ZyXEL Communications VSG1435-B101 - V1.10 Скачать руководство пользователя страница 257 | Manualshive

Страница: 257 / 412

background image

Chapter 21 IPSec

VSG1435-B101 Series User’s Guide

257

21.3.1.2 Manual Key Setup

Manual key management is useful if you have problems with

Auto(IKE)

key

management.

21.3.1.3 Security Parameter Index (SPI)

An SPI is used to distinguish different SAs terminating at the same destination and
using the same IPSec protocol. This data allows for the multiplexing of SAs to a
single gateway. The

SPI

(Security Parameter Index) along with a destination IP

address uniquely identify a particular Security Association (SA). The

SPI

is

transmitted from the remote VPN gateway to the local VPN gateway. The local VPN
gateway then uses the network, encryption and key values that the administrator
associated with the SPI to establish the tunnel.

Encryption
Algorithm

Select

DES

,

3DES

,

AES-128

,

ES-192

or

AES-256

from the drop-

down list box.

When you use one of these encryption algorithms for data
communications, both the sending device and the receiving device
must use the same secret key, which can be used to encrypt and
decrypt the message or to generate and verify a message
authentication code. The DES encryption algorithm uses a 56-bit key.
Triple DES (

3DES

) is a variation on

DES

that uses a 168-bit key. As a

result,

3DES

is more secure than

DES

. It also requires more

processing power, resulting in increased latency and decreased
throughput. This implementation of

AES

uses a 128-bit, 192-bit or

256-bit key.

AES

is faster than

3DES

.

Integrity
Algorithm

Select

SHA1

or

MD5

from the drop-down list box.

MD5

(Message

Digest 5) and

SHA1

(Secure Hash Algorithm) are hash algorithms used

to authenticate packet data. The

SHA1

algorithm is generally

considered stronger than

MD5

, but is slower. Select

MD5

for minimal

security and

SHA1

for maximum security.

Select Diffie-
Hellman Group
for Key
Exchange

You must choose a key group for key exchange in SA setup.

768bit

refers to Diffie-Hellman Group 1 a 768 bit random number.

1024bit

refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.
Other options include

1536

,

2048

, and

3072

bit Diffie-Hellman

groups.

Key Life Time
(Seconds)

Define the length of time before an IKE or IPSec SA automatically
renegotiates in this field. It may range from 1 to 2,000,000,000
seconds.

A short SA Life Time increases security by forcing the two VPN
gateways to update the encryption and authentication keys. However,
every time the VPN tunnel renegotiates, all users accessing remote
resources are temporarily disconnected.

Apply

Click

Apply/Save

to save your changes and return to the

IPSec

screen.

Cancel

Click

Cancel

to exit this screen without saving.

Table 87

Settings > Add/Edit: Auto(IKE)

LABEL

DESCRIPTION

«
...
255
256
257
258
259
...
»

Содержание VSG1435-B101 - V1.10

Страница 1: ...1435 B101 Series 802 11n Wireless VDSL2 4 port Gateway with HPNA Copyright 2010 ZyXEL Communications Corporation Firmware Version 1 10 Edition 1 11 2010 Default Login Details IP Address http 192 168 1 1 User Name admin Password 1234 ...

Страница 2: ......

Страница 3: ...ou get up and running right away It contains information on setting up your network and configuring for Internet access Support Disc Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications Documentation Feedback Send your comments questions or suggestions to techwriters zyxel com tw Thank you The Te...

Страница 4: ...experiences as well Customer Support In the event of problems that cannot be solved by using this manual you should contact your vendor If you cannot contact your vendor then contact a ZyXEL office for the region in which you bought the device See http www zyxel com web contact_us php for contact information Please have the following information ready when you contact an office Product model and s...

Страница 5: ...d font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Log Log Setting means you fir...

Страница 6: ...r s Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch ...

Страница 7: ...tage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution If the power adaptor or cord is damaged remove it from the device and the power source Do NOT attempt to...

Страница 8: ...Safety Warnings VSG1435 B101 Series User s Guide 8 ...

Страница 9: ... Quality of Service QoS 155 Policy Forwarding 175 Network Address Translation NAT 179 Dynamic DNS Setup 197 IGMP 203 Interface Group 215 Firewall 219 MAC Filter 229 Parental Control 231 Scheduler Rules 235 Certificates 237 IPSec 249 Service Control 269 ARP Table 271 Logs 273 Traffic Status 277 IGMP Status 283 Users Configuration 287 Remote Management 291 Time Settings 295 Logs Setting 299 Firmware...

Страница 10: ...Contents Overview VSG1435 B101 Series User s Guide 10 ...

Страница 11: ...s for Managing the ZyXEL Device 23 1 4 Applications for the ZyXEL Device 24 1 4 1 Internet Access 24 1 4 2 HomePNA 26 1 4 3 ZyXEL Device s USB Support 26 1 5 Hardware Setup 27 1 6 Hardware Connections 29 1 7 LEDs Lights 30 1 8 The RESET Button 32 1 9 Wireless Access 32 1 9 1 Using the WLAN WPS Button 33 Chapter 2 The Web Configurator 35 2 1 Overview 35 2 1 1 Accessing the Web Configurator 35 2 2 W...

Страница 12: ...twork 62 4 8 Configuring QoS Queue and Class Setup 64 4 9 Access the ZyXEL Device Using DDNS 67 4 9 1 Registering a DDNS Account on www dyndns org 68 4 9 2 Configuring DDNS on Your ZyXEL Device 68 4 9 3 Testing the DDNS Setting 69 4 10 Access Your Shared Files From a Computer 69 Part II Technical Reference 71 Chapter 5 Network Map and Status Screens 73 5 1 Overview 73 5 2 The Network Map Screen 73...

Страница 13: ... The More AP Screen 105 7 3 1 Edit More AP 106 7 4 MAC Authentication 107 7 5 The WPS Screen 109 7 6 The WMM Screen 110 7 7 The WDS Screen 111 7 7 1 WDS Scan 113 7 8 The Others Screen 114 7 9 Technical Reference 115 7 9 1 Wireless Network Overview 115 7 9 2 Additional Wireless Terms 117 7 9 3 Wireless Security Overview 118 7 9 4 Signal Problems 121 7 9 5 BSS 121 7 9 6 MBSSID 122 7 9 7 Preamble Typ...

Страница 14: ...iew 155 10 1 1 What You Can Do in this Chapter 155 10 2 What You Need to Know 156 10 3 The Quality of Service General Screen 157 10 4 The Queue Setup Screen 158 10 4 1 Adding a QoS Queue 160 10 5 The Class Setup Screen 161 10 5 1 Add Edit QoS Class 163 10 6 The QoS Policer Setup Screen 167 10 6 1 Add Edit a QoS Policer 168 10 7 The QoS Monitor Screen 169 10 8 Technical Reference 170 Chapter 11 Pol...

Страница 15: ...view 197 13 1 1 What You Can Do in this Chapter 198 13 1 2 What You Need To Know 198 13 2 The DNS Entry Screen 199 13 2 1 Add Edit DNS Entry 200 13 3 The Dynamic DNS Screen 200 Chapter 14 IGMP 203 14 1 Overview 203 14 1 1 What You Can Do in this Chapter 203 14 1 2 What You Need to Know 203 14 2 The IGMP General Screen 206 14 3 IGMP Filter Configuration 208 14 3 1 IGMP Host Limitation Edit 210 14 3...

Страница 16: ...rol 231 18 1 Overview 231 18 2 The Parental Control Screen 231 18 2 1 Add Edit Parental Control Rule 232 Chapter 19 Scheduler Rules 235 19 1 Overview 235 19 2 The Scheduler Rules Screen 235 19 2 1 Add Edit a Schedule 236 Chapter 20 Certificates 237 20 1 Overview 237 20 1 1 What You Can Do in this Chapter 237 20 2 What You Need to Know 237 20 3 The Local Certificates Screen 238 20 3 1 Create Certif...

Страница 17: ...tiation Mode 264 21 4 5 IPSec and NAT 264 21 4 6 VPN NAT and NAT Traversal 265 21 4 7 ID Type and Content 266 21 4 8 Pre Shared Key 267 21 4 9 Diffie Hellman DH Key Groups 268 Chapter 22 Service Control 269 22 1 Overview 269 22 2 The Service Control Screen 269 Chapter 23 ARP Table 271 23 1 Overview 271 23 1 1 How ARP Works 271 23 2 ARP Table Screen 272 Chapter 24 Logs 273 24 1 Overview 273 24 1 1 ...

Страница 18: ...Screen 287 27 2 1 Add Edit a Users Account 289 Chapter 28 Remote Management 291 28 1 Overview 291 28 1 1 What You Can Do in this Chapter 291 28 2 The TR 069 Clients Screen 291 28 3 The TR 064 Screen 293 Chapter 29 Time Settings 295 29 1 Overview 295 29 2 The Time Setting Screen 295 Chapter 30 Logs Setting 299 30 1 Overview 299 30 2 The Log Settings Screen 299 30 2 1 Example E mail Log 301 Chapter ...

Страница 19: ...n 312 34 3 Internet Access 314 34 4 Wireless Internet Access 316 Chapter 35 Product Specifications 319 35 1 Hardware Specifications 319 35 2 Firmware Specifications 320 Appendix A Setting up Your Computer s IP Address 325 Appendix B IP Addresses and Subnetting 349 Appendix C Pop up Windows JavaScripts and Java Permissions 359 Appendix D Wireless LANs 369 Appendix E Services 385 Appendix F Open Sof...

Страница 20: ...Table of Contents VSG1435 B101 Series User s Guide 20 ...

Страница 21: ...21 PART I User s Guide ...

Страница 22: ...22 ...

Страница 23: ... the bottom of your ZyXEL Device The ZyXEL Device has a a USB port used to share files via a USB memory stick or a USB hard drive See Chapter 35 on page 319 for a full list of features 1 2 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device Web Configurator This is recommended for everyday management of the ZyXEL Device using a supported web browser TR 069 T...

Страница 24: ...the ZyXEL Device You could simply restore your last configuration 1 4 Applications for the ZyXEL Device Here are some example uses for which the ZyXEL Device is well suited 1 4 1 Internet Access Your ZyXEL Device provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack You can have up to five WAN services over one ADSL VDSL or Etherne...

Страница 25: ...e ZyXEL Device for secure Internet access When the IP filter is on all incoming traffic from the Internet to your network is blocked by default unless it is initiated from your network This means that probes from the outside to your network are not allowed but you can safely browse the Internet and download files ADSL VDSL WLAN PPPoE IPoE Bridging WAN ADSL IPoA PPPoA WAN Ethernet LAN PPPoE IPoE WA...

Страница 26: ...wiring The figure below shows your ZyXEL Device A connecting to a phone line outlet for DSL Internet access and a coaxial outlet to relay Internet connectivity to other coaxial outlets in the building The laptop B connects wirelessly to the ZyXEL Device The set up box C connects into a coaxial outlet in another part of the house for access to online videos Figure 2 HomePNA Application 1 4 3 ZyXEL ...

Страница 27: ...tick or a USB hard drive B You can connect one USB hard drive to the ZyXEL Device at a time Use FTP to access the files on the USB device Figure 3 USB File Sharing Application 1 5 Hardware Setup Place the ZyXEL Device flat on a desk or table or on the stand for a vertical installation Remove the ZyXEL Device s clear plastic covers before using it B A ...

Страница 28: ...pter 1 Introducing the VSG1435 B101 VSG1435 B101 Series User s Guide 28 To connect the stand line up the arrow on the stand with the arrow on the bottom of the device as shown Figure 4 Connecting the Stand ...

Страница 29: ... and point it up 2 Do one of the following for your Internet connection 2a DSL WAN Use a telephone cable to connect your ZyXEL Device s DSL WAN port to a telephone jack or the DSL or modem jack on a splitter if you have one 2b ETHERNET WAN If you already have a broadband router or modem use an Ethernet cable to connect the ETHERNET WAN port to it for Internet access 3 2 4 5 6 1 ...

Страница 30: ...ial configuration and or Internet access 5 USB Connect a USB version 2 0 or lower memory stick or a USB hard drive for file sharing Use a USB extension cable if the stick is too big to fit 6 POWER Use the provided power adaptor to connect the POWER socket to an appropriate power source Make sure the power at the outlet is on After connecting the power adaptor look at the lights on the front panel ...

Страница 31: ...rnet connection is working Blinking The ZyXEL Device is sending or receiving data to from the Gigabit Ethernet link Off There is no Gigabit Ethernet link USB Green On The ZyXEL Device recognizes a USB connection Blinking The ZyXEL Device is sending receiving data to from the USB device connected to it Off The ZyXEL Device does not detect a USB connection HPNA Green On The ZyXEL Device is connected...

Страница 32: ...RESET button for ten seconds or until the POWER LED begins to blink and then release it When the POWER LED begins to blink the defaults have been restored and the device restarts 1 9 Wireless Access The ZyXEL Device is a wireless Access Point AP for wireless clients such as notebook computers or PDAs and iPads It allows them to connect to the Internet without having to rely on inconvenient Etherne...

Страница 33: ...e WLAN WPS Button If the wireless network is turned off press the WLAN WPS button on the front of the ZyXEL Device for two seconds Once the WLAN WPS LED turns green the wireless network is active You can also use the WLAN WPS button to quickly set up a secure wireless connection between the ZyXEL Device and a WPS compatible client by adding one device at a time To activate WPS 1 Make sure the POWE...

Страница 34: ... range of the ZyXEL Device The WLAN WPS LED flashes green and orange while the ZyXEL Device sets up a WPS connection with the other wireless device 4 Once the connection is successfully made the WLAN WPS LED shines green To turn off the wireless network press the WLAN WPS button on the front of the ZyXEL Device for one to five seconds The WLAN WPS LED turns off when the wireless network is off ...

Страница 35: ...ult See Appendix C on page 359 if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Configurator 1 Make sure your ZyXEL Device hardware is properly connected refer to the Quick Start Guide 2 Launch your web browser If the ZyXEL Device does not automatically re direct you to the login screen go to http 192 168 1 1 3 A password screen displays To access t...

Страница 36: ...your last login such as the time number of failed login attempts and when the password expires It also shows if you are logged on from an IP address Select Show this page next time to see the welcome screen on your next login Otherwise deselect it Click Continue Figure 9 Welcome Screen 5 The following screen displays if you have not yet changed your password It is strongly recommended you change t...

Страница 37: ... Figure 11 Network Map Note For security reasons the ZyXEL Device automatically logs you out if you do not use the web configurator for ten minutes default If this happens log in again 7 Click Status to display the Status screen where you can view the ZyXEL Device s interface and system information ...

Страница 38: ...r s Guide 38 2 2 Web Configurator Layout Figure 12 Screen Layout As illustrated above the main screen is divided into these parts A title bar B main window C navigation panel 2 2 1 Title Bar The title bar provides some icons in the upper right corner B C A ...

Страница 39: ...the web configurator Table 3 Navigation Panel Summary LINK TAB FUNCTION Network Map This screen shows the network status of the ZyXEL Device and computers devices connected to it Network Settings Broadband Use this screen to view and configure ISP parameters WAN IP address assignment and other advanced properties You can also add new WAN connections Wireless General Use this screen to configure th...

Страница 40: ...e your ZyXEL Device s port triggering settings DMZ Use this screen to configure a default server which receives packets from ports that are not specified in the Port Forwarding screen ALG Use this screen to enable or disable SIP ALG Sessions Use this screen to limit the number of NAT sessions a single client can establish DNS DNS Entry Use this screen to view and configure DNS routes Dynamic DNS U...

Страница 41: ...work traffic going through the WAN port of the ZyXEL Device LAN Use this screen to view the status of all network traffic going through the LAN ports of the ZyXEL Device IGMP Group Status IGMP Group Use this screen to view the status of all IGMP settings on the ZyXEL Device IGMP Statistics Use this screen to view the ZyXEL Device s IGMP multicast group and IGMP traffic statistics Maintenance Users...

Страница 42: ...Chapter 2 The Web Configurator VSG1435 B101 Series User s Guide 42 ...

Страница 43: ...ess and wireless settings Note See the technical reference chapters starting on page 71 for background information on the features in this chapter 3 2 Quick Start Setup 1 Click the Click Start icon in the top right corner of the web configurator to open the quick start screens Select the time zone of the ZyXEL Device s location and click Next Figure 13 Time Zone ...

Страница 44: ...ic IP address settings to use select Yes and enter them in the fields that display Click Next Figure 14 Internet Connection 3 Turn the wireless LAN on or off If you keep it on record the security settings so you can configure your wireless clients to connect to the ZyXEL Device Click Save Figure 15 Internet Connection 4 Your ZyXEL Device saves your settings and attempts to connect to the Internet ...

Страница 45: ...Route for Routing to Another Network see page 62 Configuring QoS Queue and Class Setup see page 64 Access the ZyXEL Device Using DDNS see page 67 Access Your Shared Files From a Computer see page 69 4 2 Setting Up an ADSL PPPoE Connection This tutorial shows you how to set up your Internet connection using the Web Configurator If you connect to the Internet through an ADSL connection use the infor...

Страница 46: ...ider requires a username and password to establish Internet connection Therefore select PPPoE as the WAN encapsulation type 4 Enter the account information provided to you by your DSL service provider General Connection Name MyDSLConnection Type ADSL Connection Mode Routing Encapsulation PPPoE ATM PVC Configuration VPI VCI 36 48 Encapsulation Mode LLC SNAP Bridging Service Category UBR without PCR...

Страница 47: ...e this rule as your default Internet connection by selecting the Apply as Default Gateway check box Then select DNS as Static and enter the DNS server addresses provided to you such as 192 168 5 2 DNS server1 192 168 5 1 DNS server2 6 Click Apply to save your settings ...

Страница 48: ...nection Be sure to contact your service provider for any information you need to configure the WAN screens 4 3 HomePNA Example Setup This tutorial shows you how you can use the ZyXEL Device s HomePNA feature to connect a television in another part of the house to the Internet through the coaxial port You will need a Set Top Box STB HomePNA Ethernet Bridge a television and an active Video On Demand...

Страница 49: ...to other coaxial outlets in other parts of the house 3 In the room where your television is located connect the HomePNA bridge to a coaxial outlet 4 Using an Ethernet cable connect the HomePNA bridge device to the STB This grants Internet access to the STB 5 Refer to the user s guide of your STB for information on how to connect it to your television as well as configure your account settings on i...

Страница 50: ...less client The wireless client can access the Internet through the AP Thomas has to configure the wireless network settings on the ZyXEL Device Then he can set up a wireless network using WPS Section 4 4 2 on page 52 or manual configuration Section 4 4 3 on page 56 4 4 1 Configuring the Wireless Network Settings This example uses the following parameters to set up a wireless network SSID Example ...

Страница 51: ...nd WPA PSK as the security mode Configure the screen using the provided parameters see page 50 Click Apply 2 Go to the Wireless Others screen and select 802 11b g n Mixed in the 802 11 Mode field Click Apply Thomas can now use the WPS feature to establish a wireless connection between his notebook and the ZyXEL Device see Section 4 4 2 on page 52 He can also ...

Страница 52: ...the wireless client settings Push Button Configuration PBC simply press a button This is the easier of the two methods PIN Configuration configure a Personal Identification Number PIN on the ZyXEL Device A wireless client must also use the same PIN in order to download the wireless network settings from the ZyXEL Device Push Button Configuration PBC 1 Make sure that your ZyXEL Device is turned on ...

Страница 53: ...nect button Note Your ZyXEL Device has a WPS button located on its front panel as well as a WPS button in its configuration utility Both buttons have exactly the same function you can use one or the other Note It doesn t matter which button is pressed first You must press the second button within two minutes of pressing the first one The ZyXEL Device sends the proper configuration settings to the ...

Страница 54: ...re shows you an example of how to set up a wireless network and its security by pressing a button on both ZyXEL Device and wireless client Example WPS Process PBC Method Wireless Client ZyXEL Device SECURITY INFO COMMUNICATION WITHIN 2 MINUTES Press and hold for 5 seconds WPS ...

Страница 55: ...number 2 Log into ZyXEL Device s web configurator and go to the Network Settings Wireless WPS screen Enable the WPS function and click Apply 3 Enter the PIN number of the wireless client and click the Register button Activate WPS function on the wireless client utility screen within two minutes The ZyXEL Device authenticates the wireless client and sends the proper configuration settings to the wi...

Страница 56: ...ss client by using PIN method Example WPS Process PIN Method 4 4 3 Without WPS Use the wireless adapter s utility installed on the notebook to search for the Example SSID Then enter the DoNotStealMyWirelessNetwork pre shared key to establish an wireless Internet connection Authentication by PIN SECURITY INFO WITHIN 2 MINUTES Wireless Client ZyXEL Device COMMUNICATION ...

Страница 57: ...n in the following figure Each group has its own SSID and security mode Employees in Company A will use a general Comapny wireless network group Higher management level and important visitors will use the VIP group Visiting guests will use the Guest group which has a lower security mode Company A will use the following parameters to set up the wireless network groups COMPANY VIP GUEST SSID Company...

Страница 58: ...en the General screen Use this screen to set up the company s general wireless network group Configure the screen using the provided parameters and click Apply 2 Click Network Settings Wireless More AP to open the following screen Click the Edit icon to configure the second wireless network group ...

Страница 59: ...r 4 Tutorials VSG1435 B101 Series User s Guide 59 3 Configure the screen using the provided parameters and click Apply 4 In the More AP screen click the Edit icon to configure the third wireless network group ...

Страница 60: ...the More AP screen The yellow bulbs signify that the SSIDs are active and ready for wireless access 4 6 Setting Up NAT Port Forwarding Thomas manages the Doom server on a computer behind the ZyXEL Device In order for players on the Internet like A in the figure below to communicate with the Doom server Thomas needs to configure the port settings and IP address on ...

Страница 61: ...information 1 Click Network Settings NAT Add new rule and configure the screen with the following values 2 The screen should look as follows Click Apply D 192 168 1 34 WAN LAN port 666 A Service Name Doom_Server WAN Interface Select the WAN interface through which the Doom service is forwarded This example uses MyDSLConnection External Port s Enter 666 as the Start and End port Server IP Address E...

Страница 62: ...ol traffic flowing directions you may connect a router to the ZyXEL Device s LAN The router may be used to separate two department networks This tutorial shows how to configure a static routing rule for two network routings In the following figure router R is connected to the ZyXEL Device s LAN R connects to two networks N1 192 168 1 x 24 and N2 192 168 10 x 24 If you want to send traffic from com...

Страница 63: ...ple IP settings To configure a static route to route traffic from N1 to N2 1 Log into the ZyXEL Device s Web Configurator in advanced mode 2 Click Advanced Routing 3 Click Add New Static Route Entry in the Static Route screen 4 Configure the Static Route Setup screen using the following settings Table 4 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The ZyXEL Device s WAN 172 16 1 1 The Z...

Страница 64: ...r task includes sending urgent updates to clients at least twice every hour You also upload data files such as logs and e mail archives to the FTP server throughout the day Your colleagues use the Internet for research as well as chat applications for communicating with other branch offices In the following figure your Internet connection has an upstream transmission bandwidth of 10 000 kbps For t...

Страница 65: ... your WAN Managed Upstream Bandwidth to 10 000 kbps or leave this blank to have the ZyXEL Device automatically determine this figure Click Apply Tutorial Advanced QoS 2 Click Queue Setup Add new Queue to create a new queue In the screen that opens check Active and enter or select the following values Name E mail To Interface WAN Priority 1 High Weight 8 10 000 kbps DSL Your computer IP 192 168 1 2...

Страница 66: ...ries User s Guide 66 Rate Limit 5 000 kbps Tutorial Advanced QoS Queue Setup 3 Click Class Setup Add new Classifier to create a new class Check Active and follow the settings as shown in the screen below Tutorial Advanced QoS Class Setup ...

Страница 67: ...s changes dynamically Dynamic DNS DDNS allows you to access the ZyXEL Device using a domain name To use this feature you have to apply for DDNS service at www dyndns org This tutorial covers Registering a DDNS Account on www dyndns org Class Name Give a class name to this traffic such as E mail in this example From Interface This is the interface from which the traffic will be coming from Select L...

Страница 68: ...a new DDNS host name This tutorial uses the following settings as an example Hostname zyxelrouter dyndns org Service Type Host with IP address IP Address Enter the WAN IP address that your ZyXEL Device is currently using You can find the IP address on the ZyXEL Device s Web Configurator Status page Then you will need to configure the same account and host name on the ZyXEL Device later 4 9 2 Confi...

Страница 69: ...the computer using the IP address a b c d that is connected to the Internet 2 Type http zyxelrouter dyndns org and press Enter 3 The ZyXEL Device s login page should appear You can then log into the ZyXEL Device and manage it 4 10 Access Your Shared Files From a Computer Here is how to use an FTP program to access a file storage device connected to the ZyXEL Device s USB port Note This example use...

Страница 70: ...the IP address of the ZyXEL Device the default is 192 168 1 1 your account s user name and password and port 21 and click Quickconnect A screen asking for password authentication appears File Sharing via Windows Explorer Once you log in the USB device displays in the mnt folder ...

Страница 71: ...71 PART II Technical Reference ...

Страница 72: ...72 ...

Страница 73: ...he network connection status of the ZyXEL Device and clients connected to it You can use the Status screen to look at the current status of the ZyXEL Device system resources and interfaces LAN WAN and WLAN 5 2 The Network Map Screen Use this screen to view the network connection status of the device and its clients A warning message appears if there is a connection problem ...

Страница 74: ... update this screen in Refresh Interval Figure 16 Network Map Icon Mode Figure 17 Network Map List Mode In Icon Mode if you want to view information about a client click the client s name and Info Click the IP address if you want to change it If you want to change the name or icon of the client click Change name icon In List Mode you can also view the client s information and click on the IP addre...

Страница 75: ...is screen Device Information Host Name This field displays the ZyXEL Device system name It is used for identification Model Number This shows the model number of your ZyXEL Device Firmware Version This is the current version of the firmware inside the device WAN Information These fields display when you have a WAN connection MAC Address This shows the WAN Ethernet adapter MAC Media Access Control ...

Страница 76: ...computers in the LAN Relay The ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients None The ZyXEL Device is not providing any DHCP services to the LAN WLAN Information MAC Address This shows the wireless adapter MAC Media Access Control Address of your device Status This displays whether WLAN is activated Name SSID This is t...

Страница 77: ...d or N A when WLAN is disabled System Status System Up Time This field displays how long the ZyXEL Device has been running since it last started up The ZyXEL Device starts up when you plug it in when you restart it Maintenance Reboot or when you reset it Current Date Time This field displays the current date and time in the ZyXEL Device You can change this in Maintenance Time Setting System Resour...

Страница 78: ...Chapter 5 Network Map and Status Screens VSG1435 B101 Series User s Guide 78 ...

Страница 79: ...other networks so that a computer in one location can communicate with computers in other locations Figure 19 LAN and WAN 6 1 1 What You Need to Know Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol To set up a WAN connection to the Internet you need to use the same encapsulation method used by your ISP Internet Service Provider If...

Страница 80: ...d Multicast Traditionally IP packets are transmitted in one of either two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just one IGMP IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast group it is not used to carry use...

Страница 81: ...e name of the connection Type This shows whether it is a VDSL ADSL or Ethernet connection Encapsulation This is the method of encapsulation used by this connection VLAN This is the Virtual LAN VLAN number configured for this WAN connection VPI VCI This is the Virtual Path Identifier VPI and Virtual Channel Identifier VCI numbers configured for this WAN connection ATM QoS This is the type of ATM Qo...

Страница 82: ...vice provider PPPoE offers an access and authentication method that works with existing access control systems for example Radius One of the benefits of PPPoE is the ability to let you access one of multiple network services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE saves significan...

Страница 83: ...Chapter 6 Broadband VSG1435 B101 Series User s Guide 83 This screen displays when you select the Routing mode and PPPoE encapsulation Figure 21 Broadband Add Edit ADSL PPPoE Encapsulation ...

Страница 84: ...ct the method of encapsulation used by your ISP from the drop down list box This option is available only when you select Routing in the Mode field The choices are PPPoE PPPoA IPoE and IPoA ATM PVC Configuration These fields appear when the Type is set to ADSL VPI The valid range for the VPI is 0 to 255 Enter the VPI assigned to you VCI The valid range for the VCI is 32 to 65535 0 to 31 is reserve...

Страница 85: ...CBR Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select Non Realtime VBR non real time Variable Bit Rate for connections that do not require closely controlled delay and delay variation Select Realtime VBR real time Variable Bit Rate for applications with bursty connections that require closely controlled delay and delay variation Peak Cell Rate Divide the DSL...

Страница 86: ...is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the Internet Select this if you have a dynamic IP address Static IP Address Select this option If the ISP assigned a fixed IP address IP Address Enter the static IP address provided by your ISP IP Subnet Mask Enter the subnet mask provided by your ISP Gateway IP Addr...

Страница 87: ...lds appear when the Type is set to VDSL or Ethernet Active Select this option to add the VLAN tag specified below to the outgoing traffic through this connection 802 1P IEEE 802 1p defines up to 8 separate traffic types by inserting a tag into a MAC layer frame that contains bits to define class of service Select the IEEE 802 1p priority level from 0 to 7 to add to traffic through this connection ...

Страница 88: ... Ethernet header in the packet so that you can have multiple services connections over one PVC You can set each connection to have its own MAC address or all connections share one MAC address but use different VLAN IDs for different services Encapsulation Mode Select the method of multiplexing used by your ISP from the drop down list box Choices are LLC SNAP BRIDGING In LCC encapsulation bridged P...

Страница 89: ...sent at the peak rate Type the MBS which is less than 65535 This field is available only when you select Non Realtime VBR or Realtime VBR VLAN These fields appear when the Type is set to VDSL or Ethernet Active Select this option to add the VLAN tag specified below to the outgoing traffic through this connection 802 1P IEEE 802 1p defines up to 8 separate traffic types by inserting a tag into a MA...

Страница 90: ...ervices a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE saves significant effort for both you and the ISP or carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the ZyXEL Device rather than individual computers the...

Страница 91: ...practical to have a separate VC for each carried protocol for example if charging heavily depends on the number of simultaneous VCs 6 3 3 VPI and VCI Be sure to use the correct Virtual Path Identifier VPI and Virtual Channel Identifier VCI numbers assigned to you The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 0 to 31 is reserved for local management of ATM traffic Please se...

Страница 92: ... be lower but not higher than the maximum line speed 1 ATM cell is 53 bytes 424 bits so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells sec This rate is not guaranteed because it is dependent on the line speed Sustained Cell Rate SCR is the mean cell rate of each bursty traffic source It specifies the maximum average rate at which cells can be sent over the virtual connection SCR may ...

Страница 93: ...fied but is only available when data is being sent An example of an VBR RT connection would be video conferencing Video conferencing requires real time data transfers and the bandwidth requirement varies in proportion to the video image s changing dynamics The VBR nRT non real time Variable Bit Rate type is used with bursty connections that do not require closely controlled delay and delay variati...

Страница 94: ... with a specific VLAN and provides the information that switches need to process the frame across the network A tagged frame is four bytes longer than an untagged frame and contains two bytes of TPID Tag Protocol Identifier residing within the type length field of the Ethernet frame and two bytes of TCI Tag Control Information starts after the source address field of the Ethernet frame The CFI Can...

Страница 95: ...ks on your ZyXEL Device Section 7 3 on page 105 Use the MAC Authentication screen to allow or deny wireless clients based on their MAC addresses from connecting to the ZyXEL Device Section 7 4 on page 107 Use the WPS screen to enable or disable WPS view or generate a security PIN Personal Identification Number Section 7 5 on page 109 Use the WMM screen to enable Wi Fi MultiMedia WMM to ensure qual...

Страница 96: ...a license to use However wireless networking is different from that of most traditional radio communications in that there a number of wireless networking standards available with different methods of data encryption Finding Out More See Section 7 9 on page 115 for advanced technical information on wireless networks 7 2 The General Screen Use this screen to enable the Wireless LAN enter the SSID a...

Страница 97: ...Disable the wireless LAN in this field Channel Set the channel depending on your particular region Select a channel or use Auto to have the ZyXEL Device automatically determine a channel to use If you are having problems with wireless interference changing the channel may help Try to use a channel that is as many channels away from any channels used by neighboring APs as possible The channel numbe...

Страница 98: ... channel bonds two adjacent radio channels to increase throughput The wireless clients must also support 40 MHz It is often better to use the 20 MHz setting in a location where the environment hinders the wireless signal Select 20MHz if you want to lessen radio interference with other wireless devices in your neighborhood or the wireless clients do not support channel bonding Control Sideband This...

Страница 99: ...nly connect to the Internet through the ZyXEL Device Enhanced Multicast Forwarding Select this check box to allow the ZyXEL Device to convert wireless multicast traffic into wireless unicast traffic Security Level Security Mode Select Basic WEP or More Secure WPA 2 PSK WPA 2 to add security on this wireless network The wireless clients which want to associate to this network must have same wireles...

Страница 100: ...ity mechanism that all the wireless devices in your network support For example use WPA PSK or WPA2 PSK if all your wireless devices support it or use WPA or WPA2 if your wireless devices support it and you have a RADIUS server If your wireless devices support nothing stronger than WEP use the highest encryption level available Your ZyXEL Device allows you to configure up to four 64 bit or 128 bit...

Страница 101: ...re used to encrypt data Both the ZyXEL Device and the wireless stations must use the same password WEP key for data transmission If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You must configure at least one password only one password can be activated at any ...

Страница 102: ...select WPA PSK or WPA2 PSK from the Security Mode list Figure 27 Wireless General More Secure WPA 2 PSK The following table describes the labels in this screen Table 12 Wireless General More Secure WPA 2 PSK LABEL DESCRIPTION Security Level Select More Secure to enable WPA 2 PSK data encryption Security Mode Select WPA PSK or WPA2 PSK from the drop down list box Generate password automatically Sel...

Страница 103: ...edentials This encryption standard is slightly older than WPA2 and therefore is more compatible with older devices WPA PSK Compatible This field appears when you choose WPA PSK2 as the Security Mode Check this field to allow wireless devices using WPA PSK security mode to connect to your ZyXEL Device The ZyXEL Device supports WPA PSK and WPA2 PSK simultaneously Encryption Select the encryption typ...

Страница 104: ... external authentication server in dotted decimal notation Port Number Enter the port number of the external authentication server The default port number is 1812 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authenticati...

Страница 105: ...lient already connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Select Enabled to turn on preauthentication in WAP2 Otherwise select Disabled Network Re auth Interval Specify how often wireless stations have to resend usernames and passwords in order to stay connected If wireless station authentication is done using a RADIUS server the reauthenticati...

Страница 106: ...ireless client scans for an AP to associate with this is the name that is broadcast and seen in the wireless client utility Security This field indicates the security mode of the SSID profile Modify Click the Edit icon to configure the SSID profile Table 14 Network Settings Wireless More AP LABEL DESCRIPTION Table 15 More AP Edit LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or ...

Страница 107: ...communicating with each other MBSSID LAN Isolation Select this to keep the wireless clients in this SSID from communicating with clients in other SSIDs or LAN devices Enhanced Multicast Forwarding Select this check box to allow the ZyXEL Device to convert wireless multicast traffic into wireless unicast traffic Security Level Security Mode Select Basic WEP or More Secure WPA 2 PSK WPA 2 to add sec...

Страница 108: ...dresses not listed will be allowed to access the ZyXEL Device Select Allow to permit access to the ZyXEL Device MAC addresses not listed will be denied access to the ZyXEL Device Add new MAC address Click this if you want to add a new MAC address entry to the MAC filter list below Enter the MAC addresses of the wireless devices that are allowed or denied access to the ZyXEL Device in these address...

Страница 109: ...ettings of the SSID1 profile see Section 7 2 on page 96 If you want to use the WPS feature make sure you have set the security mode of SSID1 to WPA PSK WPA2 PSK or No Security Click Network Settings Wireless WPS The following screen displays Select Enable and click Apply to activate the WPS function Then you can configure the WPS settings in this screen Figure 32 Network Settings Wireless WPS The ...

Страница 110: ...e to your wireless network You can find the PIN either on the outside of the device or by checking the device s settings Note You must also activate WPS on that device within two minutes to have it present its PIN to the ZyXEL Device Method 3 Use this section to set up a WPS wireless network by entering the PIN of the ZyXEL Device into the client Release Configuration The default WPS status is con...

Страница 111: ...ients Note At the time of writing WDS is compatible with other ZyXEL APs only Not all models support WDS links Check your other AP s documentation Table 18 Network Settings Wireless WMM LABEL DESCRIPTION WMM Select On to have the ZyXEL Device automatically give a service a priority level according to the ToS value in the IP header of packets it sends WMM QoS Wifi MultiMedia Quality of Service give...

Страница 112: ...r APs In this mode clients cannot connect to the ZyXEL Device wirelessly Bridge Restrict This field is available only when you set operating mode to Access Point Select Enabled to turn on WDS and enter the peer device s MAC address manually in the table below Select Disable to turn off WDS Remote Bridge MAC Address You can enter the MAC address of the peer device by clicking the Edit icon under Mo...

Страница 113: ...an icon to search and display the available APs within range Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 19 Network Settings Wireless WDS LABEL DESCRIPTION Table 20 WDS Scan LABEL DESCRIPTION Wireless Bridge Scan Setup Refresh Click Refresh to update the table This is the index number of the entry SSID This shows the SSID of the availa...

Страница 114: ... sent Enter a value between 256 and 2346 Auto Channel Timer If you set the channel to Auto in the Network Settings Wireless General screen specify the interval in minutes for how often the ZyXEL Device scans for the best channel Enter 0 to disable the periodical scan Output Power Set the output power of the ZyXEL Device If there is a high density of APs in an area decrease the output power to redu...

Страница 115: ...ith the ZyXEL Device The transmission rate of your ZyXEL Device might be reduced Select 802 11b g n Mixed to allow IEEE 802 11b IEEE 802 11g or IEEE802 11n compliant WLAN devices to associate with the ZyXEL Device The transmission rate of your ZyXEL Device might be reduced 802 11 Protection Enabling this feature can help prevent collisions in mixed mode networks networks with both IEEE 802 11b and...

Страница 116: ...s clients The wireless clients connect to the access points An ad hoc type of network is one in which there is no access point Wireless clients connect to one another in order to exchange information The following figure provides an example of a wireless network Figure 37 Example of a Wireless Network The wireless network is the part in the blue circle In this wireless network devices A and B use ...

Страница 117: ...ms and acronyms used in the ZyXEL Device s Web Configurator Table 22 Additional Wireless Terms TERM DESCRIPTION RTS CTS Threshold In a wireless network which covers a large area wireless devices are sometimes not aware of each other s presence This may cause them to send information to the AP at the same time and result in information colliding and not getting through By setting this value lower t...

Страница 118: ... all but it will not keep a determined attacker out Other security standards are secure in themselves but can be broken if a user does not use them properly For example the WPA PSK security standard is very secure if you use a long key which is difficult for an attacker s software to guess for example a twenty letter long string of apparently random numbers and letters but it is not very secure if...

Страница 119: ... security does not protect the information that is sent in the wireless network Furthermore there are ways for unauthorized wireless devices to get the MAC address of an authorized device Then they can use that MAC address to use the wireless network 7 9 3 3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network You can make ...

Страница 120: ...as two devices Device A only supports WEP and device B supports WEP and WPA Therefore you should set up Static WEP in the wireless network Note It is recommended that wireless networks use WPA PSK WPA or stronger encryption The other types of encryption are better than none at all but it is still possible for unauthorized wireless devices to figure out the original information pretty quickly When ...

Страница 121: ...trol communications or from machines that are coincidental emitters such as electric motors or microwaves Problems with absorption occur when physical objects such as thick walls are between the two radios muffling the signal 7 9 5 BSS A Basic Service Set BSS exists when all communications between wireless stations or between a wireless station and a wired network client go through one access poin...

Страница 122: ...tifier function allows you to use one access point to provide several BSSs simultaneously You can then assign varying QoS priorities and or security modes to different SSIDs Wireless devices can use different BSSIDs to associate with the same AP 7 9 6 1 Notes on Multiple BSSs A maximum of eight BSSs are allowed on one AP simultaneously You must use different keys for different BSSs If two wireless...

Страница 123: ... support it otherwise the ZyXEL Device uses long preamble Note The wireless devices MUST use the same preamble mode in order to communicate 7 9 8 Wireless Distribution System WDS The ZyXEL Device can act as a wireless network bridge and establish WDS Wireless Distribution System links with other APs You need to know the MAC addresses of the APs you want to link to Once the security settings of pee...

Страница 124: ... Configuration PBC is initiated by pressing a button on each WPS enabled device and allowing them to connect automatically You do not need to enter any information Not every WPS enabled device has a physical WPS button Some may have a WPS PBC button in their configuration utilities instead of or in addition to the physical button Take the following steps to set up WPS using the button 1 Ensure tha...

Страница 125: ...g steps to set up a WPS connection between an access point or wireless router referred to here as the AP and a client device using the PIN method 1 Ensure WPS is enabled on both devices 2 Access the WPS section of the AP s configuration interface See the device s User s Guide for how to do this 3 Look for the client s WPS PIN it will be displayed either on the device or in the WPS section of the c...

Страница 126: ... device acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the registrar is already part of a network it sends the exi...

Страница 127: ...rollee All WPS certified APs can be a registrar and so can some WPS enabled wireless clients By default a WPS devices is unconfigured This means that it is not part of an existing network and can act as either enrollee or registrar if it supports both functions If the registrar is unconfigured the security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has c...

Страница 128: ... Network Step 1 In step 2 you add another wireless client to the network You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network In this case AP1 must be the registrar since it is configured it already has security information for the network AP1 supplies the e...

Страница 129: ...sing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devices However you can still add non WPS devices to a network you already set up using WPS WPS works by automatically issuing a randomly generated WPA PSK or WPA2 PSK pre shared key from the registrar d...

Страница 130: ...ee if this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open the access point s configuration interface and look at the list of associated clients usually displayed by MAC address It does not matter if the access point is the WPS registrar the enrollee or...

Страница 131: ...s to help you configure a LAN DHCP server and manage IP addresses 8 1 1 What You Can Do in this Chapter Use the LAN Setup screen to set the LAN IP address subnet mask and DHCP settings of your ZyXEL device Section 8 2 on page 134 Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Section 8 3 on page 136 Use the UPnP screen to ...

Страница 132: ...DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a networking device before you can access it 8 1 2 2 About UPnP Identifying UPnP Devices UPnP hardware is identified as an icon in the Network Connections folder Windows XP Each UPnP compatible device installed o...

Страница 133: ... UPnP device joins a network it announces its presence with a multicast message For security reasons the ZyXEL Device allows multicast messages on the LAN only All UPnP enabled devices may communicate freely with each other without additional configuration Disable UPnP if this is not your intention UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP Imp...

Страница 134: ...figure your LAN settings 1 Enter an IP address into the IP Address field The IP address must be in dotted decimal notation This will become the IP address of your ZyXEL Device 2 Enter the IP subnet mask into the IP Subnet Mask field Unless instructed otherwise it is best to leave this alone the configurator will automatically compute a subnet mask based upon the IP address you entered 3 Click Appl...

Страница 135: ...ield IP Address Enter the IP address of the actual remote DHCP server in this field IP Addressing Values This field is only available when you select Enable in the DHCP field Beginning IP Address This field specifies the first of the contiguous addresses in the IP address pool Ending IP Address This field specifies the last of the contiguous addresses in the IP address pool DHCP Server Lease Time ...

Страница 136: ...e 24 Network Settings Home Networking LAN Setup LABEL DESCRIPTION Table 25 Network Settings Home Networking Static DHCP LABEL DESCRIPTION Add new static lease Click this to add a new static DHCP entry This is the index number of the entry Status This field displays whether the client is connected to the ZyXEL Device MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area N...

Страница 137: ... can dynamically join a network obtain an IP address convey its capabilities and learn about other devices on the network In turn a device can leave a network smoothly and automatically when it is no longer in use See page 132 for more information on UPnP Table 26 Static DHCP Add Edit LABEL DESCRIPTION Active This field displays whether the client is connected to the ZyXEL Device MAC Address Enter...

Страница 138: ...ove Programs Table 27 Network Settings Home Networking UPnP LABEL DESCRIPTION UPnP Select Enable to activate UPnP Be aware that anyone could use a UPnP application to open the web configurator s login screen without entering the ZyXEL Device s IP address although you must still enter the password to access the web configurator UPnP NAT T State Select Enable to allow UPnP enabled applications to au...

Страница 139: ...p tab and select Communication in the Components selection box Click Details Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Add Remove Programs Windows Setup Communication Components ...

Страница 140: ...s below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Network Connections 4 The Windows Optional Networking Components Wizard window displays Select Networking Service in the Components selection box and click Details Windows Optional ...

Страница 141: ...xt 8 6 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device Make sure the computer is connected to a LAN port of the ZyXEL Device Turn on your computer and the ZyXEL Device Auto discover Your UPnP enabled Network Device 1 Click Start and Control Panel Double click ...

Страница 142: ... Series User s Guide 142 2 Right click the icon and select Properties Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Internet Connection Properties ...

Страница 143: ...ngs Internet Connection Properties Advanced Settings Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6 Select Show icon in notification area when connected option and click OK An icon displays in the system tray System Tray Icon ...

Страница 144: ...atus Web Configurator Easy Access With UPnP you can access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the IP address of the ZyXEL Device Follow the steps below to access the web configurator 1 Click Start and then Control Panel 2 Double click Network Connections ...

Страница 145: ...k Places under Other Places Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and select Invoke The web configurator login screen displays Network Connections My Network Places ...

Страница 146: ...our ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Network Connections My Network Places Properties Example 8 7 Technical Reference This section provides some technical background information about the topics covered in this chapter ...

Страница 147: ...figuration for the clients If you turn DHCP service off you must have another DHCP server on your LAN or else the computer must be manually configured IP Pool Setup The ZyXEL Device is pre configured with a pool of IP addresses for the DHCP clients DHCP Pool See the product specifications in the appendices Do not assign static IP addresses from the DHCP pool to your LAN computers 8 7 3 DNS Server ...

Страница 148: ...name so too do computers on a LAN share one common network number Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single u...

Страница 149: ...rved the following three blocks of IP addresses specifically for private networks 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for y...

Страница 150: ...Chapter 8 Home Networking VSG1435 B101 Series User s Guide 150 ...

Страница 151: ...y use static routes For example the next figure shows a computer A connected to the ZyXEL Device s LAN interface The ZyXEL Device routes most traffic from A to the Internet through the ZyXEL Device s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 con...

Страница 152: ...ellow bulb signifies that this route is active A gray bulb signifies that this route is not active Name This is the name that describes or identifies this route Destination IP This parameter specifies the IP network address of the final destination Routing is always based on network number Subnet Mask This parameter specifies the IP network subnet mask of the final destination Gateway This is the ...

Страница 153: ...c route without having to delete the entry Route Name Enter a descriptive name for the static route Destination IP Address This parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the h...

Страница 154: ...Chapter 9 Static Routing VSG1435 B101 Series User s Guide 154 ...

Страница 155: ...packet a priority and then queues the packet accordingly Packets assigned a high priority are processed more quickly than those with low priority if there is congestion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Voice over IP VoIP or Interne...

Страница 156: ...ging makes use of three bits in the packet header while DiffServ is a new protocol and defines a new DS field which replaces the eight bit ToS Type of Service field in the IP header Tagging and Marking In a QoS class you can configure whether to add or change the DSCP DiffServ Code Point value IEEE 802 1p priority level and VLAN ID number in a matched packet When the packet passes through a compat...

Страница 157: ...ering algorithms Token Bucket Filter TBF Single Rate Two Color Maker srTCM and Two Rate Two Color Marker trTCM You can specify actions which are performed on the colored packets See Section 10 8 on page 170 for more information on each metering algorithm 10 3 The Quality of Service General Screen Click Network Settings QoS General to open the screen as shown next Use this screen to enable or disab...

Страница 158: ... DSL port s actual transmission speed You can also set this number lower than the interfaces actual transmission speed This will cause the ZyXEL Device to not use some of the interfaces available bandwidth If you leave this field blank the ZyXEL Device automatically sets this number to be 95 of the WAN interfaces actual upstream transmission speed LAN Managed Downstream Bandwidth Enter the amount ...

Страница 159: ...s queue is not active Name This shows the descriptive name of this queue Interface This shows the name of the ZyXEL Device s interface through which traffic in this queue passes Priority This shows the priority of this queue Weight This shows the weight of this queue Buffer Management This shows the queue management algorithm used for this queue Queue management algorithms determine how the ZyXEL ...

Страница 160: ...es gets through faster while traffic in lower priority queues is dropped if the network is congested Weight Select the weight from 1 to 8 of this queue If two queues have the same priority level the ZyXEL Device divides the bandwidth across the queues according to their weights Queues with larger weights get more bandwidth than queues with smaller weights Buffer Management This field displays Drop...

Страница 161: ...s QoS Class Setup to open the following screen Figure 56 Network Settings QoS Class Setup The following table describes the labels in this screen Table 33 Network Settings QoS Class Setup LABEL DESCRIPTION Add new Classifier Click this to create a new classifier This is the index number of the entry Status This field displays whether the classifier is active or not A yellow bulb signifies that thi...

Страница 162: ...name of the queue in which traffic of this classifier is put Modify Click the Edit icon to edit the classifier Click the Delete icon to delete an existing classifier Note that subsequent rules move up by one when you take this action Table 33 Network Settings QoS Class Setup LABEL DESCRIPTION ...

Страница 163: ...Service QoS VSG1435 B101 Series User s Guide 163 10 5 1 Add Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to a classifier to open the following screen Figure 57 Class Setup Add Edit ...

Страница 164: ...k box and enter the source IP address in dotted decimal notation A blank source IP address means any source IP address Subnet Netmask Enter the source subnet mask Port Range If you select TCP or UDP in the IP Protocol field select the check box and enter the port number s of the source MAC Select the check box and enter the source MAC address of the packet MAC Mask Type the mask for the specified ...

Страница 165: ...P UDP ICMP or IGMP If you select User defined enter the protocol service type number DHCP This field is available only when you select IP in the Ether Type field Select this option and select a DHCP option If you select Vendor Class ID DHCP Option 60 enter the Vendor Class Identifier Option 60 of the matched traffic such as the type of the hardware or firmware If you select User Class ID DHCP Opti...

Страница 166: ...iority level with which the ZyXEL Device replaces the IEEE 802 1p priority field in the packets If you select Unchange the ZyXEL Device keep the 802 1p priority field in the packets VLAN ID If you select Remark enter a VLAN ID number with which the ZyXEL Device replaces the VLAN ID of the frames If you select Remove the ZyXEL Device deletes the VLAN ID of the frames before forwarding them out If y...

Страница 167: ...s field displays whether the policer is active or not A yellow bulb signifies that this policer is active A gray bulb signifies that this policer is not active Name This field displays the descriptive name of this policer Regulated Classes This field displays the name of a QoS classifier Meter Type This field displays the type of QoS metering algorithm used in this policer Maximum Rate This field ...

Страница 168: ...ol when traffic can be transmitted Each token represents one byte The algorithm allows bursts of up to b bytes which is also the bucket size Maximum Rate Specify the guaranteed rate at which packets are admitted to the network This is to specify how many bytes of tokens are added to a bucket every second Burst Size Specify the guaranteed amount of bytes that are admitted at the committed rate This...

Страница 169: ...6 Policer Setup Add Edit LABEL DESCRIPTION Table 37 Network Settings QoS Monitor LABEL DESCRIPTION Refresh Interval Enter how often you want the ZyXEL Device to update this screen Select No Refresh to stop refreshing statistics Interface Monitor This is the index number of the entry Name This shows the name of the interface on the ZyXEL Device Pass Rate This shows how many packets forwarded to thi...

Страница 170: ...mitted successfully Drop Rate This shows how many packets assigned to this queue are dropped Table 37 Network Settings QoS Monitor continued LABEL DESCRIPTION Table 38 IEEE 802 1p Priority Level and Traffic Type PRIORITY LEVEL TRAFFIC TYPE Level 7 Typically used for network control traffic such as router configuration messages Level 6 Typically used for voice traffic that is especially sensitive t...

Страница 171: ...op Behavior DiffServ defines a new Differentiated Services DS field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled ne...

Страница 172: ...oS mapping on the ZyXEL Device On the ZyXEL Device traffic assigned to higher priority queues gets through faster while traffic in lower index queues is dropped if the network is congested Table 39 Internal Layer2 and Layer3 QoS Mapping PRIORITY QUEUE LAYER 2 LAYER 3 IEEE 802 1P USER PRIORITY ETHERNET PRIORITY TOS IP PRECEDENCE DSCP IP PACKET LENGTH BYTE 0 1 0 000000 1 2 2 0 0 000000 1100 3 3 1 00...

Страница 173: ... marked packets if the network is overloaded Configure the bucket size to be equal to or less than the amount of the bandwidth that the interface can support It does not help if you set it to a bucket size over the interface s capability The smaller the bucket size the lower the data transmission rate and that may cause outgoing packets to be dropped A larger transmission rate requires a big bucke...

Страница 174: ... the network The PIR is greater than or equal to the CIR CIR and PIR values are based on the guaranteed and maximum bandwidth respectively as negotiated between a service provider and client The trTCM evaluates incoming packets and marks them with one of three colors which refer to packet loss priority levels High packet loss priority level is referred to as red medium is referred to as yellow and...

Страница 175: ...y forwarding to direct traffic from different users through different connections or distribute traffic among multiple paths for load sharing 11 2 The Policy Forwarding Screen The Policy Forwarding screens let you view and configure routing policies on the ZyXEL Device Click Network Settings Routing Policy Forwarding to open the Policy Forwarding screen Figure 61 Network Settings Routing Policy Fo...

Страница 176: ...SourcePort This is the source port number Source MAC This is the source MAC address WAN This is the WAN interface through which the traffic is routed Modify Click the Edit icon to edit this policy Click the Delete icon to delete an existing policy Table 40 Network Settings Routing Policy Forwarding LABEL DESCRIPTION Table 41 Policy Forwarding Add Edit LABEL DESCRIPTION Policy Name Enter a descript...

Страница 177: ...t a WAN interface through which the traffic is sent You must have the WAN interface s already configured in the Broadband screens Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 41 Policy Forwarding Add Edit LABEL DESCRIPTION ...

Страница 178: ...Chapter 11 Policy Forwarding VSG1435 B101 Series User s Guide 178 ...

Страница 179: ...he Applications screen to forward incoming service requests to the server s on your local network Section 12 3 on page 183 Use the Port Triggering screen to add and configure the ZyXEL Device s trigger port settings Section 12 4 on page 185 Use the DMZ screen to configure a default server Section 12 5 on page 189 Use the ALG screen to enable and disable the SIP VoIP ALG in the ZyXEL Device Section...

Страница 180: ...on the LAN servers for example web or FTP that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world Finding Out More See Section 12 8 on page 191 for advanced technical information on NAT 12 2 The Port Forwarding Screen Use the Port Forwarding screen to forward incoming service requests to the server s on your lo...

Страница 181: ...orts 21 25 to one FTP Telnet and SMTP server A in the example port 80 to another B in the example and assign a default server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 63 Multiple Servers Behind NAT Example Click Network Settings NAT Port Forwarding to...

Страница 182: ...e is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active Service Name This shows the service s name WAN Interface This shows the WAN interface through which the service is forwarded External Start Port This is the first external port number that identifies a service External End Port This is the last external port number that identifies...

Страница 183: ...ckets To forward only one port enter the port number again in the External End Port field To forward a series of ports enter the start port number here and the end port number in the External End Port field External End Port Enter the last port of the original destination port range To forward only one port enter the port number in the External Start Port field above and then enter it again in thi...

Страница 184: ... rules Click Add new application in the Applications screen to open the following screen Figure 67 Applications Add Table 44 Network Settings NAT Applications LABEL DESCRIPTION Add new application Click this to add a new NAT application rule Application Forwarded This field shows the type of application that the service forwards WAN Interface This field shows the WAN interface through which the se...

Страница 185: ...a specific port number and protocol a trigger port When the ZyXEL Device s WAN port receives a response with a specific port number and protocol open port the ZyXEL Device forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service closes another computer on the LAN can use the service in the same manner This way you do not nee...

Страница 186: ...n is closed or times out The ZyXEL Device times out in three minutes with UDP User Datagram Protocol or two hours with TCP IP Transfer Control Protocol Internet Protocol Click Network Settings NAT Port Triggering to open the following screen Use this screen to view your ZyXEL Device s trigger port settings Figure 69 Network Settings NAT Port Triggering The following table describes the labels in t...

Страница 187: ...on the WAN Start This is the first port number that identifies a service End This is the last port number that identifies a service Trigger Proto This is the trigger transport layer protocol Open The open port is a port or a range of ports that a server on the WAN uses when it sends out a particular service The ZyXEL Device forwards the traffic with this port or range of ports to the client comput...

Страница 188: ...s of the LAN computer that sent the traffic to a server on the WAN Type a port number or the starting port number in a range of port numbers Trigger End Port Type a port number or the ending port number in a range of port numbers Trigger Protocol Select the transport layer protocol from TCP UDP or TCP UDP Open Start Port The open port is a port or a range of ports that a server on the WAN uses whe...

Страница 189: ...MZ The following table describes the fields in this screen Table 48 Network Settings NAT DMZ LABEL DESCRIPTION Default Server Address Enter the IP address of the default server which receives packets from ports that are not specified in the NAT Port Forwarding screen Note If you do not assign a Default Server Address the ZyXEL Device discards all packets received for ports that are not specified i...

Страница 190: ...Use this screen to enable and disable the SIP VoIP ALG in the ZyXEL Device To access this screen click Network Settings NAT ALG Figure 72 Network Settings NAT ALG The following table describes the fields in this screen 12 7 The Sessions Screen Use the Sessions screen to limit the number of concurrent NAT sessions all clients can use Table 49 Network Settings NAT ALG LABEL DESCRIPTION ALG Enable th...

Страница 191: ...a host in a packet as the packet traverses a router for example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Table 50 Network Settings NAT Sessions LABEL DESCRIPTION MAX NAT Session Use this field to set a common limit to the number of conc...

Страница 192: ...he inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outside host is never changed The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP In addition you can designate servers for example a web server and a telnet server on your local network and make them accessible to the outsi...

Страница 193: ...uired for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and then forwards it to the Internet The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored The following figure illu...

Страница 194: ...mbers The most often used port numbers are shown in the following table Please refer to RFC 1700 for further information about port numbers Please also refer to the Supporting CD for more examples and details on port forwarding and NAT Table 52 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Finger ...

Страница 195: ...lt server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 76 Multiple Servers Behind NAT Example SNMP trap 162 PPTP Point to Point Tunneling Protocol 1723 Table 52 Services and Port Numbers SERVICES PORT NUMBER D 192 168 1 36 192 168 1 1 IP address assigned ...

Страница 196: ...Chapter 12 Network Address Translation NAT VSG1435 B101 Series User s Guide 196 ...

Страница 197: ...ecific WAN interface to its DNS server s The ZyXEL Device uses a system DNS server in the order you specify in the Broadband screen to resolve domain names that do not match any DNS routing entry After the ZyXEL Device receives a DNS reply from a DNS server it creates a new entry for the resolved IP address in the routing table In the following example the DNS server 168 92 5 1 obtained from the W...

Страница 198: ...address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 13 1 1 What You Can Do in this Chapter Use the DNS Entry screen to view configure or remove DNS routes Section 13 2 on page 199 Use t...

Страница 199: ...ing to open the DNS Entry screen Figure 78 Advanced DNS Setting DNS Setting The following table describes the fields in this screen Table 53 Advanced DNS Setting DNS Setting LABEL DESCRIPTION Add new DNS entry Click this to create a new DNS entry This is the index number of the entry Hostname This indicates the host name or domain name IP Address This indicates the IP address assigned to this comp...

Страница 200: ...re 79 DNS Entry Add Edit The following table describes the labels in this screen 13 3 The Dynamic DNS Screen Use this screen to change your ZyXEL Device s DDNS Click Advanced DNS Setting Dynamic DNS The screen appears as shown Figure 80 Advanced DNS Setting Dynamic DNS Table 54 DNS Entry Add Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry IP Address Enter the IP address of th...

Страница 201: ...e the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type the password assigned to you Email If you select TZO in the Service Provider field enter the user name you used to register for this service Key If you select TZO in the Service Provider field enter the passw...

Страница 202: ...Chapter 13 Dynamic DNS Setup VSG1435 B101 Series User s Guide 202 ...

Страница 203: ...ngs Section 14 2 on page 206 Use the IGMP Filter screens to control IGMP access Section 14 3 on page 208 Use the IGMP ACL screens to block or allow access to specific multicast media channels Section 14 4 on page 213 14 1 2 What You Need to Know IP Multicast Addresses In IPv4 a multicast address allows a device to send packets to a specific group of hosts multicast group in a different sub network...

Страница 204: ...L Device discards multicast traffic destined for multicast groups that it does not know IGMP snooping generates no additional network traffic allowing you to significantly reduce multicast traffic passing through your device IGMP Proxy To allow better network performance you can use IGMP proxy instead of a multicast routing protocol in a simple tree network topology Note Your ZyXEL Device is an IG...

Страница 205: ...sts that are members of the query VLAN The ZyXEL Device only sends an IGMP leave message via the upstream interface when the last host leaves a multicast group Router Alert Option The router alert option provides a way to let routers intercept packets not addressed to them directly without incurring any significant performance penalty The router alert option in the IP header of an IGMP control pac...

Страница 206: ...s connected to the IGMP proxy device Query Interval Specify how many seconds since the last query the ZyXEL Device waits before it queries all directly connected networks to gather multicast group membership Query Response Interval Specify how many seconds the host allots for gathering membership information from directly connected networks before it sends a report Robustness Value This is the num...

Страница 207: ...gnore IGMP query without router alert option Select this to discard IGMP query packets that do not include a router alert option Ignore IGMP query which destination IP is not 224 0 0 1 Select this to discard IGMP query packets with a destination IP address other than 224 0 0 1 the all hosts multicast address Apply Click this button to save your settings back to the ZyXEL Device Cancel Click Cancel...

Страница 208: ...e fields in this screen Table 57 Network Settings IGMP Setting IGMP Filter LABEL DESCRIPTION Allow IGMP packets from Ethernet interface Select this to accept IGMP packets received on any of the LAN Ethernet ports Clear this to discard IGMP packets received on any of the LAN Ethernet ports Allow IGMP packets from WiFi interface Select this to accept IGMP packets received through the wireless LAN in...

Страница 209: ...his is the multicast address and subnet that the service domain uses STB Max Channels This is to how many of the service domain s IGMP channels a LAN STB device is allowed to subscribe Non STB Max Channels This is to how many of the service domain s IGMP channels LAN devices other than STBs are allowed to subscribe Modify Click the Edit icon to change the entry Click the Delete icon to delete the ...

Страница 210: ...llowing table describes the fields in this screen Table 58 Network Settings IGMP Setting IGMP Filter LAN Host Edit LABEL DESCRIPTION LAN Host This is the IP address of one of the ZyXEL Device s LAN hosts IGMP Enabled Select whether or not the LAN device using the specified IP address is allowed to access IGMP services through the ZyXEL Device Max Allowed Channels Specify to how many IGMP channels ...

Страница 211: ...s and underscores _ Spaces are not allowed Maximum active channels for STB Specify to how many of the service domain s IGMP channels a LAN STB device is allowed to subscribe Maximum active channels for Non STB Specify to how many of the service domain s IGMP channels LAN devices other than STBs are is allowed to subscribe Group List Use this section to specify the multicast groups and subnet masks...

Страница 212: ...ticast service domain to which you want to block or allow access LAN Host Select the IP address of one of the ZyXEL Device s LAN hosts IGMP Enabled Select whether or not the LAN device using the specified IP address is allowed to use the IGMP multicast service domain Max Allowed Channels This shows to how many of the IGMP multicast service domain s channels the LAN device using the specified IP ad...

Страница 213: ...o other multicast channels Select Disabled to have the ZyXEL Device not restrict which multicast channels the multimedia devices on the LAN can access Add a new rule Click this to create a new IGMP ACL rule White List These rules are for allowing access to specified multicast IP addresses Multicast Address This is the multicast IP address of a multicast media channel to which you want to allow acc...

Страница 214: ...your previously saved settings Table 61 Network Settings IGMP Setting IGMP ACL continued LABEL DESCRIPTION Table 62 Network Settings IGMP Setting IGMP ACL Add a new rule LABEL DESCRIPTION Multicast IP Address Enter the multicast IP address of a multicast media channel to which you want to block or allow access Multicast IP Mask Enter the subnet mask of the multicast IP address Type Select Black Li...

Страница 215: ...create multiple networks on the ZyXEL Device Section 15 2 on page 215 15 2 The Interface Group Screen You can manually add a LAN interface to a new group Alternatively you can have the ZyXEL Device automatically add the incoming traffic and the LAN interface on which traffic is received to an interface group when its DHCP Vendor ID option information matches one listed for the interface group Use ...

Страница 216: ...PTION Add New Interface Group Click this button to create a new interface group Group Name This shows the descriptive name of the group WAN Interface This shows the WAN interfaces in the group LAN Interfaces This shows the LAN interfaces in the group DHCP Vendor IDs The ZyXEL Device automatically adds LAN hosts sending traffic with any of the Vendor Class Identifiers listed here to the interface g...

Страница 217: ...Group Name Enter a name to identify this group You can enter up to 30 characters You can use letters numbers hyphens and underscores _ Spaces are not allowed WAN Interface used in the grouping Select the WAN interface this group uses Select No Interface None to not add a WAN interface to this group Grouped LAN Interfaces Available LAN Interfaces Select one or more LAN interfaces Ethernet LAN HPNA ...

Страница 218: ... Vendor Class Identifiers DHCP Option 60 to identify LAN hosts to add to the interface group by criteria such as the type of the hardware or firmware Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel to exit this screen without saving Table 64 Interface Group Configuration continued LABEL DESCRIPTION ...

Страница 219: ...llustrates the default firewall action User A can initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 92 Default Firewall Action 16 1 1 What You Can Do in this Chapter Use the Firewall screen to configure the security level of the firewall on the ZyXEL Device Sect...

Страница 220: ...ork resources The ZyXEL Device is pre configured to automatically detect and thwart all known DoS attacks DDoS A DDoS attack is one in which multiple compromised systems attack a single target thereby causing denial of service for users of the targeted system LAND Attack In a LAND attack hackers flood SYN packets into the network with a spoofed source IP address of the target system This makes it ...

Страница 221: ...rotocol Screen You can configure customized services and port numbers in the Protocol screen For a comprehensive list of port numbers and services visit the IANA Internet Assigned Number Authority website See Appendix E on page 385 for some examples Table 65 Security Settings Firewall LABEL DESCRIPTION Low Select Low to allow LAN to WAN and WAN to LAN packet directions Medium Select Medium to allo...

Страница 222: ...RIPTION Add New Protocol Entry Click this to add a new protocol Name This is the name of your customized service Description This is the description of your customized service Ports Protocol Number This shows the IP protocol TCP UDP ICMP or TCP UDP and the port number or range of ports that defines your customized service Other and the protocol number displays if the service uses another IP protoc...

Страница 223: ...your customized port from the drop down list box Select Other to be able to enter a protocol number Source Destination Port These fields are displayed if you select TCP or UDP as the IP port Select Single to specify one port only or Range to specify a span of ports that define your customized service If you select Any the service is applied to all ports Type a single port number or the range of po...

Страница 224: ...nter a unique name up to 32 printable English keyboard characters including spaces for your customized port Service Description Enter a description for your customized port Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 67 Security Settings Firewall Protocol Add LABEL DESCRIPTION Table 68 Security Settings Firewall Access Control LABEL DESCRIPTI...

Страница 225: ...ction This displays the direction of traffic to which this rule applies Action This field displays whether the rule silently discards packets DROP discards packets and sends a TCP reset packet or an ICMP destination unreachable message to the sender REJECT or allows the passage of packets ACCEPT Modify Click the Edit icon to edit the rule Click the Delete icon to delete an existing rule Note that ...

Страница 226: ...a descriptive name of up to 16 alphanumeric characters not including spaces underscores and dashes You must enter the filter name to add an ACL rule This field is read only if you are editing the ACL rule Select Source Device Select the source device to which the ACL rule applies If you select Specific IP Address enter the source IP address in the field below Source IP Address Enter the source IP ...

Страница 227: ...c Protocol in Select Protocol Enter a single port number or the range of port numbers of the destination Policy Use the drop down list box to select whether to discard DROP deny and send an ICMP destination unreachable message to the sender of REJECT or allow the passage of ACCEPT packets that match this rule Direction Use the drop down list box to select the direction of traffic to which this rul...

Страница 228: ...Chapter 16 Firewall VSG1435 B101 Series User s Guide 228 ...

Страница 229: ...device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC addresses of the devices to configure this screen 17 2 The MAC Filter Screen Use this screen to change your ZyXEL Device s MAC filter settings Click Security Settings MAC Filter The screen appears ...

Страница 230: ...XEL Device Select an entry from the Allow List and use the button to add it to the Block List Select an entry from the Block List and use the button to add it to the Allow List Add Device Select this to display the Add Device screen which you can add a device to the MAC filter Allow List Enter the device s MAC address and click OK This is the index number of the entry Device This is the name of th...

Страница 231: ...screen see Chapter 19 on page 235 for detailed information 18 2 The Parental Control Screen Use this screen to configure parental control settings to block the users on your network from accessing certain web sites Click Parental Control to open the following screen Note You must configure a scheduler rule in the Advanced Scheduler Rule screen Section 19 2 on page 235 before the parental control f...

Страница 232: ...a new parental control rule This is the index number of the rule PC Name IP MAC The ZyXEL Device allows or prohibits the users from viewing the Web sites with the URLs listed below Access Type This shows the access type that is applied on the user to the web site of this rule Web Site This is the URL of the web site in this rule Scheduler Name This is the name of the schedule rule that is applied ...

Страница 233: ...sers from viewing the web sites with the URLs listed below If you select Allow Web Site the ZyXEL Device blocks access to all URLs except ones listed below If you select Block All the ZyXEL Device blocks access to all URLs Web Site Enter the URL of web site to which the ZyXEL Device blocks or allows access Click Add to add this URL to the list below Remove Select an URL from the list and click Rem...

Страница 234: ...Chapter 18 Parental Control VSG1435 B101 Series User s Guide 234 ...

Страница 235: ...s Screen Use this screen to view add or edit time schedule rules Click Advanced Scheduler Rules to open the following screen Figure 101 Advanced Scheduler Rules The following table describes the fields in this screen Table 73 Advanced Scheduler Rules LABEL DESCRIPTION Add new rule Click this to create a new rule This is the index number of the entry Rule Name This shows the name of the rule Day Th...

Страница 236: ...Click the Delete icon to delete a scheduler rule Note You cannot delete a scheduler rule once it is applied to a certain feature Table 73 Advanced Scheduler Rules LABEL DESCRIPTION Table 74 Scheduler Rules Add Edit LABEL DESCRIPTION Rule Name Enter a name up to 31 printable English keyboard characters not including spaces for this schedule Day Select check boxes for the days that you want the ZyXE...

Страница 237: ...you save the certificates of trusted CAs to the ZyXEL Device Section 20 4 on page 245 20 2 What You Need to Know The following terms and concepts may help as you read through this chapter Certification Authority A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and govern...

Страница 238: ... In Use This field displays whether the certificate is in use and how many applications use the certificate Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Type This field displays what kind of ...

Страница 239: ...Name Type up to 63 ASCII characters not including spaces to identify this certificate Common Name Type the IP address in dotted decimal notation domain name or e mail address in the field provided The domain name or e mail address can be up to 63 ASCII characters The domain name or e mail address is for identification purposes only and can be any string Organization Name Type up to 63 characters t...

Страница 240: ...tificate Request Created 20 3 2 Load Signed Certificate After you create a certificate request and have it signed by a Certificate Authority in the Local Certificates screen click the certificate request s Load Signed icon to import the signed certificate into the ZyXEL Device ...

Страница 241: ...tings Local Certificates and then Import Certificate to open the Import Local Certificate screen Follow the instructions in this screen to save an existing certificate to the ZyXEL Device Table 77 Load Signed Certificate LABEL DESCRIPTION Certificate Name This is the name of the signed certificate Certificate Copy and paste the signed certificate into the text box to store it on the ZyXEL Device A...

Страница 242: ...cate The following table describes the labels in this screen Table 78 Import Local Certificate LABEL DESCRIPTION Import from file Click this check box to open a screen where you can save the certificate of a certification authority that you trust from your computer to the ZyXEL Device Certificate Name Type up to 63 ASCII characters not including spaces to identify this certificate ...

Страница 243: ...the certificate into the text box to store it on the ZyXEL Device Private Key Copy and paste the private key into the text box to store it on the ZyXEL Device Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 79 Import Local Certificate Import from file LABEL DESCRIPTION Certificate File Path Type in the location of the certificate you want to uplo...

Страница 244: ...cation Authority signed the certificate request means this is a certification request Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organization O State ST and Country C Certificate This read only text box displays the certificate in Privacy Enhanced Mail PEM format PEM uses base 64 to convert the binary certificate into a printable for...

Страница 245: ...PEM uses base 64 to convert the binary certificate into a printable form You can copy and paste the private key into an e mail to send to friends or colleagues or you can copy and paste the certificate into a text editor and save the file on a management computer for later distribution via floppy disk for example Signing Request This read only text box displays the request information in Privacy E...

Страница 246: ...cate have unique subject information Type This field displays general information about the certificate ca means that a Certification Authority signed the certificate Action Click the View icon to open a screen with an in depth list of information about the certificate or certification request Click the Remove button to delete the certificate or certification request You cannot delete a certificat...

Страница 247: ...e certificate such as Common Name CN Organizational Unit OU Organization O and Country C Certificate This read only text box displays the certificate in Privacy Enhanced Mail PEM format PEM uses base 64 to convert the binary certificate into a printable form You can copy and paste the certificate into an e mail to send to friends or colleagues or you can copy and paste the certificate into a text ...

Страница 248: ...of a certification authority that you trust from your computer to the ZyXEL Device Certificate Name Enter the name that identifies this certificate The certificate name should not exceed 63 ASCII characters not including spaces Certificate Copy and paste the certificate into the text box to store it on the ZyXEL Device Apply Click Apply to save your changes Cancel Click Cancel to exit this screen ...

Страница 249: ...s a standards based VPN that offers flexible solutions for secure data communications across a public network like the Internet IPSec is built around a number of standardized cryptographic techniques to provide confidentiality data integrity and authentication at the IP layer The following figure is an example of an IPSec VPN tunnel Figure 114 VPN Example 21 1 1 What You Can Do in this Chapter Use...

Страница 250: ...transmitted in the networks Between routers X and Y the data is protected by tunneling encryption authentication and other security features of the IPSec SA The IPSec SA is established securely using the IKE SA that routers X and Y established first Remote IPSec Gateway Address Remote IPSec Gateway Address is the WAN IP address or domain name of the remote IPSec router secure gateway If the remote...

Страница 251: ...Security Settings IPSec Status The following table describes the fields in this screen Table 85 Security Settings IPSec Status LABEL DESCRIPTION Refresh Interval Select how often the screen should be refreshed from the drop down list box Status This field displays whether the VPN connection is up a yellow bulb or down a gray bulb Connection Name This field displays the identification name for this...

Страница 252: ...Table 86 Security Settings IPSec Settings LABEL DESCRIPTION Add New Connection Click this to configure a new VPN policy This is the index number of the entry Status This field displays whether the VPN policy is active or not A yellow bulb signifies that this VPN policy is active A gray bulb signifies that this VPN policy is not active Connection Name This field displays the identification name for...

Страница 253: ...etup Auto IKE provides more protection so it is generally recommended You only configure VPN manual key when you select Auto IKE in the Key Exchange Local Addresses This is the IP address of computer s on your local network behind your ZyXEL Device Remote Addresses This is the IP address of computer s on the remote network behind the remote IPSec router Modify Click the Edit icon to edit the VPN c...

Страница 254: ... LABEL DESCRIPTION Enable Select this check box to activate this VPN policy This option determines whether a VPN rule is applied before a packet leaves the firewall IPSec Connection Name Type up to 39 alphanumeric characters to identify this VPN policy You may use spaces underscores and dashes but the ZyXEL Device drops trailing spaces Remote IPSec Gateway Address Type the WAN IP address or the UR...

Страница 255: ...el The remote IP addresses must correspond to the remote IPSec router s configured local IP addresses Two active SAs cannot have the local and remote IP address es both the same Two active SAs can have the same local or remote IP address but not both You can configure multiple SAs between the same local and remote IP addresses as long as only one is active at any time Use the drop down list box to...

Страница 256: ...eld in a certificate This is used only with certificate based authentication Local Remote ID Content When you select IP in the Local Remote ID Type field type the IP address of your computer in the Local Remote ID Content field When you select DNS or E mail in the Local Remote ID Type field type a domain name or e mail address by which to identify this ZyXEL Device in the Local Remote ID Content f...

Страница 257: ...is more secure than DES It also requires more processing power resulting in increased latency and decreased throughput This implementation of AES uses a 128 bit 192 bit or 256 bit key AES is faster than 3DES Integrity Algorithm Select SHA1 or MD5 from the drop down list box MD5 Message Digest 5 and SHA1 Secure Hash Algorithm are hash algorithms used to authenticate packet data The SHA1 algorithm i...

Страница 258: ...following table describes the fields in this screen Table 88 IPSec Settings Add Edit Manual LABEL DESCRIPTION Enable Select this check box to activate this VPN policy This option determines whether a VPN rule is applied before a packet leaves the firewall IPSec Connection Name Type up to 39 alphanumeric characters to identify this VPN policy You may use spaces underscores and dashes but the ZyXEL ...

Страница 259: ... The remote IP addresses must correspond to the remote IPSec router s configured local IP addresses Two active SAs cannot have the local and remote IP address es both the same Two active SAs can have the same local or remote IP address but not both You can configure multiple SAs between the same local and remote IP addresses as long as only one is active at any time Use the drop down list box to c...

Страница 260: ...ter than 3DES Select ESP_NULL to set up a tunnel without encryption When you select ESP_NULL you do not enter an encryption key Encryption Key Type 16 hexadecimal 0 9 A F characters if you select to use the DES encryption algorithm or 48 hexadecimal characters if you use the 3DES encryption algorithm Authentication Algorithm Select SHA1 or MD5 from the drop down list box MD5 Message Digest 5 and S...

Страница 261: ...acket formats and the default standards for packet structure including implementation algorithms The Encryption Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provide an authentication mechanism for the AH and ESP protocols Key Management Key management allow...

Страница 262: ...ng IP address cannot be verified for integrity against the data With the use of AH as the security protocol protection is extended forward into the IP header to verify the integrity of the entire packet by use of portions of the original IP header in the hashing process Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services ...

Страница 263: ... DH2 Set the IKE SA lifetime This field allows you to determine how long an IKE SA should stay up before it times out An IKE SA times out when the IKE SA lifetime period expires If an IKE SA times out when an IPSec SA is already established the IPSec SA stays connected In phase 2 you must Choose an encryption algorithm Choose an authentication algorithm Choose a Diffie Hellman public key cryptogra...

Страница 264: ...ode An IPSec VPN using the AH protocol digitally signs the outbound packet both data payload and headers with a hash value appended to the packet When using AH protocol packet contents the data payload are not encrypted A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing The VPN device at the receiving end will verify the i...

Страница 265: ...this NAT traversal allows you to set up an IKE SA when there are NAT routers between the two IPSec routers Figure 124 NAT Router Between IPSec Routers Normally you cannot set up an IKE SA with a NAT router between the two IPSec routers because the NAT router changes the header of the IPSec packet NAT traversal solves the problem by adding a UDP port 500 header to the IPSec packet The NAT router fo...

Страница 266: ... rules with overlapping local and remote IP addresses With main mode see Section 21 4 4 on page 264 the ID type and content are encrypted to provide identity protection In this case the ZyXEL Device can only distinguish between up to 12 different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP addresses The ZyXEL Device can distinguish up to 48 incoming SAs because you...

Страница 267: ...an communicate with them over a secure connection E mail Type an e mail address up to 31 characters by which to identify this ZyXEL Device The domain name or e mail address that you use in the Local ID Content field is used for identification purposes only and does not need to be a real domain name or e mail address Table 91 Local ID Type and Content Fields LOCAL ID TYPE CONTENT Table 92 Matching ...

Страница 268: ...stablish a shared secret over an unsecured communications channel Diffie Hellman is used within IKE SA setup to establish session keys 768 bit 1024 bit 1536 bit 2048 bit and 3072 bit Diffie Hellman groups are supported Upon completion of the Diffie Hellman exchange the two peers have a shared secret but the IKE SA is not authenticated For authentication use pre shared keys ...

Страница 269: ...ol screens Service Control allows you to manage your ZyXEL Device from a remote location through the following interfaces LAN WAN Note The ZyXEL Device is managed using the Web Configurator 22 2 The Service Control Screen Use this screen to configure through which interface s users can use which service s to manage the ZyXEL Device ...

Страница 270: ...hat you want to allow access to the ZyXEL Device from the LAN WAN Select the Enable check box for the corresponding services that you want to allow access to the ZyXEL Device from the WAN Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Certificate HTTPS Certificate Select a certificate t...

Страница 271: ...looks in the ARP Table and if it finds the address sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The device fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the device puts all ones in the target MAC field FF FF FF FF FF FF...

Страница 272: ...le The following table describes the labels in this screen Table 95 System Monitor ARP Table LABEL DESCRIPTION This is the ARP table entry number IP Address This is the learned IP address of a device connected to a port MAC Address This is the MAC address of the device with the listed IP address Device This is the type of interface used by the device You can click on the device type to go to its c...

Страница 273: ...his chapter Alerts and Logs An alert is a type of log that warrants more serious attention They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protoco...

Страница 274: ...r Log to open the System Log screen Figure 127 System Monitor Log System Log Table 96 Syslog Severity Levels CODE SEVERITY 0 Emergency The system is unusable 1 Alert Action must be taken immediately 2 Critical The system condition is critical 3 Error There is an error condition on the system 4 Warning There is a warning condition on the system 5 Notice There is a normal but significant condition o...

Страница 275: ...gh all logs of that severity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintenance Logs Setting screen System Log This field is a sequential value and is not ass...

Страница 276: ...te all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintenance Logs Setting screen This field is a sequential value and is not associated with a specific entry Time This field displays the time the log was recorded Facility The log facility allows you ...

Страница 277: ...c Status screens to look at network traffic status and statistics of the WAN and LAN interfaces 25 1 1 What You Can Do in this Chapter Use the WAN screen to view the WAN traffic statistics Section 25 2 on page 278 Use the LAN screen to view the LAN traffic statistics Section 25 3 on page 280 ...

Страница 278: ... currently connected Packets Sent Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with ...

Страница 279: ...smitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 99 System Monitor Traffic Status WAN LABEL DESC...

Страница 280: ...owing table describes the fields in this screen Table 100 System Monitor Traffic Status LAN LABEL DESCRIPTION Polls Interval s Select how often you want the ZyXEL Device to update this screen Interface This shows the LAN or WLAN interface Bytes Sent This indicates the number of bytes transmitted on this interface Bytes Received This indicates the number of bytes received on this interface more les...

Страница 281: ...smitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 100 System Monitor Traffic Status LAN LABEL DES...

Страница 282: ...Chapter 25 Traffic Status VSG1435 B101 Series User s Guide 282 ...

Страница 283: ...roup and from each LAN host Section 26 3 on page 284 26 2 The IGMP Group Screen Use this screen to look at the current list of multicast groups the ZyXEL Device has joined and which ports have joined it To open this screen click System Monitor IGMP Group Status IGMP Group Figure 131 System Monitor IGMP Group Status IGMP Group The following table describes the labels in this screen Table 101 System...

Страница 284: ... Group Status IGMP Group continued LABEL DESCRIPTION Table 102 System Monitor IGMP Group Status IGMP Statistics LABEL DESCRIPTION IGMP Multicast Group Statistics This section shows statistics about the number of IGMP related packets received for each IGMP multicast group Multicast Group This field displays the name of the IGMP multicast group for which the ZyXEL Device received IGMP related packet...

Страница 285: ...ulticast group Total Time sec This field displays the total amount of time the ZyXEL Device counted from when the LAN IP address joined the IGMP multicast group to when it left Total Joins This field displays the total number of Join packets the ZyXEL Device has received from this LAN IP address Total Leaves This field displays the total number of Leave packets the ZyXEL Device has received from t...

Страница 286: ...Chapter 26 IGMP Status VSG1435 B101 Series User s Guide 286 ...

Страница 287: ...ation 27 1 Overview In the Users Configuration screen you can view add and configure user accounts of the ZyXEL Device 27 2 The Users Configuration Screen Click Maintenance Users Configuration to open the following screen Figure 133 Maintenance Users Configuration ...

Страница 288: ...s to configure a new user account This is the index number of the entry User Name This field displays the name of the user Expire Time This field indicates the date that this user s password will expire If there is no expire date Not Available will be displayed Expire Period This field indicates how many days this user s password is available Retry Times This field indicates how many times a user ...

Страница 289: ...haracters and include both letters and numbers Password Specify the password associated to this account The password can be 6 to 15 alphanumeric characters 0 9 A Z a z _ with no spaces not containing the user name It must contain both letters and numbers The characters are displayed as asterisks in this field Old Password This field is displayed only when you are editing the user account Type the ...

Страница 290: ...riod Enter the number of minutes for the lockout period A user cannot log into the ZyXEL Device during the lockout period even if he she enters correct account information Group This field is read only if you are editing the user account Select a type of login account The web configurator screens and privileges vary depending on which account type you use to log in Administrator accounts can confi...

Страница 291: ...page 293 28 2 The TR 069 Clients Screen TR 069 defines how Customer Premise Equipment CPE for example your ZyXEL Device can be managed over the WAN by an Auto Configuration Server ACS TR 069 is based on sending Remote Procedure Calls RPCs between an ACS and a client device RPCs are sent in Extensible Markup Language XML format over HTTP or HTTPS An administrator can use an ACS to remotely set up t...

Страница 292: ...rver ACS URL Enter the URL or IP address of the auto configuration server ACS User Name Enter the TR 069 user name for authentication with the auto configuration server ACS Password Enter the TR 069 password for authentication with the auto configuration server WAN Interface used by TR 069 client Select a WAN interface through which the TR 069 traffic passes If you select Any_WAN you should also s...

Страница 293: ...escribes the fields in this screen Connection Request Password Enter the connection request password When the ACS makes a connection request to the ZyXEL Device this password is used to authenticate the ACS Connection Request URL This shows the connection request URL The ACS can use this URL to make a connection request to the ZyXEL Device Apply Click Apply to save your changes Cancel Click Cancel...

Страница 294: ...Chapter 28 Remote Management VSG1435 B101 Series User s Guide 294 ...

Страница 295: ...gs such as system time password name the domain name and the inactivity timeout interval 29 2 The Time Setting Screen To change your ZyXEL Device s time and date click Maintenance Time Setting The screen appears as shown Use this screen to configure the ZyXEL Device s time based on your local time zone Figure 137 Maintenance Time Setting ...

Страница 296: ...ahead of normal local time by one hour to give more daytime light in the evening State Select Enable if you use Daylight Saving Time Start rule Configure the day and time when Daylight Saving Time starts if you enabled Daylight Saving You can select a specific date in a particular month or a specific day of a specific week in a particular month The Time field uses the 24 hour format Here are a cou...

Страница 297: ...ted States you would set the day to First Sunday the month to November and the time to 2 in the Hour field Daylight Saving Time ends in the European Union on the last Sunday of October All of the time zones in the European Union stop using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would set the day to Last Sunday and the month to October The time you sel...

Страница 298: ...Chapter 29 Time Settings VSG1435 B101 Series User s Guide 298 ...

Страница 299: ...e where the ZyXEL Device sends logs and which logs and or immediate alerts the ZyXEL Device records in the Logs Setting screen 30 2 The Log Settings Screen To change your ZyXEL Device s log settings click Maintenance Logs Setting The screen appears as shown Figure 138 Maintenance Logs Setting ...

Страница 300: ...log e mail message that the ZyXEL Device sends From Specify where the logs are sent from Send Log to The ZyXEL Device sends logs to the e mail address specified in this field If this field is left blank the ZyXEL Device does not send logs via E mail Send Alarm to Alerts are real time notifications that are sent as soon as an event such as a DoS attack system error or forbidden web access attempt o...

Страница 301: ...y to save your changes Cancel Click Cancel to restore your previously saved settings Table 108 Maintenance Logs Setting LABEL DESCRIPTION Subject Firewall Alert From Date Fri 07 Apr 2000 10 05 42 From user zyxel com To user zyxel com 1 Apr 7 00 From 192 168 1 1 To 192 168 1 255 default policy forward 09 54 03 UDP src port 00520 dest port 00520 1 00 2 Apr 7 00 From 192 168 1 131 To 192 168 1 255 de...

Страница 302: ...Chapter 30 Logs Setting VSG1435 B101 Series User s Guide 302 ...

Страница 303: ...n Click Maintenance Firmware Upgrade to open the following screen The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minutes After a successful upload the system will reboot Do NOT turn off the ZyXEL Device while firmware upload is in progress Figure 140 Maintenance Firmware Upgrade The following table describes the labels in this screen Table 109 Maintenance Firmware ...

Страница 304: ...top Figure 142 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful the following screen will appear Click OK to go back to the Firmware Upgrade screen Figure 143 Error Message Browse Click this to find the bin file you want to upload Remember that you must decompress compressed zip files before yo...

Страница 305: ...ts backup configuration and restoring configuration appears in this screen as shown next Figure 144 Maintenance Configuration Backup Configuration Backup Configuration allows you to back up save the ZyXEL Device s current configuration to a file on your computer Once your ZyXEL Device is configured and functioning properly it is highly recommended that you back up your configuration file before ma...

Страница 306: ...me causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 145 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 See Appendix A on page 325 for details on how to set up your ...

Страница 307: ...actory Defaults Click the Reset button to clear all user entered configuration information and return the ZyXEL Device to its factory defaults The following warning screen appears Figure 147 Reset Warning Message Figure 148 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device Refer to Section 1 8 on page 32 for more infor...

Страница 308: ...tart allows you to reboot the ZyXEL Device remotely without turning the power off You may need to do this if the ZyXEL Device hangs for example Click Maintenance Reboot Click Reboot to have the ZyXEL Device reboot This does not affect the ZyXEL Device s configuration Figure 149 Maintenance Reboot ...

Страница 309: ... detailed results These read only screens display information to help you identify problems with the ZyXEL Device 33 2 The Diagnostic Screen Use this screen to ping traceroute or nslookup an IP address Click Maintenance Diagnostic Ping TraceRoute NsLookup to open the screen shown next Figure 150 Maintenance Diagnostic Ping TraceRoute NsLookup ...

Страница 310: ...Address Type the IP address of a computer that you want to perform ping traceroute or nslookup in order to test a connection Ping Click this to ping the IP address that you entered TraceRoute Click this button to perform the traceroute function This determines the path a packet takes to the specified computer Nslookup Click this button to perform a DNS lookup on the IP address of a computer you en...

Страница 311: ...evice does not turn on None of the LEDs turn on 1 Make sure the ZyXEL Device is turned on 2 Make sure you are using the power adaptor or cord included with the ZyXEL Device 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the ZyXEL Device off and on 5 If the problem continues contact ...

Страница 312: ...ddress of the default gateway for your computer To do this in most Windows computers click Start Run enter cmd and then enter ipconfig The IP address of the Default Gateway might be the IP address of the ZyXEL Device it depends on the network so enter this IP address in your Internet browser 3 If this does not work you have to reset the device to its factory defaults See Section 1 8 on page 32 I f...

Страница 313: ...stions Advanced Suggestions Make sure you have logged out of any earlier management sessions using the same user account even if they were through a different interface or using a different browser Try to access the ZyXEL Device using another service such as Telnet If you can access the ZyXEL Device check the remote management settings and firewall rules to find out why the ZyXEL Device does not r...

Страница 314: ...trol settings for FTP See Chapter 22 on page 269 34 3 Internet Access I cannot access the Internet 1 Check the hardware connections and make sure the LEDs are behaving as expected See Section 1 6 on page 29 and Section 1 7 on page 30 2 Make sure you entered your ISP account information correctly in the Network Settings Broadband screen These fields are case sensitive so make sure Caps Lock is not ...

Страница 315: ...y from your ISP s DHCP server I cannot access the Internet through an Ethernet WAN connection 1 Make sure you have the ETHERNET WAN port connected to a broadband modem or router in your network 2 Make sure you configured a proper Ethernet WAN interface Network Settings Broadband screen with the Internet account information provided by your ISP and that it is enabled 3 Check that the LAN interface ...

Страница 316: ...s walls ceilings furniture and so on Building Materials metal doors aluminum studs Electrical devices microwaves monitors electric motors cordless phones and other wireless devices To optimize the speed and quality of your wireless connection you can Move your wireless device closer to the AP if the signal strength is low Reduce wireless interference that may be caused by other wireless networks o...

Страница 317: ...mmended This uses a pre shared key with the WPA2 standard WPA PSK This has the device use either WPA PSK or WPA2 PSK depending on which security mode the wireless client uses WPA2 WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WPA It requires the use of a RADIUS server and is mostly used in business networks WPA Wi Fi Prote...

Страница 318: ...Chapter 34 Troubleshooting VSG1435 B101 Series User s Guide 318 ...

Страница 319: ...less network is active While the WLAN WPS LED is green press the WLAN WPS button for five seconds and release it to enable WPS Wi Fi Protected Setup To turn off the wireless network press the WLAN WPS button on the front of the ZyXEL Device for one to five seconds The WLAN WPS LED turns off when the wireless network is off Antennas Two One detachable external 2dBi antenna and one internal 2dBi ant...

Страница 320: ...ut it on the ZyXEL Device Note Only upload firmware for your specific model Configuration Backup Restoration Make a copy of the ZyXEL Device s configuration You can put it back on the ZyXEL Device later if you decide to revert back to an earlier configuration HomePNA Home Phoneline Networking Alliance also known as HPNA 3 1 Extend your Internet connection to the coaxial outlets in your house HPNA ...

Страница 321: ...ervice You can efficiently manage traffic on your network by reserving bandwidth and giving priority to certain types of traffic and or to particular computers Remote Management This allows you to decide whether a service HTTPS or FTP traffic for example from a computer on a network LAN or WAN for example can access the ZyXEL Device PPPoE Support RFC2516 PPPoE Point to Point Protocol over Ethernet...

Страница 322: ...ndshake Amendment 1 11 07 Amendment 2 4 08 Supported Transport Protocol Specific Transmission Convergence TPS TC functions PTM via 64 65b encapsulation method defined in IEEE 802 3ah 2004 HDLC encapsulation for pre VDSL2 standard interoperability Impulse Noise Protection INP up to 16 symbols SNR target met delay maximized The maximum allowable delay will be 16 ms for down and 16ms for up Support f...

Страница 323: ...r specific information as specified in 1TR112 and ITU T G 994 1 G hs ADSL ITU T G 992 2 G lite ADSL2 ITU T G 992 3 G dmt bis Annex A RE ADSL2 ITU T G 992 3 G dmt bis Annex L ADSL2 ITU T G 992 4 G lite bis Annex A ADSL2 ITU T G 992 5 Annex A Support Multi Mode Standard ANSI T1 413 Issue 2 G dmt ITU T G 992 1 ADSL2 ITU T G 992 3 ADSL2 ITU T G 992 5 Dual Latency support Other Protocol Support PPP Poi...

Страница 324: ...mmittee IEEE 802 IEEE 802 11b Uses the 2 4 gigahertz GHz band IEEE 802 11g Uses the 2 4 gigahertz GHz band IEEE 802 11d Standard for Local and Metropolitan Area Networks Media Access Control MAC Bridges IEEE 802 11x Port Based Network Access Control IEEE 802 11e QoS IEEE 802 11 e Wireless LAN for Quality of Service ANSI T1 413 Issue 2 Asymmetric Digital Subscriber Line ADSL standard G dmt G 992 1 ...

Страница 325: ...se TCP IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of usin...

Страница 326: ...tion Installing Components The Network window Configuration tab displays a list of installed components You need a network adapter the TCP IP protocol and Client for Microsoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window ...

Страница 327: ...lect Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer so the changes you made take effect Configuring 1 In the Network window Configuration tab select your network adapter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address selec...

Страница 328: ...b If you do not know your gateway s IP address remove previously installed gateways If you have a gateway IP address type it in the New gateway field and click Add 5 Click OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyXEL Device and restart your computer when prompted Verifying Settings 1 Click Start and ...

Страница 329: ... The following example figures use the default Windows XP GUI theme 1 Click start Start in Windows 2000 NT Settings Control Panel Figure 154 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 155 Windows XP Control Panel ...

Страница 330: ...and then click Properties Figure 156 Windows XP Control Panel Network Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties Figure 157 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP ...

Страница 331: ...Do one or more of the following if you want to configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP ...

Страница 332: ...Properties 7 In the Internet Protocol TCP IP Properties window the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields ...

Страница 333: ...se the Local Area Connection Properties window 10 Close the Network Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right cli...

Страница 334: ...s User s Guide 334 1 Click the Start icon Control Panel Figure 161 Windows Vista Start Menu 2 In the Control Panel double click Network and Internet Figure 162 Windows Vista Control Panel 3 Click Network and Sharing Center Figure 163 Windows Vista Network And Internet ...

Страница 335: ...ork connections Figure 164 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then click Properties Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue Figure 165 Windows Vista Network and Sharing Center ...

Страница 336: ...ies Figure 166 Windows Vista Local Area Connection Properties 7 The Internet Protocol Version 4 TCP IPv4 Properties window opens the General tab If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP address and fill in the IP address Subnet mask and Default gateway fields ...

Страница 337: ...ngs tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a...

Страница 338: ...IP Properties 9 In the Internet Protocol Version 4 TCP IPv4 Properties window the General tab Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields ...

Страница 339: ...net Protocol Version 4 TCP IPv4 Properties window 11 Click Close to close the Local Area Connection Properties window 12 Close the Network Connections window 13 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network C...

Страница 340: ...g up Your Computer s IP Address VSG1435 B101 Series User s Guide 340 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 170 Macintosh OS 8 9 Apple Menu ...

Страница 341: ...y assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyXEL Device in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your ZyXEL Device and restart your computer if prompted Verifyi...

Страница 342: ...e System Preferences window Figure 172 Macintosh OS X Apple Menu 2 Click Network in the icon bar Select Automatic from the Location list Select Built in Ethernet from the Show list Click the TCP IP tab 3 For dynamically assigned settings select Using DHCP from the Configure list Figure 173 Macintosh OS X Network 4 For statically assigned settings do the following ...

Страница 343: ...ing Settings Check your TCP IP properties in the Network window Linux This section shows you how to configure your computer s TCP IP settings in Red Hat Linux 9 0 Procedure screens and file location may vary depending on your Linux distribution and release version Note Make sure you are logged in as the root administrator Using the K Desktop Environment KDE Follow the steps below to configure your...

Страница 344: ... obtain IP address settings with and select dhcp from the drop down list If you have a static IP address click Statically set IP Addresses and fill in the Address Subnet mask and Default Gateway Address fields 3 Click OK to save the changes and close the Ethernet Device General screen 4 If you know your DNS server IP address es click the DNS tab in the Network Configuration screen Enter the DNS se...

Страница 345: ... screen Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address 1 Assuming that you have only one network card on the computer locate the ifconfig eth0 configuration file where eth0 is the name of the Ethernet card Open the configuration file with any plain text editor If you have a dynamic IP address enter dhcp in the BOOTPROTO fie...

Страница 346: ... file in the etc directory The following figure shows an example where two DNS server IP addresses are specified Figure 180 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configuration files you must restart the network card Enter network restart in the etc rc d init d directory The following figure shows an example Figure 181 Red Hat 9 0 Restart Ethernet Card DEVICE eth0 ON...

Страница 347: ...ties root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717 errors 0 dropped 0 overruns 0 frame 0 TX packets 13 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 100 RX bytes 730412 713 2 Kb TX bytes 1570 1 5 Kb Interrupt 10 Base address 0x...

Страница 348: ...Appendix A Setting up Your Computer s IP Address VSG1435 B101 Series User s Guide 348 ...

Страница 349: ...number and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on...

Страница 350: ...he host ID using a logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold ...

Страница 351: ...rk number bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address with host IDs of all ones is the broadcast address for that network 192 168 1 255 with a 24 bit subnet mask for example As these two IP addresses cannot be used for individual hosts calculate the ma...

Страница 352: ...tting You can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the company network for security reasons In this example the company network address is 192 168 1 0 The first three octets of the address 192 168 1 are the network number and the remaining octet is the...

Страница 353: ...ne of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following figure shows the company network after subnetting There are now two sub networks A and B Figure 185 Subnetting Example After Subn...

Страница 354: ... subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 26 2 or 62 hosts for each subnet a host ID of all zeroes is the subnet itself all ones is the subnet s broadcast address Table 119 Subnet 1 IP SUBNET MASK NETWORK NUMBER LAST OCTE...

Страница 355: ...Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 122 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 192 IP Address Binary 11000000 10101000 00000001 11000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address ...

Страница 356: ...UBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 125 16 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382 3 255 255 224 0 19 8 ...

Страница 357: ...hat you entered You don t need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigned Nu...

Страница 358: ...Appendix B IP Addresses and Subnetting VSG1435 B101 Series User s Guide 358 ...

Страница 359: ...ternet Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up B...

Страница 360: ...box in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 187 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab ...

Страница 361: ...5 B101 Series User s Guide 361 2 Select Settings to open the Pop up Blocker Settings screen Figure 188 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 ...

Страница 362: ...lick Add to move the IP address to the list of Allowed sites Figure 189 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScripts are allowed ...

Страница 363: ... Explorer click Tools Internet Options and then the Security tab Figure 190 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default ...

Страница 364: ... Click OK to close the window Figure 191 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected ...

Страница 365: ...s VSG1435 B101 Series User s Guide 365 5 Click OK to close the window Figure 192 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected ...

Страница 366: ...Click OK to close the window Figure 193 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Click Tools then click Options in the screen that appears Figure 194 Mozilla Firefox Tools Options ...

Страница 367: ...p Windows JavaScripts and Java Permissions VSG1435 B101 Series User s Guide 367 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 195 Mozilla Firefox Content Security ...

Страница 368: ...Appendix C Pop up Windows JavaScripts and Java Permissions VSG1435 B101 Series User s Guide 368 ...

Страница 369: ...ependent network which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 196 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a ...

Страница 370: ... Extended Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless netwo...

Страница 371: ...hould use a channel different from an adjacent AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For exa...

Страница 372: ...ion that wants to transmit this frame must first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer their transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than t...

Страница 373: ...ully compatible with the IEEE 802 11b standard This means an IEEE 802 11b adapter can interface directly with an IEEE 802 11g access point and vice versa at 11 Mbps or lower depending on range IEEE 802 11g has several intermediate rate steps between the maximum and minimum data rates The IEEE 802 11g data rate and modulation are as follows Wireless Security Overview Wireless security is vital to y...

Страница 374: ...Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients RADIUS RADIUS is based on a client server model that supports...

Страница 375: ...rver requesting more information in order to allow access The access point sends a proper response from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by the RADIUS server to indica...

Страница 376: ...to get the plaintext passwords the passwords must be stored Thus someone other than the authentication server may access the password file In addition it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication Finally MD5 authentication method does not support data encryption with dynamic session key You must configure WEP encryption ...

Страница 377: ... key is generated each time reauthentication is performed If this feature is enabled it is not necessary to configure a default encryption key in the wireless security configuration screen You may still configure and store keys but they will not be used while dynamic WEP is enabled Note EAP MD5 cannot be used with Dynamic WEP Key Exchange For added security certificate based authentications EAP TL...

Страница 378: ... than WPA or WPA2 Encryption WPA improves data encryption by using Temporal Key Integrity Protocol TKIP Message Integrity Check MIC and IEEE 802 1x WPA2 also uses TKIP when required for compatibility reasons but offers stronger encryption than TKIP with Advanced Encryption Standard AES in the Counter mode with Cipher block chaining Message authentication code Protocol CCMP TKIP uses 128 bit keys t...

Страница 379: ...temporal encryption keys This prevent all wireless devices sharing the same encryption keys a weakness of WEP User Authentication WPA and WPA2 apply IEEE 802 1x and Extensible Authentication Protocol EAP to authenticate wireless clients using an external RADIUS database WPA2 reduces the number of key exchange messages from six to four CCMP 4 way handshake and shortens the time required to connect ...

Страница 380: ...ecks the user s identification against its database and grants or denies network access accordingly 3 A 256 bit Pairwise Master Key PMK is derived from the authentication process by the RADIUS server and the client 4 The RADIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys The keys ar...

Страница 381: ...nged between them Figure 201 WPA 2 PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 129 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL E...

Страница 382: ...red in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an indoor site each 1 dB increase in antenna gain results in a range increase of approximately 2 5 For an unobstructed outdoor site each 1dB increase in gain results in a range increase of approximately 5 Actual results may vary depending on the ...

Страница 383: ...overage pattern Angles typically range from 20 degrees very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to point application position both antennas at the same height and in a direct line of ...

Страница 384: ...Appendix D Wireless LANs VSG1435 B101 Series User s Guide 384 ...

Страница 385: ...e type of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanat...

Страница 386: ...Internet related command that can be used to find out if a user is logged on FTP TCP TCP 20 21 File Transfer Protocol a program to enable fast transfer of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session of...

Страница 387: ...Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or other POP3S TCP 995 This is a more secure version of POP3 that runs over SSL PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_TUNNEL GRE User Defined 47 PPTP Point to Point Tunneling Protocol ena...

Страница 388: ...including mainframes midrange systems UNIX systems and network servers SSDP UDP 1900 The Simple Service Discovery Protocol supports Universal Plug and Play UPnP SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access C...

Страница 389: ...THRID PARTY S LICENSES OPEN SOURCED COMPONENTS THE OPEN SOURCED COMPONENTS ARE LISTED IN THE NOTICE OR APPENDIX BELOW ZYXEL MAY HAVE DISTRIBUTED TO YOU HARDWARE AND OR SOFTWARE OR MADE AVAILABLE FOR ELECTRONIC DOWNLOADS THESE FREE SOFTWARE PROGRAMS OF THRID PARTIES AND YOU ARE LICENSED TO FREELY COPY MODIFY AND REDISTIBUTE THAT SOFTWARE UNDER THE APPLICABLE LICENSE TERMS OF SUCH THIRD PARTY NONE O...

Страница 390: ...pledge as security or otherwise encumber the rights and licenses granted hereunder with respect to the Software ZyXEL is not obligated to provide any maintenance technical or other support for the resultant modified Software You may not copy reverse engineer decompile reverse compile translate adapt or disassemble the Software or any part thereof nor shall you attempt to create the source code fro...

Страница 391: ...NS CONTAINED IN THE SOFTWARE WILL MEET ANY REQUIREMENTS OR NEEDS YOU MAY HAVE OR THAT THE SOFTWARE WILL OPERATE ERROR FREE OR IN AN UNINTERUPTED FASHION OR THAT ANY DEFECTS OR ERRORS IN THE SOFTWARE WILL BE CORRECTED OR THAT THE SOFTWARE IS COMPATIBLE WITH ANY PARTICULAR PLATFORM SOME JURISDICTIONS DO NOT ALLOW THE WAIVER OR EXCLUSION OF IMPLIED WARRANTIES SO THEY MAY NOT APPLY TO YOU IF THIS EXCL...

Страница 392: ...ing or returning to ZyXEL all copies of the Software and Documentation in your possession or under your control ZyXEL may terminate this License Agreement for any reason including but not limited to if ZyXEL finds that you have violated any of the terms of this License Agreement Upon notification of termination you agree to destroy or return to ZyXEL all copies of the Software and Documentation an...

Страница 393: ...support zyxel com tw for a charge of no more than our cost of physically performing source code distribution a complete machine readable copy of the complete corresponding source code for the version of the Programs that we distributed to you if we are in possession of such Notice Information herein is subject to change without notice Companies names and data used in examples herein are fictitious...

Страница 394: ...nyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have You must make sure that they too receive or can get the source c...

Страница 395: ...ty keep intact all the notices that refer to this License and to the absence of any warranty and give any other recipients of the Program a copy of this License along with the Program You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify your copy or copies of the Program or any portion of it thu...

Страница 396: ... of Sections 1 and 2 above on a medium customarily used for software interchange or b Accompany it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium custom...

Страница 397: ...imposed on you whether by court order agreement or otherwise that contradict the conditions of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Program at all For example if a patent license would no...

Страница 398: ...oftware Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMITTED BY APP...

Страница 399: ...yle notice and some are under the GPL This Product includes Ssh server dropbear software under MIT style license The MIT License Copyright c year copyright holders Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy ...

Страница 400: ... this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of the ORGANIZATION nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRES...

Страница 401: ...y arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark ...

Страница 402: ...device off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and the receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for hel...

Страница 403: ...n materials or workmanship for a period of up to two years from the date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent it shall deem necessary...

Страница 404: ... returned products without proof of purchase or those with an out dated warranty will be repaired or replaced at the discretion of ZyXEL and the customer will be billed for parts and labor All repaired or replaced products will be shipped by ZyXEL to the corresponding return address Postage Paid This warranty gives you specific legal rights and you may also have other rights that vary from country...

Страница 405: ...tion 117 119 RADIUS server 119 Auto Configuration Server see ACS 291 B backup configuration 305 Basic Service Set See BSS 369 Basic Service Set see BSS blinking LEDs 31 broadcast 80 BSS 121 369 example 122 C CA 237 376 Canonical Format Indicator See CFI CBR 93 certificate details 243 factory default 238 Certificate Authority See CA certificates 237 authentication 237 CA creating 239 importing 241 ...

Страница 406: ...4 Domain Name System see DNS DoS 220 DS field 171 DS dee differentiated services DSCP 171 dynamic DNS 198 wildcard 198 Dynamic Host Configuration Protocol see DHCP dynamic WEP key exchange 377 DYNDNS wildcard 198 E EAP Authentication 375 ECHO 194 e mail log example 301 encapsulation 79 262 PPPoA 90 PPPoE 90 encryption 120 378 ESP 261 ESS 370 Extended Service Set IDentification 98 106 Extended Serv...

Страница 407: ...see ILA interface group 215 Internet wizard setup 43 Internet access 24 wizard setup 43 Internet Group Multicast Protocol see IGMP Internet Key Exchange 263 Internet Protocol Security see IPSec IP address 80 91 132 148 ping 309 private 149 IP alias NAT applications 194 IP multicasting 323 IP Sec 249 IPSec 249 algorithms 261 architecture 261 NAT 264 see also VPN L LAN 131 client list 136 DHCP 132 1...

Страница 408: ...midity 320 operation temperature 319 outside header 262 P Pairwise Master Key PMK 378 381 passwords 35 36 PBC 124 PCR 92 Per Hop Behavior see PHB 171 PHB 171 PIN WPS 125 example 126 Ping of Death 220 Point to Point Protocol over Ethernet 82 Point to Point Tunneling Protocol 195 POP3 194 port forwarding 180 ports 31 power adaptor 324 power specifications 319 PPP Point to Point Protocol Link Layer P...

Страница 409: ...y Log 275 Security Parameter Index 257 Security Parameter Index see SPI service access control 269 Service Set 98 106 Services 194 setup firewalls 221 static route 153 200 289 shaping traffic 92 Single Rate Three Color Marker see srTCM SIP ALG 190 activation 190 SMTP 194 SNMP 194 323 SNMP trap 195 SPI 220 257 srTCM 173 SSID 118 activation 105 MBSSID 122 static route 151 configuration 153 200 289 e...

Страница 410: ...tions 133 example 138 installation 138 NAT traversal 132 USB features 27 V VBR 93 VBR nRT 93 VBR RT 93 VCI 91 VDSL 322 band plans 322 HDLC 322 INP 322 MCM 322 profiles 322 SNR 322 SNRM 322 SRA 322 tone spacing 322 TPS TC 322 US0 types 322 VID Virtual Local Area Network See VLAN Virtual Private Network see VPN VLAN 93 Introduction 93 number of possible VIDs priority frame static VLAN ID 94 VLAN Ide...

Страница 411: ...d 114 117 security 118 SSID 118 activation 105 status 76 WDS 111 123 compatibility 111 example 123 WEP 120 WPA 120 WPA PSK 120 WPS 124 126 example 128 limitations 129 PIN 125 push button 33 124 wireless security 373 Wireless tutorial 52 wizard setup Internet 43 WLAN interference 371 security parameters 381 WPA 120 378 key caching 379 pre authentication 379 user authentication 379 vs WPA PSK 379 wi...

Страница 412: ...Index VSG1435 B101 Series User s Guide 412 ...

Отзывы:

Нет отзывов

Похожие инструкции для VSG1435-B101 - V1.10

EU5C-SWD-ETHERCAT

Бренд: hilscher Страницы: 98

Бренд: Nitgen Страницы: 66

Korenix JetWave 2310 Series

Бренд: Beijer Electronics Страницы: 2

Бренд: ioSelect Страницы: 160

Бренд: Aaeon Страницы: 26

Бренд: Acer Страницы: 113

Бренд: D-Link Страницы: 86

Бренд: TANDBERG Страницы: 54

Бренд: SmartRG Страницы: 122

Бренд: Zoom Страницы: 54

Бренд: Zoom Страницы: 87

HomePortal 3801HGV

Бренд: 2Wire Страницы: 128

Бренд: Hitron Страницы: 2

Бренд: Sollae Systems Страницы: 29

Бренд: ZyXEL Communications Страницы: 10

Asycube CC-Link Gateway

Бренд: Asyril Страницы: 21

HomeConnect 3CRWE50194

Бренд: 3Com Страницы: 2

Бренд: RTA Страницы: 69

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды