ZyXEL Communications P-870HW-I Series Скачать руководство пользователя страница 226

Страница: 226 / 438

P-870HW-I1 User’s Guide

226

Chapter 17 UPnP

Figure 136

Network Connections

An icon with the description for each UPnP-enabled device displays under

Local

Network

Right-click on the icon for your ZyXEL Device and select

Invoke

. The web configurator

Содержание P-870HW-I Series

Страница 1: ...P 870HW I Series 802 11g Wireless VDSL2 4 port Gateway User s Guide Version 3 50 8 2006 Edition 1...

Страница 2: ......

Страница 3: ...EL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it conv...

Страница 4: ...there is no guarantee that interference will not occur in a particular installation If this device does cause harmful interference to radio television reception which can be determined by turning the...

Страница 5: ...Switzerland with restrictions in France This device has been designed for the WLAN 2 4 GHz network throughout the EC region and Switzerland with restrictions in France This Class B digital apparatus...

Страница 6: ...in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device i...

Страница 7: ...P 870HW I1 User s Guide Safety Warnings 7 This product is recyclable Dispose of it properly...

Страница 8: ...ent as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fi...

Страница 9: ...odrany Cesk Republika info cz zyxel com 420 241 091 359 DENMARK support zyxel dk 45 39 55 07 00 www zyxel dk ZyXEL Communications A S Columbusvej 2860 Soeborg Denmark sales zyxel dk 45 39 55 07 07 FIN...

Страница 10: ...t zyxel es 34 902 195 420 www zyxel es ZyXEL Communications Arte 21 5 planta 28033 Madrid Spain sales zyxel es 34 913 005 345 SWEDEN support zyxel se 46 31 744 7700 www zyxel se ZyXEL Communications A...

Страница 11: ...Device 39 1 2 Features 39 1 2 1 Wireless Features 41 1 3 Application 42 1 3 1 Protected Internet Access 42 1 3 2 Management Server 43 1 4 LEDs 43 1 5 Splitters and Microfilters 44 1 5 1 Connecting a...

Страница 12: ...creen 66 3 7 ISP Parameters Screen 67 3 7 1 ISP Parameters Ethernet Screen 67 3 7 2 ISP Parameters PPPoE Screen 68 3 8 IP Address Type Screen 69 3 9 Static IP Address Settings Screen 70 3 9 1 Static I...

Страница 13: ...6 4 5 General Wireless LAN Screen 802 1x Dynamic WEP 101 6 4 6 General Wireless LAN Screen 802 1x Static WEP 103 6 4 7 General Wireless LAN Screen 802 1x No WEP 104 6 4 8 General Wireless LAN Screen W...

Страница 14: ...en 139 10 3 Port Forwarding Screen 140 10 3 1 Port Forwarding Edit Screen 141 10 4 Trigger Port Screen 142 10 5 Address Mapping Screen 143 10 5 1 Address Mapping Edit Screen 144 Chapter 11 Firewalls 1...

Страница 15: ...ficates 169 13 1 Certificates Overview 169 13 1 1 Advantages of Certificates 170 13 1 2 Self signed Certificates 170 13 1 3 Certificate File Formats 170 13 2 My Certificates Screen 170 13 3 Import My...

Страница 16: ...e MGMT 205 16 1 Remote Management Overview 205 16 1 1 Remote Management Limitations 205 16 1 2 Remote Management and NAT 206 16 1 3 System Timeout 206 16 1 4 SNMP 206 16 1 4 1 Supported MIBs 207 16 1...

Страница 17: ...w 237 19 1 1 Alerts and Logs 237 19 2 View Log Screen 237 19 3 Log Settings Screen 238 Chapter 20 Tools 241 20 1 Firmware Upgrade 241 20 2 Configuration Screen 242 20 3 Restart Screen 244 Chapter 21 I...

Страница 18: ...ial in User Setup 277 28 1 Dial in User Setup 277 28 2 Edit Dial in User 277 Chapter 29 NAT Setup 279 29 1 Address Mapping Sets 279 29 2 Address Mapping Rules 279 29 3 Address Mapping Rule 281 29 4 NA...

Страница 19: ...Triggering Packet 317 34 6 Diagnostic 317 Chapter 35 System Maintenance 24 5 24 7 319 35 1 Filename Conventions 319 35 2 Backup Configuration 320 35 2 1 Backup Configuration Using FTP 320 35 2 2 Using...

Страница 20: ...ute 339 37 2 Benefits 339 37 3 Routing Policy 339 37 4 IP Routing Policy Summary 340 37 5 IP Routing Policy Setup 341 37 6 IP Routing Policy Setup 342 37 7 IP Policy Routing Example 343 Chapter 38 Sch...

Страница 21: ...NAT 381 NAT Overview 381 NAT Definitions 381 What NAT Does 382 How NAT Works 382 NAT Application 383 NAT Mapping Types 383 NAT Types 384 SUA Single User Account Versus NAT 389 SUA Server 389 Appendix...

Страница 22: ...P 870HW I1 User s Guide 22 Table of Contents Example Internal SPTGEN Menus 418 Appendix I Services 431 Index 435...

Страница 23: ...ion Wizard Wireless Security Extend WPA PSK Security Screen 1 63 Figure 20 Connection Wizard Wireless Security Extend WPA PSK Security Screen 2 64 Figure 21 Connection Wizard Wireless Security Extend...

Страница 24: ...Figure 57 OTIST Settings 110 Figure 58 OTIST In Progress on the ZyXEL Device 110 Figure 59 OTIST In Progress on the Wireless Client 111 Figure 60 Start OTIST 111 Figure 61 Network Wireless LAN MAC Fi...

Страница 25: ...d CAs 180 Figure 101 Security Certificates Trusted CAs Import 181 Figure 102 Security Certificates Trusted CAs Edit 182 Figure 103 Security Certificates Trusted Remote Hosts 185 Figure 104 Certificate...

Страница 26: ...ew Log 237 Figure 143 Maintenance Logs Log Settings 239 Figure 144 Maintenance Tools Firmware 241 Figure 145 Upload Firmware In Progress 242 Figure 146 Upload Firmware Network Temporarily Disconnected...

Страница 27: ...8 Example Filter Menu 21 1 3 1 298 Figure 189 Example Filter Rules Summary Menu 21 1 3 299 Figure 190 Protocol and Device Filter Sets 300 Figure 191 Filtering LAN Traffic 301 Figure 192 Filtering Remo...

Страница 28: ...e 229 IP Routing Policy Example 1 344 Figure 230 IP Routing Policy Example 2 345 Figure 231 Menu 26 Schedule Setup 348 Figure 232 Menu 26 1 Schedule Set Setup 349 Figure 233 Pop up Blocker 354 Figure...

Страница 29: ...378 Figure 263 Red Hat 9 0 Checking TCP IP Properties 378 Figure 264 How NAT Works 382 Figure 265 NAT Application With IP Alias 383 Figure 266 Full Cone NAT Example 386 Figure 267 Restricted Cone NAT...

Страница 30: ...P 870HW I1 User s Guide 30 List of Figures...

Страница 31: ...6 Table 15 Connection Wizard ISP Parameters Ethernet 68 Table 16 Connection Wizard ISP Parameters PPPoE 69 Table 17 Connection Wizard IP Address Type 70 Table 18 Connection Wizard Static IP Address Et...

Страница 32: ...ble 59 Network NAT Port Forwarding 140 Table 60 Network NAT Port Forwarding Edit 141 Table 61 Network NAT Trigger Port 142 Table 62 Network NAT Address Mapping 144 Table 63 Network NAT Address Mapping...

Страница 33: ...SNMP 212 Table 99 Management Remote MGMT DNS 213 Table 100 Management Remote MGMT Security 214 Table 101 Management Remote MGMT SSH 215 Table 102 TR 069 Commands 216 Table 103 Configuring UPnP 218 Tab...

Страница 34: ...0 Table 145 Menu 23 4 System Security IEEE802 1x 311 Table 146 Menu 24 1 System Maintenance Status 313 Table 147 Menu 24 2 1 System Maintenance Information 315 Table 148 Menu 24 2 2 System Maintenance...

Страница 35: ...e 184 Attack Logs 402 Table 185 IPSec Logs 403 Table 186 IKE Logs 403 Table 187 PKI Logs 406 Table 188 Certificate Path Verification Failure Reason Codes 407 Table 189 802 1X Logs 408 Table 190 ACL Se...

Страница 36: ...P 870HW I1 User s Guide 36 List of Tables...

Страница 37: ...more characters Select or Choose means for you to use one of the predefined choices Mouse action sequences are denoted using a right angle bracket For example In Windows click Start Settings Control...

Страница 38: ...stions for improvement to techwriters zyxel com tw or send regular mail to The Technical Writing Team ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 Taiwan Th...

Страница 39: ...devices Note Actual speeds attained depend on the distance from your ISP line quality and so on Note Only use firmware for your ZyXEL Device s specific model Refer to the label on the bottom of your...

Страница 40: ...of an Internet protocol address used within one network for example a private IP address used in a local network to a different IP address known within another network for example a public IP address...

Страница 41: ...up from a centralized DHCP server The ZyXEL Device has built in DHCP server capability enabled by default It can assign IP addresses an IP default gateway and DNS servers to DHCP clients The ZyXEL De...

Страница 42: ...Antenna The ZyXEL Device is equipped with one 2 dBi fixed antenna to provide clear radio signal between the wireless stations and the access points Output Power Management Output power management is...

Страница 43: ...net Access 1 3 2 Management Server Your ZyXEL Device can be managed via a management server such as ZyXEL s Vantage CNM Access The management server can securely manage and update configuration change...

Страница 44: ...ice is rebooting or performing diagnostics Red On Power to the ZyXEL Device is too low or there is a hardware error Off The system is not ready or has malfunctioned LAN 1 4 Green On The ZyXEL Device h...

Страница 45: ...e above 4KHz A microfilter acts as a low pass filter for your telephone to ensure that VDSL transmissions do not interfere with your telephone voice transmissions The use of a telephone microfilter is...

Страница 46: ...P 870HW I1 User s Guide 46 Chapter 1 Getting To Know Your ZyXEL Device...

Страница 47: ...he web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissi...

Страница 48: ...screen appears Figure 7 Login Change Password Screen 4 Follow the directions to change your password or click Cancel to keep the default password If you do not change your password this screen appear...

Страница 49: ...d setup to use the wizards See Chapter 3 on page 55 and Chapter 4 on page 77 Select Go to Advanced setup to open the main screen See Section 2 3 on page 49 Note By default the web configurator automat...

Страница 50: ...Table 2 Web Configurator Navigation Panel and Icons LINK ICON SUB LINK FUNCTION Wizard INTERNET WIRELESS SETUP Use these screens to set up a basic wireless network and your Internet connection BANDWI...

Страница 51: ...L Device s DHCP server which assigns IP addresses and provides DNS server information to other computers on the LAN or WLAN Static DHCP Use this screen to assign the same IP address to a computer on t...

Страница 52: ...ers can use FTP to access the ZyXEL Device SNMP Use this screen to configure your ZyXEL Device s settings for Simple Network Management Protocol management DNS Use this screen to configure through whi...

Страница 53: ...again Note You will lose all of your changes when you push the RESET button To reset the ZyXEL Device 1 Make sure the PWR SYS light is on and not blinking 2 Press and hold the RESET button until the P...

Страница 54: ...P 870HW I1 User s Guide 54 Chapter 2 Introducing the Web Configurator...

Страница 55: ...ard Screen The following table describes the labels in this screen Table 3 Main Wizard Screen LABEL DESCRIPTION Connection Wizard Select this to set up a basic wireless network and your Internet conne...

Страница 56: ...the labels in this screen 3 3 System Information Screen Use this screen to set up the system name and domain name for your ZyXEL Device Table 4 Connection Wizard Welcome LABEL DESCRIPTION Back Click...

Страница 57: ...d you enter your computer s Computer name in this field This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores _ are accepted Domain Name Enter the do...

Страница 58: ...her wireless networks Security Select the strongest level that all the computers in your wireless network support From weakest to strongest the security levels are None Basic WEP Auto or Extend WPA PS...

Страница 59: ...able 7 Connection Wizard Wireless Security None LABEL DESCRIPTION Do you want to enable OTIST Select Yes if you want to set up OTIST security If you set up OTIST your wireless network uses WPA PSK sec...

Страница 60: ...ter the key using printable ASCII characters or hexadecimal 0 9 A F a f characters The ZyXEL Device and the wireless stations must use the same WEP key If you want to use a 64 bit WEP key enter 5 prin...

Страница 61: ...elect Yes if you want to set up OTIST security If you set up OTIST your wireless network uses WPA PSK security not the security you selected and set up in the previous screen s See Section 6 5 on page...

Страница 62: ...ST Select Yes if you want to set up OTIST security If you set up OTIST your wireless network uses WPA PSK security not the security you selected and set up in the previous screen s See Section 6 5 on...

Страница 63: ...able OTIST for your wireless network Table 11 Connection Wizard Wireless Security Extend WPA PSK Security Screen 1 LABEL DESCRIPTION Pre Shared Key Type a pre shared key from 8 to 63 ASCII characters...

Страница 64: ...ION Do you want to enable OTIST Select Yes if you want to set up OTIST security If you set up OTIST your wireless network uses WPA PSK security not the security you selected and set up in the previous...

Страница 65: ...Wizard Wireless Security Extend WPA2 PSK Security Screen 1 LABEL DESCRIPTION Pre Shared Key Type a pre shared key from 8 to 63 ASCII characters including spaces and symbols The key is case sensitive B...

Страница 66: ...labels in this screen 3 6 Auto Detection Screen Wait while your ZyXEL Device tries to detect your Internet connection Table 14 Connection Wizard Wireless Security Extend WPA2 PSK Security Screen 2 LAB...

Страница 67: ...en Use these screens to set up your Internet connection The screen depends on which type of Connection Type your Internet connection uses If your ISP provided you a user name and password select PPP o...

Страница 68: ...PoE Screen Use this screen to set up a PPPoE connection to the Internet Table 15 Connection Wizard ISP Parameters Ethernet LABEL DESCRIPTION Connection Type Select Ethernet Back Click this to return t...

Страница 69: ...ers PPPoE LABEL DESCRIPTION Connection Type Select PPP over Ethernet Service Name Enter the service name provided by your ISP Leave this field blank if your ISP did not provide one User Name Enter the...

Страница 70: ...Screen Use this screen to set up a static IP address for an Ethernet connection to the Internet Table 17 Connection Wizard IP Address Type LABEL DESCRIPTION Getautomatically from ISP Select this if y...

Страница 71: ...of the gateway provided by your ISP DNS Servers DNS Domain Name System manages the relationships between domain names and IP addresses For example the IP address of www zyxel com is 204 217 0 2 Withou...

Страница 72: ...ges the relationships between domain names and IP addresses For example the IP address of www zyxel com is 204 217 0 2 Without a DNS server you must know the IP address of the computer you want to acc...

Страница 73: ...dress of another computer instead of its default MAC address You might try this if you lose your Internet connection because some ISPs check the MAC address of the device connected to the Internet IP...

Страница 74: ...enabled OTIST wait while your ZyXEL Device starts OTIST You have to start OTIST on the wireless clients within three minutes of seeing this screen Table 21 Connection Wizard Internet Configuration LA...

Страница 75: ...IST Start 3 13 Congratulations Screen Use this screen to finish the Connection Wizard Figure 32 Connection Wizard Congratulations The following table describes the labels in this screen Table 22 Conne...

Страница 76: ...P 870HW I1 User s Guide 76 Chapter 3 Connection Wizard...

Страница 77: ...ation If there is still more bandwidth all applications including those above and other types of applications share it Some applications such as VoIP and online gaming need to have enough bandwidth to...

Страница 78: ...Table 23 Main Wizard Screen LABEL DESCRIPTION Connection Wizard Select this to set up a basic wireless network and your Internet connection Bandwidth Management Wizard Select this to set the priority...

Страница 79: ...reen to activate bandwidth management and to set the amount of bandwidth you want to allocate for each interface on the ZyXEL Device Table 24 BWM Wizard Welcome LABEL DESCRIPTION Back Click this to re...

Страница 80: ...f higher priority traffic uses all of the actual bandwidth You can also set this number lower than the interface s actual transmission speed However this will cause the ZyXEL Device to not use some of...

Страница 81: ...example set it to 40000 kbps if your broadband modem or router has a maximum speed of 40000 kbps You can set this number higher than the interface s actual transmission speed This will stop lower pri...

Страница 82: ...0 FTP File Transfer Program enables fast transfer of files including large files that may not be possible by e mail FTP uses port number 21 E Mail Electronic mail consists of messages sent through a c...

Страница 83: ...DESCRIPTION Service This field displays the applications you selected in the previous screen Priority Select the priority of each application Other applications have lower priority than all the applic...

Страница 84: ...4 Chapter 4 Bandwidth Management Wizard Figure 38 BWM Wizard Congratulations The following table describes the labels in this screen Table 28 BWM Wizard Congratulations LABEL DESCRIPTION Finish Click...

Страница 85: ...CHAPTER 5 Status Screen This chapter introduces the Status screen and the summary screens you can open from it 5 1 Status Screen To open this screen click Status This screen also appears when you log...

Страница 86: ...Network LAN IP to change it IP Subnet Mask This is the LAN port IP subnet mask Click Network LAN IP to change it DHCP This is the LAN port DHCP role Server Relay or None Click Network DHCP Server Gen...

Страница 87: ...wn Up line is up or connected Idle line ppp idle Dial starting to trigger a call Drop dropping a call For the LAN port this field displays one of the following values Down there are no LAN connections...

Страница 88: ...P 870HW I1 User s Guide 88 Chapter 5 Status Screen Figure 40 Status BW MGMT Monitor 5 1 2 Status DHCP Table To access this screen click Status and then click Details next to DHCP Table...

Страница 89: ...s Figure 42 Status Packet Statistics Table 30 Status DHCP Table LABEL DESCRIPTION This field is a sequential value It is not associated with a specific entry IP Address This field displays the IP addr...

Страница 90: ...screen TxPkts This field displays the number of packets transmitted on this port RxPkts This field displays the number of packets received on this port Collisions This is the number of collisions on...

Страница 91: ...ABEL DESCRIPTION This field is a sequential value It is not associated with a specific entry MAC Address This field displays the MAC Media Access Control address of an associated wireless station Asso...

Страница 92: ...P 870HW I1 User s Guide 92 Chapter 5 Status Screen...

Страница 93: ...B are called wireless clients The wireless clients use the access point AP to interact with other devices such as the printer or with the Internet Your ZyXEL Device is the AP Every wireless network mu...

Страница 94: ...haracters2 for example 00A0C5000002 or 00 A0 C5 00 00 02 To get the MAC address for each wireless client see the appropriate User s Guide or other documentation You can use the MAC address filter to t...

Страница 95: ...ess network Encryption is like a secret code If you do not know the secret code you cannot understand the message The types of encryption you can choose depend on the type of user authentication See S...

Страница 96: ...ce Then the ZyXEL Device transfers them to wireless clients in the wireless network As a result you do not have to set up the SSID and encryption on every wireless client The wireless clients in the w...

Страница 97: ...N Name SSID Enter the name of the wireless network The name is called the Service Set IDentity SSID Every wireless client in the same wireless network must use the same SSID Note If you are using the...

Страница 98: ...4 2 General Wireless LAN Screen Static WEP Use this screen to enable and configure WEP encryption in your wireless network To open this screen click Network Wireless LAN and set Security Mode to No S...

Страница 99: ...rintable ASCII characters or hexadecimal 0 9 A F a f characters The ZyXEL Device and the wireless stations must use the same WEP key If you want to use a 64 bit WEP key enter 5 printable ASCII charact...

Страница 100: ...er the information again In either case there is usually a short delay while the wireless client logs in to the wireless network again Enter a time interval between 10 and 9999 seconds This value is u...

Страница 101: ...ation server If the wireless network is not keeping track of this information you can usually set this value higher to minimize the number of delays caused by logging in again Group Key Update Timer T...

Страница 102: ...e wired network is allowed Enter a time interval between 10 and 9999 seconds Dynamic WEP Key Exchange Select the length of the keys The longer the key the stronger the security but also the more proce...

Страница 103: ...dress Enter the IP address of the external accounting server in dotted decimal notation Port Number Enter the port number of the external accounting server You need not change this value unless your n...

Страница 104: ...ion again In either case there is usually a short delay while the wireless client logs in to the wireless network again Enter a time interval between 10 and 9999 seconds This value is usually smaller...

Страница 105: ...r case there is usually a short delay while the wireless client logs in to the wireless network again Enter a time interval between 10 and 9999 seconds This value is usually smaller when the wireless...

Страница 106: ...u to do so Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external accounting server and the ZyXEL Device The key must be the same on the external...

Страница 107: ...nects a wireless station from the wired network after a period of inactivity The wireless station needs to enter the username and password again before access to the wired network is allowed Enter a t...

Страница 108: ...ZyXEL Device sends a new group key to all clients This process changes the WEP key on a regular basis Enter a time interval between 10 and 9999 seconds Authentication Server IP Address Enter the IP a...

Страница 109: ...TIST setup key in the ZyXEL Device you must change it on the wireless clients too Yes Select this if you want the ZyXEL Device to automatically generate a pre shared key for the wireless network Befor...

Страница 110: ...reless clients and the ZyXEL Device in any order After you click Start in the ZyXEL Device the following screen appears in the ZyXEL Device Figure 57 OTIST Settings You can use the key in this screen...

Страница 111: ...in the OTIST progress screen to stop the search 3 After the wireless client finds an OTIST enabled AP you must click Start in the ZyXEL Device s Network Wireless LAN OTIST screen or hold in the Reset...

Страница 112: ...ZyXEL Device Other MAC address are allowed to access the ZyXEL Device Select Allow to allow these MAC addresses to access the ZyXEL Device Other MAC addresses are not allowed to access the ZyXEL Devi...

Страница 113: ...s network must use the same UDP port number Enter a value between 1 and 65535 Wireless Advanced Setup Preamble A preamble affects the timing in your wireless network There are two preamble modes Long...

Страница 114: ...P 870HW I1 User s Guide 114 Chapter 6 Wireless LAN...

Страница 115: ...P 870HW I1 User s Guide Chapter 6 Wireless LAN 115...

Страница 116: ...P 870HW I1 User s Guide 116 Chapter 6 Wireless LAN...

Страница 117: ...P 870HW I1 User s Guide Chapter 6 Wireless LAN 117...

Страница 118: ...P 870HW I1 User s Guide 118 Chapter 6 Wireless LAN...

Страница 119: ...routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks The number must be between 1 and 15 a number greater than 15 means the link is down The smaller t...

Страница 120: ...en Table 47 Network WAN Internet Connection Ethernet LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Select Ethernet WAN IP Address Assignment Get automatically from ISP Select this...

Страница 121: ...ice to use the MAC address of another computer instead of its default MAC address You might try this if you lose your Internet connection because some ISPs check the MAC address of the device connecte...

Страница 122: ...he fixed static IP address provided by your ISP Metric This field sets this route s priority among the routes the ZyXEL Device uses The metric represents the cost of transmission A router determines t...

Страница 123: ...dress of the computer you want to access before you access it First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assigns DNS server information In this case th...

Страница 124: ...AN and is an alternative to unicasting sending packets to one computer and broadcasting sending packets to every computer None The ZyXEL Device does not support multicasting IGMP v1 The ZyXEL Device s...

Страница 125: ...ot the default gateway is available anymore For example use one of your ISP s DNS server addresses If you enter 0 0 0 0 the test fails every time Fail Tolerance Enter the number of consecutive times t...

Страница 126: ...P 870HW I1 User s Guide 126 Chapter 7 WAN...

Страница 127: ...Otherwise it is recommended that you pick an IP address between 192 168 0 0 to 192 168 255 255 and that no other device on your network is using for example 192 168 1 1 Your ZyXEL Device automaticall...

Страница 128: ...identify host groups and can be in the range 224 0 0 0 to 239 255 255 255 The address 224 0 0 0 is not assigned to any group and is used by IP multicast computers The address 224 0 0 1 is used for qu...

Страница 129: ...onal subnets logical networks on your LAN port To open this screen click Network LAN IP Alias Table 51 Network LAN IP LABEL DESCRIPTION LAN TCP IP IP Address Enter the IP address of your ZyXEL Device...

Страница 130: ...n on the subnet Both The ZyXEL Device sends and receives routing information on the subnet In Only The ZyXEL Device only receives routing information on the subnet Out Only The ZyXEL Device only sends...

Страница 131: ...mation on the subnet In Only The ZyXEL Device only receives routing information on the subnet Out Only The ZyXEL Device only sends routing information on the subnet RIP Version Select which version of...

Страница 132: ...ses to support multicasting on the LAN Multicast packets are sent to a group of computers on the LAN and are an alternative to unicast packets packets sent to one computer and broadcast packets packet...

Страница 133: ...When the DHCP client leaves the network the DHCP servers can assign its IP address to another DHCP client The ZyXEL Device can be a DHCP server 1 In this case it provides the following information to...

Страница 134: ...Setup Enable DHCP Server Select this to let the ZyXEL Device assign IP addresses and provides subnet mask gateway and DNS server information to the network If you clear this there should be another D...

Страница 135: ...ddress of the corresponding DNS server specified in Network WAN Advanced User Defined enter a static IP address DNS Relay use the ZyXEL Device s IP address In this case the ZyXEL Device finds out the...

Страница 136: ...o begin configuring this screen afresh Table 56 DHCP Setup LABEL DESCRIPTION Table 57 Network DHCP Server Client List LABEL DESCRIPTION This field is a sequential value and it is not associated with a...

Страница 137: ...ntifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web...

Страница 138: ...specific port number and protocol incoming port the ZyXEL Device forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service clo...

Страница 139: ...might have to create a firewall rule Figure 76 Network NAT General The following table describes the labels in this screen Table 58 Network NAT General LABEL DESCRIPTION Enable Network Address Transla...

Страница 140: ...rts that are not specified in the Port Forwarding section below or in the Management Remote MGMT screens Enter 0 0 0 0 if you want the ZyXEL Device to discard these packets instead Port Forwarding Thi...

Страница 141: ...hanges back to the ZyXEL Device Reset Click this to begin configuring this screen afresh Table 59 Network NAT Port Forwarding continued LABEL DESCRIPTION Table 60 Network NAT Port Forwarding Edit LABE...

Страница 142: ...the fields in this screen Apply Click this to save your changes back to the ZyXEL Device Reset Click this to return to the previous screen without saving any changes Table 60 Network NAT Port Forward...

Страница 143: ...nd Port field If you want to delete this rule enter zero in the Start Port and End Port fields Trigger Start Port End Port Enter the outgoing port number or range of port numbers that makes the ZyXEL...

Страница 144: ...r Server rule Global End IP is N A for One to one Many to One and Server mapping types Type 1 1 One to one mode maps one local IP address to one global IP address Note that port numbers do not change...

Страница 145: ...o unique global IP addresses Server This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world Local Start IP Local End IP Enter the rang...

Страница 146: ...P 870HW I1 User s Guide 146 Chapter 10 NAT...

Страница 147: ...me an integral part of standard security solutions for enterprises Stateful inspection firewalls restrict access by screening data packets against defined access rules They make access control decisio...

Страница 148: ...ted to the LAN interface LAN to WAN By default the ZyXEL Device s stateful packet inspection drops packets traveling in the following directions WAN to LAN WAN to WAN Router This prevents computers on...

Страница 149: ...he LAN it is better to allow only certain machines on the Internet to access the LAN 11 1 4 2 Security Ramifications 1 Once the logic of the rule has been defined it is critical to consider the securi...

Страница 150: ...ns The minimum capacity of server backlog in your LAN network The CPU power of servers in your LAN network Network bandwidth Type of traffic for certain servers If your network is slower than average...

Страница 151: ...against the host Whenever the number of half open sessions with the same destination host address rises above a threshold TCP Maximum Incomplete the ZyXEL Device starts deleting half open sessions acc...

Страница 152: ...e connection as the connection has not been acknowledged Figure 83 Triangle Route Problem 11 2 2 Solving the Triangle Route Problem If you have the ZyXEL Device allow triangle route sessions traffic f...

Страница 153: ...ackets for the services at specific interfaces Protect against IP spoofing by making sure the firewall is active Keep the firewall in a secured locked room 11 3 1 Security In General You can never be...

Страница 154: ...Also use passwords that are not easy to figure out The most difficult passwords to crack are those with upper and lower case letters numbers and a symbol such as or Upgrade your software regularly Man...

Страница 155: ...N Firewall rules are grouped based on the direction of travel of packets to which they apply For example LAN to LAN Router means packets traveling from a computer subnet on the LAN to either another c...

Страница 156: ...general firewall action settings in the Security Firewall General screen This is your firewall rule number The ordering of your rules is important as rules are applied in order Active This field disp...

Страница 157: ...ing you to confirm that you want to delete the firewall rule Note that subsequent firewall rules move up by one when you take this action Order Click the Move icon to display the Move the rule to fiel...

Страница 158: ...P 870HW I1 User s Guide 158 Chapter 11 Firewalls Figure 87 Security Firewall Rules Edit...

Страница 159: ...Click Add to add a new address to the Source or Destination Address box You can add multiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select...

Страница 160: ...screen to create or edit a customized service for firewall rules To open this screen click a rules number in Security Firewall Rules Edit Edit Customized Services Apply Click this to save your change...

Страница 161: ...scovering your ZyXEL Device when unsupported ports are probed To open this screen click a rules number in Security Firewall Anti Probing Table 68 Security Firewall Rules Edit Edit Customized Services...

Страница 162: ...om finding the ZyXEL Device by probing for unused ports If you select this option the ZyXEL Device will not respond to port request s for unused ports thus leaving the unused ports and the ZyXEL Devic...

Страница 163: ...tinues to delete half open requests as necessary until the number of existing half open sessions drops below this number Maximum Incomplete High This is the number of existing half open sessions that...

Страница 164: ...yXEL Device should block new connection requests when TCP Maximum Incomplete is reached Enter the length of blocking time in minutes between 1 and 256 Apply Click this to save your changes back to the...

Страница 165: ...y to block certain web features or specific URL keywords The ZyXEL Device can block web features such as ActiveX controls Java applets cookies and disable web proxies The ZyXEL Device also allows you...

Страница 166: ...building dynamic and active Web pages and distributed object applications When you visit an ActiveX Web site ActiveX controls are downloaded to your browser where they remain in case you visit the si...

Страница 167: ...Click Delete to remove the selected keyword in the Keyword List The keyword disappears after you click Apply Clear All Click this button to remove all of the keywords in the Keyword List Denied Access...

Страница 168: ...P 870HW I1 User s Guide 168 Chapter 12 Content Filter...

Страница 169: ...key encryption in general works as follows 1 Tim wants to send a private message to Jenny Tim generates a public key pair What is encrypted with one key can only be decrypted using the other 2 Tim ke...

Страница 170: ...tes You can have the ZyXEL Device act as a certification authority and sign its own certificates 13 1 3 Certificate File Formats The ZyXEL Device supports the following formats for certification autho...

Страница 171: ...to identify this certificate It is recommended that you give each certificate a unique name Type This field displays what kind of certificate this is REQ represents a certification request and is not...

Страница 172: ...en a screen with an in depth list of information about the certificate Click a Remove icon to remove the certificate You cannot delete a certificate that is used by any features Do the following to de...

Страница 173: ...cation authority or generate a certification request To open this screen click Create in Security Certificates My Certificates Table 74 Security Certificates My Certificates Import LABEL DESCRIPTION F...

Страница 174: ...on to identify the certificate s owner by IP address domain name or e mail address Type the IP address in dotted decimal notation domain name or e mail address in the field provided The domain name or...

Страница 175: ...he Reference Number and Key if the certification authority requires them Enrollment Protocol Select the certification authority s enrollment protocol from the drop down list box Simple Certificate Enr...

Страница 176: ...essful click Return to go to the Security Certificates My Certificates screen Otherwise click Return to go to the Security Certificates My Certificates Create screen Make sure that the certification a...

Страница 177: ...ted remote host certificates Select this if you want to make this self signed certificate the default certificate Certificate Path This field displays the end entity s certificate and a list of certif...

Страница 178: ...ies may use rsa pkcs1 md5 RSA public private key encryption algorithm and the MD5 hash algorithm Valid From This field displays the date that the certificate becomes applicable The text displays in re...

Страница 179: ...ertificate into a printable form You can copy and paste a certification request into a certification authority s web page an e mail that you send to the certification authority or a text editor and sa...

Страница 180: ...ing information about the certificate s issuing certification authority such as a common name organizational unit or department organization or company and country With self signed certificates this i...

Страница 181: ...the certificate s name In addition you can also specify whether or not to check certificates from the certification authority against a list of revoked certificates To open this screen click an Edit...

Страница 182: ...authority against a Certificate Revocation List CRL Clear this to have the ZyXEL Device not check incoming certificates that are issued by this certification authority against a Certificate Revocation...

Страница 183: ...sh algorithm Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applica...

Страница 184: ...ty as being trustworthy Certificate in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII charac...

Страница 185: ...e index number The certificates are listed in alphabetical order Name This field displays the name used to identify this certificate Subject This field displays identifying information about the certi...

Страница 186: ...ars 3 Click the Details tab 4 Scroll down to the Thumbprint Algorithm and Thumbprint fields Figure 104 Certificate Details Verify over the phone for example that the remote host has the same informati...

Страница 187: ...change the certificate s name To open this screen click an Edit icon in Security Certificates Trusted Remote Hosts Table 81 Security Certificates Trusted Remote Host Import LABEL DESCRIPTION File Path...

Страница 188: ...n the hierarchy of certification authorities that validate a certificate s issuing certification authority For a trusted host the list consists of the end entity s own certificate and the default self...

Страница 189: ...n be used to sign certificates and KeyEncipherment means that the key can be used to encrypt text Basic Constraint This field displays general information about the certificate For example Subject Typ...

Страница 190: ...ESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device s PKI storage space that is currently in use The bar turns from green to red when the maximum is being approach...

Страница 191: ...ver LDAP Lightweight Directory Access Protocol is a protocol over TCP that specifies how clients access directories of certificates and lists of revoked certificates Server Address Type the IP address...

Страница 192: ...your changes to the ZyXEL Device Cancel Click this to return to the previous screen without saving any changes a At the time of writing LDAP is the only choice of directory server access protocol Tabl...

Страница 193: ...gure through remote node Router 1 However the ZyXEL Device is unable to route a packet to network N3 because it doesn t know that there is a route through the same remote node Router 1 via gateway Rou...

Страница 194: ...in order and it only follows the first one that applies Name This field displays the name that describes the static route Active This field shows whether this static route is active Yes or not No Des...

Страница 195: ...ange of destination IP addresses that this static route affects If this static route affects only one IP address enter 255 255 255 255 Gateway IP Address Enter the IP address of the gateway to which t...

Страница 196: ...P 870HW I1 User s Guide 196 Chapter 14 Static Route...

Страница 197: ...it you can specify for each application according to the priorities that you assign to each application Assign real time applications like those using audio or video a higher priority number to provid...

Страница 198: ...marketing applications 1536 kbps extra to each for a total of 3584 kbps for each because they both have the highest priority level Research requires more bandwidth but only gets its budgeted 2048 kbps...

Страница 199: ...of their allocated bandwidth Suppose you try to browse the web too In this case VoIP NetMeeting and FTP all have higher priority so they get to use the bandwidth first You can only browse the web when...

Страница 200: ...P 870HW I1 User s Guide 200 Chapter 15 Bandwidth MGMT Figure 112 Management Bandwidth MGMT Configuration...

Страница 201: ...his number lower than the interface s actual transmission speed However this will cause the ZyXEL Device to not use some of the interface s available bandwidth WAN BW Budget kbps Enter the amount of b...

Страница 202: ...ndwidth MGMT Configuration Edit Priority Select a priority from the drop down list box Choose High Mid or Low Modify Use this field to edit or erase the rule Click the Edit icon to open the Edit Bandw...

Страница 203: ...of the bandwidth filter fields other than enabling or disabling the filter SIP Session Initiation Protocol is a signaling protocol used in Internet telephony instant messaging and other VoIP Voice ove...

Страница 204: ...ent Bandwidth MGMT Monitor Source Port Enter the port number of the source Protocol Select the protocol TCP or UDP or select User defined and enter the protocol service type number A blank protocol ID...

Страница 205: ...management session of lower priority when another remote management session of higher priority starts The priorities for the different types of remote management sessions are as follows 1 Telnet 2 HTT...

Страница 206: ...not time out when a statistics screen is polling You can change the timeout period in the SYSTEM General screen 16 1 4 SNMP Simple Network Management Protocol SNMP is a protocol used for exchanging m...

Страница 207: ...gent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of a table from an agent it initiates...

Страница 208: ...1 6 3 1 1 5 2 This trap is sent after booting software reboot This trap is defined in RFC 1215 linkDown 1 3 6 1 6 3 1 1 5 3 This trap is sent when the Ethernet link is down linkUp 1 3 6 1 6 3 1 1 5 4...

Страница 209: ...s through which a computer may access the ZyXEL Device using this service Secured Client IP Address Select All to allow any computer to access the ZyXEL Device using this service Select Selected to on...

Страница 210: ...lnet LABEL DESCRIPTION Server Port Enter the port number this service can use to access the ZyXEL Device The computer must use the same port number Server Access Select the interface s through which a...

Страница 211: ...use to access the ZyXEL Device The computer must use the same port number Server Access Select the interface s through which a computer may access the ZyXEL Device using this service Secured Client I...

Страница 212: ...SNMP manager The default is public and allows all requests Trap Destination Type the IP address of the station to which send SNMP traps SNMP Service Port Enter the port number this service can use to...

Страница 213: ...agement Remote MGMT DNS LABEL DESCRIPTION Server Port This field is read only It displays the port number this service uses to access the ZyXEL Device The computer must use the same port number Server...

Страница 214: ...from the LAN or the WAN Do not respond to requests for unauthorized services Select this to prevent outsiders from discovering your ZyXEL Device by sending requests to unsupported port numbers If an...

Страница 215: ...domain name See Table 102 on page 216 for detailed descriptions of the commands Figure 123 Enabling TR 069 Table 101 Management Remote MGMT SSH LABEL DESCRIPTION Server Host Key Select the certificat...

Страница 216: ...e server and must be provided by the CNM Access administrator password maxlength 15 Password used to authenticate the device when making a connection to CNM Access This password is set up on the serve...

Страница 217: ...Selecting the icon of a UPnP device will allow you to access the information and properties of that device 17 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to o...

Страница 218: ...click Management UPnP General Figure 124 Management UPnP The following table describes the fields in this screen Table 103 Configuring UPnP LABEL DESCRIPTION Enable the Universal Plug and Play UPnP F...

Страница 219: ...onents selection box Click Details Figure 125 Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection bo...

Страница 220: ...talling UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advance...

Страница 221: ...W I1 User s Guide Chapter 17 UPnP 221 Figure 128 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play check box Figure 129 Networking Se...

Страница 222: ...UPnP activated on the ZyXEL Device Make sure the computer is connected to a LAN port of the ZyXEL Device Turn on your computer and the ZyXEL Device Auto discover Your UPnP enabled Network Device 1 Cl...

Страница 223: ...P 870HW I1 User s Guide Chapter 17 UPnP 223 Figure 131 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings...

Страница 224: ...ettings Figure 133 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6 Select Show...

Страница 225: ...gurator Easy Access With UPnP you can access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the IP ad...

Страница 226: ...17 UPnP Figure 136 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and select Invoke The we...

Страница 227: ...7 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Figure 138 Netw...

Страница 228: ...P 870HW I1 User s Guide 228 Chapter 17 UPnP...

Страница 229: ...r View system information and then click the Computer Name tab Note the entry in the Full computer name field and enter it as the ZyXEL Device System Name 18 1 2 Dynamic DNS Overview Dynamic DNS allow...

Страница 230: ...ate and time manually the ZyXEL Device updates the current date and time when you save changes in Maintenance System Time Setting or SMT menu 24 10 see Section 36 4 on page 335 18 2 General System Scr...

Страница 231: ...eter can be left idle before the session times out After it times out you have to log in with your password again Very long idle timeouts may have security risks A value of 0 means a management sessio...

Страница 232: ...Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in the field separate them with a comma User Name Type the user name for your Dyna...

Страница 233: ...ver With this feature the DDNS server automatically detects and uses the IP address of the appropriate NAT router that has a public IP address Note The DDNS server may not be able to detect the proper...

Страница 234: ...you set Time and Date Setup to Manual enter the new date in this field and then click Apply Get from Time Server Select this radio button to have the ZyXEL Device get the time and date from the time...

Страница 235: ...s one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The o clock field uses the 24 hour format Here are a coup...

Страница 236: ...P 870HW I1 User s Guide 236 Chapter 18 System...

Страница 237: ...evice send them to an administrator as e mail or to a syslog server 19 1 1 Alerts and Logs An alert is a type of log that warrants more serious attention They include system errors attacks access cont...

Страница 238: ...to view select All Logs to look at logs The drop down list box only lists categories that you select in the Log Settings screen Email Log Now Click this to send the log screen to the e mail address sp...

Страница 239: ...ON E mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert messages will not be s...

Страница 240: ...he week the E mail should be sent If you select When Log is Full an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Log Use the drop down list box to se...

Страница 241: ...essful upload the system will reboot To open this screen click Maintenance Tools Firmware Figure 144 Maintenance Tools Firmware The following table describes the labels in this screen Note Do NOT turn...

Страница 242: ...Figure 146 Upload Firmware Network Temporarily Disconnected Log in again and check your new firmware version in the Status screen If the upload was not successful the following screen appears Click Re...

Страница 243: ...tion file will be useful in case you need to return to your previous settings Backup Click this to save the ZyXEL Device s current configuration to your computer Restore Configuration File Path Type i...

Страница 244: ...EL Device is different in the new configuration you may need to change the IP address in your browser and maybe put your computer in the same subnet as the ZyXEL Device See the appendix for details on...

Страница 245: ...P 870HW I1 User s Guide Chapter 20 Tools 245 Figure 152 Restart Screen Click Restart to have the ZyXEL Device reboot...

Страница 246: ...P 870HW I1 User s Guide 246 Chapter 20 Tools...

Страница 247: ...to access the SMT Follow these steps 1 In Windows click Start Run 2 Type telnet w x y z and click OK w x y z is the IP address of the ZyXEL Device the default address is 192 168 1 1 The ZyXEL Device...

Страница 248: ...Setup 21 Filter and Firewall Setup 2 WAN Setup 22 SNMP Configuration 3 LAN Setup 23 System Security 4 Internet Access Setup 24 System Maintenance 25 IP Routing Policy Setup 26 Schedule Setup Advanced...

Страница 249: ...ilter sets for the WAN port 11 1 5 Traffic Redirect Setup Use this menu to set up a backup router if you have one in case the ZyXEL Device cannot access the Internet 12 Static Routing Setup Use this m...

Страница 250: ...tion 24 2 System Information and Console Port Speed 24 2 1 Information Use this menu to look at basic device information and LAN interface settings 24 2 2 Change Console Port Speed Use this menu to ch...

Страница 251: ...nfigure policy routes 25 1 1 IP Routing Policy Setup Use this menu to specify the ports from which traffic comes to which the policy routes apply 26 Schedule Setup Use this menu to look at the schedul...

Страница 252: ...new configuration All fields with ChangeMe must not be left blank in order to be able to save the new configuration N A fields N A Some of the fields in the SMT will show a N A This symbol refers to a...

Страница 253: ...NS No Table 113 Menu 1 General Setup FIELD DESCRIPTION System Name Choose a descriptive name for identification purposes It is recommended you enter your computer s Computer name in this field This na...

Страница 254: ...your network Enter the IP address in the field below Select None if you do not want to use this DNS server If you select None for all of the DNS servers you must use IP addresses to configure the ZyXE...

Страница 255: ...DNS Wildcard Enable Off Line Option This option is available when CustomDNS is selected in the DDNS Type field Check with your Dynamic DNS service provider to have traffic redirected to a URL that you...

Страница 256: ...P 870HW I1 User s Guide 256 Chapter 22 General Setup...

Страница 257: ...Address N A Table 116 Menu 2 WAN Setup FIELD DESCRIPTION MAC Address Assigned By Select IP address attached on LAN if you want the ZyXEL Device to use the MAC address of another computer instead of it...

Страница 258: ...P 870HW I1 User s Guide 258 Chapter 23 WAN Setup...

Страница 259: ...following table describes the labels in this menu Menu 3 1 LAN Port Filter Setup Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Table 117 Menu 3 1...

Страница 260: ...DHCP Select what type of DHCP service the ZyXEL Device provides to the network Choices are None the ZyXEL Device does not provide any DHCP services There is already a DHCP server on the network Relay...

Страница 261: ...strator If they did not provide one use the default value RIP Direction Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet None The ZyXEL Device d...

Страница 262: ...ort IP Address Enter the IP address of the ZyXEL Device on the subnet IP Subnet Mask Enter the subnet mask of the subnet RIP Direction Use this field to control how much routing information the ZyXEL...

Страница 263: ...send or receive routing information on the subnet Both The ZyXEL Device sends and receives routing information on the subnet In Only The ZyXEL Device only receives routing information on the subnet Ou...

Страница 264: ...he ZyXEL Device s new settings Hide ESSID Select this check box to hide the ESSID so a station cannot get the ESSID through scanning using a site survey tool Channel ID Set the operating frequency or...

Страница 265: ...8 00 00 00 00 00 00 30 00 00 00 00 00 00 7 00 00 00 00 00 00 19 00 00 00 00 00 00 31 00 00 00 00 00 00 8 00 00 00 00 00 00 20 00 00 00 00 00 00 32 00 00 00 00 00 00 9 00 00 00 00 00 00 21 00 00 00 00...

Страница 266: ...P 870HW I1 User s Guide 266 Chapter 24 LAN Setup...

Страница 267: ...ation your ISP uses If you select PPPoE and then save your changes the ZyXEL Device asks you if you want to test the settings The next fields are only available if your ISP uses PPPoE encapsulation My...

Страница 268: ...ess Translation Select None if you do not want to use port forwarding trigger ports or NAT Select SUA Only if you want to use one or more of these features and have only one WAN IP address for your Zy...

Страница 269: ...Route IP Active Yes Encapsulation PPPoE Edit IP No Telco Option Service Name Allocated Budget min 0 Outgoing Period hr 0 My Login hello Schedules My Password Nailed Up Connection No Retype to Confirm...

Страница 270: ...f the ZyXEL Device within a certain period of time When the total outgoing call time exceeds the limit the current call will be dropped and any future outgoing calls will be blocked Period hr Enter ho...

Страница 271: ...ur ISP These fields appear if you selected PPPoE in Encapsulation in menu 11 Rem IP Addr Enter the IP address of the remote peer computer to which the ZyXEL Device connects Rem Subnet Mask Enter the s...

Страница 272: ...rough this connection Out Only The ZyXEL Device only sends routing information through this connection Version Select which version of RIP the ZyXEL Device uses when it sends or receives information o...

Страница 273: ...125 Menu 11 1 4 Remote Node Filter FIELD DESCRIPTION Input Filter Sets protocol filters Enter up to four filter sets If you enter more than one separate each one with a comma device filters Enter up...

Страница 274: ...hop count as the measurement of cost with a minimum of 1 for directly connected networks The number must be between 1 and 15 a number greater than 15 means the link is down The smaller the number the...

Страница 275: ...34 ________ 49 ________ 5 ________ 20 ________ 35 ________ 50 ________ 6 ________ 21 ________ 36 ________ 7 ________ 22 ________ 37 ________ 8 ________ 23 ________ 38 ________ 9 ________ 24 ________ 3...

Страница 276: ...et Mask Enter the subnet mask that defines the range of destination IP addresses that this static route affects If this static route affects only one IP address enter 255 255 255 255 Gateway IP Addres...

Страница 277: ...n this menu enter a local user profile number in Enter Menu Selection Number in menu 14 Menu 14 Dial in User Setup 1 ________ 9 ________ 17 ________ 25 ________ 2 ________ 10 ________ 18 ________ 26 _...

Страница 278: ...er Name Active No Password Table 130 Menu 14 1 Edit Dial in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile This field is case sensitive A...

Страница 279: ...els in this menu 29 2 Address Mapping Rules Use this menu to look at network address translation mapping rules See Chapter 10 on page 137 for background information To open this menu select one of the...

Страница 280: ...descriptive name for the NAT mapping rules Idx This is the rule index number Local Start IP Local End IP This is the range of IP addresses on the LAN port Local Start IP is N A for Server port mapping...

Страница 281: ...s Single User Account feature that previous ZyXEL routers supported only M M Ov Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addresses MM No No Overload Man...

Страница 282: ...supported only Many to Many Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addresses Many to Many No Overload Many to Many No Overload mode maps each local I...

Страница 283: ...for ports that are not specified in the section below or in menu 24 11 remote management Enter 0 0 0 0 if you want the ZyXEL Device to discard these packets instead Rule This field is a sequential val...

Страница 284: ...ortant however The ZyXEL Device checks each active rule in order and it only follows the first one that applies Name Enter a name to identify this rule You can use 1 31 printable ASCII characters or y...

Страница 285: ...the ZyXEL Device records To forward one port number enter the port number in the Start Port and End Port fields To forward a range of ports enter the port number at the beginning of the range in the S...

Страница 286: ...P 870HW I1 User s Guide 286 Chapter 29 NAT Setup...

Страница 287: ...pass Data filters are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the LAN side Call...

Страница 288: ...r rules and protocol filter rules within the same set You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six rules you can h...

Страница 289: ...multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port 30 2 Configuring a Filter Set The ZyXEL Device includes filtering for...

Страница 290: ...eld and press ENTER Press ENTER at the message Press ENTER to confirm to open Menu 21 1 1 Filter Rules Summary Menu 21 Filter and Firewall Setup 1 Filter Setup 2 Firewall Setup Menu 21 1 Filter Set Co...

Страница 291: ...y Menu FIELD DESCRIPTION The filter rule number 1 to 6 A Active Y means the rule is active N means the rule is inactive Type The type of filter rule GEN for Generic IP for TCP IP Filter Rules These pa...

Страница 292: ...rovided for protocol and device filter sets If you include a protocol filter set in a device filter field or vice versa the ZyXEL Device will warn you and will not allow you to save 30 2 2 Configuring...

Страница 293: ...re used to filter IP packets while generic filter rules allow filtering of non IP packets Generic Filter Rule TCP IP Filter Rule Active Press SPACE BAR and then ENTER to select Yes to activate the fil...

Страница 294: ...s SPACE BAR and then ENTER to select Yes to have the rule match packets that want to establish a TCP connection SYN 1 and ACK 0 if No it is ignored Yes No More Press SPACE BAR and then ENTER to select...

Страница 295: ...185 Executing an IP Filter 30 2 3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule The purpose of generic rules is to allow you to filter non IP packets...

Страница 296: ...adecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4 the value in either field will take 8 digits for example FFFFFFFF To configure a generic rule selec...

Страница 297: ...Length Enter the byte count of the data portion in the packet that you wish to compare The range for this field is 0 to 8 0 8 Mask Enter the mask in Hexadecimal notation to apply to the data portion...

Страница 298: ...mmary 6 Enter 1 to configure the first filter rule the only filter rule of this set Make the entries in this menu as shown in the following figure Figure 188 Example Filter Menu 21 1 3 1 Select Yes fr...

Страница 299: ...et Figure 189 Example Filter Rules Summary Menu 21 1 3 This shows you that you have configured and activated A Y a TCP IP filter rule Type IP Pr 6 for destination telnet ports DP 23 M N means an actio...

Страница 300: ...r any other hardware port The following diagram illustrates this Figure 190 Protocol and Device Filter Sets 30 5 Firewall Versus Filters Firewall configuration is discussed in the firewall chapters of...

Страница 301: ...ure 192 Filtering Remote Node Traffic Use this menu to set up your Internet connection input and output filter sets for the WAN port advanced features for the WAN port or a backup gateway 30 7 Remote...

Страница 302: ...SP did not provide one My Login Enter the user name provided by your ISP My Password Enter the password provided by your ISP Retype to Confirm Enter the password again Authen This field appears if you...

Страница 303: ...t and output filter sets for the WAN port press SPACE BAR to select Yes and press ENTER Menu 11 1 4 appears Idle Timeout sec Enter the number of seconds the ZyXEL Device should wait while there is no...

Страница 304: ...P 870HW I1 User s Guide 304 Chapter 30 Filter Setup...

Страница 305: ...te the firewall Select No to deactivate the firewall Menu 21 2 Firewall Setup The firewall protects against Denial of Service DoS attacks when it is active Your network is vulnerable to attacks when t...

Страница 306: ...P 870HW I1 User s Guide 306 Chapter 31 Firewall Setup...

Страница 307: ...on FIELD DESCRIPTION Get Community Enter the password for incoming Get requests and GetNext requests from the management station The default is public and allows all requests Set Community Enter the p...

Страница 308: ...P 870HW I1 User s Guide 308 Chapter 32 SNMP Configuration...

Страница 309: ...y Change Password The following table describes the labels in this menu 33 2 RADIUS Server Use this menu to configure a RADIUS server to use for wireless user authentication See Chapter 6 on page 93 f...

Страница 310: ...Port Enter the port number of the external authentication server You need not change this value unless your network administrator instructs you to do so Shared Secret Enter a password up to 31 alphanu...

Страница 311: ...end usernames and passwords in order to stay connected Enter a time interval between 10 and 9999 seconds Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wireless ne...

Страница 312: ...vice might be reduced WPA Broadcast Multicast Key Update Timer This is the rate at which the ZyXEL Device sends a new group key to all clients This process changes the WEP key on a regular basis Enter...

Страница 313: ...atus 10 57 51 Wed Jun 07 2006 Port Status TxPkts RxPkts Cols Tx B s Rx B s Up Time WAN Down 124 0 0 0 0 0 00 00 LAN 100M Full 9290 8691 0 272 128 1 48 14 WLAN Down 402 332 0 0 0 0 00 07 Port Ethernet...

Страница 314: ...is the number of collisions on this port Tx B s This field displays the number of bytes transmitted in the last second Rx B s This field displays the number of bytes received in the last second Up Ti...

Страница 315: ...CP Server Table 147 Menu 24 2 1 System Maintenance Information FIELD DESCRIPTION Name This is the system name and domain name used for identification purposes Routing This field displays the type of r...

Страница 316: ...able 148 Menu 24 2 2 System Maintenance Change Console Port Speed FIELD DESCRIPTION Console Port Speed Select the console port speed Menu 24 3 2 System Maintenance Syslog Logging Syslog Active No Sysl...

Страница 317: ...e IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x002C 44 Identification 0x0002 2 Flags 0x00 Fragment Offset 0x00 Time to Live 0xFE 254 Protocol 0x06 TCP Header Checksum...

Страница 318: ...ress in the Host IP Address field WAN DHCP Release Select this if you want to release the IP address subnet mask and other network information provided by the DHCP server WAN DHCP Renewal Select this...

Страница 319: ...e saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename extension With...

Страница 320: ...kup is highly recommended once your ZyXEL Device is functioning properly FTP is the preferred method although TFTP can also be used Please note that the terms download and upload are relative to the c...

Страница 321: ...ZyXEL Device to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the FTP prompt Menu 24 5 Backup Configuration To...

Страница 322: ...ests only from this address 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 z...

Страница 323: ...transfer mode use this mode when transferring binary files host is the ZyXEL Device IP address get transfers the file source on the ZyXEL Device rom 0 name of the configuration file on the ZyXEL Devic...

Страница 324: ...ows you to restore the configuration via FTP or TFTP to your ZyXEL Device The preferred method is FTP Note that this function erases the current configuration before restoring the previous backup conf...

Страница 325: ...ration file Please be aware that uploading the configuration file replaces everything contained within Menu 24 6 Restore Configuration To transfer the firmware and the configuration file follow the pr...

Страница 326: ...System Maintenance Upload System Firmware To upload the system firmware follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your system Then type a...

Страница 327: ...m 0 config rom transfers the configuration file on the ZyXEL Device to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to...

Страница 328: ...ut so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute SMT timeout default when the file transfer is complete 4 Launch the TFTP client on your computer an...

Страница 329: ...rial communications program should work fine however you must use the Xmodem protocol to perform the download upload 35 4 7 Uploading Firmware File Via Console Port Note The console port is internal a...

Страница 330: ...ed the ZyXEL Device will automatically restart 35 4 9 Uploading Configuration File Via Console Port Note The console port is internal and reserved for technician use only 1 Select 2 from Menu 24 7 Sys...

Страница 331: ...enu 24 7 2 System Maintenance Upload System Configuration File To upload system configuration file 1 Enter y at the prompt below to go into debug mode 2 Enter atlc after Enter Debug Mode message 3 Wai...

Страница 332: ...P 870HW I1 User s Guide 332 Chapter 35 System Maintenance 24 5 24 7...

Страница 333: ...the main system firmware The CI provides much of the same functionality as the SMT while adding some low level setup and diagnostic functions A list of valid commands can be found by entering help or...

Страница 334: ...Elapsed Time Total Period 1 ChangeMe No Budget No Budget Reset Node 0 to update screen Table 154 Menu 24 9 1 Budget Management FIELD DESCRIPTION Remote Node This field displays the name of the ISP Co...

Страница 335: ...nu 24 9 2 Call History FIELD DESCRIPTION Phone Number This field displays the PPPoE service name Dir This field displays whether the call was incoming or outgoing Rate This field displays the transfer...

Страница 336: ...e between them is the format Daytime RFC 867 format is day month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 T...

Страница 337: ...MT or UTC So in the European Union you would select March Last Sunday The time you type in the last field depends on your time zone In Germany for instance you would type 2 because Germany s time zone...

Страница 338: ...servers and services Port Enter the port number this service can use to access the ZyXEL Device The computer must use the same port number Access Select the interface s through which a computer may ac...

Страница 339: ...gs IPPR allows organizations to distribute interactive traffic on high bandwidth high cost paths while using low cost paths for batch traffic Load Sharing Network administrators can use IPPR to distri...

Страница 340: ...________________________________ _____________________________________________________________________ 005 N _____________________________________________________________________ _____________________...

Страница 341: ...Menu 25 IP Routing Policy Summary Abbreviations continued ABBREVIATION MEANING Menu 25 1 IP Routing Policy Setup Rule Index 1 Active No Criteria IP Protocol 0 Type of Service Don t Care Packet length...

Страница 342: ...e only for TCP UDP Destination addr start end Destination IP address range from start to end port start end Destination port number range from start to end applicable only for TCP UDP Action Specifies...

Страница 343: ...esents the default IP route and route 2 represents the configured IP route Figure 228 IP Routing Policy Example To force Web packets coming from clients with IP addresses of 192 168 1 33 to 192 168 1...

Страница 344: ...rom any host IP 0 0 0 0 means any host with protocol TCP and port FTP access through another gateway 192 168 1 100 Menu 25 1 IP Routing Policy Setup Rule Index 1 Active Yes Criteria IP Protocol 6 Type...

Страница 345: ...1 IP Routing Policy Setup Rule Index 2 Active No Criteria IP Protocol 6 Type of Service Don t Care Packet length 10 Precedence Don t Care Len Comp Equal Source addr start 0 0 0 0 end N A port start 0...

Страница 346: ...P 870HW I1 User s Guide 346 Chapter 37 IP Routing Policy Setup...

Страница 347: ...ows the ZyXEL Device to manage a remote node and dictate when a remote node should be called and for how long This feature is similar to the scheduler that lets you specify a time period to record a t...

Страница 348: ...___ 11 _______________ 6 _______________ 12 _______________ Enter Schedule Set Number to Configure 0 Edit Name N A Table 162 Menu 26 Schedule Setup FIELD DESCRIPTION 1 12 This field shows the beginnin...

Страница 349: ...in year month date format Valid dates are from the present to 2036 February 5 Start Date Should this schedule set recur weekly or be used just once only Press the SPACE BAR and then ENTER to select O...

Страница 350: ...a demand call on the line and will persist for the time period specified in the Duration field Forced Down means that the connection is blocked whether or not there is a demand call on the line Enabl...

Страница 351: ...Device s power adaptor is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure that the ZyXEL Device and the power source are both turned on Turn the ZyXEL Device off...

Страница 352: ...word the MAC address or the host name Make sure you have provided the correct user name and password if required in Network WAN Internet Connection Try spoofing your computer s MAC address in Network...

Страница 353: ...ble 167 Troubleshooting Accessing the ZyXEL Device PROBLEM CORRECTIVE ACTION I cannot access the ZyXEL Device The default password is 1234 If you have changed the password and have now forgotten it yo...

Страница 354: ...ps check box in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 234 Internet Options 3 Click Apply to save this setting 39 4 1 1 2 Enable pop...

Страница 355: ...shooting 355 Figure 235 Internet Options 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 1 1 4 Click Add to move th...

Страница 356: ...Click Close to return to the Privacy screen 6 Click Apply to save this setting 39 4 1 2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScript...

Страница 357: ...237 Internet Options 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that...

Страница 358: ...s Java Scripting 39 4 1 3 Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java pe...

Страница 359: ...hooting 359 Figure 239 Security Settings Java 39 4 1 3 1 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun...

Страница 360: ...ownload ActiveX controls or to use Trend Micro Security Services Make sure that ActiveX controls are allowed in Internet Explorer Screen shots for Internet Explorer 6 are shown Steps may vary dependin...

Страница 361: ...41 Internet Options Security 3 Scroll down to ActiveX controls and plug ins 4 Under Download signed ActiveX controls select the Prompt radio button 5 Under Run ActiveX controls and plug ins make sure...

Страница 362: ...P 870HW I1 User s Guide 362 Chapter 39 Troubleshooting Figure 242 Security Setting ActiveX Controls...

Страница 363: ...ice Specifications Default IP Address 192 168 1 1 Default Subnet Mask 255 255 255 0 24 bits Default Password 1234 Dimensions W x D x H 205 mm L x 160 mm D x 45 mm H Power Specification 12 V AC 1 3 A B...

Страница 364: ...P 870HW I1 User s Guide 364 Appendix A Product Specifications...

Страница 365: ...ude the software components you need to install and use TCP IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on comp...

Страница 366: ...Microsoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you ne...

Страница 367: ...apter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP addres...

Страница 368: ...save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Restart your computer when prompted Verifying Settings 1 Click Start and then Run...

Страница 369: ...mputer s IP Address Figure 246 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 247 Windows XP Control Panel 3 Ri...

Страница 370: ...eral tab in Win XP and then click Properties Figure 249 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a d...

Страница 371: ...click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional def...

Страница 372: ...e General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server...

Страница 373: ...Close the Network Connections window Network and Dial up Connections in Windows 2000 NT 11Restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command...

Страница 374: ...how list Click the TCP IP tab 3 For dynamically assigned settings select Using DHCP from the Configure list Figure 254 Macintosh OS X Network 4 For statically assigned settings do the following From t...

Страница 375: ...may vary depending on your Linux distribution and release version Note Make sure you are logged in as the root administrator Using the K Desktop Environment KDE Follow the steps below to configure you...

Страница 376: ...ddresses and fill in the Address Subnet mask and Default Gateway Address fields 3 Click OK to save the changes and close the Ethernet Device General screen 4 If you know your DNS server IP address es...

Страница 377: ...configuration file where eth0 is the name of the Ethernet card Open the configuration file with any plain text editor If you have a dynamic IP address enter dhcp in the BOOTPROTO field The following...

Страница 378: ...al screen to check your TCP IP properties Figure 263 Red Hat 9 0 Checking TCP IP Properties DEVICE eth0 ONBOOT yes BOOTPROTO static IPADDR 192 168 1 10 NETMASK 255 255 255 0 USERCTL no PEERDNS yes TYP...

Страница 379: ...ed calls You can configure NetBIOS filters to do the following Allow or disallow the sending of NetBIOS packets from the LAN to the WAN and from the WAN to the LAN Allow or disallow the sending of Net...

Страница 380: ...initiating calls Disabled type Identify which NetBIOS filter numbered 0 3 to configure 0 Between LAN and WAN 3 IPSec packet pass through 4 Trigger Dial on off For type 0 and 1 use on to enable the fil...

Страница 381: ...rk while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the location of a host while global local refers t...

Страница 382: ...protection With no servers defined your ZyXEL Device filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC...

Страница 383: ...aps one local IP address to one global IP address Many to One In Many to One mode the ZyXEL Device maps multiple local IP addresses to one global IP address This is equivalent to SUA i e PAT port addr...

Страница 384: ...t may be implemented on a router in front of the ZyXEL Device Full Cone Restricted Cone Port Restricted Cone Symmetric Table 171 NAT Mapping Types TYPE IP MAPPING ABBREVIATION One to One ILA1 IGA1 1 1...

Страница 385: ...ess 2 and port B and sends them to IP address 1 port A Table 172 NAT Types FULL CONE RESTRICTED CONE PORT RESTRICTED CONE SYMMETRIC Incoming Packets Any external host can send packets to the mapped ex...

Страница 386: ...router handles packets coming in from the external network A host on the external network IP address 3 or IP address 4 for example can only send packets to the internal host if the internal host has...

Страница 387: ...restricted cone NAT router handles packets coming in from the external network A host on the external network IP address 3 and Port C for example can only send packets to the internal host if the int...

Страница 388: ...g example the NAT router maps the ZyXEL Device s source address IP address 1 and port A to IP address 2 and port B on the external network for packets sent to IP address 3 and port B The NAT router us...

Страница 389: ...ter to the outside world You may enter a single port number or a range of port numbers to be forwarded and the local IP address of the desired server The port number identifies a service for example w...

Страница 390: ...P 870HW I1 User s Guide 390 Appendix D NAT...

Страница 391: ...sets rules config display firewall set set This command shows the current configuration of a set including timeout values name default permit and etc If you don t put use a number after set informati...

Страница 392: ...te 0 59 This command sets the minute of the hour for the firewall log to be sent via e mail if the ZyXEL Device is set to send it on a hourly daily or weekly basis Attack config edit firewall attack s...

Страница 393: ...set Config edit firewall set set default permit forward block This command sets whether a packet is dropped or allowed through when it does not meet a rule within the set Config edit firewall set set...

Страница 394: ...Config edit firewall set set rule rule alert yes no This command sets whether or not the ZyXEL Device sends an alert e mail when a DOS attack or a violation of a particular rule occurs config edit fi...

Страница 395: ...a rule to have the ZyXEL Device check for TCP traffic with a destination port in this range config edit firewall set set rule rule UDP destport single port This command sets a rule to have the ZyXEL D...

Страница 396: ...P 870HW I1 User s Guide 396 Appendix E Firewall Commands...

Страница 397: ...lnet Successful FTP login Someone has logged on to the router via ftp FTP login failed Someone has failed to log on to the router via ftp NAT Session Table is Full The maximum number of NAT session ta...

Страница 398: ...face Table 176 Access Control Logs LOG MESSAGE DESCRIPTION Firewall default policy TCP UDP IGMP ESP GRE OSPF Packet Direction Attempted TCP UDP IGMP ESP GRE OSPF access matched the default policy and...

Страница 399: ...inutes UDP idle timeout 3 minutes TCP connection three way handshaking timeout 270 seconds TCP FIN wait timeout 2 MSL Maximum Segment Lifetime set in the TCP header TCP idle established timeout s 150...

Страница 400: ...P reply packet to the sender Table 180 CDR Logs LOG MESSAGE DESCRIPTION board d line d channel d call d s C01 Outgoing Call dev x ch x s The router received the setup requirements for a call call is t...

Страница 401: ...ontent filter server responded that the web site is in the blocked category list but it did not return the category type s s The content filter server responded that the web site is in the blocked cat...

Страница 402: ...ewall detected an ICMP echo attack For type and code details see Table 191 on page 409 syn flood TCP The firewall detected a TCP syn flood attack ports scan TCP The firewall detected a TCP port scan a...

Страница 403: ...iled during IKE phase 2 because the router and the peer s Local Remote Addresses don t match Verifying Local ID failed The connection failed during IKE phase 2 because the router and the peer s Local...

Страница 404: ...s Remote Address This information conflicted with static rule d thus the connection is not allowed Phase 1 ID type mismatch This router s Peer ID Type is different from the peer IPSec router s Local...

Страница 405: ...e router and the peer Rule d Phase 2 encapsulation mismatch The listed rule s IKE phase 2 encapsulation did not match between the router and the peer Rule d Phase 2 pfs mismatch The listed rule s IKE...

Страница 406: ...t subject name The router received a certification authority certificate with subject name as recorded from the LDAP server whose IP address and port are recorded in the Source field Rcvd user cert su...

Страница 407: ...1 Algorithm mismatch between the certificate and the search constraints 2 Key usage mismatch between the certificate and the search constraints 3 Certificate was not valid in the time interval 4 Not u...

Страница 408: ...expired User logout because of user deassociation The router logged out a user who ended the session User logout because of no authentication response from user The router logged out a user from whic...

Страница 409: ...ion Unreachable 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don t Fragment DF 5 Source route f...

Страница 410: ...by the system RAS displays as the system name if you haven t configured one when the router generates a syslog The facility is defined in the web MAIN MENU LOGS Log Settings page The severity is the l...

Страница 411: ...to decide what to record Use 0 to not record logs for that category 1 to record only logs for that category 2 to record only alerts for that category and 3 to record both logs and alerts for that cate...

Страница 412: ...access time source destination notes message 0 06 08 2004 05 58 21 172 21 4 154 224 0 1 24 ACCESS BLOCK Firewall default policy IGMP W to W ZW 1 06 08 2004 05 58 20 172 21 3 56 239 255 255 250 ACCESS...

Страница 413: ...EL Device boot module commands as shown in the next screen ATBAx allows you to change the console port speed The x denotes the number preceding the colon to give the console port speed following the c...

Страница 414: ...x y dump memory contents from address x for length y ATRBx display the 8 bit value of address x ATRWx display the 16 bit value of address x ATRLx display the 32 bit value of address x ATGO x run progr...

Страница 415: ...it again to the same device or another one See the following sections for details The Configuration Text File Format All Internal SPTGEN text files conform to the following format field identificatio...

Страница 416: ...n page 415 Figure 275 Invalid Parameter Entered Command Line Example The ZyXEL Device will display the following if you enter parameter s that are valid Figure 276 Valid Parameter Entered Command Line...

Страница 417: ...t file from your computer to the ZyXEL Device using the put command 4 Exit this FTP application Figure 278 Internal SPTGEN FTP Upload Example c ftp 192 168 1 1 220 PPP FTP version 1 0 ready at Sat Ja...

Страница 418: ...10000001 System Name Str Your Device 10000002 Location Str 10000003 Contact Person s Name Str 10000004 Route IP 0 No 1 Yes 1 10000006 Bridge 0 No 1 Yes 0 Table 196 Menu 3 Menu 3 1 General Ethernet Se...

Страница 419: ...ary DNS Server 0 0 0 0 30200005 Secondary DNS Server 0 0 0 0 30200006 Remote DHCP Server 0 0 0 0 30200008 IP Address 172 21 2 200 30200009 IP Subnet Mask 16 30200010 RIP Direction 0 None 1 Both 2 In O...

Страница 420: ...oing protocol filters Set 4 256 30201014 IP Alias 2 0 No 1 Yes 0 30201015 IP Address 0 0 0 0 30201016 IP Subnet Mask 0 30201017 RIP Direction 0 None 1 Both 2 In Only 3 Out Only 0 30201018 Version 0 Ri...

Страница 421: ...0 30500007 Default Key 1 2 3 4 0 30500008 WEP Key1 30500009 WEP Key2 30500010 WEP Key3 30500011 WEP Key4 30500012 Wlan Active 0 Disable 1 Enable 0 30500013 Wlan 4X Mode 0 Disable 1 Enable 0 MENU 3 5...

Страница 422: ...rd Str 1234 40000011 Single User Account 0 No 1 Yes 1 40000012 IP Address Assignment 0 Static 1 D ynamic 1 40000013 IP Address 0 0 0 0 40000014 Remote IP address 0 0 0 0 40000015 Remote IP subnet mask...

Страница 423: ...Static Route set 1 Active 0 No 1 Yes 0 120101003 IP Static Route set 1 Destination IP address 0 0 0 0 120101004 IP Static Route set 1 Destination IP subnetmask 0 120101005 IP Static Route set 1 Gatewa...

Страница 424: ...150000012 SUA Server 4 Active 0 No 1 Yes 0 150000013 SUA Server 4 Protocol 0 All 6 TCP 17 U DP 0 150000014 SUA Server 4 Port Start 0 150000015 SUA Server 4 Port End 0 150000016 SUA Server 4 Local IP a...

Страница 425: ...TCP 17 U DP 0 150000044 SUA Server 10 Port Start 0 150000045 SUA Server 10 Port End 0 150000046 SUA Server 10 Local IP address 0 0 0 0 150000047 SUA Server 11 Active 0 No 1 Yes 0 150000048 SUA Server...

Страница 426: ...er Set 1 Rule 1 Act Match 1 check next 2 forward 3 drop 3 210101014 IP Filter Set 1 Rule 1 Act Not Match 1 check next 2 forward 3 drop 1 Menu 21 1 1 2 set 1 rule 2 FIN FN PVA INPUT 210102001 IP Filter...

Страница 427: ...IP Filter Set 2 Rule 1 Protocol 6 210201004 IP Filter Set 2 Rule 1 Dest IP address 0 0 0 0 210201005 IP Filter Set 2 Rule 1 Dest Subnet Mask 0 210201006 IP Filter Set 2 Rule 1 Dest Port 137 210201007...

Страница 428: ...t 2 Rule 2 Src Subnet Mask 0 210202010 IP Filter Set 2 Rule 2 Src Port 0 210202011 IP Filter Set 2 Rule 2 Src Port Comp 0 none 1 equal 2 not equal 3 less 4 gr eater 0 210202013 IP Filter Set 2 Rule 2...

Страница 429: ...Authentication Required 2 230400002 ReAuthentication Timer in second 555 230400003 Idle Timeout in second 999 230400004 Authentication Databases 0 Local User Database Only 1 RADIUS Only 2 Local RADIU...

Страница 430: ...d IP address 0 0 0 0 241100004 FTP Server Port 21 241100005 FTP Server Access 0 all 1 none 2 L an 3 Wan 0 241100006 FTP Server Secured IP address 0 0 0 0 241100007 WEB Server Port 80 241100008 WEB Ser...

Страница 431: ...ROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM TCP 5190 AOL s Internet Messenger service AUTH TCP 113 Authentica...

Страница 432: ...omputers in a LAN NEW ICQ TCP 5190 An Internet chat program NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that provides trans...

Страница 433: ...uctured Query Language is an interface to access data on many different types of database systems including mainframes midrange systems UNIX systems and network servers SSDP UDP 1900 The Simple Servic...

Страница 434: ...P 870HW I1 User s Guide 434 Appendix I Services...

Страница 435: ...nt filtering 40 copyright 3 custom ports creating editing 160 customer support 9 customized services 160 D default LAN IP address 47 Denial of Service See DoS device model number 241 DHCP 41 229 DHCP...

Страница 436: ...rnet access setup 267 Internet Assigned Number Authority IANA 160 Internet Group Multicast Protocol See IGMP IP address 127 IP alias 41 383 and NAT 383 IP pool 134 IP protocol type 150 IP Routing Poli...

Страница 437: ...Service See QoS Quick Start Guide 37 R radio frequency 42 RADIUS server 95 RAS 340 registration product 8 related documentation 37 remote management 205 and NAT 206 limitations 205 remote node setup...

Страница 438: ...server 234 336 TMM QoS See also QoS trademarks 3 traffic redirect 40 triangle route 152 solutions 152 trigger port forwarding 138 process 138 Triple Play 39 U Universal Plug and Play See UPnP upload...

Результаты поиска

Содержание P-870HW-I Series

Отзывы:

ZyXEL Communications P-870HW-I Series, Руководство пользователя, Страница: 226 / 438

Результаты поиска

Содержание P-870HW-I Series

Отзывы: