background image

Firewall and Remote Management 

 

 

 

Part V: 

 

 

 

 

 

FIREWALL AND REMOTE MANAGEMENT 

This part introduces firewalls in general and the ZyAIR firewall. It also explains custom ports and 

gives example firewall rules and information on Remote Management.  

 

 

 

 

Содержание ZYAIR

Страница 1: ...ZyAIR Wireless Gateway Series User s Guide Version 3 50 July 2003...

Страница 2: ...hed by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither do...

Страница 3: ...io frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio...

Страница 4: ...of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no eve...

Страница 5: ...578 3942 www zyxel com www europe zyxel com WORLDWIDE sales zyxel com tw 886 3 578 2439 ftp europe zyxel com ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park Hsinchu 300 T...

Страница 6: ...b Configurator 2 1 2 3 Resetting the ZyAIR 2 2 2 3 1 Procedure to Use the Reset Button 2 2 2 3 2 Uploading a Configuration File via Console Port 2 3 2 4 Navigating the ZyAIR Web Configurator 2 4 Chapt...

Страница 7: ...Configuration and Roaming 6 1 6 1 Wireless LAN Overview 6 1 6 1 1 IBSS 6 1 6 1 2 BSS 6 1 6 1 3 ESS 6 2 6 2 Wireless LAN Basics 6 3 6 2 1 RTS CTS 6 3 6 2 2 Fragmentation Threshold 6 4 6 3 Configuring W...

Страница 8: ...ypes 9 4 9 1 6 SUA Single User Account Versus NAT 9 5 9 2 SUA Server 9 5 9 2 1 Port Forwarding Services and Port Numbers 9 6 9 2 2 Configuring Servers Behind SUA Example 9 7 9 3 Configuring SUA Server...

Страница 9: ...ement 13 1 13 1 Remote Management Overview 13 1 13 1 1 Remote Management Limitations 13 1 13 1 2 Remote Management and NAT 13 2 13 1 3 System Timeout 13 2 13 2 Telnet 13 2 13 3 Configuring TELNET 13 3...

Страница 10: ...6 4 1 Channel Usage 16 5 16 5 F W Upload Screen 16 8 16 6 Configuration Screen 16 10 16 6 1 Backup Configuration 16 10 16 6 2 Restore Configuration 16 11 16 6 3 Back to Factory Defaults 16 13 SMT GETT...

Страница 11: ...21 7 Chapter 22 Dial in User Setup 22 1 22 1 Dial in User Setup 22 1 Chapter 23 Network Address Translation NAT 23 1 23 1 Introduction 23 1 23 1 1 Applying NAT 23 1 23 2 NAT Setup 23 2 23 2 1 Address...

Страница 12: ...3 Log and Trace 27 5 27 3 1 Viewing Error Log 27 5 27 3 2 UNIX Syslog 27 6 27 3 3 Call Triggering Packet 27 7 27 4 Diagnostic 27 7 Chapter 28 Firmware and Configuration File Maintenance 28 1 28 1 File...

Страница 13: ...to 24 10 29 1 29 1 Command Interpreter Mode 29 1 29 2 Call Control Support 29 2 29 2 1 Budget Management 29 2 29 2 2 Call History 29 3 29 3 Time and Date Setting 29 4 29 3 1 Resetting the Time 29 5 Ch...

Страница 14: ...tion F 1 Appendix G Antenna Selection and Positioning Recommendation G 1 Appendix H PPPoE H 1 Appendix I PPTP I 1 Appendix J IP Subnetting J 1 Appendix K Command Interpreter K 1 Appendix L NetBIOS Fil...

Страница 15: ...m General Setup 4 1 Figure 4 2 DDNS 4 3 Figure 4 3 Password 4 5 Figure 4 4 Time Setting 4 6 Figure 5 1 LAN WAN IPs 5 1 Figure 5 2 IP 5 4 Figure 6 1 IBSS Ad hoc Wireless LAN 6 1 Figure 6 2 Basic Servic...

Страница 16: ...to LAN Traffic 12 5 Figure 12 3 Firewall Settings 12 6 Figure 12 4 Firewall Filter 12 8 Figure 12 5 Firewall Services 12 10 Figure 13 1 Telnet Configuration on a TCP IP Network 13 2 Figure 13 2 Telnet...

Страница 17: ...19 1 Figure 19 3 Menu 3 2 TCP IP and DHCP Ethernet Setup 19 2 Figure 19 4 Physical Network 19 4 Figure 19 5 Partitioned Logical Networks 19 4 Figure 19 6 Menu 3 2 TCP IP and DHCP Ethernet Setup 19 5 F...

Страница 18: ...rt Setup 23 17 Figure 24 1 Outgoing Packet Filtering Process 24 1 Figure 24 2 Filter Rule Process 24 2 Figure 24 3 Menu 21 1 Filter Set Configuration 24 3 Figure 24 4 NetBIOS_WAN Filter Rules Summary...

Страница 19: ...n 28 9 Figure 28 10 System Maintenance Starting Xmodem Download Screen 28 9 Figure 28 11 Restore Configuration Example 28 10 Figure 28 12 Successful Restoration Confirmation Screen 28 10 Figure 28 13...

Страница 20: ......

Страница 21: ...6 1 Wireless 6 6 Table 6 2 Roaming 6 9 Table 7 1 Wireless WEP Fields 7 4 Table 7 2 MAC Address Filter 7 7 Table 7 3 Wireless LAN 802 1x 7 11 Table 7 4 Local User Database 7 14 Table 7 5 RADIUS 7 15 Ta...

Страница 22: ...tics 16 3 Table 16 3 DHCP Table 16 4 Table 16 4 Association List 16 5 Table 16 5 Channel Usage ZyAIR B 2000 16 6 Table 16 6 Channel Usage 16 7 Table 16 7 Firmware Upgrade 16 9 Table 16 8 Restore Confi...

Страница 23: ...r Rule 24 11 Table 24 5 Filter Sets Table 24 15 Table 25 1 Menu 22 SNMP Configuration 25 1 Table 26 1 Menu 23 2 System Security RADIUS Server 26 2 Table 26 2 Menu 23 4 System Security IEEE802 1x 26 4...

Страница 24: ...ator parts of this guide contain background information on features configurable by the web configurator and the SMT The SMT parts of this guide contain background information on features not configur...

Страница 25: ...use e g as a shorthand for for instance and i e for that is or in other words throughout this manual The ZyAIR Wireless Gateway series may be referred to simply as the ZyAIR in the user s guide User G...

Страница 26: ......

Страница 27: ...Overview I Part I OVERVIEW This part introduces the main features and applications of the ZyAIR and shows how to access the web configurator and use the Wizard to configure for Internet Access...

Страница 28: ......

Страница 29: ...configurator and SNMP network management enables remote configuration and management of your ZyAIR 1 2 ZyAIR Features The following sections describe the features of the ZyAIR Wireless Gateway series...

Страница 30: ...ithout manual intervention It allows data transfer of either 10 Mbps or 100 Mbps in either half duplex or full duplex mode depending on your Ethernet network 10 100M Auto crossover Ethernet Fast Ether...

Страница 31: ...prone to RF Radio Frequency interference from other 2 4 GHz devices such as microwave ovens wireless phones Bluetooth enabled devices and other wireless LANs Output Power Management Power Management...

Страница 32: ...niversal Plug and Play UPnP Using the standard TCP IP protocol the ZyAIR and other UPnP enabled devices can dynamically join a network obtain an IP address and convey its capabilities to other devices...

Страница 33: ...e transmitted in two ways unicast or broadcast Multicast is a third way to deliver IP packets to a group of hosts IGMP Internet Group Management Protocol is the protocol used to support multicast grou...

Страница 34: ...are upgrades as well as configuration file backups and restoration Wireless Association List With the Wireless Association List you can see the list of the wireless stations that are currently using t...

Страница 35: ...ZyAIR Wireless Gateway Series User s Guide Getting to Know Your ZyAIR 1 7 Figure 1 1 Internet Access Application Example...

Страница 36: ......

Страница 37: ...ZyAIR Web Configurator Step 1 Make sure your ZyAIR hardware is properly connected refer to the Quick Installation Guide Step 2 Prepare your computer to connect to the ZyAIR refer to the Setting Up You...

Страница 38: ...reviously and the speed of the console port will be reset to the default of 9600bps with 8 data bit no parity one stop bit and flow control set to none The password will be reset to 1234 also 2 3 1 Pr...

Страница 39: ...sage Press any key to enter Debug Mode within 3 seconds press any key to enter debug mode Step 3 Enter y at the prompt below to go into debug mode Step 4 Enter atlc after Enter Debug Mode message Step...

Страница 40: ...your ZyAIR or upgrade configuration firmware files Maintenance includes SYSTEM STATUS Statistics DHCP TABLE F W Firmware UPGRADE CONFIGURATION Backup Restore Default and Wireless Association List and...

Страница 41: ...el at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6...

Страница 42: ...ries User s Guide 3 2 Wizard Setup 3 2 Wizard Setup General Setup General Setup contains administrative and system related information Figure 3 1 Wizard 1 General Setup The following table describes t...

Страница 43: ...r the Computer name field and enter it as the System Name In Windows XP click Start My Computer View system information and then click the Computer Name tab Note the entry in the Full computer name fi...

Страница 44: ...eld on the ZyAIR make sure all wireless stations use the same ESSID in order to access the network Choose Channel ID To manually set the ZyAIR to use a channel select a channel from the drop down list...

Страница 45: ...ZyAIR and the wireless stations must use the same WEP key for data transmission If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP...

Страница 46: ...ernet option when the WAN port is used as a regular Ethernet Otherwise choose PPPoE or PPTP for a dial up connection Service Type Select from Standard RR Toshiba RoadRunner Toshiba authentication meth...

Страница 47: ...elia Login only The Telia server logs the ZyAIR out if the ZyAIR does not log in periodically Type the number of minutes from 1 to 59 30 recommended for the ZyAIR to wait between logins This field is...

Страница 48: ...able 3 4 Wizard 3 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Select PPTP from the drop down list box User Name Type the user name given to you by your ISP Pa...

Страница 49: ...s the existing Microsoft Dial Up Networking experience and requires no new learning or procedures For the service provider PPPoE offers an access and authentication method that works with existing acc...

Страница 50: ...e 3 5 Wizard 3 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameter for Internet Access Encapsulation Choose an encapsulation method from the pull down list box PPPoE forms a dial up connection Service...

Страница 51: ...a unique IP address If your networks are isolated from the Internet for instance only between your two branch offices you can assign any IP addresses to the hosts without problems However the Interne...

Страница 52: ...wise Let s say you select 192 168 1 0 as the network number which covers 254 individual addresses from 192 168 1 1 to 192 168 1 254 zero and 255 are reserved In other words the first three numbers spe...

Страница 53: ...rom file ZyNOS configuration file It will not change unless you change the setting or upload a different rom file ZyXEL recommends you clone the MAC address from a workstation on your LAN even if your...

Страница 54: ...ard 4 WAN and DNS LABEL DESCRIPTION WAN IP Address Assignment Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address This is the default selection Use fixed IP...

Страница 55: ...ields WAN MAC Address The MAC address field allows you to configure the WAN port s MAC address by either using the factory default or cloning the MAC address from a workstation on your LAN Factory Def...

Страница 56: ...ZyAIR Wireless Gateway Series User s Guide 3 16 Wizard Setup Figure 3 7 Setup Complete Well done You have successfully set up your ZyAIR to operate on your network and access the Internet...

Страница 57: ...System LAN and Wireless II Part II SYSTEM LAN AND WIRELESS This part discusses the System LAN and Wireless setup screens...

Страница 58: ......

Страница 59: ...r provides information on the System screens 4 1 System Overview This section provides information on general system setup 4 2 Configuring General Setup Click ADVANCED and then SYSTEM to open the Gene...

Страница 60: ...rver information and the ZyAIR s WAN IP address The field to the right displays the read only DNS server IP address that the ISP assigns Select User Defined if you have the IP address of a DNS server...

Страница 61: ...password or key 4 3 1 DYNDNS Wildcard Enabling the wildcard feature for your host causes yourhost dyndns org to be aliased to the same IP address as yourhost dyndns org This feature is useful if you...

Страница 62: ...have traffic redirected to a URL that you can specify while you are off line Edit Update IP Address Server Auto Detect Select this option to update the IP address of the host name s automatically by t...

Страница 63: ...ers Note that as you type a password the screen displays an asterisk for each character you type Retype to Confirm Retype your new system password for confirmation Apply Click Apply to save your chang...

Страница 64: ...ZyAIR Not all time servers support all protocols so you may have to check with your ISP network administrator or use trial and error to find a protocol that works The main difference between them is t...

Страница 65: ...time with the time server New Date yyyy mm dd This field displays the last updated date from the time server When you select None in the Time Protocol field enter the new date in this field and then...

Страница 66: ......

Страница 67: ...zard Setup chapter for the background information about Primary and Secondary DNS Server and IP Address and Subnet Mask 5 2 LANs and WANs A LAN is a computer network limited to the immediate area usua...

Страница 68: ...p regarding what fields need to be configured 5 5 RIP Setup RIP Routing Information Protocol RFC 1058 and RFC 1389 allows a router to exchange routing information with other routers RIP Direction cont...

Страница 69: ...ss D IP address is used to identify host groups and can be in the range 224 0 0 0 to 239 255 255 255 The address 224 0 0 0 is not assigned to any group and is used by IP multicast computers The addres...

Страница 70: ...User s Guide for background information DHCP Server Select this option to allow your ZyAIR to assign IP addresses an IP default gateway and DNS servers to Windows 95 Windows NT and other systems that...

Страница 71: ...sends a DNS query to the ZyAIR the ZyAIR forwards the query to the ZyAIR s system DNS server configured in the SYSTEM General screen and relays the response back to the computer You can only select DN...

Страница 72: ...ZyAIR Wireless Gateway Series User s Guide 5 6 LAN Screens Table 5 1 IP LABEL DESCRIPTION Reset Click Reset to reload the previous configuration for this screen...

Страница 73: ...omputers with wireless adapters within range of each other that from an independent wireless network without the need of an access point AP Figure 6 1 IBSS Ad hoc Wireless LAN 6 1 2 BSS A Basic Servic...

Страница 74: ...es of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS An ESSID ESS ID...

Страница 75: ...annels 6 2 1 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not within range of each other The following figure illustrates a hidden node Both station...

Страница 76: ...r their transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the...

Страница 77: ...see previously you set then the RTS Request To Send CTS Clear to Send handshake will never occur as data frames will be fragmented before they reach RTS CTS size 6 3 Configuring Wireless If you are co...

Страница 78: ...de 6 6 Wireless Configuration and Roaming Figure 6 5 Wireless The following table describes the general wireless LAN labels in this screen Table 6 1 Wireless LABEL DESCRIPTION Enable Wireless LAN Clic...

Страница 79: ...drop down list box Click MAINTENANCE WIRELESS and then the Channel Usage tab to open the Channel Usage screen to make sure the channel is not already used by another AP or independent peer to peer wir...

Страница 80: ...about the change The new information is then propagated to the other access points on the LAN An example is shown in Figure 6 6 If the roaming feature is not enabled on the access points information i...

Страница 81: ...t radio channels when their coverage areas overlap 4 All access points must use the same port number to relay roaming information 5 The access points must be connected to the Ethernet and be able to g...

Страница 82: ...Port Enter the port number to communicate roaming information between APs The port number must be the same on all APs The default is 16290 Make sure this port is not used by other services Apply Clic...

Страница 83: ...es interaction with a RADIUS Remote Authentication Dial In User Service server either on the WAN or your LAN to provide authentication service for wireless stations Figure 7 1 ZyAIR Wireless Security...

Страница 84: ...ves an unencrypted two message procedure A wireless station sends an open system authentication request to the AP which will then automatically accept and connect the wireless station to the network I...

Страница 85: ...true for shared key authentication However when it is set to auto authentication the ZyAIR will accept either type of authentication request and the ZyAIR will fall back to use open authentication if...

Страница 86: ...decimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You must configure all four keys but only one key can be activated at any one ti...

Страница 87: ...32 devices Allow Association or exclude up to 32 devices from accessing the ZyAIR Deny Association Every Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at t...

Страница 88: ...ZyAIR Wireless Gateway Series User s Guide 7 6 Wireless Security Figure 7 4 MAC Address Filter The following table describes the labels in this menu...

Страница 89: ...for this screen 7 5 802 1x Overview The IEEE 802 1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key management Authentication can be don...

Страница 90: ...secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the wired network from unau...

Страница 91: ...e and determines whether or not to authenticate the wireless station 7 7 Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server This key expires when the wireless c...

Страница 92: ...cate wireless users without interacting with a network RADIUS server However there is a limit on the number of users you may authenticate in this way 7 9 Configuring 802 1x To change your ZyAIR s auth...

Страница 93: ...o the wired network ReAuthentication Timer in seconds Specify how often wireless stations have to reenter usernames and passwords in order to stay connected This field is activated only when you selec...

Страница 94: ...se on the ZyAIR for a wireless station s username and password If the user name is not found the ZyAIR then checks the user database on the specified RADIUS server Select RADIUS first then Local to ha...

Страница 95: ...ernal RADIUS server or create local user accounts on the ZyAIR for authentication 7 10 Configuring Local User Database To change your ZyAIR s local user database click ADVANCED WIRELESS and then the L...

Страница 96: ...sword Type a password up to 31 characters for this user profile Note that as you type a password the screen displays a for each character you type Apply Click Apply to save your changes back to the Zy...

Страница 97: ...d the ZyAIR The key must be the same on the external authentication server and your ZyAIR The key is not sent over the network Accounting Server Active Select Yes from the drop down list box to enable...

Страница 98: ......

Страница 99: ...WAN III Part III WAN This part covers the web configurator screen and information about WAN...

Страница 100: ......

Страница 101: ...pter for more background information on most fields in the WAN screens Background information on WAN fields not included in the Wizard is described here 8 2 Configuring WAN ISP To change your ZyAIR s...

Страница 102: ...Roadrunner Manager authentication method RR Telstra or Telia Login Choose a Roadrunner service type if your ISP is Time Warner s Roadrunner otherwise choose Standard Apply Click Apply to save your cha...

Страница 103: ...Server IP address if this field is left blank If it does not then you must enter the authentication server IP address Login Server Telia Login only Type the domain name of the Telia login server for...

Страница 104: ...vice Name Type the PPPoE service name provided to you PPPoE uses a service name to identify and reach the PPPoE server User Name Type the username given to you by your ISP Password Type the password a...

Страница 105: ...8 2 3 PPTP Encapsulation Point to Point Tunneling Protocol PPTP is a network protocol that enables secure transfer of data from a remote client to a private server creating a Virtual Private Network...

Страница 106: ...ection to time out Idle Timeout Specify the time in seconds that elapses before the ZyAIR automatically disconnects from the PPTP server PPTP Configuration My IP Address Type the static IP address ass...

Страница 107: ...settings click ADVANCED WAN and then the IP tab Figure 8 5 IP Setup The following table describes the labels in this screen Table 8 5 IP Setup LABEL DESCRIPTION WAN IP Address Assignment Get automatic...

Страница 108: ...ID Network Address Translation Network Address Translation NAT allows the translation of an Internet protocol address used within one network to a different IP address known within another network SUA...

Страница 109: ...2B uses subnet broadcasting while RIP 2M uses multicasting Multicasting can reduce the load on non router machines since they generally do not listen to the RIP multicast address and so will not rece...

Страница 110: ...n afresh 8 5 Configuring WAN MAC To change your ZyAIR s WAN MAC settings click ADVANCED WAN and then the MAC tab The screen appears as shown Figure 8 6 MAC Setup The MAC address screen allows users to...

Страница 111: ...SUA NAT and Static Route IV Part IV SUA NAT AND STATIC ROUTE This part covers the information about SUA NAT and Static Route setup...

Страница 112: ......

Страница 113: ...r For example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveli...

Страница 114: ...DMZ port instead If you do not define any servers for Many to One and Many to Many Overload mapping NAT offers the additional benefit of firewall protection With no servers defined your ZyAIR filters...

Страница 115: ...1 How NAT Works 9 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the ZyAIR can communicate with three distin...

Страница 116: ...cal IP addresses to one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature the SUA Only option Many to Many Overload In Many to Many Overl...

Страница 117: ...r 2 IP IGA1 Server 3 IP IGA1 Server 9 1 6 SUA Single User Account Versus NAT SUA Single User Account is a ZyNOS implementation of a subset of NAT that supports two types of mapping Many to One and Ser...

Страница 118: ...t are not specified in this screen If you do not assign a Default Server IP Address then all packets received for ports not specified in this screen will be discarded 9 2 1 Port Forwarding Services an...

Страница 119: ...19 SNMP Simple Network Management Protocol 161 SNMP trap 162 PPTP Point to Point Tunneling Protocol 1723 9 2 2 Configuring Servers Behind SUA Example Let s say you want to assign ports 22 25 to one se...

Страница 120: ...then all packets received for ports not specified in this screen will be discarded Click ADVANCED and then SUA NAT to open the SUA Server screen Refer to the Table 9 3 for port numbers commonly used f...

Страница 121: ...ts enter the start port number in the Start Port field and the last port to be forwarded in the End Port field Server IP Address Enter the inside IP address of the server here Apply Click Apply to sav...

Страница 122: ...ocal End IP This is the end local IP address If the rule is for all local IP addresses then this field displays 0 0 0 0 and 255 255 255 255 as the Local End IP address This field is N A for One to One...

Страница 123: ...te an address mapping rule 9 4 1 Configuring Address Mapping Rule To edit an address mapping rule click the Edit button to display the screen shown next Figure 9 6 Address Mapping Rule The following t...

Страница 124: ...d IP address This field is N A for One to One and Server mapping types Global Start IP This is the starting global IP address IGA Enter 0 0 0 0 here if you have a dynamic IP address from your ISP Glob...

Страница 125: ...ks beyond For instance the ZyAIR knows about network N2 in the following figure through remote node Router 1 However the ZyAIR is unable to route a packet to network N3 because it doesn t know that th...

Страница 126: ...Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This field displays the IP address of the gateway The gateway is...

Страница 127: ...10 2 1 Configuring Route Entry Select a static route index number and click Edit The screen shown next appears Fill in the required information for each static route Figure 10 3 Edit IP Static Route...

Страница 128: ...t as your ZyAIR over the WAN the gateway must be the IP address of one of the remote nodes Metric Type a number that approximates the cost for this link Metric represents the cost of transmission for...

Страница 129: ...e Management V Part V FIREWALL AND REMOTE MANAGEMENT This part introduces firewalls in general and the ZyAIR firewall It also explains custom ports and gives example firewall rules and information on...

Страница 130: ......

Страница 131: ...only mechanism or method employed For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In ad...

Страница 132: ...connection and to adapt to dynamic protocols These firewalls generally provide the best speed and transparency however they may lack the granular application level access control or caching that some...

Страница 133: ...ocol POP3 E mail etc For example Web traffic by default uses TCP port 80 When computers communicate on the Internet they are using the client server model where the server listens on a specific TCP UD...

Страница 134: ...ication The oversize packet is then sent to an unsuspecting system Systems may crash hang or reboot 1 b Teardrop attack exploits weaknesses in the reassembly of IP packet fragments As data is transmit...

Страница 135: ...shed 2 a SYN Attack floods a targeted system with a series of SYN packets Each packet causes the targeted system to issue a SYN ACK response While the targeted system waits for the ACK that follows th...

Страница 136: ...dcast address of the network the router will broadcast the ICMP echo request packet to all hosts on the network If there are numerous hosts this will create a large amount of ICMP echo request and res...

Страница 137: ...DoS attacks also employ a technique known as IP Spoofing as part of their attack IP Spoofing may be used to break into systems to hide the hacker s identity or to magnify the effect of the DoS attack...

Страница 138: ...nspection The previous figure shows the ZyAIR s default firewall rules in action as well as demonstrates how stateful inspection works User A can initiate a Telnet session from within the LAN and resp...

Страница 139: ...ction of travel of packets to which they apply LAN to LAN ZyAIR WAN to LAN LAN to WAN WAN to WAN ZyAIR By default the ZyAIR s stateful packet inspection allows packets traveling in the following direc...

Страница 140: ...customized rules take precedence and override the ZyAIR s default rules 12 3 Rule Logic Overview Study these points carefully before configuring rules 12 3 1 Rule Checklist 1 State the intent of the...

Страница 141: ...d Block means the firewall silently discards the packet Service Select the service from the Service scrolling list box If the service is not listed it is necessary to first define it See section 12 5...

Страница 142: ...igure a LAN to WAN rule you in essence want to limit some or all users from accessing certain services on the WAN See the following figure Figure 12 1 LAN to WAN Traffic 12 4 2 WAN to LAN Rules The de...

Страница 143: ...services in the Services screen You may allow traffic initiated from the WAN by configuring port forwarding rules one to one many one to one mapping rules and or allow remote management The firewall i...

Страница 144: ...LABEL DESCRIPTION Enable Firewall Select this check box to activate the firewall The ZyAIR performs access control and protects against Denial of Service DoS attacks when the firewall is activated LA...

Страница 145: ...low one specific computer full access to all blocked resources Trusted Computer IP Address You can allow a specific computer to access all Internet resources without restriction Enter the IP address o...

Страница 146: ...de 12 8 Firewall Screens Figure 12 4 Firewall Filter The following table describes the labels in this screen Table 12 2 Firewall Filter LABEL DESCRIPTION Restrict Web Features Select the categories of...

Страница 147: ...LAN users to circumvent content filtering by pointing to this proxy server Enable URL Keyword Blocking Select this check box to block the URL containing the keywords in the keyword list Keyword Type...

Страница 148: ...s Click ADVANCED FIREWALL and then the Services tab to open the Services screen Use this screen to enable service blocking enter delete modify the services you want to block and the date time you want...

Страница 149: ...ber Authority web site Type Services are either TCP and or UDP Select from either TCP or UDP Port Number Enter the port number range that defines the service For example suppose you want to define the...

Страница 150: ...Server CU SEEME TCP UDP 7648 24032 A popular videoconferencing solution from White Pines Software DNS UDP TCP 53 Domain Name Server a service that matches web names e g www zyxel com to IP numbers FIN...

Страница 151: ...TCP 513 Remote Login RTELNET TCP 107 Remote Telnet RTSP TCP UDP 554 The Real Time Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 Simple File Tran...

Страница 152: ...4 Predefined Services SERVICE DESCRIPTION TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transm...

Страница 153: ...e firewall chapters for details on configuring firewall rules You may manage your ZyAIR from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable When you Choose WAN only o...

Страница 154: ...1 2 Remote Management and NAT When NAT is enabled Use the ZyAIR s WAN IP address when configuring from the WAN Use the ZyAIR s LAN IP address when configuring from the LAN 13 1 3 System Timeout There...

Страница 155: ...order to use that service for remote management Server Access Select the interface s through which a computer may access the ZyAIR using this service Secured Client IP Address A secured client is a t...

Страница 156: ...is screen Table 13 2 FTP LABEL DESCRIPTION Server Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote m...

Страница 157: ...REMOTE MANAGEMENT and then the WWW tab The screen appears as shown Figure 13 4 WWW The following table describes the labels in this screen Table 13 3 WWW LABEL DESCRIPTION Server Port You may change t...

Страница 158: ...s service Apply Click Apply to save your changes back to the ZyAIR Reset Click Reset to begin configuring this screen afresh 13 6 Configuring SNMP Simple Network Management Protocol is a protocol used...

Страница 159: ...define each piece of information to be collected about a device Examples of variables include the number of packets received node port status etc A Management Information Base MIB is a collection of m...

Страница 160: ...ps TRAP TRAP NAME DESCRIPTION 1 coldStart defined in RFC 1215 A trap is sent after booting power on 2 warmStart defined in RFC 1215 A trap is sent after booting software reboot 3 linkUp defined in RFC...

Страница 161: ...ck ADVANCED REMOTE MANAGEMENT and then the SNMP tab The screen appears as shown Figure 13 6 SNMP The following table describes the labels in this screen Table 13 6 SNMP LABEL DESCRIPTION SNMP Configur...

Страница 162: ...to use that service for remote management Server Access Select the interface s through which a computer may access the ZyAIR using this service Secured Client IP Address A secured client is a trusted...

Страница 163: ...AIR Select All to allow any computer to send DNS queries to the ZyAIR Choose Selected to just allow the computer with the IP address that you specify to send DNS queries to the ZyAIR Apply Click Apply...

Страница 164: ...d to any incoming Ping requests when Disable is selected Select LAN to reply to incoming LAN Ping requests Select WAN to reply to incoming WAN Ping requests Otherwise select LAN WAN to reply to both i...

Страница 165: ...UPnP and Logs VI Part VI UPNP AND LOGS This part provides information and configuration instructions for UPnP Universal Plug and Play and the logs...

Страница 166: ......

Страница 167: ...fied as an icon in the Network Connections folder Windows XP Each UPnP compatible device installed on your network will appear as a separate icon Selecting the icon of a UPnP device will allow you to...

Страница 168: ...UPnP if this is not your intention 14 2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum Creates UPnP Implementers Corp UIC ZyXEL s UPnP implementation suppo...

Страница 169: ...screen without entering the ZyAIR s IP address although you must still enter the password to access the web configurator Allow users to make configuration changes through UPnP Select this check box to...

Страница 170: ...e the firewall block all UPnP application packets for example MSN packets instead of creating a firewall rule for them UPnP Name This identifies the ZyAIR in UPnP applications Apply Click Apply to sav...

Страница 171: ...Restart the computer when prompted 14 4 2 Installing UPnP in Windows XP Follow the steps below to install UPnP in Windows XP Step 6 Click Start and Control Panel Step 7 Double click Network Connectio...

Страница 172: ...ws XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the ZyAIR Make sure the computer is connected to...

Страница 173: ...uide UPnP Screens 14 7 Step 3 In the Internet Connection Properties window click Settings to see the port mappings that were automatically created Step 4 You may edit or delete the port mappings or cl...

Страница 174: ...en connected check box and click OK An icon displays in the system tray Step 6 Double click the icon to display your current Internet connection status 14 5 2 Web Configurator Easy Access With UPnP yo...

Страница 175: ...Panel Step 2 Double click Network Connections Step 3 Select My Network Places under Other Places Step 4 An icon with the description for each UPnP enabled device displays under Local Network Step 5 R...

Страница 176: ...ZyAIR Wireless Gateway Series User s Guide 14 10 UPnP Screens Step 6 Right click the icon for your ZyAIR and select Properties A properties window displays with basic information about the ZyAIR...

Страница 177: ...screen Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen see section 15 2 Options include logs about system maintenance system errors access cont...

Страница 178: ...logs select All Logs The number of categories shown in the drop down list box depends on the selection in the Log Settings page Time This field displays the time the log was recorded Message This fie...

Страница 179: ...ppears as shown Use the Log Settings screen to configure to where the ZyAIR is to send the logs the schedule for when the ZyAIR is to send the logs and which logs and or immediate alerts the ZyAIR is...

Страница 180: ...ZyAIR Wireless Gateway Series User s Guide 15 4 Logs Screens Figure 15 2 Log Settings...

Страница 181: ...n external UNIX server used to store logs Active Click Active to enable UNIX syslog Syslog Server IP Address Enter the server name or the IP address of the syslog server that will log the CDR Call Det...

Страница 182: ...o change your ZyAIR s log reports click ADVANCED LOGS and then the Reports tab The screen appears as shown The Reports screen displays which computers on the LAN send and receive the most traffic what...

Страница 183: ...hat also get counted as hits The ZyAIR records web site hits by counting the HTTP GET packets Many web sites include HTTP GET references to other web sites and the ZyAIR may count these as hits thus t...

Страница 184: ...Start Collection when the ZyAIR is not recording report data and Stop Collection when the ZyAIR is recording report data Click Start Collection to have the ZyAIR record report data Click Stop Collect...

Страница 185: ...hich the most traffic has gone through the ZyAIR The protocols or service ports are listed in descending order with the most used protocol or service port listed first Start Collection Stop Collection...

Страница 186: ...ervice port The count starts over at 0 if a protocol or port passes the bytes count limit see Table 15 6 15 3 2 Viewing LAN IP Address In the Reports screen select LAN IP Address from the Report Type...

Страница 187: ...der with the LAN IP address to and or from which the most traffic was sent listed first Bytes This column displays how much traffic has gone to and from the listed LAN IP addresses The measurement uni...

Страница 188: ...Maintenance VII Part VII MAINTENANCE This part describes the Maintenance web configurator screens...

Страница 189: ......

Страница 190: ...view The maintenance screens can help you view system information upload new firmware manage configuration and restart your ZyAIR 16 2 System Status Screen Click MAINTENANCE to open the System Status...

Страница 191: ...s is the WAN port IP address IP Subnet Mask This is the WAN port subnet mask DHCP This is the WAN port DHCP role Client or None LAN Port IP Address This is the LAN port IP address IP Subnet Mask This...

Страница 192: ...n up System Up Time This is the total time the ZyAIR has been on Poll Interval Enter the time interval for refreshing statistics Set Interval Click this button to apply the new poll interval you enter...

Страница 193: ...AC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal notation A network interface card such as an Ethernet adapter has a hardwire...

Страница 194: ...tation Association Time This field displays the time a wireless station first associated with the ZyAIR Refresh Click Refresh to reload the screen 16 4 1 Channel Usage The Channel Usage screen display...

Страница 195: ...sage ZyAIR B 2000 LABEL DESCRIPTION Channel This is the index number of the channel currently used by the associated AP in an Infrastructure wireless network or wireless station in an Ad Hoc wireless...

Страница 196: ...n an Ad Hoc wireless network For our purposes we define an Infrastructure network as a wireless network that uses an AP and an Ad Hoc network also known as Independent Basic Service Set IBSS as one th...

Страница 197: ...P setup Network modes are Infrastructure same as an extended service set ESS Infrastructure with WEP WEP encryption is enabled Ad Hoc same as an independent basic service set IBSS or Ad Hoc with WEP R...

Страница 198: ...press compressed zip files before you can upload them Upload Click Upload to begin the upload process This process may take up to two minutes Do not turn off the device while firmware upload is in pro...

Страница 199: ...transfer files See the Firmware and Configuration File Maintenance chapter for transferring configuration files using FTP TFTP commands Click MAINTENANCE and then the Configuration tab Information rel...

Страница 200: ...usually have a ROM extension e g zyair rom The system reboots automatically after the file transfer is complete and uses the configured values in the file WARNING Do not interupt the file transfer pro...

Страница 201: ...load successful screen you must then wait one minute before logging into the ZyAIR again Figure 16 13 Configuration Upload Successful The ZyAIR automatically restarts in this time causing a temporary...

Страница 202: ...the Reset button in this section clears all user entered configuration information and returns the ZyAIR to its factory defaults as shown on the screen This will erase all configurations that you have...

Страница 203: ...uide 16 14 Maintenance Figure 16 17 Reset Warning Message You can also press the RESET button on the side panel to reset the factory defaults of your ZyAIR Refer to the Resetting the ZyAIR section for...

Страница 204: ...ETTING STARTED MENUS This part introduces the SMT System Management Terminal and discusses the Getting Started SMT menus See the web configurator parts of this guide for background information on feat...

Страница 205: ......

Страница 206: ...OK Step 3 For your first login enter 1234 in the Password field As you type the password the screen displays an x for each character you type Step 4 After entering the password you will see the main m...

Страница 207: ...as shown next For your first login enter the default password 1234 As you type the password the screen displays an x for each character you type Figure 17 2 Login Screen 17 3 Changing the System Passw...

Страница 208: ...R Note that as you type a password the screen displays an asterisk for each character you type 17 4 ZyAIR SMT Menu Overview Example We use the ZyAIR B 2000 v 2 SMT menus in this guide as an example Th...

Страница 209: ...4 System Maintenance Diagnostic Menu 24 5 System Maintenance Backup Configuration Menu 24 6 System Maintenance Restore Configuration Menu 24 7 System Maintenance Upload Firmware Menu 24 8 Command Inte...

Страница 210: ...OWN arrow keys to move to the previous and the next field respectively Entering information Type in or press SPACE BAR then press ENTER You need to fill in two types of fields The first requires you t...

Страница 211: ...ofiles on the ZyAIR 15 NAT Setup Use this menu to specify inside servers when NAT is enabled 21 Filter and Firewall Setup Use this menu to set up filters and firewall to provide security etc 22 SNMP C...

Страница 212: ...ZyAIR Wireless Gateway Series User s Guide Introducing the SMT 17 7 Table 17 2 Main Menu Summary MENU TITLE DESCRIPTION 99 Exit Use this to exit from SMT and return to a blank screen...

Страница 213: ......

Страница 214: ...SP is used While you must enter the host name System Name on each individual computer the domain name can be assigned from the ZyAIR via DHCP 18 1 1 Dynamic DNS To use this service you must register w...

Страница 215: ...an go to menu 24 8 and type sys domainname to see the current domain name used by your gateway If you want to clear this field just press the SPACE BAR The domain name entered by you is given priority...

Страница 216: ...To configure Dynamic DNS go to Menu 1 General Setup and select Yes in the Edit Dynamic DNS field Press ENTER to display Menu 1 1 Configure Dynamic DNS as shown next Figure 18 2 Menu 1 1 Configure Dyn...

Страница 217: ...client as your service provider No Offline This field is only available when CustomDNS is selected in the DDNS Type field Press SPACE BAR and then ENTER to select Yes When Yes is selected traffic is...

Страница 218: ...AN Setup The MAC address field allows users to configure the WAN port s MAC address by either using the factory default or cloning the MAC address from a computer on your LAN Once it is successfully c...

Страница 219: ...ed on LAN and enter the IP address in the IP Address field below to clone the MAC address of the computer on the Ethernet Factory default IP Address Enter the IP address of the computer whose MAC addr...

Страница 220: ...Ethernet Port Filter Setup This menu allows you to specify filter set s that you wish to apply to the Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful...

Страница 221: ...nu 3 2 TCP IP and DHCP Ethernet Setup Follow the instructions in the following table on how to configure the DHCP fields Menu 3 2 TCP IP and DHCP Ethernet Setup DHCP Server TCP IP Setup Client IP Pool...

Страница 222: ...Second DNS Server Third DNS Server Press SPACE BAR to select From ISP User Defined DNS Relay or None and press ENTER The DNS servers are passed to the DHCP clients along with the IP address and the su...

Страница 223: ...cal LAN interfaces via its single physical Ethernet interface with the ZyAIR itself as the gateway for each LAN network Press SPACE BAR to select Yes and press ENTER to go to menu 3 2 1 No When you ha...

Страница 224: ...s N A IP Subnet Mask N A RIP Direction N A Version N A Incoming protocol filters N A Outgoing protocol filters N A IP Alias 2 No IP Address N A IP Subnet Mask N A RIP Direction N A Version N A Incomin...

Страница 225: ...nly or Out Only None Version Press SPACE BAR to select the RIP version Choices are RIP 1 RIP 2B or RIP 2M RIP 1 Incoming Protocol Filters Enter the filter set s you wish to apply to the incoming traff...

Страница 226: ...ive scanning No Channel ID Press SPACE BAR to select a channel This allows you to set the operating frequency channel depending on your particular region CH01 2412MHz RTS Threshold Setting this attrib...

Страница 227: ...nter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP in the WEP Encryption field then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F Enter 0x befor...

Страница 228: ...Follow the steps below to create the MAC address table on your ZyAIR Step 1 From the main menu enter 3 to open Menu 3 LAN Setup Step 2 Enter 5 to display Menu 3 5 Wireless LAN Setup Figure 19 9 Menu...

Страница 229: ...enied access to the ZyAIR in these address fields When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel...

Страница 230: ...s and then press ENTER Menu 3 5 2 Roaming Configuration displays as shown next Figure 19 12 Menu 3 5 2 Roaming Configuration The following table describes the fields in this menu Menu 3 5 2 Roaming Co...

Страница 231: ...ore ZyAIRs on the same subnet Port Enter the port number to communicate roaming information between access points The port number must be the same on all access points The default is 16290 Make sure t...

Страница 232: ...ing PPP or PPPoE encapsulation then the only ISP information you need is a login name and password Table 20 1 Internet Account Information FIELD DESCRIPTION YOUR INFORMATION System Name Enter the name...

Страница 233: ...ow to configure your ZyAIR for Internet access Table 20 2 Menu 4 Internet Access Setup FIELD DESCRIPTION EXAMPLE ISP s Name Enter the name of your Internet Service Provider This information is for ide...

Страница 234: ...ignment Press SPACE BAR and then ENTER to select Static or Dynamic address assignment Static IP Address Enter the IP address supplied by your ISP if applicable 10 11 12 20 IP Subnet Mask Your ZyAIR wi...

Страница 235: ...SMT Advanced Applications Menus IX Part IX SMT ADVANCED APPLICATION MENUS This part shows how to configure Remote Node Static Routing Dial in User and NAT...

Страница 236: ......

Страница 237: ...enter 11 to display Menu 11 Remote Node Profile as shown in 21 1 1 Encapsulation Scenarios For Internet access you should use the encapsulation used by your ISP Nailed Up Connection PPPoE PPTP A nail...

Страница 238: ...nner flavor if your ISP is using Time Warner s RoadRunner otherwise choose Standard The User Name Password and Login Server IP Address fields are not applicable N A for the latter Choose from Standard...

Страница 239: ...tic IP address assigned to you by your ISP in dotted decimal notation 10 11 12 13 My IP Mask Type the subnet mask of the PPTP server Server IP Address Type the IP address of the PPTP server in dotted...

Страница 240: ...fault Idle Timeout sec Type the number of seconds 0 9999 that can elapse when the ZyAIR is idle there is no traffic going to the remote node before the ZyAIR automatically disconnects the remote node...

Страница 241: ...nly be able to configure this in the ISP node also the one you configure in menu 4 all other nodes are set to Static Static Rem IP Addr This is the IP address you entered in the previous menu Rem Subn...

Страница 242: ...te and not included in RIP broadcast If No the route to this remote node will be propagated to other hosts through RIP broadcasts No RIP Direction Press SPACE BAR and then ENTER to select the RIP Dire...

Страница 243: ...AIR has no knowledge of the networks beyond For instance the ZyAIR knows about network N2 in the following figure through remote node Router 1 However the ZyAIR is unable to route a packet to network...

Страница 244: ...12 1 Edit IP Static Route FIELD DESCRIPTION Route This is the index number of the static route that you chose in menu 12 1 Route Name Type a descriptive name for this route This is for identification...

Страница 245: ...must be a router on the same segment as your ZyAIR over WAN the gateway must be the IP address of one of the remote nodes Metric Metric represents the cost of transmission for routing purposes IP rout...

Страница 246: ......

Страница 247: ...Step 2 Type a number and press ENTER to edit the user profile Figure 22 2 Menu 14 1 Edit Dial in User The following table describes the fields in this screen Menu 14 Dial in User Setup 1 ________ 9 __...

Страница 248: ...for this user profile This field is case sensitive Active Press SPACE BAR to select Yes and press ENTER to enable the user profile Password Enter a password up to 31 characters long for this user prof...

Страница 249: ...apply NAT for Internet access in menu 4 Enter 4 from the main menu to go to Menu 4 Internet Access Setup Figure 23 1 Menu 4 Internet Access Setup The following figure shows how you apply NAT to the re...

Страница 250: ...ign global addresses to computers on the LAN You can see two NAT Address Mapping sets in menu 15 1 You can only configure Set 1 Set 255 is used for SUA When you select Full Feature in menu 4 or 11 3 t...

Страница 251: ...gure 23 4 Menu 15 1 Address Mapping Sets SUA Address Mapping Set Enter 255 to display the next screen The fields in this menu cannot be changed Menu 15 1 255 is read only Menu 15 1 Address Mapping Set...

Страница 252: ...en the Start IP is 0 0 0 0 and the End IP is 255 255 255 255 255 255 255 255 Global Start IP This is the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global Start IP 0...

Страница 253: ...les This is a required field If this field is left blank the entire set will be deleted NAT_SET Action The default is Edit Edit means you want to edit a selected rule see following field Insert Before...

Страница 254: ...dress Mapping Rule in which you can edit an individual rule and configure the Type Local and Global Start End IPs Figure 23 7 Menu 15 1 1 1 Address Mapping Rule The table below describes the fields fo...

Страница 255: ...takes the corresponding action and the remaining rules are ignored If there are any empty rules before your new configured rule your configured rule will be pushed up by that number of empty rules For...

Страница 256: ...ten used port numbers are shown in the following table Please refer to RFC 1700 for further information about port numbers Please also refer to the included disk for more examples and details on NAT T...

Страница 257: ...168 1 33 Step 5 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC at any time to cancel 23 4 General NAT Examples 23 4 1 Example...

Страница 258: ...n 23 4 The SUA Only read only option from the Network Address Translation field in menus 4 and 11 3 is specifically pre configured to handle this case Menu 4 Internet Access Setup ISP s Name ChangeMe...

Страница 259: ...go to menu 15 2 to specify the Inside Server behind the NAT as shown in the next figure Figure 23 12 Menu 15 2 1 NAT Server Setup Menu 15 2 NAT Server Setup Rule Start Port No End Port No IP Address...

Страница 260: ...erver Four rules need to be configured two bi directional and two uni directional as follows Rule 1 Map the first IGA to the first inside FTP server for FTP traffic in both directions 1 1 mapping givi...

Страница 261: ...field Press ENTER to confirm Step 5 Select Type as One to One direct mapping for packets going both ways and enter the local Start IP as 192 168 1 10 the IP address of FTP Server 1 the global Start IP...

Страница 262: ...orwarding Setup Menu 15 1 1 Address Mapping Rules Set Name Eample3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 10 132 50 1 1 1 2 192 168 1 11 10 132 50 2 1 1 3 0...

Страница 263: ...Figure 23 17 NAT Example 4 Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream These applications won t work through NAT ev...

Страница 264: ...Internet can then be forwarded directly to the LAN computer Trigger ports are transient they only exist while in use or are timed out The following is a trigger port example INTERNET LAN WAN Figure 2...

Страница 265: ...Ports 1 Trigger events only happen on outgoing data from the ZyAIR to the WAN 2 Only one LAN computer can use a trigger port range at a time Enter 3 in menu 15 to display Menu 15 3 Trigger Port Setup...

Страница 266: ...ting port number in a range of port numbers 6970 End Port Enter a port number or the ending port number in a range of port numbers 7170 Trigger The trigger port is a port or a range of ports that caus...

Страница 267: ...DVANCED MANAGEMENT MENUS This part discusses Filtering and Firewall setup SNMP System Security System Information and Diagnosis Firmware and Configuration File Maintenance System Maintenance and Infor...

Страница 268: ......

Страница 269: ...ering is used to determine if a packet should be allowed to trigger a call Outgoing packets must undergo data filtering before they encounter call filtering Call filters are divided into two groups th...

Страница 270: ...shown in the figures that follow The following figure illustrates the logic flow when executing a filter rule Start Fetch First Filter Set Fetch First Filter Rule Active Execute Filter Rule Fetch Nex...

Страница 271: ...72 filter rules in the system 24 2 Configuring a Filter Set To configure a filter set follow the steps shown next Step 1 Enter 21 from the main menu Step 2 Enter 1 to display Menu 21 1 Filter Set Con...

Страница 272: ...D N 4 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 137 N D N 5 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 138 N D N 6 Y IP Pr 17 SA 0 0 0 0 DA 0 0 0 0 DP 139 N D F Enter Filter Rule Number 1 6 to Configure Menu 21 1...

Страница 273: ...the rule chain is complete N means there are no more rules to check You can specify an action to be taken for instance forward the packet drop the packet or check the next rule For the latter the nex...

Страница 274: ...eed up filtering all rules in a filter set must be of the same class for instance protocol filters or generic filters The class of a filter set is determined by the first rule that you create When app...

Страница 275: ...No IP Protocol This is the upper layer protocol for example TCP is 6 UDP is 17 and ICMP is 1 The value must be between 0 and 255 A value of 0 matches ANY protocol 0 to 255 IP Source Route IP Source Ro...

Страница 276: ...Port Type the source port of the packets you want to filter The range of this field is 0 to 65535 A 0 field is ignored 0 to 65535 Port Comp Select the comparison to apply to the source port in the pac...

Страница 277: ...e Forward or Drop Check Next Rule default Action Not Matched Select the action for a packet not matching the rule Choices are Check Next Rule Forward or Drop Check Next Rule default When you have comp...

Страница 278: ...e No Filter Active Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src A...

Страница 279: ...rule select an empty filter set in menu 21 1 for example 4 Select Generic Filter Rule in the Filter Type field and press ENTER to open Menu 21 1 4 1 Generic Filter Rule as shown in the following figu...

Страница 280: ...will be logged Both All packets will be logged None Action Matched Select the action for a matching packet Choices are Check Next Rule Forward or Drop Check Next Rule Action Not Matched Select the act...

Страница 281: ...Figure 24 10 Protocol and Device Filter Sets 24 5 Example Filter Let s look at an example to block outside users from telnetting into the ZyAIR Figure 24 11 Sample Telnet Filter Step 1 Enter 1 in men...

Страница 282: ...0 0 0 0 IP Mask 0 0 0 0 Port 23 Port Comp Equal Source IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port Port Comp None TCP Estab No More No Log None Action Matched Drop Action Not Matched Forward Press ENTER to C...

Страница 283: ...N Input Filter Sets Apply filters for incoming traffic You may apply protocol or device filter rules See earlier in this chapter for information on filters Output Filter Sets Apply filters for traffic...

Страница 284: ...er s of the filter set s as appropriate You can cascade up to four filter sets by typing their numbers separated by commas The factory default filter set NetBIOS_WAN is inserted in the protocol filter...

Страница 285: ...detection and prevention real time alerts reports and logs Enter 2 in menu 21 to display Menu 21 2 Firewall Setup shown next Menu 21 2 Firewall Setup The firewall protects against Denial of Service Do...

Страница 286: ......

Страница 287: ...FIELD DESCRIPTION EXAMPLE SNMP Get Community Type the Get Community which is the password for the incoming Get and GetNext requests from the management station public Set Community Type the Set Commu...

Страница 288: ...trap community which is the password sent with each trap to the SNMP manager public Destination Type the IP address of the station to send your SNMP traps to 0 0 0 0 When you have completed this menu...

Страница 289: ...ave to restore the default configuration file Refer to the section on changing the system password in the Introducing the SMT chapter and the section on resetting the ZyAIR in the Introducing the Web...

Страница 290: ...k administrator instructs you to do so with additional information 1812 Shared Secret Specify a password up to 31 alphanumeric characters as the key to be shared between the external authentication se...

Страница 291: ...k This key must be the same on the external accounting server and ZyAIR When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration o...

Страница 292: ...lient has to re enter username and password to stay connected to the wired network This field is activated only when you select Authentication Required in the Wireless Port Control field Enter a time...

Страница 293: ...AIR then checks the user database on the specified RADIUS server Select RADIUS first then Local to have the ZyAIR first check the user database on the specified RADIUS server for a wireless station s...

Страница 294: ......

Страница 295: ...in the next figure System Status is a tool that can be used to monitor your ZyAIR Specifically it gives you information on your LAN and wireless LAN status number of packets sent and received To get...

Страница 296: ...s per second Up Time This is the time this channel has been connected to the current remote node Ethernet Address This shows the MAC address of the port IP Address This shows the IP address of the net...

Страница 297: ...e next figure Figure 27 3 Menu 24 2 System Information and Console Port Speed The ZyAIR has an internal console port for support personnel only Do not open the ZyAIR as it will void your warranty 27 2...

Страница 298: ...ZyAIR DHCP This field shows the DHCP setting of the ZyAIR When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC t...

Страница 299: ...or log in the system After the ZyAIR finishes displaying the error log you will have the option to clear it Samples of typical error and information messages are presented in the next figure Figure 27...

Страница 300: ...dress of your syslog server Log Facility Press SPACE BAR and then ENTER to select one of seven different local options The log facility lets you log the message in different server files Refer to your...

Страница 301: ...4 allows you to choose among various types of diagnostic tests to evaluate your system as shown in the following figure Figure 27 9 Menu 24 4 System Maintenance Diagnostic Follow the procedure next to...

Страница 302: ...System Maintenance Diagnostic FIELD DESCRIPTION DHCP Renewal Get a new IP address from the DHCP server Internet Setup Test Use this option to test your Internet connection Reboot System Reboot the Zy...

Страница 303: ...en next ftp put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the ZyAIR ftp get rom 0 config cfg This is a sample FTP session saving the curre...

Страница 304: ...and upload files in menus 24 5 24 6 24 7 1 and 24 7 2 depending on whether you use the console port or Telnet Option 5 from Menu 24 System Maintenance allows you to backup the current ZyAIR configurat...

Страница 305: ...t rom 0 config rom transfers the configuration file on the ZyAIR to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit t...

Страница 306: ...vice administrator has enabled this option Normal The server requires a unique User ID and Password to login Transfer Type Transfer files in either ASCII plain text format or in binary mode Initial Re...

Страница 307: ...er will not be interrupted Enter command sys stdio 5 to restore the five minute SMT timeout default when the file transfer is complete Step 4 Launch the TFTP client on your computer and connect to the...

Страница 308: ...ion file is rom 0 Binary Transfer the file in binary mode Abort Stop transfer of the file Refer to section 28 2 5 to read about configurations that disallow TFTP and FTP over WAN 28 2 9 Backup Via Con...

Страница 309: ...w to restore a previously saved configuration Note that this function erases the current configuration before restoring a previous back up configuration please do not attempt to restore unless you hav...

Страница 310: ...er for example put config rom rom 0 transfers the configuration file config rom on your computer to the ZyAIR See earlier in this chapter for more information on filename conventions Step 8 Enter quit...

Страница 311: ...ilar Step 1 Display menu 24 6 and enter y at the following screen Figure 28 9 System Maintenance Restore Configuration Step 2 The following screen indicates that the Xmodem download has started Figure...

Страница 312: ...e in the previous Restore Configuration section or by following the instructions in Menu 24 7 2 System Maintenance Upload System Configuration File for console port WARNING DO NOT INTERUPT THE FILE TR...

Страница 313: ...on FTP commands please consult the documentation of your FTP client program For details on uploading system firmware using TFTP note that you must remain on this menu to upload system firmware using T...

Страница 314: ...ur computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt 28 4 4 FTP Session Example of Firmware File Uplo...

Страница 315: ...s on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to transfer from the ZyAIR to the computer put the other way around and binary to...

Страница 316: ...nications programs should be similar 28 4 9 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer then Send File to display the following screen Figure 28 17 Example Xmodem Upload After th...

Страница 317: ...start the ZyAIR 28 4 11Example Xmodem Configuration Upload Using HyperTerminal Click Transfer then Send File to display the following screen Menu 24 7 2 System Maintenance Upload System Configuration...

Страница 318: ...figuration File Maintenance Figure 28 19 Example Xmodem Upload After the configuration upload process has completed restart the ZyAIR by entering atgo Type the configuration file s location or click B...

Страница 319: ...led information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help or at the command prompt Type exit to return to the SMT main menu when finis...

Страница 320: ...enu select option 9 in menu 24 to go to Menu 24 9 System Maintenance Call Control as shown in the next table Figure 29 3 Menu24 9 System Maintenance Call Control 29 2 1 Budget Management Menu 24 9 1 s...

Страница 321: ...hin the allocated budget that you set in menu 11 1 5 10 means that 5 minutes out of a total allocation of 10 minutes have lapsed Elapsed Time Total Period The period is the time cycle in hours that th...

Страница 322: ...There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyAIR Menu 24 10 allows you to update the time and date setti...

Страница 323: ...ith your ISP network administrator if you are unsure of this information Current Time This field displays an updated time only when you reenter this menu New Time Enter the new time in hour minute and...

Страница 324: ......

Страница 325: ...Network 30 2 FTP You can upload and download ZyAIR firmware and configuration files using FTP To use this feature your computer must have an FTP client 30 3 Web You can use the ZyAIR s embedded web c...

Страница 326: ...management of a service but have applied a filter to block the service then you will not be able to remotely manage the service Enter 11 from menu 24 to display Menu 24 11 Remote Management Control sh...

Страница 327: ...ZyAIR Enter an IP address to restrict access to a client with a matching IP address 0 0 0 0 Once you have filled in this menu press ENTER at the message Press ENTER to Confirm or ESC to Cancel to sav...

Страница 328: ...WAN Use the ZyAIR s LAN IP address when configuring from the LAN 30 6 System Timeout There is a system timeout of five minutes 300 seconds for Telnet web FTP connections Your ZyAIR will automatically...

Страница 329: ...t Figure 31 1 Menu 26 Schedule Setup Lower numbered sets take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if sets 1 2 3 and 4 in are applied in the remote no...

Страница 330: ...BAR to No and press ENTER to disable the schedule set Yes Start Date Enter the start date when you wish the set to take effect in year month date format Valid dates are from the present to 2036 Februa...

Страница 331: ...rced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field Forced Down means that the connec...

Страница 332: ...1 1 Remote Node Profile Rem Node Name ChangeMe Route IP Active Yes Encapsulation PPTP Edit IP No Service Type Standard Telco Option Service Name N A Allocated Budget min 0 Outgoing Period hr 0 My Logi...

Страница 333: ...des contains troubleshooting and additional background information on setting up your computer s IP address wireless LAN 802 1x PPPoE PPTP and IP subnetting It also provides information on the command...

Страница 334: ......

Страница 335: ...o see if the ZyAIR is connected to your computer s console port VT100 terminal emulation 9600 bps is the default speed on leaving the factory Try other speeds in case the speed has been changed I cann...

Страница 336: ...s are on the same subnet Problems with the WAN Interface Chart A 4 Troubleshooting the WAN Interface PROBLEM CORRECTIVE ACTION The ISP provides the WAN IP address after authenticating you Authenticati...

Страница 337: ...b configurator or the Internet Access chapter SMT Make sure you entered the correct user name and password For wireless stations check that both the ZyAIR and wireless station s are using the same ESS...

Страница 338: ...EM CORRECTIVE ACTION I cannot ping any computer on the WLAN Make sure the wireless card is properly inserted in the ZyAIR and the WLAN LED is on Make sure the wireless adapter on the wireless station...

Страница 339: ...AND DESCRIPTION sys pwderrtm This command displays the brute force guessing password protection settings sys pwderrtm 0 This command turns off the password s protection from brute force guessing sys p...

Страница 340: ......

Страница 341: ...should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in orde...

Страница 342: ...nd then click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks a Click Add b Select...

Страница 343: ...automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields 2 Click the DNS Configuration tab If you do not know you...

Страница 344: ...d 4 Click OK to save and close the TCP IP Properties window 5 Click OK to close the Network window Insert the Windows CD if prompted 6 Turn on your ZyAIR and restart your computer when prompted Verify...

Страница 345: ...Address C 5 1 For Windows XP click start Control Panel In Windows 2000 NT click Start Settings Control Panel 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up C...

Страница 346: ...b in Win XP and click Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you h...

Страница 347: ...an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings...

Страница 348: ...DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to clos...

Страница 349: ...Computer s IP Address C 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel 2 Select Ethernet built in from the Connect via list 3 For dynamically assigned...

Страница 350: ...n the Subnet mask box Type the IP address of your ZyAIR in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your ZyAIR a...

Страница 351: ...ct Using DHCP from the Configure list 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the...

Страница 352: ......

Страница 353: ...groups a lower total cost of ownership for workspaces that are frequently reconfigured 4 It allows conference room users access to the network as they move from meeting to meeting getting up to date a...

Страница 354: ...SS In the most basic form a wireless LAN connects a set of computers with wireless adapters Any time two or more wireless adapters are within range of each other they can set up an independent network...

Страница 355: ...o through the access point The Extended Service Set ESS shown in the next figure consists of a series of overlapping BSSs each containing an Access Point connected together by means of a Distribution...

Страница 356: ......

Страница 357: ...02 11b standard does not provide any central user account management User access control is done through manual modification of the MAC address table on the access point Although WEP data encryption o...

Страница 358: ...r Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL EAP Over LAN Diagram E 1 Sequences for EAP MD5 Challen...

Страница 359: ...ption keys for data encryption EAP TLS Transport Layer Security With EAP TLS digital certifications are needed by both the server and the wireless stations for mutual authentication The server present...

Страница 360: ...nts but for public deployment simple user name and password pair is more practical The following table is a comparison of the features of four authentication types Comparison of EAP Authentication Typ...

Страница 361: ...RF beam width Higher antenna gain improves the range of the signal for better communications For an indoor site each 1 dB increase in antenna gain results in a range increase of approximately 2 5 For...

Страница 362: ...e of obstructions In point to point application position both transmitting and receiving antenna at the same height and in a direct line of sight to each other to attend the best performance For omni...

Страница 363: ...services using PPP Benefits of PPPoE PPPoE offers the following benefits 1 It provides you with a familiar dial up networking DUN user interface 2 It lessens the burden on the carriers of provisioning...

Страница 364: ...nnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is between the modem and the...

Страница 365: ...n is that it requires one separate ATM VC per destination Diagram I 1 Transport PPP frames over Ethernet PPTP and the ZyAIR When the ZyAIR is deployed in such a setup it appears as a PC to the ANT In...

Страница 366: ...up capability The phone call is between the user and the PAC and the PAC tunnels the PPP frames to the PNS The PPTP user is unaware of the tunnel between the PAC and the PNS Diagram I 2 PPTP Protocol...

Страница 367: ...ample Message Exchange between PC and an ANT PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE General Routing Encapsulation RFC 1701 1702 The individual calls within a...

Страница 368: ......

Страница 369: ...a 0 in the next left most bit In a class B address the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with...

Страница 370: ...asks A subnet mask is used to determine which bits are part of the network number and which bits are part of the host ID using a logical AND operation A subnet mask has 32 bits each bit of the mask co...

Страница 371: ...class C address using both notations Chart J 4 Alternative Subnet Mask Notation SUBNET MASK IP ADDRESS SUBNET MASK 1 BITS LAST OCTET BIT VALUE 255 255 255 0 24 0000 0000 255 255 255 128 25 1000 0000 2...

Страница 372: ...ubnet Mask Binary 11111111 11111111 11111111 10000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Chart J 6 Subnet 2 NETWORK NUM...

Страница 373: ...1 s is the broadcast address on the subnet Chart J 7 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111...

Страница 374: ...owest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Example Eight Subnets Similarly use a 27 bit mask to create 8 subnets 001 010 011 100 101 110 The following ta...

Страница 375: ...determines which bits are part of the network number and which are part of the host ID A class B address has two host ID octets available for subnetting and a class A address has three host ID octets...

Страница 376: ...3 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 10 255 255 255 192 26 1024 62 11 255 255 255 224 27 2048 30 12 255 255 255 240 28 4096 14 13 255 255 255 248...

Страница 377: ...unit and possibly render it unusable Command Syntax The command keywords are in courier new font Enter the command keywords exactly as shown do not abbreviate The required fields in a command are encl...

Страница 378: ......

Страница 379: ...allow the sending of NetBIOS packets from the LAN to the WAN Allow or disallow the sending of NetBIOS packets from the WAN to the LAN Allow or disallow NetBIOS packets to initiate calls Display NetBIO...

Страница 380: ...nfig type on off type Identify which NetBIOS filter numbered 0 3 to configure 0 LAN to WAN 1 WAN to LAN 6 IPSec packet pass through 7 Trigger Dial on off For types 0 and 1 use on to enable the filter...

Страница 381: ...ilable ZyAIR boot module commands as shown in the next screen ATBAx allows you to change the console port speed The x denotes the number preceding the colon to give the console port speed following th...

Страница 382: ...write MAC addr Country code EngDbgFlag FeatureBit to flash ROM ATCUx write Country code to flash ROM ATCB copy from FLASH ROM to working buffer ATCL clear working buffer ATSB save working buffer to F...

Страница 383: ...to get information from the time server DHCP client gets s A DHCP client got a new IP address from the DHCP server DHCP client IP expired A DHCP client s IP address has expired DHCP server assigns s T...

Страница 384: ...ber of NAT session table entries has been exceeded and the table is full Chart N 3 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall Chart N 4 ICM...

Страница 385: ...rams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams for the Type of Service and Network 3 Redirect datagrams for the Type of Service and Host 8 Echo 0 Echo message 11 Time Exce...

Страница 386: ...Log Use the sys logs load command to load the log setting buffer that allows you to configure which logs the ZyAIR is to record Use sys logs category followed by a log category and a parameter to deci...

Страница 387: ...his example shows how to set the ZyAIR to record the error logs and alerts and then view the results ras sys logs load ras sys logs category error 3 ras sys logs save ras sys logs display access time...

Страница 388: ...way Series User s Guide N 6 Log Descriptions 4 11 11 2002 15 10 10 192 168 10 1 520 192 168 10 255 520 ACCESS BLOCK Firewall default policy UDP set 8 5 11 11 2002 15 10 10 172 21 4 67 137 172 21 255 2...

Страница 389: ...DARDS AC Power Adaptor Model DV 121A2 5720 Input Power AC120Volts 60Hz 27VA Output Power DC12Volts 1 2A Power Consumption 10 W Safety Standards UL CUL UL 1310 CSA C22 2 No 223 M91 EUROPEAN PLUG STANDA...

Страница 390: ...Input Power AC100Volts 50 60Hz 27VA Output Power DC12Volts 1 2A Power Consumption 10 W Safety Standards T Mark Japan Dentori AUSTRALIA AND NEW ZEALAND PLUG STANDARDS AC Power Adaptor Model AD 1201200...

Страница 391: ...User Defined 24 1 Call History 29 3 29 4 Call Scheduling 31 1 Maximum Number of Schedule Sets 31 1 PPPoE 31 3 Precedence 31 1 Precedence Example See precedence CDR 27 6 CDR Call Detail Record 27 6 Cer...

Страница 392: ...actory LAN Defaults 5 2 FCC iii FHSS See Frequency Hopping Spread Spectrum Filename Conventions 28 1 Filter 19 1 Applying Filters 24 15 Ethernet traffic 24 16 Ethernet Traffic 24 16 Filter Rules 24 5...

Страница 393: ...side Local Address 9 1 Internet access 19 1 Internet Access 1 5 17 6 20 1 20 2 Internet Access Setup A 2 23 1 Internet Control Message Protocol ICMP 11 6 IP Address 3 11 3 12 5 5 9 6 9 8 16 3 19 3 21...

Страница 394: ...5 9 7 Network Topology With RADIUS Server Example E 2 NNTP 9 7 O Offline 18 4 One to One See NAT Outside 9 1 P Packet Filtering Firewalls 11 1 Packet Triggered 27 6 Packets 27 2 PAP 21 3 Password 4 4...

Страница 395: ...usted Host 25 1 Source Address 12 3 Stateful Inspection 1 4 11 1 11 2 11 7 11 8 24 17 Static Route 10 1 Static Route Setup 21 7 Static Routing Topology 21 7 SUA 9 5 9 6 9 7 9 8 SUA Single User Account...

Страница 396: ...vice See TTLS U Universal Plug and Play UPnP 14 1 14 3 UNIX Syslog 27 5 27 6 UNIX syslog parameters 27 6 Upload Firmware 28 10 UPnP Examples 14 4 Use Server Detected IP 18 4 User Name 4 4 18 4 User Pr...

Страница 397: ...User Defined 24 1 Call History 29 3 29 4 Call Scheduling 31 1 Maximum Number of Schedule Sets 31 1 PPPoE 31 3 Precedence 31 1 Precedence Example See precedence CDR 27 6 CDR Call Detail Record 27 6 Cer...

Страница 398: ...actory LAN Defaults 5 2 FCC iii FHSS See Frequency Hopping Spread Spectrum Filename Conventions 28 1 Filter 19 1 Applying Filters 24 15 Ethernet traffic 24 16 Ethernet Traffic 24 16 Filter Rules 24 5...

Страница 399: ...side Local Address 9 1 Internet access 19 1 Internet Access 1 5 17 6 20 1 20 2 Internet Access Setup A 2 23 1 Internet Control Message Protocol ICMP 11 6 IP Address 3 11 3 12 5 5 9 6 9 8 16 3 19 3 21...

Страница 400: ...5 9 7 Network Topology With RADIUS Server Example E 2 NNTP 9 7 O Offline 18 4 One to One See NAT Outside 9 1 P Packet Filtering Firewalls 11 1 Packet Triggered 27 6 Packets 27 2 PAP 21 3 Password 4 4...

Страница 401: ...usted Host 25 1 Source Address 12 3 Stateful Inspection 1 4 11 1 11 2 11 7 11 8 24 17 Static Route 10 1 Static Route Setup 21 7 Static Routing Topology 21 7 SUA 9 5 9 6 9 7 9 8 SUA Single User Account...

Страница 402: ...vice See TTLS U Universal Plug and Play UPnP 14 1 14 3 UNIX Syslog 27 5 27 6 UNIX syslog parameters 27 6 Upload Firmware 28 10 UPnP Examples 14 4 Use Server Detected IP 18 4 User Name 4 4 18 4 User Pr...

Отзывы: