manualshive.com logo in svg

ZyXEL Communications P-2802H-I Series, Руководство пользователя

Поделиться
Скачать
ZyXEL Communications P-2802H-I Series Скачать руководство пользователя страница 182

Chapter 13 Introduction to IPSec

P-2802H(W)(L)-I Series User’s Guide

182

Figure 105   

Transport and Tunnel Mode IPSec Encapsulation

13.3.1  Transport Mode

Transport

 mode is used to protect upper layer protocols and only affects the data in the IP 

packet. In 

Transport

 mode, the IP packet contains the security protocol (

AH

 or 

ESP

) located 

after the original IP header and options, but before any upper layer protocols contained in the 
packet (such as TCP and UDP). 
With 

ESP,

 protection is applied only to the upper layer protocols contained in the packet. The 

IP header information and options are not used in the authentication process. Therefore, the 
originating IP address cannot be verified for integrity against the data. 
With the use of 

AH

 as the security protocol, protection is extended forward into the IP header 

to verify the integrity of the entire packet by use of portions of the original IP header in the 
hashing process.

13.3.2  Tunnel Mode 

Tunnel

 mode encapsulates the entire IP packet to transmit it securely. A 

Tunnel

 mode is 

required for gateway services to provide access to internal systems. 

Tunnel

 mode is 

fundamentally an IP tunnel with authentication and encryption. This is the most common 
mode of operation. 

Tunnel

 mode is required for gateway to gateway and host to gateway 

communications. 

Tunnel

 mode communications have two sets of IP headers:

Outside header

: The outside IP header contains the destination IP address of the VPN 

gateway.

Inside header

: The inside IP header contains the destination IP address of the final system 

behind the VPN gateway. The security protocol appears after the outer IP header and 
before the inside IP header. 

13.4  IPSec and NAT

Read this section if you are running IPSec on a host computer behind the ZyXEL Device.
NAT is incompatible with the 

AH

 protocol in both 

Transport 

and 

Tunnel 

mode. An IPSec 

VPN using the 

AH

 protocol digitally signs the outbound packet, both data payload and 

headers, with a hash value appended to the packet. When using 

AH

 protocol, packet contents 

(the data payload) are not encrypted.

Содержание P-2802H-I Series

Страница 1: ...www zyxel com P 2802H W L I Series VDSL VoIP IAD User s Guide Version 3 70 6 2007 Edition 1...

Страница 2: ......

Страница 3: ...rk and configuring for Internet access Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information Supporting Disk Refer to the included CD for...

Страница 4: ...font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press t...

Страница 5: ...Guide 5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook comput...

Страница 6: ...s device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect the power adaptor or cord to the right supply voltage for example 110V AC in North Amer...

Страница 7: ...Safety Warnings P 2802H W L I Series User s Guide 7...

Страница 8: ...Safety Warnings P 2802H W L I Series User s Guide 8...

Страница 9: ...Setup 89 Wireless LAN 101 Network Address Translation NAT Screens 117 Voice 129 Firewalls 155 Content Filtering 175 Introduction to IPSec 179 VPN Screens 185 Certificates 211 Static Route 235 Quality...

Страница 10: ...Contents Overview P 2802H W L I Series User s Guide 10...

Страница 11: ...its for Managing the ZyXEL Device 37 1 4 Applications for the ZyXEL Device 37 1 4 1 Secure Internet Access 37 1 4 2 Wireless LAN Application 38 1 4 3 Making Calls via Internet Telephony Service Provid...

Страница 12: ...oIP Wizard Setup 65 Part III Advanced 71 Chapter 5 Status Screens 73 5 1 Status Screen 73 5 2 Any IP Table 76 5 3 WLAN Status W models only 77 5 4 Packet Statistics 77 5 5 VoIP Statistics 79 Chapter 6...

Страница 13: ...03 8 2 5 One Touch Intelligent Security Technology OTIST 104 8 3 Additional Wireless Terms 104 8 4 General WLAN Screen 104 8 4 1 No Security 105 8 4 2 WEP Encryption Screen 106 8 4 3 WPA 2 PSK 107 8 4...

Страница 14: ...Message Waiting Indication 133 10 2 9 Custom Tones IVR 133 10 3 Quality of Service QoS 134 10 3 1 Type of Service ToS 134 10 3 2 DiffServ 134 10 3 3 VLAN Tagging 135 10 4 SIP Settings Screen 135 10 5...

Страница 15: ...11 6 1 Configuring Firewall Rules 163 11 6 2 Customized Services 166 11 6 3 Configuring A Customized Service 166 11 7 Example Firewall Rule 167 11 8 Firewall Thresholds 171 11 8 1 Threshold Values 172...

Страница 16: ...3 14 12 IKE Phases 198 14 12 1 Negotiation Mode 199 14 12 2 Diffie Hellman DH Key Groups 199 14 12 3 Perfect Forward Secrecy PFS 200 14 13 Configuring Advanced IKE Settings 200 14 14 Manual Key Setup...

Страница 17: ...6 Static Route 235 16 1 Static Route 235 16 2 Configuring Static Route 235 16 2 1 Static Route Edit 236 Chapter 17 Quality of Service QoS 239 17 1 QoS Overview 239 17 1 1 IEEE 802 1Q Tag 239 17 1 2 IP...

Страница 18: ...19 8 3 Configuring SNMP 267 19 9 Configuring DNS 268 19 10 Configuring ICMP 269 Chapter 20 Universal Plug and Play UPnP 271 20 1 Introducing Universal Plug and Play 271 20 1 1 How do I know if I m usi...

Страница 19: ...Backup Example 310 23 7 3 Configuration Backup Using GUI based FTP Clients 310 23 7 4 Backup Configuration Using TFTP 310 23 7 5 TFTP Command Configuration Backup Example 311 23 7 6 Configuration Back...

Страница 20: ...Specifications 325 Part V Appendices and Index 335 Appendix A Setting up Your Computer s IP Address 337 Appendix B Pop up Windows JavaScripts and Java Permissions 349 Appendix C IP Addresses and Subn...

Страница 21: ...on with Ethernet 57 Figure 16 Connection Test 58 Figure 17 Connection Test Failed 58 Figure 18 Connection Test Successful 59 Figure 19 Wireless LAN Setup Wizard 1 59 Figure 20 Wireless LAN 60 Figure 2...

Страница 22: ...igure 57 OTIST Settings 113 Figure 58 OTIST In Progress on the ZyXEL Device 113 Figure 59 OTIST In Progress on the Wireless Device 113 Figure 60 Start OTIST 113 Figure 61 MAC Address Filter 114 Figure...

Страница 23: ...ent Filter Keyword 175 Figure 101 Content Filter Schedule 176 Figure 102 Content Filter Trusted 177 Figure 103 Encryption and Decryption 180 Figure 104 IPSec Architecture 181 Figure 105 Transport and...

Страница 24: ...252 Figure 146 Secure and Insecure Remote Management From the WAN 255 Figure 147 HTTPS Implementation 257 Figure 148 Remote Management WWW 258 Figure 149 Security Alert Dialog Box Internet Explorer 2...

Страница 25: ...188 Network Temporarily Disconnected 308 Figure 189 Configuration Upload Error 308 Figure 190 Reset Warning Message 308 Figure 191 Reset In Process Message 309 Figure 192 Restart Screen 309 Figure 19...

Страница 26: ...Figure 221 Security Settings Java 353 Figure 222 Java Sun 354 Figure 223 Network Number and Host ID 356 Figure 224 Subnetting Example Before Subnetting 358 Figure 225 Subnetting Example After Subnett...

Страница 27: ...guration 67 Table 15 Status Screen 74 Table 16 Any IP Table 76 Table 17 WLAN Status 77 Table 18 Packet Statistics 78 Table 19 VoIP Statistics 79 Table 20 Internet Access Setup 85 Table 21 Advanced Int...

Страница 28: ...Dial 149 Table 58 Phone Book Incoming Call Policy 151 Table 59 PSTN Line General 153 Table 60 Firewall General 161 Table 61 Firewall Rules 162 Table 62 Firewall Edit Rule 164 Table 63 Customized Servi...

Страница 29: ...Traffic Type 239 Table 99 Internal Layer2 and Layer3 QoS Mapping 241 Table 100 QoS General 242 Table 101 Bandwidth Management Rule Setup 243 Table 102 QoS Class Configuration 244 Table 103 QoS Monito...

Страница 30: ...ients 311 Table 144 Diagnostic General 315 Table 145 Diagnostic DSL Line 316 Table 146 Hardware Specifications 325 Table 147 Firmware Specifications 325 Table 148 Voice Features 329 Table 149 Wireless...

Страница 31: ...Menu 1 General Setup 380 Table 170 Menu 3 380 Table 171 Menu 4 Internet Access Setup 383 Table 172 Menu 12 385 Table 173 Menu 15 SUA Server Setup 389 Table 174 Menu 21 1 Filter Set 1 391 Table 175 Men...

Страница 32: ...List of Tables P 2802H W L I Series User s Guide 32...

Страница 33: ...33 PART I Introduction Introducing the ZyXEL Device 35 Introducing the Web Configurator 43...

Страница 34: ...34...

Страница 35: ...r for all data passing between the Internet and LAN You can configure firewall and or content filtering for secure Internet access You can also use QoS to efficiently manage traffic on your network At...

Страница 36: ...works over ISDN Integrated Services Digital Network 1 Only use firmware for your ZyXEL Device s specific model Refer to the label on the bottom of your ZyXEL Device All screens displayed in this user...

Страница 37: ...totally re configure the ZyXEL Device You could simply restore your last configuration 1 4 Applications for the ZyXEL Device Here are some example uses for which the ZyXEL Device is well suited 1 4 1...

Страница 38: ...ding 1 4 2 Wireless LAN Application Add a wireless LAN to your existing network without expensive network cables Wireless clients can move freely anywhere in the coverage area and use resources on the...

Страница 39: ...sing a SIP proxy server Peer to peer calls are also called Point to Point or IP to IP calls You must know the peer s IP address in order to do this The following figure shows a basic example of how yo...

Страница 40: ...WER Green On Your device is receiving power and functioning properly Blinking Your device is rebooting and performing a self test Red On Your device is not ready or there is a malfunction None Off You...

Страница 41: ...for three seconds and release it The WLAN LED should flash while the device uses OTIST to send wireless settings to OTIST clients W models only WLAN Green On Your device is ready but is not sending re...

Страница 42: ...User s Guide 42 To set the device back to the factory default settings press the RESET button for ten seconds or until the POWER LED begins to blink and then release it When the POWER LED begins to bl...

Страница 43: ...our device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default See Appendix B on page 349 if you need to make s...

Страница 44: ...ongly recommended you change the default password Enter a new password retype it to confirm and click Apply alternatively click Ignore to proceed to the main menu if you do not want to change the pass...

Страница 45: ...lick Apply See Chapter 3 on page 53 for more information Click Go to Advanced setup if you want to configure features that are not available in the wizards Select the check box if you always want to g...

Страница 46: ...status bar 2 2 1 Title Bar The title bar allows you to change the language and provides some icons in the upper right corner The icons provide the following functions A B C D Table 4 Web Configurator...

Страница 47: ...and WLAN authentication security settings OTIST Use this screen to assign your wireless security settings to wireless clients MAC Filter Use this screen to configure the ZyXEL Device to give exclusiv...

Страница 48: ...is screen to configure a list of addresses of directory servers that contain lists of valid and revoked certificates Advanced Static Route IP Static Route Use this screen to configure IP static routes...

Страница 49: ...Setting Use this screen to change your ZyXEL Device s time and date Logs View Log Use this screen to display your device s logs Log Settings Use this screen to select which logs and or immediate aler...

Страница 50: ...Chapter 2 Introducing the Web Configurator P 2802H W L I Series User s Guide 50...

Страница 51: ...51 PART II Wizard Internet and Wireless Setup Wizard 53 VoIP Wizard And Example 65...

Страница 52: ...52...

Страница 53: ...d setup screens to configure your system for Internet access with the information given to you by your ISP See the advanced menu chapters for background information on these fields 3 2 Internet Access...

Страница 54: ...Click INTERNET WIRELESS SETUP to configure the system for Internet access and wireless connection Figure 12 Wizard Welcome 3 Enter your Internet access information in the wizard screen exactly as you...

Страница 55: ...SP Parameters LABEL DESCRIPTION Mode Select Routing default from the drop down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account Select Bri...

Страница 56: ...exactly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password Enter the password associated with...

Страница 57: ...c IP Address Select Static IP Address if your ISP gave you an IP address to use IP Address Enter your ISP assigned IP address Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the ap...

Страница 58: ...ated or click Restart the Internet Wireless Setup Wizard to verify your Internet access settings Figure 17 Connection Test Failed 3 3 Wireless Connection Wizard Setup After you configure the Internet...

Страница 59: ...k box to turn on the wireless LAN Enable OTIST Select the check box to enable OTIST if you want to transfer your ZyXEL Device s SSID and WEP or WPA PSK security settings to wireless clients that suppo...

Страница 60: ...ces is called a channel Select a channel ID that is not already in use by a neighboring device Security Select Automatically assign a WPA key Recommended only available if you enable OTIST if you want...

Страница 61: ...ess LAN setup screen to set up a Pre Shared Key Figure 21 Manually Assign a WPA PSK key The following table describes the labels in this screen 3 3 2 Manually Assign a WEP Key Choose Manually assign a...

Страница 62: ...rrect Click Finish to complete and save the wizard setup Table 12 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data Both the ZyXEL Device and the wireless stations...

Страница 63: ...ess and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www zyxel com Internet access is just the beginning Refer to the rest of this guide for more detailed information on the co...

Страница 64: ...Chapter 3 Internet and Wireless Setup Wizard P 2802H W L I Series User s Guide 64...

Страница 65: ...ho is also using a VoIP device Make sure your telephone is connected to the PHONE 1 port before you start with our example In the following figure A represents your phone and B represents the phone of...

Страница 66: ...ider Your VoIP service provider supplies you with the following information When you are finished click Apply Table 13 Sample SIP Account Information INFORMATION FROM VOIP SERVICE PROVIDER EXAMPLE VAL...

Страница 67: ...rver Address Type the IP address or domain name of the SIP server in this field It doesn t matter whether the SIP server is a proxy redirect or register server You can use up to 95 ASCII characters SI...

Страница 68: ...IP account registration was successful Click Return to Wizard Main Page if you want to use another configuration wizard Click Go to Advanced Setup page or Finish to close the wizard and go to the main...

Страница 69: ...ered they need to provide you with their SIP number You can use your VoIP service provider s dialing plan to call SIP numbers You can also use your VoIP service provider s dialing plan to call regular...

Страница 70: ...Chapter 4 VoIP Wizard And Example P 2802H W L I Series User s Guide 70...

Страница 71: ...etwork Address Translation NAT Screens 117 Voice 129 Firewalls 155 Content Filtering 175 Introduction to IPSec 179 VPN Screens 185 Certificates 211 Static Route 235 Quality of Service QoS 239 Dynamic...

Страница 72: ...72...

Страница 73: ...device system resources interfaces LAN and WAN and SIP accounts You can also register and unregister SIP accounts The Status screen also provides detailed information from Any IP and DHCP and statist...

Страница 74: ...licable LAN Information IP Address This field displays the current IP address of the ZyXEL Device LAN port Click this to go to the screen where you can change it IP Subnet Mask This field displays the...

Страница 75: ...should restart the device See Section 23 6 on page 309 or turn off the device unplug the power for a few seconds Interface Status Interface This column displays each interface the ZyXEL Device has Sta...

Страница 76: ...oes not cancel your SIP account but it deletes the mapping between your SIP identity and your IP address or domain name The second field displays Registered If the SIP account is not registered with t...

Страница 77: ...so provided are system up time and poll interval s The Poll Interval s field is configurable MAC Address This field displays the MAC address of the computer that is using the ZyXEL Device but is in a...

Страница 78: ...m Speed This is the downstream speed of your ZyXEL Device Node Link This field displays the remote node index number and link type Link types are DHCP Ethernet and PPPoE Status This field displays Dow...

Страница 79: ...LAN is disabled TxPkts This field displays the number of packets transmitted on this interface RxPkts This field displays the number of packets received on this interface Collisions This is the number...

Страница 80: ...if the SIP account has never dialed a number Call Statistics Phone This field displays each phone port in the ZyXEL Device Hook This field indicates whether the phone is on the hook or off the hook On...

Страница 81: ...nt the ZyXEL Device to update this screen and click Set Interval Set Interval Click this to make the ZyXEL Device update the screen based on the amount of time you specified in Poll Interval Stop Clic...

Страница 82: ...Chapter 5 Status Screens P 2802H W L I Series User s Guide 82...

Страница 83: ...rk services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE saves significant effort for...

Страница 84: ...ring up the connection when turned on and whenever the connection is down A nailed up connection can be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone c...

Страница 85: ...time you connect to the Internet Select Obtain an IP Address Automatically if you have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the IP Address f...

Страница 86: ...eout Apply Click Apply to save the changes Cancel Click Cancel to begin configuring this screen afresh Advanced Setup Click this button to display the Advanced WAN Setup screen and edit more details o...

Страница 87: ...escribes the labels in this screen Back Click Back to return to the previous screen Apply Click Apply to save the changes Cancel Click Cancel to begin configuring this screen afresh Table 21 Advanced...

Страница 88: ...Chapter 6 WAN Setup P 2802H W L I Series User s Guide 88...

Страница 89: ...e area usually the same building or floor of a building The LAN screens can help you configure a LAN DHCP server and manage IP addresses See Section 7 4 on page 94 to configure the LAN screens 7 1 1 L...

Страница 90: ...DNS server addresses The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses enter them in the DNS Server fi...

Страница 91: ...sy to remember for instance 192 168 1 1 for your ZyXEL Device but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP...

Страница 92: ...pient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 IGMP Internet Group Multicast Protocol is a network l...

Страница 93: ...mputer to the ZyXEL Device and access the Internet The following figure depicts a scenario where a computer is set to use a static private IP address in the corporate environment In a residential hous...

Страница 94: ...IP routing table so it can properly forward packets intended for the computer After all the routing information is updated the computer can access the ZyXEL Device and the Internet as if it is in the...

Страница 95: ...d Out Only RIP Version Select the RIP version from RIP 1 RIP 2B and RIP 2M Multicast IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a multicast grou...

Страница 96: ...sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN Allow between LAN and WAN Select this check box to forward NetBIOS packets from the L...

Страница 97: ...ed From ISP if your ISP dynamically assigns DNS server information and the ZyXEL Device s WAN IP address Select UserDefined if you have the IP address of a DNS server Enter the DNS server s IP address...

Страница 98: ...name IP Address This field displays the IP address relative to the field listed above MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your comput...

Страница 99: ...ith the ZyXEL Device itself as the gateway for each LAN network When you use IP alias you can also configure firewall rules to control access between the LAN s logical networks subnets Make sure that...

Страница 100: ...broadcast its routing table periodically When set to Both or In Only it will incorporate the RIP information that it receives when set to None it will not send any RIP packets and will ignore any RIP...

Страница 101: ...eless network Figure 48 Example of a Wireless Network The wireless network is the part in the blue circle In this wireless network devices A and B use the access point AP to interact with the other de...

Страница 102: ...To get the MAC address for each device in the wireless network see the device s User s Guide or other documentation You can use the MAC address filter to tell the ZyXEL Device which devices are allowe...

Страница 103: ...ppose you have a wireless network with the ZyXEL Device and you do not have a RADIUS server Therefore there is no authentication Suppose the wireless network has two devices Device A only supports WEP...

Страница 104: ...Network Wireless LAN to open the Wireless LAN General screen Table 29 Additional Wireless Terms TERM DESCRIPTION RTS CTS Threshold In a wireless network which covers a large area wireless devices are...

Страница 105: ...change the ZyXEL Device s SSID or WEP settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match the ZyXEL De...

Страница 106: ...is within range Figure 50 Wireless No Security The following table describes the labels in this screen 8 4 2 WEP Encryption Screen In order to configure and enable WEP encryption click Network Wireles...

Страница 107: ...le 32 Wireless Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop down list box Passphrase Enter a Passphrase up to 32 printable characters and click Generate The Zy...

Страница 108: ...sswords in order to stay connected Enter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds 30 minutes Note If wireless station authentication is done using a RADIUS...

Страница 109: ...if you want the ZyXEL Device to support WPA and WPA2 simultaneously ReAuthentication Timer in seconds Specify how often wireless stations have to resend usernames and passwords in order to stay conne...

Страница 110: ...uthentication server The default port number is 1812 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password...

Страница 111: ...elect a preamble type from the drop down list menu Choices are Long Short or Dynamic The default setting is Long See the appendix for more information 802 11 Mode Select 802 11b Only to allow only IEE...

Страница 112: ...creen appears in the ZyXEL Device Table 36 Network Wireless LAN OTIST LABEL DESCRIPTION Setup Key Type a key password 8 ASCII characters long Note If you change the OTIST setup key in the ZyXEL Device...

Страница 113: ...nsferring OTIST settings The following screens appear in the ZyXEL Device and in the wireless devices Figure 58 OTIST In Progress on the ZyXEL Device Figure 59 OTIST In Progress on the Wireless Device...

Страница 114: ...k Wireless LAN OTIST screen or hold in the RESET button on the ZyXEL Device for three seconds to transfer the settings again 4 If you change the SSID or the keys on the ZyXEL Devices after using OTIST...

Страница 115: ...l be allowed to access the ZyXEL Device Select Allow to permit access to the ZyXEL Device MAC addresses not listed will be denied access to the ZyXEL Device Set This is the index number of the MAC add...

Страница 116: ...Chapter 8 Wireless LAN P 2802H W L I Series User s Guide 116...

Страница 117: ...ddress of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers...

Страница 118: ...l incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 9 1 3 How NAT Works Each...

Страница 119: ...instance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers Many to Many Overload In Many to Many Overload m...

Страница 120: ...Table 39 on page 120 Choose SUA Only if you have just one public WAN IP address for your ZyXEL Device Choose Full Feature if you have multiple public WAN IP addresses for your ZyXEL Device 9 3 NAT Ge...

Страница 121: ...ions such as file sharing applications they need to establish NAT sessions If you do not limit the number of NAT sessions a single client can establish this can result in all of the available NAT sess...

Страница 122: ...9 4 1 Default Server IP Address In addition to the servers for specified services NAT supports a default server IP address A default server receives packets from ports that are not specified in this s...

Страница 123: ...ult Server IP address the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup Click Network NAT Port Forwarding to open the following scr...

Страница 124: ...t Forwarding Service Name Select a service from the drop down list box Server IP Address Enter the IP address of the server for the specified service Add Click this button to add a rule to the table b...

Страница 125: ...ive Click this check box to enable the rule Service Name Enter a name to identify this port forwarding rule Start Port Enter a port number in this field To forward only one port enter the port number...

Страница 126: ...only do this for Many to One and Server mapping types Global End IP This is the ending Inside Global IP Address IGA This field is N A for One to one Many to One and Server mapping types Type 1 1 One t...

Страница 127: ...rvers of different services behind the NAT to be accessible to the outside world Local Start IP This is the starting local IP address ILA Local IP addresses are N A for Server port mapping Local End I...

Страница 128: ...e SIP data stream to a public IP address You do not need to use STUN or an outbound proxy if your ZyXEL Device is behind a SIP ALG Use this screen to enable and disable the SIP VoIP ALG in the ZyXEL D...

Страница 129: ...ol SIP is an application layer control signaling protocol that handles the setting up altering and tearing down of voice and multimedia sessions over the Internet SIP signaling is separate from the me...

Страница 130: ...talking A hangs up and sends a BYE request 11 B replies with an OK response confirming receipt of the BYE request and the call is terminated 10 2 3 SIP Servers SIP is a client server protocol A SIP cl...

Страница 131: ...SIP redirect server accepts SIP requests translates the destination address to an IP address and sends the translated IP address back to the device that sent the request Then the client device that o...

Страница 132: ...ng A codec coder decoder codes analog voice signals into digital signals and decodes the digital signals back into analog voice signals The ZyXEL Device supports the following codecs G 711 is a Pulse...

Страница 133: ...esponse is a feature that allows you to use your telephone to interact with the ZyXEL Device The ZyXEL Device allows you to record custom tones for the Caller Ringing Tone and On Hold Tone functions T...

Страница 134: ...source for example at the ZyXEL Device so a server can decide the best method of delivery that is the least cost fastest route and so on 10 3 2 DiffServ DiffServ is a class of service CoS model that...

Страница 135: ...uses a SIP account to make outgoing VoIP calls and check if an incoming call s destination number matches your SIP account s SIP number In order to make or receive a VoIP call you need to enable and c...

Страница 136: ...can use up to 95 printable ASCII characters It does not matter whether the SIP server is a proxy redirect or register server SIP Server Port Enter the SIP server s listening port number if your VoIP...

Страница 137: ...account exactly as it was given to you You can use up to 95 printable ASCII characters Password Enter the user name for registering this SIP account exactly as it was given to you You can use up to 95...

Страница 138: ...s Guide 138 Figure 76 VoIP SIP Settings Advanced Each field is described in the following table Table 49 VoIP SIP Settings Advanced LABEL DESCRIPTION SIP Account This field displays the SIP account y...

Страница 139: ...in the Start Port and End Port fields To enter a range of ports enter the port number at the beginning of the range in the Start Port field enter the port number at the end of the range in the End Po...

Страница 140: ...evices must also use G 711 T 38 Fax Relay Select this if the ZyXEL Device should send fax messages as UDP or TCP IP packets through IP networks This provides better quality but it may have inter opera...

Страница 141: ...t speaking Table 50 SIP QoS LABEL DESCRIPTION SIP TOS Priority Setting Enter the priority for SIP voice transmissions The ZyXEL Device creates Type of Service priority tags with this priority to voice...

Страница 142: ...IPTION Phone Port Settings Select the phone port you want to see in this screen If you change this field the screen automatically refreshes Outgoing Call Use If you select both SIP accounts the ZyXEL...

Страница 143: ...does not have power regardless of the settings you configure the phone s connected to the PHONE port s can still be used for making PSTN calls Only one phone can be in use at a time Apply Click this...

Страница 144: ...to tell the ZyXEL Device to make the phone call immediately regardless of this setting Active VAD Select this if the ZyXEL Device should stop transmitting when you are not speaking This reduces the b...

Страница 145: ...the flash key is not available you can tap press and immediately release the hook by hand to achieve the same effect However using the flash key is preferred since the timing is much more precise With...

Страница 146: ...one and then answer the phone after it rings Put the first call on hold and answer the second call Press the flash key and then 2 10 11 2 3 European Call Transfer Do the following to transfer an incom...

Страница 147: ...caller is still on hold there will be a remind ring 10 11 3 2 USA Call Waiting This allows you to place a call on hold while you answer another incoming call on the same telephone directory number If...

Страница 148: ...ach field is described in the following table 10 13 Speed Dial Speed dial provides shortcuts for dialing frequently used VoIP phone numbers You also have to create speed dial entries if you want to ma...

Страница 149: ...ies Select the speed dial number you want to use for this phone number Number Enter the SIP number you want the ZyXEL Device to call when you dial the speed dial number Name Enter a name to identify t...

Страница 150: ...eed dial number Destination This field is blank if the speed dial entry uses one of your SIP accounts Otherwise this field shows the IP address or domain name of the SIP server or other party This fie...

Страница 151: ...uld wait for you to answer an incoming call before it considers the call is unanswered Advanced Setup The ZyXEL Device checks these rules before it checks the rules in the Forward to Number section Th...

Страница 152: ...nected to the PHONE port s can still be used for making PSTN calls Only one phone can be in use at a time You can also use the PSTN Line screen to specify phone numbers that should always use the regu...

Страница 153: ...registered These numbers tell the ZyXEL Device that you want to make a regular phone call Relay to PSTN Line Enter phone numbers for regular calls not VoIP calls that you want to dial without the pref...

Страница 154: ...Chapter 10 Voice P 2802H W L I Series User s Guide 154...

Страница 155: ...walls restrict access by screening data packets against defined access rules They make access control decisions based on IP address and protocol They also inspect the session data to assure the integr...

Страница 156: ...ermined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network 5 For local services that are enabled protect against misuse Protect by configur...

Страница 157: ...one of these rules to allow a WAN computer to manage the ZyXEL Device You also need to configure the remote management settings to allow a WAN computer to manage the ZyXEL Device You may define additi...

Страница 158: ...ble to connect to computers with running FTP servers 4 Does this rule conflict with any existing rules Once these questions have been answered adding rules is simply a matter of entering the informati...

Страница 159: ...is to use IP alias IP alias allows you to partition your network into logical sections over the same Ethernet interface Your ZyXEL Device supports up to three logical LAN interfaces with the ZyXEL De...

Страница 160: ...Alias 11 5 General Firewall Policy Click Security Firewall to display the following screen Activate the firewall by selecting the Active Firewall check box as seen in the following screen Refer to Se...

Страница 161: ...ets See Section 11 4 1 on page 158 for an example Packet Direction This is the direction of travel of packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based...

Страница 162: ...ction The firewall rules that you configure summarized below take priority over the general firewall action settings in the General screen This is your firewall rule number The ordering of your rules...

Страница 163: ...n existing firewall rule A window displays asking you to confirm that you want to delete the firewall rule Note that subsequent firewall rules move up by one when you take this action Order Click the...

Страница 164: ...s screen Table 62 Firewall Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule Action for Matched Packet Use the drop down list box to select whether to discard Drop den...

Страница 165: ...n on services available Highlight a service from the Available Services box on the left then click Add to add it to the Selected Services box on the right To remove a service highlight it in the Selec...

Страница 166: ...ibes the labels in this screen 11 6 3 Configuring A Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one This action di...

Страница 167: ...PTION Service Name Type a unique name for your custom port Service Type Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Port Configuration Type Clic...

Страница 168: ...omes rule 8 4 Click Add to display the firewall rule configuration screen 5 In the Edit Rule screen click the Edit Customized Services link to open the Customized Service screen 6 Click an index numbe...

Страница 169: ...ple Edit Rule Destination Address 9 Use the Add and Remove buttons between Available Services and Selected Services list boxes to configure it as follows Click Apply when you are done Custom services...

Страница 170: ...ll Example Edit Rule Select Customized Services On completing the configuration procedure for this Internet firewall rule the Rules screen should look like the following Rule 1 allows a MyService conn...

Страница 171: ...ached the established state the TCP three way handshake has not yet been completed Under normal circumstances the application that initiates a session sends a SYN synchronize packet to the receiving s...

Страница 172: ...r of servers in your LAN network 4 Network bandwidth 5 Type of traffic for certain servers Reduce the threshold values if your network is slower than average for any of these factors especially if you...

Страница 173: ...ow this number Maximum Incomplete High This is the number of existing half open sessions that causes the firewall to start deleting half open sessions When the number of existing half open sessions ri...

Страница 174: ...Chapter 11 Firewalls P 2802H W L I Series User s Guide 174...

Страница 175: ...Device performs content filtering You can also specify trusted IP addresses on the LAN for which the ZyXEL Device will not perform content filtering 12 2 Configuring Keyword Blocking Use this screen t...

Страница 176: ...ains the list of all the keywords that you have configured the ZyXEL Device to block Delete Highlight a keyword in the box and click Delete to remove it Clear All Click Clear All to remove all of the...

Страница 177: ...he check box to have the content filtering to be active on the selected day Start TIme Enter the time when you want the content filtering to take effect in hour minute format End Time Enter the time w...

Страница 178: ...Chapter 12 Content Filtering P 2802H W L I Series User s Guide 178...

Страница 179: ...ata communications across a public network like the Internet IPSec is built around a number of standardized cryptographic techniques to provide confidentiality data integrity and authentication at the...

Страница 180: ...s the following VPN applications Linking Two or More Private Networks Together Connect branch offices and business partners over the Internet with significant cost savings and improved performance whe...

Страница 181: ...ption Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provid...

Страница 182: ...3 2 Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to provide access to internal systems Tunnel mode is fundamentally...

Страница 183: ...including headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its destination address is the inbound address of the VPN device at the r...

Страница 184: ...Chapter 13 Introduction to IPSec P 2802H W L I Series User s Guide 184...

Страница 185: ...ty authentication sequence integrity replay resistance and non repudiation but not for confidentiality for which the ESP was designed In applications where confidentiality is not required or not sanct...

Страница 186: ...using a private secret key DES applies a 56 bit key to each 64 bit block of data MD5 default MD5 Message Digest 5 produces a 128 bit digest to authenticate packet data 3DES Triple DES 3DES is a varia...

Страница 187: ...Dynamic Secure Gateway Address If the remote secure gateway has a dynamic WAN IP address and does not use DDNS enter 0 0 0 0 as the secure gateway s address In this case only the remote secure gateway...

Страница 188: ...Name This field displays the identification name for this VPN policy Local Address This is the IP address es of computer s on your local network behind your ZyXEL Device The same static IP address is...

Страница 189: ...nd assumes that the data has been maliciously altered Remote Address This is the IP address es of computer s on the remote network behind the remote IPSec router This field displays N A when the Secur...

Страница 190: ...E SA For NAT traversal to work you must Use ESP security protocol in either transport or tunnel mode Use IKE keying mode Enable NAT traversal on both IPSec endpoints Set the NAT router to forward UDP...

Страница 191: ...om remote IPSec routers that have dynamic WAN IP addresses Telecommuters can use separate passwords to simultaneously connect to the ZyXEL Device from IPSec routers with dynamic IP addresses seeSectio...

Страница 192: ...Peer ID Type and Content Fields PEER ID TYPE CONTENT IP Type the IP address of the computer with which you will make the VPN connection or leave the field blank to have the ZyXEL Device automatically...

Страница 193: ...ase 1 IKE negotiation seeSection 14 12 on page 198for more on IKE phases It is called pre shared because you have to share it with another party before you can communicate with them over a secure conn...

Страница 194: ...is check box to activate this VPN policy This option determines whether a VPN rule is applied before a packet leaves the firewall Keep Alive Select either Yes or No from the drop down list box Select...

Страница 195: ...r remote IP address but not both You can configure multiple SAs between the same local and remote IP addresses as long as only one is active at any time Local Address Type Use the drop down menu to ch...

Страница 196: ...igure the local Content field to 0 0 0 0 or leave it blank It is recommended that you type an IP address other than 0 0 0 0 in the local Content field or use the DNS or E mail ID type in the following...

Страница 197: ...N s full IP address range as the local IP address then you cannot configure any other active rules with the Secure Gateway Address field set to 0 0 0 0 Security Protocol VPN Protocol Select ESP if you...

Страница 198: ...ES that uses a 168 bit key As a result 3DES is more secure than DES It also requires more processing power resulting in increased latency and decreased throughput This implementation of AES uses a 128...

Страница 199: ...e someone attempts to send traffic 14 12 1 Negotiation Mode The phase 1 Negotiation Mode you select determines how the Security Association SA will be established for each connection through IKE negot...

Страница 200: ...rity This may be unnecessary for data that does not require such security so PFS is disabled None by default in the ZyXEL Device Disabling PFS means new authentication and encryption keys are derived...

Страница 201: ...art of the 16 to 62 character range for the key For example in 0x0123456789ABCDEF 0x denotes that the key is hexadecimal and 0123456789ABCDEF is the key itself Both ends of the VPN tunnel must use the...

Страница 202: ...resulting in increased latency and decreased throughput This implementation of AES uses a 128 bit key AES is faster than 3DES Select NULL to set up a tunnel without encryption When you select NULL yo...

Страница 203: ...the fields in this screen Table 79 VPN Setup Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy Name Type up to 32 characters to identify this VPN polic...

Страница 204: ...d to Single this field is N A When the Local Address Type field is configured to Range enter the end static IP address in a range of computers on the LAN behind your ZyXEL Device When the Local Addres...

Страница 205: ...thentication Algorithm fields described next Encryption Algorithm Select DES 3DES or NULL from the drop down list box When DES is used for data communications both sender and receiver must know the sa...

Страница 206: ...ffic Figure 114 VPN SA Monitor The following table describes the fields in this screen Table 80 VPN SA Monitor LABEL DESCRIPTION No This is the security association index number Name This field displa...

Страница 207: ...figure to use one VPN rule to simultaneously access a ZyXEL Device at headquarters HQ in the figure The telecommuters do not have domain names mapped to the WAN IP addresses of their IPSec routers Th...

Страница 208: ...elecommuters IPSec routers should not overlap See the following table and figure for an example where three telecommuters each use a different VPN rule for a VPN connection with a ZyXEL Device located...

Страница 209: ...ZyXEL Device Rule 1 Local ID Type IP Peer ID Type IP Local ID Content 192 168 2 12 Peer ID Content 192 168 2 12 Local IP Address 192 168 2 12 Secure Gateway Address telecommuter1 com Remote Address 1...

Страница 210: ...PN Screens P 2802H W L I Series User s Guide 210 14 19 VPN and Remote Management If a VPN tunnel uses Telnet FTP WWW then you should configure remote management Remote Management to allow access for t...

Страница 211: ...n in general works as follows 1 Tim wants to send a private message to Jenny Tim generates a public key pair What is encrypted with one key can only be decrypted using the other 2 Tim keeps the privat...

Страница 212: ...e public keys and you never need to transmit private keys 15 2 Self signed Certificates You can have the ZyXEL Device act as a certification authority and sign its own certificates 15 3 Configuration...

Страница 213: ...plays what kind of certificate this is REQ represents a certification request and is not yet a valid certificate Send a certification request to a certification authority which then issues a certifica...

Страница 214: ...tificate that one or more features is configured to use Do the following to delete a certificate that shows SELF in the Type field 1 Make sure that no other features such as HTTPS VPN SSH are configur...

Страница 215: ...ntax for data including digital signatures that may be encrypted The ZyXEL Device currently allows the importation of a PKS 7 file that contains a single certificate PEM Base 64 encoded PKCS 7 This Pr...

Страница 216: ...ation authority may add fields such as a serial number to the subject information when it issues a certificate It is recommended that each certificate have unique subject information Common Name Selec...

Страница 217: ...ertification authority s enrollment protocol and the certification authority s certificate from the drop down list boxes and enter the certification authority s server address You also need to fill in...

Страница 218: ...screen with a Return button that takes you back to the My Certificate Create screen Click Return and check your information in the My Certificate Create screen Make sure that the certification authori...

Страница 219: ...Chapter 15 Certificates P 2802H W L I Series User s Guide 219 Figure 122 My Certificate Details...

Страница 220: ...tion about the certificate Type This field displays general information about the certificate CA signed means that a Certification Authority signed the certificate Self signed means that the certifica...

Страница 221: ...ing the MD5 algorithm SHA1 Fingerprint This is the certificate s message digest that the ZyXEL Device calculated using the SHA1 algorithm Certificate in PEM Base 64 Encoded Format This read only text...

Страница 222: ...e subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization or...

Страница 223: ...certificate A window displays asking you to confirm that you want to delete the certificates Note that subsequent certificates move up by one when you take this action Import Click Import to open a s...

Страница 224: ...con to open the Trusted CA Details screen Use this screen to view in depth information about the certification authority s certificate change the certificate s name and set whether or not you want the...

Страница 225: ...a Certification Authority signed the certificate Self signed means that the certificate s owner signed the certificate not a certification authority X 509 means that this certificate was created and s...

Страница 226: ...isplays the domain names or IP addresses of the servers MD5 Fingerprint This is the certificate s message digest that the ZyXEL Device calculated using the MD5 algorithm You can use this value to veri...

Страница 227: ...nformation about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject...

Страница 228: ...e message digests calculated using the MD5 or SHA1 algorithms The following procedure describes how to use a certificate s fingerprint to verify that you have the remote host s actual certificate 1 Br...

Страница 229: ...labels in this screen 15 14 Trusted Remote Host Certificate Details Click Security Certificates Trusted Remote Hosts to open the Trusted Remote Hosts screen Click the details icon to open the Trusted...

Страница 230: ...hierarchy of certification authorities that validate a certificate s issuing certification authority For a trusted host the list consists of the end entity s own certificate and the default self sign...

Страница 231: ...that the key can be used to encrypt text Basic Constraint This field displays general information about the certificate For example Subject Type CA means that this is a certification authority s cert...

Страница 232: ...Apply to save your changes back to the ZyXEL Device You can only change the name of the certificate Cancel Click Cancel to quit configuring this screen and return to the Trusted Remote Hosts screen T...

Страница 233: ...creen where you can configure information about a directory server so that the ZyXEL Device can access it Table 94 Directory Servers LABEL DESCRIPTION Table 95 Directory Server Add and Edit LABEL DESC...

Страница 234: ...certification authority Password Type the password up to 31 ASCII characters from the entity maintaining the directory server usually a certification authority Back Click Back to return to the Directo...

Страница 235: ...instance the ZyXEL Device knows about network N2 in the following figure through remote node Router 1 However the ZyXEL Device is unable to route a packet to network N3 because it doesn t know that th...

Страница 236: ...es this route Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Netmask This parameter specifies the IP network subnet mask...

Страница 237: ...tion Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical...

Страница 238: ...Chapter 16 Static Route P 2802H W L I Series User s Guide 238...

Страница 239: ...quickly than those with low priority if there is congestion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latenc...

Страница 240: ...going 17 1 3 1 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field a...

Страница 241: ...the network is congested 17 2 Configuring QoS General Screen Click Advanced QoS to open the screen as shown next Use this screen to enable or disable QoS and select to have the ZyXEL Device automatic...

Страница 242: ...allocate using QoS The recommendation is to set this speed to match the interface s actual transmission speed For example set the WAN interface speed to 100000 kbps if your Internet connection has an...

Страница 243: ...ifier No This field displays the index number of the classifier Active Select the check box to enable this classifier Name This is the name of the classifier Interface This shows the interface from wh...

Страница 244: ...n Active Select the check box to enable this classifier Name Enter a descriptive name of up to 20 printable English keyboard characters including spaces Interface Select from which interface traffic o...

Страница 245: ...nation IP address in dotted decimal notation and the destination subnet mask Refer to the appendix for more information on IP subnetting Port Select the check box and enter the port number of the dest...

Страница 246: ...classes are assigned priority queue based on the internal QoS mapping table on the ZyXEL Device Figure 139 QoS Example Figure 140 QoS Class Example VoIP 1 Ethernet Priority Select this option and sele...

Страница 247: ...Chapter 17 Quality of Service QoS P 2802H W L I Series User s Guide 247 Figure 141 QoS Class Example VoIP 2 Figure 142 QoS Class Example Boss 1...

Страница 248: ...ice QoS P 2802H W L I Series User s Guide 248 Figure 143 QoS Class Example Boss 2 17 4 QoS Monitor To view the ZyXEL Device s QoS packet statistics click Advanced QoS Monitor The screen appears as sho...

Страница 249: ...ster while traffic in lower index queues is dropped if the network is congested Pass This shows how many packets mapped to this priority queue are transmitted successfully Drop This shows how many pac...

Страница 250: ...Chapter 17 Quality of Service QoS P 2802H W L I Series User s Guide 250...

Страница 251: ...t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to ha...

Страница 252: ...Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type...

Страница 253: ...IP address of the NAT router that has a public IP address Note The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the ZyXEL Device and the DDNS se...

Страница 254: ...Chapter 18 Dynamic DNS Setup P 2802H W L I Series User s Guide 254...

Страница 255: ...from which computers The following figure shows secure and insecure management of the ZyXEL Device coming in from the WAN HTTPS access is secure HTTP and Telnet access are not secure Figure 146 Secure...

Страница 256: ...e management screen You have disabled that service in one of the remote management screens The IP address in the Secured Client IP field does not match the client IP address If it does not match the Z...

Страница 257: ...s that the SSL server the ZyXEL Device must always authenticate itself to the SSL client the computer which requests the HTTPS connection with the ZyXEL Device whereas the SSL client only should authe...

Страница 258: ...d to communicate with the ZyXEL Device using this service Select All to allow any computer to access the ZyXEL Device using this service Choose Selected to just allow the computer with the IP address...

Страница 259: ...er listens on port 443 by default If you change the HTTPS proxy server port to a different number on the ZyXEL Device for example 8443 then you must notify people who need to access the ZyXEL Device w...

Страница 260: ...cate is from the ZyXEL Device If Accept this certificate temporarily for this session is selected then click OK to continue in Netscape Select Accept this certificate permanently to import the ZyXEL D...

Страница 261: ...k the common name specified in the certificate that your ZyXEL Device sends to HTTPS clients 2a Click Remote MGMT Write down the name of the certificate displayed in the Server Host Key field 2b Click...

Страница 262: ...tory default certificate is a common default certificate for all ZyXEL Device models Figure 153 Replace Certificate Click Apply in the Replace Certificate screen to create a certificate using your ZyX...

Страница 263: ...formation in the My Certificates screen Figure 155 Common ZyXEL Device Certificate 19 5 Telnet You can use Telnet to access the ZyXEL Device Specify which interfaces allow Telnet access and from which...

Страница 264: ...rom which IP address the access can come Table 106 Remote Management Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port numb...

Страница 265: ...s only available if TCP IP is configured Table 107 Remote Management FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number...

Страница 266: ...t Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol b...

Страница 267: ...power on 1 warmStart defined in RFC 1215 A trap is sent after booting software reboot 4 authenticationFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requ...

Страница 268: ...er may access the ZyXEL Device using this service Secured Client IP A secured client is a trusted computer that is allowed to communicate with the ZyXEL Device using this service Select All to allow a...

Страница 269: ...n unsupported ports are probed If you want your device to respond to pings and requests for unauthorized services you may also need to configure the firewall anti probing settings to match Table 110 R...

Страница 270: ...unauthorized services Select this option to prevent hackers from finding the ZyXEL Device by probing for unused ports If you select this option the ZyXEL Device will not respond to port request s for...

Страница 271: ...network will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device 20 1 2 NAT Traversal UPnP NAT traversal automates the...

Страница 272: ...on 20 1 on page 271 for more information Figure 162 Configuring UPnP The following table describes the fields in this screen Table 112 Configuring UPnP LABEL DESCRIPTION Active the Universal Plug and...

Страница 273: ...and Control Panel Double click Add Remove Programs 2 Click on the Windows Setup tab and select Communication in the Components selection box Click Details Figure 163 Add Remove Programs Windows Setup...

Страница 274: ...when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections win...

Страница 275: ...de 275 Figure 166 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play check box Figure 167 Networking Services 6 Click OK to go back to...

Страница 276: ...vice Make sure the computer is connected to a LAN port of the ZyXEL Device Turn on your computer and the ZyXEL Device Auto discover Your UPnP enabled Network Device 1 Click Start and Control Panel Dou...

Страница 277: ...pter 20 Universal Plug and Play UPnP P 2802H W L I Series User s Guide 277 Figure 169 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappin...

Страница 278: ...erties Advanced Settings Figure 171 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatical...

Страница 279: ...Status Web Configurator Easy Access With UPnP you can access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do n...

Страница 280: ...Series User s Guide 280 Figure 174 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and sel...

Страница 281: ...ide 281 Figure 175 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Devic...

Страница 282: ...Chapter 20 Universal Plug and Play UPnP P 2802H W L I Series User s Guide 282...

Страница 283: ...283 PART IV Maintenance Troubleshooting and Specifications System 285 Logs 289 Tools 303 Diagnostic 315 Troubleshooting 317 Product Specifications 325...

Страница 284: ...284...

Страница 285: ...2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the...

Страница 286: ...ype how many minutes a management session either via the web configurator or telnet can be left idle before the session times out The default is 5 minutes After it times out you have to log in with yo...

Страница 287: ...he ZyXEL Device synchronizes the time with the time server Current Date This field displays the date of your ZyXEL Device Each time you reload this page the ZyXEL Device synchronizes the date with the...

Страница 288: ...if you selected Daylight Savings The o clock field uses the 24 hour format Here are a couple of examples Daylight Saving Time starts in most parts of the United States on the second Sunday of March E...

Страница 289: ...ention They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by t...

Страница 290: ...lay The categories that you select in the Log Settings screen display in the drop down list box Select a category of logs to view select All Logs to view logs from all of the log categories that you s...

Страница 291: ...il server for the e mail addresses specified below If this field is left blank logs and alert messages will not be sent via E mail Mail Subject Type a title that you want to be in the subject line of...

Страница 292: ...specify a time of day when the E mail should be sent If you select Weekly then also specify which day of the week the E mail should be sent If you select When Log is Full an alert is sent when the lo...

Страница 293: ...fail 6 means RCPT TO fail 7 means DATA fail 8 means mail data send fail Subject Firewall Alert From Date Fri 07 Apr 2000 10 05 42 From user zyxel com To user zyxel com 1 Apr 7 00 From 192 168 1 1 To...

Страница 294: ...to the router via ftp NAT Session Table is Full The maximum number of NAT session table entries has been exceeded and the table is full Starting Connectivity Monitor Starting Connectivity Monitor Tim...

Страница 295: ...PF The firewall allowed a triangle route session to pass through Packet without a NAT table entry blocked TCP UDP IGMP ESP GRE OSPF The router blocked a packet that didn t have a corresponding NAT tab...

Страница 296: ...Packet Direction type d code d ICMP access matched the default policy and was blocked or forwarded according to the user s setting Firewall rule NOT match ICMP Packet Direction rule d type d code d IC...

Страница 297: ...nection s Internet Protocol Control Protocol stage is opening ppp LCP Closing The PPP connection s Link Control Protocol stage is closing ppp IPCP Closing The PPP connection s Internet Protocol Contro...

Страница 298: ...ttack vulnerability ICMP type d code d The firewall detected an ICMP vulnerability attack traceroute ICMP type d code d The firewall detected an ICMP traceroute attack Table 129 802 1X Logs LOG MESSAG...

Страница 299: ...Server to authenticate user There is no authentication server to authenticate a user Local User Database does not find user s credential A user was not authenticated by the local user database becaus...

Страница 300: ...SAGE DESCRIPTION Facility 8 Severity Mon dd hr mm ss hostname src srcIP srcPort dst dstIP dstPort msg msg note note devID mac address last three numbers cat category This message is sent by the system...

Страница 301: ...ted phone port to initiate a VoIP call to the listed destination VoIP Call Established Ph Phone Port Outgoing Call Number Someone used a phone connected to the listed phone port to make a VoIP call to...

Страница 302: ...se refer to RFC 2408 for detailed information on each type Table 138 RFC 2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE SA Security Association PROP Proposal TRANS Transform KE Key Exchange ID Ide...

Страница 303: ...alternately upload the factory default configuration file if you want to return the device to the original default settings The firmware determines the device s available features and functionality Y...

Страница 304: ...ZyXEL Device that is on your computer local network or FTP site and so the name but not the extension may vary After uploading new firmware see the Status screen to confirm that you have uploaded the...

Страница 305: ...pload is in progress Figure 182 Firmware Upgrade The following table describes the labels in this screen After you see the Firmware Upload in Progress screen wait two minutes before logging into the Z...

Страница 306: ...es log in again and check your new firmware version in the Status screen If the upload was not successful the following screen will appear Click Return to go back to the Firmware screen Figure 185 Err...

Страница 307: ...nfiguration to your computer 23 5 2 Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device 1 Do not turn...

Страница 308: ...he IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 See Appendix A on page 337 for details on how to set up your computer s IP address If the u...

Страница 309: ...EL Device s configuration Figure 192 Restart Screen 23 7 Using FTP or TFTP to Back Up Configuration This section covers how to use FTP or TFTP to save your device s configuration file to your computer...

Страница 310: ...ecommended To use TFTP your computer must have both telnet and TFTP clients To backup the configuration file follow the procedure shown next 331 Enter PASS command Password 230 Logged in ftp bin 200 T...

Страница 311: ...t binary transfer mode 23 7 5 TFTP Command Configuration Backup Example The following is an example TFTP command tftp i host get rom 0 config rom where i specifies binary image transfer mode use this...

Страница 312: ...Configuration process is complete the device automatically restarts 23 8 1 Restore Using FTP Session Example Figure 194 Restore Using FTP Session Example Refer to Section 23 3 on page 304 to read abou...

Страница 313: ...mpt 23 9 2 FTP Session Example of Firmware File Upload Figure 195 FTP Session Example of Firmware File Upload More commands found in GUI based FTP clients are listed earlier in this chapter Refer to S...

Страница 314: ...tive and the device in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to t...

Страница 315: ...en the screen shown next Figure 196 Diagnostic General The following table describes the fields in this screen 24 2 DSL Line Diagnostic Click Maintenance Diagnostic DSL Line to open the screen shown n...

Страница 316: ...the DSL connection status Reset VDSL Line Click this button to reinitialize the VDSL line The large text box above then displays the progress and results of this operation for example Start to reset V...

Страница 317: ...you are using the power adaptor or cord included with the ZyXEL Device 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure t...

Страница 318: ...gin screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 7 3 1 on page 91 use the new IP address...

Страница 319: ...Device 1 Make sure you have entered the user name and password correctly The default password is 1234 These fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web c...

Страница 320: ...ake sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 5 on page 40 2 Turn the ZyXEL Device off and on 3 If the problem continues contact your ISP V The Internet connection...

Страница 321: ...is connected to the corresponding PHONE port You can also check the VoIP status in the Status screen If the VoIP settings are correct use speed dial to make peer to peer calls If you can make a call u...

Страница 322: ...ts in order to control which SIP account you are using when placing or receiving calls 25 5 1 Outgoing Calls The following figure represents the default behavior of your ZyXEL Device when two SIP acco...

Страница 323: ...and phone port 2 ring In either case you are not sure which SIP account the call is coming from Figure 200 Incoming Calls Default In the next example phone port 1 is configured to use SIP account 1 a...

Страница 324: ...Chapter 25 Troubleshooting P 2802H W L I Series User s Guide 324...

Страница 325: ...rt 1 RJ 11 FXS POTS port for making calls over the PSTN line RESET Button Restores factory defaults Antenna One attached external dipole antenna 2dBi Operation Temperature 0 C 40 C Storage Temperature...

Страница 326: ...ime and date from an external server when you turn on your ZyXEL Device You can also set the time manually These dates and times are then used in logs Logs Use logs for troubleshooting You can send lo...

Страница 327: ...cally join a network obtain an IP address and convey their capabilities to each other PPPoE Support RFC2516 PPPoE Point to Point Protocol over Ethernet emulates a dial up connection It allows your ISP...

Страница 328: ...SNMP and DNS VoIP Auto provisioning via TFTP HTTP Remote Firmware Upgrade Syslog Other Features Dynamic DNS SPTGEN QoS Firewall Stateful Packet Inspection Prevent Denial of Service attacks such as Pi...

Страница 329: ...Phone standards and settings differ from one country to another so the settings on your ZyXEL Device must be configured to match those of the country you are in The country code feature allows you to...

Страница 330: ...l on a VoIP account even while someone else is using the account for a phone call Voice Activity Detection Silence Suppression Voice Activity Detection VAD reduces the bandwidth that a call uses by no...

Страница 331: ...ected Access WPA is a subset of the IEEE 802 11i security standard Key differences between WPA and WEP are user authentication and improved data encryption WPA2 WPA 2 is a wireless security standard t...

Страница 332: ...ol PPP RFC 1723 RIP 2 Routing Information Protocol RFC 1901 SNMPv2c Simple Network Management Protocol version 2c RFC 2236 Internet Group Management Protocol Version 2 RFC 2408 Internet Security Assoc...

Страница 333: ...6A Output Power DC 18Volts 1A Power Consumption 12 Watt max Safety Standards UL CUL UL 60950 1 EUROPEAN PLUG STANDARDS AC Power Adapter Model MU18 2180100 C5 Input Power AC 100 240Volts 50 60Hz 0 6A O...

Страница 334: ...Chapter 26 Product Specifications P 2802H W L I Series User s Guide 334...

Страница 335: ...may not apply to your ZyXEL Device Setting up Your Computer s IP Address 337 Pop up Windows JavaScripts and Java Permissions 349 IP Addresses and Subnetting 355 Wireless LANs 363 Services 373 Command...

Страница 336: ...336...

Страница 337: ...of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components...

Страница 338: ...nd then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window click Add 2 Select Protocol and then click Add 3 Select Micro...

Страница 339: ...mic select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 203 Windows 95 98...

Страница 340: ...OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyXEL Device and restart your computer when prompted Verifying...

Страница 341: ...L I Series User s Guide 341 Figure 205 Windows XP Start Menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 206 Windows XP Control Panel 3...

Страница 342: ...eral tab in Win XP and click Properties Figure 208 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynami...

Страница 343: ...onfigure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a...

Страница 344: ...w 9 Click OK to close the Local Area Connection Properties window 10 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then...

Страница 345: ...P 2802H W L I Series User s Guide 345 Figure 211 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 212 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings...

Страница 346: ...Click Save if prompted to save changes to your configuration 7 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Pa...

Страница 347: ...g From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyXEL Device in the Router address box 5 Cl...

Страница 348: ...Appendix A Setting up Your Computer s IP Address P 2802H W L I Series User s Guide 348...

Страница 349: ...Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up bloc...

Страница 350: ...any web pop up blockers you may have enabled Figure 216 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop...

Страница 351: ...s Guide 351 Figure 217 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add t...

Страница 352: ...display properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 219 Internet Options Security 2 Click the...

Страница 353: ...Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java per...

Страница 354: ...issions P 2802H W L I Series User s Guide 354 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected...

Страница 355: ...eet share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the...

Страница 356: ...t in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subne...

Страница 357: ...lowed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a f...

Страница 358: ...re shows the company network before subnetting Figure 224 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks T...

Страница 359: ...2 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need...

Страница 360: ...9 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subn...

Страница 361: ...HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255...

Страница 362: ...you entered You don t need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique addre...

Страница 363: ...ependent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an Ad hoc wireless LAN Figure 226 Peer to Peer Communication in an Ad hoc N...

Страница 364: ...s wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired ne...

Страница 365: ...ally overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 chann...

Страница 366: ...the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS...

Страница 367: ...more reliable communication in noisy networks Select Dynamic to have the AP automatically use short preamble when all wireless stations support it otherwise the AP uses long preamble The AP and the wi...

Страница 368: ...nnected to the network Accounting Keeps track of the client s network activity RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless station and the network...

Страница 369: ...n it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication Finally MD5 authentication method does not support data encryption with dyn...

Страница 370: ...a default encryption key in the Wireless screen You may still configure and store keys here but they will not be used while Dynamic WEP is enabled EAP MD5 cannot be used with Dynamic WEP Key Exchange...

Страница 371: ...and resending them The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC If they do not match it is assumed that the data has...

Страница 372: ...ynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable WPA WEP No Yes WPA TKIP No Yes WPA PSK WEP Yes Yes WPA PSK TKIP Yes Yes Table 166 Wireless Security Relational Matrix continued AUTHENTICA...

Страница 373: ...his service is used Table 167 Examples of Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM TCP 5190...

Страница 374: ...ssenger service uses this protocol NetBIOS TCP UDP TCP UDP TCP UDP TCP UDP 137 138 139 445 The Network Basic Input Output System is used for communication between computers in a LAN NEW ICQ TCP 5190 A...

Страница 375: ...messages from one e mail server to another SMTPS TCP 465 This is a more secure version of SMTP that runs over SSL SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for u...

Страница 376: ...t file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP UDP 7000 user defined A videoconferencing solution The UDP por...

Страница 377: ...field identification number field name parameter values allowed input where input is your input conforming to parameter values allowed The figure shown next is an example of an Internal SPTGEN text f...

Страница 378: ...230 on page 377 Figure 231 Invalid Parameter Entered Command Line Example The ZyXEL Device will display the following if you enter parameter s that are valid Figure 232 Valid Parameter Entered Command...

Страница 379: ...igure 234 Internal SPTGEN FTP Upload Example Example Internal SPTGEN Screens This section covers ZyXEL Device Internal SPTGEN screens c ftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Jan 1 03 22...

Страница 380: ...Ethernet Setup FIN FN PVA INPUT 30100001 Input Protocol filters Set 1 2 30100002 Input Protocol filters Set 2 256 30100003 Input Protocol filters Set 3 256 30100004 Input Protocol filters Set 4 256 30...

Страница 381: ...30200013 IP Policies Set 1 1 12 256 30200014 IP Policies Set 2 1 12 256 30200015 IP Policies Set 3 1 12 256 30200016 IP Policies Set 4 1 12 256 Menu 3 2 1 IP Alias Setup FIN FN PVA INPUT 30201001 IP...

Страница 382: ...1020 IP Alias 2 Incoming protocol filters Set 2 256 30201021 IP Alias 2 Incoming protocol filters Set 3 256 30201022 IP Alias 2 Incoming protocol filters Set 4 256 30201023 IP Alias 2 Outgoing protoco...

Страница 383: ...r Action 0 Allow 1 Deny 0 30501003 Address 1 00 00 00 00 00 00 30501004 Address 2 00 00 00 00 00 00 30501005 Address 3 00 00 00 00 00 00 Continued 30501034 Address 32 00 00 00 00 00 00 Table 170 Menu...

Страница 384: ...protocol filter set 3 256 40000019 ISP incoming protocol filter set 4 256 40000020 ISP outgoing protocol filter set 1 256 40000021 ISP outgoing protocol filter set 2 256 40000022 ISP outgoing protocol...

Страница 385: ...0 0 0 0 120102004 IP Static Route set 2 Destination IP subnetmask 0 120102005 IP Static Route set 2 Gateway 0 0 0 0 120102006 IP Static Route set 2 Metric 0 120102007 IP Static Route set 2 Private 0...

Страница 386: ...set 6 Active 0 No 1 Yes 0 120106003 IP Static Route set 6 Destination IP address 0 0 0 0 120106004 IP Static Route set 6 Destination IP subnetmask 0 120106005 IP Static Route set 6 Gateway 0 0 0 0 120...

Страница 387: ...Static Route set 10 Name 120110002 IP Static Route set 10 Active 0 No 1 Yes 0 120110003 IP Static Route set 10 Destination IP address 0 0 0 0 120110004 IP Static Route set 10 Destination IP subnetmas...

Страница 388: ...ivate 0 No 1 Yes 0 Menu 12 1 14 IP Static Route Setup FIN FN PVA INPUT 120114001 IP Static Route set 14 Name Str 120114002 IP Static Route set 14 Active 0 No 1 Yes 0 120114003 IP Static Route set 14 D...

Страница 389: ...Server 2 Protocol 0 All 6 TCP 17 U DP 0 150000004 SUA Server 2 Port Start 0 150000005 SUA Server 2 Port End 0 150000006 SUA Server 2 Local IP address 0 0 0 0 150000007 SUA Server 3 Active 0 No 1 Yes...

Страница 390: ...Active 0 No 1 Yes 0 150000038 SUA Server 9 Protocol 0 All 6 TCP 17 U DP 0 150000039 SUA Server 9 Port Start 0 150000040 SUA Server 9 Port End 0 150000041 SUA Server 9 Local IP address 0 0 0 0 15000004...

Страница 391: ...ress 0 0 0 0 210101009 IP Filter Set 1 Rule 1 Src Subnet Mask 0 210101010 IP Filter Set 1 Rule 1 Src Port 0 210101011 IP Filter Set 1 Rule 1 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 greater 0...

Страница 392: ...ilter Set 1 Rule 3 Dest Subnet Mask 0 210103006 IP Filter Set 1 Rule 3 Dest Port 139 210103007 IP Filter Set 1 Rule 3 Dest Port Comp 0 none 1 equal 2 not equal 3 less 4 greater 1 210103008 IP Filter S...

Страница 393: ...set 1 rule 5 FIN FN PVA INPUT 210105001 IP Filter Set 1 Rule 5 Type 2 TCP IP 2 210105002 IP Filter Set 1 Rule 5 Active 0 No 1 Yes 1 210105003 IP Filter Set 1 Rule 5 Protocol 17 210105004 IP Filter Se...

Страница 394: ...0 210106010 IP Filter Set 1 Rule 6 Src Port 0 210106011 IP Filter Set 1 Rule 6 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 greater 0 210106013 IP Filter Set 1 Rule 6 Act Match 1 check next 2 for...

Страница 395: ...le 2 FIN FN PVA INPUT 210202001 IP Filter Set 2 Rule 2 Type 0 none 2 TCP IP 2 210202002 IP Filter Set 2 Rule 2 Active 0 No 1 Yes 1 210202003 IP Filter Set 2 Rule 2 Protocol 6 210202004 IP Filter Set 2...

Страница 396: ...0203008 IP Filter Set 2 Rule 3 Src IP address 0 0 0 0 210203009 IP Filter Set 2 Rule 3 Src Subnet Mask 0 210203010 IP Filter Set 2 Rule 3 Src Port 0 210203011 IP Filter Set 2 Rule 3 Src Port Comp 0 no...

Страница 397: ...le 5 FIN FN PVA INPUT 210205001 IP Filter Set 2 Rule 5 Type 0 none 2 TCP IP 2 210205002 IP Filter Set 2 Rule 5 Active 0 No 1 Yes 1 210205003 IP Filter Set 2 Rule 5 Protocol 17 210205004 IP Filter Set...

Страница 398: ...l 3 less 4 g reater 1 210206008 IP Filter Set 2 Rule 6 Src IP address 0 0 0 0 210206009 IP Filter Set 2 Rule 6 Src Subnet Mask 0 210206010 IP Filter Set 2 Rule 6 Src Port 0 210206011 IP Filter Set 2 R...

Страница 399: ...0200009 Accounting Server Port 1823 230200010 Accounting Server Shared Secret 1234 Menu 23 4 System security IEEE802 1x FIN FN PVA INPUT 230400001 Wireless Port Control 0 Authentication Required 1 No...

Страница 400: ...41100003 TELNET Server Secured IP address 0 0 0 0 241100004 FTP Server Port 21 241100005 FTP Server Access 0 all 1 none 2 Lan 3 Wan 0 241100006 FTP Server Secured IP address 0 0 0 0 241100007 WEB Serv...

Страница 401: ...notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only a...

Страница 402: ...must not be co located or operating in conjunction with any other antenna or transmitter IEEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 To...

Страница 403: ...t of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warrantie...

Страница 404: ...Appendix G Legal Information P 2802H W L I Series User s Guide 404...

Страница 405: ...rt E mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com www europe zyxel com FTP ftp zyxel com ftp europe zyxel com Regular Mail Zy...

Страница 406: ...80 8448 Web www zyxel fi Regular Mail ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web www zyxel fr Regular...

Страница 407: ...Shinagawa ku Tokyo 141 0022 Japan Kazakhstan Support http zyxel kz support Sales E mail sales zyxel kz Telephone 7 3272 590 698 Fax 7 3272 590 689 Web www zyxel kz Regular Mail ZyXEL Kazakhstan 43 Do...

Страница 408: ...ul Okrzei 1A 03 715 Warszawa Poland Russia Support http zyxel ru support Sales E mail sales zyxel ru Telephone 7 095 542 89 29 Fax 7 095 542 89 25 Web www zyxel ru Regular Mail ZyXEL Russia Ostrovity...

Страница 409: ...r Mail ZyXEL Thailand Co Ltd 1 1 Moo 2 Ratchaphruk Road Bangrak Noi Muang Nonthaburi 11000 Thailand Ukraine Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69...

Страница 410: ...Appendix H Customer Support P 2802H W L I Series User s Guide 410...

Страница 411: ...ate details 218 factory default 213 certificates 211 advantages 212 and cryptology 211 and directory servers 212 232 and public key cryptology 211 and public private keys 211 and remote hosts 226 crea...

Страница 412: ...ntiated Services DSCP 240 DSCPs 134 DSL line reinitialize 316 DTMF 133 DTMF detection and generation 330 Dual Tone MultiFrequency 133 dynamic DNS 251 327 Dynamic Host Configuration Protocol 327 dynami...

Страница 413: ...phases 198 importing certificates 214 importing trusted CAs 223 importing trusted remote hosts 229 Independent Basic Service Set 363 Initialization Vector IV 371 inside header 182 install UPnP 273 Wi...

Страница 414: ...how it works 118 mapping types 119 what it does 118 NAT Network Address Translation 117 NAT mode 121 NAT sessions 328 NAT traversal 190 271 negotiation mode 199 Network Address Translation see NAT O...

Страница 415: ...307 restore configuration 312 RF Radio Frequency 332 RFC 1631 117 RFC 1889 132 330 RFC 1890 330 RFC 2327 330 RFC 2516 327 RFC 3261 330 Ringer Equivalence Number 330 RIP 92 direction 92 Routing Informa...

Страница 416: ...file upload 313 TFTP and FTP over WAN 304 TFTP restrictions 304 three way conference 146 147 TLS 331 ToS 134 trademarks 401 transparent bridging 328 transport mode 182 Triangle 158 Triangle Route Solu...

Страница 417: ...I Series User s Guide 417 Wi Fi Protected Access WPA 331 wireless LAN MAC address filtering 331 WLAN interference 365 security parameters 371 Z ZyNOS 304 ZyNOS ZyXEL Network Operating System 304 ZyNO...

Страница 418: ...Index P 2802H W L I Series User s Guide 418...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды