number of the VLAN group Port Number These columns display the VLAN s settings for each port A tagged port is marked as T an untagged port is marked as U and ports not participating in a VLAN are...

Страница 334: ...ls in this screen Table 110 Advanced 802 1Q 1P Group Setting Edit LABEL DESCRIPTION Name Enter a descriptive name for the VLAN group for identification purposes The text may consist of up to 8 letters...

Страница 335: ...ber of the VLAN group Select Forbidden if you want to prohibit the port from joining the VLAN group Tx Tag Select Tx Tagging if you want the port to tag all outgoing traffic transmitted through this V...

Страница 336: ...valid VID range is between 1 and 4094 The ZyXEL Device assigns the PVID to untagged frames or priority tagged frames received on this port SSID or PVC 802 1P Priority Assign a priority for the traffic...

Страница 337: ...ZyXEL Device assigns each packet a priority and then queues the packet accordingly Packets assigned a high priority are processed more quickly than those with low priority if there is congestion allow...

Страница 338: ...cket header while DiffServ is a new protocol and defines a new DS field which replaces the eight bit ToS Type of Service field in the IP header Tagging and Marking In a QoS class you can configure whe...

Страница 339: ...es User s Guide 339 these two classes are assigned priority queue based on the internal QoS mapping table on the ZyXEL Device Figure 199 QoS Example Figure 200 QoS Class Example VoIP 1 Internet 50 Mbp...

Страница 340: ...Chapter 18 Quality of Service QoS P 2612HW Series User s Guide 340 Figure 201 QoS Class Example VoIP 2 Figure 202 QoS Class Example Boss 1...

Страница 341: ...HW Series User s Guide 341 Figure 203 QoS Class Example Boss 2 18 2 The QoS General Screen Click Advanced QoS to open the screen as shown next Use this screen to enable or disable QoS and select to ha...

Страница 342: ...peed to match the interface s actual transmission speed For example set the WAN interface speed to 100000 kbps if your Internet connection has an upstream transmission speed of 100 Mbps Setting this n...

Страница 343: ...llowing screen Figure 205 Advanced QoS Class Setup The following table describes the labels in this screen Apply Click Apply to save your settings back to the ZyXEL Device Cancel Click Cancel to begin...

Страница 344: ...criteria specified in this classifier Modify Click the Edit icon to go to the screen where you can edit the classifier Click the Remove icon to delete an existing classifier Apply Click Apply to save...

Страница 345: ...lity of Service QoS P 2612HW Series User s Guide 345 18 3 1 The Class Configuration Screen Click the Add button or the Edit icon in the Modify field to configure a classifier Figure 206 Advanced QoS C...

Страница 346: ...Routing Table to have the ZyXEL Device use the routing table to find a next hop and forward the matched packets automatically Select To Gateway Address to route the matched packets to the router or s...

Страница 347: ...ort number See Appendix E on page 531 for some common services and port numbers MAC Select the check box and enter the source MAC address of the packet MAC Mask Type the mask for the specified MAC add...

Страница 348: ...rnet and over TCP IP networks A system running the FTP server accepts commands from a system running an FTP client The service allows users to send commands to the server for uploading and downloading...

Страница 349: ...15 Advanced QoS Monitor LABEL DESCRIPTION Priority Queue This shows the priority queue number Traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped...

Страница 350: ...owest priority level and seven is the highest 18 5 3 DiffServ QoS is used to prioritize source to destination traffic flows All packets in the flow are given the same priority You can use CoS class of...

Страница 351: ...field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward compatible with the three precedence...

Страница 352: ...rnal Layer2 and Layer3 QoS Mapping PRIORITY QUEUE LAYER 2 LAYER 3 IEEE 802 1P USER PRIORITY ETHERNET PRIORITY TOS IP PRECEDENCE DSCP IP PACKET LENGTH BYTE 0 1 0 000000 1 2 2 0 0 000000 1100 3 3 1 0011...

Страница 353: ...u even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that wou...

Страница 354: ...vanced Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS Service Provider This is the name of your Dynamic DNS service provider Dynamic DNS Ty...

Страница 355: ...server auto detect IP Address Select this option only when there are one or more NAT routers between the ZyXEL Device and the DDNS server This feature has the DDNS server automatically detect and use...

Страница 356: ...Chapter 19 Dynamic DNS Setup P 2612HW Series User s Guide 356...

Страница 357: ...e 209 Remote Management From the WAN Note When you configure remote management to allow management from the WAN you still need to configure a firewall rule to allow access You may manage your ZyXEL De...

Страница 358: ...XEL Device Use the SNMP screen Section 20 5 on page 362 to configure your ZyXEL Device s settings for Simple Network Management Protocol management Use the DNS screen Section 20 6 on page 365 to confi...

Страница 359: ...than this timeout period The management session does not time out when a statistics screen is polling 20 2 The WWW Screen To change your ZyXEL Device s World Wide Web settings click Advanced Remote MG...

Страница 360: ...using this service Select All to allow any computer to access the ZyXEL Device using this service Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL D...

Страница 361: ...screen Secured Client IP A secured client is a trusted computer that is allowed to communicate with the ZyXEL Device using this service Select All to allow any computer to access the ZyXEL Device usin...

Страница 362: ...management operation Note SNMP is only available if TCP IP is configured Figure 213 SNMP Management Model An SNMP managed network consists of two main types of component agents and a manager Secured C...

Страница 363: ...o retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all element...

Страница 364: ...if reboot is done intentionally for example download new files CI command sys reboot 6b For fatal error A trap is sent with the message of the fatal code if the system reboots because of fatal errors...

Страница 365: ...Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service SNMP Configuration Get Community Enter the Get Community which is the password f...

Страница 366: ...g which prevents the ICMP response packet from being sent This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed Table 124 Remote Management DNS LABEL DESCRIPTION Po...

Страница 367: ...and WAN Ping requests Select WLAN WAN to reply to both incoming WLAN and WAN Ping requests Select WLAN LAN to reply to both incoming WLAN and LAN Ping requests Select WLAN to reply to incoming WLAN P...

Страница 368: ...guration P 2612HW Series User s Guide 368 Apply Click Apply to save your customized settings and exit this screen Cancel Click Cancel to begin configuring this screen afresh Table 125 Advanced Remote...

Страница 369: ...ations to automatically configure the ZyXEL Device 21 1 2 What You Need to Know About UPnP How do I know if I m using UPnP UPnP hardware is identified as an icon in the Network Connections folder Wind...

Страница 370: ...e obtained and modified by users in some network environments When a UPnP device joins a network it announces its presence with a multicast message For security reasons the ZyXEL Device allows multica...

Страница 371: ...UPnP application to open the web configurator s login screen without entering the ZyXEL Device s IP address although you must still enter the password to access the web configurator Allow users to ma...

Страница 372: ...Windows Me Follow the steps below to install the UPnP in Windows Me 1 Click Start and Control Panel Double click Add Remove Programs 2 Click the Windows Setup tab and select Communication in the Compo...

Страница 373: ...ication Components 4 Click OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted Installing UPnP in Windows XP Follow the steps below to instal...

Страница 374: ...nP P 2612HW Series User s Guide 374 4 The Windows Optional Networking Components Wizard window displays Select Networking Service in the Components selection box and click Details Figure 221 Windows O...

Страница 375: ...click Next 21 4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL De...

Страница 376: ...Chapter 21 Universal Plug and Play UPnP P 2612HW Series User s Guide 376 2 Right click the icon and select Properties Figure 223 Network Connections...

Страница 377: ...sal Plug and Play UPnP P 2612HW Series User s Guide 377 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Figure 224 Internet Conn...

Страница 378: ...the port mappings or click Add to manually add port mappings Figure 225 Internet Connection Properties Advanced Settings Figure 226 Internet Connection Properties Advanced Settings Add 5 When the UPnP...

Страница 379: ...splay your current Internet connection status Figure 228 Internet Connection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the ZyXEL Device without finding...

Страница 380: ...l Plug and Play UPnP P 2612HW Series User s Guide 380 3 Select My Network Places under Other Places Figure 229 Network Connections 4 An icon with the description for each UPnP enabled device displays...

Страница 381: ...nd select Invoke The web configurator login screen displays Figure 230 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window d...

Страница 382: ...Chapter 21 Universal Plug and Play UPnP P 2612HW Series User s Guide 382...

Страница 383: ...383 PART III Maintenance Troubleshooting and Specifications System 385 Logs 391 Tools 413 Diagnostic 433 Troubleshooting 437 Product Specifications 445...

Страница 384: ...384...

Страница 385: ...tem time 22 1 2 What You Need to Know About System Settings Domain Name This is a network address that identifies the owner of a network connection For example in the network address www zyxel com sup...

Страница 386: ...ull computer name field and enter it as the ZyXEL Device System Name Click Maintenance System to open the General screen Figure 232 Maintenance System General The following table describes the labels...

Страница 387: ...g it has been left idle not recommended Password Old Password Type the default password or the existing password you use to access the system in this field New Password Type your new system password u...

Страница 388: ...SCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device Each time you reload this page the ZyXEL Device synchronizes the time with the time server Current Date T...

Страница 389: ...th of your time server Check with your ISP network administrator if you are unsure of this information Time Zone Setup Time Zone Choose the time zone of your location This will set the time difference...

Страница 390: ...r and type 2 in the o clock field Daylight Saving Time ends in the European Union on the last Sunday of October All of the time zones in the European Union stop using Daylight Saving Time at the same...

Страница 391: ...e is to send logs the schedule for when the ZyXEL Device is to send the logs and which logs and or immediate alerts the ZyXEL Device is to record 23 1 2 What You Need To Know About Logs Alerts and Log...

Страница 392: ...box Select a category of logs to view select All Logs to view logs from all of the log categories that you selected in the Log Settings page Email Log Now Click Email Log Now to send the log screen t...

Страница 393: ...ion To change your ZyXEL Device s log settings click Maintenance Logs Log Settings The screen appears as shown Alerts are e mailed as soon as they happen Logs may be e mailed as soon as the log is ful...

Страница 394: ...fer Protocol is the message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another Select the check box to activate SMTP authentication If mail server a...

Страница 395: ...ted categories of logs Log Facility Select a location from the drop down list box The log facility allows you to log the messages to different files in the syslog server Refer to the syslog server man...

Страница 396: ...05 17 UDP src port 00520 dest port 00520 1 02 128 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 30 UDP src port 00520 dest port 00520 1 02 End of Firewall Log Table 132 System Mainte...

Страница 397: ...MP packet that was too large Configuration Change PC 0x x Task ID 0x x The router is saving configuration changes Successful SSH login Someone has logged on to the router s SSH server SSH login failed...

Страница 398: ...nt a message to notify a user that the router blocked access to a web site that the user requested Table 135 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack sent TCP RST The router sent...

Страница 399: ...t d rule d Attempted access matched a configured filter rule denoted by its set and rule number and was blocked or forwarded according to the rule Table 137 ICMP Logs LOG MESSAGE DESCRIPTION Firewall...

Страница 400: ...gs LOG MESSAGE DESCRIPTION ppp LCP Starting The PPP connection s Link Control Protocol stage has started ppp LCP Opening The PPP connection s Link Control Protocol stage is opening ppp CHAP Opening Th...

Страница 401: ...all detected a TCP teardrop attack teardrop UDP The firewall detected an UDP teardrop attack teardrop ICMP type d code d The firewall detected an ICMP teardrop attack illegal command TCP The firewall...

Страница 402: ...to authenticate user There is no authentication server to authenticate a user Table 144 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION L to W LAN to WAN ACL set for packets traveling from th...

Страница 403: ...ly 0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message Table 146 Syslog Logs LOG MESSAGE DESCRIPTION Facility 8 Severity Mon...

Страница 404: ...register server failed Table 148 RTP Logs LOG MESSAGE DESCRIPTION Error RTP init fail The initialization of an RTP session failed Error Call fail RTP connect fail A VoIP phone call failed because the...

Страница 405: ...om the listed SIP number VoIP Call Established Ph Phone Port Outgoing Call Number A VoIP phone call was set up from the listed SIP number to the ZyXEL Device VoIP Call End Phone Phone Port A VoIP phon...

Страница 406: ...Chapter 23 Logs P 2612HW Series User s Guide 406...

Страница 407: ...ry screen Section 24 3 on page 408 to see the details of the calls performed on the ZyXEL Device Use the Call History Settings screen Section 24 4 on page 409 to configure to where the ZyXEL Device is...

Страница 408: ...es A triangle indicates ascending or descending sort order Figure 238 Maintenance Call History Call History Table 152 Maintenance Call History Summary LABEL DESCRIPTION Type of Summary This shows the...

Страница 409: ...ess specified in the Call History Settings page make sure that you have first filled in the E mail Log Settings fields in Call History Settings Refresh Click Refresh to renew the call history screen C...

Страница 410: ...BEL DESCRIPTION E mail Call History Settings Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert...

Страница 411: ...the week the E mail should be sent If you select When Log is Full an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Call History Use the drop down lis...

Страница 412: ...ch day of a month from 1 to 28 on which the Last Month summary of call history displays in the Summary screen starts Apply Click Apply to save your customized settings and exit this screen Cancel Clic...

Страница 413: ...ures and functionality You can download new firmware releases from your nearest ZyXEL FTP site or www zyxel com to use to upgrade your device s performance Only use firmware for your device s specific...

Страница 414: ...u will need to rename them as the ZyXEL Device only recognizes rom 0 and ras Be sure you keep unaltered copies of both files for later use The following table is a summary Please note that the interna...

Страница 415: ...this function erases the current configuration before restoring a previous back up configuration please do not attempt to restore unless you have a backup configuration file stored on disk FTP is the...

Страница 416: ...ault is 1234 5 Enter bin to set transfer mode to binary 6 Use put to transfer files from the computer to the device for example put firmware bin ras transfers the firmware on your computer firmware bi...

Страница 417: ...t idle timeout default when the file transfer is complete 3 Launch the TFTP client on your computer and connect to the device Set the transfer mode to binary before starting data transfer 4 Use the TF...

Страница 418: ...m transfers the configuration file on the ZyXEL Device to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp...

Страница 419: ...er will not be interrupted Enter command sys stdio 5 to restore the five minute management idle timeout default when the file transfer is complete 3 Launch the TFTP client on your computer and connect...

Страница 420: ...TP clients Refer to Section 25 1 2 on page 413 to read about configurations that disallow TFTP and FTP over WAN 25 2 Firmware Upgrade Screen Click Maintenance Tools to open the Firmware screen Follow...

Страница 421: ...Firmware Upgrade LABEL DESCRIPTION Current Firmware Version This is the present Firmware version and the date created File Path Type in the location of the file you want to upload in this field or cli...

Страница 422: ...automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 245 Network Temporarily Disconnected After t...

Страница 423: ...reen as shown next Figure 247 Maintenance Tools Configuration Backup Configuration Backup Configuration allows you to back up save the ZyXEL Device s current configuration to a file on your computer O...

Страница 424: ...k disconnect In some operating systems you may see the following icon on your desktop Figure 249 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change...

Страница 425: ...tory Defaults Click the Reset button to clear all user entered configuration information and return the ZyXEL Device to its factory defaults The following warning screen appears Figure 251 Reset Warni...

Страница 426: ...ation file to your computer 25 5 1 Using the FTP Commands to Back Up Configuration 1 Launch the FTP client on your computer 2 Enter open followed by a space and the IP address of your ZyXEL Device 3 E...

Страница 427: ...d 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp 16384 bytes sent i...

Страница 428: ...to binary before starting data transfer 4 Use the TFTP client see the example below to transfer files between the ZyXEL Device and the computer The file name for the configuration file is rom 0 rom ze...

Страница 429: ...FTP is faster Please note that you must wait for the system to automatically restart after the file transfer is complete Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE your...

Страница 430: ...irmware and configuration To use this feature your computer must have an FTP client The following sections give examples of how to upload the firmware and the configuration files 25 7 1 FTP File Uploa...

Страница 431: ...are listed earlier in this chapter Refer to Section on page 414 to read about configurations that disallow TFTP and FTP over WAN 25 7 3 TFTP File Upload The device also supports the uploading of firm...

Страница 432: ...e and the device in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to tran...

Страница 433: ...hat You Can Do in the Diagnostic Screens Use the General Diagnostic screen Section 26 2 on page 433 to ping an IP address Use the DSL Line Diagnostic screen Section 26 3 on page 434 to view the DSL li...

Страница 434: ...n next This screen is not available when you set the WAN mode to Ethernet WAN in the WAN Internet Access Setup screen using the DSL WAN switch Figure 258 Maintenance Diagnostic DSL Line Table 162 Main...

Страница 435: ...s the number of ATM cells sent that were rejected inF4Pkts is the number of ATM Operations Administration and Management OAM F4 cells that have been received See ITU recommendation I 610 for more on O...

Страница 436: ...the quality of the connection whether a given sub carrier loop has sufficient margins to support certain ADSL transmission rates and possibly to determine whether particular specific types of interfer...

Страница 437: ...VoIP 27 2 Power Hardware Connections and LEDs The ZyXEL Device does not turn on None of the LEDs turn on 1 Make sure the ZyXEL Device is turned on 2 Make sure you are using the power adaptor or cord i...

Страница 438: ...way for your computer To do this in most Windows computers click Start Run enter cmd and then enter ipconfig The IP address of the Default Gateway might be the IP address of the ZyXEL Device it depend...

Страница 439: ...e 29 6 If the problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Try to access the ZyXEL Device using another service such as Tel...

Страница 440: ...Ds are behaving as expected See the Quick Start Guide and Section 1 4 on page 28 2 Make sure you entered your ISP account information correctly in the wizard These fields are case sensitive so make su...

Страница 441: ...that might be interfering with the wireless network for example microwaves other wireless networks and so on 3 Turn the ZyXEL Device off and on 4 If the problem continues contact the network administ...

Страница 442: ...1 with both phone ports for outgoing calls and it uses SIP accounts 1 and 2 for incoming calls With this setting you always use SIP account 1 for your outgoing calls and you cannot distinguish which S...

Страница 443: ...your SIP account 2 To apply these configuration changes you need to configure the Analog Phone screen See Section 10 5 on page 194 Figure 260 Outgoing Calls Individual Configuration 27 6 2 Incoming C...

Страница 444: ...ount 1 and phone port 2 is configured to use SIP account 2 for incoming calls In this case every time you receive a call from your SIP account 1 the phone connected to phone port 1 rings Similarly eve...

Страница 445: ...Mbps RJ 45 Ethernet ports DSL Port P 2612HW F1 1 RJ45 DSL Port P 2612HW F3 1 RJ11 DSL Port WAN Port 1 RJ45 WAN Port PHONE Ports 2 RJ 11 FXS POTS ports RESET Button Restores factory defaults WLAN Butt...

Страница 446: ...f you decide to revert back to an earlier configuration Network Address Translation NAT Each computer on your network must have its own unique IP address Use NAT to convert your public IP address es t...

Страница 447: ...Service You can efficiently manage traffic on your network by reserving bandwidth and giving priority to certain types of traffic and or to particular computers Remote Management This allows you to de...

Страница 448: ...for each LAN network Packet Filters Your device s packet filtering function allows added network security and management ADSL Standards Support ITU G 992 1 G dmt EOC specified in ITU T G 992 1 ADSL2 G...

Страница 449: ...on Other Protocol Support PPP Point to Point Protocol link layer protocol Transparent bridging for unsupported network layer protocols RIP I RIP II ICMP ATM QoS SNMP v1 and v2c with MIB II support RFC...

Страница 450: ...using the command line interpreter Auto Dial You can set the ZyXEL Device to automatically dial a specified number immediately whenever you lift a phone off the hook Use the Web Configurator to set t...

Страница 451: ...and assign them to the telephone port Multiple Voice Channels Your device can simultaneously handle multiple voice channels telephone calls Additionally you can answer an incoming phone call on a VoIP...

Страница 452: ...he ZyXEL Device is equipped with an attached antenna to provide a clear radio signal between the wireless stations and the access points Multiple SSID Multiple SSID allows the ZyXEL Device to operate...

Страница 453: ...32 MAC Address filters IEEE 802 1x External RADIUS server using EAP MD5 TLS TTLS Scheduling lets you set when the WLAN is on Table 168 Standards Supported STANDARD DESCRIPTION RFC 867 Daytime Protocol...

Страница 454: ...andard G dmt G 992 1 G 992 1 Asymmetrical Digital Subscriber Line ADSL Transceivers ITU G 992 1 G DMT ITU standard for ADSL using discrete multitone modulation ITU G 992 2 G Lite ITU standard for ADSL...

Страница 455: ...cables located inside the wall when drilling holes for the screws 3 Do not screw the screws all the way into the wall Leave a small gap of about 0 5 cm between the heads of the screws and the wall 4...

Страница 456: ...t Specifications P 2612HW Series User s Guide 456 The following are dimensions of an M4 tap screw and masonry plug used for wall mounting All measurements are in millimeters mm Figure 264 Masonry Plug...

Страница 457: ...pendices and Index Setting Up Your Computer s IP Address 459 Pop up Windows JavaScripts and Java Permissions 485 IP Addresses and Subnetting 495 Wireless LANs 507 Common Services 531 Legal Information...

Страница 458: ...458...

Страница 459: ...2000 Mac OS 9 OS X and all versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sure...

Страница 460: ...Up Your Computer s IP Address P 2612HW Series User s Guide 460 1 Click Start Control Panel Figure 265 Windows XP Start Menu 2 In the Control Panel click the Network Connections icon Figure 266 Window...

Страница 461: ...uide 461 3 Right click Local Area Connection and then select Properties Figure 267 Windows XP Control Panel Network Connections Properties 4 On the General tab select Internet Protocol TCP IP and then...

Страница 462: ...Select Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP You...

Страница 463: ...l Network Connections right click a network connection click Status and then click the Support tab to view your IP address and connection information Windows Vista This section shows screens from Wind...

Страница 464: ...Network And Internet 4 Click Manage network connections Figure 273 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then select Properties Figure 274 Windows Vista Net...

Страница 465: ...ix A Setting Up Your Computer s IP Address P 2612HW Series User s Guide 465 6 Select Internet Protocol Version 4 TCP IPv4 and then select Properties Figure 275 Windows Vista Local Area Connection Prop...

Страница 466: ...cally Select Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or IS...

Страница 467: ...can also go to Start Control Panel Network Connections right click a network connection click Status and then click the Support tab to view your IP address and connection information Mac OS X 10 3 and...

Страница 468: ...68 2 In the System Preferences window click the Network icon Figure 278 Mac OS X 10 4 System Preferences 3 When the Network preferences pane opens select Built in Ethernet from the network connection...

Страница 469: ...ngs select Using DHCP from the Configure IPv4 list in the TCP IP tab Figure 280 Mac OS X 10 4 Network Preferences TCP IP Tab 5 For statically assigned settings do the following From the Configure IPv4...

Страница 470: ...of your device Figure 281 Mac OS X 10 4 Network Preferences Ethernet 6 Click Apply Now and close the window Verifying Settings Check your TCP IP properties by clicking Applications Utilities Network...

Страница 471: ...2HW Series User s Guide 471 Mac OS X 10 5 The screens in this section are from Mac OS X 10 5 1 Click Apple System Preferences Figure 283 Mac OS X 10 5 Apple Menu 2 In System Preferences click the Netw...

Страница 472: ...st of available connection types Figure 285 Mac OS X 10 5 Network Preferences Ethernet 4 From the Configure list select Using DHCP for dynamically assigned settings 5 For statically assigned settings...

Страница 473: ...ng Up Your Computer s IP Address P 2612HW Series User s Guide 473 In the Router field enter the IP address of your ZyXEL Device Figure 286 Mac OS X 10 5 Network Preferences Ethernet 6 Click Apply and...

Страница 474: ...inux Ubuntu 8 GNOME This section shows you how to configure your computer s TCP IP settings in the GNU Object Model Environment GNOME using the Ubuntu 8 Linux distribution The procedure screens and fi...

Страница 475: ...re 288 Ubuntu 8 System Administration Menu 2 When the Network Settings window opens click Unlock to open the Authenticate window By default the Unlock button is greyed out until clicked You cannot mak...

Страница 476: ...cate window enter your admin account name and password then click the Authenticate button Figure 290 Ubuntu 8 Administrator Account Authentication 4 In the Network Settings window select the connectio...

Страница 477: ...perties In the Configuration list select Automatic Configuration DHCP if you have a dynamic IP address In the Configuration list select Static IP address if you have a static IP address Fill in the IP...

Страница 478: ...n the Network Settings window and then enter the DNS server information in the fields provided Figure 293 Ubuntu 8 Network Settings DNS 8 Click the Close button to apply the changes Verifying Settings...

Страница 479: ...to configure your computer s TCP IP settings in the K Desktop Environment KDE using the openSUSE 10 3 Linux distribution The procedure screens and file locations may vary depending on your specific d...

Страница 480: ...12HW Series User s Guide 480 1 Click K Menu Computer Administrator Settings YaST Figure 295 openSUSE 10 3 K Menu Computer Menu 2 When the Run as Root KDE su dialog opens enter the admin password and c...

Страница 481: ...window opens select Network Devices and then click the Network Card icon Figure 297 openSUSE 10 3 YaST Control Center 4 When the Network Settings window opens click the Overview tab select the appropr...

Страница 482: ...lick the Address tab Figure 299 openSUSE 10 3 Network Card Setup 6 Select Dynamic Address DHCP if you have a dynamic IP address Select Statically assigned IP Address if you have a static IP address Fi...

Страница 483: ...s Guide 483 8 If you know your DNS server IP address es click the Hostname DNS tab in Network Settings and then enter the DNS server information in the fields provided Figure 300 openSUSE 10 3 Networ...

Страница 484: ...on the Task bar to check your TCP IP properties From the Options sub menu select Show Connection Information Figure 301 openSUSE 10 3 KNetwork Manager When the Connection Status KNetwork Manager windo...

Страница 485: ...net Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Serv...

Страница 486: ...in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 304 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers wi...

Страница 487: ...2HW Series User s Guide 487 2 Select Settings to open the Pop up Blocker Settings screen Figure 305 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to h...

Страница 488: ...k Add to move the IP address to the list of Allowed sites Figure 306 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of th...

Страница 489: ...plorer click Tools Internet Options and then the Security tab Figure 307 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that En...

Страница 490: ...ick OK to close the window Figure 308 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button...

Страница 491: ...ns P 2612HW Series User s Guide 491 5 Click OK to close the window Figure 309 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sur...

Страница 492: ...ck OK to close the window Figure 310 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Cl...

Страница 493: ...up Windows JavaScripts and Java Permissions P 2612HW Series User s Guide 493 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 312 Mozilla Firefox C...

Страница 494: ...Appendix B Pop up Windows JavaScripts and Java Permissions P 2612HW Series User s Guide 494...

Страница 495: ...er and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house n...

Страница 496: ...logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number I...

Страница 497: ...number bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address...

Страница 498: ...ng You can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the...

Страница 499: ...netting Figure 314 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 2...

Страница 500: ...5 255 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 1 1 and...

Страница 501: ...Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host ID 192 168 1 65 Broadcast Address 192 168 1 127 Highest Host...

Страница 502: ...ght Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 2...

Страница 503: ...Address Translation NAT on the ZyXEL Device Once you have decided on the network number pick an IP address for your ZyXEL Device that is easy to remember for instance 192 168 1 1 but make sure that n...

Страница 504: ...if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP addre...

Страница 505: ...r example if a router is set between a LAN and the Internet WAN the router s LAN and WAN addresses must be on different subnets In the following example the LAN and WAN are on the same subnet The LAN...

Страница 506: ...2612HW Series User s Guide 506 The computer cannot access the Internet This problem can be solved by assigning a different IP address to the computer or the router s LAN port Figure 318 Conflicting C...

Страница 507: ...ndent network which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an a...

Страница 508: ...tended Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called...

Страница 509: ...jacent AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially ove...

Страница 510: ...ust first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer t...

Страница 511: ...onization field in a packet Short preamble increases performance as less time sending preamble means more time for sending data All IEEE 802 11 compliant wireless adapters support long preamble but no...

Страница 512: ...ure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device Note You must enable the same wireless security settings on the ZyXEL Device and on all wireless...

Страница 513: ...the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RA...

Страница 514: ...nd LEAP Your wireless LAN device may not support all authentication types EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism i...

Страница 515: ...sive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which impos...

Страница 516: ...and WPA2 Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than...

Страница 517: ...Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wir...

Страница 518: ...ady connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an opera...

Страница 519: ...th RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as follows 1 First enter identical passwords into the AP and all wireless clients The Pre Shared Key PSK must...

Страница 520: ...each authentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 184 Wireless Security Relational Matrix AUTHENTICAT...

Страница 521: ...enna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communication...

Страница 522: ...d on a table desk and so on point the antenna up For omni directional antennas mounted on a wall or ceiling point the antenna down For a single AP application place omni directional antennas as close...

Страница 523: ...s the network name SSID and security key through an secure connection to the enrollee If you need to make sure that WPS worked check the list of associated wireless clients in the AP s configuration u...

Страница 524: ...Log into the configuration utility of the registrar Select the PIN connection mode not the PBC connection mode Locate the place where you can enter the enrollee s PIN if you are using the ZyXEL Device...

Страница 525: ...supplies network and security settings and the other device acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Pro...

Страница 526: ...evices and the new device Note that the access point AP is not always the registrar and the wireless client is not always the enrollee All WPS certified APs can be a registrar and so can some WPS enab...

Страница 527: ...ndomly generates the security information to set up the network since it is unconfigured and has no existing information Figure 327 WPS Example Network Step 1 In step 2 you add another wireless client...

Страница 528: ...enrollees and one registrar you must set up the first enrollee by pressing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the...

Страница 529: ...ee if this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens...

Страница 530: ...Appendix D Wireless LANs P 2612HW Series User s Guide 530...

Страница 531: ...her information about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of th...

Страница 532: ...Internet Group Management Protocol is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management IRC TCP UDP 666...

Страница 533: ...s the message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for...

Страница 534: ...Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP 7000 Another videoconferencing...

Страница 535: ...of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products...

Страница 536: ...onsist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified...

Страница 537: ...firewalls 240 ALG 178 452 algorithms 278 alternative subnet mask notation 498 antenna 445 directional 522 gain 521 omni directional 522 anti probing 230 any IP 126 133 447 how it works 134 note 134 AP...

Страница 538: ...of Service 215 Class of Service see CoS client server protocol 208 codecs 452 comfort noise generation 195 451 command interface 27 configuration file 413 content filtering 251 447 activation 254 exa...

Страница 539: ...thernet 114 PPPoA 114 RFC 1483 114 encryption 517 ESP 278 ESS 508 Europe type call service mode 217 223 Extended Service Set see ESS external accounting server 147 external antenna 452 external authen...

Страница 540: ...9 IGMP v2 449 IKE phases 282 importing certificates 301 importing trusted CAs 306 importing trusted remote hosts 315 Independent Basic Service Set see IBSS initialization vector IV 517 inside header 2...

Страница 541: ...Size see MBS maximum incomplete 244 Maximum Transmission Unit see MTU MBS 105 111 117 Media Access Control see MAC Media Access Control see MAC Address Message Integrity Check see MIC metric 116 MIB 3...

Страница 542: ...daptor 453 power specifications 445 PPP Point to Point Protocol Link Layer Protocol 449 PPP over ATM AAL5 448 PPP over Ethernet 448 PPP over Ethernet see PPPoE PPPoE 100 114 447 benefits 114 preamble...

Страница 543: ...rate adaptation 448 secure gateway address 258 security associations see VPN Security Parameter Index 271 security network 246 server 183 389 service set 141 150 Service Set IDentification see SSID S...

Страница 544: ...36 traffic redirect 113 119 traffic shaping 117 transparent bridging 449 transport mode 281 triangle route 235 247 solutions 248 trusted CAs and certificates 304 TTLS 453 tunnel mode 281 tutorial NAT...

Страница 545: ...g 126 Wired Equivalent Privacy see WEP wireless client configuration 60 profile 63 security 49 512 tutorial 57 wireless client 137 wireless client WPA supplicants 518 Wireless Distribution System see...

Страница 546: ...RADIUS application example 518 WPA2 516 user authentication 518 vs WPA2 PSK 517 wireless client supplicant 518 with RADIUS application example 518 WPA2 Pre Shared Key see WPA2 PSK WPA2 PSK 516 517 app...

Страница 547: ...Index P 2612HW Series User s Guide 547...

Отзывы:

Нет отзывов

Похожие инструкции для P-2612HW-F1 -

Бренд: IBM Страницы: 82

Бренд: Zte Страницы: 74

Donatello Memory ISDN Modem

Бренд: Digicom Страницы: 1

Бренд: Digi Страницы: 3

Connect WAN 3G IA

Бренд: Digi Страницы: 1

Бренд: Digi Страницы: 866

Бренд: Zoom Страницы: 61

RC801-60B-FV35 Series

Бренд: Raisecom Страницы: 30

Бренд: 3One data Страницы: 11

Бренд: Cal Amp Страницы: 64

Бренд: Abocom Страницы: 20

Бренд: Abocom Страницы: 16

Бренд: Navini Networks Страницы: 41

Бренд: Accedian Страницы: 166

Бренд: NETGEAR Страницы: 2

Бренд: Patton electronics Страницы: 24

DCM202 - Express Ethernetwork DOCSIS 2.0 Cable...

Бренд: D-Link Страницы: 39

Ripwave MX Surfer

Бренд: Navini Networks Страницы: 32

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды