ZyXEL Communications G-2000 Plus инструкция обслуживания
- Просмотреть online или скачать инструкцию
- 430 страниц
- 15.18 mb
Идти на страницу of
Похожие руководства по эксплуатации
-
Network Router
ZyXEL Communications NBG-419N
278 страниц 8.41 mb -
Network Router
ZyXEL Communications P-336M
17 страниц 1.07 mb -
Network Router
ZyXEL Communications P-660HW-Tx v3 Series
2 страниц 0.37 mb -
Network Router
ZyXEL Communications P-660HN-T1H
322 страниц 6.99 mb -
Network Router
ZyXEL Communications NBG4115
274 страниц 8.15 mb -
Network Router
ZyXEL Communications 100MH
29 страниц 0.72 mb -
Network Router
ZyXEL Communications HW-D Series
496 страниц 13.69 mb -
Network Router
ZyXEL Communications NBG-418N v2
228 страниц 7.25 mb
Хорошее руководство по эксплуатации
Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации ZyXEL Communications G-2000 Plus. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции ZyXEL Communications G-2000 Plus или обучающее видео для пользователей. Условием остается четкая и понятная форма.
Что такое руководство?
Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции ZyXEL Communications G-2000 Plus можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.
К сожалению немного пользователей находит время для чтения инструкций ZyXEL Communications G-2000 Plus, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.
Из чего должно состоять идеальное руководство по эксплуатации?
Прежде всего в инструкции ZyXEL Communications G-2000 Plus должна находится:
- информация относительно технических данных устройства ZyXEL Communications G-2000 Plus
- название производителя и год производства оборудования ZyXEL Communications G-2000 Plus
- правила обслуживания, настройки и ухода за оборудованием ZyXEL Communications G-2000 Plus
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам
Почему мы не читаем инструкций?
Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск ZyXEL Communications G-2000 Plus это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок ZyXEL Communications G-2000 Plus и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта ZyXEL Communications, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания ZyXEL Communications G-2000 Plus, как это часто бывает в случае бумажной версии.
Почему стоит читать инструкции?
Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства ZyXEL Communications G-2000 Plus, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.
После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции ZyXEL Communications G-2000 Plus. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.
Содержание руководства
-
Страница 1
ZyAIR G-2000 Plus 802.1 1g Wireless 4-port Router User ’ s Guide V ersion 3.6 0 4/2005[...]
-
Страница 2
[...]
-
Страница 3
ZyAIR G-2000 Plus User’s Guide Copyright 2 Copyright Copyright © 2005 by ZyXEL Communications Corpo ration. The contents of this publication may not be reprod uced in any part or as a whole, transcribed, stored in a retrieval system, tran slated into any language, or transmitted in any form or by any means, el ectronic, mechanical , magnetic, op[...]
-
Страница 4
ZyAIR G-2000 Plus User’s Guide 3 Federal Communications Commission (F CC) Interference Statement Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rul es. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any[...]
-
Страница 5
ZyAIR G-2000 Plus User’s Guide ZyXEL Limited Warranty 4 ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to tw o years from the date of purchase . During the warranty period, and upon proof of purchase, should the product have in[...]
-
Страница 6
ZyAIR G-2000 Plus User’s Guide 5 Customer Suppo rt Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice. • Brief description of the problem and the steps yo u took to solve i t. method location Sup[...]
-
Страница 7
ZyAIR G-2000 Plus User’s Guide Customer Support 6 SP AIN support@zyxel.es +34 902 195 420 www .zyxel.es Z y X E L C o m m u n i c a t i o n s A l e j a n d r o V i l l e g a s 3 3 1 º , 2 8 0 4 3 M a d r i d Sp a i n sales@zyxel.es +34 913 005 345 Sweden support@zyxel.se +46 31 744 7700 www .zyxel.se ZyXEL Communications A/S Sjöporten 4, 41764 [...]
-
Страница 8
ZyAIR G-2000 Plus User’s Guide 7 Customer Suppo rt[...]
-
Страница 9
ZyAIR G-2000 Plus User’s Guide Table of Contents 8 T able of Content s Copyright .................................................. ................................................................ 2 Federal Communications Commissi on (FCC) Interference St atement ............... 3 ZyXEL Limited W arranty ..........................................[...]
-
Страница 10
ZyAIR G-2000 Plus User’s Guide 9 Table of Contents 1.2.2.16 PPPoE Support (RFC2516) ........... ............. ................ ................ ..40 1.2.2.17 PPTP Encapsulation ......... ................ ............. ................ ............. ..40 1.2.2.18 Network Address T r anslation (NA T) ........ ............. ................ ........[...]
-
Страница 11
ZyAIR G-2000 Plus User’s Guide Table of Contents 10 3.6.1 WAN IP Address Assignment ............. ............. ................ ............. ............ 58 3.6.2 IP Address and Subnet Mask ............. ................ ................. ............ ......... 59 3.6.3 DNS Server Address Assignment . ............. ................ ............[...]
-
Страница 12
ZyAIR G-2000 Plus User’s Guide 11 Table of Contents Chapter 7 Wireless Security ..................................... .......................................... .................... 88 7.1 Wireless Security Overview ...................... ................ ............. ................ ............ 88 7.2 Security Parameters Summary .... ....... [...]
-
Страница 13
ZyAIR G-2000 Plus User’s Guide Table of Contents 12 9.2.1 Ethernet Encapsulation . ................ ............. ................ ............. ................ 124 9.2.1.1 Service T ype .................... ................ ............. ................ ............. ...125 9.2.2 PPPoE Encapsulation ... ........................................[...]
-
Страница 14
ZyAIR G-2000 Plus User’s Guide 13 Table of Contents 12.3 Configuring T elnet ......................... ............. ................ ............. ................ .......158 12.4 Configuring TELNET ..... .................... ......... ................ ............. ................ ....... 159 12.5 Configuring FTP ...... ................ ......[...]
-
Страница 15
ZyAIR G-2000 Plus User’s Guide Table of Contents 14 14.5.4 UDP/ICMP Security ....... ................ ............. ............. ................ ............. 187 14.5.5 Upper Layer Protocols ...... ................ ................ ............. ................ .......188 14.6 Guidelines For Enhancing Security Wit h Y our Firewall ...........[...]
-
Страница 16
ZyAIR G-2000 Plus User’s Guide 15 Table of Contents 17.2 Self-signed Certificates .... ............. .... ............. ............ ................. ............ ....... 215 17.3 Configuration Summary ....................... ............. ............. ................ ............. ...215 17.4 My Certificates ................. ................[...]
-
Страница 17
ZyAIR G-2000 Plus User’s Guide Table of Contents 16 Chapter 21 General Setup ..................................................... .................................................. 258 21.1 General Setup .. ............. ............. ................ ............. ............. ................ .......... 258 21.1.1 Procedure T o Configure Menu[...]
-
Страница 18
ZyAIR G-2000 Plus User’s Guide 17 Table of Contents Chapter 26 St atic Route Setup ........................................................................................ ....... 290 26.1 IP S tatic Route Setup ................. ............. ................ ................ ............. .......... 290 Chapter 27 Dial-in User Setup ...........[...]
-
Страница 19
ZyAIR G-2000 Plus User’s Guide Table of Contents 18 30.2 Access Methods ... ............ ............. ............. ................ ............. ............. .......... 326 30.3 Enabling the Firewall .. ................ ....... ...... ............. ................ ............. ............. 326 Chapter 31 SNMP Configuration ................[...]
-
Страница 20
ZyAIR G-2000 Plus User’s Guide 19 Table of Contents 34.2.5 Backup Conf iguration Using TFTP ................................................ .......354 34.2.6 Example: TFTP Co mmand .. ............. ................ ............. ................ ....... 354 34.2.7 GUI-based TFTP Clients .. ............. ... ............. ............. ..........[...]
-
Страница 21
ZyAIR G-2000 Plus User’s Guide Table of Contents 20 Appendix D IP Address Assignment Conflicts ...................................................................... 392 Appendix E IP Subnetting ...................................................... .................................................. 396 Appendix F Command Interpreter ............[...]
-
Страница 22
ZyAIR G-2000 Plus User’s Guide 21 Table of Contents[...]
-
Страница 23
ZyAIR G-2000 Plus User’s Guide List of Fi gures 22 List of Figures Figure 1 Internet Access Application Example ....... ............. ............ ................. ............ ....... 42 Figure 2 Change Password Screen .......... ................ ............. ................ ................ ............. 45 Figure 3 Replace Certificate Scree[...]
-
Страница 24
ZyAIR G-2000 Plus User’s Guide 23 List of Figures Figure 37 Wireless: WP A ...... ............. ................ ................. ............ ................. ............ ....... 103 Figure 38 Wireless: 802.1x and Dynamic WEP .............. ................ ............. ................ ....... 106 Figure 39 Wireless: 802.1x and S tatic WEP [...]
-
Страница 25
ZyAIR G-2000 Plus User’s Guide List of Fi gures 24 Figure 80 W AN to LAN Traf fic ............ ................ ............. ................ ............. ................ ....... 196 Figure 81 Default Rule ...... ............. ............. ................ ............. ............. ................ ............. 197 Figure 82 Rule Summary .[...]
-
Страница 26
ZyAIR G-2000 Plus User’s Guide 25 List of Figures Figure 123 Menu 1.1 Configure Dynamic DNS .............. ............. ................ ............. .......... 260 Figure 124 Menu 2 W AN Setup ......................... ................. ............ ............. ................ ....... 262 Figure 125 Menu 3 LAN Setup .......... .............[...]
-
Страница 27
ZyAIR G-2000 Plus User’s Guide List of Fi gures 26 Figure 166 Example 4: Menu 15.1.1 Address M apping Rules ........ ................. ............ ....... 310 Figure 167 Menu 15.3 T rigger Port Setup ....... ... ............. ................ ............. ................ ....... 31 1 Figure 168 Outgoing Packet F iltering Process ... ..........[...]
-
Страница 28
ZyAIR G-2000 Plus User’s Guide 27 List of Figures Figure 209 Budget Management ........ ................ ................. ............ ................. ................ ... 364 Figure 210 Menu 24.9.2 - Call History ...................... ................ ............. ................ ............. 365 Figure 21 1 Menu 24.10 System Maintenance [...]
-
Страница 29
ZyAIR G-2000 Plus User’s Guide List of Tables 28 List of T ables T able 1 IEEE 802.1 1b ........... ................ ................. ................................................ ............. 37 T able 2 IEEE 802.1 1g ........... ................ ................. ................................................ ............. 38 T able 3 Wi[...]
-
Страница 30
ZyAIR G-2000 Plus User’s Guide 29 List of Tables T able 37 Ethernet Encapsulation ................... ................ ................ ............. ................ ....... 126 T able 38 PPPoE Encapsulation .. ................ ................................................................ ....... 128 T able 39 PPTP Encapsulation ........... .[...]
-
Страница 31
ZyAIR G-2000 Plus User’s Guide List of Tables 30 T able 80 Firmware Upload ....... ... ............. ................ ............. ............. ................ ............. ... 245 T able 81 Restore Configuration ...... ................ ............. ................ ................ ................ ....... 248 T able 82 Main Menu Commands .[...]
-
Страница 32
ZyAIR G-2000 Plus User’s Guide 31 List of Tables T able 123 Call History Fields .... ............ ................. ................ ............. ................ ................ 36 5 T able 124 System Maintenance : Time and Date Setting ..................... ................ ............. 366 T able 125 Menu 24.1 1 – Remot e Management Contr[...]
-
Страница 33
ZyAIR G-2000 Plus User’s Guide Preface 32 Preface Congratulations on you r purchase of the ZyAIR G-2000 Plu s - 802.1 1g W ireless 4 port Router . A wireless router is an access point and router rolled into one. It is a cost-effect solution to share Internet access with multiple computers and e xpand your wired network. Y our ZyAIR is easy to ins[...]
-
Страница 34
ZyAIR G-2000 Plus User’s Guide 33 Preface User Guide Feedback Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The T echnical W riting T eam, ZyXEL Communications Corp., 6 In novatio n Road II, Science-Based Industrial Park, Hsinchu, 300, T aiwan[...]
-
Страница 35
ZyAIR G-2000 Plus User’s Guide Preface 34 Graphics Icons Key ZyAIR Computer Notebook computer Server DSLAM Firewall Modem Switch Router Wireless Signal[...]
-
Страница 36
ZyAIR G-2000 Plus User’s Guide 35 Preface[...]
-
Страница 37
ZyAIR G-2000 Plus User’s Guide Chapter 1 Getting to Know Your ZyAIR 36 C HAPTER 1 Getting to Know Y our ZyAIR This chapter introduces the main feat ures and applications of the ZyAIR. 1.1 Introducing the ZyAIR The ZyAIR G-2000 Plus, an IEEE802.1 1g compliant broadb and wireless sharing gateway , provides wireless connectivity . As an Internet gat[...]
-
Страница 38
ZyAIR G-2000 Plus User’s Guide 37 Chapter 1 Getting to Know Your ZyAIR 1.2.1.4 10/100 Mb ps E t h e r n et W A N The 10/100 Mbps Ethernet W AN port attac hes to the Internet via broa dband modem or router . 1.2.1.5 Reset Button The ZyAIR reset button is built into the side pa nel. Use this button to restore the factory default password to 1234 ; [...]
-
Страница 39
ZyAIR G-2000 Plus User’s Guide Chapter 1 Getting to Know Your ZyAIR 38 1.2.2.4 802.1 1g Wi reless LAN St andard The ZyAIR, complies with the 802.1 1g wireless standard and is also fully compatible with the 802.1 1b standard. This means an 802.11 b radio card can interface directly with an 802.1 1 g device (and vice vers a) at 1 1 Mbps or lower de[...]
-
Страница 40
ZyAIR G-2000 Plus User’s Guide 39 Chapter 1 Getting to Know Your ZyAIR 1.2.2.9 Firewall The ZyAIR employs a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, a ll incoming traffic from the W AN to the LAN is blocked unless it is initiated from the LAN. The ZyAIR firewall supports TCP[...]
-
Страница 41
ZyAIR G-2000 Plus User’s Guide Chapter 1 Getting to Know Your ZyAIR 40 1.2.2.16 PPPo E Support (RFC2516) PPPoE (Point-to-Point Pro tocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing netw ork configuration with newer broadband techn o logies such as ADSL. The PPPoE driver on the ZyAIR is tran sparent to th[...]
-
Страница 42
ZyAIR G-2000 Plus User’s Guide 41 Chapter 1 Getting to Know Your ZyAIR 1.2.2.22 Multicast T raditionally , IP packets are transmitted in two ways - uni cast or broadcast. Multicast is a third way to deliver IP pack ets to a group of ho sts. IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The latest vers[...]
-
Страница 43
ZyAIR G-2000 Plus User’s Guide Chapter 1 Getting to Know Your ZyAIR 42 1.2.2.29 Embedded FTP and TFTP Servers The ZyAIR’ s embedded FTP and TFTP servers en able fast firmware upgrades as well as configuration file backup s and restoration. 1.2.2.30 Wireless Association List W ith the wireless assoc iation list, you can see the list of the wirel[...]
-
Страница 44
ZyAIR G-2000 Plus User’s Guide 43 Chapter 1 Getting to Know Your ZyAIR[...]
-
Страница 45
ZyAIR G-2000 Plus User’s Guide Chapter 2 Introdu cing the Web Configurator 44 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens. The default IP addr ess of the ZyAIR is 192.168.1.1. 2.1 W eb Configurator Overview The embedded web configurator (ewc) [...]
-
Страница 46
ZyAIR G-2000 Plus User’s Guide 45 Chapter 2 Introducing the Web Configurator Figure 2 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate us ing your ZyAIR’ s MAC address that will be specific to this device. Figure 3 Replace Certificate Screen Y ou should now see the MAIN MENU sc reen.. Note: The mana[...]
-
Страница 47
ZyAIR G-2000 Plus User’s Guide Chapter 2 Introdu cing the Web Configurator 46 2.3 Resetting the ZyAIR If you forget your password or cannot access the web configurator, you will need to reload the factory-default configuration file or use the RESET button on the side pa nel of the Zy AIR. Uploading this configuration f ile replaces the current co[...]
-
Страница 48
ZyAIR G-2000 Plus User’s Guide 47 Chapter 2 Introducing the Web Configurator Figure 4 The MAIN MENU Screen of the Web Configurator Use submenus to configure ZyAIR features. Click WIZARD SETUP for initial configuration includin g general setup, wireless LAN setup, ISP Parameters for Internet Access and W AN IP/DNS/MAC Address Assignment. Click the[...]
-
Страница 49
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 48 C HAPTER 3 W izard Setup The web configurator’ s setup wizard helps you configure your ZyAIR for Internet access and set up wireless LAN. 3.1 Wizard Setup Overview The web configurator ’ s setup w izard helps you configure your devic e to access the Internet. The second screen has thre[...]
-
Страница 50
ZyAIR G-2000 Plus User’s Guide 49 Chapter 3 Wizard Setup 3.1.4 WP A-PSK W i-Fi Protected Access (WP A) is a subset of the IEEE 802.1 1i security specification draft. Key differences between WP A and WEP are user authentication and improved data encryption.The encryption mechan isms used for WP A and WP A-PSK are the same. The only difference betw[...]
-
Страница 51
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 50 Figure 5 Wizard 1 : General Setup The following table describes the labels in this screen. Table 3 Wizard 1 : Genera l Setup LABEL DESCRIPTION System Name It is recommended you type your computer's "Co mputer name". In Windows 95/98 click Star t , Settings , Control Panel , [...]
-
Страница 52
ZyAIR G-2000 Plus User’s Guide 51 Chapter 3 Wizard Setup Figure 6 Wizard 2 : Wireless LAN Setup The following table describes the labels in this screen. Table 4 Wizard 2 : Wireless LAN Setup LABEL DESCRIPTION Wireless LAN Setup ESSID Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this fiel[...]
-
Страница 53
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 52 Figure 7 Wizard 3: Wireless LAN Setup: Basic Securit y The following table describes the labels in this screen. Table 5 Wizard 3: Wireless LAN Setup: Basic Security LABEL DESCRIPTION Passphrase Y ou can generate or manually enter a WEP key by either: Entering a Passphrase (up to 32 printab[...]
-
Страница 54
ZyAIR G-2000 Plus User’s Guide 53 Chapter 3 Wizard Setup Figure 8 Wizard 3: Wireless LAN Setup: Extend Security The following table describes the labels in this screen. Table 6 Wizard 3: Wireless LAN Setup: Extend Security LABEL DESCRIPTION Pre-Shared Key T ype from 8 to 63 case-sensitive ASCI I c haracters. Y ou can set up the most secure wirele[...]
-
Страница 55
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 54 Figure 9 Wizard 4: Ethernet Enca psulation The following table describes the labels in this screen. Table 7 Wizard 4: Ethernet Encapsula tion LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation Y ou must ch oose the Ethernet option whe n the W AN po rt is used as a regular [...]
-
Страница 56
ZyAIR G-2000 Plus User’s Guide 55 Chapter 3 Wizard Setup 3.5.2 PPPoE Encap sulation Point-to-Point Protocol ov er Ethernet (PPPoE) function s as a dial-up connection. PPPoE is an IETF (Internet Engineering T ask Force) draft standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) [...]
-
Страница 57
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 56 Figure 10 Wizard 4: PPPoE Encapsulation The following table describes the labels in this screen. Table 8 Wizard 4: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameter for Internet Access Encapsulation Choose PPP over Ethernet from the pull-down list box. PPPoE forms a dial-up connection. S[...]
-
Страница 58
ZyAIR G-2000 Plus User’s Guide 57 Chapter 3 Wizard Setup PP TP supports on-demand, multi-protocol, and virtual private n etworking over public networks, such as the Internet. Refer to the appendix for more information on PP TP . Note: The ZyAIR supports one PP TP server connection at any given time. Figure 1 1 Wizard 4: PPTP Encapsulation The fol[...]
-
Страница 59
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 58 3.6 Wizard Setup: Screen 5 The fifth wizard screen allows you to configure W AN IP address assignme nt, DNS server address assignment and the W AN MAC address. 3.6.1 W AN IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are is olated from[...]
-
Страница 60
ZyAIR G-2000 Plus User’s Guide 59 Chapter 3 Wizard Setup 3.6.2 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number . Where you obtain your netwo rk number depends on your particular situation. If the ISP or your network administrator assigns yo u[...]
-
Страница 61
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 60 Y ou can configure the W AN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Onc e it is successfully configured, the address will be copied to the "r om" file (ZyNOS configuration f ile). It will not change unles[...]
-
Страница 62
ZyAIR G-2000 Plus User’s Guide 61 Chapter 3 Wizard Setup Figure 12 Wizard 5: W AN Setup The following table describes the labels in this screen Table 12 Wizard 5: WAN Setup LABEL DESCRIPTION W AN IP Address Assignmen t Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address. This is the default selection. U[...]
-
Страница 63
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 62 3.7 Basic Setup Complete Click Back to return to the previous screen or click Finish to complete and save the wizard setup. First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynami cally assigns DNS server information (and the ZyAIR's WAN IP address). The[...]
-
Страница 64
ZyAIR G-2000 Plus User’s Guide 63 Chapter 3 Wizard Setup Figure 13 Wizard Finish W ell done! Y ou have successfully set up the ZyAIR. A congratulations screen di splays some information.[...]
-
Страница 65
ZyAIR G-2000 Plus User’s Guide Chapter 4 System Screens 64 C HAPTER 4 System Screens 4.1 System Overview This section provides information on general system setup. 4.2 Configuring General Setup Click the SYSTEM link under ADV ANCED to open the General screen. Figure 14 System General Setup The following table describes the labels in this screen. [...]
-
Страница 66
ZyAIR G-2000 Plus User’s Guide 65 Chapter 4 S ystem Screen s 4.3 Dynamic DNS Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in NetMeeting, CU-SeeMe, etc.). Y ou can also access your FTP server or W eb site on your own computer using a domain name (for insta[...]
-
Страница 67
ZyAIR G-2000 Plus User’s Guide Chapter 4 System Screens 66 4.4 Configuring Dynamic DNS T o change your ZyAIR’ s DDNS, click SYSTEM , then the DDNS tab. The screen appears as shown. Figure 15 DDNS The following table describes the labels in this screen. Table 14 DDNS LABEL DESCRIPTION Enable DDNS Select this check box to use dy namic DNS. Servic[...]
-
Страница 68
ZyAIR G-2000 Plus User’s Guide 67 Chapter 4 S ystem Screen s 4.5 Configuring Password T o change your ZyA IR’ s password (recommended), click the SYSTEM link under ADV ANCED and then the Password tab. The screen appears as shown. This screen allows you to change the ZyAIR’ s password. If you forget your password (o r the ZyAIR IP address), yo[...]
-
Страница 69
ZyAIR G-2000 Plus User’s Guide Chapter 4 System Screens 68 4.6 Configuring T ime Setting T o change your ZyAIR ’ s time and date, click the SYSTEM link under ADV ANCED and then the T ime Setting tab. The screen appears as shown. Use this screen to configure the ZyAIR’ s time based on your local time zone. Figure 17 T ime Setting The following[...]
-
Страница 70
ZyAIR G-2000 Plus User’s Guide 69 Chapter 4 S ystem Screen s New T ime (hh:mm:ss) This field displays the last updated time from the time server . When you select None in the Time Protocol fie ld, enter the new ti me in thi s field and then click Apply . Current Date (yyyy/ mm/dd) This field displays the date of your ZyAIR. Each time you reload t[...]
-
Страница 71
ZyAIR G-2000 Plus User’s Guide Chapter 5 LAN Screen s 70 C HAPTER 5 LAN Screens This chapter describes how to configure LAN settings. 5.1 LAN Overview Local Area Network (LAN) is a shared communic ation system to which many computers are attached. The LAN screens can help you config ure a LAN DHCP server, ma nage IP addresses, and partition your [...]
-
Страница 72
ZyAIR G-2000 Plus User’s Guide 71 Chapter 5 LAN Screens • IP address of 1 92.168.1.1 with subn et mask of 255.255.25 5.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. These parameters should work fo r the majority of installations . If your ISP gives yo u explicit DNS server address(es), read the embe[...]
-
Страница 73
ZyAIR G-2000 Plus User’s Guide Chapter 5 LAN Screen s 72 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assi gned to the permanent group of all IP hosts (including gateways). All hosts must join the 22 4.0.0.1 group in order to participate in IGMP . The address[...]
-
Страница 74
ZyAIR G-2000 Plus User’s Guide 73 Chapter 5 LAN Screens Figure 18 LAN IP The following table describes the labels in this screen. Table 17 LAN IP LABEL DESCRIPTION DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allow s individual clients (computers) to obtain TC P/IP configuration at startup from a server . Leave th[...]
-
Страница 75
ZyAIR G-2000 Plus User’s Guide Chapter 5 LAN Screen s 74 First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assign s DNS server information (and the ZyAIR's W AN IP address). T he field to the right d isplays the (read-only) DNS server IP address that the ISP assigns. Select User-Defined if you have t[...]
-
Страница 76
ZyAIR G-2000 Plus User’s Guide 75 Chapter 5 LAN Screens 5.5 Configuring S tatic DHCP This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss. The MAC address is assigned at the factory and consists of six pairs of[...]
-
Страница 77
ZyAIR G-2000 Plus User’s Guide Chapter 5 LAN Screen s 76 Figure 19 S tatic DHCP The following table describes the labels in this screen. Table 18 Static DHCP LABEL DESCRIPTION # This is the index number of the S tatic IP table entry (row). MAC Address T ype the MAC address (with colo ns) of a computer on your LAN. IP Address T ype the LAN IP addr[...]
-
Страница 78
ZyAIR G-2000 Plus User’s Guide 77 Chapter 5 LAN Screens Figure 20 IP Alias The following table describes the labels in this screen. Table 19 IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network fo r the ZyAIR. IP Address Enter the IP address of your Zy AIR in dotted decimal notation. IP Subnet Mask Y our Z[...]
-
Страница 79
ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 78 C HAPTER 6 W ireless Configuration and Roaming This chapter discusses how to configure the W ireless and Roaming sc reens on the ZyAIR. 6.1 Wireless LAN Overview This section introduces the wireless LAN(WLAN) and some basic scenarios. 6.1.1 IBSS An Independent Basic [...]
-
Страница 80
ZyAIR G-2000 Plus User’s Guide 79 Chapter 6 Wireless C o nfiguration and Roaming Intra-BSS traffic is traf fic betw een wireless sta tions in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate with each other . When Intra-BSS is di sabled, wireless station A and B can still access the wired n[...]
-
Страница 81
ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 80 Figure 23 Extended Service Set 6.2 Wireless LAN Basics Refer also to the Wi z a rd S e t u p chapter for more background information on W ireless LAN features, such as channels. 6.2.1 RTS/CTS A hidden node occurs when two stations are with in range of the same access[...]
-
Страница 82
ZyAIR G-2000 Plus User’s Guide 81 Chapter 6 Wireless C o nfiguration and Roaming Figure 24 RTS /CT S When station A sends data to th e ZyAIR, it might not know that station B is already using the channel. If these two stations se nd data at the same time, collis ions may occur when both sets of data arrive at the AP at the same time, r esulting i[...]
-
Страница 83
ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 82 A large Fragmentation Thr eshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks tha t are prone to interference. If the Fragmentation Threshold value is smaller than the RT S/ C T S value ([...]
-
Страница 84
ZyAIR G-2000 Plus User’s Guide 83 Chapter 6 Wireless C o nfiguration and Roaming Figure 25 Wirel ess The following table describes the general wireless LAN labels in this screen. Table 20 Wirel ess LABEL DESCRIPTION Enable Wireless LAN Click the check box to activate wireless LAN. ESSID (Extended Service Set IDenti ty) The ESSID identi fies the S[...]
-
Страница 85
ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 84 See the W ir eless Security chapter for information on the other labels in this screen. 6.4 Configuring Roaming A wireless station is a device with an IEEE 802 .1 1mode compliant wireless adapter . An access point (AP) acts as a bridge between the wirele ss and wired[...]
-
Страница 86
ZyAIR G-2000 Plus User’s Guide 85 Chapter 6 Wireless C o nfiguration and Roaming 1 As wireless station Y moves from the coverage area of access point P1 to that of access point 2 P2 , it scans and uses the si gnal of access point P2 . 3 Access point P2 acknowledges the presence of wireless station Y and relays this information to access point P1 [...]
-
Страница 87
ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 86 Figure 27 Roaming The following table describes the labels in this screen. Table 21 Roaming LABEL DESCRIPTION Active Select Ye s from the drop-down list box to enab le roamin g on the ZyAIR if you have two or more ZyAIRs on the same subnet. Note: All APs on the same [...]
-
Страница 88
ZyAIR G-2000 Plus User’s Guide 87 Chapter 6 Wireless C o nfiguration and Roaming[...]
-
Страница 89
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 88 C HAPTER 7 Wireless Security This Chapter describes how to use the MAC Filter , 802.1x , Roaming and RADIUS to configure wireless security on your ZyAIR. 7.1 Wireless Security Overview W ireless security is vital to your network to p rotect wireless commu nication betw een wireless st[...]
-
Страница 90
ZyAIR G-2000 Plus User’s Guide 89 Chapter 7 Wireless Security Figure 29 Wireless: No Security The following table describes the labels in this screen. Table 22 Wireless No Security LABEL DESCRIPTION Security Choose from one of the security f eatures listed in the drop-down box. • No Security • S tatic WEP • WP A-PSK •W P A • 802.1x + Dy[...]
-
Страница 91
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 90 7.2 Security Parameters Summary Refer to this table to see what other secur ity parameters you shou ld configure for each Authentication Method/ key management pro toc ol type. Y ou enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then t[...]
-
Страница 92
ZyAIR G-2000 Plus User’s Guide 91 Chapter 7 Wireless Security Figure 30 WEP Authenticat ion S teps Open system authentication in volves an unencrypted two-message procedure. A wireless station sends an open system authentication request to the AP , which will then automatically accept and connect the wireless station to the network. In effect, op[...]
-
Страница 93
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 92 Figure 31 Wireless: S tatic WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 24 Wireless: Static WEP Encryption LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and click Generate . The ZyAIR automatical[...]
-
Страница 94
ZyAIR G-2000 Plus User’s Guide 93 Chapter 7 Wireless Security 7.5 Introduction to WP A W i-Fi Protected Access (WP A) is a subset of the IEEE 802.1 1 i security specification draft. Key differences between WP A and WEP are user authentication and improved data encryption. 7.5.1 User Authentication WP A applies IEEE 802.1x and Extensible Auth enti[...]
-
Страница 95
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 94 7.5.2 Encryption WP A improves d ata encryption by using T emporal Key Inte grity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. T emporal Key Integrity Protocol (TKIP) uses 12 8-bit keys that are dynamically generated and distributed by the authentication server . It[...]
-
Страница 96
ZyAIR G-2000 Plus User’s Guide 95 Chapter 7 Wireless Security Figure 32 WP A - PSK Authentication 7.6 Configuring WP A-PSK Authentication In order to configure and enable WP A-PSK Authentication; click the WIRELESS link under ADV ANCED to display the Wi rel e s s screen. Select WP A-PSK from the Security list.[...]
-
Страница 97
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 96 Figure 33 Wireless: WP A-PSK The following table describes the labels in this screen. Table 25 Wireless: WPA-PSK LABEL DESCRIPTION Pre-Shared Key The encryption mechanisms used for WP A and WP A-PSK are the same. The o nly difference between the two is that WP A-PSK uses a simple comm[...]
-
Страница 98
ZyAIR G-2000 Plus User’s Guide 97 Chapter 7 Wireless Security 7.7 Wireless Client WP A Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A. At the time of writing, the most widely available supplicant is the WP A patch for W indows XP , Funk Software 's Ody[...]
-
Страница 99
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 98 Figure 34 WP A with RADIU S Application Example 7.8 Configuring WP A Authentication In order to configure and enable WP A Authentication; click the WIRELESS link under ADV ANCED to display the Wi rel e s s screen. Select WP A from the Security list.[...]
-
Страница 100
ZyAIR G-2000 Plus User’s Guide 99 Chapter 7 Wireless Security Figure 35 Wirel ess: W P A The following table describes the labels in this screen. Table 26 Wirel ess: WPA LABEL DESCRIPTION ReAuthentication T imer (in seconds) S pecify how often wireless stations have to reenter usernames and passwords in order to stay connected. Enter a time inte [...]
-
Страница 101
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 100 7.9 Introduction to RADIUS RADIUS is based on a client-sever model that supports authentication and accounting, where access point is the client and the server is the RADIUS server . The RADIUS server handles the following tasks among others: • Authentication Determines the identity[...]
-
Страница 102
ZyAIR G-2000 Plus User’s Guide 101 Chapter 7 Wireless Security The following types of RADIUS messages are exchanged between the a ccess point and the RADIUS server for user accounting: 7.9.1.2 Accounting-Request Sent by the access point requesting accounting. 7.9.1.3 Acc ounting-Response Sent by the RADIUS server to indicate that it has started o[...]
-
Страница 103
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 102 4 The RADIUS server checks the user informa tion against its user profile database and determines whether or not to au thenticate the wireless station. 7.10 Configuring RADIUS Y ou can configure the ZyAIR to authenticate wireless clients using an external RADIUS server or have the ZyA[...]
-
Страница 104
ZyAIR G-2000 Plus User’s Guide 103 Chapter 7 Wireless Security Figure 37 Wirel ess: W P A The following table describes the labels in this screen. Table 27 RADIUS LABEL DESCRIPTION Internal RADIUS Server Select this radio button to use the ZyAIR’s Internal RA DIUS Server . Y ou can authenticate other AP’s or wireless clients in other wireless[...]
-
Страница 105
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 104 7.1 1 802.1x Overview The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key manage ment. Authentication can be done using the trusted user database interna l to the ZyAIR (authenticate up to 32 users) or an exte[...]
-
Страница 106
ZyAIR G-2000 Plus User’s Guide 105 Chapter 7 Wireless Security •E A P - T L S •E A P - T T L S • PEAP Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange 7.13 Configuring 802.1x and Dynamic WEP Key Exchange In order to configure and enable 802.1x and Dy namic WEP Key Exchange; click the WIRELESS link under ADV ANCED to display the Wi[...]
-
Страница 107
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 106 Figure 38 Wireless: 802.1x and Dynamic WE P The following table describes the labels in this screen. Table 28 Wireless: 80 2.1x and Dynamic W EP LABEL DESCRIPTION ReAuthentication T imer (in seconds) S pecify how often wireless stations have to reenter usernames and passwords in orde[...]
-
Страница 108
ZyAIR G-2000 Plus User’s Guide 107 Chapter 7 Wireless Security 7.14 Configuring 802.1x and S t atic WEP Key Exchange In order to configure and enable 802.1x and St atic WEP Key Exchange; click th e WIRELESS link under AD V ANCED to display the W ireless screen. Select 802.1x + S tatic WEP fro m the Security list. Apply Click Apply to save your ch[...]
-
Страница 109
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 108 Figure 39 Wireless: 802.1x and S tatic WEP The following table describes the labels in this screen. Table 29 Wireless: 80 2.1x and St atic WEP LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and click Generate . The ZyAIR automatically generate s a WEP[...]
-
Страница 110
ZyAIR G-2000 Plus User’s Guide 109 Chapter 7 Wireless Security Authentication Method This field is activated when you select 64-bit WEP or 128-bit WEP in the WEP Encryption field. Select Auto, Ope n System or Shared Key from the drop-down list box. ASCII Select this option in order to enter ASCII characters as the WEP keys. Hex Select this option[...]
-
Страница 111
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 110 7.15 Configuring 802.1x In order to configure and enable 802.1x; click the W IRELESS link under ADV ANCED to display the Wire l es s screen. Select 802.1x + No WEP from the Security list.[...]
-
Страница 112
ZyAIR G-2000 Plus User’s Guide 111 Chapter 7 Wireless Security Figure 40 Wireless: 80 2.1x The following table describes the labels in this screen. Table 30 Wireless: 80 2.1x and No WEP LABEL DESCRIPTION ReAuthentication T imer (in seconds) S pecify how often wireless stations have to reenter usernames and passwords in order to stay connected. En[...]
-
Страница 113
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 112 7.16 MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association). Every Ethernet device has a uniq ue MAC (Media Access Control) address. The[...]
-
Страница 114
ZyAIR G-2000 Plus User’s Guide 113 Chapter 7 Wireless Security Figure 41 MAC Addres s Filter The following table describes the labels in this menu. Table 31 MAC Address F ilter LABEL DESCRIPTION Active Select Ye s from the drop down list box to enable MAC address filtering. Filter Action Define the filt er action for t he list of MAC addresses in[...]
-
Страница 115
ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 114 C HAPTER 8 Internal RADIUS Server This chapter describes how to u se the internal RADIUS server to authenticate wireless clients or other AP’ s in other wireless networks .For more backg round information on RA DIUS, see section 7.9 . 8.1 Internal RADIUS Overview The ZyAIR has[...]
-
Страница 116
ZyAIR G-2000 Plus User’s Guide 115 Chapter 8 Internal RADIUS Server Figure 42 ZyAIR Authenticates Wireless S tations Figure 43 ZyAIR as a RADIUS server Other AP’s ZyAIR Authenic ates other AP’s Table 32 Internal RADI US Server LABEL DESCRIPTION Setting Use the Setting screen to di splay information about the ZyAIR’s certificate and to activ[...]
-
Страница 117
ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 116 8.2 Internal RADIUS Server Setting The INTERNAL RADIUS SER VER Setting screen displays inform ation about certificates. The certificates are used by wirele ss clients to authenticate the RADIUS server . Information matching the certificate is held on the wireless clients utility[...]
-
Страница 118
ZyAIR G-2000 Plus User’s Guide 117 Chapter 8 Internal RADIUS Server Figure 44 Internal RADIUS Server Setting Screen The following table describes the labels in this screen. Table 33 My Certificates LABEL DESCRIPTION Active Select the Active checkbox to have t he ZyAIR us e its internal RADIUS server to authenticate wireless clients or other AP’[...]
-
Страница 119
ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 118 8.3 T rusted AP Overview A trusted AP is an AP that uses the ZyAIR’ s internal RADIUS server to authenticate it’ s wireless clients. The following shows how this is done in two phases. Figure 45 ZyAIR RADIUS Server Wireless clients. Y o u can authenticate a maximum of 32 wir[...]
-
Страница 120
ZyAIR G-2000 Plus User’s Guide 119 Chapter 8 Internal RADIUS Server 2 Configure wireless client user names and passwords in the T rusted Users database to use a trusted AP as a relay between the RADIUS se rver and the wireless clie nts. The wireless clients can then be authenti cated by the RADIUS server . 8.4 Configuring T rusted AP T o configur[...]
-
Страница 121
ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 120 8.5 T rusted Users Overview A trusted user is a wireless client within the ZyAIR’ s wireless network. 8.6 Configuring T rusted Users T o change your ZyA IR’ s trusted users, click the AUTH SERVER link under ADV ANCED and then the T rusted User s tab. The screen appears as sh[...]
-
Страница 122
ZyAIR G-2000 Plus User’s Guide 121 Chapter 8 Internal RADIUS Server Figure 47 T rusted Users Screen The following table describes the labels in this screen. Table 35 Trusted U sers LABEL DESCRIPTION # This field displays the trusted user index number . Active Select this checkbox to have the ZyAIR aut hen ticate wireless clie nts with the same us[...]
-
Страница 123
ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 122 Apply Click Apply to save your change s back to the ZyAIR. Reset Click Reset to begin configurin g this screen afresh. Table 35 Trusted U sers LABEL DESCRIPTION[...]
-
Страница 124
ZyAIR G-2000 Plus User’s Guide 123 Chapter 8 Internal RADIUS Server[...]
-
Страница 125
ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 124 C HAPTER 9 WA N This chapter describes how to configure W AN settings. 9.1 W AN Overview A W AN (Wide Area Network) is an outside conn ection to another network or t h e Internet. See the W izard Setup chapte r fo r more background information on most fields in the W AN screens. Background informat[...]
-
Страница 126
ZyAIR G-2000 Plus User’s Guide 125 Chapter 9 WA N Figure 48 Ethernet Encapsulation The following table describes the labels in this screen. Table 36 Ethernet Encapsulat ion LABEL DESCRIPTION Encapsulation Y ou must choo se the Ethernet option when the WAN port is used as a regular Ethernet. Service T ype Choose from Standar d , Te l s t r a (Road[...]
-
Страница 127
ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 126 Figure 49 Ethernet Encapsulation The following table describes the labels in this screen. Table 37 Ethernet Encapsulat ion LABEL DESCRIPTION Encapsulation Y ou must choose the Ethernet optio n when the WAN port is used as a regular Ethernet. Service T ype Choose fr om Stand a rd , Te l s t r a (Roa[...]
-
Страница 128
ZyAIR G-2000 Plus User’s Guide 127 Chapter 9 WA N For the service provider , PPPoE of fers an acces s and authentication method that works with existing access control systems (for exampl e Radius). PPPoE provides a login and authentication method that the existing Microsoft Dial-Up Networ king software ca n activate, and therefore requires no ne[...]
-
Страница 129
ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 128 Figure 50 PPPoE Encapsulation The following table describes the labels in this screen. Table 38 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up c onnection using PPPo E. The ZyAIR supports PPPoE (Point-to- Poin t [...]
-
Страница 130
ZyAIR G-2000 Plus User’s Guide 129 Chapter 9 WA N 9.2.3 PPTP Encap sulation Point-to-Point T unneling Protocol (PP TP) is a ne twork protocol that enables secure transfer of data from a remote client to a private server , creating a V irtual Private Network (VPN) using TCP/IP-based networks. PP TP supports on-demand, multi-protoco l and virtual p[...]
-
Страница 131
ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 130 Figure 51 PPTP Encapsulation The following table describes the labels in this screen. Table 39 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation Point-to-Point T unneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote cl[...]
-
Страница 132
ZyAIR G-2000 Plus User’s Guide 131 Chapter 9 WA N 9.3 TCP/IP Priority (Metric) The metric represents the "cost of transmissi on". A router determines the best route for transmission by choosing a path with the lowest "cost". RI P routing uses hop count as the measurement of cost, with a minimum of "1" for directly co[...]
-
Страница 133
ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 132 Figure 52 WA N : IP The following table describes the labels in this screen. Table 40 WAN: I P LABEL DESCRIPTION W AN IP Address Assignmen t Get automatically from ISP Select this option If your ISP did not assi gn you a fixed IP address. This is the default selection. Use fixed IP address Select t[...]
-
Страница 134
ZyAIR G-2000 Plus User’s Guide 133 Chapter 9 WA N Network Address T ransla tion Network Address T ransl ation (NA T) allows the translation of an Internet protocol address used wi thin one n etw ork (for example a private IP add ress used in a local network) to a different IP address known wi thin another netwo rk (for example a public IP address[...]
-
Страница 135
ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 134 9.5 Configuring W AN MAC T o change your ZyAIR’ s W AN MAC settings, click WA N , then the WA N M A C tab. The screen appears as shown. Figure 53 MAC Setup The MAC address screen allows users to conf igure the W AN port's MAC address by either using the factory default or cloning the MAC add[...]
-
Страница 136
ZyAIR G-2000 Plus User’s Guide 135 Chapter 9 WA N Otherwise, click Spoof this computer's MAC addr ess - IP Address and enter the IP address of the computer on the LAN w hose MAC you ar e cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the[...]
-
Страница 137
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 136 C HAPTER 10 Single User Account (SUA) / Network Address T r anslation (NA T) This chapter discusses how to configure SUA/NA T on the ZyAIR. 10.1 NA T Overview NA T (Netw ork Address T rans lation - NA T , RFC 1631) is the tra nslation o[...]
-
Страница 138
Note: NA T never changes the IP address (either local or global) of an outside ho st. ZyAIR G-2000 Plus User’s Guide 137 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) 10.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP address in a packet received from a subscriber (the inside local address) to anot[...]
-
Страница 139
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 138 Figure 54 How NA T Works 10.1.4 NA T Application The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the ZyAIR can co mmunicate with three distinct W AN networks. M[...]
-
Страница 140
ZyAIR G-2000 Plus User’s Guide 139 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) Figure 55 NA T Application With IP Alias 10.1.5 NA T Mapping T ypes NA T sup ports five types of IP/port mapping. They are: • One to One : In One-to-One mode, the ZyAIR maps on e local IP addres s to one global IP address. • Many to On[...]
-
Страница 141
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 140 The following table summarizes these types. Table 42 NAT Mapping Types TYPE IP MAPPING SMT ABBREVIA TION One-to-One ILA1 ÅÆ IGA1 1-1 Many-to-One (SUA/P A T) IL A1 ÅÆ IGA1 ILA2 ÅÆ IGA1 … M-1 Many-to-Many Overload ILA1 ÅÆ IGA1 I[...]
-
Страница 142
ZyAIR G-2000 Plus User’s Guide 141 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) Y ou may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server . The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases[...]
-
Страница 143
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 142 The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also re fer to the Supporting CD for more examples and details on SUA/NA T. Table 43 Services[...]
-
Страница 144
ZyAIR G-2000 Plus User’s Guide 143 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) Figure 56 Multiple Servers Be hind NA T Example 10.4 Configuring SUA Server Note: If you do not assign a Default Server IP Address, the ZyAIR discards all p ackets received for port s that are not specified in this screen or remote mana ge[...]
-
Страница 145
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 144 Figure 57 SUA/NA T Setup The following table describes the labels in this screen. Table 44 SUA/NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specifi ed services, NA T supports a default server . A default ser[...]
-
Страница 146
ZyAIR G-2000 Plus User’s Guide 145 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) 10.5 Configuring Address Mapping Ordering your rules is important because the Zy AIR applies the rules in the order that you specify . When a rule matches the c urrent pack et, the ZyAIR takes the corresponding action and the remaining rul[...]
-
Страница 147
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 146 Figure 58 Address Mapping The following table describes the labels in this screen. Table 45 Address Mapp ing LABEL DESCRIPTION Local S tart IP This refers to the Inside Local Address (ILA), which is the starting local IP address. If the[...]
-
Страница 148
ZyAIR G-2000 Plus User’s Guide 147 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) 10.5.1 Configuring Address Mapping T o edit an address mapping rule, select the radio button of a rule and click the Edit button to display the screen shown next. Figure 59 Address Mapping Edit The following table describes the labels in t[...]
-
Страница 149
ZyAIR G-2000 Plus User’s Guide Chapter 10 Sin gle User A ccount (SUA ) / Network Ad dress Transla tion (NAT) 1 48 10.6 T rigger Port Forwarding Some services use a dedicated range of ports on the client side and a dedica ted range of ports on the server side. W ith regular port forwarding you set a forwarding port in NA T to forward a service (co[...]
-
Страница 150
ZyAIR G-2000 Plus User’s Guide 149 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) Figure 60 T rigger Port Forwarding Process: Example 1 Jane requests a file from the Real Audio server (port 7070). 2 Port 7070 is a “trigger” port and causes the Zy AIR to record Jane’ s computer IP address. The ZyAIR associates Jane[...]
-
Страница 151
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 150 Figure 61 T rigger Port The following table describes the labels in this screen. Table 47 Trigger Port LABEL DESCRIPTION # This is the rule index number (read-on ly). Name T ype a unique name (up to 15 characters) for identification pur[...]
-
Страница 152
ZyAIR G-2000 Plus User’s Guide 151 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT)[...]
-
Страница 153
ZyAIR G-2000 Plus User’s Guide Chapter 11 Static Route Screens 152 C HAPTER 11 S t atic Route Screens This chapter shows you how to config ure static routes for your ZyAIR. 1 1 .1 St atic Route Overview Each remote node specifies only the network to which the gateway is di rectly connected, and the ZyAIR has no knowle dge of the networks be yond.[...]
-
Страница 154
ZyAIR G-2000 Plus User’s Guide 153 Chapter 11 Static Route Screens Figure 63 S tatic Route The following table describes the labels in this screen. Table 48 Stati c Route LABEL DESCRIPTION # Number of an individual static route. Name Name that describes or identifies this route. Active This field shows whe ther this static route is active ( Ye s [...]
-
Страница 155
ZyAIR G-2000 Plus User’s Guide Chapter 11 Static Route Screens 154 Figure 64 S tatic Route: Edit The following table describes the labels in this screen. Table 49 Static Route: Edit LABEL DESCRIPTION Route Name Enter the n ame of the IP static route. Leave this field blank to delete this static route. Active This field allows you to activa te /de[...]
-
Страница 156
ZyAIR G-2000 Plus User’s Guide 155 Chapter 11 Static Route Screens[...]
-
Страница 157
ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 156 C HAPTER 12 Remote Management Screens This chapter provides information on the Remote Management screens. 12.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which ZyAIR interface (if any) from which computers. Note: [...]
-
Страница 158
ZyAIR G-2000 Plus User’s Guide 157 Chapter 12 Remot e Manageme nt Screens 1 A filter in SMT menu 3.1 (LAN) or in menu 1 1.5 (W AN) is applied to block a T elnet, FTP or W eb service. 2 Y ou have disabled that service in one of the remote management screens. 3 The IP address in the Secured Client IP field does not match th e client IP address. If [...]
-
Страница 159
ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 158 Figure 65 Remote Management: WWW The following table describes the labels in this screen. Table 50 Remote Management: WWW LABEL DESCRIPTION Server Port Y ou may change the server port number for a service if needed, however you must use the same port number in order to us e t[...]
-
Страница 160
ZyAIR G-2000 Plus User’s Guide 159 Chapter 12 Remot e Manageme nt Screens Figure 66 T elnet Configuration on a TCP/IP Network 12.4 Configuring TELNET Click REMOTE MGMT and the TELNET tab to display the screen as shown. Figure 67 Remote Management: T elnet The following table describes the labels in this screen. Table 51 Remote Management: Telnet [...]
-
Страница 161
ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 160 12.5 Configuring FTP Y ou can upload and download the ZyAIR’ s fi rmware and configuration fil e s using FTP , please see the chapter on firmware and configura tion file maintenance for details. T o use this feature, your computer must have an FTP client. T o change your Zy[...]
-
Страница 162
ZyAIR G-2000 Plus User’s Guide 161 Chapter 12 Remot e Manageme nt Screens 12.6 SNMP Simple Network Management Protocol (SNM P) i s a protocol u sed for exchanging management information b etween network devices. SNMP is a member of the TCP/IP protocol suite. Y our ZyAIR supports SNMP agent functionality , whic h allows a manager station to manage[...]
-
Страница 163
ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 162 An agent is a management software module that resides in a managed de vice (the ZyAIR). An agent translates the local ma nagemen t information from the mana ged device into a form compatible with SNMP . The manager is the co nsole through wh ich network administrators perform[...]
-
Страница 164
ZyAIR G-2000 Plus User’s Guide 163 Chapter 12 Remot e Manageme nt Screens 12.6.3 Configuring SNMP T o change yo ur ZyAIR’ s SNMP settings , click REMOTE MGMT , then the SNMP tab. The screen appears as shown. 6a For intentional reboot : A trap is sent with the message "System reboot by user!" if reboot is done intentional ly , (fo r ex[...]
-
Страница 165
ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 164 Figure 70 Remote Management: SNMP The following table describes the labels in this screen. Table 54 Remote Management: SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community , which is the password for the incoming Ge t and GetNext requests from the m[...]
-
Страница 166
ZyAIR G-2000 Plus User’s Guide 165 Chapter 12 Remot e Manageme nt Screens 12.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on W izard Setup for background information. T o change your ZyAIR’ s DNS settings, click REMOTE MGMT , then the DNS tab. The screen[...]
-
Страница 167
ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 166 12.8 Configuring Security T o change your ZyAIR’ s security settings, clic k REMOTE MGMT , then the Security tab. The screen appears as shown. If an outside user attempts to probe an unsupp orted port on your ZyAIR, an ICMP respo nse packet is automatically returned . This [...]
-
Страница 168
ZyAIR G-2000 Plus User’s Guide 167 Chapter 12 Remot e Manageme nt Screens Figure 72 Security The following table describes the labels in this screen. Table 56 Securi ty LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-repo rting protocol between a host server and a gateway to the Internet. ICMP uses Internet[...]
-
Страница 169
ZyAIR G-2000 Plus User’s Guide Chapter 13 UPnP 168 C HAPTER 13 UP N P This chapter introduces the Universal Plug and Play feature. 13.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectiv ity between devices. A UPnP device can dynamic[...]
-
Страница 170
ZyAIR G-2000 Plus User’s Guide 169 Chapter 13 UPnP All UPnP-enabled devices may communicate freely with eac h other without additional configuration. Disable UPnP if this is not your intention. 13.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from th e Universal Plug and Play Forum Creates UPnP™ Implementers Corp. (UIC). ZyXEL' s [...]
-
Страница 171
ZyAIR G-2000 Plus User’s Guide Chapter 13 UPnP 170 Figure 73 Configuring U PnP The following table describes the labels in this screen. Table 57 Configuring U PnP LABEL DESCRIPTION Enable the Universal Plug and Play (UPnP) feature Select this checkbox to activate UPnP . Be aware that anyone could use a UPnP application to open the web co nfigurat[...]
-
Страница 172
ZyAIR G-2000 Plus User’s Guide 171 Chapter 13 UPnP 13.4.1 Inst alling UPnP in Windows Me Follow the steps below to in stall UPnP in W indows Me. 1 Click St a r t and Control Panel . Double- click Add/Remove Programs . 2 Click on the Win d ow s S et u p ta b and select Communication in the Components selection box. Click Details . 3 In the Communi[...]
-
Страница 173
ZyAIR G-2000 Plus User’s Guide Chapter 13 UPnP 172 13.4.2 Inst alling UPnP in Windows XP Follow the steps below to install UPnP in W indows XP . 1 Click St a r t and Contr ol Panel . 2 Double-click Network Connections . 3 In the Network Connections window , click Advanced in the main menu and select Optional Networking Components … . 4 The W in[...]
-
Страница 174
ZyAIR G-2000 Plus User’s Guide 173 Chapter 13 UPnP 13.5 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in W indows XP . Y ou must already hav e UPnP installed in W indows XP and UPnP activated on the ZyXEL devi ce. Make sure the computer is co nnected to a LAN port of the ZyXEL device. T urn on your computer [...]
-
Страница 175
ZyAIR G-2000 Plus User’s Guide Chapter 13 UPnP 174 13.5.1 Auto-discover Y our UPnP-enabled Network Device 1 Click St a r t and Control Panel . Double-click Network Connections . An icon displays under Internet Gateway . 2 Right-click the icon and select Prop erties . 3 In the Internet Connection Properties window , click Settings to see the port [...]
-
Страница 176
ZyAIR G-2000 Plus User’s Guide 175 Chapter 13 UPnP 13.5.2 We b Configurator Easy Access W ith UPnP , you can access the web-based configur ator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device. Follow the steps below to access the web configurat[...]
-
Страница 177
1 Click St a r t and then Control Pan e l . 2 Double-click Network Connections . 3 Select My Network Places under Other Places . 4 An icon with the d escription for each UPnP-enabled device display s under Local Network . 5 Right-click the icon for your ZyXEL device and select Invoke . The web configurator login screen displays. 6 Right-click the i[...]
-
Страница 178
ZyAIR G-2000 Plus User’s Guide 177 Chapter 13 UPnP Follow the steps below to access the web configurator . 1 Click Start and then Control Panel. 2 Double-click Network Connections . 3 Select My Network Places under Other Places . 4 An icon with the d escription for each UPnP-enabled device display s under Local Network . 5 Right-click the icon fo[...]
-
Страница 179
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 178 C HAPTER 14 Firewalls This chapter gives some background info rmation on firewalls and introduces the ZyAIRZyAIR firewall. 14.1 Firewall Overview Originally , the term fir ewall referred to a construction techni que designed to prevent the spread of fire from one room to another . The ne two[...]
-
Страница 180
ZyAIR G-2000 Plus User’s Guide 179 Chapter 14 Firewalls 1 Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the applicatio n gateway is the only host whose name must be made known to outside systems. 2 Robust authentication and logging pre-authenticates application traffic before it [...]
-
Страница 181
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 180 Figure 74 ZyAIR Firewall Application 14.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks w ith a connection to the Internet. Their goal is not to st eal information, but to disabl e a device or netwo rk so users no longer have access to network resourc e[...]
-
Страница 182
ZyAIR G-2000 Plus User’s Guide 181 Chapter 14 Firewalls 14.4.2 T ypes of DoS Att acks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing. •" Ping of Death " an[...]
-
Страница 183
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 182 Figure 75 Three-W ay Handshake Under normal circumstances, the applica tion that initiates a session sends a SYN (synchronize) packet to the receiving server . The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the in itiator responds with an ACK (acknowledgment[...]
-
Страница 184
ZyAIR G-2000 Plus User’s Guide 183 Chapter 14 Firewalls Figure 76 SYN Flood b In a LAND Attack , hackers flood SYN packets into the network with a spoofed source IP address of th e targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unav ailable while the tar get system tries to r espond to [...]
-
Страница 185
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 184 Figure 77 Smurf Attack 14.4.2.1 ICMP V ulnerability ICMP is an error -reporting protocol that work s in concert with IP . The following ICMP types trigger an alert: Table 59 ICMP Commands That T rigger Alert s 5 REDIRECT 13 TIMEST AMP_REQUEST 14 TIMEST AMP_REPL Y 17 ADDRESS_MASK_REQUEST 18 A[...]
-
Страница 186
ZyAIR G-2000 Plus User’s Guide 185 Chapter 14 Firewalls 14.5 S tateful Inspection W ith stateful inspection, fields of the packets are compared to packets that a re already known to be trusted. For example, if you access some outside service, the proxy server remembe rs things about your original requ e st, like the port number and source and des[...]
-
Страница 187
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 186 3 The firewall inspects packets to dete rmine and record information about the state of the packet's connection. This inform ation is recorded in a new st ate table entry created for the new connection. If there is not a firewall rule fo r this packet and it is not an attack, then the s[...]
-
Страница 188
ZyAIR G-2000 Plus User’s Guide 187 Chapter 14 Firewalls Below is a brief technical description of how th ese connections are tracked. Connections may either be defined by the uppe r protocols (for instance, TCP), or by the Zy AIR itself (as with the "virtual connections" created for UDP and ICMP). 14.5.3 TCP Security The ZyAIR uses stat[...]
-
Страница 189
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 188 14.5.5 Upper Layer Protocols Some higher layer protocols (such as FTP and RealAudio) utilize multiple network connections simultaneous ly . In gene ral terms, they usually hav e a "control connection " which is used for sending commands between endpoints, and then "data connec[...]
-
Страница 190
ZyAIR G-2000 Plus User’s Guide 189 Chapter 14 Firewalls 14.7.1 Packet Filtering: • The router filters packets as they pass through the router’ s interface according to the filter rules you designed. • Packet filtering is a powerful tool, yet ca n be complex to configure and maintain, especially if you need a chain of rules to filter a servi[...]
-
Страница 191
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 190 6 The firewall can block specific URL traffic th at might occur in the future. The URL can be saved in an Access Control List (ACL) database.[...]
-
Страница 192
ZyAIR G-2000 Plus User’s Guide 191 Chapter 14 Firewalls[...]
-
Страница 193
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 192 C HAPTER 15 Firewall Screens This chapter shows you how to configure your ZyAIR firewall. 15.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your ZyAIR has to of fer . For this reason, it is reco ZyAIRmmended that you configure [...]
-
Страница 194
ZyAIR G-2000 Plus User’s Guide 193 Chapter 15 Fi rewall Screens Y ou may define additional rules and sets or m odify existing ones but please exercise extreme caution in doing so. Note: If you configure firewall rules with out a good understand ing of how they work, you might inadvertently introduce security risks to the firewa ll and to the prot[...]
-
Страница 195
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 194 15.3.2 Security Ramifications Once the logic of the rule has been defined, it is critical to consider th e security ramifications created by the rule: 1 Does this rule stop LAN us ers from accessing critical reso urces on the Internet? For example, if IRC is blocke d, are th ere us [...]
-
Страница 196
ZyAIR G-2000 Plus User’s Guide 195 Chapter 15 Fi rewall Screens 15.4 Connection Direction Examples This section describes examples for firewall ru les for connections go ing from LAN to W AN and from W AN to LAN. LAN to LAN/ZyAIR and W AN to W AN/ZyAIR ru les apply to pa ckets coming in on the associated interface (LAN or W AN respectiv ely). LAN[...]
-
Страница 197
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 196 Figure 80 W AN to LAN T raffic 15.5 Alert s Alerts are reports on events, such as attacks, that you may want to know about right away . Y ou can choose to generate an alert when a rule is matched in the Edit Rule screen ( Figure 83 ) . Configure the Log Settings screen to have the Z[...]
-
Страница 198
ZyAIR G-2000 Plus User’s Guide 197 Chapter 15 Fi rewall Screens Figure 81 Default Rule The following table describes the labels in this screen. Table 60 Defaul t Rule LABEL DESCRIPTION Enable Firewall Select this check box to activate the fi rewall. The ZyAIR performs access co ntrol and protects against Denial of Ser vice (DoS ) attacks when the[...]
-
Страница 199
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 198 Figure 82 Rule Summary The following table describes the labels in this screen. Table 61 Rule Summary LABEL DESCRIPTION Firewall Rules S torage Sp ace in Use This read-only bar shows how much of th e ZyAIR's memory for recording firewall rules it is currently using. When you ar[...]
-
Страница 200
ZyAIR G-2000 Plus User’s Guide 199 Chapter 15 Fi rewall Screens 15.6.2 Configuring Firewall Rules Follow these directions to create a new rule. 1 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type 6, your ne w rule becomes nu mber 6 and the previous rule 6 (if there is one) becomes rule [...]
-
Страница 201
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 200 Figure 83 Creating/Editing A Firewall Rule[...]
-
Страница 202
ZyAIR G-2000 Plus User’s Guide 201 Chapter 15 Fi rewall Screens The following table describes the labels in this screen. Table 62 Creating/Editing A Firewall Rule LABEL DESCRIPTION Edit Source/Destination Address Address T ype Do you want your rule to apply to packets with a particular (single) IP , a range of IP addresses (e.g., 192.168.1.10 to [...]
-
Страница 203
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 202 15.6.3 Configuring Custom Services Configure customized ports for services not predefined by the ZyAIR (See “Predefined Services” on page 206 for a list of predefined services) . For a comprehensive list of port numbers and services, visit the IANA (Intern et Assigned Number Aut[...]
-
Страница 204
ZyAIR G-2000 Plus User’s Guide 203 Chapter 15 Fi rewall Screens 15.7 Example Firewall Rule The following Internet firewa ll rule example allows a hypot hetical My Service connection from the Internet. 1 Click the FIREW ALL link and then the Rule Summary tab. Select WA N t o L A N from the Packet Dir ec tion drop-down list box. Figure 85 Rule Summ[...]
-
Страница 205
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 204 Figure 86 Rule Edit Example 6 In the Edit Rule screen, click Add under Custom Service to open the Edit Custom Service screen. Configure it as follows and click Apply . Figure 87 Edit Custom Service Example 7 In the Edit Rule screen, use the arrows between A vailable Services and Sel[...]
-
Страница 206
ZyAIR G-2000 Plus User’s Guide 205 Chapter 15 Fi rewall Screens Figure 88 My Service Rule Configuration[...]
-
Страница 207
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 206 Figure 89 My Service Example Rule Summary Rule 1: Allows a My Service connection fro m the W AN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. 15.8 Predefined Services The A vailable Services list box in the Edit Rule screen ( Figure 83 ) displays all predefined services th[...]
-
Страница 208
ZyAIR G-2000 Plus User’s Guide 207 Chapter 15 Fi rewall Screens FTP(TCP:20.21) File Transfer Program, a program to enable fast transfer of files, including large fi les that may not be possible by e-mail. H.323(TCP:1720) NetMeeting uses this protocol. HTTP(TCP:80) Hyper T ext Transfer Protocol – a client/server protocol for the world wide web. [...]
-
Страница 209
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 208 SMTP(TCP:25) Simple Mail T ransfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another . SNMP(TCP/UDP:161) Simple Network Management Program. SNMP-TRAPS(TCP/UDP:162) T raps for use with the SNMP (RFC:1 215).[...]
-
Страница 210
ZyAIR G-2000 Plus User’s Guide 209 Chapter 15 Fi rewall Screens[...]
-
Страница 211
ZyAIR G-2000 Plus User’s Guide Chapter 16 Content Filtering 210 C HAPTER 16 Content Filtering This chapter provides a brief overview of co ntent filtering using the embedded W ebGUI. 16.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to their needs. Content filterin[...]
-
Страница 212
ZyAIR G-2000 Plus User’s Guide 211 Chapter 16 Conte nt Filtering Figure 90 Content Filter The following table describes the labels in this screen. Table 65 Content Filter LABEL DESCRIPTION Restrict Web Features Select the box(es) to restri ct a feature. When you download a page containing a restricted feature, that pa rt of the web page will app [...]
-
Страница 213
ZyAIR G-2000 Plus User’s Guide Chapter 16 Content Filtering 212 Keyword T ype a keyword in this field. Y ou may use any character (up to 64 characters). Wildcards are not allowed. Y ou can also enter a numerical IP address. Keyword List This list displays the keywords a lready added. Add Click Add af ter you have typed a keyword. Repeat this proc[...]
-
Страница 214
ZyAIR G-2000 Plus User’s Guide 213 Chapter 16 Con tent Filter ing[...]
-
Страница 215
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 214 C HAPTER 17 Certificates This chapter gives background in formation about public-key certificates and explains how to use them. 17.1 Certificates Overview The ZyAIR can use certificates (also called digita l IDs) to authenticate users. Certificates are based on public-private key pairs. A[...]
-
Страница 216
ZyAIR G-2000 Plus User’s Guide 215 Chapter 17 Certificates 17.1.1 Advant ages of Certificates Certificates offer th e following benefits. • The ZyAIR only has to store the certificates of the certification authorities that you decide to trust, no matter how many de vices you need to authenticate. • Key distribution is simple and very secure s[...]
-
Страница 217
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 216 Figure 91 My Certificates The following table describes the labels in this screen. Table 66 My Certificates LABEL DESCRIPTION PKI S torage S pace in Use This bar displays the percentage of the ZyAI R’s PKI storage space that is currently in use. When you are using 80% or less of the sto[...]
-
Страница 218
ZyAIR G-2000 Plus User’s Guide 217 Chapter 17 Certificates Ty p e This field displays what kind of certificate this is. REQ represents a certification request an d is not yet a valid certificate. Send a certification request to a certification authority , which then issues a certificate. Use the My Certificate Import screen to import the certific[...]
-
Страница 219
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 218 17.5 Certificate File Format s The certification authority certific ate that yo u want to import ha s to be in one of these file formats: • Binary X.509: This is an ITU-T recommen dation that defines th e formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Priv acy Enh[...]
-
Страница 220
ZyAIR G-2000 Plus User’s Guide 219 Chapter 17 Certificates Figure 92 My Certificate Import The following table describes the labels in this screen. Table 67 My Certificate Import LABEL DESCRIPTION File Path T ype in the locati on of the file you w ant to upload i n this field or click Browse to find it. Browse Click Browse to find the certificate[...]
-
Страница 221
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 220 Figure 93 My Certificate Create[...]
-
Страница 222
ZyAIR G-2000 Plus User’s Guide 221 Chapter 17 Certificates The following table describes the labels in this screen. Table 68 My Certificate Create LABEL DESCRIPTION Certificate Name T ype up to 31 ASCII characters (not includin g spaces) to identif y this certifi cate. Subject Information Use these fields to record information that identifies the[...]
-
Страница 223
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 222 After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyAIR is generating the self-signed cer tificate or certification request. After the ZyAIR successfully enrolls a certificate or generates a certification request or a se lf- signed certificate,[...]
-
Страница 224
ZyAIR G-2000 Plus User’s Guide 223 Chapter 17 Certificates Figure 94 My Certificate Deta ils[...]
-
Страница 225
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 224 The following table describes the labels in this screen. Table 69 My Certificate Det ails LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certifica te. Y ou may use any character[...]
-
Страница 226
ZyAIR G-2000 Plus User’s Guide 225 Chapter 17 Certificates 17.9 T rusted CAs Click CER TIFICA TES , T rus ted CAs to open the T rusted CAs screen. This screen displays a summary list of certificates of the certifica tion authorities that you have set the ZyAIR to accept as trusted. The ZyAIR accepts any valid certificate signed by a certification[...]
-
Страница 227
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 226 Figure 95 T rusted CAs The following table describes the labels in this screen. Table 70 Tr u s t ed C As LABEL DESCRIPTION PKI S torage S pace in Use This bar displays the percentage of the Zy AIR’s PKI storage space that is currently in use. When yo u are using 80% or less of the stor[...]
-
Страница 228
ZyAIR G-2000 Plus User’s Guide 227 Chapter 17 Certificates 17.10 Importing a T rusted CA ’ s Certificate Click CER TIFICA TES , T rusted CAs to open the Tr u s t e d C A s scree n and then click Import to open the T rusted CA Import screen. Follow the instructions in this screen to save a trusted certification authority’ s certificat e to the[...]
-
Страница 229
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 228 17.1 1 T rusted CA Certificate Det ails Click CER TIFICA TES , T rusted CAs to open the Tr u s t e d C A s screen. Click the details icon to open the T rusted CA Details screen. Use this screen to view in-depth information about the certification authority’ s certificate, ch ange the ce[...]
-
Страница 230
ZyAIR G-2000 Plus User’s Guide 229 Chapter 17 Certificates Figure 97 T rusted CA Details[...]
-
Страница 231
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 230 The following table describes the labels in this screen. Table 72 T rusted CA Details LABEL DESCRIPTION Name This field displays the iden tifying name of this certificate. If you w ant to change the name, type up to 31 characters to identify this key cert ificat e. Y ou may use any charac[...]
-
Страница 232
ZyAIR G-2000 Plus User’s Guide 231 Chapter 17 Certificates Key Algorithm This field displays the type of algorithm that was used to generate th e certificate’s key p air (the ZyAIR uses R SA encryp tion) and the le ngth of the key set in bits (1024 bits for example). Subject Alternative Name This field displays the certificate’s ow ner‘s IP[...]
-
Страница 233
ZyAIR G-2000 Plus User’s Guide Chapter 18 Log Screen s 232 C HAPTER 18 Log Screens This chapter contains inform ation about configuring genera l log settings and viewing the ZyAIR’ s logs. Refer to the appendix for example log message explanations. 18.1 Configuring V iew Log The web confi gurator allows you to look at all of the ZyAIR’ s logs[...]
-
Страница 234
ZyAIR G-2000 Plus User’s Guide 233 Chapter 18 Log Screens 18.2 Configuring Log Settings T o change your ZyA IR’ s log settings, click the LOGS links under ADV ANCED and then the Log Settings tab. The screen appears as shown. Use the Log Settings screen to configure to where the ZyAIR is to send the logs; the schedule for when the ZyAIR is to se[...]
-
Страница 235
ZyAIR G-2000 Plus User’s Guide Chapter 18 Log Screen s 234 Figure 99 Log Settings[...]
-
Страница 236
ZyAIR G-2000 Plus User’s Guide 235 Chapter 18 Log Screens The following table describes the labels in this screen. Table 74 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and ale rt messages will not be s[...]
-
Страница 237
ZyAIR G-2000 Plus User’s Guide Chapter 18 Log Screen s 236 18.3 Configuring Report s The Reports p age displays which computers on the LAN send and receive the most traffic, what kinds of traffic a re used the most and whic h web sites are visited the most often. Use the Reports screen to have the ZyAIR record and di splay the following network u[...]
-
Страница 238
ZyAIR G-2000 Plus User’s Guide 237 Chapter 18 Log Screens Figure 100 Report s Note: Enabling the ZyAIR’ s reporting function decreases the overall throughput by about 1 Mbp s. The following table describes the labels in this screen. Table 75 Report s LABEL DESCRIPTION Report T ype Use the drop-down list box to select the type of reports to disp[...]
-
Страница 239
Note: All of the recorded report s data is e rased when you turn off the Z y AIR. ZyAIR G-2000 Plus User’s Guide Chapter 18 Log Screen s 238[...]
-
Страница 240
ZyAIR G-2000 Plus User’s Guide 239 Chapter 18 Log Screens[...]
-
Страница 241
ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 240 C HAPTER 19 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 19.1 Maintenance Overview The maintenanc e screens can help you view system inform a tion, upload new firmware, manage configuratio n and restart your ZyA[...]
-
Страница 242
ZyAIR G-2000 Plus User’s Guide 241 Chapter 19 Maintenance Figure 101 System S t atus The following table describes the labels in this screen. Table 76 System Status LABEL DESCRIPTION System Name This is the System Name you chose in th e first Internet Access Wizard screen. It is for identi fication purp oses Model Name The model name identifies y[...]
-
Страница 243
ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 242 19.2.1 System St atistics Read-only information here incl udes port status, packet specific statistics and bridge link status. Also provided are "system up time" and "poll interval(s)". The Poll Interval field is configurable. Figure 102 System S t atus: Show St atistic[...]
-
Страница 244
ZyAIR G-2000 Plus User’s Guide 243 Chapter 19 Maintenance Click MAINTENANCE , and then the DHCP T able tab. Read-only information here relates to your DHCP status. The DHCP table shows cu rrent DHCP Client information (including IP Address , Host Name and MAC Address ) of all network clients using the DHCP server . Figure 103 Maintenance DHCP T a[...]
-
Страница 245
ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 244 Figure 104 Association List The following table describes the labels in this screen. Table 79 Association List LABEL DESCRIPTION # This is th e index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association T i[...]
-
Страница 246
ZyAIR G-2000 Plus User’s Guide 245 Chapter 19 Maintenance Figure 105 Firmware Upload The following table describes the labels in this screen. Table 80 Firmware Uplo ad LABEL DESCRIPTION File Path T ype in the locati on of the file yo u want to up load in this field or cl ick Browse ... to find i t. Browse... Click Browse.. . to find the .bin file[...]
-
Страница 247
ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 246 Figure 106 Firmware Upload In Process The ZyAIR automatically restarts in this tim e causing a temporary network discon nect. In some operating systems, you may see the following icon on your desktop. Figure 107 Network T emporarily Disconnecte After two minutes, log in again and check you[...]
-
Страница 248
ZyAIR G-2000 Plus User’s Guide 247 Chapter 19 Maintenance Figure 108 Firmware Upload Error 19.6 Configuration Screen See the Firmwar e and Configura tion File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE , and then the Configuration tab. Information related to factory defaults, backup co nfig[...]
-
Страница 249
ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 248 Figure 109 Configuration 19.6.1 Backup Configuration Backup configuration allows yo u to back up (sav e) the ZyAIR’ s current configuration to a file on your computer . Once your ZyAIR is co nfigured and functio ning properly , it is highly recommended tha t you back up your configuratio[...]
-
Страница 250
ZyAIR G-2000 Plus User’s Guide 249 Chapter 19 Maintenance After you see a “restore configuration successf ul” screen, you must then wa it one minute before logging into the ZyAIR again. Figure 1 10 Configuration Upload Successful The ZyAIR automatically restarts in this tim e causing a temporary network discon nect. In some operating systems,[...]
-
Страница 251
ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 250 Figure 1 12 Configuration Upload Error 19.6.3 Back to Factory Default s Pressing the Reset button in this section clears al l user-e ntered configuration information and returns the ZyAIR to its factory defaults as sh own on the screen. The following warning screen will appear . Figure 1 1[...]
-
Страница 252
ZyAIR G-2000 Plus User’s Guide 251 Chapter 19 Maintenance Figure 1 14 Rest art Screen[...]
-
Страница 253
ZyAIR G-2000 Plus User’s Guide Chapter 20 Intro ducing the SMT 252 C HAPTER 20 Introducing the SMT This chapter explains how to access and naviga te the System Management T erminal and gives an overview of its menus. 20.1 SMT Introduction The ZyAIR’ s SMT (System Manage ment T erminal) is a menu-driven interface that you can access from a termi[...]
-
Страница 254
ZyAIR G-2000 Plus User’s Guide 253 Chapter 20 Intro ducing the SMT Please note that if there is no activity for longer than five minutes after you log in, your ZyAIR will automatically log you out. Figure 1 16 Login Screen Enter Password : **** 20.3 Changing the System Password Change the ZyAIR default password by following the steps shown next. [...]
-
Страница 255
ZyAIR G-2000 Plus User’s Guide Chapter 20 Intro ducing the SMT 254 Figure 1 18 ZyAIR G-2000 Plu s SMT Menu Overview Example 20.5 Navigating the SMT Interface The SMT (System Manage ment T erminal) is the interface that you use to configure your ZyAIR. Several operations that you should be fam iliar with before you a ttempt to modify the configura[...]
-
Страница 256
ZyAIR G-2000 Plus User’s Guide 255 Chapter 20 Intr oducing the SMT After you enter the password, the SMT di splays the main menu, as shown next. Move to a “hidde n” menu Press [SP ACE BAR] to change No to Ye s then press [ENTER]. Fields beginning with “Ed it” lead to hidden menus and have a default setting of No . Press [SP ACE BAR] once [...]
-
Страница 257
ZyAIR G-2000 Plus User’s Guide Chapter 20 Intro ducing the SMT 256 Figure 1 19 ZyAIR G-2000 Plus SMT Main Menu Copyright (c) 1 994 - 2004 ZyXEL Communications Corp. ZyAIR G-2000PLUS Main Menu Getting Started Advanced Management 1. General Setup 21. Filter and Firewall S etup 2. WAN Setup 22. SNMP Configuration 3. LAN Setup 23. System Security 4. [...]
-
Страница 258
ZyAIR G-2000 Plus User’s Guide 257 Chapter 20 Intro ducing the SMT Change the ZyAIR default password by following the steps shown next. 1 Enter 23 in the main menu to display Menu 23 - System Securi ty as shown next. Figure 120 Menu 23: System Security Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x 2 Enter 23.1 in the[...]
-
Страница 259
ZyAIR G-2000 Plus User’s Guide Chapter 21 General Setup 258 C HAPTER 21 General Setup The chapter shows you th e information on gene ral setup. 21.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purpo ses. However , because some ISPs check th[...]
-
Страница 260
ZyAIR G-2000 Plus User’s Guide 259 Chapter 21 General Setup Figure 122 Menu 1 General Setup Menu 1 - General Setup System N ame= G-2000PLUS Domain N ame= First Sy stem DNS Server= From ISP IP Add ress= N/A Second S ystem DNS Server= From ISP IP Add ress= N/A Third Sy stem DNS Server= From ISP IP Add ress= N/A Edit Dyn amic DNS= No Press EN TER to[...]
-
Страница 261
ZyAIR G-2000 Plus User’s Guide Chapter 21 General Setup 260 21.1.2 Procedure to Configure Dynamic DNS Note: If you have a private W AN IP address, then you can not use Dynamic DNS T o configure Dynamic DNS, go to Menu 1 — General Setup and select Ye s in the Edit Dynamic DNS field. Press [ ENTER ] to display Menu 1.1— Configur e Dynamic DNS a[...]
-
Страница 262
ZyAIR G-2000 Plus User’s Guide 261 Chapter 21 General Setup Enable Wildcards Y our ZyAIR supports DYNDNS Wildcard. Press [SP ACE BAR] and the n [ENTER] to select Ye s or No This field is N/A when you choose DDNS client a s your service provider . Offline This field is only available when CustomDNS is selected in the DDNS T ype field. Press [SP AC[...]
-
Страница 263
ZyAIR G-2000 Plus User’s Guide Chapter 22 Menu 2 WAN Setup 262 C HAPTER 22 Menu 2 W AN Setup This chapter describes how to config ure the W AN using menu 2. 22.1 Introduction to W AN This chapter explains how to configure settings for your W A N port. 22.2 W AN Setup From the main menu, enter 2 to open menu 2. Figure 124 Menu 2 W AN Setup Menu 2 [...]
-
Страница 264
ZyAIR G-2000 Plus User’s Guide 263 Chapter 22 Menu 2 WAN Setup[...]
-
Страница 265
ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 264 C HAPTER 23 LAN Setup This chapter shows you h ow to configure wired Local Area Network (LAN) setti ngs on your ZyAIR. . 23.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup . Fr om the main menu, enter 3 to display menu 3. Figure 125 Menu 3 LAN Set[...]
-
Страница 266
ZyAIR G-2000 Plus User’s Guide 265 Chapter 23 LAN Setu p 23.2 Protocol Dependent Ethernet Setup Depending on the proto cols for your applications, yo u need to configure the respective Ethernet Setup, as outlined below . • For TCP/IP Ethernet setup refer to the Internet Access Application chapte r . • For bridging Ethernet setup refer to the [...]
-
Страница 267
ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 266 Use the instructions in the following table to configure TCP/IP parameters for the LAN port. Table 88 Menu 3.2: LAN TCP/IP Setup Fields FIELD DESCRIPTION TCP/IP Setup: IP Address Enter the IP address of your Zy AIR in dotted decimal notation IP Subnet Mask Y our ZyAIR will automatically cal[...]
-
Страница 268
ZyAIR G-2000 Plus User’s Guide 267 Chapter 23 LAN Setu p 23.3.1 IP Alias Setup IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface. The ZyAIR supports three logical LAN interfaces via its single physical Ethernet interface with the ZyAI R itself as the gate way for each LAN networ[...]
-
Страница 269
ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 268 Figure 129 Menu 3.2.1: IP Alias Setup Me nu 3.2.1 - IP Alias Setup IP Alias 1= No IP Add ress= N/A IP Sub net Mask= N/A RIP Di rection= N/A Vers ion= N/A Incomi ng protocol filters= N/A Outgoi ng protocol filters= N/A IP Alias 2= No IP Add ress= N/A IP Sub net Mask= N/A RIP Di rection= N/A [...]
-
Страница 270
ZyAIR G-2000 Plus User’s Guide 269 Chapter 23 LAN Setu p Figure 130 Menu 3.5 Wire less LAN Setup Me nu 3.5 - Wireless LAN Setup Enable Wireless LAN= Yes ESSID= Wireless Hide ESSID= No Edit MAC Address Filter= No Channel ID= CH06 2437MHz Edit Roaming Configuratio n= No RTS Threshold= 2432 Breathing LED= Yes Frag. Threshold= 2432 Preamble= Long WEP[...]
-
Страница 271
ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 270 23.4.1 Configurin g MAC Address Filter Y our ZyAIR checks the MAC address of the wirele ss station device against a lis t of allowed or denied MAC addresses. However , intruders could fake allowe d MAC addresses so MAC- based authentication is less secu re than EAP authentication. Follow th[...]
-
Страница 272
ZyAIR G-2000 Plus User’s Guide 271 Chapter 23 LAN Setu p 2 Enter 5 to display Menu 3.5 – Wir eles s LAN Setup . Figure 131 Menu 3.5 Wireless LAN Setup Men u 3.5 - Wireless LAN Setup Enable Wireless LAN= Yes ESSID= Wireless Hide ESSID= No Edit MAC Address Filter= Yes Channel ID= CH06 2437MHz Edit Roaming Configuratio n= No RTS Threshold= 2432 Br[...]
-
Страница 273
ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 272 Figure 132 Menu 3.5.1 WLAN MAC Address Filter Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter A ction= Allowed Association -------------------------- ----------------------------------------- ----------- 1= 00:00:00:00:00:00 13= 00:00:00:00:00:00 25= 00:00:00: 00:00:00 2= 00:00:00:00[...]
-
Страница 274
ZyAIR G-2000 Plus User’s Guide 273 Chapter 23 LAN Setup[...]
-
Страница 275
ZyAIR G-2000 Plus User’s Guide Chapter 24 In ternet Access 274 C HAPTER 24 Internet Access This chapter shows you how to config ure your ZyAIR for Internet access . 24.1 Introduction to Internet Access Setup Use information from your ISP along with the in st ructions in this chapter to set up your ZyAIR to access the Internet. There are three di [...]
-
Страница 276
ZyAIR G-2000 Plus User’s Guide 275 Chapter 24 Internet Access Figure 133 Men u 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= Ethernet Servic e Type= Standard My Log in= N/A My Pas sword= N/A Retype to Confirm= N/A Login Server= N/A Relogi n Every (min)= N/A IP Addre ss Assignment= Dynamic IP Add ress= N/A IP Sub net Mask= N[...]
-
Страница 277
ZyAIR G-2000 Plus User’s Guide Chapter 24 In ternet Access 276 24.3 Configuring the PPTP Client Note: T he ZyAIR supports only one PP TP server connection at any given time T o configure a PP TP client, you must configure the My Login and Password fields for a PPP connection and the PP TP parame ters for a PP TP connection. After configuring My L[...]
-
Страница 278
ZyAIR G-2000 Plus User’s Guide 277 Chapter 24 Internet Access Figure 134 Internet Access Setup (PPTP) Men u 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= PPTP Servic e Type= N/A My Log in= My Pas sword= ******** Retype to Confirm= ******** Idle T imeout= 100 IP Addre ss Assignment= Dynamic IP Add ress= N/A IP Sub net Mask= [...]
-
Страница 279
ZyAIR G-2000 Plus User’s Guide Chapter 24 In ternet Access 278 Figure 135 Men u 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= PPPoE Servic e Type= N/A My Log in= My Pas sword= ******** Retype to Confirm= ******** Idle T imeout= 100 IP Addre ss Assignment= Dynamic IP Add ress= N/A IP Sub net Mask= N/A Gatewa y IP Address= N/[...]
-
Страница 280
ZyAIR G-2000 Plus User’s Guide 279 Chapter 24 Internet Access[...]
-
Страница 281
ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 280 C HAPTER 25 Remote Node Configuration This chapter covers remo te node configuration. 25.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gatewa y . A remote node represents both the remote gateway an d the network behind it across[...]
-
Страница 282
ZyAIR G-2000 Plus User’s Guide 281 Chapter 25 Remote Node Configu r ation Figure 136 Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes ISP= No Apply Alias= None Encapsulation= Ethernet Edit IP= No Service Type= Standard Session Options: Service Name= N/A Edit Filter Sets= No Outgoing: My Login= N/A My Password= N/A Ret[...]
-
Страница 283
ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 282 25.2.2 PPPoE Encap sulation The ZyAIR supports PPPoE (Point-t o-Point Protocol over Ethern et). Y ou can only use PPPoE encapsulation when you’re using the ZyAIR with a DSL modem as the W AN device. If you change the Encapsulation to PPPoE, then you will see the next scre[...]
-
Страница 284
ZyAIR G-2000 Plus User’s Guide 283 Chapter 25 Remote Node Configu r ation Figure 137 Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes ISP= No Apply Alias= None Encapsulation= PPPoE Edit IP= No Service Type= Standard Telco Option: Service Name= Allocated Budget(min)= 0 Outgoing: Period(hr)= 0 My Login= Schedules= My Pa[...]
-
Страница 285
ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 284 The following table describes the fields not already described in see T a ble 95 . Table 96 Fields in Menu 11.1 (PPPo E Encapsulation Specific) FIELD DESCRIPTION Service Name If you are usin g PPPoE encapsulation, then type the name of your PPPoE service here. Only valid wi[...]
-
Страница 286
ZyAIR G-2000 Plus User’s Guide 285 Chapter 25 Remote Node Configu r ation Figure 138 Menu 11.1 - Re mote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes ISP= No Apply Alias= None Encapsulation= PPTP Edit IP= No Service Type= Standard Telco Option: Service Name= N/A Allocated Budget(min)= 0 Outgoing: Period(hr)= 0 My Login= Schedules= M[...]
-
Страница 287
ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 286 Figure 139 Menu 1 1.3 Remote Node Network Layer Op tions for Ethernet Encapsulation Menu 11.3 - Remote Node Network Layer Options IP Addre ss Assignment= Dynamic Rem IP A ddr= N/A Rem Subn et Mask= N/A My WAN A ddr= N/A Network Address Translation= SUA Only Metric= 1 Privat[...]
-
Страница 288
ZyAIR G-2000 Plus User’s Guide 287 Chapter 25 Remote Node Configu ration 25.4 Remote Node Filter Move the cu rsor to the field Edit Filter Sets in menu 1 1.1, and then press [SP ACE BAR] to set the value to Ye s . Pre ss [ENTER] to open Menu 1 1.5 - Remote Node Filter . Use menu 11.5 to specify the filter set(s) to apply to the incomi ng and outg[...]
-
Страница 289
ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 288 Figure 140 M Menu 11.5 - Remote Node Filt er Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: enu 1 1.5: Remote Node Filter (Ethernet Encap sulation) Figure 141 Menu 11.5 - Rem[...]
-
Страница 290
ZyAIR G-2000 Plus User’s Guide 289 Chapter 25 Remote Node Configu ration[...]
-
Страница 291
ZyAIR G-2000 Plus User’s Guide Chapter 26 Static Route Setup 290 C HAPTER 26 S t atic Route Setup This chapter shows how to setup IP static routes. 26.1 IP S tatic Route Setup T o configure an IP static route, use Menu 12 – S tatic Routing Setup (shown next). Figure 142 Menu 12 IP S tatic Route Setup Menu 1 2 - IP Static Route Setup 1. ________[...]
-
Страница 292
ZyAIR G-2000 Plus User’s Guide 291 Chapter 26 Static Route Setup Figure 143 Menu12.1 Edit IP S tatic Route Menu 12.1 - Edit IP Static R oute Route #: 1 Route Name= ? Active= No Destination IP Addr ess= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No Press ENTER to Confirm or ES C to Cancel: The following table describes the fields[...]
-
Страница 293
ZyAIR G-2000 Plus User’s Guide Chapter 27 Dial-in User Setup 292 C HAPTER 27 Dial-in User Setup This chapter shows you how to cr eate user accounts on the ZyAIR. 27.1 Dial-in User Setup By storing user profiles locally , your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server . Follow the steps below to [...]
-
Страница 294
ZyAIR G-2000 Plus User’s Guide 293 Chapter 27 Dial-in User Setu p Figure 145 Menu 14.1- Edit Dial-in User Menu 14.1 - Edit Dial-in User User Nam e= tester one Active= Yes Password = ******** Leave name f ield blank to delete profile The following table describes th e fields in this screen. Table 100 Menu 14.1- Edit Dia l-in User FIELD DESCRIPTION[...]
-
Страница 295
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 294 C HAPTER 28 Network Address T ranslation (NA T) This chapter discusses how to configure NA T on the ZyAIR. 28.1 Using NA T Note: Y ou must create a firewall rule in addition to setting up SUA/NA T , to allow traffic from the W AN to be forwarded through the ZyAIR 28.1[...]
-
Страница 296
ZyAIR G-2000 Plus User’s Guide 295 Chapter 28 Network Addr ess Translation (NAT) Figure 146 Menu 4 Applying NA T for Internet Access Menu 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= Ethernet Servic e Type= Standard My Log in= N/A My Pas sword= N/A Retype to Confirm= N/A Login Server= N/A Relogi n Every (min)= N/A IP Addre[...]
-
Страница 297
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 296 Figure 147 Menu 11.3 - Remote Node Network Layer Options IP Addre ss Assignment= Dynamic IP Addre ss= N/A IP Subne t Mask= N/A Gateway IP Addr= N/A Network Address Translation= SUA Only Metric= 1 Private= N/A RIP Dire ction= None Versio n= N/A Multicas t= None Enter h[...]
-
Страница 298
ZyAIR G-2000 Plus User’s Guide 297 Chapter 28 Network Addr ess Translation (NAT) Figure 148 Menu 15 - NAT Setup 1. Address Mappin g Sets 2. Port Forwardin g Setup 3. Trigger Port S etup Enter Menu Selection Number: Menu 15 NA T Setup 28.3.1 Address Mapping Set s Enter 1 to bring up Menu 15.1 — Addr ess Mapping Sets . Figure 149 Menu 15.1 Addr e[...]
-
Страница 299
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 298 Figure 150 Menu 15.1.255 SUA Address Mapping Rule s Menu 15.1 .255 - Address Mapping Rules Set Name= SUA Idx Local Start IP Local E nd IP Global Start IP Global End IP Type --- -------------- ------- -------- --------------- --------------- ------ 1. 0.0.0.0 255.255 .[...]
-
Страница 300
ZyAIR G-2000 Plus User’s Guide 299 Chapter 28 Network Addr ess Translation (NAT) Figure 151 Menu 15.1.1 - Address Mappin g Rules Set Name= NAT_SET Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- -------------- ---- ----------- --------------- ------ 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Action= E dit Select Rule= P[...]
-
Страница 301
Note: Y ou must press [ENTER] at the bottom of the screen to save the whole set. Y ou must do this again if you make any changes to the set – including deleting a rule. No changes to the set take place u ntil this action is taken ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 300 Selecting Edit in the Action field a[...]
-
Страница 302
ZyAIR G-2000 Plus User’s Guide 301 Chapter 28 Network Addr ess Translation (NAT) 28.4 Configuring a Server behind NA T Follow these steps to config ure a server behind NA T : 1 Enter 15 in the main menu to go to Menu 15 - NA T Setup. 2 Enter 2 to display Menu 15.2 - NA T Server Setup as shown next. Figure 153 Menu 15.2 - NAT Server Setup Rule Sta[...]
-
Страница 303
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 302 Figure 154 Multiple Servers Behind NA T Example 28.5 General NA T Examples The following are some exam ples of NA T configuration. 28.5.1 Example 1: Internet Access Only In the following Internet access example, you onl y need one rule where the ILAs (Inside Local Add[...]
-
Страница 304
ZyAIR G-2000 Plus User’s Guide 303 Chapter 28 Network Addr ess Translation (NAT) Figure 155 NA T Examp le 1 Figure 156 Menu 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= Ethernet Servic e Type= Standard My Log in= N/A My Pas sword= N/A Retype to Confirm= N/A Login Server= N/A Relogi n Every (min)= N/A IP Addre ss Assignment[...]
-
Страница 305
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 304 Figure 157 NA T Exam ple 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NA T as shown in the next figure. Figure 158 Menu 15.2.1 S pecifying an Inside Server Men[...]
-
Страница 306
ZyAIR G-2000 Plus User’s Guide 305 Chapter 28 Network Addr ess Translation (NAT) 4 Y ou also map your third IGA to th e web server and mail server on the LAN. T ype Server allows you to specify multiple servers, of different t ypes, to other computers behind NA T on the LAN. The exampl e situation lo oks somewhat like this: Figure 159 NA T Exam p[...]
-
Страница 307
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 306 Figure 160 Menu 11.3 - Remote Node Network Layer Options IP Addre ss Assignment= Dynamic IP Addre ss= N/A IP Subne t Mask= N/A Gateway IP Addr= N/A Network Address Translation= Full Feature Metric= 1 Private= N/A RIP Dire ction= None Versio n= N/A Multicas t= None Ent[...]
-
Страница 308
ZyAIR G-2000 Plus User’s Guide 307 Chapter 28 Network Addr ess Translation (NAT) Figure 161 Example 3: Menu 15.1.1.1 Menu 15.1.1.1 Address Mappin g Rule Type= One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= 10.132.50.1 End = N/A Press ENTER to Confirm or ES C to Cancel: Press Space Bar to Toggle. Figure 162 Example 3: Final M[...]
-
Страница 309
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 308 Figure 163 Example 3: Menu 15.2 Menu 15. 2 - NAT Server Setup Rule Start Port N o. End Port No. IP Address ------------------- -------------------------------- 1. Default Default 0.0.0.0 2. 80 80 192.168.1.21 3. 25 25 192.168.1.20 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 [...]
-
Страница 310
ZyAIR G-2000 Plus User’s Guide 309 Chapter 28 Network Addr ess Translation (NAT) Figure 164 NA T Examp le 4 Note: Other applications such as some gaming programs are NA T unfriendly because they embed addressing information in the data str eam. These applications won’t work through NA T even when using One-to-One a nd Many-to-Many No Overload m[...]
-
Страница 311
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 310 Figure 166 Example 4: Menu 15.1.1 Addre ss Mapping Rules Menu 15.1.1 - Address Mappin g Rules Set Name= Example4 Idx Local Start IP Local E nd IP Global Start IP Global End IP T ype --- -------------- ------- ------- --------------- --------------- - ----- 1. 192.168.[...]
-
Страница 312
ZyAIR G-2000 Plus User’s Guide 311 Chapter 28 Network Addr ess Translation (NAT) Figure 167 Menu 15.3 T rigger Port Setup Menu 15.3 - Trigger Po rt Setup Incoming Trigger Rule Name St art Port End Port Start Port End Po rt -------------------------- ----------------------------------------- --- 1. Real Audio 6970 7170 7070 707 0 2. 0 0 0 0 3. 0 0[...]
-
Страница 313
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 312 C HAPTER 29 Filter Configuration This chapter shows you how to create and apply filters. 29.1 Introduction to Filters Y our ZyAIR uses filters to decide whether to allo w passage of a data packet and/or to make a call. There are two types of filter applications : data filtering an[...]
-
Страница 314
ZyAIR G-2000 Plus User’s Guide 313 Chapter 29 Filter Configuration 29.1.1 The Filter Structure of the ZyAIR A filter set consists of one or more filter rules. Usually , you would group related rules, e.g., all the rules for NetBIOS, into a single set and gi ve it a descriptive name. The ZyAIR allows you to configure up to twelve filter sets with [...]
-
Страница 315
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 314 Figure 169 Filter Rule Process Y ou can apply up to four filter sets to a particular port to block multiple types of packets. W ith each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. 29.2 Configuring a Filter Set The ZyAIR includes[...]
-
Страница 316
ZyAIR G-2000 Plus User’s Guide 315 Chapter 29 Filter Configuratio n Figure 170 Menu 21: Filter and Firewa ll Setup Menu 21 - Filter and Firewal l Setup 1. Filter Setup 2. Firewall Setup Enter Menu Selection Number: 2 Enter 1 to bring up the following menu. Figure 171 Menu 21.1: Filter Set Configuration Men u 21.1 - Filter Set Configuration Filter[...]
-
Страница 317
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 316 The protocol dependent filter rules abbreviation are listed as follows: Table 107 Rule Abbreviations Used ABBREVIA TION DESCRIPTION IP Pr Protocol SA Source Address SP Source Port number DA Destination Address DP Destination Port number GEN Off Of fset Len Length Refer to the next[...]
-
Страница 318
ZyAIR G-2000 Plus User’s Guide 317 Chapter 29 Filter Configuratio n 29.2.2 Configuring a TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fiel ds in the IP and the upper layer protocol, for example, UDP and TCP headers. T o configure TCP/IP rules, select TCP/IP Filter [...]
-
Страница 319
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 318 Port # Enter th e destination port of the p ackets that you wi sh to filter . The range of th is field is 0 to 65535. This field is ign ored if it is 0. 0-65535 Port # Comp Press [SP ACE BAR] and then [ENTER] to select the comparison to apply to the destination port in the packet [...]
-
Страница 320
ZyAIR G-2000 Plus User’s Guide 319 Chapter 29 Filter Configuratio n The following figure illustrates th e logic flow of an IP filter . Figure 173 Executing an IP Filter 29.2.3 Configuring a Generic Filter Rule This section shows y ou how to configure a gen e ri c filter rule. The purpose of generic rules is to allow you to filter non-IP packets. [...]
-
Страница 321
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 320 For generic rules, the ZyAIR treats a packet as a byte stream as opposed to an IP or IPX packet. Y ou specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The ZyAIR applies th e Mask (bit-wise ANDing) to the data portion before [...]
-
Страница 322
ZyAIR G-2000 Plus User’s Guide 321 Chapter 29 Filter Configuratio n 29.3 Example Filter Let’ s look at an example to block outsid e users from accessing the ZyAIR via te lnet. Figure 175 T elnet Filter Examp le 1 Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup . 2 Enter 1 to open Menu 21.1 - Filter Set Configuration . 3 [...]
-
Страница 323
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 322 5 Press [ENTER] at the message [Press EN TER to confirm] to open Menu 21.1.3 - Filter Rules Summary 6 Enter 1 to configure the first filter rule (the only f ilter rule of this set). Make the entries in this menu as shown in the following figure. Figure 176 Example Filter: Menu 21 [...]
-
Страница 324
ZyAIR G-2000 Plus User’s Guide 323 Chapter 29 Filter Configuratio n Figure 177 Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- ------------------ --------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F 2 N 3 N 4 N 5 N 6 N Enter Filt er Rule Number (1-6) to Configure: Example Filter Ru[...]
-
Страница 325
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 324 Figure 178 Protocol and Device Filter Set s 29.5 Firewall V ersus Filters Firewall configuration is discussed in the fir ewall chapters of this manual. Further comparisons are also made between filtering, NA T and the firewall. 29.6 Applying a Filter This section shows you where t[...]
-
Страница 326
ZyAIR G-2000 Plus User’s Guide 325 Chapter 29 Filter Configuratio n Figure 179 Filtering LAN T raffic Menu 3.1 - LAN Port Filter S etup Input Filter Set s: protocol filte rs= device filte rs= Output Filter Se ts: protocol filte rs= device filte rs= Press ENTER to Confirm or ES C to Cancel: 29.6.2 Applying Re mote Node Filters Go to menu 1 1.5 (sh[...]
-
Страница 327
ZyAIR G-2000 Plus User’s Guide Chapter 30 Enablin g the Firewall 326 C HAPTER 30 Enabling the Firewall This chapter shows you how to get started with the ZyAIR firewall. 30.1 Remote Management and the Firewall When SMT menu 24.1 1 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: • The firewall b[...]
-
Страница 328
ZyAIR G-2000 Plus User’s Guide 327 Chapter 30 Enablin g the Firewall Figure 181 Menu 21.2 Firewa ll Setup M enu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks w hen it is active. Your network is vulner able to attacks when the firewall is turn ed off. Refer to the User's Gu ide for details about the firew[...]
-
Страница 329
ZyAIR G-2000 Plus User’s Guide Chapter 31 SNMP Configuration 328 C HAPTER 31 SNMP Configuration This chapter explains SNMP Configuratio n menu 22. 31.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging man agement information between network devices. SNMP is a member of the TCP/IP pro tocol suite. Y our ZyAIR support[...]
-
Страница 330
ZyAIR G-2000 Plus User’s Guide 329 Chapter 31 SNMP Configuration The managed devices cont ain object variables/ managed objects that define each piece of information to be collected ab out a device. Examples of vari ables include the number of packets received, node port status etc. A Ma nagement Information Ba se (MIB) is a collection of managed[...]
-
Страница 331
ZyAIR G-2000 Plus User’s Guide Chapter 31 SNMP Configuration 330 Figure 183 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ES C to Cancel: The following table describes the SNMP configuration para[...]
-
Страница 332
ZyAIR G-2000 Plus User’s Guide 331 Chapter 31 SNMP Configuration The following table maps the physical port and encapsulation to the interface type, Table 112 Ports and Inte rface Types PHYSICAL PORT/ENCAP INTERFACE TYPE WLAN enif0 Ethernet port enif0 WA N enif1 4 authenticationFailure ( de fined in RFC-1215 ) A trap is sent to the manage r when [...]
-
Страница 333
ZyAIR G-2000 Plus User’s Guide Chapter 32 Sy stem Security 332 C HAPTER 32 System Security This chapter describes how to configur e the system security on the ZyAIR. 32.1 System Security Y ou can configure the system password, an exte rnal RADIUS server and 802.1x in this menu. 32.1.1 System Password Figure 184 Menu 23 System Security Menu 23 - S[...]
-
Страница 334
ZyAIR G-2000 Plus User’s Guide 333 Chapter 32 System Security Figure 185 Menu 23 System Security Menu 23 - Sy stem Security 1. Change Passwo rd 2. RADIUS Server 4. IEEE802.1x Enter Menu Selection Number: From Menu 23- System Security , enter 2 to display Menu 23.2 – System Secu rity – RADIUS Server as show n next. Figure 186 Menu 23.2 System [...]
-
Страница 335
ZyAIR G-2000 Plus User’s Guide Chapter 32 Sy stem Security 334 32.1.3 802.1x The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless stations and en cryption key managemen t. Follow the steps below to enable EA P authentication on your ZyAIR. 1 From the main menu, enter 23 to display Menu23 – System S[...]
-
Страница 336
ZyAIR G-2000 Plus User’s Guide 335 Chapter 32 System Security Figure 188 Menu 23.4 System Security : IEEE802.1x Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in secon d)= 3600 Key Management Protoco l= 802.1x Dynamic WEP Key Exchan ge= 128-bit WEP PSK[...]
-
Страница 337
ZyAIR G-2000 Plus User’s Guide Chapter 32 Sy stem Security 336 Once you enable user authenticatio n, you need to specify an exte rnal RADIUS server or create local user accounts on th e ZyAIR for authentication Dynamic WEP Key Exchange This field is activated only when you sele ct Authentication Required in the Wireless Port Control field. Also s[...]
-
Страница 338
ZyAIR G-2000 Plus User’s Guide 337 Chapter 32 System Security[...]
-
Страница 339
ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 338 C HAPTER 33 System Information and Diagnosis This chapter covers the information and diag nostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status , port status, log and trace capabiliti es and upgrades for the system software. This chapte r[...]
-
Страница 340
ZyAIR G-2000 Plus User’s Guide 339 Chapter 33 System Information and Diagnosis Figure 190 Menu 24.1 System Maintenan ce : St atus Menu 24.1 - System Mainte nance - Status 00:55:58 Sat. Ja n. 01, 2000 Port Status TxPkts RxPkts Cols Tx B/s Rx B/s Up Time WAN Down 0 0 0 0 0 0:00:00 LAN 100M/Full 193 0 0 0 0 0:55:56 WLAN 54M 45 272 0 0 0 0:55:56 Port[...]
-
Страница 341
ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 340 33.2 System Information T o get to the System Information: 1 Enter 24 to display Menu 24 – System Maintenance . 2 Enter 2 to display Menu 24.2 – System Information and Con sole Port Speed . 3 From this menu you have two ch oices as shown in the ne xt figure: Figure[...]
-
Страница 342
ZyAIR G-2000 Plus User’s Guide 341 Chapter 33 System Information and Diagnosis 33.2.2 Console Port Speed Y ou can set up different port speeds for the console port through Menu 24.2. 2 – System Maintenance – Console Port Speed . Y our ZyAIR supports 9600 (default), 1920 0, 38400, 57600 and 1 15200 bps console port speeds. Press [ SP ACE BAR ][...]
-
Страница 343
ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 342 Figure 194 Menu 24.3 System Maintenan ce : Log and T race Menu 24.3 - Sy stem Maintenance - Log and Trace 2. Syslo g Logging 4. Call- Triggering Packet 33.3.2 UNIX Syslog The ZyAIR uses the UNIX syslog facility to l og the CDR (Call Detail Record) and system messages t[...]
-
Страница 344
ZyAIR G-2000 Plus User’s Guide 343 Chapter 33 System Information and Diagnosis 33.3.2.1 CDR SdcmdSyslogSend ( SYSLOG_CDR , SYSLOG_INFO, String); String = board xx line xx ch annel xx, call xx, str board = the hardware board I D line = the WAN ID in a board Channel = channel ID within the WAN call = the call refer ence number which starts from 1 a[...]
-
Страница 345
ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 344 33.3.2.3 Filter log Filter log Message Format SdcmdSyslogSend(SYSLOG_FILLO G, SYSLOG_NOTICE, String ); String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD IP[…] is the packet header and S04>R01mD means filte r set 4 (S) and rule 1 (R),[...]
-
Страница 346
ZyAIR G-2000 Plus User’s Guide 345 Chapter 33 System Information and Diagnosis 33.3.2.5 Firewall log Firewall Log Message Format SdcmdSyslogSend(SYSLOG_FIREW ALL, SYSLOG_NOTICE, buf); buf = IP[Src=xx.xx.xx.xx : s po=xxxx Dst=xx.xx.xx.xx : dpo=xxxx | pro t | rule | action] Src: Source Address spo: Source port (empty mean s no source port informati[...]
-
Страница 347
ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 346 Figure 196 IP Frame: ENET0-RECV Size: 44/ 44 Time: 17:02:44.262 Frame Type: IP Header: IP Version = 4 Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x002C (44) Identification = 0x0002 (2) Flags = 0x00 Fragment Offset = 0x00 Time to Live = 0xFE (254) Prot[...]
-
Страница 348
ZyAIR G-2000 Plus User’s Guide 347 Chapter 33 System Information and Diagnosis 2 From this menu , type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic . Menu 24.4 System Maintenance : Di agnostic Menu 24.4 - System Maintenance - Diagnostic TCP/IP 1. Pin g Host 2. WAN DHCP Release 3. WAN DHCP Renewal 4. Int ernet Setup Test S[...]
-
Страница 349
ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 348 W AN D HCP Renewal Get a new IP address from the DHCP server . Reboot System Reboot the ZyAIR. Host IP Address If you typed 1 to Ping Host, now type t he address of the computer you want to ping. Table 118 Menu 24.4 System Main tenance Menu: Diagnostic FIELD DESCRIPTIO[...]
-
Страница 350
ZyAIR G-2000 Plus User’s Guide 349 Chapter 33 System Information and Diagnosis[...]
-
Страница 351
ZyAIR G-2000 Plus User’s Guide Chapter 34 Firm ware and Configuration File Maintenance 350 C HAPTER 34 Firmware and Configuration File Maintenance This chapter tells y ou how to backup and restor e your configuration file as well as upload new firmware and configuratio n files using the SMT screens. 34.1 Filename Conventions The configuration fil[...]
-
Страница 352
ZyAIR G-2000 Plus User’s Guide 351 Chapter 34 Firmw are and Configu ration File Mainten ance The following table is a summary . Please note that the internal filename refe rs to the filename on the ZyAIR and the external f ilename refers to the filename not on the ZyAIR, that is, on your computer , local network or FTP site and so the name (but n[...]
-
Страница 353
ZyAIR G-2000 Plus User’s Guide Chapter 34 Firmwa re and Configuration F ile Maintenance 352 Figure 198 Menu 24.5 Bac kup Configuration Menu 24.5 – Backup Configura tion To transfer the configuratio n file to your workstation, follow the p rocedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP ad dress [...]
-
Страница 354
ZyAIR G-2000 Plus User’s Guide 353 Chapter 34 Firmw are and Configu ration File Mainten ance Figure 199 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.1 0Seconds 2[...]
-
Страница 355
ZyAIR G-2000 Plus User’s Guide Chapter 34 Firm ware and Configuration File Maintenance 354 34.2.5 Backup Configuration Using TFTP The ZyAIR supports the up/down loading of th e firmware and the configuration file using TFTP (T rivial File T ransfer Protocol) over LA N. Although TFTP should work over W AN as well, it is not recommended. T o use TF[...]
-
Страница 356
ZyAIR G-2000 Plus User’s Guide 355 Chapter 34 Firmw are and Configu ration File Mainten ance 34.2.7 GUI-based TFTP Client s The following table describes some of the fields that you may see in third party TFTP clients. Table 121 General Commands for Th ird Party TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyAIR. 192.168.1.2 [...]
-
Страница 357
ZyAIR G-2000 Plus User’s Guide Chapter 34 Firmwa re and Configuration F ile Maintenance 356 Figure 200 Menu 24.6 Restore Co nfiguration Menu 24 .6 – Restore Configuration To transfer the firmware and the configuration file, follow the proce dure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP ad dress of[...]
-
Страница 358
ZyAIR G-2000 Plus User’s Guide 357 Chapter 34 Firmw are and Configu ration File Mainten ance 34.4 Uploading Firmware and Configuration Files Menu 24.7 – System Maintenance – Upload Firmware allows you to upgrade the firmware and the configuration file. Note: W ARNING! PLEASE W AIT A FEW MINUTES FOR THE ZY AIR T O REST ART AFTER FIRMW ARE OR C[...]
-
Страница 359
ZyAIR G-2000 Plus User’s Guide Chapter 34 Firmwa re and Configuration F ile Maintenance 358 Figure 203 Menu 24.7.1 System Maintena nce : Upload System Firmware Menu 24.7.1 - Sy stem Maintenance - Upload System Firmwar e To upload the system firmwar e, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open&quo[...]
-
Страница 360
ZyAIR G-2000 Plus User’s Guide 359 Chapter 34 Firmw are and Configu ration File Mainten ance 4 Enter “root” and your SMT password as requested. The default is 1234. 5 Enter “bin” to set transfer mode to binary . 6 Use “put” to transfer files from the computer to the ZyAIR, e.g., put firmware.bin ras transfers the firmware on your comp[...]
-
Страница 361
ZyAIR G-2000 Plus User’s Guide Chapter 34 Firm ware and Configuration File Maintenance 360 5 Use the TFTP client (see the example below) to transfer files between the ZyAIR and the computer . The file name for the firmware is “ras ” and the configuration file is “rom-0” (rom-zero, not capital o). Note that the telnet co nnection must be a[...]
-
Страница 362
ZyAIR G-2000 Plus User’s Guide 361 Chapter 34 Firmw are and Configu ration File Maint enance[...]
-
Страница 363
ZyAIR G-2000 Plus User’s Guide Chapter 35 System Maintenance and Information 362 C HAPTER 35 System Maintenance and Information This chapter leads you through SM T menus 24.8 and 24.10. 35.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the ma in system firmware. The CI provides much of the same functionality as the SMT , whi[...]
-
Страница 364
ZyAIR G-2000 Plus User’s Guide 363 Chapter 35 System Mainten ance and Information Figure 206 Menu 24 System Maintenan c e Me nu 24 - System Maintenance 1. System Status 2. System Information and Console Port Spee d 3. Log and Trace 4. Diagnostic 5. Backup Configuration 6. Restore Configuration 7. Upload Firmware 8. Command Interpreter Mode 9. Cal[...]
-
Страница 365
ZyAIR G-2000 Plus User’s Guide Chapter 35 System Maintenance and Information 364 Figure 208 Menu 24.9 System Maintenance : Call Control Menu 24.9 - System Main tenance - Call Control 1. Budget Manageme nt 2. Call History Enter Menu Selectio n Number: 35.2.1 Budget Management Menu 24.9.1 shows the budget management st atistics for outgoing calls. [...]
-
Страница 366
ZyAIR G-2000 Plus User’s Guide 365 Chapter 35 System Mainten ance and Information Figure 210 Menu 24.9.2 - Call History M enu 24.9.4 - Call History Phone Number Dir Rate #call Max Min Total 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Ente r Entry to Delete(0 to exit): The following table describes the fields in this menu. Table 123 Call History Fields FIELD D[...]
-
Страница 367
ZyAIR G-2000 Plus User’s Guide Chapter 35 System Maintenance and Information 366 Figure 21 1 Menu 24.10 System Maint e nance : T ime and Date Setting Menu 24.10 - S ystem Maintenance - Time and Date Setting Time Protocol= Man ual Time Server Addres s= N/A Current Time: 01 : 00 : 37 New Time (hh:mm:ss ): 01 : 00 : 34 Current Date: 2000 - 01 - 01 N[...]
-
Страница 368
ZyAIR G-2000 Plus User’s Guide 367 Chapter 35 System M aintenance and Information 35.3.1 Resetting the T ime The ZyAIR resets the time in three instances: 1 On leaving menu 24.10 after making changes. 2 When the ZyAIR starts up, if there is a timeserver configured in menu 24.10. 3 24-hour intervals after starting.[...]
-
Страница 369
ZyAIR G-2000 Plus User’s Guide Chapter 36 Remo te Management 368 C HAPTER 36 Remote Management This chapter covers remote ma nagement (SMT menu 24.1 1). 36.1 Remote Management Remote management allows you to determ ine which services/protocols can access which ZyAIR interface (if any) from which computers. Y ou may manage your ZyAIR from a remote[...]
-
Страница 370
ZyAIR G-2000 Plus User’s Guide 369 Chapter 36 Remote Manageme nt Figure 212 Menu 24 .11 - Remote Management Control TELNET Server: Port = 23 Access = LAN only Secu re Client IP = 0.0.0.0 FTP Server: Port = 21 Access = LAN only Secu re Client IP = 0.0.0.0 Web Server: Port = 80 Access = LAN only Secu re Client IP = 0.0.0.0 SNMP Service: Port = 161 [...]
-
Страница 371
ZyAIR G-2000 Plus User’s Guide Chapter 36 Remo te Management 370 Figure 213 T elnet Configuration on a TCP/IP Network 36.1.2 FTP Y ou can upload and download Zy AIR firmware an d configuration files using FTP . T o use this feature, your computer must have an FTP client. 36.1.3 We b Y ou can use the ZyAIR’ s embedde d web configur ator for conf[...]
-
Страница 372
ZyAIR G-2000 Plus User’s Guide 371 Chapter 36 Remote Manag ement • Use the ZyAIR’ s W AN IP address when configuring from the W AN. • Use the ZyAIR’ s LAN IP address when configuring from the LAN. 36.3 System T imeout There is a system timeout of five minutes (300 seconds) for T eln et/web/FTP co nnections. Y our ZyAIR will automatically [...]
-
Страница 373
ZyAIR G-2000 Plus User’s Guide Chapter 37 Call Scheduling 372 C HAPTER 37 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulati on only) allows you to dictate when a remote node should be called and for how long. 37.1 Introduction to Call Scheduling The call scheduling feature allows the ZyAIR to manage a remote no de and dic[...]
-
Страница 374
ZyAIR G-2000 Plus User’s Guide 373 Chapter 37 Call Scheduling T o setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 215 Menu 26.1 Schedule Set Setup Active= Yes Start Date(yyyy-mm -dd)= 2000 - 01 - 01 How Often= Once Once: Date(yyyy-m[...]
-
Страница 375
ZyAIR G-2000 Plus User’s Guide Chapter 37 Call Scheduling 374 Once your schedule sets are conf igured, yo u must then apply them to the desired remote node(s). Enter 1 1 from the Main Menu and then enter the tar get remote node index. Using [SP ACE BAR] , select PPPoE or PPPoA in the Encapsulation field and then press [ENTER] to make the schedule[...]
-
Страница 376
ZyAIR G-2000 Plus User’s Guide 375 Chapter 37 Call Scheduling[...]
-
Страница 377
ZyAIR G-2000 Plus User’s Guide Appendix A 376 Appendix A T roubleshooting This appendix covers poten tial problems and possible re medies. After each problem description, some instructions ar e provided to help you to diag nose and to solve the problem. Problems St arting Up the ZyAIR Problems with the Ethernet Interface Table 127 Troubleshooting[...]
-
Страница 378
ZyAIR G-2000 Plus User’s Guide 377 Appendix A Problems with the Password Problems with T elnet Problems with the WLAN Interface Table 129 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the ZyAIR. The Password and Username fields are case-sensitive. Make sure that you enter the correct password and username using the proper[...]
-
Страница 379
ZyAIR G-2000 Plus User’s Guide Appendix B 378 Appendix B Brute-Force Password Guessing Protection The following describes the commands for enablin g, disabling and configuring the brute-force password guessing protect ion m echanism for the password. See Appendix F for information on the command structure. Table 132 Brute-Force Pas sword Gu essin[...]
-
Страница 380
ZyAIR G-2000 Plus User’s Guide 379 Appendix B[...]
-
Страница 381
ZyAIR G-2000 Plus User’s Guide Appendix C 380 Appendix C Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed. W indows 95/98/Me/NT/2000/XP , Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use [...]
-
Страница 382
ZyAIR G-2000 Plus User’s Guide 381 Appendix C Figure 217 WIndows 95/98 /Me: Networ k: Configu ration Inst alling Component s The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks. If you need the adapter: 1 In the Network window , click Ad[...]
-
Страница 383
ZyAIR G-2000 Plus User’s Guide Appendix C 382 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect. Configuring 1 In the Network window Configuration tab, select your network adapter' s TCP/IP[...]
-
Страница 384
ZyAIR G-2000 Plus User’s Guide 383 Appendix C Figure 219 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know you r gateway’ s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add . 5 Click OK to save and close t[...]
-
Страница 385
ZyAIR G-2000 Plus User’s Guide Appendix C 384 Figure 220 Windows XP: S tar t Menu 2 For W indows XP , click Network Connections . For W indows 2000/NT , click Network and Dial-up Connections . Figure 221 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .[...]
-
Страница 386
ZyAIR G-2000 Plus User’s Guide 385 Appendix C Figure 222 Windows XP: Control Panel: Network Connections: Proper ties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and click Properties . Figure 223 Windows XP: Local Area Conne ction Properties 5 The Internet Pr otocol TCP/IP Properties window opens (the General tab in W i[...]
-
Страница 387
ZyAIR G-2000 Plus User’s Guide Appendix C 386 • If you have a static IP address click Use the following IP Address and fill in the IP addr ess , Subnet mask , and Default gateway fields. Click Advanced . Figure 224 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address , remove any previously installed gateways[...]
-
Страница 388
ZyAIR G-2000 Plus User’s Guide 387 Appendix C • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es ). • If you know your DNS server IP address(es), click Use the following DNS server addresses , and type them in the Pr eferred DNS server and Alternate DNS server fields. If you have previously config[...]
-
Страница 389
ZyAIR G-2000 Plus User’s Guide Appendix C 388 Figure 226 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 227 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configur e: list.[...]
-
Страница 390
ZyAIR G-2000 Plus User’s Guide 389 Appendix C 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your ZyAIR in the Router address box. 5 Close the TCP/IP Contr ol Pane[...]
-
Страница 391
ZyAIR G-2000 Plus User’s Guide Appendix C 390 Figure 229 Macintosh O S X: Netw ork 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your ZyAIR in the Router address [...]
-
Страница 392
ZyAIR G-2000 Plus User’s Guide 391 Appendix C[...]
-
Страница 393
ZyAIR G-2000 Plus User’s Guide Appendix D 392 Appendix D IP Address Assignment Conflict s This appendix describes situations where IP address conflicts may occur . Subscribers with duplicate IP addresses will not be able to access the Internet. Case A: The ZyAIR is using the same LAN and W AN IP addresses The following figure shows an example whe[...]
-
Страница 394
ZyAIR G-2000 Plus User’s Guide 393 Appendix D Figure 231 IP Address Conflicts: Case B T o solve this problem, make sure the ZyAIR L AN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP address of a network device The following figure depicts an example where the subscriber IP address is the sam[...]
-
Страница 395
ZyAIR G-2000 Plus User’s Guide Appendix D 394 In this case, the subscribers are not able to access the Internet. Figure 233 IP Address Conflicts: Case D This problem can be solved b y adding a VLAN- enabled switch or set the computers to obtain IP addresses dynamically .[...]
-
Страница 396
ZyAIR G-2000 Plus User’s Guide 395 Appendix D[...]
-
Страница 397
ZyAIR G-2000 Plus User’s Guide Appendix E 396 Appendix E IP Subnetting IP Addressing Routers “route” based on the network number . The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (ei ght bits), wri tten in dotted decimal notation, for example, 192.16[...]
-
Страница 398
ZyAIR G-2000 Plus User’s Guide 397 Appendix E Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a clas s “B” must begi n with “10”, therefore the first octet of a class “B” address has a valid range of 128 to[...]
-
Страница 399
ZyAIR G-2000 Plus User’s Guide Appendix E 398 Since the mask is always a continuous number of ones begin ning from the left, followe d by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed b[...]
-
Страница 400
ZyAIR G-2000 Plus User’s Guide 399 Appendix E Divide the network 192.168.1. 0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “ borrowed” host ID bit can be either “0” or “1” thus giving two subnets; 19 2.168.1.0 with mask 255 .255.255.128 and 192.168.1.128 with mask 255.2[...]
-
Страница 401
ZyAIR G-2000 Plus User’s Guide Appendix E 400 Example: Four Subnet s The above exampl e illustrated using a 25-bit subne t mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00 , 01, 10 and 1 1[...]
-
Страница 402
Table 143 Subnet 4 NETWORK NUMBER LAST OCTET BIT V ALUE IP Address 192.168.1. 192 IP Address (Binary) 1 1000 000.10101000.00000 001. 11 000000 Subnet Mask (Binary) 11 111111 . 11111111 . 11111111 . 11 000000 Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.19 3 Broadcast Address: 192.168.1.255 Highest Host ID: 192.16 8.1.254 ZyAIR G-2000 Plu[...]
-
Страница 403
ZyAIR G-2000 Plus User’s Guide Appendix E 402 Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet ma sk also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets ava ilable for subnetting and a class “A” address[...]
-
Страница 404
ZyAIR G-2000 Plus User’s Guide 403 Appendix E[...]
-
Страница 405
ZyAIR G-2000 Plus User’s Guide Appendix F 404 Appendix F Command Interpreter The following describes how to use the comman d interpreter . Enter 24 in the main menu to bring up the system maintena nce menu. Enter 8 to go to Menu 24.8 - Command Interpr e ter Mode . See the included disk or zyxel.com for more detailed information on these commands.[...]
-
Страница 406
ZyAIR G-2000 Plus User’s Guide 405 Appendix F[...]
-
Страница 407
ZyAIR G-2000 Plus User’s Guide Appendix G 406 Appendix G Log Descriptions This appendix provides descrip tions of example log messages Table 147 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. number of session per host! This attempt to create a NA T session exceeds the maximum number of NA T session table entries allowed to be crea[...]
-
Страница 408
ZyAIR G-2000 Plus User’s Guide 407 Appendix G Log Commands Go to the command inte rpreter interface (the Command In terpreter Appendix explai ns how to access and use the comman ds). 4 A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) 5 Source route failed 4 Source Quench 0 A gateway may discard interne[...]
-
Страница 409
ZyAIR G-2000 Plus User’s Guide Appendix G 408 Configuring What Y ou W a nt the ZyAIR to Log Use the sys logs load command to load the log se tting buffer th at allows you to configur e which logs the ZyAIR is to record. Use sys logs category followed by a log category and a parameter to decide what to record Table 151 Log Categories an d Availabl[...]
-
Страница 410
ZyAIR G-2000 Plus User’s Guide 409 Appendix G Log Command Example This example shows how to set the ZyAIR to record the error logs and alerts and then view the results. ras> sys logs load ras> sys logs category error 3 ras> sys logs save ras> sys logs display access # .time source destination notes message 0|11/11/2002 15:10:12 |172.2[...]
-
Страница 411
ZyAIR G-2000 Plus User’s Guide Appendix H 410 Appendix H W ireless LAN and IEEE 802.1 1 A wireless LAN (WLAN) provides a fle xible data communications system that you can use to access various services (navigating the Internet, em ail, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environment provides yo[...]
-
Страница 412
ZyAIR G-2000 Plus User’s Guide 411 Appendix H Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pe ndent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (ST A), whic h is called a Basic Se rvice Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless ada[...]
-
Страница 413
ZyAIR G-2000 Plus User’s Guide Appendix H 412 Figure 235 ESS Provides Camp us-Wide Coverage[...]
-
Страница 414
ZyAIR G-2000 Plus User’s Guide 413 Appendix H[...]
-
Страница 415
ZyAIR G-2000 Plus User’s Guide Appendix I 414 Appendix I Wireless LAN W ith IEEE 802.1x As wireless networks become po pular for both portable comp uting and corporate networks , security is now a priority . Security Flaws with IEEE 802.1 1 W ireless networks based on the original IEEE 802.1 1 have a poor reputation for safety . The IEEE 802.1 1b[...]
-
Страница 416
ZyAIR G-2000 Plus User’s Guide 415 Appendix I RADIUS Server Authentication Sequence The following figure depicts a typical wireless ne tw ork with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Figure 236 Sequences for EAP MD5–Ch allenge Authentication Mutual Authentication with Internal RADIUS server . Microsofts Ch[...]
-
Страница 417
ZyAIR G-2000 Plus User’s Guide Appendix I 416 Figure 237 Sequences for PEAP , MS– CHAP V2 Authentication[...]
-
Страница 418
ZyAIR G-2000 Plus User’s Guide 417 Appendix I[...]
-
Страница 419
ZyAIR G-2000 Plus User’s Guide Appendix J 418 Appendix J T ypes of EAP Authentication This appendix discusses popu lar EAP authentication types. The type of authentication you use depends on the RADIUS ser ver or the AP . Consult your network administrator for more information. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simple[...]
-
Страница 420
ZyAIR G-2000 Plus User’s Guide 419 Appendix J PEAP (Protected EAP) Like EAP-TTLS, server-side certific ate authentication is used to establish a secure connection, then use simple username and p assword methods thro ugh the secured co nnection to authenticate the clients, thus hiding client identity . However , PEAP only supports EAP methods, suc[...]
-
Страница 421
ZyAIR G-2000 Plus User’s Guide Appendix K 420 Appendix K Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air . A tran smitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air . The antenna also operates in reverse by capturing RF signals fro m the air . Cho[...]
-
Страница 422
ZyAIR G-2000 Plus User’s Guide 421 Appendix K • Omni-directional antennas send the RF signal out in all directions on a horizontal p lane. The covera ge area is torus -shaped (lik e a donut) which makes these antennas ideal for a room environment. W ith a wide coverage area, it is possible to make circular overlapping coverage areas w ith multi[...]
-
Страница 423
ZyAIR G-2000 Plus User’s Guide Appendix L 422 Appendix L Power Adaptor S pecifications Table 153 NORTH AMERICAN PLUG STANDARDS AC Power Adaptor Model AD48-1201200D UY Input Power AC120V olts/60Hz/0.25A Output Power DC12V olts/1.2A Power Consumption 10 W Safety S tandards UL, CUL (UL 1950, CSA C22.2 No.234-M90) Table 154 NORTH AMERICAN PLUG STANDA[...]
-
Страница 424
Table 158 Australia and New Ze aland plug standards AC Power Adaptor Model AD-1201200DS or AD-121200 DS Input Power AC240V olts/50Hz/0.2A Output Power DC12V olts/1.2A Power Consumption 10 W Safety S tandards NA T A (AS 3260) ZyAIR G-2000 Plus User’s Guide 423 Appendix L[...]
-
Страница 425
ZyAIR G-2000 Plus User’s Guide Index 424 Index Numerics 802.1x 104 A Action for Matched Packe ts 202 Active 281 ActiveX 21 1 Allocated Bu dget 284 Alternative Subnet Mask Notation 398 Antenna Directional 421 Omni-directional 421 Antenna gain 420 Application-level Firewalls 178 Applications 42 Attack T ypes 184 Authen 284 Authentication 90 Authent[...]
-
Страница 426
ZyAIR G-2000 Plus User’s Guide 425 Index Direct Sequence S pread Spectrum 410 Distribution System 41 1 DNS 165 Domain Name 142 DoS Basics 180 Ty p e s 181 DS 41 1 DSSS 410 Dynamic DNS 65 , 259 Dynamic WEP Key Exchange 104 DYNDNS Wildcard 65 E EAP 39 EAP Authentication 101 , 418 ECHO 142 Edit IP 282 Encapsulation 281 , 285 Encryption 94 Error Log [...]
-
Страница 427
ZyAIR G-2000 Plus User’s Guide Index 426 Idle T imeout 283 , 284 IEEE 802.1x 39 IGMP 71 , 72 Independent Basi c Service Set 78 , 41 1 Inside 136 Inside Global Address 136 Inside Local Address 136 Internet Access 274 ISP's Name 275 Internet ac cess 264 , 274 Internet Access Setup 275 , 29 4 Internet Control Mess age Protocol (ICMP) 183 Intern[...]
-
Страница 428
ZyAIR G-2000 Plus User’s Guide 427 Index O One to One 139 Outside 136 P Packet Filtering 189 Packet Filtering Firewalls 178 Packets 339 Password 67 , 252 , 25 3 , 257 , 275 , 329 Period(hr) 284 Ping 347 Ping of Death 181 Point-to-Point Tunneling Protocol 129 , 142 POP3 142 , 180 Port Numbers 142 PPPoE Encapsulation 278 , 280 , 283 , 284 PPTP 142 [...]
-
Страница 429
ZyAIR G-2000 Plus User’s Guide Index 428 S pain, C onta ct Information 6 SSL Passthrough 38 S tateful Inspection 178 , 179 , 185 Process 185 S tatic Route 152 STP (S panning T ree Protocol) 38 SUA 140 , 142 SUA (Single User Account) 140 Subnet Mask 71 , 74 , 201 , 266 , 276 , 286 , 291 , 341 Subnet Masks 397 Subnetting 397 Support E-mail 5 Sweden[...]
-
Страница 430
ZyAIR G-2000 Plus User’s Guide 429 Index Wizard Setup 48 , 49 , 50 WLAN 410 Worldwide Contact Information 5 WP A 37 , 93 WP A with RADIU S Application 97 WP A-PSK Application 94 www .dyndns.org 261 Z ZyAIR LED 37 ZyNOS 351 ZyNOS F/W V ersi on 351 ZyXEL ’s Firewall Introduction 179[...]