ZyXEL Communications P-2802HWL-I3 Скачать руководство пользователя

Страница: 70 / 187

Prestige 2802HWL-Ix Support Notes

Key Settings :

Option

Descriptions

Filter Action

Allow or block association from MAC addresses contained in this list. If Allow Association

is selected in this field, hosts with MAC addresses configured in this list will be allowed to

associate with AP. If Deny Association is selected in this field, hosts with MAC addresses

configured in this list will be blocked.

MAC Address

This field specifies those MAC Addresses that you want to add in the list.

WEP configuration (Wired Equivalent Privacy)

Introduction

Содержание P-2802HWL-I3

Страница 1: ...Prestige 2802HWL Ix Support Notes Version 3 40 Jun 2007 ...

Страница 2: ... 53 Using Prestige traffic redirect 55 Using Universal Plug n Play UPnP 58 Wireless Application Notes 64 Infrastructure mode 64 Wireless MAC address filtering 68 WEP configuration Wired Equivalent Privacy 70 Configuring 802 1x 77 Site Survey 88 PSTN Lifeline Application Notes 92 Usage of PSTN Lifeline 92 Lifeline configuration 93 Relay to PSTN 94 How to connect Lifeline and DSL connection 94 VoIP ...

Страница 3: ...tween NAT and SUA 122 How many network users can the SUA NAT support 123 What are Device filters and Protocol filters 123 Why can t I configure device filters or protocol filters 123 Product FAQ 123 What is the Prestige Integrated Access Device 123 Will the Prestige work with my Internet connection 124 What do I need to use the Prestige 124 What is PPPoE 124 Does the Prestige support PPPoE 124 How...

Страница 4: ...he Prestige support 131 What is DDNS wildcard 131 Does the Prestige support DDNS wildcard 131 Can the Prestige SUA handle IPsec packets sent by the VPN gateway behind Prestige 131 How do I setup my Prestige for routing IPsec packets over SUA 132 PSTN Lifeline FAQ 132 What is P2802 and what is the difference between P2802HW and P2802HWL 132 What does Lifeline mean 132 Do I need Lifeline 132 Can I c...

Страница 5: ...re problem with my Prestige what should I do 137 Firewall FAQ 137 What is a network firewall 137 What makes Prestige firewall secure 137 What are the basic types of firewalls 137 What kind of firewall is the Prestige 138 Why do you need a firewall when your router has packet filtering and NAT built in 138 What is Denials of Service DoS attack 139 What is Ping of Death attack 139 What is Teardrop a...

Страница 6: ...namic secure gateway IP 148 What VPN gateway that has been tested with Prestige successfully 148 What VPN software that has been tested with Prestige successfully 148 Will ZyXEL support Secure Remote Management 149 Does Prestige VPN support NetBIOS broadcast 149 Is the host behind NAT allowed to use IPSec 149 Where can I configure Phase 1 ID in Prestige 149 If I have NAT router between two VPN gat...

Страница 7: ...ect Sequence Spread Spectrum Technology DSSS 156 What is Frequency hopping Spread Spectrum Technology FHSS 157 Do I need the same kind of antenna on both sides of a link 157 Why the 2 4 Ghz Frequency range 157 What is Server Set ID SSID 157 What is an ESSID 157 How do I secure the data across an Access Point s radio link 158 What is WEP 158 What is the difference between 40 bit and 64 bit WEP 158 ...

Страница 8: ...All contents copyright c 2007 ZyXEL Communications Corporation 8 What is AAA 160 What is RADIUS 160 What is WPA 160 What is WPA PSK 161 Trouble Shooting 161 Using Embedded Packet Trace 161 Debug PPPoE Connection 176 CLI Command List 187 ...

Страница 9: ...nts needs to be checked before accessing the Internet Before you begin Setting up the Windows Setting up the Prestige router Troubleshooting Before you begin The Prestige is shipped with the following factory default 1 IP address 192 168 1 1 subnet mask 255 255 255 0 24 bits 2 DHCP server enabled with IP pool starting from 192 168 1 33 3 Default SMT menu password 1234 Setting up the PC Windows OS ...

Страница 10: ...P IP from the Network Protocols and click OK 3 TCP IP Configuration Follow these steps to configure Windows TCP IP In the Control Panel Network window click the TCP IP entry to select it and click Properties button In the TCP IP Properties window select obtain an IP address automatically Note Do not assign arbitrary IP address and subnet mask to your PCs otherwise you will not be able to access th...

Страница 11: ...ure it Before configuring the router using Browser please be sure there is no Telnet or Console login 1 Retrieve Prestige Web Please enter the LAN IP address of the Prestige router in the URL location to retrieve the web screen from the Prestige The default LAN IP of the Prestige is 192 168 1 1 See the example below Note that you can either use http 192 168 1 1 2 Login first The default password i...

Страница 12: ...Prestige 2802HWL Ix Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 12 The Web screen shown below takes PPPoE as the example ...

Страница 13: ... for Dynamic Host Configuration Protocol In addition to the DHCP server feature the P2802 supports the DHCP relay function When it is configured as DHCP server it assigns the IP addresses to the LAN clients When it is configured as DHCP relay it is reponsable for forwarding the requests and responses negotiating between the DHCP clients and the server See figure 1 ...

Страница 14: ...es All contents copyright c 2007 ZyXEL Communications Corporation 14 Setup the Prestige as a DHCP Client 1 Toggle the DHCP to Relay in Network LAN DHCP Setup and enter the IP address of the DHCP server in the Remote DHCP Server field ...

Страница 15: ...t be a DHCP client whose IP address potentially changes each time it is powered on In addition to the servers for specific services SUA supports a default server A service request that does not have a server explicitly designated for it is forwarded to the default server If the default server is not defined the service request is simply discarded Configuration To make a server visible to the outsi...

Страница 16: ... 80 Configure a PPTP server Behind SUA Introduction PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol IP packets and forwarded over any IP network including the Internet itself In order to run the Windows 9x PPTP client you must be able to establish an IP connection with a tunnel server such as the Windows NT Server 4 0 Remot...

Страница 17: ... folder The VPN Adapter type does not appear elsewhere in the system Since PPTP encapsulates its data stream in the PPP protocol the VPN requires a second dial up adapter This second dial up adapter for VPN is added during the installation phase of the Upgrade in addition to the first dial up adapter that provides PPP support for the analog or ISDN modem The PPTP is supported in Windows NT and Win...

Страница 18: ...user Enable RAS port Select the network protocols from RAS such as IPX TCP IP NetBEUI Set the Internet gateway to Prestige o PPTP client setup Win9x Add one VPN connection from Dial Up Networking by entering the correct username password and the IP address of the Prestige s Internet IP address for logging to NT RAS server Set the Internet gateway to the router that is connecting to ISP o Prestige ...

Страница 19: ...eway of the Win9x client after the dial up connection has been established Before making a VPN connection from the Win9x client to the NT server you need to know the exact Internet IP address that the ISP assigns to Prestige router in SUA mode and enter this IP address in the VPN dial up dialog box You can check this Internet IP address from PNC Monitor or WEB GUI Status page If the Internet IP ad...

Страница 20: ...d or dynamically assigned by the ISP In addition you can designate servers e g a web server and a telnet server on your local network and make them accessible to the outside world If you do not define any servers NAT offers the additional benefit of firewall protection In such case all incoming connections to your network will be filtered out by the Prestige thus preventing intruders from probing ...

Страница 21: ...t to the Internet ISP thus making them appear as if they had come from the NAT system itself e g the Prestige router The Prestige keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored 1 NAT Mapping Types NAT supports five types of IP port mapping They are 2 One to One In One to One mode the Prestige maps one ILA to one IGA 3 Many t...

Страница 22: ...ing Direction One to One ILA1 IGA1 Both Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 Outgoing Many to Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 Outgoing Many to Many No Overload Allocate by Connections ILA1 IGA1 ILA2 IGA3 ILA3 IGA2 ILA4 IGA4 Outgoing Server Server 1 IP IGA1 Server 2 IP IGA1 Incoming SUA Versus NAT SUA Single User Account in previous ZyNOS versions is a NAT set with 2 rules ...

Страница 23: ...1 Applying NAT in the WEB GUI You apply NAT via WEB GUI Network NAT General as displayed next The next figure that you could apply NAT for Internet access Full Feature The following table describes the options for Network Address Translation Field Options Description Full Feature When you select this option the SMT will use Address Mapping Set 1 Menu 15 1 see later for further discussion None NAT ...

Страница 24: ...802HWL has 8 remote nodes and so allows you to configure 8 NAT Address Mapping Set You can see nine NAT Address Mapping sets in WEB GUI Network NAT Address Mapping You can only configure from Set 1 to Set 10 when you select Full Feature in WEB GUI NAT configuration When you select SUA Only the Port Forwarding will auto configure as to Many to one and Server as default in system The NAT Server Set ...

Страница 25: ...5 255 Global Start IP This is the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global Start IP 0 0 0 0 Global End IP This is the ending global IP address IGA N A Type This is the NAT mapping types Many to One and Server Modify Click the edit icon to go to the screen where you can edit the address mapping rule Click the delete icon to delete an existing address mappi...

Страница 26: ... 0 0 as the Global Start IP 0 0 0 0 Global IP End This is the ending global IP address IGA This field is N A for One to One Many to One and Server types 200 1 1 64 Note For all Local and Global IPs the End IP address must begin after the IP Start address i e you cannot have an End IP address beginning before the Start IP address NAT Server Sets The NAT Server Set is a list of LAN side servers mapp...

Страница 27: ...owing procedures show how to configure a server behind NAT Step 1 Enter Network NAT Address Mapping in the WEB GUI to go to Address Mapping Setup Step 2 Enter Edit Details of Server Mapping Set to go to NAT Server Setup Step 3 Selet the service type in Service Name field and the inside IP address of the server in the Server IP Address field Step 4 Press Add icon to add your configuration after you...

Страница 28: ... table Please refer RFC 1700 for further information about port numbers Service Port Number FTP 20 21 Telnet 23 SMTP 25 DNS Domain Name Server 53 www http Web 80 PPTP Point to Point Tunneling Protocol 1723 1 Internet Access Only In our Internet Access example we only need one rule where all our ILAs map to one IGA assigned by the ISP See the following figure ...

Страница 29: ...nts copyright c 2007 ZyXEL Communications Corporation 29 From WEB GUI Network NAT General shown above simply choose the SUA Only option in the NAT Setup This is the Many to One mapping discussed earlier 2 Internet Access with an Internal Server ...

Страница 30: ...e do exactly as above use the convenient pre configured SUA Only set and also go to Menu Network NAT Port Forwarding to specify the Internet Server behind the NAT as shown in the NAT as shown below 3 Using Multiple Global IP addresses for clients and servers One to One Many to One Server Set mapping types are used ...

Страница 31: ...e to map the FTP Server 1 with ILA1 192 168 1 10 to IGA1 6 Rule 2 One to One type to map the FTP Server 2 with ILA2 192 168 1 11 to IGA2 7 Rule 3 Many to One type to map the other clients to IGA3 8 Rule 4 Server type to map a web server and mail server with ILA3 192 168 1 20 to IGA3 Type Server allows us to specify multiple servers of different types to other machines behind NAT on the LAN Step 1 ...

Страница 32: ...configuring this new set Enter a Set Name choose the Edit Action and then select 1 from Select Rule field Press ENTER to confirm See the following setup for the four rules in our case Rule 1 Setup Select One to One type to map the FTP Server 1 with ILA1 192 168 1 10 to IGA1 Rule 2 Setup Selecting One to One type to map the FTP Server 2 with ILA2 192 168 1 11 to IGA2 ...

Страница 33: ...All contents copyright c 2007 ZyXEL Communications Corporation 33 Rule 3 Setup Select Many to One type to map the other clients to IGA3 Rule 4 Setup Select Server type to map our web server and mail server with ILA3 192 168 1 20 to IGA3 ...

Страница 34: ...ration should look as follows Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 IGA1 1 1 2 192 168 1 11 IGA2 1 1 3 0 0 0 0 255 255 255 255 IGA3 M 1 4 IGA3 Server 5 6 7 8 9 10 Step 3 Now we configure all other incoming traffic to go to our web server aand mail server from Menu 15 2 NAT Server Setup not Set 1 Set 1 is used for SUA Only case ...

Страница 35: ... applications such as some mIRC servers do not allow users to login using the same IP address In this case it is better to use Many to Many No Overload or One to One NAT mapping types thus each user login to the server using a unique global IP address The following figure illustrates this One rule configured for using Many to Many No Overload mapping type is shown below ...

Страница 36: ...Prestige 2802HWL Ix Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 36 The three rules configured for using One to One mapping type is shown below ...

Страница 37: ...Prestige 2802HWL Ix Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 37 Prestige supports multiple type of NAT mapping rules ...

Страница 38: ...o Many overload Many One to One Server The following table summarizes these types NAT Type IP Mapping One to One ILA1 IGA1 Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 Many to Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 Many to Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 ILA4 IGA4 Server SUA Server 1 IP IGA1 Server 2 IP IGA1 ...

Страница 39: ...e When the ISP assigns the Prestige a new IP the Prestige must inform the DDNS server the change of this IP so that the server can update its IP to DNS entry Once the IP to DNS table in the DDNS server is updated the DNS name for your web server i e www zyxel com tw is still usable The DDNS server stores password protected email addresses with IPs and hostnames and accepts queries based on email a...

Страница 40: ...ce that you are registered for from your Dynamic DNS service provider Host Name Enter the hostname you subscribe from the above DDNS server You can specify up to two host names in the field separated by a comma User Name Enter the user name Password Enter the password that the DDNS server gives to you Enable Wildcard Option Select the check box to enable DynDNS Wildcard Enable off line option This...

Страница 41: ...rk performance find and solve network problems The SNMP is a member of the TCP IP protocol suite it uses the UDP to exchange messages between a management Client and an Agent residing in a network node There are two versions of SNMP Version 1 and Version 2 ZyXEL supports SNMPv1 Most of the changes introduced in Version 2 increase SNMP s security capabilities SNMP encompasses three main areas 1 A s...

Страница 42: ...The current Internet standard MIB MIB II is defined in RFC 1213 and contains 171 objects These objects are grouped by protocol including TCP IP UDP SNMP and other categories including system and interface The Internet Management Model is as shown in figure 1 Interactions between the NMS and managed devices can be any of four different types of commands 6 Reads Read is used to monitor the managed d...

Страница 43: ...ariable from a table or list within an agent In SNMPv1 when a NMS wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations Set Allows the NMS to set values for object variables within an agent Trap Used by the agent to inform the NMS of some events The SNMPv1 messages contains two part The first part contains a version and a co...

Страница 44: ...h a particular object variable Variable bindings Associates particular object with their value 3 ZyXEL SNMP Implementation ZyXEL currently includes SNMP support in some Prestige routers It is implemented based on the SNMPv1 so it will be able to communicate with SNMPv1 NMSs For SNMPv1 operation ZyXEL permits one community string so that the router can belong to only one community and allows trap m...

Страница 45: ... port number The port number is its interface index under the interface group authenticationFailure defined in RFC 1215 When receiving any SNMP get or set requirement with wrong community this trap is sent to the manager 1 whyReboot defined in ZYXEL MIB When the system is going to restart warmstart the trap will be sent with the reason of restart before rebooting i For intentional reboot In some c...

Страница 46: ...EL Communications Corporation 46 4 Configure the Prestige for SNMP The SNMP related settings in Prestige are configured in WEB GUI menu Advanced Remote MGMT SNMP SNMP Configuration The following steps describe a simple setup procedure for configuring all SNMP settings ...

Страница 47: ...nicate with the ZyXEL device using this service Select All to allow any computer to access ZyXEL device using this service Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL device using this service Get Community Enter the correct Get Community This Get Community must match the Get and GetNext community requested from the NMS The default is public ...

Страница 48: ...ot send trap any NMS manager Using syslog 4 Prestige Setup Configuration 1 Click Active to enable Syslog logging 2 Syslog IP Address enter the IP address of the UNIX server that you wish to send the syslog 3 Log Facility select the location from the drop down list box The log facility allows you to log the messages to different files in the syslog server Refer to the syslog server manual for more ...

Страница 49: ...board xx line xx channel xx call xx str board the hardware board ID line the WAN ID in a board channel channel ID within the WAN call the call reference number which starts from 1 and increments by 1 for each new call str C01 Outgoing Call dev xx ch xx dev device No ch channel No C01 Incoming Call xxxxBps xxxxx L2TP xxxxx means Remote Call ID C01 Incoming Call xxxx means connected speed xxxxx mean...

Страница 50: ... 4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000600220008cd40000020405b4 Filter log This message is available when the Log is enabled in the filter rule setting The message consists of the packet header and the log of the filter rules Format sdcmdSyslogSend SYSLOG_FILLOG SYSLOG_NOTICE String String IP Src xx xx xx xx Dst xx xx xx xx prot spo xxxx dpo xxxx S04 R01mD IP is the packe...

Страница 51: ...g Jul 19 11 43 51 192 168 1 1 ZyXEL Communications Corp ppp CCP Opening Jul 19 11 43 55 192 168 1 1 ZyXEL Communications Corp ppp BACP Opening Jul 19 11 44 00 192 168 1 1 ZyXEL Communications Corp ppp LCP Closing Jul 19 11 44 05 192 168 1 1 ZyXEL Communications Corp ppp IPCP Closing Jul 19 11 44 09 192 168 1 1 ZyXEL Communications Corp ppp CCP Closing Jul 19 11 44 14 192 168 1 1 ZyXEL Communicatio...

Страница 52: ...outes are created in the Prestige as shown below when the three networks are configured If the Prestige s DHCP is also enabled the IP pool for the clients can be any of the three networks Copyright c 1994 2004 ZyXEL Communications Corp ras ip ro st Dest FF Len Interface Gateway Metric stat Timer Use 192 168 3 0 00 24 enif0 1 192 168 3 1 1 041b 0 0 192 168 2 0 00 24 enif0 0 192 168 2 1 1 041b 0 0 1...

Страница 53: ...right mouse button to copy and or pate IP address IP Subnet Mask Your ZyXEL device will automatically calculate the subnet mask based on the IP address the you assign Unless you are implementing subnetting use the subnet mask computed by ZyXEL device Using IP Multicast What is IP Multicast Traditionally IP packets are transmitted in two ways unicast or broadcast Multicast is a third way to deliver...

Страница 54: ...36 IP hosts use IGMP to report their multicast group membership to any immediate neighbor multicast routers so the multicast routers can decide if a multicast packet needs to be forwarded At start up the Prestige queries all directly connected networks to gather group membership After that the Prestige updates the information by periodic queries The Prestige implementation of IGMP is also compatib...

Страница 55: ...ct forwards WAN traffic to a backup gateway when Prestige cannot connect to the Internet through it s normal gateway Thus make your backup gateway as an auxiliary backup of your WAN connection Once Prestige detects it s WAN connectivity is broken Prestige will try to forward outgoing traffic to backup gateway that users specify in traffic redirect configuration menu How to deploy backup gateway Yo...

Страница 56: ...nts copyright c 2007 ZyXEL Communications Corporation 56 Traffic Redirect on LAN port Traffic Redirect Setup Configure parameters that determine when Prestige will forward WAN traffic to the backup gateway using Network WAN WAN Backup in WEB GUI ...

Страница 57: ...ress of a reliable nearby computer for example your ISP s DNS server address If you select ICMP in the Backup Type field you must configure at least one IP address here When using a WAN backup connection the Prestige periodically pings the addresses configured here and uses the other WAN backup connection if configured if there is no response Fail Tolerance Type the number of times 2 recommended t...

Страница 58: ...tige use traffic redirect if the normal WAN connection goes down If you activate traffic redirect you must configure at least one Check WAN IP Address Metric This field sets this route s priority among the routes the Prestige uses The metric represents the cost of transmission A router determines the best route for transmission by choosing a path with the lowest cost RIP routing uses hop count as ...

Страница 59: ... UPnP applications assign the dynamic port mappings to Internet gateway and delete the mappings when the connections are complete The key components in UPnP are devices services and control points Devices Network devices such as networking gateways TV refrigerators printers etc which provides services Services Services are provided by devices such as time services provided by alarm clocks In UPnP ...

Страница 60: ... message Eventing Devices can send event message to notify control points if there is any update on services provided Presentation Each device can provide their own control interface by URL link So that users can go to the device s presentation web page by the URL to control this device 2 Using UPnP in ZyXEL devices In this example we will introduce how to enable UPnP function in ZyXEL devices Cur...

Страница 61: ...vanced UPnP check two boxes Active UPnP feature and Allow users to make configuration changes through UPnP The first check box enables UPnP function in this device The second check box allow users application to change configuration in this device For instance if you enable this item then user s MSN application can assign dynamic port mapping to the router So that network administrator don t need ...

Страница 62: ... Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 62 2 After getting IP address you can go to open MSN application on PC and sign in MSN server 3 Start a Video conversation with one online user ...

Страница 63: ...L Ix Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 63 4 On the opposite side your partner select Accept to accept your conversation request 5 Finally your video conversation is achieved ...

Страница 64: ...rastructure mode What is Infrastructure mode Infrastructure mode sometimes referred to as Access Point mode is an operating mode of an 802 11b Wi Fi client unit In infrastructure mode the client unit can associate with an 802 11b Wi Fi Access Point and communicate with other clients in infrastructure mode through that access point ...

Страница 65: ...nications Corporation 65 Configuration Wireless Access Point to Infrastructure mode using Web configurator To configure Infrastructure mode of your Prestige wireless VoIP IAD please follow the steps below 1 From the web configurator main menu click Network Wireless LAN General ...

Страница 66: ...ctive wireless LAN check box 4 When finish click on apply button to take effect Configuration Wireless Station to Infrastructure mode To configure Infrastructure mode on your ZyAIR B 100 B 200 B 300 wireless NIC card please follow the following steps 1 Double click on the utility icon in your windows task bar the utility will pop up on your windows screen 2 Select configuration tab ...

Страница 67: ...unications Corporation 67 3 Select Infrastructure from the operation mode pull down menu fill in an SSID or leave it as any if you wish to connect to any AP than press Apply Change to take effect 4 Click on Site Survey tab and press search all the available AP will be listed ...

Страница 68: ...You now successfully associate with the selected AP with Infrastructure Mode Wireless MAC address filtering MAC Filter Overview Users can use MAC Filter as a method to restrict unauthorized stations from accessing the APs ZyXEL s APs provide the capability for checking MAC address of the station before allowing it to connect to the network This provides an additional layer of control layer in that...

Страница 69: ...WLAN MAC Address Filter Configuration Before you configure the MAC filter you need to know the MAC address of the client first If not knowing what your MAC address is please enter a command ipconfig all after DOS prompt to get the MAC physical address of your wireless client If you use WEB configuration the MAC Address Filter configuration are as shown below 1 Using a web browser login AP by givin...

Страница 70: ...ed in this list If Allow Association is selected in this field hosts with MAC addresses configured in this list will be allowed to associate with AP If Deny Association is selected in this field hosts with MAC addresses configured in this list will be blocked MAC Address This field specifies those MAC Addresses that you want to add in the list WEP configuration Wired Equivalent Privacy Introductio...

Страница 71: ...to ensure that packages are not modified during the transition The standard does not discuss how the shared key is established In practice most installations use a single key that is shared between all mobile stations and access points APs WEP employs the key encryption algorithm Ron s Code 4 Pseudo Random Number Generator RC4 PRNG The same key is used to encrypt and decrypt the data WEP has defen...

Страница 72: ...o 4 WEP keys simultaneously You need to specify one of the 4 keys as default Key for data encryption To set up the Access Point you will need to set the one of the following parameters o 64 bit WEP key secret key with 5 characters o 64 bit WEP key secret key with 10 hexadecimal digits o 128 bit WEP key secret key with 13 characters o 128 bit WEP key secret key with 26 hexadecimal digits ...

Страница 73: ...3 Setting up the Access Point with Web configurator Key settings Hexadecimal digits have to preceded by 0x WEP Key type Example 64 bit WEP with 5 characters Key1 2e3f4 Key2 5y7js Key3 24fg7 Key4 98jui 64 bit WEP with 10 hexadecimal digits 0 9 A F Key1 0x123456789A Key2 0x23456789AB Key3 0x3456789ABC ...

Страница 74: ... of station has to equal to the Key 3 of access point Though access point use Key 3 as default key but the station can use the other Key as its default key to encrypt wireless data transmission Access Point encrypt data by Key 3 Station decrypt data by Key 3 Access Point decrypt data by Key 2 Station encrypt data by Key 2 In this case access point transmits data to station which encrypt data by Ke...

Страница 75: ...een Note If the utility icon doesn t exist in your task bar click Start Programs IEEE802 11b WLAN Card IEEE802 11b WLAN Card 2 Select the Encryption tab Select encryption type correspond with access point Set up 4 Keys which correspond with the WEP Keys of access point And select on WEP key as default key to encrypt wireless data transmission ...

Страница 76: ...Prestige 2802HWL Ix Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 76 ...

Страница 77: ... Key4 456789ABCD Configuring 802 1x IEEE 802 1x Introduction IEEE 802 1x port based authentication is desired to prevent unauthorized devices clients from gaining access to the network As LANs extend to hotels airports and corporate lobbies insecure environments could be created 802 1x port based network access control makes use of the physical access characteristics of IEEE 802 LAN infrastructure...

Страница 78: ...cator controls the physical access to the network based on the authentication status of the client The authenticator acts as an intermediary proxy between the client and the authentication server i e RADIUS server requesting identity information from the client verifying that information with the authentication server and relaying a response to the client 2 Supplicant The station i e Wireless clie...

Страница 79: ... Control The port state determines whether or not the supplicant Wireless Client is granted access to the network behind Wireless AP There are two authentication port state on the AP authorized state and unauthorized state By default the port starts in the unauthorized state While in this state the port disallows all incoming and outgoing data traffic except for 802 1x packets When a supplicant is...

Страница 80: ...sts the identity of the client and begins relaying authentication messages between supplicant and the authentication server Each supplicant attempting to access the network is uniquely identified by the authenticator by using the client s MAC address While AP is setup as Auto only Wireless client supported 802 1x client can access the network Re Authentication The administrator can enable periodic...

Страница 81: ...ends an EAP request identity frame to the 802 1x client to request its identity typically the authenticator sends an initial identity request frame followed by one or more requests for authentication information Upon receipt of the frame the supplicant responds with an EAP response identity frame However if during bootup the supplicant does not receive an EAP request identity frame from the Wirele...

Страница 82: ...7 ZyXEL Communications Corporation 82 The EAPOL packet contains the following fields protocol version packet type packet body length and packet body Most of the fields are obvious The packet type can have four different values and these values are described below ...

Страница 83: ...hen it wants to terminate its 802 1x session EAPOL Key This is used for TLS authentication method The Wireless AP uses this packet to send the calculated WEP key to the supplicant after TLS negotiation has completed between the supplicant and the RADIUS server IEEE 802 1x Configuration in ZyXEL Wireless Access Point Enable 802 1x in AP When the IEEE 802 1x authentication is enabled the wireless cl...

Страница 84: ...has an internal authentication server for authenticating the wireless 802 1x client users It builds total 32 users database and allows up to 32 authorized users to login to the Wireless AP simultaneously When you use internal authentication server ZyXEL wireless AP is acted as Authenticator and Authentication Server By storing wireless 802 1x client profiles locally your ZyXEL AP is able to authen...

Страница 85: ...N Local User Database 2 Select one of the profile and check Active check box 3 Input the User Name and Password then click Apply to save the profile Key settings Option Descriptions User Name Enter a username up to 31 alphanumeric characters long Active Press SPACE BAR to select Yes and press Enter to activate this 802 1x client profile Password Enter a password up to 31 characters long ...

Страница 86: ...entication server the Ethernet header is stripped and the remaining EAP frame is re encapsulated in the RADIUS format The EAP frames are not modified or examined during encapsulation and the authentication server must support EAP within the native frame format When the authenticator receives frames from the authentication server the server s frame header is removed leaving the EAP frame which is t...

Страница 87: ...All contents copyright c 2007 ZyXEL Communications Corporation 87 2 Configure in WEB GUI Configurator From the Web Configurator main menu Click Network Wireless Lan to setup the RADIUS authentication and accounting server configuration ...

Страница 88: ...S authentication configuration Key settings for authentication server Option Descriptions Server Address Enter the IP address of the external RADIUS authentication server Port The default port of RADIUS server for authentication is 1812 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 31 characters as the key to be share...

Страница 89: ...pect the facility walk through the facility to verify the accuracy of the diagram and mark down any large obstacle you see that may effect the RF signal such as metal shelf metal desk etc on the diagram 3 Identify user s area when doing so ask a question where is wireless coverage needed and where does not and note and take note on the diagram this is information is needed to determine the number ...

Страница 90: ...n 90 4 It s always a good idea to start with putting the access point at the corner of the room and walk away from the access point in a systematic manner Record down the changes at point where transfer rate drop and the link quality and signal strength information on the diagram as you go alone ...

Страница 91: ... the access point installation spot if wireless service is required from corner of the room 6 Repeat step 1 5 and now you should be able to mark an RF coverage area as illustrated in above picutre 7 You may need more than one access point is the RF coverage area have not cover all the wireless service area you needed 8 Repeat step 1 6 of survey on site as necessary upon completion you will have an...

Страница 92: ... For more information please refer to roaming at PSTN Lifeline Application Notes Usage of PSTN Lifeline By using the PSTN lifeline function you can make and receive regular PSTN phone calls in coexistence with VoIP service on the same set of phone This can be done by simply assigning a prefix number by default the prefix for PSTN dial out is 0000 and can be change to value you wish to and dial thi...

Страница 93: ...you how to configure lifeline under P2802HWL D1A WEB GUI Lifeline configuration To configure lifeline in P2802HWL click on VoIP PSTN Line General to display the following screen You can specify a prefix number in prefix field This number will be used to switch from VoIP to PSTN system when you wish to make a call to PSTN destination For example when you want to dial out to a PSTN destination you f...

Страница 94: ...r local emergency services such as Police Dept Fire Dept Emergency Medical services phone number in this field Thus in any cases these unit can be reach in case of emergency by dialing their number without prefix regardless if there are power loss How to connect Lifeline and DSL connection To use both VOIP and regular phone service with P2802HWL s lifeline feature You will need to connect ADSL lin...

Страница 95: ...m jack or ADSL line 4 Connect the splitter jack where it label Line to ADSL line from the ISP Figure 2 Splitterless type 1 The P2802HWL includes a DSL cable and a RJ 11 cable Connect the DSL cable to the DSL port and connect RJ 11 to Lifeline port 2 You need to obtain a regular PSTN Y connector from regular phone shop 3 Connect the RJ 11 to one of the output jack on the Y connector 4 Connect the D...

Страница 96: ...ndles the setting up altering and tearing down of voice and multimedia sessions over the Internet SIP signaling is separate from the media for which it handles sessions The media that is exchanged during the session can use a different path from that of the signaling SIP handles telephone calls and can interface with traditional circuit switched telephone networks The Prestige can hold up to two S...

Страница 97: ...tion category fill in the User Name and authentication password your ITSP provided to you Step 6 If you wish to send caller ID check the check box in the Caller ID category if you do not wish to send out caller ID leave the check box uncheck Step 7 Click on Apply to save the setting and take effect If you would like to configure the 2nd SIP account please select SIP2 by using the SIP account selec...

Страница 98: ...is field If you were not given a register server port then enter the port from the SIP Server Port field again here SIP Service Domain A SIP service domain is the domain name that comes after the symbol in a full SIP URI Enter the SIP service domain name in this field You can use up to 127 ASCII Extended set characters User Name This is the user name for registering this SIP account with the SIP r...

Страница 99: ... and 220 130 46 198 3 SIP number for device A and B is 197 and 198 Preparation and Steps 1 Install the device properly in user s networking topology 2 Setup device s WAN connection 3 Configuring SIP VoIP related settings in device A and B There are two ways to make IP to IP call 1 Make you can call by speed dial like 01 defined in the phone book You need to configure the self SIP number at VOIP sc...

Страница 100: ...ZyXEL Communications Corporation 100 2 Make you can call by callee s SIP number You need to configure the self SIP number and put callee s IP address at SIP server SIP proxy Domain server all in the VOIP screen Setup Configuring SIP VoIP related settings in device A ...

Страница 101: ...Corporation 101 1 Setup WEB GUI VoIP enter device A s number in the SIP number column 2 Fill in device B s IP into SIP server address Register server address as example 3 Setup speed dial put device B s information into the column Setup Configuring SIP VoIP related settings in device B ...

Страница 102: ...Prestige 2802HWL Ix Support Notes All contents copyright c 2007 ZyXEL Communications Corporation 102 ...

Страница 103: ...l in device A s IP into SIP server address Register server address as example 3 Setup speed dial put device A s information into the column After completing the setting you can dial 01 from the phone under device A then the phone under device B will ring Phone port settings Prestige allow you to configure the volume and echo cancellation setting for each individual phone port ...

Страница 104: ...s 1234 Step 3 On the left column click on VoIP Phone Analog Phone Advanced Setup to bring you to voice function menu Step 4 Change the phone port parameter as you desired and click Apply when you are finish to save and let the setting to take effect Each field s detail description is listed below Label Description Speaking Volume Use this field to set the loudness that the Prestige uses for the sp...

Страница 105: ... the Prestige waits this long after you stop pressing the buttons before initiating the call Select how many seconds you want the Prestige to wait after the last input on the telephone s keypad before dialing making a call Apply Click Apply to save your changes back to the Prestige Reset Click Reset to begin configuring this screen afresh Advanced voice settings configuration Click VoIP in the nav...

Страница 106: ...ration 106 Each field s detail description of the page is listed below Label Description SIP Account This read only field displays the number of the SIP account that you are configuring The changes that you save in this page affect the Prestige s settings with the SIP account displayed here ...

Страница 107: ... time that the Prestige will allow a SIP session to remain idle without traffic before dropping it Min SE When two SIP devices negotiate a SIP session they must negotiate a common expiration time for idle SIP sessions This field sets the shortest expiration time that the Prestige will accept The Prestige checks the session expiration values of incoming SIP INVITE requests against the minimum sessi...

Страница 108: ...ssaging system that supports this feature Expiration Time Use this field to set how long the SIP server should continue providing the message waiting service after receiving a SIP SUBSCRIBE message from the Prestige The SIP server stops providing the message waiting service if it has not received another SIP SUBSCRIBE message from the Prestige before this time period expires Call Forward Table Sel...

Страница 109: ...ick on login The default is 1234 Step 3 On the left column click on VoIP Phone Book Speed Dial to bring you to Speed Dial page to enter speed dial configuration page Step 4 Select the entry number you wish to add to the phone book by the entry selector located under add new entry category on the speed dial field Step 5 Fill in the SIP number of the remote party and a descriptive name and click on ...

Страница 110: ...e speed dial entry displays in the Speed Dial Phone Book section of the screen Speed Dial Phone Book This section of the screen displays the currently saved speed dial entries You can configure up to 10 entries and use them to make calls Speed Dial This is the entry s speed dial key combination Press this key combination on a telephone attached to the Prestige in order to call the party named in t...

Страница 111: ...entiated Services field to replace the TOS Type of Service field in IP header The DS field contains a 2 bit unused field and a 6 bit DSCP filed which can define up to 64 service levels The following figure illustrates the DS field DiffServ Differentiated Service Field Diffserv Code Point 6 bit Unused 2 bit The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet ...

Страница 112: ...10 Class 2 AF21 AF22 AF23 2 010010 010100 010110 Class 3 AF31 AF32 AF33 3 011010 011100 011110 Class 4 AF41 AF42 AF43 4 100010 100100 100110 Expedited Forwarding EF 5 101110 The values in decimal are given in the following table DSCP Binary Decimal Default 000000 0 CS1 001000 8 AF11 001010 10 AF12 001100 12 AF13 001110 14 ...

Страница 113: ...10 26 AF32 011100 28 AF33 011110 30 CS4 100000 32 AF41 100010 34 AF42 100100 36 AF43 100110 38 CS5 101000 40 EF 101110 46 CS6 110000 48 CS7 111000 56 Quality of Service QoS refers to both a network s ability to deliver data with minimum delay and the networking methods used to provide bandwidth for real time multimedia applications Click VoIP SIP QoS to display the following screen ...

Страница 114: ...Service priority tags with this priority to RTP traffic that it transmits Voice VLAN ID Enable VLAN tagging if the Prestige needs to be a member of a VLAN group in order to communicate with the SIP server Your LAN and gateway must also be set up to use VLAN tags Some switches also give priority to voice traffic based on its VLAN tag Type the VLAN ID VID from 1 to 4095 for the Prestige to add to vo...

Страница 115: ...screenshot shows how users can use this screen to configure the Prestige to block or redirect calls You can configure a different call forwarding table for each SIP account or use the same call forwarding table for both Unconditional Forward to Number Enable this feature to have the Prestige forward incoming calls to the number that you configure Busy Forward to Number Enable this feature to have ...

Страница 116: ...ttings that define the default action to take on incoming calls that do not match any of the Advanced Setup call forwarding entries Unconditional Forward to Number Enable this feature to have the Prestige forward all incoming calls to the number that you configure regardless of whether or not the phone s connected to the phone port s is busy Busy Forward to Number Enable this feature to have the P...

Страница 117: ...e this call forwarding entry Select Unconditional to have the Prestige immediately forward any calls from the number specified in the Incoming Call Number field to the number in the Forward to Number field Select Busy to have the Prestige forward any calls from the number specified in the Incoming Call Number field to the number in the Forward to Number field when your SIP account has a call conne...

Страница 118: ...ne Region to display the following screen Use this screen to configure VoIP Common Settings Label Description Region Settings Use the drop down list box to select the country where your Prestige is located Immediate Dial Use these fields to specify phone numbers to which the Prestige will always send calls through the regular phone service without the need of dialing a prefix number These numbers ...

Страница 119: ...pplementary phone service details To take full advantage of the supplementary phone services available though the Prestige s phone ports you may need to subscribe to the services from your voice service provider Back Click Back to return to the previous screen Apply Click Apply to save your changes back to the Prestige FAQ ZyNOS FAQ What is ZyNOS ZyNOS is ZyXEL s proprietary Network Operating Syst...

Страница 120: ...u under SYSTEM and press the Password tab At the password screen type in the old password and the new password and retype to confirm than press Apply button to save the change How do I upload the ZyNOS firmware code via embeded web configurator The procedure for uploading ZyNOS via embeded web configurator is as follows a Log on into the web configurator b Press MAINTENANCE from the left menu c Pr...

Страница 121: ... tab and press browse button point to the directory where the romfile you want to upload is stored e Press Upload button The procedure for backup ROMFILE via the web configurator is as follow a Log on into the web configurator b Press MAINTENANCE from the left menu c Press Configuration tab d Press Backup button a pop up windows will ask you where to store the back up romfile e Press Save file and...

Страница 122: ...ceives a packet from a local client destined for the outside Internet it replaces the source address in the IP packet header with its own address and the source port in the TCP or UDP header with another value chosen out of a local pool It then recomputed the appropriate header checksums and forwards the packet to the Internet as if it is originated from Prestige using the IP address assigned by I...

Страница 123: ...ssions What are Device filters and Protocol filters In ZyNOS the filters have been separated into two groups One group is called device filter group and the other is called protocol filter group Generic filters belong to the device filter group TCP IP and IPX filters belong to the protocol filter group Why can t I configure device filters or protocol filters In ZyNOS you can not mix different filt...

Страница 124: ...r PPPoA you need the user account to enter in the Prestige What is PPPoE PPPoE stands for Point to Point Protocol over Ethernet that is an IETF draft standard specifying how a computer interacts with a broadband modem i e xDSL cable wireless etc to achieve access to the high speed data networks via a familiar PPP dialer such as Dial Up Networking user interface PPPoE supports a broad range of exis...

Страница 125: ...work interface does the Prestige support The Prestige supports 10 100M Ethernet to connect to the LAN computer or hub switch and 10 100M ADSL interface to the ISP What can we do with Prestige Browse the World Wide Web WWW send and receive individual e mail and download software These are just a few of many benefits you can enjoy when you put the whole office on line with the Prestige Internet Acce...

Страница 126: ... assigned the proper access right Is it possible to access a server running behind SUA from the outside Internet If possible how Yes it is possible because Prestige delivers the packet to the local server by looking up to a SUA server table Therefore to make a local server accessible to the outside users the port number and the inside IP address of the server must be configured in WEB GUI Network ...

Страница 127: ...e network then how big a pipe there is at the head end to the rest of the Internet Different models of PCs and Macs are able to handle IP traffic at varying speeds Very few can handle it at 30 Mbps Ethernet 10baseT is the most popular cable modem interface standard for the PC This automatically limits the speed of the connection to under 10 Mbps even if the cable modem can receive at 30 Mbps Most ...

Страница 128: ...a web server and a telnet server on your local network and make them accessible to the outside world If you do not define any servers NAT offers the additional benefit of firewall protection In such case all incoming connections to your network will be filtered out by the Prestige thus preventing intruders from probing your network The SUA feature that the Prestige supports previously operates by ...

Страница 129: ...le ILA to one IGA This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature that previous ZyNOS routers supported the SUA only option in today s routers 3 Many to Many Overload In Many to Many Overload mode the Prestige maps the multiple ILA to shared IGA 4 Many to Many No Overload In Many to Many No Overload mode the Prestige maps each ILA to unique IGA 5 Serv...

Страница 130: ...menu 15 1 is a convenient pre configured read only Many to One mapping set sufficient for most purposes and helpful to people already familiar with SUA in previous ZyNOS versions What is BOOTP DHCP BOOTP stands for Bootstrap Protocol DHCP stands for Dynamic Host Configuration Protocol Both are mechanisms to dynamically assign an IP address for a TCP IP client by the server In this case the Prestig...

Страница 131: ...you apply the DNS from and update the WAN IP to What is DDNS wildcard Some DDNS servers support the wildcard feature which allows the hostname yourhost dyndns org to be aliased to the same IP address as yourhost dyndns org This feature is useful when there are multiple servers inside and you want users to be able to use things such as www yourhost dyndns org and still reach your hostname Does the ...

Страница 132: ...ephone adapter It allows you to send voice signals over the Internet or VoIP of IP via SIP protocol which is an internationally recongnized standard for VoIP Technology The main difference between P2802HW and P2802HWL is in Lifeline support P2802HWL supports PSTN lifeline function A PSTN lifeline allows you to have VoIP phone service and PSTN phone service at the same time What does Lifeline mean ...

Страница 133: ...voice analog signal to digital than transmit it and on the receiver end it will also need an analog to digital converter to covert the digital signal back to analog to the person being called can heard the voice Why use VoIP Traditionally telephony carrier use circuit switching for carrying voice traffic As circuit switching is designed to carry voice and it does it very well Than why use IP for v...

Страница 134: ...nteroperate with one another In interoperability between the two the industry is making slow but sure progress Interoperability must first happen between vendor implementations of the same protocol SIP to SIP and H 323 to H 323 and then between protocols Currently in order for SIP client to talk to H 323 client the ITSP must have a trunking gateway act as a translator between the two protocols wit...

Страница 135: ... specific country If for special reason this setting needed to be changed It can be modify through device CI command through telnet For the command please refer to the CI command list in the firmware release note Which codec should I choose As which codec choose is depending on what codec is supported on both end of the VoIP host Generally a codec with low bandwidth consumption and high voice qual...

Страница 136: ...cted problem If you have an NAT router before it we suggest to use a VoIP ATA VoIP Analog Telephone Adapter such as Prestige ATA series If the problem is a firewall before it Please check with the firewall manager make sure the SIP protocol is allow to pass through firewall and the range of RTP port is allowed through firewall I can make a call but the voice only goes one way not bothway If you ca...

Страница 137: ...ontrol policy between two networks It may also be defined as a mechanism used to protect a trusted network from an untrusted network The firewall can be thought of two mechanisms One to block the traffic and the other to permit traffic What makes Prestige firewall secure The Prestige firewall is pre configured to automatically detect and thwart Denial of Service DoS attacks such as Ping of Death S...

Страница 138: ...e Prestige 1 The Prestige s firewall inspects packets contents and IP headers It is applicable to all protocols that understands data in the packet is intended for other layers from network layer up to the application layer 2 The Prestige s firewall performs stateful inspection It takes into account the state of connections it handles so that for example a legitimate incoming packet can be matched...

Страница 139: ...ystem Systems may crash hang or reboot What is Teardrop attack Teardrop attack exploits weakness in the reassemble of the IP packet fragments As data is transmitted through a network IP packets are often broken up into smaller chunks Each fragment looks like the original packet except that it contains an offset field The Teardrop program creates a series of IP fragments with overlapping offset fie...

Страница 140: ...sulting ICMP traffic will not only clog up the intermediary network but will also congest the network of the spoofed source IP address known as the victim network This flood of broadcast traffic consumes all available bandwidth making communications impossible What is IP Spoofing attack Many DoS attacks also use IP Spoofing as part of their attack IP Spoofing may be used to break into systems to h...

Страница 141: ...that claim to be from the inside Allow everything that is not spoofing us Filter rule setup Filter type TCP IP Filter Rule Active Yes Source IP Addr a b c d Source IP Mask w x y z Action Matched Drop Action Not Matched Forward Where a b c d is an IP address on your local network and w x y z is your netmask For the output data filters Deny bounceback packet Allow packets that originate from us Filt...

Страница 142: ... keywords are supported IPSec FAQ What is VPN A VPN gives users a secure link to access corporate network over the Internet or other public or private networks without the expense of lease lines A secure VPN is a combination of tunneling encryption authentication access control and auditing technologies services used to transport traffic over the Internet or any insecure network that uses the TCP ...

Страница 143: ...for VPNs They are Point to Point Tunneling Protocol PPTP Layer 2 Tunneling Protocol L2TP and Internet Protocol Security IPSec What is PPTP PPTP is a tunneling protocol defined by the PPTP forum that allows PPP packets to be encapsulated within Internet Protocol IP packets and forwarded over any IP network including the Internet itself The PPTP is supported in Windows NT and Windows 98 already For ...

Страница 144: ... upper layer protocols of an IP payload Transport mode is mainly for an IP host to protect the data generated locally while tunnel mode is for security gateway to provide IPSec service for other machines lacking of IPSec capability In this case Transport mode only protects the upper layer protocols of IP payload user data Tunneling mode protects the entire IP payload including user data There is n...

Страница 145: ...secure than manual key because IKE negotiation can generate new keys and SPIs randomly for the VPN connection What is Phase 1 ID for In IKE phase 1 negotiation IP address of remote peer is treated as an indicator to decide which VPN rule must be used to serve the incoming request However in some application remote VPN box or client software is using an IP address dynamically assigned from ISP so P...

Страница 146: ...amic IP address you may need to configure ID for the one with dynamic IP address And in this case Aggressive mode is recommended to be applied in phase 1 negotiation Is my Prestige ready for IPSec VPN IPSec VPN is available for Prestige since ZyNOS V3 50 It is free upgrade no registration is needed By upgrading the firmware and also configurations romfile to ZyNOS V3 50 the IPSec VPN capability is...

Страница 147: ...ncryption can be used with or without authentication integrity Similarly one could use authentication integrity with or without confidentiality I am planning my Prestige to Prestige VPN configuration What do I need to know First of all both Prestige must have VPN capabilities Please check the firmware version V3 50 or later has the VPN capability If your Prestige is capable of VPN you can find the...

Страница 148: ...xed side in order to update its dynamic IP to the fixed side However if both gateways use dynamic IP addresses it is no way to establish VPN connection at all What VPN gateway that has been tested with Prestige successfully We have tested Prestige successfully with the following third party VPN gateways Cisco 1720 Router IOS 12 2 2 XH IP ADSL FW IDS PLUS IPSEC 3DES NetScreen 5 ScreenOS 2 6 0r6 Son...

Страница 149: ...ind NAT allowed to use IPSec NAT Condition Supported IPSec Protocol VPN Gateway embedded NAT AH tunnel mode ESP tunnel mode VPN client gateway behind NAT ESP tunnel mode NAT in Transport mode None The NAT router must support IPSec pass through For example for Prestige SUA NAT routers IPSec pass through is supported since ZyNOS 3 21 The default port and the client IP have to be specified in menu 15...

Страница 150: ...Notes All contents copyright c 2007 ZyXEL Communications Corporation 150 If I have NAT router between two VPN gateways and I would like to use IP type as Phase 1 ID what should I know We presume your environment may look like this ...

Страница 151: ...cycle packet triggering is still necessary to make the tunnel up Single Range Subnet which types of IP address do Prestige 10 10II 10W 50 100 support in VPN IPSec The mentioned Prestige series support all of the types In other words you can specify a single PC a range of PCs or even a network of PCs to utilize the VPN IPSec service Can Prestige support IPSec passthrough Yes Prestige can support IP...

Страница 152: ... Typical bit rates are 11Mbps and 54Mbps although in practice data throughput is half of this Wireless LANs can be formed simply by equipping PC s with wireless NICs If connectivity to a wired LAN is required an Access Point AP is used as a bridging device AP s are typically located close to the centre of the wireless client population What are the advantages of Wireless LANs a Mobility Wireless L...

Страница 153: ... is relative high because the equipment cost including access point and PCMCIA Wireless LAN card is higher than hubs and CAT 5 cables Where can you find wireless 802 11 networks Airports hotels and even coffee shops like Starbucks are deploying 802 11 networks so people can wirelessly browse the Internet with their laptops As these types of networks increase this will create additional security ri...

Страница 154: ... possible by combining channels Due to higher frequency range is less than lower frequency systems i e 802 11b and 802 11g and can increase the cost of the overall solution because a greater number of access points may be required 802 11a is not directly compatible with 802 11b or 802 11g networks In other words a user equipped with an 802 11b or 802 11g radio card will not be able to interface di...

Страница 155: ...2 11b and Bluetooth devices occupy the same2 4 to 2 483 GHz unlicensed frequency range the same band But a Bluetooth device would not interfere with other 802 11 devices much more than another 802 11 device would interefere While more collisions are possible with the introduction of a Bluetooth device they are also possible with the introduction of another 802 11 device or a new 2 4 GHz cordless p...

Страница 156: ...ed on usage Specialized applications are characteristically designed around short burst messaging What is Ad Hoc mode A wireless network consists of a number of stations without access points Without using an access point or any connection to a wired network What is Infrastructure mode Infrastructure mode implies connectivity to a wired communications infrastructure If such connectivity is require...

Страница 157: ...esigned for 2 4GHz or 5GHz operation WLAN NICs often include an internal antenna which may provide sufficient reception Why the 2 4 Ghz Frequency range This frequency range has been set aside by the FCC and is generally labeled the ISM band A few years ago Apple and several other large corporations requested that the FCC allow the development of wireless networks within this frequency range What w...

Страница 158: ...ncryption key lengths Note WEP has shown to have fundamental flaws in its key generation processing What is the difference between 40 bit and 64 bit WEP 40 bit WEP 64 bit WEP are the same encryption level and can interoperate The lower level of WEP encryption uses a 40 bit 10 Hex character as secret key set by user and a 24 bit Initialization Vector not under user control 40 24 64 Some vendors ref...

Страница 159: ...imate traffic Many of the sniffer tools for Ethernet are based on capturing the first part of the connection session where the data would typically include the username and password An intruder can masquerade as that user by using this captured information An intruder who monitors the wireless network can apply this same attack principle on the wireless What is the difference between Open System a...

Страница 160: ...ort The authentication process begins when the link state of the port transitions from down to up or when an EAPOL start frame is received The switch requests the identity of the client and begins relaying authentication messages between the client and the authentication server Each client attempting to access the network is uniquely identified by the switch by using the client s MAC address What ...

Страница 161: ...Prestige packet trace records and analyzes packets running on LAN and WAN interfaces It is designed for users with technical backgrounds who are interested in the details of the packet flow on LAN or WAN end of Prestige It is also very helpful for diagnostics if you have compatibility problems with your ISP or if you want to know the details of a packet for configuring a filter rule The format of ...

Страница 162: ...s trcp sw on Prestige sys trcl sw on Prestige sys trcd brief 0 11880 160 ENET0 R 0062 TCP 192 168 1 2 1108 192 31 7 130 80 1 11883 100 ENET0 R 0062 TCP 192 168 1 2 1108 192 31 7 130 80 2 11883 330 ENET0 T 0058 TCP 192 31 7 130 80 192 168 1 2 1108 3 11883 340 ENET0 R 0060 TCP 192 168 1 2 1108 192 31 7 130 80 4 11883 340 ENET0 R 0339 TCP 192 168 1 2 1108 192 31 7 130 80 5 11883 610 ENET0 T 0054 TCP ...

Страница 163: ...f Service 0x00 0 Total Length 0x0030 48 Idetification 0x330B 13067 Flags 0x02 Fragment Offset 0x00 Time to Live 0x80 128 Protocol 0x06 TCP Header Checksum 0x3E71 15985 Source IP 0xC0A80102 192 168 1 2 Destination IP 0xC01F0782 192 31 7 130 TCP Header Source Port 0x045C 1116 Destination Port 0x0050 80 Sequence Number 0x00BD15A7 12391847 Ack Number 0x00000000 0 Header Length 28 Flags 0x02 S Window S...

Страница 164: ...130 80 192 168 1 2 1116 Ethernet Header Destination MAC Addr 0080C84CEA63 Source MAC Addr 00A0C5921311 Network Type 0x0800 TCP IP IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x002C 44 Idetification 0x57F3 22515 Flags 0x02 Fragment Offset 0x00 Time to Live 0xED 237 Protocol 0x06 TCP Header Checksum 0xAC8C 44172 Source IP 0xC01F0782 192 31 7 130 Destination IP 0xC0A80...

Страница 165: ...0 F8 77 00 00 02 04 05 B4 w 0002 LAN Frame ENET0 RECV Size 60 60 Time 12090 210 sec Frame Type TCP 192 168 1 2 1116 192 31 7 130 80 Ethernet Header Destination MAC Addr 00A0C5921311 Source MAC Addr 0080C84CEA63 Network Type 0x0800 TCP IP IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x0028 40 Idetification 0x350B 13579 Flags 0x02 Fragment Offset 0x00 Time to Live 0x80...

Страница 166: ...50 10 P J P 0030 22 38 E8 ED 00 00 20 20 20 20 20 20 8 2 Trace WAN packet 1 1 Disable to capture the LAN packet by entering sys trcp channel enet0 none 1 2 Enable to capture the WAN packet by entering sys trcp channel enet1 bothway 1 3 Enable the trace log by entering sys trcp sw on sys trcl sw on 1 4 Display the brief trace online by entering sys trcd brief or 1 5 Display the detailed trace onlin...

Страница 167: ...02 132 155 255 520 Prestige sys trcd parse 0000 LAN Frame ENET1 RECV Size 1181 96 Time 12387 260 sec Frame Type TCP 192 31 7 130 80 202 132 155 97 10270 Ethernet Header Destination MAC Addr 00A0C5921312 Source MAC Addr 00A0C5012345 Network Type 0x0800 TCP IP IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x048B 1163 Idetification 0xB139 45369 Flags 0x02 Fragment Offset...

Страница 168: ... E 0010 04 8B B1 39 40 00 EE 06 A9 AB C0 1F 07 82 CA 84 9 0020 9B 61 00 50 28 1E D3 E9 59 85 00 C1 8F 63 50 19 a P Y cP 0030 FA F0 37 35 00 00 DF 33 AF 62 58 37 52 3D 79 99 75 3 bX7R y 0040 A5 3C 2B 59 E2 78 A7 98 8F 3F A9 09 E4 0F 26 14 Y x 0050 9C 58 3E 95 3E E7 FC 2A 4C 2F FB BE 2F FE EF D0 X L 0001 LAN Frame ENET1 XMIT Size 54 54 Time 12387 490 sec Frame Type TCP 202 132 155 97 10270 192 31 7 ...

Страница 169: ...eader Length 20 Flags 0x10 A Window Size 0x1DD5 7637 Checksum 0x7A12 31250 Urgent Ptr 0x0000 0 RAW DATA 0000 00 A0 C5 01 23 45 00 A0 C5 92 13 12 08 00 45 00 E E 0010 00 28 7A 0C 40 00 7F 06 54 3C CA 84 9B 61 C0 1F z T a 0020 07 82 28 1E 00 50 00 C1 8F 63 D3 E9 5D E9 50 10 P c P 0030 1D D5 7A 12 00 00 z 0002 LAN Frame ENET1 XMIT Size 54 54 Time 12387 490 sec Frame Type TCP 202 132 155 97 10270 192 ...

Страница 170: ...82 192 31 7 130 TCP Header Source Port 0x281E 10270 Destination Port 0x0050 80 Sequence Number 0x00C18F63 12685155 Ack Number 0xD3E95DE9 3555286505 Header Length 20 Flags 0x11 A F Window Size 0x1DD5 7637 Checksum 0x7A11 31249 Urgent Ptr 0x0000 0 RAW DATA 0000 00 A0 C5 01 23 45 00 A0 C5 92 13 12 08 00 45 00 E E 0010 00 28 7B 0C 40 00 7F 06 53 3C CA 84 9B 61 C0 1F S a 0020 07 82 28 1E 00 50 00 C1 8F...

Страница 171: ...ndex to_index Exmaple Prestige sys trcp channel enet1 none Prestige sys trcp channel enet0 bothway Prestige sys trcp sw on Prestige sys trcl sw on Prestige sys trcp sw off Prestige sys trcl sw off Prestige sys trcp brief 0 10855 790 ENET0 T 0141 TCP 192 31 7 130 80 192 168 1 2 1102 1 10855 800 ENET0 R 0060 TCP 192 168 1 2 1102 192 31 7 130 80 2 10855 810 ENET0 R 0062 TCP 192 168 1 2 1103 192 31 7 ...

Страница 172: ...0x7F02 32514 Flags 0x02 Fragment Offset 0x00 Time to Live 0xED 237 Protocol 0x06 TCP Header Checksum 0x857D 34173 Source IP 0xC01F0782 192 31 7 130 Destination IP 0xC0A80102 192 168 1 2 TCP Header Source Port 0x0050 80 Destination Port 0x044F 1103 Sequence Number 0xD91B1826 3642431526 Ack Number 0x00AA405F 11157599 Header Length 24 Flags 0x12 A S Window Size 0xFAF0 64240 Checksum 0xDCEF 56559 Urge...

Страница 173: ...ys trcp brief 1 7 Display specific packets by using sys trcp parse from_index to_index Example Prestige sys trcp channel enet0 none Prestige sys trcp channel enet1 bothway Prestige sys trcl sw on Prestige sys trcp sw on Prestige sys trcl sw off Prestige sys trcp sw off Prestige sys trcp brief 0 12864 800 ENET1 T 0411 TCP 202 132 155 97 10278 204 217 0 2 80 1 12864 890 ENET1 R 0247 TCP 204 217 0 2 ...

Страница 174: ...ce IP 0xCCD90002 204 217 0 2 Destination IP 0xCA849B61 202 132 155 97 TCP Header Source Port 0x0050 80 Destination Port 0x2826 10278 Sequence Number 0x4D713D8A 1299266954 Ack Number 0x00C8C015 13156373 Header Length 20 Flags 0x18 AP Window Size 0x2238 8760 Checksum 0xAB57 43863 Urgent Ptr 0x0000 0 TCP Data Length 193 Captured 42 0000 48 54 54 50 2F 31 2E 31 20 33 30 34 20 4E 6F 74 HTTP 1 1 304 Not...

Страница 175: ...XMIT Size 411 96 Time 12865 130 sec Frame Type TCP 202 132 155 97 10278 204 217 0 2 80 Ethernet Header Destination MAC Addr 00A0C5591284 Source MAC Addr 00A0C5921312 Network Type 0x0800 TCP IP IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x018D 397 Idetification 0xF20C 61964 Flags 0x02 Fragment Offset 0x00 Time to Live 0x7F 127 Protocol 0x06 TCP Header Checksum 0xD59...

Страница 176: ... C8 C0 15 4D 71 3E 47 50 18 P Mq GP 0030 1E 87 43 74 00 00 47 45 54 20 2F 70 69 63 74 75 Ct GET pictu 0040 72 65 73 2F 6D 61 67 61 7A 69 6E 65 5F 6C 6F 67 res magazine_log 0050 6F 2F 62 65 73 74 6F 66 74 69 6D 65 73 2E 67 69 o bestoftimes gi Prestige Debug PPPoE Connection Debug PPPoE Connection The Prestige supports traces when there is problem to connect your ISP using PPPoE protocol Please foll...

Страница 177: ...f turn off packet trace sys log disp i capture system error log sys trcp parse parse the trace in detail Example A trace with system crashes ras sys trcp sw on ras sys errctl 3 ras poe debug 1 ras dev dial 1 Start dialing for node GPMI poeNetCmdExe chann poe0 event x420 poeChannDial start session peer GPMI bdcastInit pch poe0 poePut1SrvcName len 0 host uniq 31303030 len 4 putPoeHdr ver 1 type 1 co...

Страница 178: ... 4 PADO recv d chann enet1 procPADO for poe chann poe0 Chann poe0 sending request poePut1SrvcName len 0 host uniq 31303030 len 4 putPoeHdr ver 1 type 1 code x19 sess id 0 len 12 x000C Undefined Address 0xE3F045C4 Undefined Data 0x56FF54FF r0 0xE3F045C4 r1 0x0001FFC0 r2 0x000000E5 r3 0x56FF54FF r4 0xE3F045C4 r5 0xE5BDBFEC r6 0x0001C468 r7 0x60000093 r8 0x00000000 r9 0xE3550000 r10 0xE3550000 fp 0x0...

Страница 179: ... ed 2b b f j n e5bdc0a0 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ed 2b b f j n e5bdc0b0 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ed 2b b f j n e5bdc0c0 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ed 2b b f j n e5bdc0d0 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ed 2b b f j n e5bdc0e0 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ed 2b b f j n Bootbase Version V1 10 12 02 2004 14 00 00 RAM Size 16384 Kb...

Страница 180: ...08 192 31 7 130 80 index timer second channel receive transmit length protocol sourceIP port destIP port There are two ways to dump the trace 1 Online Trace display the trace real time on screen 2 Offline Trace capture the trace first and display later The details for capturing the trace in CLI command are as follows Online Trace 1 Trace LAN packet 2 Trace WAN packet 1 Trace LAN packet 1 1 Disable...

Страница 181: ...08 6 11883 620 ENET0 T 0102 TCP 192 31 7 130 80 192 168 1 2 1108 7 11883 630 ENET0 T 0054 TCP 192 31 7 130 80 192 168 1 2 1108 8 11883 630 ENET0 R 0060 TCP 192 168 1 2 1108 192 31 7 130 80 9 11883 2802HWL ENET0 R 0060 TCP 192 168 1 2 1108 192 31 7 130 80 10 11883 2802HWL ENET0 R 0062 TCP 192 168 1 2 1109 192 31 7 130 80 ras sys trcd parse 0000 LAN Frame ENET0 RECV Size 62 62 Time 12089 790 sec Fra...

Страница 182: ...t Ptr 0x0000 0 Options 0000 02 04 05 B4 01 01 04 02 RAW DATA 0000 00 A0 C5 92 13 11 00 80 C8 4C EA 63 08 00 45 00 L c E 0010 00 30 33 0B 40 00 80 06 3E 71 C0 A8 01 02 C0 1F 03 q 0020 07 82 04 5C 00 50 00 BD 15 A7 00 00 00 00 70 02 P p 0030 20 00 BE C3 00 00 02 04 05 B4 01 01 04 02 0001 LAN Frame ENET0 XMIT Size 58 58 Time 12090 020 sec Frame Type TCP 192 31 7 130 80 192 168 1 2 1116 Ethernet Heade...

Страница 183: ...0x4AD1B57F 1255257471 Ack Number 0x00BD15A8 12391848 Header Length 24 Flags 0x12 A S Window Size 0xFAF0 2802HWL40 Checksum 0xF877 63607 Urgent Ptr 0x0000 0 Options 0000 02 04 05 B4 RAW DATA 0000 00 80 C8 4C EA 63 00 A0 C5 92 13 11 08 00 45 00 L c E 0010 00 2C 57 F3 40 00 ED 06 AC 8C C0 1F 07 82 C0 A8 W 0020 01 02 00 50 04 5C 4A D1 B5 7F 00 BD 15 A8 60 12 P J 0030 FA F0 F8 77 00 00 02 04 05 B4 w 00...

Страница 184: ...5481 Source IP 0xC0A80102 192 168 1 2 Destination IP 0xC01F0782 192 31 7 130 TCP Header Source Port 0x045C 1116 Destination Port 0x0050 80 Sequence Number 0x00BD15A8 12391848 Ack Number 0x4AD1B580 1255257472 Header Length 20 Flags 0x10 A Window Size 0x2238 8760 Checksum 0xE8ED 59629 Urgent Ptr 0x0000 0 TCP Data Length 6 Captured 6 0000 20 20 20 20 20 20 RAW DATA 0000 00 A0 C5 92 13 11 00 80 C8 4C ...

Страница 185: ...the detailed trace online by entering sys trcd parse Example ras sys trcp channel enet0 none ras sys trcp channel mpoa00 bothway ras sys trcp sw on ras sys trcl sw on ras sys trcd brief 0 12367 680 MPOA00 R 0070 UDP 202 132 155 95 520 202 132 155 255 520 1 12370 980 MPOA00 T 0062 TCP 202 132 155 97 10261 192 31 7 130 80 ras sys trcd parse 0000 LAN Frame MPOA00 RECV Size 1181 96 Time 12387 260 sec ...

Страница 186: ... F Window Size 0xFAF0 2802HWL40 Checksum 0x3735 14133 Urgent Ptr 0x0000 0 TCP Data Length 1127 Captured 42 0000 DF 33 AF 62 58 37 52 3D 79 99 A5 3C 2B 59 E2 78 3 bX7R y Y x 0010 A7 98 8F 3F A9 09 E4 0F 26 14 9C 58 3E 95 3E E7 X 0020 FC 2A 4C 2F FB BE 2F FE EF D0 L RAW DATA 0000 00 A0 C5 92 13 12 00 A0 C5 01 23 45 08 00 45 00 E E 0010 04 8B B1 39 40 00 EE 06 A9 AB C0 1F 07 82 CA 84 9 0020 9B 61 00 ...

Страница 187: ...rcp parse from_index to_index 2 Trace WAN packet 1 1 Disable the capture of the LAN packet by entering sys trcp channel enet0 none 1 2 Enable the capture of the WAN packet by entering sys trcp channel mpoa00 bothway 1 3 Enable the trace log by entering sys trcp sw on sys trcl sw on 1 4 Wait for packet passing through the Prestige over WAN 1 5 Disable the trace log by entering sys trcp sw off sys t...

Результаты поиска

Содержание P-2802HWL-I3

Отзывы:

Похожие инструкции для P-2802HWL-I3

Бренды по названию

Популярные бренды

ZyXEL Communications P-2802HWL-I3, Поддержка заметок

Результаты поиска

Содержание P-2802HWL-I3

Отзывы:

Похожие инструкции для P-2802HWL-I3

Бренды по названию

Популярные бренды