background image

ZyAIR G-2000 Plus User’s Guide

123

Chapter 8 Internal RADIUS Server

Содержание ZyAIR G-2000 Plus

Страница 1: ...ZyAIR G 2000 Plus 802 11g Wireless 4 port Router User s Guide Version 3 60 12 2004...

Страница 2: ......

Страница 3: ...ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it...

Страница 4: ...in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by t...

Страница 5: ...express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind...

Страница 6: ...s zyxel com GERMANY support zyxel de 49 2405 6909 0 www zyxel de ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germany sales zyxel de 49 2405 6909 99 FRANCE info zyxel fr 33 0 4 72 52 97...

Страница 7: ...ZyAIR G 2000 Plus User s Guide Customer Support 6 a is the prefix number you enter to make an international telephone call...

Страница 8: ...ZyAIR G 2000 Plus User s Guide 7 Customer Support...

Страница 9: ...36 1 2 1 4 10 100 Mbps Ethernet WAN 37 1 2 1 5 Reset Button 37 1 2 1 6 ZyAIR LED 37 1 2 2 Firmware Features 37 1 2 2 1 Internal RADIUS Server 37 1 2 2 2 Wi Fi Protected Access 37 1 2 2 3 802 11b Wirel...

Страница 10: ...2 2 31 Wireless LAN Channel Usage 42 1 3 Applications for the ZyAIR 42 1 3 1 Internet Access Application 42 Chapter 2 Introducing the Web Configurator 44 2 1 Web Configurator Overview 44 2 2 Accessin...

Страница 11: ...Time Setting 68 Chapter 5 LAN Screens 70 5 1 LAN Overview 70 5 2 DHCP Setup 70 5 2 1 IP Pool Setup 70 5 2 2 System DNS Servers 70 5 3 LAN TCP IP 70 5 3 1 Factory LAN Defaults 70 5 3 2 IP Address and...

Страница 12: ...troduction to RADIUS 100 7 9 1 Types of RADIUS Messages 100 7 9 1 1 Access Challenge 100 7 9 1 2 Accounting Request 101 7 9 1 3 Accounting Response 101 7 9 1 4 EAP Authentication Overview 101 7 10 Con...

Страница 13: ...0 3 1 Default Server IP Address 141 10 3 2 Port Forwarding Services and Port Numbers 141 10 3 3 Configuring Servers Behind SUA Example 142 10 4 Configuring SUA Server 143 10 5 Configuring Address Mapp...

Страница 14: ...nP in Windows Me 171 13 4 2 Installing UPnP in Windows XP 172 13 5 Using UPnP in Windows XP Example 173 13 5 1 Auto discover Your UPnP enabled Network Device 174 13 5 2 Web Configurator Easy Access 17...

Страница 15: ...4 15 3 3 Key Fields For Configuring Rules 194 15 3 3 1 Action 194 15 3 3 2 Service 194 15 3 3 3 Source Address 194 15 3 3 4 Destination Address 194 15 4 Connection Direction Examples 195 15 4 1 LAN to...

Страница 16: ...36 Chapter 19 Maintenance 240 19 1 Maintenance Overview 240 19 2 System Status Screen 240 19 2 1 System Statistics 242 19 3 DHCP Table Screen 242 19 4 Association List 243 19 5 F W Upload Screen 244 1...

Страница 17: ...Alias Setup 267 23 4 Wireless LAN Setup 268 23 4 1 Configuring MAC Address Filter 270 Chapter 24 Internet Access 274 24 1 Introduction to Internet Access Setup 274 24 2 Ethernet Encapsulation 274 24...

Страница 18: ...Example 2 Internet Access with an Inside Server 303 28 5 3 Example 3 Multiple Public IP Addresses With Inside Servers 304 28 5 4 Example 4 NAT Unfriendly Application Programs 308 28 6 Configuring Trig...

Страница 19: ...2 System Information 340 33 2 1 System Information 340 33 2 2 Console Port Speed 341 33 3 Log and Trace 341 33 3 1 Viewing Error Log 341 33 3 2 UNIX Syslog 342 33 3 2 1 CDR 343 33 3 2 2 Packet trigger...

Страница 20: ...5 Example TFTP Command 360 Chapter 35 System Maintenance and Information 362 35 1 Command Interpreter Mode 362 35 2 Call Control Support 363 35 2 1 Budget Management 364 35 2 2 Call History 364 35 3...

Страница 21: ...etting 396 Appendix F Command Interpreter 404 Appendix G Log Descriptions 406 Appendix H Wireless LAN and IEEE 802 11 410 Appendix I Wireless LAN With IEEE 802 1x 414 Appendix J Types of EAP Authentic...

Страница 22: ...ZyAIR G 2000 Plus User s Guide 21 Table of Contents...

Страница 23: ...Figure 12 Wizard 5 WAN Setup 61 Figure 13 Wizard Finish 63 Figure 14 System General Setup 64 Figure 15 DDNS 66 Figure 16 Password 67 Figure 17 Time Setting 68 Figure 18 LAN IP 73 Figure 19 Static DHC...

Страница 24: ...gure 55 NAT Application With IP Alias 139 Figure 56 Multiple Servers Behind NAT Example 143 Figure 57 SUA NAT Setup 144 Figure 58 Address Mapping 146 Figure 59 Address Mapping Edit 147 Figure 60 Trigg...

Страница 25: ...99 Log Settings 234 Figure 100 Reports 237 Figure 101 System Status 241 Figure 102 System Status Show Statistics 242 Figure 103 Maintenance DHCP Table 243 Figure 104 Association List 244 Figure 105 F...

Страница 26: ...capsulation 288 Figure 141 Menu 11 5 Remote Node Filter PPPoE and PPTP Encapsulation 288 Figure 142 Menu 12 IP Static Route Setup 290 Figure 143 Menu12 1 Edit IP Static Route 291 Figure 144 Menu 14 Di...

Страница 27: ...ystem Security RADIUS Server 333 Figure 187 Menu 23 System Security 334 Figure 188 Menu 23 4 System Security IEEE802 1x 335 Figure 189 Menu 24 System Maintenance 338 Figure 190 Menu 24 1 System Mainte...

Страница 28: ...nu 384 Figure 221 Windows XP Control Panel 384 Figure 222 Windows XP Control Panel Network Connections Properties 385 Figure 223 Windows XP Local Area Connection Properties 385 Figure 224 Windows XP A...

Страница 29: ...le 12 Wizard 5 WAN Setup 61 Table 13 System General Setup 64 Table 14 DDNS 66 Table 15 Password 67 Table 16 Time Setting 68 Table 17 LAN IP 73 Table 18 Static DHCP 76 Table 19 IP Alias 77 Table 20 Wir...

Страница 30: ...MP 164 Table 55 Remote Management DNS 165 Table 56 Security 167 Table 57 Configuring UPnP 170 Table 58 Common IP Ports 180 Table 59 ICMP Commands That Trigger Alerts 184 Table 60 Default Rule 197 Tabl...

Страница 31: ...tic Route 291 Table 100 Menu 14 1 Edit Dial in User 293 Table 101 Applying NAT in Menus 4 11 3 296 Table 102 SUA Address Mapping Rules 298 Table 103 Menu 15 1 1 First Set 299 Table 104 Menu 15 1 1 1 E...

Страница 32: ...135 Natural Masks 397 Table 136 Alternative Subnet Mask Notation 398 Table 137 Two Subnets Example 398 Table 138 Subnet 1 399 Table 139 Subnet 2 399 Table 140 Subnet 1 400 Table 141 Subnet 2 400 Table...

Страница 33: ...ot configurable by web configurator Related Documentation Supporting Disk Refer to the included CD for support documents Compact Guide The Quick Start Guide is designed to help you get up and running...

Страница 34: ...enu titles and labels are in Bold Times New Roman font Predefined field choices are in Bold Arial font Command and arrow keys are enclosed in square brackets ENTER means the Enter or carriage return k...

Страница 35: ...ZyAIR G 2000 Plus User s Guide Preface 34 Graphics Icons Key ZyAIR Computer Notebook computer Server DSLAM Firewall Modem Switch Router Wireless Signal...

Страница 36: ...ZyAIR G 2000 Plus User s Guide 35 Preface...

Страница 37: ...or and SNMP network management enables remote configuration and management of your ZyAIR 1 2 ZyAIR Features The following sections describe the features of the ZyAIR 1 2 1 Physical Features 1 2 1 1 4...

Страница 38: ...data is being transmitted received 1 2 2 Firmware Features 1 2 2 1 Internal RADIUS Server The ZyAIR has a built in RADIUS server that can authenticate wireless clients or other AP s in other wireless...

Страница 39: ...sed on public private key pairs Certificates provide a way to exchange public keys for use in authentication 1 2 2 7 Limit the number of Client Connections You may set a maximum number of wireless sta...

Страница 40: ...r denied MAC addresses 1 2 2 12 WEP Encryption WEP Wired Equivalent Privacy encrypts data frames before transmitting over the wireless network to help keep network communications private 1 2 2 13 IEEE...

Страница 41: ...twork Address Translation NAT RFC 1631 allows the translations of multiple IP addresses used within one network to different IP addresses known within another network 1 2 2 19 Traffic Redirect Traffic...

Страница 42: ...work administrator 1 2 2 25 SNMP SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices SNMP is a member of the TCP IP protocol suite...

Страница 43: ...2 2 31 Wireless LAN Channel Usage The Wireless Channel Usage screen displays whether the radio channels are used by other wireless devices within the transmission range of the ZyAIR This allows you t...

Страница 44: ...ZyAIR G 2000 Plus User s Guide 43 Chapter 1 Getting to Know Your ZyAIR...

Страница 45: ...24 by 768 pixels The screens you see in the web configurator may vary somewhat from the ones shown in this document due to differences between individual firmware versions 2 2 Accessing the ZyAIR Web...

Страница 46: ...te a certificate using your ZyAIR s MAC address that will be specific to this device Figure 3 Replace Certificate Screen You should now see the MAIN MENU screen Note The management session automatical...

Страница 47: ...seconds or until the SYS LED LINK LED or BRI RPT LED turns red and then release it If the SYS LED begins to blink the defaults have been restored and the ZyAIR restarts Otherwise go to step 2 2 Turn t...

Страница 48: ...Time Setting LAN DHCP and TCP IP Setup WLAN WLAN and WLAN Security Setup WAN SUA NAT STATIC ROUTE Route Entry FIREWALL Settings Filter and Services Internal RADIUS Server Settings Trusted AP and Trus...

Страница 49: ...from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at...

Страница 50: ...ment over WEP as it employs an easier to use consistent single alphanumeric password Therefore if you don t have an external RADIUS server you should use WPA PSK WPA Pre Shared Key that only requires...

Страница 51: ...the System Name In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name...

Страница 52: ...drop down list box Open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer to peer wireless network Security The level of Security can be selected...

Страница 53: ...WEP Encryption Select 64 bit WEP or 128 bit WEP to allow data encryption ASCII Select this option in order to enter ASCII characters as the WEP keys HEX Select this option to enter hexadecimal charac...

Страница 54: ...re Ethernet PPP over Ethernet or PPTP 3 5 1 Ethernet Choose Ethernet when the WAN port is used as a regular Ethernet Table 6 Wizard 3 Wireless LAN Setup Extend Security LABEL DESCRIPTION Pre Shared Ke...

Страница 55: ...elia Login The following fields are not applicable N A for the Standard service type User Name Type the user name given to you by your ISP Password Type the password associated with the user name abov...

Страница 56: ...ing software can activate and therefore requires no new learning or procedures for Windows users One of the benefits of PPPoE is the ability to let end users access one of multiple network services a...

Страница 57: ...ION ISP Parameter for Internet Access Encapsulation Choose PPP over Ethernet from the pull down list box PPPoE forms a dial up connection Service Name Type the name of your service provider User Name...

Страница 58: ...ver connection at any given time Table 9 Wizard 4 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Select PPTP from the drop down list box User Name Type the user...

Страница 59: ...hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses My IP Address Type the static IP address assigned to you by your ISP M...

Страница 60: ...t is easy to remember for instance 192 168 1 1 for your ZyAIR but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP...

Страница 61: ...hange the setting or upload a different rom file The fifth wizard screen varies according to the type of encapsulation that you select in the third wizard screen Note ZyXEL recommends you clone the MA...

Страница 62: ...WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address My WAN IP Subnet Mask Enter a Subnet Mask appropriate to your network a Gateway IP Address Enter the Gatewa...

Страница 63: ...ring VPN DDNS and the time server WAN MAC Address The MAC address field allows you to configure the WAN port s MAC Address by either using the factory default or cloning the MAC address from a compute...

Страница 64: ...ZyAIR G 2000 Plus User s Guide 63 Chapter 3 Wizard Setup Figure 13 Wizard Finish Well done You have successfully set up the ZyAIR A congratulations screen displays some information...

Страница 65: ...gure 14 System General Setup The following table describes the labels in this screen Table 13 System General Setup LABEL DESCRIPTION General Setup System Name Type a descriptive name to identify the Z...

Страница 66: ...configurator or SMT can be left idle before the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle timeouts may have security ris...

Страница 67: ...the type of service that you are registered for from your Dynamic DNS service provider Host Names 1 3 Enter the host names in the three fields provided You can specify up to two host names in each fie...

Страница 68: ...omatically by the DDNS server It is recommended that you select this option Use specified IP Address Select this option to update the IP address of the host name s to the IP address specified below Us...

Страница 69: ...all protocols so you may have to check with your ISP network administrator or use trial and error to find a protocol that works The main difference between them is the format Daytime RFC 867 format is...

Страница 70: ...y Time Zone Choose the time zone of your location This will set the time difference between your time zone and Greenwich Mean Time GMT Daylight Savings Select this option if you use daylight savings t...

Страница 71: ...rovides the TCP IP configuration for the clients If DHCP service is disabled you must have another DHCP server on your LAN or else the computer must be manually configured 5 2 1 IP Pool Setup The ZyAI...

Страница 72: ...P 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M send routing data in RIP 2 format the difference being that...

Страница 73: ...e in IGMP The address 224 0 0 2 is assigned to the multicast routers group The ZyAIR supports both IGMP version 1 IGMP v1 and IGMP version 2 IGMP v2 At start up the ZyAIR queries all directly connecte...

Страница 74: ...led and you must have another DHCP server on your LAN or else the computers must be manually configured When set as a server fill in the following four fields IP Pool Starting Address This field speci...

Страница 75: ...on with other routers The RIP Direction field controls the sending and receiving of RIP packets Select the RIP direction from Both In Only Out Only None When set to Both or Out Only the ZyAIR will bro...

Страница 76: ...settings click LAN then the Static DHCP tab The screen appears as shown Allow between LAN and WAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN I...

Страница 77: ...ysical Ethernet interface with the ZyAIR itself as the gateway for each LAN network To change your ZyAIR s IP Alias settings click LAN then the IP Alias tab The screen appears as shown Table 18 Static...

Страница 78: ...oth or In Only it will incorporate the RIP information that it receives when set to None it will not send any RIP packets and will ignore any RIP packets received RIP Version The RIP Version field con...

Страница 79: ...s 6 1 1 IBSS An Independent Basic Service Set IBSS also called an Ad hoc network is the simplest WLAN configuration An IBSS is defined as two or more computers with wireless adapters within range of e...

Страница 80: ...l access the wired network but cannot communicate with each other Figure 22 Basic Service set 6 1 3 ESS An Extended Service Set ESS consists of a series of overlapping BSSs each containing an access p...

Страница 81: ...nels 6 2 1 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range of each other The following figure illustrates a hidden node Both stations...

Страница 82: ...transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP wit...

Страница 83: ...viously you set then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size 6 3 Configuring Wireless Click the WIRELESS l...

Страница 84: ...WEP settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match the ZyAIR s new settings Hide ESSID Select this...

Страница 85: ...place to place it is responsible for choosing the most appropriate access point depending on the signal strength network utilization or other factors The roaming feature on the access points allows th...

Страница 86: ...e met in order for wireless stations to roam between the coverage areas 1 All the access points must be on the same subnet and configured with the same ESSID 2 If IEEE 802 1x user authentication is en...

Страница 87: ...if you have two or more ZyAIRs on the same subnet Note All APs on the same subnet and the wireless stations must have the same ESSID to allow roaming Port Enter the port number to communicate roaming...

Страница 88: ...ZyAIR G 2000 Plus User s Guide 87 Chapter 6 Wireless Configuration and Roaming...

Страница 89: ...ble wireless security levels on your ZyAIR EAP Extensible Authentication Protocol is used for authentication and utilizes dynamic WEP key exchange It requires interaction with a RADIUS Remote Authenti...

Страница 90: ...ts wireless stations Clear the check box to turn this LED off even when the ZyAIR is on and data is being transmitted received Preamble Select a preamble type from the drop down list menu Choices are...

Страница 91: ...ovides a mechanism for encrypting data using encryption keys Both the AP and the wireless stations must use the same WEP key to encrypt and decrypt data Your ZyAIR allows you to configure up to four 6...

Страница 92: ...eless station must then use the AP s default WEP key to encrypt the challenge text and return it to the AP which attempts to decrypt the message using the AP s default WEP key If the decrypted message...

Страница 93: ...IR automatically generates a WEP key WEP Encryption Select 64 bit WEP or 128 bit WEP to enable data encryption Authentication Method This field is activated when you select 64 bit WEP or 128 bit WEP i...

Страница 94: ...II characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You must configure all four keys but only one key can be...

Страница 95: ...in which the receiver and the transmitter each compute and then compare the MIC If they do not match it is assumed that the data has been tampered with and the packet is dropped By generating unique...

Страница 96: ...ess Security Figure 32 WPA PSK Authentication 7 6 Configuring WPA PSK Authentication In order to configure and enable WPA PSK Authentication click the WIRELESS link under ADVANCED to display the Wirel...

Страница 97: ...0 seconds 30 minutes Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeout The ZyAIR automatically disconnects...

Страница 98: ...ess accordingly 3 The RADIUS server distributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the pair wise key to dynamically generate unique d...

Страница 99: ...Security 98 Figure 34 WPA with RADIUS Application Example 7 8 Configuring WPA Authentication In order to configure and enable WPA Authentication click the WIRELESS link under ADVANCED to display the...

Страница 100: ...nter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds 30 minutes Note If wireless station authentication is done using a RADIUS server the reauthentication timer o...

Страница 101: ...authentication Access Reject Sent by a RADIUS server rejecting access Access Accept Sent by a RADIUS server allowing access 7 9 1 1 Access Challenge Sent by a RADIUS server requesting more information...

Страница 102: ...n order to support multiple types of user authentication By using EAP to interact with an EAP compatible RADIUS server the access point helps a wireless station and a RADIUS server perform authenticat...

Страница 103: ...You can configure the ZyAIR to authenticate wireless clients using an external RADIUS server or have the ZyAIR itself act as a RADIUS server using the internal RADIUS server To specify a RADIUS serve...

Страница 104: ...s clients in other wireless networks External RADIUS Server Select the radio button to use an External RADIUS Server to authenticate the ZyAIR s wireless clients Authentication Server Server IP Addres...

Страница 105: ...in the Wireless screen Ensure that the wireless station s EAP type is configured to one of the following Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between...

Страница 106: ...nfiguring 802 1x and Dynamic WEP Key Exchange In order to configure and enable 802 1x and Dynamic WEP Key Exchange click the WIRELESS link under ADVANCED to display the Wireless screen Select 802 1x D...

Страница 107: ...tes Note If wireless station authentication is done using a RADIUS server the reauthentication timer on the RADIUS server has priority Idle Timeout The ZyAIR automatically disconnects a wireless stati...

Страница 108: ...ble 802 1x and Static WEP Key Exchange click the WIRELESS link under ADVANCED to display the Wireless screen Select 802 1x Static WEP from the Security list Apply Click Apply to save your changes back...

Страница 109: ...following table describes the labels in this screen Table 29 Wireless 802 1x and Static WEP LABEL DESCRIPTION Passphrase Enter a Passphrase up to 32 printable characters and click Generate The ZyAIR...

Страница 110: ...in before access to the wired network is allowed The default time interval is 3600 seconds or 1 hour Authentication Databases The authentication database contains wireless station login information Th...

Страница 111: ...er s Guide Chapter 7 Wireless Security 110 7 15 Configuring 802 1x In order to configure and enable 802 1x click the WIRELESS link under ADVANCED to display the Wireless screen Select 802 1x No WEP fr...

Страница 112: ...nnected Enter a time interval between 10 and 9999 seconds The default time interval is 1800 seconds 30 minutes Note If wireless station authentication is done using a RADIUS server the reauthenticatio...

Страница 113: ...sure you have set up the corresponding database correctly first Select Local User Database Only to have the ZyAIR just check the built in trusted user database on the ZyAIR for a wireless station s u...

Страница 114: ...Select Deny Association to block access to the ZyAIR MAC addresses not listed will be allowed to access the ZyAIR Select Allow Association to permit access to the ZyAIR MAC addresses not listed will b...

Страница 115: ...l RADIUS Overview The ZyAIR has a built in RADIUS server that can authenticate wireless clients or other AP s in other wireless networks The ZyAIR can function as an AP and as a RADIUS server at the s...

Страница 116: ...about the ZyAIR s certificate and to activate the internal RADIUS server on your ZyAIR Trusted AP Use the Trusted AP screen to configure which trusted AP s you can authenticate You can authenticate u...

Страница 117: ...with one that uses your ZyAIR s MAC address This can be done when you first log in to the ZyAIR or in the Advanced web configurator Certificates screen Refer to the My Certificates section in the Cer...

Страница 118: ...The factory default certificate is common to all ZyAIR s that use certificates You can replace the certificate when you log into the ZyAIR see the section Introducing the Web Configurator or you can...

Страница 119: ...same information as in the Subject field Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificat...

Страница 120: ...AP To configure trusted AP s on the ZyAIR s internal RADIUS click the AUTH SERVER link under ADVANCED and then the Trusted AP tab The screen appears as shown Figure 46 Trusted AP Screen The following...

Страница 121: ...ed between the trusted AP and the ZyAIR Note The first trusted AP fields are reserved for the ZyAIR They are grayed out and therefore cannot be configured The shared secret must be the same on the tru...

Страница 122: ...s name can be up to 31 alphanumeric characters long including spaces The login name on the wireless client s utility must be the same as this user name on so it can authenticate the RADIUS server usin...

Страница 123: ...Plus User s Guide Chapter 8 Internal RADIUS Server 122 Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh Table 35 Trusted Users LABEL...

Страница 124: ...ZyAIR G 2000 Plus User s Guide 123 Chapter 8 Internal RADIUS Server...

Страница 125: ...he Internet See the Wizard Setup chapter for more background information on most fields in the WAN screens Background information on WAN fields not included in the Wizard is described here 9 2 Configu...

Страница 126: ...capsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet Service Type Choose from Standard Telstra RoadRunner Telstra authenticat...

Страница 127: ...ba authentication method or Telia Login The following fields do not appear with the Standard service type User Name Type the user name given to you by your ISP Password Type the password associated wi...

Страница 128: ...ess one of multiple network services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE save...

Страница 129: ...PoE directly on the router rather than individual computers the computers on the LAN do not need PPPoE software installed since the router does that part of the task Further with NAT all of the LAN s...

Страница 130: ...twork protocol that enables secure transfer of data from a remote client to a private server creating a Virtual Private Network VPN using TCP IP based networks PPTP supports on demand multi protocol a...

Страница 131: ...orking over public networks such as the Internet The ZyAIR supports only one PPTP server connection at any given time To configure a PPTP client you must configure the User Name and Password fields fo...

Страница 132: ...ype of encapsulation you select If your ISP did not assign you a fixed IP address click Get automatically from ISP Default otherwise click Use fixed IP Address and enter the IP address in the field pr...

Страница 133: ...s the default selection Use fixed IP address Select this option If the ISP assigned a fixed IP address My WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address My...

Страница 134: ...rivate PPPoE and PPTP only This parameter determines if the ZyAIR will include the route to this remote node in its RIP broadcasts If set to Yes this route is kept private and not included in RIP broa...

Страница 135: ...sections 4 and 5 of RFC 2236 Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP broadcast packets that enable a computer to connect to and communicate wit...

Страница 136: ...s MAC address IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning Once it is successfully configured the address will be copied to the rom file ZyNOS configuration...

Страница 137: ...packet traverses a router For example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when t...

Страница 138: ...firewall protection With no servers defined your ZyAIR filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to R...

Страница 139: ...lation NAT 138 Figure 54 How NAT Works 10 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the ZyAIR can commu...

Страница 140: ...one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature the SUA Only option Many to Many Overload In Many to Many Overload mode the ZyAIR...

Страница 141: ...e in the WAN IP screen 10 3 SUA Server A SUA server set is a list of inside behind NAT on the LAN servers for example web or FTP that you can make visible to the outside world even though SUA makes yo...

Страница 142: ...ervers for example web or FTP that you can make accessible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world Use the SUA Server page...

Страница 143: ...e example port 80 to another B in the example and assign a default server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address...

Страница 144: ...Behind NAT Example 10 4 Configuring SUA Server Click SUA NAT to open the SUA Server screen Refer tosee Figure 43for port numbers commonly used for particular services Note If you do not assign a Defau...

Страница 145: ...ddress the ZyAIR discards all packets received for ports that are not specified in this screen or remote management Number of an individual SUA server entry Active Select this check box to enable the...

Страница 146: ...gured rule will be pushed up by that number of empty rules For example if you have already configured rules 1 to 6 in your current set and now you configure rule number 9 In the set summary screen the...

Страница 147: ...This refers to the Inside Global IP Address IGA 0 0 0 0 is for a dynamic IP address from your ISP with Many to One and Server mapping types Global End IP This is the end Inside Global Address IGA This...

Страница 148: ...following 1 One to One One to one mode maps one local IP address to one global IP address Note that port numbers do not change for One to one NAT mapping type 2 Many to One Many to One mode maps mult...

Страница 149: ...s a response with a specific port number and protocol incoming port the ZyAIR forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that...

Страница 150: ...ly Jane can connect to the Real Audio server until the connection is closed or times out The ZyAIR times out in three minutes with UDP User Datagram Protocol or two hours with TCP IP Transfer Control...

Страница 151: ...fic with this port or range of ports to the client computer on the LAN that requested the service Start Port Type a port number or the starting port number in a range of port numbers End Port Type a p...

Страница 152: ...ZyAIR G 2000 Plus User s Guide 151 Chapter 10 Single User Account SUA Network Address Translation NAT...

Страница 153: ...of the networks beyond For instance the ZyAIR knows about network N2 in the following figure through remote node router R1 However the ZyAIR is unable to route a packet to network N3 because it doesn...

Страница 154: ...e is active Yes or not No Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gateway T...

Страница 155: ...s an immediate neighbor of your ZyAIR that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyAIR over the WAN the gateway must be the IP...

Страница 156: ...ZyAIR G 2000 Plus User s Guide 155 Chapter 11 Static Route Screens...

Страница 157: ...unning at a time The ZyAIR automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts The priorities for the different typ...

Страница 158: ...management session running at one time 5 There is a firewall rule that blocks it 12 1 2 Remote Management and NAT When NAT is enabled Use the ZyAIR s WAN IP address when configuring from the WAN Use...

Страница 159: ...needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access the ZyAIR using this servi...

Страница 160: ...n Figure 67 Remote Management Telnet The following table describes the labels in this screen Table 51 Remote Management Telnet LABEL DESCRIPTION Server Port You may change the server port number for a...

Страница 161: ...puter that is allowed to communicate with the ZyAIR using this service Select All to allow any computer to access the ZyAIR using this service Choose Selected to just allow the computer with the IP ad...

Страница 162: ...only available if TCP IP is configured Figure 69 SNMP Management Model An SNMP managed network consists of two main types of component agents and a manager Secured Client IP Address A secured client i...

Страница 163: ...trieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of...

Страница 164: ...tab The screen appears as shown 6a For intentional reboot A trap is sent with the message System reboot by user if reboot is done intentionally for example download new files CI command sys reboot et...

Страница 165: ...quests from the management station The default is public and allows all requests Trusted Host If you enter a trusted host your ZyAIR will only respond to SNMP messages from this address A blank defaul...

Страница 166: ...his service Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the ZyAIR using this service Select All to allow any computer to access the ZyAIR using...

Страница 167: ...g which prevents the ICMP response packet from being sent This keeps outsiders from discovering your ZyAIR when unsupported ports are probed Secured Client IP Address A secured client is a trusted com...

Страница 168: ...vent hackers from finding the ZyAIR by probing for unused ports If you select this option the ZyAIR will not respond to port request s for unused ports thus leaving the unused ports and the ZyAIR unse...

Страница 169: ...g the icon of a UPnP device will allow you to access the information and properties of that device 13 1 2 NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate t...

Страница 170: ...P Implementers Corp UIC ZyXEL s UPnP implementation supports IGD 1 0 Internet Gateway Device At the time of writing ZyXEL s UPnP implementation supports Windows Messenger 4 6 and 4 7 while Windows Mes...

Страница 171: ...users to make configuration changes through UPnP Select this check box to allow UPnP enabled applications to automatically configure the ZyAIR so that they can communicate through the ZyAIR for examp...

Страница 172: ...anel Double click Add Remove Programs 2 Click on the Windows Setup tab and select Communication in the Components selection box Click Details 3 In the Communications window select the Universal Plug a...

Страница 173: ...work Connections window click Advanced in the main menu and select Optional Networking Components 4 The Windows Optional Networking Components Wizard window displays 5 Select Networking Service in the...

Страница 174: ...XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL device Make sure the computer is connecte...

Страница 175: ...nder Internet Gateway 2 Right click the icon and select Properties 3 In the Internet Connection Properties window click Settings to see the port mappings that were automatically created 4 You may edit...

Страница 176: ...inding out the IP address of the ZyXEL device first This is helpful if you do not know the IP address of the ZyXEL device Follow the steps below to access the web configurator 5 Select the Show icon i...

Страница 177: ...the ZyXEL device 1 Click Start and then Control Panel 2 Double click Network Connections 3 Select My Network Places under Other Places 4 An icon with the description for each UPnP enabled device disp...

Страница 178: ...elect My Network Places under Other Places 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click the icon for your ZyXEL device and select Invoke The w...

Страница 179: ...firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be impleme...

Страница 180: ...See Stateful Inspection on page 185 for more information on Stateful Inspection Firewalls of one type or another have become an integral part of standard security solutions for enterprises 14 3 Intro...

Страница 181: ...An extension number called the TCP port or UDP port identifies these protocols such as HTTP Web FTP File Transfer Protocol POP3 E mail etc For example Web traffic by default uses TCP port 80 When com...

Страница 182: ...unsuspecting system Systems may crash hang or reboot b Teardrop attack exploits weaknesses in the reassembly of IP packet fragments As data is transmitted through a network IP packets are often broken...

Страница 183: ...lished a SYN Attack floods a targeted system with a series of SYN packets Each packet causes the targeted system to issue a SYN ACK response While the targeted system waits for the ACK that follows th...

Страница 184: ...a A Smurf hacker floods a router with Internet Control Message Protocol ICMP echo request packets pings Since the destination IP address of each packet is the broadcast address of the network the rout...

Страница 185: ...technique known as IP Spoofing as part of their attack IP Spoofing may be used to break into systems to hide the hacker s identity or to magnify the effect of the DoS attack IP Spoofing is a techniqu...

Страница 186: ...s from the Internet In summary stateful inspection Allows all sessions originating from the LAN local network to the WAN Internet Denies all sessions originating from the WAN to the LAN Figure 78 Stat...

Страница 187: ...ry entries might be modified in order to permit only packets that are valid for the current state of the connection 8 Any additional inbound or outbound packets that belong to the connection are inspe...

Страница 188: ...any subsequent packet from the Internet or from the LAN its connection information is extracted and checked against the cache A packet is only allowed to pass through if it corresponds to a valid con...

Страница 189: ...hat operates in this way must be supported on a case by case basis You can use the web configurator s Custom Services feature to do this 14 6 Guidelines For Enhancing Security With Your Firewall 1 Cha...

Страница 190: ...er layers from the network layer IP headers up to the application layer The firewall performs stateful inspection It takes into account the state of connections it handles so that for example a legiti...

Страница 191: ...ZyAIR G 2000 Plus User s Guide Chapter 14 Firewalls 190 6 The firewall can block specific URL traffic that might occur in the future The URL can be saved in an Access Control List ACL database...

Страница 192: ...ZyAIR G 2000 Plus User s Guide 191 Chapter 14 Firewalls...

Страница 193: ...ands 15 2 Firewall Policies Overview Firewall rules are grouped based on the direction of travel of packets to which they apply By default the ZyAIR s stateful packet inspection allows packets traveli...

Страница 194: ...ult rules 15 3 Rule Logic Overview 15 3 1 Rule Checklist 1 State the intent of the rule For example This restricts all IRC access from the LAN to the Internet Or This allows a remote Lotus Notes serve...

Страница 195: ...rs may be able to connect to computers with running FTP servers 4 Does this rule conflict with any existing rules Once these questions have been answered adding rules is simply a matter of plugging th...

Страница 196: ...control routing between two subnets on the LAN Similarly WAN to WAN ZyAIR polices apply in the same way to the WAN ports 15 4 1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all use...

Страница 197: ...ate an alert when a rule is matched in the Edit Rule screen Figure 83 Configure the Log Settings screen to have the ZyAIR send an immediate e mail message to you when an event generates an alert Refer...

Страница 198: ...packets W LAN to W LAN ZyAIR W LAN to WAN WAN to W LAN WAN to WAN ZyAIR Firewall rules are grouped based on the direction of travel of packets to which they apply For example W LAN to W LAN ZyAIR mean...

Страница 199: ...ated that apply to traffic traveling in the selected packet direction The firewall rules that you configure summarized below take priority over the general firewall action settings above This is your...

Страница 200: ...rule Enabled or not Disable Alert This field tells you whether this rule generates an alert Yes or not No when the rule is matched Move Type a rule s index number and the number for where you want to...

Страница 201: ...ZyAIR G 2000 Plus User s Guide Chapter 15 Firewall Screens 200 Figure 83 Creating Editing A Firewall Rule...

Страница 202: ...Available Services box on the left then click to add it to the Selected Service s box on the right To remove a service highlight it in the Selected Service s box on the right then click Custom Servic...

Страница 203: ...atched Packets Use the drop down list box to select whether to discard Block or allow the passage of Forward packets that match this rule Apply Click Apply to save your customized settings and exit th...

Страница 204: ...Direction drop down list box Figure 85 Rule Summary 2 In the Rule Summary screen type the index number for where you want to put the rule assuming you have more than one rule For example if you type 6...

Страница 205: ...onfigure it as follows and click Apply Figure 87 Edit Custom Service Example 7 In the Edit Rule screen use the arrows between Available Services and Selected Service s to configure it as follows Click...

Страница 206: ...ZyAIR G 2000 Plus User s Guide 205 Chapter 15 Firewall Screens Figure 88 My Service Rule Configuration...

Страница 207: ...rotocol type For example look at the default configuration labeled DNS UDP TCP 53 means UDP port 53 and TCP port 53 Custom services may also be configured using the Custom Services function discussed...

Страница 208: ...rotocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that provides transparent file sharing for network environments NNTP TCP 119 Network News Trans...

Страница 209: ...vices on your home network or upstream Internet gateways using UDP port 1900 SSH TCP UDP 22 Secure Shell Remote Login Program STRMWORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you...

Страница 210: ...ZyAIR G 2000 Plus User s Guide 209 Chapter 15 Firewall Screens...

Страница 211: ...in web features or specific URL keywords and should not be confused with packet filtering via SMT menu 21 1 To access these functions from the Main Menu click Content Filter to expand the Content Filt...

Страница 212: ...pment environment for building downloadable Web components or Internet and intranet business applications of all kinds Cookies Used by Web servers to track usage and provide service based on ID Web Pr...

Страница 213: ...utton to remove all of the listed keywords Day to Block Select check boxes for the days that you want the ZyAIR to perform content filtering Select the Everyday check box to have content filtering tur...

Страница 214: ...ZyAIR G 2000 Plus User s Guide 213 Chapter 16 Content Filtering...

Страница 215: ...kes the public key openly available 3 Tim uses his private key to encrypt the message and sends it to Jenny 4 Jenny receives the message and uses Tim s public key to decrypt it 5 Additionally Jenny us...

Страница 216: ...e becomes more mature it may not be available in some areas You can have the ZyAIR act as a certification authority and sign its own certificates 17 3 Configuration Summary This section summarizes how...

Страница 217: ...the bar is red you should consider deleting expired or unnecessary certificates before adding more certificates Replace This button displays when the ZyAIR has the factory default certificate The fact...

Страница 218: ...f the certificate is about to expire or has already expired Details Click the details icon to open a screen with an in depth list of information about the certificate Click the delete icon to remove t...

Страница 219: ...ly allows the importation of a PKS 7 file that contains a single certificate PEM Base 64 encoded PKCS 7 This Privacy Enhanced Mail PEM format uses 64 ASCII characters to convert a binary PKCS 7 certif...

Страница 220: ...ZyAIR create a self signed certificate enroll a certificate with a certification authority or generate a certification request see the following figure Table 67 My Certificate Import LABEL DESCRIPTION...

Страница 221: ...ZyAIR G 2000 Plus User s Guide Chapter 17 Certificates 220 Figure 93 My Certificate Create...

Страница 222: ...ps trailing spaces Key Length Select a number from the drop down list box to determine how many bits the key should use 512 to 2048 The longer the key the more secure it is A longer key also uses more...

Страница 223: ...Select the certification authority s enrollment protocol from the drop down list box Simple Certificate Enrollment Protocol SCEP is a TCP based enrollment protocol that was developed by VeriSign and...

Страница 224: ...ZyAIR G 2000 Plus User s Guide 223 Chapter 17 Certificates Figure 94 My Certificate Details...

Страница 225: ...ut the certificate Type This field displays general information about the certificate CA signed means that a Certification Authority signed the certificate Self signed means that the certificate s own...

Страница 226: ...orithm SHA1 Fingerprint This is the certificate s message digest that the ZyAIR calculated using the SHA1 algorithm Certificate in PEM Base 64 Encoded Format This read only text box displays the certi...

Страница 227: ...y such as a common name organizational unit or department organization or company and country With self signed certificates this is the same information as in the Subject field Valid From This field d...

Страница 228: ...AIR Delete Click Delete to delete an existing certificate A window display asking you to confirm that you want to delete the certificate Note that subsequent certificates move up by one when you take...

Страница 229: ...lick the details icon to open the Trusted CA Details screen Use this screen to view in depth information about the certification authority s certificate change the certificate s name and set whether o...

Страница 230: ...ZyAIR G 2000 Plus User s Guide 229 Chapter 17 Certificates Figure 97 Trusted CA Details...

Страница 231: ...tification path Certificate Information These read only fields display detailed information about the certificate Type This field displays general information about the certificate CA signed means tha...

Страница 232: ...alculated using the MD5 algorithm You can use this value to verify with the certification authority over the phone for example that this is actually their certificate SHA1 Fingerprint This is the cert...

Страница 233: ...about system maintenance system errors and access control You can view logs and alert messages in this page Once the log entries are all used the log will wrap around and the old logs will be deleted...

Страница 234: ...ries such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts are displayed in red and logs are displayed in black Source This fiel...

Страница 235: ...ZyAIR G 2000 Plus User s Guide Chapter 18 Log Screens 234 Figure 99 Log Settings...

Страница 236: ...messages to different files in the syslog server Refer to the documentation of your syslog program for more details Send Log Log Schedule This drop down menu is used to configure the frequency of log...

Страница 237: ...most used protocols or service ports The LAN IP addresses to and or from which the most traffic has been sent How much traffic has been sent to and from the LAN IP addresses to and or from which the...

Страница 238: ...the ZyAIR record report data Click Stop Collection to halt the ZyAIR from recording more data Refresh Click Refresh to update the report display The report also refreshes automatically when you close...

Страница 239: ...ZyAIR G 2000 Plus User s Guide Chapter 18 Log Screens 238 Note All of the recorded reports data is erased when you turn off the ZyAIR...

Страница 240: ...ZyAIR G 2000 Plus User s Guide 239 Chapter 18 Log Screens...

Страница 241: ...traffic statistics 19 1 Maintenance Overview The maintenance screens can help you view system information upload new firmware manage configuration and restart your ZyAIR 19 2 System Status Screen Clic...

Страница 242: ...firmware for this exact model name This field is not available on all models ZyNOS Firmware Version This is the ZyNOS Firmware version and the date created ZyNOS is ZyXEL s proprietary Network Operat...

Страница 243: ...r on your LAN or else the computer must be manually configured Table 77 System Status Show Statistics LABEL DESCRIPTION Port This is the WAN LAN or WLAN port Status This shows the port speed and duple...

Страница 244: ...xt Table 78 Maintenance DHCP Table LABEL DESCRIPTION This is the index number of the host computer IP Address This field displays the IP address relative to the field listed above Host Name This field...

Страница 245: ...cessful upload the system will reboot See the Firmware and Configuration File Maintenance chapter for upgrading firmware using FTP TFTP commands Click MAINTENANCE and then F W Upload Follow the instru...

Страница 246: ...Table 80 Firmware Upload LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click Browse to find the bin file you want to...

Страница 247: ...emporary network disconnect In some operating systems you may see the following icon on your desktop Figure 107 Network Temporarily Disconnecte After two minutes log in again and check your new firmwa...

Страница 248: ...figuration Screen See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP TFTP commands Click MAINTENANCE and then the Configuration tab Information...

Страница 249: ...nfiguration file before making configuration changes The backup configuration file will be useful in case you need to return to your previous settings Click Backup to save the ZyAIR s current configur...

Страница 250: ...tion file you may need to change the IP address of your computer to be in the same subnet as that of the default ZyAIR IP address 192 168 1 1 See your Quick Installation Guide for details on how to se...

Страница 251: ...screen The following warning screen will appear Figure 113 Reset Warning Message You can also press the RESET button on the side panel to reset the factory defaults of your ZyAIR Refer to the section...

Страница 252: ...ZyAIR G 2000 Plus User s Guide 251 Chapter 19 Maintenance Figure 114 Restart Screen...

Страница 253: ...ttom left corner Run and then type telnet 192 168 1 1 the default IP address and click OK 2 For your first login enter the default password 1234 As you type the password the screen displays an asteris...

Страница 254: ...system password in the Old Password field and press ENTER Figure 117 Menu 23 1 System Security Change Password 4 Type your new system password in the New Password field up to 30 characters and press E...

Страница 255: ...ou use to configure your ZyAIR Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below Table 82 Main Menu Commands OPERATION KE...

Страница 256: ...of fields The first requires you to type in the appropriate information The second allows you to cycle through the available choices by pressing SPACE BAR Required fields or ChangeMe All fields with t...

Страница 257: ...on your LAN 3 LAN Setup Use this menu to set up your LAN and WLAN connection 4 Internet Access Setup Configure your Internet Access setup Internet address gateway login etc with this menu 11 Remote No...

Страница 258: ...in the Old Password field for example 1234 and press ENTER Figure 121 Menu 23 System Password 4 Type your new system password in the New Password field up to 30 characters and press ENTER 5 Re type y...

Страница 259: ...yAIR System Name In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer nam...

Страница 260: ...ystem is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a machine before you can acce...

Страница 261: ...Address Update Policy DDNS Server Auto Detect IP Address No Use Specified IP Address No Use IP Address N A Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Table 85 Menu 1 1 Configur...

Страница 262: ...k with a private IP address When both fields are set to No the ZyAIR must have a public WAN IP address in order for DDNS to work Use Server Detected IP Press SPACE BAR to select Yes and then press ENT...

Страница 263: ...u 2 WAN Setup FIELD DESCRIPTION MAC Address Assigned By Press SPACE BAR and then ENTER to choose one of two methods to assign a MAC Address Choose Factory Default to select the factory assigned defaul...

Страница 264: ...ZyAIR G 2000 Plus User s Guide 263 Chapter 22 Menu 2 WAN Setup...

Страница 265: ...to apply to the Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Figure 126 Menu...

Страница 266: ...P Ethernet Setup DHCP Server TCP IP Setup Client IP Pool Starting Address 192 168 1 33 IP Address 192 168 1 1 Size of Client IP Pool 32 IP Subnet Mask 255 255 255 0 First DNS Server From ISP RIP Direc...

Страница 267: ...Relay for a second or third DNS server that choice changes to None after you save your changes Select None if you do not want to configure DNS servers If you do not configure a DNS server you must kno...

Страница 268: ...gical LAN interfaces via its single physical Ethernet interface with the ZyAIR itself as the gateway for each LAN network Figure 128 Physical Network Partitioned Logical Networks You must use menu 3 2...

Страница 269: ...gle Table 89 Menu 3 2 1 IP Alias Setup FIELD DESCRIPTION IP Alias 1 2 Choose Yes to configure the LAN network for the ZyAIR IP Address Enter the IP address of your ZyAIR in dotted decimal notation IP...

Страница 270: ...e the same ESSID Enter a descriptive name of up to 32 printable 7 bit ASCII characters Hide ESSID Press SPACE BAR and select Yes to hide the ESSID in the outgoing data frame so an intruder cannot obta...

Страница 271: ...llowing section for details on this field ZyAIR Edit Roaming Configuration Press SPACE BAR to select Yes to enable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet Note All APs o...

Страница 272: ...and press ENTER Menu 3 5 1 WLAN MAC Address Filter displays as shown next Menu 3 5 Wireless LAN Setup Enable Wireless LAN Yes ESSID Wireless Hide ESSID No Edit MAC Address Filter Yes Channel ID CH06 2...

Страница 273: ...00 00 00 23 00 00 00 00 00 00 12 00 00 00 00 00 00 24 00 00 00 00 00 00 Enter here to CONFIRM or ESC to CANCEL Press Space Bar to Toggle Table 91 Menu 3 5 1 WLAN MAC Address Filter FIELD DESCRIPTION...

Страница 274: ...ZyAIR G 2000 Plus User s Guide 273 Chapter 23 LAN Setup...

Страница 275: ...ur ISP along with the instructions in this chapter to set up your ZyAIR to access the Internet There are three different menu 4 screens depending on whether you chose Ethernet PPTP or PPPoE Encapsulat...

Страница 276: ...on method RR Telstra or Telia Login Choose a RoadRunner flavor if your ISP is Time Warner s RoadRunner otherwise choose Standard Note DSL users must choose the Standard option only The My Login My Pas...

Страница 277: ...ate IP address used in a local network to a different IP address known within another network for example a public IP address used on the Internet Choose None to disable NAT Choose SUA Only if you hav...

Страница 278: ...e Encapsulation PPTP Service Type N A My Login My Password Retype to Confirm Idle Timeout 100 IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Address N A Network Address Tra...

Страница 279: ...ion in doing so See the chapters on firewall for more information on the firewall Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation PPPoE Service Type N A My Login My Password Retype to C...

Страница 280: ...ZyAIR G 2000 Plus User s Guide 279 Chapter 24 Internet Access...

Страница 281: ...mote node The following describes how to configure Menu 11 1 Remote Node Profile Menu 11 3 Remote Node Network Layer Options Menu 11 5 Remote Node Filter 25 2 Remote Node Profile Setup From the main m...

Страница 282: ...t from Standard RR Toshiba RoadRunner Toshiba authentication method RR Manager RoadRunner Manager authentication method RR Telstra or Telia Login Choose one of the RoadRunner methods if your ISP is Ti...

Страница 283: ...ts three logical LAN interfaces via its single physical Ethernet interface with the ZyAIR itself as the gateway for each LAN network Press SPACE BAR to select IP Alias 1or 2 and then press ENTER Edit...

Страница 284: ...up connection is a dial up line where the connection is always up regardless of traffic demand The ZyAIR does two things when you specify a nailed up connection The first is that idle timeout is disa...

Страница 285: ...ly Telco Option Allocated Budget The field sets a ceiling for outgoing call time for this remote node The default for this field is 0 meaning no budget control Period hr This field is the time period...

Страница 286: ...nection No Retype to Confirm Authen CHAP PAP PPTP My IP Static Session Options My IP Addr Edit Filter Sets No My IP Mask Idle Timeout sec 100 Server IP Addr Connection ID Name Press ENTER to Confirm o...

Страница 287: ...icable to PPPoE and PPTP encapsulations only Some implementations especially the UNIX derivatives require the WAN link to have a separate IP network number from the LAN and each end must have a unique...

Страница 288: ...f set to Yes this route is kept private and not included in RIP broadcast If No the route to this remote node will be propagated to other hosts through RIP broadcasts RIP Direction Press SPACE BAR and...

Страница 289: ...sulation Menu 11 5 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Enter here to CONFIRM or ESC to CANCEL Menu 11 5 Remote Node...

Страница 290: ...ZyAIR G 2000 Plus User s Guide 289 Chapter 25 Remote Node Configuration...

Страница 291: ...s 26 1 IP Static Route Setup To configure an IP static route use Menu 12 Static Routing Setup shown next Figure 142 Menu 12 IP Static Route Setup Now type the route number of a static route you want t...

Страница 292: ...subnet mask for this destination Follow the discussion on IP Subnet Mask in this manual Gateway IP Address Type the IP address of the gateway The gateway is an immediate neighbor of your ZyAIR that wi...

Страница 293: ...ain menu enter 14 to display Menu 14 Dial in User Setup Figure 144 Menu 14 Dial in User Setup Type a number and press ENTER to edit the user profile Menu 14 Dial in User Setup 1 aj tetryeg 9 ________...

Страница 294: ...Edit Dial in User FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile This field is case sensitive Active Press SPACE BAR to select Yes and press E...

Страница 295: ...also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types 28 2 Applying NAT You apply NAT via menus 4 or 11 3 a...

Страница 296: ...that you want to configure 3 Move the cursor to the Edit IP field press SPACE BAR to select Yes and then press ENTER to bring up Menu 11 3 Remote Node Network Layer Options Menu 4 Internet Access Set...

Страница 297: ...on NAT web configurator screens for further information on these menus To configure NAT enter 15 from the main menu to bring up the following screen Menu 11 3 Remote Node Network Layer Options IP Addr...

Страница 298: ...g Sets Figure 149 Menu 15 1 Address Mapping Sets Enter 255 to display the next screen see the SUA Single User Account Versus NAT section The fields in this menu cannot be changed Menu 15 NAT Setup 1 A...

Страница 299: ...ancel Table 102 SUA Address Mapping Rules FIELD DESCRIPTION Set Name This is the name of the set you selected in menu 15 1 or enter the name of a new set you want to create Idx This is the index or ru...

Страница 300: ...cal Start IP Local End IP Global Start IP Global End IP Type 1 2 3 4 5 6 7 8 9 10 Action Edit Select Rule Press ENTER to Confirm or ESC to Cancel Note If the Set Name field is left blank the entire se...

Страница 301: ...0 0 End N A Global IP Start 0 0 0 0 End N A Press ENTER to Confirm or ESC to Cancel Table 104 Menu 15 1 1 1 Editing Configuring an Individual Rule in a Set FIELD DESCRIPTION Type Press SPACE BAR and...

Страница 302: ...ess ENTER to confirm prompt to save your configuration after you define all the servers or press ESC at any time to cancel You assign the private network IP addresses The NAT network appears as a sing...

Страница 303: ...Example 28 5 General NAT Examples The following are some examples of NAT configuration 28 5 1 Example 1 Internet Access Only In the following Internet access example you only need one rule where the I...

Страница 304: ...eld in menus 4 and 11 3 is specifically pre configured to handle this case 28 5 2 Example 2 Internet Access with an Inside Server The dynamic Inside Global Address is assigned by the ISP Menu 4 Intern...

Страница 305: ...TP servers to the first two IGAs and the other LAN traffic to the remaining IGA Map the third IGA to an inside web server and mail server Four rules need to be configured two bi directional and two un...

Страница 306: ...ion from the Network Address Translation field in menu 4 or menu 11 3 see Figure 139 2 Then enter 15 from the main menu 3 Enter 1 to configure the Address Mapping Sets 4 Enter 1 to begin configuring t...

Страница 307: ...how how to configure the first rule Menu 11 3 Remote Node Network Layer Options IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Addr N A Network Address Translation Full Fea...

Страница 308: ...wing menu Configure it as shown Menu 15 1 1 1 Address Mapping Rule Type One to One Local IP Start 192 168 1 10 End N A Global IP Start 10 132 50 1 End N A Press ENTER to Confirm or ESC to Cancel Press...

Страница 309: ...rload mapping as port numbers do not change for Many to Many No Overload and One to One NAT mapping types The following figure illustrates this Menu 15 2 NAT Server Setup Rule Start Port No End Port N...

Страница 310: ...able to check the settings in menu 15 1 1 as shown next Note Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream These appli...

Страница 311: ...nu 15 to display Menu 15 3 Trigger Port Setup shown next Menu 15 1 1 Address Mapping Rules Set Name Example4 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 192 168 1...

Страница 312: ...uding spaces Incoming Incoming is a port or a range of ports that a server on the WAN uses when it sends out a particular service The ZyAIR forwards the traffic with this port or range of ports to the...

Страница 313: ...allowed to pass Data filters are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the LAN...

Страница 314: ...ilter rules and protocol filter rules within the same set You can apply up to four filter sets to a particular port to block multiple types of packets With each filter set having up to six rules you c...

Страница 315: ...port to block multiple types of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port 29 2 Configuring a Filter Set The ZyAIR includes filter...

Страница 316: ...e previous menus Menu 21 Filter and Firewall Setup 1 Filter Setup 2 Firewall Setup Enter Menu Selection Number Menu 21 1 Filter Set Configuration Filter Filter Set Comments Set Comments 1 ____________...

Страница 317: ...nd will not allow you to save M More Y means there are more rules to check which form a rule chain with the present rule An action cannot be taken until the rule chain is complete N means there are no...

Страница 318: ...Port Comp None TCP Estab N A More No Log None Action Matched Check Next Rule Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Table 108 TCP IP Filt...

Страница 319: ...e match packets that want to establish a TCP connection SYN 1 and ACK 0 if No it is ignored Yes No More Press SPACE BAR and then ENTER to select Yes or No If Yes a matching packet is passed to the nex...

Страница 320: ...s the logic flow of an IP filter Figure 173 Executing an IP Filter 29 2 3 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule The purpose of generic rules i...

Страница 321: ...e No Offset 0 Length 0 Mask N A Value N A More No Log None Action Matched Check Next Rule Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Table 109...

Страница 322: ...on Matched and Action Not Matched will be No Yes No Log Select the logging option from the following None No packets will be logged Action Matched Only packets that match the rule parameters will be l...

Страница 323: ...d so that the packet will be dropped if its destination is the telnet port Select Forward from the Action Not Matched field so that the packet will be forwarded if its destination is not the telnet po...

Страница 324: ...lter rules Generic Filter Device rules and protocol filter TCP IP rules Generic filter rules act on the raw data from to LAN and WAN Protocol filter rules act on the IP packets Generic and TCP IP filt...

Страница 325: ...g telnet FTP and HTTP connections 29 6 1 Applying LAN Filters LAN traffic filter sets may be useful to block certain packets reduce traffic and prevent security breaches Go to menu 3 1 shown next and...

Страница 326: ...eir numbers separated by commas The ZyAIR already has filters to prevent NetBIOS traffic from triggering calls and block incoming telnet FTP and HTTP connections Figure 180 Filtering Remote Node Traff...

Страница 327: ...is by far the most comprehensive firewall configuration tool your ZyAIR has to offer For this reason it is recommended that you configure your firewall using the web configurator see the following ch...

Страница 328: ...s when the firewall is turned off Refer to the User s Guide for details about the firewall default policies You may define additional Policy rules or modify existing ones but please exercise extreme c...

Страница 329: ...rk The ZyAIR supports SNMP version one SNMPv1 and version two c SNMPv2c The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured Figure 182 SNMP Manageme...

Страница 330: ...he manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve...

Страница 331: ...ssword for incoming Set requests from the management station Trusted Host If you enter a trusted host your ZyAIR will only respond to SNMP messages from this address A blank default field means your Z...

Страница 332: ...Failure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirements with wrong community password 6 linkDown defined in RFC 1215 A trap is sent when the port is d...

Страница 333: ...System Security You should change the default password If you forget your password you have to restore the default configuration file Refer to the section on changing the system password in the Intro...

Страница 334: ...Confirm or ESC to Cancel Table 113 Menu 23 2 System Security RADIUS Server FIELD DESCRIPTION Authentication Server Active Press SPACE BAR to select Yes and press ENTER to enable user authentication t...

Страница 335: ...rver in dotted decimal notation Port The default port of the RADIUS server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so with additiona...

Страница 336: ...stations have to enter usernames and passwords before access to the wired network is allowed Select No Access Allowed to block all wireless stations access to the wired network The following fields a...

Страница 337: ...acy for Broadcast Multicast packets field WPA Group Key Update Timer The WPA Broadcast Multicast Key Update Timer is the rate at which the AP if using WPA PSK key management or RADIUS server if using...

Страница 338: ...ZyAIR G 2000 Plus User s Guide 337 Chapter 32 System Security...

Страница 339: ...m Status is a tool that can be used to monitor your ZyAIR Specifically it gives you information on your Ethernet and Wireless LAN status number of packets sent and received To get to System Status typ...

Страница 340: ...Status This shows the status of the remote node TxPkts This is the number of transmitted packets to this remote node RxPkts This is the number of received packets from this remote node Cols This is t...

Страница 341: ...g table describes the fields in this menu Menu 24 2 System Information and Console Port Speed 1 System Information 2 Console Port Speed Note The ZyAIR also has an internal console port for support per...

Страница 342: ...ollow the procedures to view the local error trace log 1 Type 24 in the main menu to display Menu 24 System Maintenance 2 From menu 24 type 3 to display Menu 24 3 System Maintenance Log and Trace ZyNO...

Страница 343: ...xt Menu 24 3 System Maintenance Log and Trace 2 Syslog Logging 4 Call Triggering Packet Menu 24 3 2 System Maintenance Syslog Logging Syslog Active No Syslog Server IP Address 0 0 0 0 Log Facility Loc...

Страница 344: ...0 line 0 channel 0 call 1 C01 Outgoing Call dev 2 ch 0 40002 Jul 19 11 19 32 192 168 102 2 ZYXEL board 0 line 0 channel 0 call 1 C02 OutCall Connected 64000 40002 Jul 19 11 20 06 192 168 102 2 ZYXEL b...

Страница 345: ...010080 S05 R01mF Mar 03 10 41 34 202 132 155 97 ZyXEL IP Src 192 168 2 33 Dst 202 132 155 93 ICMP S04 R01mF Mar 03 11 59 20 202 132 155 97 ZyXEL GEN 00a0c5f502fnord010080 S05 R01mF Mar 03 12 00 52 202...

Страница 346: ...Source port empty means no source port information Dst Destination Address dpo Destination port empty means no destination port information prot Protocol TCP UDP ICMP IGMP GRE ESP rule a b where a me...

Страница 347: ...ime 17 02 44 262 Frame Type IP Header IP Version 4 Header Length 20 Type of Service 0x00 0 Total Length 0x002C 44 Identification 0x0002 2 Flags 0x00 Fragment Offset 0x00 Time to Live 0xFE 254 Protocol...

Страница 348: ...elease and Renewal fields in menu 24 4 conveniently allow you to release and or renew the assigned WAN IP address subnet mask and default gateway in a fashion similar to winipcfg Figure 197 LAN WAN DH...

Страница 349: ...osis 348 WAN DHCP Renewal Get a new IP address from the DHCP server Reboot System Reboot the ZyAIR Host IP Address If you typed 1 to Ping Host now type the address of the computer you want to ping Tab...

Страница 350: ...ZyAIR G 2000 Plus User s Guide 349 Chapter 33 System Information and Diagnosis...

Страница 351: ...tings they can be saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename...

Страница 352: ...n to your computer Backup is highly recommended once your ZyAIR is functioning properly FTP is the preferred method although TFTP can also be used Please note that the terms download and upload are re...

Страница 353: ...n the ZyAIR to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the FTP prompt Menu 24 5 Backup Configuration To tr...

Страница 354: ...ole session running 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp...

Страница 355: ...io 5 to restore the five minute SMT timeout default when the file transfer is complete 4 Launch the TFTP client on your computer and connect to the ZyAIR Set the transfer mode to binary before startin...

Страница 356: ...se refer to the following sections on FTP and TFTP file transfer for more details The ZyAIR restarts automatically after the file transfer is complete 34 3 1 Restore Using FTP For details about backup...

Страница 357: ...Session Examplei Refer to section 34 2 4 to read about configurations that disallow TFTP and FTP over WAN Menu 24 6 Restore Configuration To transfer the firmware and the configuration file follow th...

Страница 358: ...the configuration file replaces everything contained within 34 4 1 Firmware Upload FTP is the preferred method for uploading the firmware and configuration To use this feature your computer must have...

Страница 359: ...e file name on the system 4 The system reboots automatically after a successful firmware upload For details on FTP commands please consult the documentation of your FTP client program For details on u...

Страница 360: ...ile using TFTP Trivial File Transfer Protocol over LAN Although TFTP should work over WAN as well it is not recommended To use TFTP your computer must have both telnet and TFTP clients To transfer the...

Страница 361: ...he documentation of your TFTP client program For UNIX use get to transfer from the ZyAIR to the computer put the other way around and binary to set binary transfer mode 34 4 5 Example TFTP Command The...

Страница 362: ...ZyAIR G 2000 Plus User s Guide 361 Chapter 34 Firmware and Configuration File Maintenance...

Страница 363: ...e main system firmware The CI provides much of the same functionality as the SMT while adding some low level setup and diagnostic functions Enter the CI from the SMT by selecting menu 24 8 See the inc...

Страница 364: ...exceeds the limit the current call will be dropped and any future outgoing calls will be blocked To access the call control menu select option 9 in menu 24 to go to Menu 24 9 System Maintenance Call...

Страница 365: ...ed in menu 11 1 for the remote node 35 2 2 Call History This is the second option in Menu 24 9 System Maintenance Call Control It displays information about past incoming and outgoing calls Enter 2 fr...

Страница 366: ...Menu 24 10 System Maintenance Time and Date Setting to update the time and date settings of your ZyAIR as shown in the following screen Menu 24 9 4 Call History Phone Number Dir Rate call Max Min Tota...

Страница 367: ...h year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 None The default enter t...

Страница 368: ...aintenance and Information 35 3 1 Resetting the Time The ZyAIR resets the time in three instances 1 On leaving menu 24 10 after making changes 2 When the ZyAIR starts up if there is a timeserver confi...

Страница 369: ...ccess which ZyAIR interface if any from which computers You may manage your ZyAIR from a remote location via To disable remote management of a service select Disable in the corresponding Server Access...

Страница 370: ...C to Cancel Table 125 Menu 24 11 Remote Management Control FIELD DESCRIPTION Telnet Server FTP Server Web Server SNMP Service DNS Service Each of these read only labels denotes a service or protocol P...

Страница 371: ...AN or in menu 11 5 WAN is applied to block a Telnet FTP or Web service 2 You have disabled that service in menu 24 11 3 The IP address in the Secured Client IP field menu 24 11 does not match the clie...

Страница 372: ...P address when configuring from the LAN 36 3 System Timeout There is a system timeout of five minutes 300 seconds for Telnet web FTP connections Your ZyAIR will automatically log you out if you do not...

Страница 373: ...sets take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2 3 and...

Страница 374: ...to select Yes or No Choose Yes and press ENTER to activate the schedule set Start Date Enter the start date when you wish the set to take effect in year month date format Valid dates are from the pres...

Страница 375: ...on field Forced Down means that the connection is blocked whether or not there is a demand call on the line Enable Dial On Demand means that this schedule permits a demand call on the line Disable Dia...

Страница 376: ...ZyAIR G 2000 Plus User s Guide 375 Chapter 37 Call Scheduling...

Страница 377: ...wer source is working properly Table 128 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyAIR from the LAN If the ETHN LED on the front panel is off check the Ether...

Страница 378: ...cess the ZyAIR through Telnet Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet connection Table 131 Troubleshooting the WLAN Interface PROBLEM CORRE...

Страница 379: ...attempts for five minutes after the third time an incorrect password is entered Table 132 Brute Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the...

Страница 380: ...ZyAIR G 2000 Plus User s Guide 379 Appendix B...

Страница 381: ...urchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP com...

Страница 382: ...ks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In t...

Страница 383: ...ntry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your...

Страница 384: ...ose the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyAIR and restart your computer when prompted Verifying Settings 1 Click Start...

Страница 385: ...C 384 Figure 220 Windows XP Start Menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 221 Windows XP Control Panel 3 Right click Local Are...

Страница 386: ...rties 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties Figure 223 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window ope...

Страница 387: ...ses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional...

Страница 388: ...indows XP Internet Protocol TCP IP Properties 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connection Properties window 10Turn on your ZyAIR an...

Страница 389: ...e Appendix C 388 Figure 226 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 227 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Se...

Страница 390: ...ed to save changes to your configuration 7 Turn on your ZyAIR and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1...

Страница 391: ...nfigure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyAIR in the Router address box 5 Click Apply Now and cl...

Страница 392: ...ZyAIR G 2000 Plus User s Guide 391 Appendix C...

Страница 393: ...IP address of a computer on the LAN Figure 230 IP Address Conflicts CaseA You must set the ZyAIR to use different LAN and WAN IP addresses on different subnets if you enable DHCP server on the ZyAIR...

Страница 394: ...n different subnets if you enable DHCP server on the ZyAIR For example you set the WAN IP address to 192 59 1 1 and the LAN IP address to 10 59 1 1 Otherwise It is recommended the ZyAIR use a public W...

Страница 395: ...ppendix D 394 In this case the subscribers are not able to access the Internet Figure 233 IP Address Conflicts Case D This problem can be solved by adding a VLAN enabled switch or set the computers to...

Страница 396: ...ZyAIR G 2000 Plus User s Guide 395 Appendix D...

Страница 397: ...he first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octets ma...

Страница 398: ...ID Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Subnetting With subnetting the class arrangement of...

Страница 399: ...ally if no mask is specified it is understood that the natural mask is being used Example Two Subnets As an example you have a class C address 192 168 1 0 with subnet mask of 255 255 255 0 The first t...

Страница 400: ...1 and the highest is 192 168 1 126 Similarly the host ID range for the second subnet is 192 168 1 129 to 192 168 1 254 Note In the following charts shaded bolded last octet bit values indicate host ID...

Страница 401: ...Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highest...

Страница 402: ...1111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 144 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRE...

Страница 403: ...The following table is a summary for class B subnet planning Table 146 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 19...

Страница 404: ...ZyAIR G 2000 Plus User s Guide 403 Appendix E...

Страница 405: ...keywords exactly as shown do not abbreviate The required fields in a command are enclosed in angle brackets The optional fields in a command are enclosed in square brackets The symbol means or For ex...

Страница 406: ...ZyAIR G 2000 Plus User s Guide 405 Appendix F...

Страница 407: ...d A DHCP client s IP address has expired DHCP server assigns s The DHCP server assigned an IP address to a client SMT Login Successfully Someone has logged on to the router s SMT interface SMT Login F...

Страница 408: ...t 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host 8 Echo 0 Echo message 11 Time Exceeded 0 Time to live exceeded in transit 1 Fragment re...

Страница 409: ...Use the sys logs category display command to show the log settings for all of the log categories Use the sys logs display log category command to show the logs in an individual ZyAIR log category Use...

Страница 410: ...72 22 255 255 137 ACCESS BLOCK Firewall default policy UDP set 8 1 11 11 2002 15 10 12 172 21 4 17 138 172 21 255 255 138 ACCESS BLOCK Firewall default policy UDP set 8 2 11 11 2002 15 10 11 172 17 2...

Страница 411: ...rs access to the network as they move from meeting to meeting getting up to date access to information and the ability to communicate decisions while on the go It provides campus wide networking mobil...

Страница 412: ...Ad hoc Network Infrastructure Wireless LAN Configuration For Infrastructure WLANs multiple Access Points APs link the WLAN to the wired network and allow users to efficiently share network resources T...

Страница 413: ...ZyAIR G 2000 Plus User s Guide Appendix H 412 Figure 235 ESS Provides Campus Wide Coverage...

Страница 414: ...ZyAIR G 2000 Plus User s Guide 413 Appendix H...

Страница 415: ...does not provide any central user account management User access control is done through manual modification of the MAC address table on the access point Although WEP data encryption offers a form of...

Страница 416: ...e Authentication Mutual Authentication with Internal RADIUS server Microsofts Challenge Handshake Authentication Protocol MS CHAP V2 is used to periodically verify the identity of the peer station or...

Страница 417: ...ZyAIR G 2000 Plus User s Guide Appendix I 416 Figure 237 Sequences for PEAP MS CHAP V2 Authentication...

Страница 418: ...ZyAIR G 2000 Plus User s Guide 417 Appendix I...

Страница 419: ...pport data encryption with dynamic session key You must configure WEP encryption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certifications are needed by both the se...

Страница 420: ...EEE802 1x For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deploymen...

Страница 421: ...he shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for b...

Страница 422: ...r point to point applications Positioning Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to point application position both transmitti...

Страница 423: ...Consumption 10 W Safety Standards UL CUL UL 1310 CSA C22 2 No 223 M91 Table 155 EUROPEAN PLUG STANDARDS AC Power Adaptor Model AD 1201200DV Input Power AC230Volts 50Hz 0 2A Output Power DC12Volts 1 2A...

Страница 424: ...423 Appendix L Table 158 Australia and New Zealand plug standards AC Power Adaptor Model AD 1201200DS or AD 121200DS Input Power AC240Volts 50Hz 0 2A Output Power DC12Volts 1 2A Power Consumption 10 W...

Страница 425: ...Force Password Guessing Protection 39 BSS 78 411 Budget Management 364 C CA 418 Cable Modem 179 Call Control 363 Call History 364 Call Scheduling 372 Maximum Number of Schedule Sets 372 PPPoE 374 Pre...

Страница 426: ...ucture 313 Finger 142 Firewall Access Methods 192 326 Address Type 201 Alerts 196 Connection Direction 195 Creating Editing Rules 199 Custom PortsSee Custom Ports 202 Firewall Vs Filters 188 Guideline...

Страница 427: ...39 Local 136 Local User Database 120 Log Descriptions 406 Login Name 275 Logs 124 232 M MAC Address 262 MAC Address Filter Action 113 MAC Address Filtering 112 270 MAC Filter 112 MAC Filtering 39 Main...

Страница 428: ...5 Restrict Web Features 211 RF signals 410 RIP 71 287 Version 287 Roaming 84 Example 84 Requirements 85 Route 282 RTS Threshold 80 Rules 192 195 Checklist 193 Creating Custom 192 Key Fields 194 LAN to...

Страница 429: ...e Setting 68 Time Zone 366 Timeout 277 278 284 Trace Records 341 Traceroute 184 Traffic Redirect 40 Trigger Port Forwarding 310 Process 148 Troubleshooting Accessing ZyAIR 377 Ethernet Port 376 Start...

Страница 430: ...ZyAIR G 3000 User s Guide 429 Index ZyNOS F W Version 351 ZyXEL s Firewall Introduction 179...

Отзывы: