ZyXEL Communications G-2000 Plus инструкция обслуживания

ZyAIR G-2000 Plus 802.1 1g Wireless 4-port Router User ’ s Guide V ersion 3.6 0 4/2005[...]

[...]

ZyAIR G-2000 Plus User’s Guide Copyright 2 Copyright Copyright © 2005 by ZyXEL Communications Corpo ration. The contents of this publication may not be reprod uced in any part or as a whole, transcribed, stored in a retrieval system, tran slated into any language, or transmitted in any form or by any means, el ectronic, mechanical , magnetic, op[...]

ZyAIR G-2000 Plus User’s Guide 3 Federal Communications Commission (F CC) Interference Statement Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rul es. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any[...]

ZyAIR G-2000 Plus User’s Guide ZyXEL Limited Warranty 4 ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to tw o years from the date of purchase . During the warranty period, and upon proof of purchase, should the product have in[...]

ZyAIR G-2000 Plus User’s Guide 5 Customer Suppo rt Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice. • Brief description of the problem and the steps yo u took to solve i t. method location Sup[...]

ZyAIR G-2000 Plus User’s Guide Customer Support 6 SP AIN support@zyxel.es +34 902 195 420 www .zyxel.es Z y X E L C o m m u n i c a t i o n s A l e j a n d r o V i l l e g a s 3 3 1 º , 2 8 0 4 3 M a d r i d Sp a i n sales@zyxel.es +34 913 005 345 Sweden support@zyxel.se +46 31 744 7700 www .zyxel.se ZyXEL Communications A/S Sjöporten 4, 41764 [...]

ZyAIR G-2000 Plus User’s Guide 7 Customer Suppo rt[...]

ZyAIR G-2000 Plus User’s Guide Table of Contents 8 T able of Content s Copyright .................................................. ................................................................ 2 Federal Communications Commissi on (FCC) Interference St atement ............... 3 ZyXEL Limited W arranty ..........................................[...]

ZyAIR G-2000 Plus User’s Guide 9 Table of Contents 1.2.2.16 PPPoE Support (RFC2516) ........... ............. ................ ................ ..40 1.2.2.17 PPTP Encapsulation ......... ................ ............. ................ ............. ..40 1.2.2.18 Network Address T r anslation (NA T) ........ ............. ................ ........[...]

ZyAIR G-2000 Plus User’s Guide Table of Contents 10 3.6.1 WAN IP Address Assignment ............. ............. ................ ............. ............ 58 3.6.2 IP Address and Subnet Mask ............. ................ ................. ............ ......... 59 3.6.3 DNS Server Address Assignment . ............. ................ ............[...]

ZyAIR G-2000 Plus User’s Guide 11 Table of Contents Chapter 7 Wireless Security ..................................... .......................................... .................... 88 7.1 Wireless Security Overview ...................... ................ ............. ................ ............ 88 7.2 Security Parameters Summary .... ....... [...]

ZyAIR G-2000 Plus User’s Guide Table of Contents 12 9.2.1 Ethernet Encapsulation . ................ ............. ................ ............. ................ 124 9.2.1.1 Service T ype .................... ................ ............. ................ ............. ...125 9.2.2 PPPoE Encapsulation ... ........................................[...]

ZyAIR G-2000 Plus User’s Guide 13 Table of Contents 12.3 Configuring T elnet ......................... ............. ................ ............. ................ .......158 12.4 Configuring TELNET ..... .................... ......... ................ ............. ................ ....... 159 12.5 Configuring FTP ...... ................ ......[...]

ZyAIR G-2000 Plus User’s Guide Table of Contents 14 14.5.4 UDP/ICMP Security ....... ................ ............. ............. ................ ............. 187 14.5.5 Upper Layer Protocols ...... ................ ................ ............. ................ .......188 14.6 Guidelines For Enhancing Security Wit h Y our Firewall ...........[...]

ZyAIR G-2000 Plus User’s Guide 15 Table of Contents 17.2 Self-signed Certificates .... ............. .... ............. ............ ................. ............ ....... 215 17.3 Configuration Summary ....................... ............. ............. ................ ............. ...215 17.4 My Certificates ................. ................[...]

ZyAIR G-2000 Plus User’s Guide Table of Contents 16 Chapter 21 General Setup ..................................................... .................................................. 258 21.1 General Setup .. ............. ............. ................ ............. ............. ................ .......... 258 21.1.1 Procedure T o Configure Menu[...]

ZyAIR G-2000 Plus User’s Guide 17 Table of Contents Chapter 26 St atic Route Setup ........................................................................................ ....... 290 26.1 IP S tatic Route Setup ................. ............. ................ ................ ............. .......... 290 Chapter 27 Dial-in User Setup ...........[...]

ZyAIR G-2000 Plus User’s Guide Table of Contents 18 30.2 Access Methods ... ............ ............. ............. ................ ............. ............. .......... 326 30.3 Enabling the Firewall .. ................ ....... ...... ............. ................ ............. ............. 326 Chapter 31 SNMP Configuration ................[...]

ZyAIR G-2000 Plus User’s Guide 19 Table of Contents 34.2.5 Backup Conf iguration Using TFTP ................................................ .......354 34.2.6 Example: TFTP Co mmand .. ............. ................ ............. ................ ....... 354 34.2.7 GUI-based TFTP Clients .. ............. ... ............. ............. ..........[...]

ZyAIR G-2000 Plus User’s Guide Table of Contents 20 Appendix D IP Address Assignment Conflicts ...................................................................... 392 Appendix E IP Subnetting ...................................................... .................................................. 396 Appendix F Command Interpreter ............[...]

ZyAIR G-2000 Plus User’s Guide 21 Table of Contents[...]

ZyAIR G-2000 Plus User’s Guide List of Fi gures 22 List of Figures Figure 1 Internet Access Application Example ....... ............. ............ ................. ............ ....... 42 Figure 2 Change Password Screen .......... ................ ............. ................ ................ ............. 45 Figure 3 Replace Certificate Scree[...]

ZyAIR G-2000 Plus User’s Guide 23 List of Figures Figure 37 Wireless: WP A ...... ............. ................ ................. ............ ................. ............ ....... 103 Figure 38 Wireless: 802.1x and Dynamic WEP .............. ................ ............. ................ ....... 106 Figure 39 Wireless: 802.1x and S tatic WEP [...]

ZyAIR G-2000 Plus User’s Guide List of Fi gures 24 Figure 80 W AN to LAN Traf fic ............ ................ ............. ................ ............. ................ ....... 196 Figure 81 Default Rule ...... ............. ............. ................ ............. ............. ................ ............. 197 Figure 82 Rule Summary .[...]

ZyAIR G-2000 Plus User’s Guide 25 List of Figures Figure 123 Menu 1.1 Configure Dynamic DNS .............. ............. ................ ............. .......... 260 Figure 124 Menu 2 W AN Setup ......................... ................. ............ ............. ................ ....... 262 Figure 125 Menu 3 LAN Setup .......... .............[...]

ZyAIR G-2000 Plus User’s Guide List of Fi gures 26 Figure 166 Example 4: Menu 15.1.1 Address M apping Rules ........ ................. ............ ....... 310 Figure 167 Menu 15.3 T rigger Port Setup ....... ... ............. ................ ............. ................ ....... 31 1 Figure 168 Outgoing Packet F iltering Process ... ..........[...]

ZyAIR G-2000 Plus User’s Guide 27 List of Figures Figure 209 Budget Management ........ ................ ................. ............ ................. ................ ... 364 Figure 210 Menu 24.9.2 - Call History ...................... ................ ............. ................ ............. 365 Figure 21 1 Menu 24.10 System Maintenance [...]

ZyAIR G-2000 Plus User’s Guide List of Tables 28 List of T ables T able 1 IEEE 802.1 1b ........... ................ ................. ................................................ ............. 37 T able 2 IEEE 802.1 1g ........... ................ ................. ................................................ ............. 38 T able 3 Wi[...]

ZyAIR G-2000 Plus User’s Guide 29 List of Tables T able 37 Ethernet Encapsulation ................... ................ ................ ............. ................ ....... 126 T able 38 PPPoE Encapsulation .. ................ ................................................................ ....... 128 T able 39 PPTP Encapsulation ........... .[...]

ZyAIR G-2000 Plus User’s Guide List of Tables 30 T able 80 Firmware Upload ....... ... ............. ................ ............. ............. ................ ............. ... 245 T able 81 Restore Configuration ...... ................ ............. ................ ................ ................ ....... 248 T able 82 Main Menu Commands .[...]

ZyAIR G-2000 Plus User’s Guide 31 List of Tables T able 123 Call History Fields .... ............ ................. ................ ............. ................ ................ 36 5 T able 124 System Maintenance : Time and Date Setting ..................... ................ ............. 366 T able 125 Menu 24.1 1 – Remot e Management Contr[...]

ZyAIR G-2000 Plus User’s Guide Preface 32 Preface Congratulations on you r purchase of the ZyAIR G-2000 Plu s - 802.1 1g W ireless 4 port Router . A wireless router is an access point and router rolled into one. It is a cost-effect solution to share Internet access with multiple computers and e xpand your wired network. Y our ZyAIR is easy to ins[...]

ZyAIR G-2000 Plus User’s Guide 33 Preface User Guide Feedback Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The T echnical W riting T eam, ZyXEL Communications Corp., 6 In novatio n Road II, Science-Based Industrial Park, Hsinchu, 300, T aiwan[...]

ZyAIR G-2000 Plus User’s Guide Preface 34 Graphics Icons Key ZyAIR Computer Notebook computer Server DSLAM Firewall Modem Switch Router Wireless Signal[...]

ZyAIR G-2000 Plus User’s Guide 35 Preface[...]

ZyAIR G-2000 Plus User’s Guide Chapter 1 Getting to Know Your ZyAIR 36 C HAPTER 1 Getting to Know Y our ZyAIR This chapter introduces the main feat ures and applications of the ZyAIR. 1.1 Introducing the ZyAIR The ZyAIR G-2000 Plus, an IEEE802.1 1g compliant broadb and wireless sharing gateway , provides wireless connectivity . As an Internet gat[...]

ZyAIR G-2000 Plus User’s Guide 37 Chapter 1 Getting to Know Your ZyAIR 1.2.1.4 10/100 Mb ps E t h e r n et W A N The 10/100 Mbps Ethernet W AN port attac hes to the Internet via broa dband modem or router . 1.2.1.5 Reset Button The ZyAIR reset button is built into the side pa nel. Use this button to restore the factory default password to 1234 ; [...]

ZyAIR G-2000 Plus User’s Guide Chapter 1 Getting to Know Your ZyAIR 38 1.2.2.4 802.1 1g Wi reless LAN St andard The ZyAIR, complies with the 802.1 1g wireless standard and is also fully compatible with the 802.1 1b standard. This means an 802.11 b radio card can interface directly with an 802.1 1 g device (and vice vers a) at 1 1 Mbps or lower de[...]

ZyAIR G-2000 Plus User’s Guide 39 Chapter 1 Getting to Know Your ZyAIR 1.2.2.9 Firewall The ZyAIR employs a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, a ll incoming traffic from the W AN to the LAN is blocked unless it is initiated from the LAN. The ZyAIR firewall supports TCP[...]

ZyAIR G-2000 Plus User’s Guide Chapter 1 Getting to Know Your ZyAIR 40 1.2.2.16 PPPo E Support (RFC2516) PPPoE (Point-to-Point Pro tocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing netw ork configuration with newer broadband techn o logies such as ADSL. The PPPoE driver on the ZyAIR is tran sparent to th[...]

ZyAIR G-2000 Plus User’s Guide 41 Chapter 1 Getting to Know Your ZyAIR 1.2.2.22 Multicast T raditionally , IP packets are transmitted in two ways - uni cast or broadcast. Multicast is a third way to deliver IP pack ets to a group of ho sts. IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups. The latest vers[...]

ZyAIR G-2000 Plus User’s Guide Chapter 1 Getting to Know Your ZyAIR 42 1.2.2.29 Embedded FTP and TFTP Servers The ZyAIR’ s embedded FTP and TFTP servers en able fast firmware upgrades as well as configuration file backup s and restoration. 1.2.2.30 Wireless Association List W ith the wireless assoc iation list, you can see the list of the wirel[...]

ZyAIR G-2000 Plus User’s Guide 43 Chapter 1 Getting to Know Your ZyAIR[...]

ZyAIR G-2000 Plus User’s Guide Chapter 2 Introdu cing the Web Configurator 44 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens. The default IP addr ess of the ZyAIR is 192.168.1.1. 2.1 W eb Configurator Overview The embedded web configurator (ewc) [...]

ZyAIR G-2000 Plus User’s Guide 45 Chapter 2 Introducing the Web Configurator Figure 2 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate us ing your ZyAIR’ s MAC address that will be specific to this device. Figure 3 Replace Certificate Screen Y ou should now see the MAIN MENU sc reen.. Note: The mana[...]

ZyAIR G-2000 Plus User’s Guide Chapter 2 Introdu cing the Web Configurator 46 2.3 Resetting the ZyAIR If you forget your password or cannot access the web configurator, you will need to reload the factory-default configuration file or use the RESET button on the side pa nel of the Zy AIR. Uploading this configuration f ile replaces the current co[...]

ZyAIR G-2000 Plus User’s Guide 47 Chapter 2 Introducing the Web Configurator Figure 4 The MAIN MENU Screen of the Web Configurator Use submenus to configure ZyAIR features. Click WIZARD SETUP for initial configuration includin g general setup, wireless LAN setup, ISP Parameters for Internet Access and W AN IP/DNS/MAC Address Assignment. Click the[...]

ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 48 C HAPTER 3 W izard Setup The web configurator’ s setup wizard helps you configure your ZyAIR for Internet access and set up wireless LAN. 3.1 Wizard Setup Overview The web configurator ’ s setup w izard helps you configure your devic e to access the Internet. The second screen has thre[...]

ZyAIR G-2000 Plus User’s Guide 49 Chapter 3 Wizard Setup 3.1.4 WP A-PSK W i-Fi Protected Access (WP A) is a subset of the IEEE 802.1 1i security specification draft. Key differences between WP A and WEP are user authentication and improved data encryption.The encryption mechan isms used for WP A and WP A-PSK are the same. The only difference betw[...]

ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 50 Figure 5 Wizard 1 : General Setup The following table describes the labels in this screen. Table 3 Wizard 1 : Genera l Setup LABEL DESCRIPTION System Name It is recommended you type your computer's "Co mputer name". In Windows 95/98 click Star t , Settings , Control Panel , [...]

ZyAIR G-2000 Plus User’s Guide 51 Chapter 3 Wizard Setup Figure 6 Wizard 2 : Wireless LAN Setup The following table describes the labels in this screen. Table 4 Wizard 2 : Wireless LAN Setup LABEL DESCRIPTION Wireless LAN Setup ESSID Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this fiel[...]

ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 52 Figure 7 Wizard 3: Wireless LAN Setup: Basic Securit y The following table describes the labels in this screen. Table 5 Wizard 3: Wireless LAN Setup: Basic Security LABEL DESCRIPTION Passphrase Y ou can generate or manually enter a WEP key by either: Entering a Passphrase (up to 32 printab[...]

ZyAIR G-2000 Plus User’s Guide 53 Chapter 3 Wizard Setup Figure 8 Wizard 3: Wireless LAN Setup: Extend Security The following table describes the labels in this screen. Table 6 Wizard 3: Wireless LAN Setup: Extend Security LABEL DESCRIPTION Pre-Shared Key T ype from 8 to 63 case-sensitive ASCI I c haracters. Y ou can set up the most secure wirele[...]

ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 54 Figure 9 Wizard 4: Ethernet Enca psulation The following table describes the labels in this screen. Table 7 Wizard 4: Ethernet Encapsula tion LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation Y ou must ch oose the Ethernet option whe n the W AN po rt is used as a regular [...]

ZyAIR G-2000 Plus User’s Guide 55 Chapter 3 Wizard Setup 3.5.2 PPPoE Encap sulation Point-to-Point Protocol ov er Ethernet (PPPoE) function s as a dial-up connection. PPPoE is an IETF (Internet Engineering T ask Force) draft standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) [...]

ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 56 Figure 10 Wizard 4: PPPoE Encapsulation The following table describes the labels in this screen. Table 8 Wizard 4: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameter for Internet Access Encapsulation Choose PPP over Ethernet from the pull-down list box. PPPoE forms a dial-up connection. S[...]

ZyAIR G-2000 Plus User’s Guide 57 Chapter 3 Wizard Setup PP TP supports on-demand, multi-protocol, and virtual private n etworking over public networks, such as the Internet. Refer to the appendix for more information on PP TP . Note: The ZyAIR supports one PP TP server connection at any given time. Figure 1 1 Wizard 4: PPTP Encapsulation The fol[...]

ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 58 3.6 Wizard Setup: Screen 5 The fifth wizard screen allows you to configure W AN IP address assignme nt, DNS server address assignment and the W AN MAC address. 3.6.1 W AN IP Address Assignment Every computer on the Internet must have a unique IP address. If your networks are is olated from[...]

ZyAIR G-2000 Plus User’s Guide 59 Chapter 3 Wizard Setup 3.6.2 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number . Where you obtain your netwo rk number depends on your particular situation. If the ISP or your network administrator assigns yo u[...]

ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 60 Y ou can configure the W AN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Onc e it is successfully configured, the address will be copied to the "r om" file (ZyNOS configuration f ile). It will not change unles[...]

ZyAIR G-2000 Plus User’s Guide 61 Chapter 3 Wizard Setup Figure 12 Wizard 5: W AN Setup The following table describes the labels in this screen Table 12 Wizard 5: WAN Setup LABEL DESCRIPTION W AN IP Address Assignmen t Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address. This is the default selection. U[...]

ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 62 3.7 Basic Setup Complete Click Back to return to the previous screen or click Finish to complete and save the wizard setup. First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynami cally assigns DNS server information (and the ZyAIR's WAN IP address). The[...]

ZyAIR G-2000 Plus User’s Guide 63 Chapter 3 Wizard Setup Figure 13 Wizard Finish W ell done! Y ou have successfully set up the ZyAIR. A congratulations screen di splays some information.[...]

ZyAIR G-2000 Plus User’s Guide Chapter 4 System Screens 64 C HAPTER 4 System Screens 4.1 System Overview This section provides information on general system setup. 4.2 Configuring General Setup Click the SYSTEM link under ADV ANCED to open the General screen. Figure 14 System General Setup The following table describes the labels in this screen. [...]

ZyAIR G-2000 Plus User’s Guide 65 Chapter 4 S ystem Screen s 4.3 Dynamic DNS Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in NetMeeting, CU-SeeMe, etc.). Y ou can also access your FTP server or W eb site on your own computer using a domain name (for insta[...]

ZyAIR G-2000 Plus User’s Guide Chapter 4 System Screens 66 4.4 Configuring Dynamic DNS T o change your ZyAIR’ s DDNS, click SYSTEM , then the DDNS tab. The screen appears as shown. Figure 15 DDNS The following table describes the labels in this screen. Table 14 DDNS LABEL DESCRIPTION Enable DDNS Select this check box to use dy namic DNS. Servic[...]

ZyAIR G-2000 Plus User’s Guide 67 Chapter 4 S ystem Screen s 4.5 Configuring Password T o change your ZyA IR’ s password (recommended), click the SYSTEM link under ADV ANCED and then the Password tab. The screen appears as shown. This screen allows you to change the ZyAIR’ s password. If you forget your password (o r the ZyAIR IP address), yo[...]

ZyAIR G-2000 Plus User’s Guide Chapter 4 System Screens 68 4.6 Configuring T ime Setting T o change your ZyAIR ’ s time and date, click the SYSTEM link under ADV ANCED and then the T ime Setting tab. The screen appears as shown. Use this screen to configure the ZyAIR’ s time based on your local time zone. Figure 17 T ime Setting The following[...]

ZyAIR G-2000 Plus User’s Guide 69 Chapter 4 S ystem Screen s New T ime (hh:mm:ss) This field displays the last updated time from the time server . When you select None in the Time Protocol fie ld, enter the new ti me in thi s field and then click Apply . Current Date (yyyy/ mm/dd) This field displays the date of your ZyAIR. Each time you reload t[...]

ZyAIR G-2000 Plus User’s Guide Chapter 5 LAN Screen s 70 C HAPTER 5 LAN Screens This chapter describes how to configure LAN settings. 5.1 LAN Overview Local Area Network (LAN) is a shared communic ation system to which many computers are attached. The LAN screens can help you config ure a LAN DHCP server, ma nage IP addresses, and partition your [...]

ZyAIR G-2000 Plus User’s Guide 71 Chapter 5 LAN Screens • IP address of 1 92.168.1.1 with subn et mask of 255.255.25 5.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. These parameters should work fo r the majority of installations . If your ISP gives yo u explicit DNS server address(es), read the embe[...]

ZyAIR G-2000 Plus User’s Guide Chapter 5 LAN Screen s 72 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assi gned to the permanent group of all IP hosts (including gateways). All hosts must join the 22 4.0.0.1 group in order to participate in IGMP . The address[...]

ZyAIR G-2000 Plus User’s Guide 73 Chapter 5 LAN Screens Figure 18 LAN IP The following table describes the labels in this screen. Table 17 LAN IP LABEL DESCRIPTION DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allow s individual clients (computers) to obtain TC P/IP configuration at startup from a server . Leave th[...]

ZyAIR G-2000 Plus User’s Guide Chapter 5 LAN Screen s 74 First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assign s DNS server information (and the ZyAIR's W AN IP address). T he field to the right d isplays the (read-only) DNS server IP address that the ISP assigns. Select User-Defined if you have t[...]

ZyAIR G-2000 Plus User’s Guide 75 Chapter 5 LAN Screens 5.5 Configuring S tatic DHCP This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss. The MAC address is assigned at the factory and consists of six pairs of[...]

ZyAIR G-2000 Plus User’s Guide Chapter 5 LAN Screen s 76 Figure 19 S tatic DHCP The following table describes the labels in this screen. Table 18 Static DHCP LABEL DESCRIPTION # This is the index number of the S tatic IP table entry (row). MAC Address T ype the MAC address (with colo ns) of a computer on your LAN. IP Address T ype the LAN IP addr[...]

ZyAIR G-2000 Plus User’s Guide 77 Chapter 5 LAN Screens Figure 20 IP Alias The following table describes the labels in this screen. Table 19 IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network fo r the ZyAIR. IP Address Enter the IP address of your Zy AIR in dotted decimal notation. IP Subnet Mask Y our Z[...]

ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 78 C HAPTER 6 W ireless Configuration and Roaming This chapter discusses how to configure the W ireless and Roaming sc reens on the ZyAIR. 6.1 Wireless LAN Overview This section introduces the wireless LAN(WLAN) and some basic scenarios. 6.1.1 IBSS An Independent Basic [...]

ZyAIR G-2000 Plus User’s Guide 79 Chapter 6 Wireless C o nfiguration and Roaming Intra-BSS traffic is traf fic betw een wireless sta tions in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate with each other . When Intra-BSS is di sabled, wireless station A and B can still access the wired n[...]

ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 80 Figure 23 Extended Service Set 6.2 Wireless LAN Basics Refer also to the Wi z a rd S e t u p chapter for more background information on W ireless LAN features, such as channels. 6.2.1 RTS/CTS A hidden node occurs when two stations are with in range of the same access[...]

ZyAIR G-2000 Plus User’s Guide 81 Chapter 6 Wireless C o nfiguration and Roaming Figure 24 RTS /CT S When station A sends data to th e ZyAIR, it might not know that station B is already using the channel. If these two stations se nd data at the same time, collis ions may occur when both sets of data arrive at the AP at the same time, r esulting i[...]

ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 82 A large Fragmentation Thr eshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks tha t are prone to interference. If the Fragmentation Threshold value is smaller than the RT S/ C T S value ([...]

ZyAIR G-2000 Plus User’s Guide 83 Chapter 6 Wireless C o nfiguration and Roaming Figure 25 Wirel ess The following table describes the general wireless LAN labels in this screen. Table 20 Wirel ess LABEL DESCRIPTION Enable Wireless LAN Click the check box to activate wireless LAN. ESSID (Extended Service Set IDenti ty) The ESSID identi fies the S[...]

ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 84 See the W ir eless Security chapter for information on the other labels in this screen. 6.4 Configuring Roaming A wireless station is a device with an IEEE 802 .1 1mode compliant wireless adapter . An access point (AP) acts as a bridge between the wirele ss and wired[...]

ZyAIR G-2000 Plus User’s Guide 85 Chapter 6 Wireless C o nfiguration and Roaming 1 As wireless station Y moves from the coverage area of access point P1 to that of access point 2 P2 , it scans and uses the si gnal of access point P2 . 3 Access point P2 acknowledges the presence of wireless station Y and relays this information to access point P1 [...]

ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 86 Figure 27 Roaming The following table describes the labels in this screen. Table 21 Roaming LABEL DESCRIPTION Active Select Ye s from the drop-down list box to enab le roamin g on the ZyAIR if you have two or more ZyAIRs on the same subnet. Note: All APs on the same [...]

ZyAIR G-2000 Plus User’s Guide 87 Chapter 6 Wireless C o nfiguration and Roaming[...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 88 C HAPTER 7 Wireless Security This Chapter describes how to use the MAC Filter , 802.1x , Roaming and RADIUS to configure wireless security on your ZyAIR. 7.1 Wireless Security Overview W ireless security is vital to your network to p rotect wireless commu nication betw een wireless st[...]

ZyAIR G-2000 Plus User’s Guide 89 Chapter 7 Wireless Security Figure 29 Wireless: No Security The following table describes the labels in this screen. Table 22 Wireless No Security LABEL DESCRIPTION Security Choose from one of the security f eatures listed in the drop-down box. • No Security • S tatic WEP • WP A-PSK •W P A • 802.1x + Dy[...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 90 7.2 Security Parameters Summary Refer to this table to see what other secur ity parameters you shou ld configure for each Authentication Method/ key management pro toc ol type. Y ou enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then t[...]

ZyAIR G-2000 Plus User’s Guide 91 Chapter 7 Wireless Security Figure 30 WEP Authenticat ion S teps Open system authentication in volves an unencrypted two-message procedure. A wireless station sends an open system authentication request to the AP , which will then automatically accept and connect the wireless station to the network. In effect, op[...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 92 Figure 31 Wireless: S tatic WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 24 Wireless: Static WEP Encryption LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and click Generate . The ZyAIR automatical[...]

ZyAIR G-2000 Plus User’s Guide 93 Chapter 7 Wireless Security 7.5 Introduction to WP A W i-Fi Protected Access (WP A) is a subset of the IEEE 802.1 1 i security specification draft. Key differences between WP A and WEP are user authentication and improved data encryption. 7.5.1 User Authentication WP A applies IEEE 802.1x and Extensible Auth enti[...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 94 7.5.2 Encryption WP A improves d ata encryption by using T emporal Key Inte grity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. T emporal Key Integrity Protocol (TKIP) uses 12 8-bit keys that are dynamically generated and distributed by the authentication server . It[...]

ZyAIR G-2000 Plus User’s Guide 95 Chapter 7 Wireless Security Figure 32 WP A - PSK Authentication 7.6 Configuring WP A-PSK Authentication In order to configure and enable WP A-PSK Authentication; click the WIRELESS link under ADV ANCED to display the Wi rel e s s screen. Select WP A-PSK from the Security list.[...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 96 Figure 33 Wireless: WP A-PSK The following table describes the labels in this screen. Table 25 Wireless: WPA-PSK LABEL DESCRIPTION Pre-Shared Key The encryption mechanisms used for WP A and WP A-PSK are the same. The o nly difference between the two is that WP A-PSK uses a simple comm[...]

ZyAIR G-2000 Plus User’s Guide 97 Chapter 7 Wireless Security 7.7 Wireless Client WP A Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A. At the time of writing, the most widely available supplicant is the WP A patch for W indows XP , Funk Software 's Ody[...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 98 Figure 34 WP A with RADIU S Application Example 7.8 Configuring WP A Authentication In order to configure and enable WP A Authentication; click the WIRELESS link under ADV ANCED to display the Wi rel e s s screen. Select WP A from the Security list.[...]

ZyAIR G-2000 Plus User’s Guide 99 Chapter 7 Wireless Security Figure 35 Wirel ess: W P A The following table describes the labels in this screen. Table 26 Wirel ess: WPA LABEL DESCRIPTION ReAuthentication T imer (in seconds) S pecify how often wireless stations have to reenter usernames and passwords in order to stay connected. Enter a time inte [...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 100 7.9 Introduction to RADIUS RADIUS is based on a client-sever model that supports authentication and accounting, where access point is the client and the server is the RADIUS server . The RADIUS server handles the following tasks among others: • Authentication Determines the identity[...]

ZyAIR G-2000 Plus User’s Guide 101 Chapter 7 Wireless Security The following types of RADIUS messages are exchanged between the a ccess point and the RADIUS server for user accounting: 7.9.1.2 Accounting-Request Sent by the access point requesting accounting. 7.9.1.3 Acc ounting-Response Sent by the RADIUS server to indicate that it has started o[...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 102 4 The RADIUS server checks the user informa tion against its user profile database and determines whether or not to au thenticate the wireless station. 7.10 Configuring RADIUS Y ou can configure the ZyAIR to authenticate wireless clients using an external RADIUS server or have the ZyA[...]

ZyAIR G-2000 Plus User’s Guide 103 Chapter 7 Wireless Security Figure 37 Wirel ess: W P A The following table describes the labels in this screen. Table 27 RADIUS LABEL DESCRIPTION Internal RADIUS Server Select this radio button to use the ZyAIR’s Internal RA DIUS Server . Y ou can authenticate other AP’s or wireless clients in other wireless[...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 104 7.1 1 802.1x Overview The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key manage ment. Authentication can be done using the trusted user database interna l to the ZyAIR (authenticate up to 32 users) or an exte[...]

ZyAIR G-2000 Plus User’s Guide 105 Chapter 7 Wireless Security •E A P - T L S •E A P - T T L S • PEAP Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange 7.13 Configuring 802.1x and Dynamic WEP Key Exchange In order to configure and enable 802.1x and Dy namic WEP Key Exchange; click the WIRELESS link under ADV ANCED to display the Wi[...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 106 Figure 38 Wireless: 802.1x and Dynamic WE P The following table describes the labels in this screen. Table 28 Wireless: 80 2.1x and Dynamic W EP LABEL DESCRIPTION ReAuthentication T imer (in seconds) S pecify how often wireless stations have to reenter usernames and passwords in orde[...]

ZyAIR G-2000 Plus User’s Guide 107 Chapter 7 Wireless Security 7.14 Configuring 802.1x and S t atic WEP Key Exchange In order to configure and enable 802.1x and St atic WEP Key Exchange; click th e WIRELESS link under AD V ANCED to display the W ireless screen. Select 802.1x + S tatic WEP fro m the Security list. Apply Click Apply to save your ch[...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 108 Figure 39 Wireless: 802.1x and S tatic WEP The following table describes the labels in this screen. Table 29 Wireless: 80 2.1x and St atic WEP LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and click Generate . The ZyAIR automatically generate s a WEP[...]

ZyAIR G-2000 Plus User’s Guide 109 Chapter 7 Wireless Security Authentication Method This field is activated when you select 64-bit WEP or 128-bit WEP in the WEP Encryption field. Select Auto, Ope n System or Shared Key from the drop-down list box. ASCII Select this option in order to enter ASCII characters as the WEP keys. Hex Select this option[...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 110 7.15 Configuring 802.1x In order to configure and enable 802.1x; click the W IRELESS link under ADV ANCED to display the Wire l es s screen. Select 802.1x + No WEP from the Security list.[...]

ZyAIR G-2000 Plus User’s Guide 111 Chapter 7 Wireless Security Figure 40 Wireless: 80 2.1x The following table describes the labels in this screen. Table 30 Wireless: 80 2.1x and No WEP LABEL DESCRIPTION ReAuthentication T imer (in seconds) S pecify how often wireless stations have to reenter usernames and passwords in order to stay connected. En[...]

ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 112 7.16 MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association). Every Ethernet device has a uniq ue MAC (Media Access Control) address. The[...]

ZyAIR G-2000 Plus User’s Guide 113 Chapter 7 Wireless Security Figure 41 MAC Addres s Filter The following table describes the labels in this menu. Table 31 MAC Address F ilter LABEL DESCRIPTION Active Select Ye s from the drop down list box to enable MAC address filtering. Filter Action Define the filt er action for t he list of MAC addresses in[...]

ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 114 C HAPTER 8 Internal RADIUS Server This chapter describes how to u se the internal RADIUS server to authenticate wireless clients or other AP’ s in other wireless networks .For more backg round information on RA DIUS, see section 7.9 . 8.1 Internal RADIUS Overview The ZyAIR has[...]

ZyAIR G-2000 Plus User’s Guide 115 Chapter 8 Internal RADIUS Server Figure 42 ZyAIR Authenticates Wireless S tations Figure 43 ZyAIR as a RADIUS server Other AP’s ZyAIR Authenic ates other AP’s Table 32 Internal RADI US Server LABEL DESCRIPTION Setting Use the Setting screen to di splay information about the ZyAIR’s certificate and to activ[...]

ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 116 8.2 Internal RADIUS Server Setting The INTERNAL RADIUS SER VER Setting screen displays inform ation about certificates. The certificates are used by wirele ss clients to authenticate the RADIUS server . Information matching the certificate is held on the wireless clients utility[...]

ZyAIR G-2000 Plus User’s Guide 117 Chapter 8 Internal RADIUS Server Figure 44 Internal RADIUS Server Setting Screen The following table describes the labels in this screen. Table 33 My Certificates LABEL DESCRIPTION Active Select the Active checkbox to have t he ZyAIR us e its internal RADIUS server to authenticate wireless clients or other AP’[...]

ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 118 8.3 T rusted AP Overview A trusted AP is an AP that uses the ZyAIR’ s internal RADIUS server to authenticate it’ s wireless clients. The following shows how this is done in two phases. Figure 45 ZyAIR RADIUS Server Wireless clients. Y o u can authenticate a maximum of 32 wir[...]

ZyAIR G-2000 Plus User’s Guide 119 Chapter 8 Internal RADIUS Server 2 Configure wireless client user names and passwords in the T rusted Users database to use a trusted AP as a relay between the RADIUS se rver and the wireless clie nts. The wireless clients can then be authenti cated by the RADIUS server . 8.4 Configuring T rusted AP T o configur[...]

ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 120 8.5 T rusted Users Overview A trusted user is a wireless client within the ZyAIR’ s wireless network. 8.6 Configuring T rusted Users T o change your ZyA IR’ s trusted users, click the AUTH SERVER link under ADV ANCED and then the T rusted User s tab. The screen appears as sh[...]

ZyAIR G-2000 Plus User’s Guide 121 Chapter 8 Internal RADIUS Server Figure 47 T rusted Users Screen The following table describes the labels in this screen. Table 35 Trusted U sers LABEL DESCRIPTION # This field displays the trusted user index number . Active Select this checkbox to have the ZyAIR aut hen ticate wireless clie nts with the same us[...]

ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 122 Apply Click Apply to save your change s back to the ZyAIR. Reset Click Reset to begin configurin g this screen afresh. Table 35 Trusted U sers LABEL DESCRIPTION[...]

ZyAIR G-2000 Plus User’s Guide 123 Chapter 8 Internal RADIUS Server[...]

ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 124 C HAPTER 9 WA N This chapter describes how to configure W AN settings. 9.1 W AN Overview A W AN (Wide Area Network) is an outside conn ection to another network or t h e Internet. See the W izard Setup chapte r fo r more background information on most fields in the W AN screens. Background informat[...]

ZyAIR G-2000 Plus User’s Guide 125 Chapter 9 WA N Figure 48 Ethernet Encapsulation The following table describes the labels in this screen. Table 36 Ethernet Encapsulat ion LABEL DESCRIPTION Encapsulation Y ou must choo se the Ethernet option when the WAN port is used as a regular Ethernet. Service T ype Choose from Standar d , Te l s t r a (Road[...]

ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 126 Figure 49 Ethernet Encapsulation The following table describes the labels in this screen. Table 37 Ethernet Encapsulat ion LABEL DESCRIPTION Encapsulation Y ou must choose the Ethernet optio n when the WAN port is used as a regular Ethernet. Service T ype Choose fr om Stand a rd , Te l s t r a (Roa[...]

ZyAIR G-2000 Plus User’s Guide 127 Chapter 9 WA N For the service provider , PPPoE of fers an acces s and authentication method that works with existing access control systems (for exampl e Radius). PPPoE provides a login and authentication method that the existing Microsoft Dial-Up Networ king software ca n activate, and therefore requires no ne[...]

ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 128 Figure 50 PPPoE Encapsulation The following table describes the labels in this screen. Table 38 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up c onnection using PPPo E. The ZyAIR supports PPPoE (Point-to- Poin t [...]

ZyAIR G-2000 Plus User’s Guide 129 Chapter 9 WA N 9.2.3 PPTP Encap sulation Point-to-Point T unneling Protocol (PP TP) is a ne twork protocol that enables secure transfer of data from a remote client to a private server , creating a V irtual Private Network (VPN) using TCP/IP-based networks. PP TP supports on-demand, multi-protoco l and virtual p[...]

ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 130 Figure 51 PPTP Encapsulation The following table describes the labels in this screen. Table 39 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation Point-to-Point T unneling Protocol (PPTP) is a network protocol that enables secure transfer of data from a remote cl[...]

ZyAIR G-2000 Plus User’s Guide 131 Chapter 9 WA N 9.3 TCP/IP Priority (Metric) The metric represents the "cost of transmissi on". A router determines the best route for transmission by choosing a path with the lowest "cost". RI P routing uses hop count as the measurement of cost, with a minimum of "1" for directly co[...]

ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 132 Figure 52 WA N : IP The following table describes the labels in this screen. Table 40 WAN: I P LABEL DESCRIPTION W AN IP Address Assignmen t Get automatically from ISP Select this option If your ISP did not assi gn you a fixed IP address. This is the default selection. Use fixed IP address Select t[...]

ZyAIR G-2000 Plus User’s Guide 133 Chapter 9 WA N Network Address T ransla tion Network Address T ransl ation (NA T) allows the translation of an Internet protocol address used wi thin one n etw ork (for example a private IP add ress used in a local network) to a different IP address known wi thin another netwo rk (for example a public IP address[...]

ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 134 9.5 Configuring W AN MAC T o change your ZyAIR’ s W AN MAC settings, click WA N , then the WA N M A C tab. The screen appears as shown. Figure 53 MAC Setup The MAC address screen allows users to conf igure the W AN port's MAC address by either using the factory default or cloning the MAC add[...]

ZyAIR G-2000 Plus User’s Guide 135 Chapter 9 WA N Otherwise, click Spoof this computer's MAC addr ess - IP Address and enter the IP address of the computer on the LAN w hose MAC you ar e cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the[...]

ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 136 C HAPTER 10 Single User Account (SUA) / Network Address T r anslation (NA T) This chapter discusses how to configure SUA/NA T on the ZyAIR. 10.1 NA T Overview NA T (Netw ork Address T rans lation - NA T , RFC 1631) is the tra nslation o[...]

Note: NA T never changes the IP address (either local or global) of an outside ho st. ZyAIR G-2000 Plus User’s Guide 137 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) 10.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP address in a packet received from a subscriber (the inside local address) to anot[...]

ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 138 Figure 54 How NA T Works 10.1.4 NA T Application The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the ZyAIR can co mmunicate with three distinct W AN networks. M[...]

ZyAIR G-2000 Plus User’s Guide 139 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) Figure 55 NA T Application With IP Alias 10.1.5 NA T Mapping T ypes NA T sup ports five types of IP/port mapping. They are: • One to One : In One-to-One mode, the ZyAIR maps on e local IP addres s to one global IP address. • Many to On[...]

ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 140 The following table summarizes these types. Table 42 NAT Mapping Types TYPE IP MAPPING SMT ABBREVIA TION One-to-One ILA1 ÅÆ IGA1 1-1 Many-to-One (SUA/P A T) IL A1 ÅÆ IGA1 ILA2 ÅÆ IGA1 … M-1 Many-to-Many Overload ILA1 ÅÆ IGA1 I[...]

ZyAIR G-2000 Plus User’s Guide 141 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) Y ou may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server . The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases[...]

ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 142 The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also re fer to the Supporting CD for more examples and details on SUA/NA T. Table 43 Services[...]

ZyAIR G-2000 Plus User’s Guide 143 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) Figure 56 Multiple Servers Be hind NA T Example 10.4 Configuring SUA Server Note: If you do not assign a Default Server IP Address, the ZyAIR discards all p ackets received for port s that are not specified in this screen or remote mana ge[...]

ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 144 Figure 57 SUA/NA T Setup The following table describes the labels in this screen. Table 44 SUA/NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specifi ed services, NA T supports a default server . A default ser[...]

ZyAIR G-2000 Plus User’s Guide 145 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) 10.5 Configuring Address Mapping Ordering your rules is important because the Zy AIR applies the rules in the order that you specify . When a rule matches the c urrent pack et, the ZyAIR takes the corresponding action and the remaining rul[...]

ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 146 Figure 58 Address Mapping The following table describes the labels in this screen. Table 45 Address Mapp ing LABEL DESCRIPTION Local S tart IP This refers to the Inside Local Address (ILA), which is the starting local IP address. If the[...]

ZyAIR G-2000 Plus User’s Guide 147 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) 10.5.1 Configuring Address Mapping T o edit an address mapping rule, select the radio button of a rule and click the Edit button to display the screen shown next. Figure 59 Address Mapping Edit The following table describes the labels in t[...]

ZyAIR G-2000 Plus User’s Guide Chapter 10 Sin gle User A ccount (SUA ) / Network Ad dress Transla tion (NAT) 1 48 10.6 T rigger Port Forwarding Some services use a dedicated range of ports on the client side and a dedica ted range of ports on the server side. W ith regular port forwarding you set a forwarding port in NA T to forward a service (co[...]

ZyAIR G-2000 Plus User’s Guide 149 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) Figure 60 T rigger Port Forwarding Process: Example 1 Jane requests a file from the Real Audio server (port 7070). 2 Port 7070 is a “trigger” port and causes the Zy AIR to record Jane’ s computer IP address. The ZyAIR associates Jane[...]

ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 150 Figure 61 T rigger Port The following table describes the labels in this screen. Table 47 Trigger Port LABEL DESCRIPTION # This is the rule index number (read-on ly). Name T ype a unique name (up to 15 characters) for identification pur[...]

ZyAIR G-2000 Plus User’s Guide 151 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT)[...]

ZyAIR G-2000 Plus User’s Guide Chapter 11 Static Route Screens 152 C HAPTER 11 S t atic Route Screens This chapter shows you how to config ure static routes for your ZyAIR. 1 1 .1 St atic Route Overview Each remote node specifies only the network to which the gateway is di rectly connected, and the ZyAIR has no knowle dge of the networks be yond.[...]

ZyAIR G-2000 Plus User’s Guide 153 Chapter 11 Static Route Screens Figure 63 S tatic Route The following table describes the labels in this screen. Table 48 Stati c Route LABEL DESCRIPTION # Number of an individual static route. Name Name that describes or identifies this route. Active This field shows whe ther this static route is active ( Ye s [...]

ZyAIR G-2000 Plus User’s Guide Chapter 11 Static Route Screens 154 Figure 64 S tatic Route: Edit The following table describes the labels in this screen. Table 49 Static Route: Edit LABEL DESCRIPTION Route Name Enter the n ame of the IP static route. Leave this field blank to delete this static route. Active This field allows you to activa te /de[...]

ZyAIR G-2000 Plus User’s Guide 155 Chapter 11 Static Route Screens[...]

ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 156 C HAPTER 12 Remote Management Screens This chapter provides information on the Remote Management screens. 12.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which ZyAIR interface (if any) from which computers. Note: [...]

ZyAIR G-2000 Plus User’s Guide 157 Chapter 12 Remot e Manageme nt Screens 1 A filter in SMT menu 3.1 (LAN) or in menu 1 1.5 (W AN) is applied to block a T elnet, FTP or W eb service. 2 Y ou have disabled that service in one of the remote management screens. 3 The IP address in the Secured Client IP field does not match th e client IP address. If [...]

ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 158 Figure 65 Remote Management: WWW The following table describes the labels in this screen. Table 50 Remote Management: WWW LABEL DESCRIPTION Server Port Y ou may change the server port number for a service if needed, however you must use the same port number in order to us e t[...]

ZyAIR G-2000 Plus User’s Guide 159 Chapter 12 Remot e Manageme nt Screens Figure 66 T elnet Configuration on a TCP/IP Network 12.4 Configuring TELNET Click REMOTE MGMT and the TELNET tab to display the screen as shown. Figure 67 Remote Management: T elnet The following table describes the labels in this screen. Table 51 Remote Management: Telnet [...]

ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 160 12.5 Configuring FTP Y ou can upload and download the ZyAIR’ s fi rmware and configuration fil e s using FTP , please see the chapter on firmware and configura tion file maintenance for details. T o use this feature, your computer must have an FTP client. T o change your Zy[...]

ZyAIR G-2000 Plus User’s Guide 161 Chapter 12 Remot e Manageme nt Screens 12.6 SNMP Simple Network Management Protocol (SNM P) i s a protocol u sed for exchanging management information b etween network devices. SNMP is a member of the TCP/IP protocol suite. Y our ZyAIR supports SNMP agent functionality , whic h allows a manager station to manage[...]

ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 162 An agent is a management software module that resides in a managed de vice (the ZyAIR). An agent translates the local ma nagemen t information from the mana ged device into a form compatible with SNMP . The manager is the co nsole through wh ich network administrators perform[...]

ZyAIR G-2000 Plus User’s Guide 163 Chapter 12 Remot e Manageme nt Screens 12.6.3 Configuring SNMP T o change yo ur ZyAIR’ s SNMP settings , click REMOTE MGMT , then the SNMP tab. The screen appears as shown. 6a For intentional reboot : A trap is sent with the message "System reboot by user!" if reboot is done intentional ly , (fo r ex[...]

ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 164 Figure 70 Remote Management: SNMP The following table describes the labels in this screen. Table 54 Remote Management: SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community , which is the password for the incoming Ge t and GetNext requests from the m[...]

ZyAIR G-2000 Plus User’s Guide 165 Chapter 12 Remot e Manageme nt Screens 12.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on W izard Setup for background information. T o change your ZyAIR’ s DNS settings, click REMOTE MGMT , then the DNS tab. The screen[...]

ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 166 12.8 Configuring Security T o change your ZyAIR’ s security settings, clic k REMOTE MGMT , then the Security tab. The screen appears as shown. If an outside user attempts to probe an unsupp orted port on your ZyAIR, an ICMP respo nse packet is automatically returned . This [...]

ZyAIR G-2000 Plus User’s Guide 167 Chapter 12 Remot e Manageme nt Screens Figure 72 Security The following table describes the labels in this screen. Table 56 Securi ty LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-repo rting protocol between a host server and a gateway to the Internet. ICMP uses Internet[...]

ZyAIR G-2000 Plus User’s Guide Chapter 13 UPnP 168 C HAPTER 13 UP N P This chapter introduces the Universal Plug and Play feature. 13.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectiv ity between devices. A UPnP device can dynamic[...]

ZyAIR G-2000 Plus User’s Guide 169 Chapter 13 UPnP All UPnP-enabled devices may communicate freely with eac h other without additional configuration. Disable UPnP if this is not your intention. 13.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from th e Universal Plug and Play Forum Creates UPnP™ Implementers Corp. (UIC). ZyXEL' s [...]

ZyAIR G-2000 Plus User’s Guide Chapter 13 UPnP 170 Figure 73 Configuring U PnP The following table describes the labels in this screen. Table 57 Configuring U PnP LABEL DESCRIPTION Enable the Universal Plug and Play (UPnP) feature Select this checkbox to activate UPnP . Be aware that anyone could use a UPnP application to open the web co nfigurat[...]

ZyAIR G-2000 Plus User’s Guide 171 Chapter 13 UPnP 13.4.1 Inst alling UPnP in Windows Me Follow the steps below to in stall UPnP in W indows Me. 1 Click St a r t and Control Panel . Double- click Add/Remove Programs . 2 Click on the Win d ow s S et u p ta b and select Communication in the Components selection box. Click Details . 3 In the Communi[...]

ZyAIR G-2000 Plus User’s Guide Chapter 13 UPnP 172 13.4.2 Inst alling UPnP in Windows XP Follow the steps below to install UPnP in W indows XP . 1 Click St a r t and Contr ol Panel . 2 Double-click Network Connections . 3 In the Network Connections window , click Advanced in the main menu and select Optional Networking Components … . 4 The W in[...]

ZyAIR G-2000 Plus User’s Guide 173 Chapter 13 UPnP 13.5 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in W indows XP . Y ou must already hav e UPnP installed in W indows XP and UPnP activated on the ZyXEL devi ce. Make sure the computer is co nnected to a LAN port of the ZyXEL device. T urn on your computer [...]

ZyAIR G-2000 Plus User’s Guide Chapter 13 UPnP 174 13.5.1 Auto-discover Y our UPnP-enabled Network Device 1 Click St a r t and Control Panel . Double-click Network Connections . An icon displays under Internet Gateway . 2 Right-click the icon and select Prop erties . 3 In the Internet Connection Properties window , click Settings to see the port [...]

ZyAIR G-2000 Plus User’s Guide 175 Chapter 13 UPnP 13.5.2 We b Configurator Easy Access W ith UPnP , you can access the web-based configur ator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device. Follow the steps below to access the web configurat[...]

1 Click St a r t and then Control Pan e l . 2 Double-click Network Connections . 3 Select My Network Places under Other Places . 4 An icon with the d escription for each UPnP-enabled device display s under Local Network . 5 Right-click the icon for your ZyXEL device and select Invoke . The web configurator login screen displays. 6 Right-click the i[...]

ZyAIR G-2000 Plus User’s Guide 177 Chapter 13 UPnP Follow the steps below to access the web configurator . 1 Click Start and then Control Panel. 2 Double-click Network Connections . 3 Select My Network Places under Other Places . 4 An icon with the d escription for each UPnP-enabled device display s under Local Network . 5 Right-click the icon fo[...]

ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 178 C HAPTER 14 Firewalls This chapter gives some background info rmation on firewalls and introduces the ZyAIRZyAIR firewall. 14.1 Firewall Overview Originally , the term fir ewall referred to a construction techni que designed to prevent the spread of fire from one room to another . The ne two[...]

ZyAIR G-2000 Plus User’s Guide 179 Chapter 14 Firewalls 1 Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the applicatio n gateway is the only host whose name must be made known to outside systems. 2 Robust authentication and logging pre-authenticates application traffic before it [...]

ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 180 Figure 74 ZyAIR Firewall Application 14.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks w ith a connection to the Internet. Their goal is not to st eal information, but to disabl e a device or netwo rk so users no longer have access to network resourc e[...]

ZyAIR G-2000 Plus User’s Guide 181 Chapter 14 Firewalls 14.4.2 T ypes of DoS Att acks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing. •" Ping of Death " an[...]

ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 182 Figure 75 Three-W ay Handshake Under normal circumstances, the applica tion that initiates a session sends a SYN (synchronize) packet to the receiving server . The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the in itiator responds with an ACK (acknowledgment[...]

ZyAIR G-2000 Plus User’s Guide 183 Chapter 14 Firewalls Figure 76 SYN Flood b In a LAND Attack , hackers flood SYN packets into the network with a spoofed source IP address of th e targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unav ailable while the tar get system tries to r espond to [...]

ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 184 Figure 77 Smurf Attack 14.4.2.1 ICMP V ulnerability ICMP is an error -reporting protocol that work s in concert with IP . The following ICMP types trigger an alert: Table 59 ICMP Commands That T rigger Alert s 5 REDIRECT 13 TIMEST AMP_REQUEST 14 TIMEST AMP_REPL Y 17 ADDRESS_MASK_REQUEST 18 A[...]

ZyAIR G-2000 Plus User’s Guide 185 Chapter 14 Firewalls 14.5 S tateful Inspection W ith stateful inspection, fields of the packets are compared to packets that a re already known to be trusted. For example, if you access some outside service, the proxy server remembe rs things about your original requ e st, like the port number and source and des[...]

ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 186 3 The firewall inspects packets to dete rmine and record information about the state of the packet's connection. This inform ation is recorded in a new st ate table entry created for the new connection. If there is not a firewall rule fo r this packet and it is not an attack, then the s[...]

ZyAIR G-2000 Plus User’s Guide 187 Chapter 14 Firewalls Below is a brief technical description of how th ese connections are tracked. Connections may either be defined by the uppe r protocols (for instance, TCP), or by the Zy AIR itself (as with the "virtual connections" created for UDP and ICMP). 14.5.3 TCP Security The ZyAIR uses stat[...]

ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 188 14.5.5 Upper Layer Protocols Some higher layer protocols (such as FTP and RealAudio) utilize multiple network connections simultaneous ly . In gene ral terms, they usually hav e a "control connection " which is used for sending commands between endpoints, and then "data connec[...]

ZyAIR G-2000 Plus User’s Guide 189 Chapter 14 Firewalls 14.7.1 Packet Filtering: • The router filters packets as they pass through the router’ s interface according to the filter rules you designed. • Packet filtering is a powerful tool, yet ca n be complex to configure and maintain, especially if you need a chain of rules to filter a servi[...]

ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 190 6 The firewall can block specific URL traffic th at might occur in the future. The URL can be saved in an Access Control List (ACL) database.[...]

ZyAIR G-2000 Plus User’s Guide 191 Chapter 14 Firewalls[...]

ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 192 C HAPTER 15 Firewall Screens This chapter shows you how to configure your ZyAIR firewall. 15.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your ZyAIR has to of fer . For this reason, it is reco ZyAIRmmended that you configure [...]

ZyAIR G-2000 Plus User’s Guide 193 Chapter 15 Fi rewall Screens Y ou may define additional rules and sets or m odify existing ones but please exercise extreme caution in doing so. Note: If you configure firewall rules with out a good understand ing of how they work, you might inadvertently introduce security risks to the firewa ll and to the prot[...]

ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 194 15.3.2 Security Ramifications Once the logic of the rule has been defined, it is critical to consider th e security ramifications created by the rule: 1 Does this rule stop LAN us ers from accessing critical reso urces on the Internet? For example, if IRC is blocke d, are th ere us [...]

ZyAIR G-2000 Plus User’s Guide 195 Chapter 15 Fi rewall Screens 15.4 Connection Direction Examples This section describes examples for firewall ru les for connections go ing from LAN to W AN and from W AN to LAN. LAN to LAN/ZyAIR and W AN to W AN/ZyAIR ru les apply to pa ckets coming in on the associated interface (LAN or W AN respectiv ely). LAN[...]

ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 196 Figure 80 W AN to LAN T raffic 15.5 Alert s Alerts are reports on events, such as attacks, that you may want to know about right away . Y ou can choose to generate an alert when a rule is matched in the Edit Rule screen ( Figure 83 ) . Configure the Log Settings screen to have the Z[...]

ZyAIR G-2000 Plus User’s Guide 197 Chapter 15 Fi rewall Screens Figure 81 Default Rule The following table describes the labels in this screen. Table 60 Defaul t Rule LABEL DESCRIPTION Enable Firewall Select this check box to activate the fi rewall. The ZyAIR performs access co ntrol and protects against Denial of Ser vice (DoS ) attacks when the[...]

ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 198 Figure 82 Rule Summary The following table describes the labels in this screen. Table 61 Rule Summary LABEL DESCRIPTION Firewall Rules S torage Sp ace in Use This read-only bar shows how much of th e ZyAIR's memory for recording firewall rules it is currently using. When you ar[...]

ZyAIR G-2000 Plus User’s Guide 199 Chapter 15 Fi rewall Screens 15.6.2 Configuring Firewall Rules Follow these directions to create a new rule. 1 In the Rule Summary screen, type the index number for where you want to put the rule. For example, if you type 6, your ne w rule becomes nu mber 6 and the previous rule 6 (if there is one) becomes rule [...]

ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 200 Figure 83 Creating/Editing A Firewall Rule[...]

ZyAIR G-2000 Plus User’s Guide 201 Chapter 15 Fi rewall Screens The following table describes the labels in this screen. Table 62 Creating/Editing A Firewall Rule LABEL DESCRIPTION Edit Source/Destination Address Address T ype Do you want your rule to apply to packets with a particular (single) IP , a range of IP addresses (e.g., 192.168.1.10 to [...]

ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 202 15.6.3 Configuring Custom Services Configure customized ports for services not predefined by the ZyAIR (See “Predefined Services” on page 206 for a list of predefined services) . For a comprehensive list of port numbers and services, visit the IANA (Intern et Assigned Number Aut[...]

ZyAIR G-2000 Plus User’s Guide 203 Chapter 15 Fi rewall Screens 15.7 Example Firewall Rule The following Internet firewa ll rule example allows a hypot hetical My Service connection from the Internet. 1 Click the FIREW ALL link and then the Rule Summary tab. Select WA N t o L A N from the Packet Dir ec tion drop-down list box. Figure 85 Rule Summ[...]

ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 204 Figure 86 Rule Edit Example 6 In the Edit Rule screen, click Add under Custom Service to open the Edit Custom Service screen. Configure it as follows and click Apply . Figure 87 Edit Custom Service Example 7 In the Edit Rule screen, use the arrows between A vailable Services and Sel[...]

ZyAIR G-2000 Plus User’s Guide 205 Chapter 15 Fi rewall Screens Figure 88 My Service Rule Configuration[...]

ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 206 Figure 89 My Service Example Rule Summary Rule 1: Allows a My Service connection fro m the W AN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. 15.8 Predefined Services The A vailable Services list box in the Edit Rule screen ( Figure 83 ) displays all predefined services th[...]

ZyAIR G-2000 Plus User’s Guide 207 Chapter 15 Fi rewall Screens FTP(TCP:20.21) File Transfer Program, a program to enable fast transfer of files, including large fi les that may not be possible by e-mail. H.323(TCP:1720) NetMeeting uses this protocol. HTTP(TCP:80) Hyper T ext Transfer Protocol – a client/server protocol for the world wide web. [...]

ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 208 SMTP(TCP:25) Simple Mail T ransfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another . SNMP(TCP/UDP:161) Simple Network Management Program. SNMP-TRAPS(TCP/UDP:162) T raps for use with the SNMP (RFC:1 215).[...]

ZyAIR G-2000 Plus User’s Guide 209 Chapter 15 Fi rewall Screens[...]

ZyAIR G-2000 Plus User’s Guide Chapter 16 Content Filtering 210 C HAPTER 16 Content Filtering This chapter provides a brief overview of co ntent filtering using the embedded W ebGUI. 16.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to their needs. Content filterin[...]

ZyAIR G-2000 Plus User’s Guide 211 Chapter 16 Conte nt Filtering Figure 90 Content Filter The following table describes the labels in this screen. Table 65 Content Filter LABEL DESCRIPTION Restrict Web Features Select the box(es) to restri ct a feature. When you download a page containing a restricted feature, that pa rt of the web page will app [...]

ZyAIR G-2000 Plus User’s Guide Chapter 16 Content Filtering 212 Keyword T ype a keyword in this field. Y ou may use any character (up to 64 characters). Wildcards are not allowed. Y ou can also enter a numerical IP address. Keyword List This list displays the keywords a lready added. Add Click Add af ter you have typed a keyword. Repeat this proc[...]

ZyAIR G-2000 Plus User’s Guide 213 Chapter 16 Con tent Filter ing[...]

ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 214 C HAPTER 17 Certificates This chapter gives background in formation about public-key certificates and explains how to use them. 17.1 Certificates Overview The ZyAIR can use certificates (also called digita l IDs) to authenticate users. Certificates are based on public-private key pairs. A[...]

ZyAIR G-2000 Plus User’s Guide 215 Chapter 17 Certificates 17.1.1 Advant ages of Certificates Certificates offer th e following benefits. • The ZyAIR only has to store the certificates of the certification authorities that you decide to trust, no matter how many de vices you need to authenticate. • Key distribution is simple and very secure s[...]

ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 216 Figure 91 My Certificates The following table describes the labels in this screen. Table 66 My Certificates LABEL DESCRIPTION PKI S torage S pace in Use This bar displays the percentage of the ZyAI R’s PKI storage space that is currently in use. When you are using 80% or less of the sto[...]

ZyAIR G-2000 Plus User’s Guide 217 Chapter 17 Certificates Ty p e This field displays what kind of certificate this is. REQ represents a certification request an d is not yet a valid certificate. Send a certification request to a certification authority , which then issues a certificate. Use the My Certificate Import screen to import the certific[...]

ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 218 17.5 Certificate File Format s The certification authority certific ate that yo u want to import ha s to be in one of these file formats: • Binary X.509: This is an ITU-T recommen dation that defines th e formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Priv acy Enh[...]

ZyAIR G-2000 Plus User’s Guide 219 Chapter 17 Certificates Figure 92 My Certificate Import The following table describes the labels in this screen. Table 67 My Certificate Import LABEL DESCRIPTION File Path T ype in the locati on of the file you w ant to upload i n this field or click Browse to find it. Browse Click Browse to find the certificate[...]

ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 220 Figure 93 My Certificate Create[...]

ZyAIR G-2000 Plus User’s Guide 221 Chapter 17 Certificates The following table describes the labels in this screen. Table 68 My Certificate Create LABEL DESCRIPTION Certificate Name T ype up to 31 ASCII characters (not includin g spaces) to identif y this certifi cate. Subject Information Use these fields to record information that identifies the[...]

ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 222 After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyAIR is generating the self-signed cer tificate or certification request. After the ZyAIR successfully enrolls a certificate or generates a certification request or a se lf- signed certificate,[...]

ZyAIR G-2000 Plus User’s Guide 223 Chapter 17 Certificates Figure 94 My Certificate Deta ils[...]

ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 224 The following table describes the labels in this screen. Table 69 My Certificate Det ails LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certifica te. Y ou may use any character[...]

ZyAIR G-2000 Plus User’s Guide 225 Chapter 17 Certificates 17.9 T rusted CAs Click CER TIFICA TES , T rus ted CAs to open the T rusted CAs screen. This screen displays a summary list of certificates of the certifica tion authorities that you have set the ZyAIR to accept as trusted. The ZyAIR accepts any valid certificate signed by a certification[...]

ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 226 Figure 95 T rusted CAs The following table describes the labels in this screen. Table 70 Tr u s t ed C As LABEL DESCRIPTION PKI S torage S pace in Use This bar displays the percentage of the Zy AIR’s PKI storage space that is currently in use. When yo u are using 80% or less of the stor[...]

ZyAIR G-2000 Plus User’s Guide 227 Chapter 17 Certificates 17.10 Importing a T rusted CA ’ s Certificate Click CER TIFICA TES , T rusted CAs to open the Tr u s t e d C A s scree n and then click Import to open the T rusted CA Import screen. Follow the instructions in this screen to save a trusted certification authority’ s certificat e to the[...]

ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 228 17.1 1 T rusted CA Certificate Det ails Click CER TIFICA TES , T rusted CAs to open the Tr u s t e d C A s screen. Click the details icon to open the T rusted CA Details screen. Use this screen to view in-depth information about the certification authority’ s certificate, ch ange the ce[...]

ZyAIR G-2000 Plus User’s Guide 229 Chapter 17 Certificates Figure 97 T rusted CA Details[...]

ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 230 The following table describes the labels in this screen. Table 72 T rusted CA Details LABEL DESCRIPTION Name This field displays the iden tifying name of this certificate. If you w ant to change the name, type up to 31 characters to identify this key cert ificat e. Y ou may use any charac[...]

ZyAIR G-2000 Plus User’s Guide 231 Chapter 17 Certificates Key Algorithm This field displays the type of algorithm that was used to generate th e certificate’s key p air (the ZyAIR uses R SA encryp tion) and the le ngth of the key set in bits (1024 bits for example). Subject Alternative Name This field displays the certificate’s ow ner‘s IP[...]

ZyAIR G-2000 Plus User’s Guide Chapter 18 Log Screen s 232 C HAPTER 18 Log Screens This chapter contains inform ation about configuring genera l log settings and viewing the ZyAIR’ s logs. Refer to the appendix for example log message explanations. 18.1 Configuring V iew Log The web confi gurator allows you to look at all of the ZyAIR’ s logs[...]

ZyAIR G-2000 Plus User’s Guide 233 Chapter 18 Log Screens 18.2 Configuring Log Settings T o change your ZyA IR’ s log settings, click the LOGS links under ADV ANCED and then the Log Settings tab. The screen appears as shown. Use the Log Settings screen to configure to where the ZyAIR is to send the logs; the schedule for when the ZyAIR is to se[...]

ZyAIR G-2000 Plus User’s Guide Chapter 18 Log Screen s 234 Figure 99 Log Settings[...]

ZyAIR G-2000 Plus User’s Guide 235 Chapter 18 Log Screens The following table describes the labels in this screen. Table 74 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and ale rt messages will not be s[...]

ZyAIR G-2000 Plus User’s Guide Chapter 18 Log Screen s 236 18.3 Configuring Report s The Reports p age displays which computers on the LAN send and receive the most traffic, what kinds of traffic a re used the most and whic h web sites are visited the most often. Use the Reports screen to have the ZyAIR record and di splay the following network u[...]

ZyAIR G-2000 Plus User’s Guide 237 Chapter 18 Log Screens Figure 100 Report s Note: Enabling the ZyAIR’ s reporting function decreases the overall throughput by about 1 Mbp s. The following table describes the labels in this screen. Table 75 Report s LABEL DESCRIPTION Report T ype Use the drop-down list box to select the type of reports to disp[...]

Note: All of the recorded report s data is e rased when you turn off the Z y AIR. ZyAIR G-2000 Plus User’s Guide Chapter 18 Log Screen s 238[...]

ZyAIR G-2000 Plus User’s Guide 239 Chapter 18 Log Screens[...]

ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 240 C HAPTER 19 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 19.1 Maintenance Overview The maintenanc e screens can help you view system inform a tion, upload new firmware, manage configuratio n and restart your ZyA[...]

ZyAIR G-2000 Plus User’s Guide 241 Chapter 19 Maintenance Figure 101 System S t atus The following table describes the labels in this screen. Table 76 System Status LABEL DESCRIPTION System Name This is the System Name you chose in th e first Internet Access Wizard screen. It is for identi fication purp oses Model Name The model name identifies y[...]

ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 242 19.2.1 System St atistics Read-only information here incl udes port status, packet specific statistics and bridge link status. Also provided are "system up time" and "poll interval(s)". The Poll Interval field is configurable. Figure 102 System S t atus: Show St atistic[...]

ZyAIR G-2000 Plus User’s Guide 243 Chapter 19 Maintenance Click MAINTENANCE , and then the DHCP T able tab. Read-only information here relates to your DHCP status. The DHCP table shows cu rrent DHCP Client information (including IP Address , Host Name and MAC Address ) of all network clients using the DHCP server . Figure 103 Maintenance DHCP T a[...]

ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 244 Figure 104 Association List The following table describes the labels in this screen. Table 79 Association List LABEL DESCRIPTION # This is th e index number of an associated wireless station. MAC Address This field displays the MAC address of an associated wireless station. Association T i[...]

ZyAIR G-2000 Plus User’s Guide 245 Chapter 19 Maintenance Figure 105 Firmware Upload The following table describes the labels in this screen. Table 80 Firmware Uplo ad LABEL DESCRIPTION File Path T ype in the locati on of the file yo u want to up load in this field or cl ick Browse ... to find i t. Browse... Click Browse.. . to find the .bin file[...]

ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 246 Figure 106 Firmware Upload In Process The ZyAIR automatically restarts in this tim e causing a temporary network discon nect. In some operating systems, you may see the following icon on your desktop. Figure 107 Network T emporarily Disconnecte After two minutes, log in again and check you[...]

ZyAIR G-2000 Plus User’s Guide 247 Chapter 19 Maintenance Figure 108 Firmware Upload Error 19.6 Configuration Screen See the Firmwar e and Configura tion File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE , and then the Configuration tab. Information related to factory defaults, backup co nfig[...]

ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 248 Figure 109 Configuration 19.6.1 Backup Configuration Backup configuration allows yo u to back up (sav e) the ZyAIR’ s current configuration to a file on your computer . Once your ZyAIR is co nfigured and functio ning properly , it is highly recommended tha t you back up your configuratio[...]

ZyAIR G-2000 Plus User’s Guide 249 Chapter 19 Maintenance After you see a “restore configuration successf ul” screen, you must then wa it one minute before logging into the ZyAIR again. Figure 1 10 Configuration Upload Successful The ZyAIR automatically restarts in this tim e causing a temporary network discon nect. In some operating systems,[...]

ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 250 Figure 1 12 Configuration Upload Error 19.6.3 Back to Factory Default s Pressing the Reset button in this section clears al l user-e ntered configuration information and returns the ZyAIR to its factory defaults as sh own on the screen. The following warning screen will appear . Figure 1 1[...]

ZyAIR G-2000 Plus User’s Guide 251 Chapter 19 Maintenance Figure 1 14 Rest art Screen[...]

ZyAIR G-2000 Plus User’s Guide Chapter 20 Intro ducing the SMT 252 C HAPTER 20 Introducing the SMT This chapter explains how to access and naviga te the System Management T erminal and gives an overview of its menus. 20.1 SMT Introduction The ZyAIR’ s SMT (System Manage ment T erminal) is a menu-driven interface that you can access from a termi[...]

ZyAIR G-2000 Plus User’s Guide 253 Chapter 20 Intro ducing the SMT Please note that if there is no activity for longer than five minutes after you log in, your ZyAIR will automatically log you out. Figure 1 16 Login Screen Enter Password : **** 20.3 Changing the System Password Change the ZyAIR default password by following the steps shown next. [...]

ZyAIR G-2000 Plus User’s Guide Chapter 20 Intro ducing the SMT 254 Figure 1 18 ZyAIR G-2000 Plu s SMT Menu Overview Example 20.5 Navigating the SMT Interface The SMT (System Manage ment T erminal) is the interface that you use to configure your ZyAIR. Several operations that you should be fam iliar with before you a ttempt to modify the configura[...]

ZyAIR G-2000 Plus User’s Guide 255 Chapter 20 Intr oducing the SMT After you enter the password, the SMT di splays the main menu, as shown next. Move to a “hidde n” menu Press [SP ACE BAR] to change No to Ye s then press [ENTER]. Fields beginning with “Ed it” lead to hidden menus and have a default setting of No . Press [SP ACE BAR] once [...]

ZyAIR G-2000 Plus User’s Guide Chapter 20 Intro ducing the SMT 256 Figure 1 19 ZyAIR G-2000 Plus SMT Main Menu Copyright (c) 1 994 - 2004 ZyXEL Communications Corp. ZyAIR G-2000PLUS Main Menu Getting Started Advanced Management 1. General Setup 21. Filter and Firewall S etup 2. WAN Setup 22. SNMP Configuration 3. LAN Setup 23. System Security 4. [...]

ZyAIR G-2000 Plus User’s Guide 257 Chapter 20 Intro ducing the SMT Change the ZyAIR default password by following the steps shown next. 1 Enter 23 in the main menu to display Menu 23 - System Securi ty as shown next. Figure 120 Menu 23: System Security Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x 2 Enter 23.1 in the[...]

ZyAIR G-2000 Plus User’s Guide Chapter 21 General Setup 258 C HAPTER 21 General Setup The chapter shows you th e information on gene ral setup. 21.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purpo ses. However , because some ISPs check th[...]

ZyAIR G-2000 Plus User’s Guide 259 Chapter 21 General Setup Figure 122 Menu 1 General Setup Menu 1 - General Setup System N ame= G-2000PLUS Domain N ame= First Sy stem DNS Server= From ISP IP Add ress= N/A Second S ystem DNS Server= From ISP IP Add ress= N/A Third Sy stem DNS Server= From ISP IP Add ress= N/A Edit Dyn amic DNS= No Press EN TER to[...]

ZyAIR G-2000 Plus User’s Guide Chapter 21 General Setup 260 21.1.2 Procedure to Configure Dynamic DNS Note: If you have a private W AN IP address, then you can not use Dynamic DNS T o configure Dynamic DNS, go to Menu 1 — General Setup and select Ye s in the Edit Dynamic DNS field. Press [ ENTER ] to display Menu 1.1— Configur e Dynamic DNS a[...]

ZyAIR G-2000 Plus User’s Guide 261 Chapter 21 General Setup Enable Wildcards Y our ZyAIR supports DYNDNS Wildcard. Press [SP ACE BAR] and the n [ENTER] to select Ye s or No This field is N/A when you choose DDNS client a s your service provider . Offline This field is only available when CustomDNS is selected in the DDNS T ype field. Press [SP AC[...]

ZyAIR G-2000 Plus User’s Guide Chapter 22 Menu 2 WAN Setup 262 C HAPTER 22 Menu 2 W AN Setup This chapter describes how to config ure the W AN using menu 2. 22.1 Introduction to W AN This chapter explains how to configure settings for your W A N port. 22.2 W AN Setup From the main menu, enter 2 to open menu 2. Figure 124 Menu 2 W AN Setup Menu 2 [...]

ZyAIR G-2000 Plus User’s Guide 263 Chapter 22 Menu 2 WAN Setup[...]

ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 264 C HAPTER 23 LAN Setup This chapter shows you h ow to configure wired Local Area Network (LAN) setti ngs on your ZyAIR. . 23.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup . Fr om the main menu, enter 3 to display menu 3. Figure 125 Menu 3 LAN Set[...]

ZyAIR G-2000 Plus User’s Guide 265 Chapter 23 LAN Setu p 23.2 Protocol Dependent Ethernet Setup Depending on the proto cols for your applications, yo u need to configure the respective Ethernet Setup, as outlined below . • For TCP/IP Ethernet setup refer to the Internet Access Application chapte r . • For bridging Ethernet setup refer to the [...]

ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 266 Use the instructions in the following table to configure TCP/IP parameters for the LAN port. Table 88 Menu 3.2: LAN TCP/IP Setup Fields FIELD DESCRIPTION TCP/IP Setup: IP Address Enter the IP address of your Zy AIR in dotted decimal notation IP Subnet Mask Y our ZyAIR will automatically cal[...]

ZyAIR G-2000 Plus User’s Guide 267 Chapter 23 LAN Setu p 23.3.1 IP Alias Setup IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface. The ZyAIR supports three logical LAN interfaces via its single physical Ethernet interface with the ZyAI R itself as the gate way for each LAN networ[...]

ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 268 Figure 129 Menu 3.2.1: IP Alias Setup Me nu 3.2.1 - IP Alias Setup IP Alias 1= No IP Add ress= N/A IP Sub net Mask= N/A RIP Di rection= N/A Vers ion= N/A Incomi ng protocol filters= N/A Outgoi ng protocol filters= N/A IP Alias 2= No IP Add ress= N/A IP Sub net Mask= N/A RIP Di rection= N/A [...]

ZyAIR G-2000 Plus User’s Guide 269 Chapter 23 LAN Setu p Figure 130 Menu 3.5 Wire less LAN Setup Me nu 3.5 - Wireless LAN Setup Enable Wireless LAN= Yes ESSID= Wireless Hide ESSID= No Edit MAC Address Filter= No Channel ID= CH06 2437MHz Edit Roaming Configuratio n= No RTS Threshold= 2432 Breathing LED= Yes Frag. Threshold= 2432 Preamble= Long WEP[...]

ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 270 23.4.1 Configurin g MAC Address Filter Y our ZyAIR checks the MAC address of the wirele ss station device against a lis t of allowed or denied MAC addresses. However , intruders could fake allowe d MAC addresses so MAC- based authentication is less secu re than EAP authentication. Follow th[...]

ZyAIR G-2000 Plus User’s Guide 271 Chapter 23 LAN Setu p 2 Enter 5 to display Menu 3.5 – Wir eles s LAN Setup . Figure 131 Menu 3.5 Wireless LAN Setup Men u 3.5 - Wireless LAN Setup Enable Wireless LAN= Yes ESSID= Wireless Hide ESSID= No Edit MAC Address Filter= Yes Channel ID= CH06 2437MHz Edit Roaming Configuratio n= No RTS Threshold= 2432 Br[...]

ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 272 Figure 132 Menu 3.5.1 WLAN MAC Address Filter Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter A ction= Allowed Association -------------------------- ----------------------------------------- ----------- 1= 00:00:00:00:00:00 13= 00:00:00:00:00:00 25= 00:00:00: 00:00:00 2= 00:00:00:00[...]

ZyAIR G-2000 Plus User’s Guide 273 Chapter 23 LAN Setup[...]

ZyAIR G-2000 Plus User’s Guide Chapter 24 In ternet Access 274 C HAPTER 24 Internet Access This chapter shows you how to config ure your ZyAIR for Internet access . 24.1 Introduction to Internet Access Setup Use information from your ISP along with the in st ructions in this chapter to set up your ZyAIR to access the Internet. There are three di [...]

ZyAIR G-2000 Plus User’s Guide 275 Chapter 24 Internet Access Figure 133 Men u 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= Ethernet Servic e Type= Standard My Log in= N/A My Pas sword= N/A Retype to Confirm= N/A Login Server= N/A Relogi n Every (min)= N/A IP Addre ss Assignment= Dynamic IP Add ress= N/A IP Sub net Mask= N[...]

ZyAIR G-2000 Plus User’s Guide Chapter 24 In ternet Access 276 24.3 Configuring the PPTP Client Note: T he ZyAIR supports only one PP TP server connection at any given time T o configure a PP TP client, you must configure the My Login and Password fields for a PPP connection and the PP TP parame ters for a PP TP connection. After configuring My L[...]

ZyAIR G-2000 Plus User’s Guide 277 Chapter 24 Internet Access Figure 134 Internet Access Setup (PPTP) Men u 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= PPTP Servic e Type= N/A My Log in= My Pas sword= ******** Retype to Confirm= ******** Idle T imeout= 100 IP Addre ss Assignment= Dynamic IP Add ress= N/A IP Sub net Mask= [...]

ZyAIR G-2000 Plus User’s Guide Chapter 24 In ternet Access 278 Figure 135 Men u 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= PPPoE Servic e Type= N/A My Log in= My Pas sword= ******** Retype to Confirm= ******** Idle T imeout= 100 IP Addre ss Assignment= Dynamic IP Add ress= N/A IP Sub net Mask= N/A Gatewa y IP Address= N/[...]

ZyAIR G-2000 Plus User’s Guide 279 Chapter 24 Internet Access[...]

ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 280 C HAPTER 25 Remote Node Configuration This chapter covers remo te node configuration. 25.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gatewa y . A remote node represents both the remote gateway an d the network behind it across[...]

ZyAIR G-2000 Plus User’s Guide 281 Chapter 25 Remote Node Configu r ation Figure 136 Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes ISP= No Apply Alias= None Encapsulation= Ethernet Edit IP= No Service Type= Standard Session Options: Service Name= N/A Edit Filter Sets= No Outgoing: My Login= N/A My Password= N/A Ret[...]

ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 282 25.2.2 PPPoE Encap sulation The ZyAIR supports PPPoE (Point-t o-Point Protocol over Ethern et). Y ou can only use PPPoE encapsulation when you’re using the ZyAIR with a DSL modem as the W AN device. If you change the Encapsulation to PPPoE, then you will see the next scre[...]

ZyAIR G-2000 Plus User’s Guide 283 Chapter 25 Remote Node Configu r ation Figure 137 Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes ISP= No Apply Alias= None Encapsulation= PPPoE Edit IP= No Service Type= Standard Telco Option: Service Name= Allocated Budget(min)= 0 Outgoing: Period(hr)= 0 My Login= Schedules= My Pa[...]

ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 284 The following table describes the fields not already described in see T a ble 95 . Table 96 Fields in Menu 11.1 (PPPo E Encapsulation Specific) FIELD DESCRIPTION Service Name If you are usin g PPPoE encapsulation, then type the name of your PPPoE service here. Only valid wi[...]

ZyAIR G-2000 Plus User’s Guide 285 Chapter 25 Remote Node Configu r ation Figure 138 Menu 11.1 - Re mote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes ISP= No Apply Alias= None Encapsulation= PPTP Edit IP= No Service Type= Standard Telco Option: Service Name= N/A Allocated Budget(min)= 0 Outgoing: Period(hr)= 0 My Login= Schedules= M[...]

ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 286 Figure 139 Menu 1 1.3 Remote Node Network Layer Op tions for Ethernet Encapsulation Menu 11.3 - Remote Node Network Layer Options IP Addre ss Assignment= Dynamic Rem IP A ddr= N/A Rem Subn et Mask= N/A My WAN A ddr= N/A Network Address Translation= SUA Only Metric= 1 Privat[...]

ZyAIR G-2000 Plus User’s Guide 287 Chapter 25 Remote Node Configu ration 25.4 Remote Node Filter Move the cu rsor to the field Edit Filter Sets in menu 1 1.1, and then press [SP ACE BAR] to set the value to Ye s . Pre ss [ENTER] to open Menu 1 1.5 - Remote Node Filter . Use menu 11.5 to specify the filter set(s) to apply to the incomi ng and outg[...]

ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 288 Figure 140 M Menu 11.5 - Remote Node Filt er Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: enu 1 1.5: Remote Node Filter (Ethernet Encap sulation) Figure 141 Menu 11.5 - Rem[...]

ZyAIR G-2000 Plus User’s Guide 289 Chapter 25 Remote Node Configu ration[...]

ZyAIR G-2000 Plus User’s Guide Chapter 26 Static Route Setup 290 C HAPTER 26 S t atic Route Setup This chapter shows how to setup IP static routes. 26.1 IP S tatic Route Setup T o configure an IP static route, use Menu 12 – S tatic Routing Setup (shown next). Figure 142 Menu 12 IP S tatic Route Setup Menu 1 2 - IP Static Route Setup 1. ________[...]

ZyAIR G-2000 Plus User’s Guide 291 Chapter 26 Static Route Setup Figure 143 Menu12.1 Edit IP S tatic Route Menu 12.1 - Edit IP Static R oute Route #: 1 Route Name= ? Active= No Destination IP Addr ess= ? IP Subnet Mask= ? Gateway IP Address= ? Metric= 2 Private= No Press ENTER to Confirm or ES C to Cancel: The following table describes the fields[...]

ZyAIR G-2000 Plus User’s Guide Chapter 27 Dial-in User Setup 292 C HAPTER 27 Dial-in User Setup This chapter shows you how to cr eate user accounts on the ZyAIR. 27.1 Dial-in User Setup By storing user profiles locally , your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server . Follow the steps below to [...]

ZyAIR G-2000 Plus User’s Guide 293 Chapter 27 Dial-in User Setu p Figure 145 Menu 14.1- Edit Dial-in User Menu 14.1 - Edit Dial-in User User Nam e= tester one Active= Yes Password = ******** Leave name f ield blank to delete profile The following table describes th e fields in this screen. Table 100 Menu 14.1- Edit Dia l-in User FIELD DESCRIPTION[...]

ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 294 C HAPTER 28 Network Address T ranslation (NA T) This chapter discusses how to configure NA T on the ZyAIR. 28.1 Using NA T Note: Y ou must create a firewall rule in addition to setting up SUA/NA T , to allow traffic from the W AN to be forwarded through the ZyAIR 28.1[...]

ZyAIR G-2000 Plus User’s Guide 295 Chapter 28 Network Addr ess Translation (NAT) Figure 146 Menu 4 Applying NA T for Internet Access Menu 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= Ethernet Servic e Type= Standard My Log in= N/A My Pas sword= N/A Retype to Confirm= N/A Login Server= N/A Relogi n Every (min)= N/A IP Addre[...]

ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 296 Figure 147 Menu 11.3 - Remote Node Network Layer Options IP Addre ss Assignment= Dynamic IP Addre ss= N/A IP Subne t Mask= N/A Gateway IP Addr= N/A Network Address Translation= SUA Only Metric= 1 Private= N/A RIP Dire ction= None Versio n= N/A Multicas t= None Enter h[...]

ZyAIR G-2000 Plus User’s Guide 297 Chapter 28 Network Addr ess Translation (NAT) Figure 148 Menu 15 - NAT Setup 1. Address Mappin g Sets 2. Port Forwardin g Setup 3. Trigger Port S etup Enter Menu Selection Number: Menu 15 NA T Setup 28.3.1 Address Mapping Set s Enter 1 to bring up Menu 15.1 — Addr ess Mapping Sets . Figure 149 Menu 15.1 Addr e[...]

ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 298 Figure 150 Menu 15.1.255 SUA Address Mapping Rule s Menu 15.1 .255 - Address Mapping Rules Set Name= SUA Idx Local Start IP Local E nd IP Global Start IP Global End IP Type --- -------------- ------- -------- --------------- --------------- ------ 1. 0.0.0.0 255.255 .[...]

ZyAIR G-2000 Plus User’s Guide 299 Chapter 28 Network Addr ess Translation (NAT) Figure 151 Menu 15.1.1 - Address Mappin g Rules Set Name= NAT_SET Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- -------------- ---- ----------- --------------- ------ 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Action= E dit Select Rule= P[...]

Note: Y ou must press [ENTER] at the bottom of the screen to save the whole set. Y ou must do this again if you make any changes to the set – including deleting a rule. No changes to the set take place u ntil this action is taken ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 300 Selecting Edit in the Action field a[...]

ZyAIR G-2000 Plus User’s Guide 301 Chapter 28 Network Addr ess Translation (NAT) 28.4 Configuring a Server behind NA T Follow these steps to config ure a server behind NA T : 1 Enter 15 in the main menu to go to Menu 15 - NA T Setup. 2 Enter 2 to display Menu 15.2 - NA T Server Setup as shown next. Figure 153 Menu 15.2 - NAT Server Setup Rule Sta[...]

ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 302 Figure 154 Multiple Servers Behind NA T Example 28.5 General NA T Examples The following are some exam ples of NA T configuration. 28.5.1 Example 1: Internet Access Only In the following Internet access example, you onl y need one rule where the ILAs (Inside Local Add[...]

ZyAIR G-2000 Plus User’s Guide 303 Chapter 28 Network Addr ess Translation (NAT) Figure 155 NA T Examp le 1 Figure 156 Menu 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= Ethernet Servic e Type= Standard My Log in= N/A My Pas sword= N/A Retype to Confirm= N/A Login Server= N/A Relogi n Every (min)= N/A IP Addre ss Assignment[...]

ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 304 Figure 157 NA T Exam ple 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NA T as shown in the next figure. Figure 158 Menu 15.2.1 S pecifying an Inside Server Men[...]

ZyAIR G-2000 Plus User’s Guide 305 Chapter 28 Network Addr ess Translation (NAT) 4 Y ou also map your third IGA to th e web server and mail server on the LAN. T ype Server allows you to specify multiple servers, of different t ypes, to other computers behind NA T on the LAN. The exampl e situation lo oks somewhat like this: Figure 159 NA T Exam p[...]

ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 306 Figure 160 Menu 11.3 - Remote Node Network Layer Options IP Addre ss Assignment= Dynamic IP Addre ss= N/A IP Subne t Mask= N/A Gateway IP Addr= N/A Network Address Translation= Full Feature Metric= 1 Private= N/A RIP Dire ction= None Versio n= N/A Multicas t= None Ent[...]

ZyAIR G-2000 Plus User’s Guide 307 Chapter 28 Network Addr ess Translation (NAT) Figure 161 Example 3: Menu 15.1.1.1 Menu 15.1.1.1 Address Mappin g Rule Type= One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= 10.132.50.1 End = N/A Press ENTER to Confirm or ES C to Cancel: Press Space Bar to Toggle. Figure 162 Example 3: Final M[...]

ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 308 Figure 163 Example 3: Menu 15.2 Menu 15. 2 - NAT Server Setup Rule Start Port N o. End Port No. IP Address ------------------- -------------------------------- 1. Default Default 0.0.0.0 2. 80 80 192.168.1.21 3. 25 25 192.168.1.20 4. 0 0 0.0.0.0 5. 0 0 0.0.0.0 6. 0 0 [...]

ZyAIR G-2000 Plus User’s Guide 309 Chapter 28 Network Addr ess Translation (NAT) Figure 164 NA T Examp le 4 Note: Other applications such as some gaming programs are NA T unfriendly because they embed addressing information in the data str eam. These applications won’t work through NA T even when using One-to-One a nd Many-to-Many No Overload m[...]

ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 310 Figure 166 Example 4: Menu 15.1.1 Addre ss Mapping Rules Menu 15.1.1 - Address Mappin g Rules Set Name= Example4 Idx Local Start IP Local E nd IP Global Start IP Global End IP T ype --- -------------- ------- ------- --------------- --------------- - ----- 1. 192.168.[...]

ZyAIR G-2000 Plus User’s Guide 311 Chapter 28 Network Addr ess Translation (NAT) Figure 167 Menu 15.3 T rigger Port Setup Menu 15.3 - Trigger Po rt Setup Incoming Trigger Rule Name St art Port End Port Start Port End Po rt -------------------------- ----------------------------------------- --- 1. Real Audio 6970 7170 7070 707 0 2. 0 0 0 0 3. 0 0[...]

ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 312 C HAPTER 29 Filter Configuration This chapter shows you how to create and apply filters. 29.1 Introduction to Filters Y our ZyAIR uses filters to decide whether to allo w passage of a data packet and/or to make a call. There are two types of filter applications : data filtering an[...]

ZyAIR G-2000 Plus User’s Guide 313 Chapter 29 Filter Configuration 29.1.1 The Filter Structure of the ZyAIR A filter set consists of one or more filter rules. Usually , you would group related rules, e.g., all the rules for NetBIOS, into a single set and gi ve it a descriptive name. The ZyAIR allows you to configure up to twelve filter sets with [...]

ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 314 Figure 169 Filter Rule Process Y ou can apply up to four filter sets to a particular port to block multiple types of packets. W ith each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. 29.2 Configuring a Filter Set The ZyAIR includes[...]

ZyAIR G-2000 Plus User’s Guide 315 Chapter 29 Filter Configuratio n Figure 170 Menu 21: Filter and Firewa ll Setup Menu 21 - Filter and Firewal l Setup 1. Filter Setup 2. Firewall Setup Enter Menu Selection Number: 2 Enter 1 to bring up the following menu. Figure 171 Menu 21.1: Filter Set Configuration Men u 21.1 - Filter Set Configuration Filter[...]

ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 316 The protocol dependent filter rules abbreviation are listed as follows: Table 107 Rule Abbreviations Used ABBREVIA TION DESCRIPTION IP Pr Protocol SA Source Address SP Source Port number DA Destination Address DP Destination Port number GEN Off Of fset Len Length Refer to the next[...]

ZyAIR G-2000 Plus User’s Guide 317 Chapter 29 Filter Configuratio n 29.2.2 Configuring a TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fiel ds in the IP and the upper layer protocol, for example, UDP and TCP headers. T o configure TCP/IP rules, select TCP/IP Filter [...]

ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 318 Port # Enter th e destination port of the p ackets that you wi sh to filter . The range of th is field is 0 to 65535. This field is ign ored if it is 0. 0-65535 Port # Comp Press [SP ACE BAR] and then [ENTER] to select the comparison to apply to the destination port in the packet [...]

ZyAIR G-2000 Plus User’s Guide 319 Chapter 29 Filter Configuratio n The following figure illustrates th e logic flow of an IP filter . Figure 173 Executing an IP Filter 29.2.3 Configuring a Generic Filter Rule This section shows y ou how to configure a gen e ri c filter rule. The purpose of generic rules is to allow you to filter non-IP packets. [...]

ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 320 For generic rules, the ZyAIR treats a packet as a byte stream as opposed to an IP or IPX packet. Y ou specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes. The ZyAIR applies th e Mask (bit-wise ANDing) to the data portion before [...]

ZyAIR G-2000 Plus User’s Guide 321 Chapter 29 Filter Configuratio n 29.3 Example Filter Let’ s look at an example to block outsid e users from accessing the ZyAIR via te lnet. Figure 175 T elnet Filter Examp le 1 Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup . 2 Enter 1 to open Menu 21.1 - Filter Set Configuration . 3 [...]

ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 322 5 Press [ENTER] at the message [Press EN TER to confirm] to open Menu 21.1.3 - Filter Rules Summary 6 Enter 1 to configure the first filter rule (the only f ilter rule of this set). Make the entries in this menu as shown in the following figure. Figure 176 Example Filter: Menu 21 [...]

ZyAIR G-2000 Plus User’s Guide 323 Chapter 29 Filter Configuratio n Figure 177 Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- ------------------ --------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F 2 N 3 N 4 N 5 N 6 N Enter Filt er Rule Number (1-6) to Configure: Example Filter Ru[...]

ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 324 Figure 178 Protocol and Device Filter Set s 29.5 Firewall V ersus Filters Firewall configuration is discussed in the fir ewall chapters of this manual. Further comparisons are also made between filtering, NA T and the firewall. 29.6 Applying a Filter This section shows you where t[...]

ZyAIR G-2000 Plus User’s Guide 325 Chapter 29 Filter Configuratio n Figure 179 Filtering LAN T raffic Menu 3.1 - LAN Port Filter S etup Input Filter Set s: protocol filte rs= device filte rs= Output Filter Se ts: protocol filte rs= device filte rs= Press ENTER to Confirm or ES C to Cancel: 29.6.2 Applying Re mote Node Filters Go to menu 1 1.5 (sh[...]

ZyAIR G-2000 Plus User’s Guide Chapter 30 Enablin g the Firewall 326 C HAPTER 30 Enabling the Firewall This chapter shows you how to get started with the ZyAIR firewall. 30.1 Remote Management and the Firewall When SMT menu 24.1 1 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: • The firewall b[...]

ZyAIR G-2000 Plus User’s Guide 327 Chapter 30 Enablin g the Firewall Figure 181 Menu 21.2 Firewa ll Setup M enu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks w hen it is active. Your network is vulner able to attacks when the firewall is turn ed off. Refer to the User's Gu ide for details about the firew[...]

ZyAIR G-2000 Plus User’s Guide Chapter 31 SNMP Configuration 328 C HAPTER 31 SNMP Configuration This chapter explains SNMP Configuratio n menu 22. 31.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging man agement information between network devices. SNMP is a member of the TCP/IP pro tocol suite. Y our ZyAIR support[...]

ZyAIR G-2000 Plus User’s Guide 329 Chapter 31 SNMP Configuration The managed devices cont ain object variables/ managed objects that define each piece of information to be collected ab out a device. Examples of vari ables include the number of packets received, node port status etc. A Ma nagement Information Ba se (MIB) is a collection of managed[...]

ZyAIR G-2000 Plus User’s Guide Chapter 31 SNMP Configuration 330 Figure 183 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.0.0.0 Trap: Community= public Destination= 0.0.0.0 Press ENTER to Confirm or ES C to Cancel: The following table describes the SNMP configuration para[...]

ZyAIR G-2000 Plus User’s Guide 331 Chapter 31 SNMP Configuration The following table maps the physical port and encapsulation to the interface type, Table 112 Ports and Inte rface Types PHYSICAL PORT/ENCAP INTERFACE TYPE WLAN enif0 Ethernet port enif0 WA N enif1 4 authenticationFailure ( de fined in RFC-1215 ) A trap is sent to the manage r when [...]

ZyAIR G-2000 Plus User’s Guide Chapter 32 Sy stem Security 332 C HAPTER 32 System Security This chapter describes how to configur e the system security on the ZyAIR. 32.1 System Security Y ou can configure the system password, an exte rnal RADIUS server and 802.1x in this menu. 32.1.1 System Password Figure 184 Menu 23 System Security Menu 23 - S[...]

ZyAIR G-2000 Plus User’s Guide 333 Chapter 32 System Security Figure 185 Menu 23 System Security Menu 23 - Sy stem Security 1. Change Passwo rd 2. RADIUS Server 4. IEEE802.1x Enter Menu Selection Number: From Menu 23- System Security , enter 2 to display Menu 23.2 – System Secu rity – RADIUS Server as show n next. Figure 186 Menu 23.2 System [...]

ZyAIR G-2000 Plus User’s Guide Chapter 32 Sy stem Security 334 32.1.3 802.1x The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless stations and en cryption key managemen t. Follow the steps below to enable EA P authentication on your ZyAIR. 1 From the main menu, enter 23 to display Menu23 – System S[...]

ZyAIR G-2000 Plus User’s Guide 335 Chapter 32 System Security Figure 188 Menu 23.4 System Security : IEEE802.1x Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in secon d)= 3600 Key Management Protoco l= 802.1x Dynamic WEP Key Exchan ge= 128-bit WEP PSK[...]

ZyAIR G-2000 Plus User’s Guide Chapter 32 Sy stem Security 336 Once you enable user authenticatio n, you need to specify an exte rnal RADIUS server or create local user accounts on th e ZyAIR for authentication Dynamic WEP Key Exchange This field is activated only when you sele ct Authentication Required in the Wireless Port Control field. Also s[...]

ZyAIR G-2000 Plus User’s Guide 337 Chapter 32 System Security[...]

ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 338 C HAPTER 33 System Information and Diagnosis This chapter covers the information and diag nostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status , port status, log and trace capabiliti es and upgrades for the system software. This chapte r[...]

ZyAIR G-2000 Plus User’s Guide 339 Chapter 33 System Information and Diagnosis Figure 190 Menu 24.1 System Maintenan ce : St atus Menu 24.1 - System Mainte nance - Status 00:55:58 Sat. Ja n. 01, 2000 Port Status TxPkts RxPkts Cols Tx B/s Rx B/s Up Time WAN Down 0 0 0 0 0 0:00:00 LAN 100M/Full 193 0 0 0 0 0:55:56 WLAN 54M 45 272 0 0 0 0:55:56 Port[...]

ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 340 33.2 System Information T o get to the System Information: 1 Enter 24 to display Menu 24 – System Maintenance . 2 Enter 2 to display Menu 24.2 – System Information and Con sole Port Speed . 3 From this menu you have two ch oices as shown in the ne xt figure: Figure[...]

ZyAIR G-2000 Plus User’s Guide 341 Chapter 33 System Information and Diagnosis 33.2.2 Console Port Speed Y ou can set up different port speeds for the console port through Menu 24.2. 2 – System Maintenance – Console Port Speed . Y our ZyAIR supports 9600 (default), 1920 0, 38400, 57600 and 1 15200 bps console port speeds. Press [ SP ACE BAR ][...]

ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 342 Figure 194 Menu 24.3 System Maintenan ce : Log and T race Menu 24.3 - Sy stem Maintenance - Log and Trace 2. Syslo g Logging 4. Call- Triggering Packet 33.3.2 UNIX Syslog The ZyAIR uses the UNIX syslog facility to l og the CDR (Call Detail Record) and system messages t[...]

ZyAIR G-2000 Plus User’s Guide 343 Chapter 33 System Information and Diagnosis 33.3.2.1 CDR SdcmdSyslogSend ( SYSLOG_CDR , SYSLOG_INFO, String); String = board xx line xx ch annel xx, call xx, str board = the hardware board I D line = the WAN ID in a board Channel = channel ID within the WAN call = the call refer ence number which starts from 1 a[...]

ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 344 33.3.2.3 Filter log Filter log Message Format SdcmdSyslogSend(SYSLOG_FILLO G, SYSLOG_NOTICE, String ); String = IP[Src=xx.xx.xx.xx Dst=xx.xx.xx.xx prot spo=xxxx dpo=xxxx] S04>R01mD IP[…] is the packet header and S04>R01mD means filte r set 4 (S) and rule 1 (R),[...]

ZyAIR G-2000 Plus User’s Guide 345 Chapter 33 System Information and Diagnosis 33.3.2.5 Firewall log Firewall Log Message Format SdcmdSyslogSend(SYSLOG_FIREW ALL, SYSLOG_NOTICE, buf); buf = IP[Src=xx.xx.xx.xx : s po=xxxx Dst=xx.xx.xx.xx : dpo=xxxx | pro t | rule | action] Src: Source Address spo: Source port (empty mean s no source port informati[...]

ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 346 Figure 196 IP Frame: ENET0-RECV Size: 44/ 44 Time: 17:02:44.262 Frame Type: IP Header: IP Version = 4 Header Length = 20 Type of Service = 0x00 (0) Total Length = 0x002C (44) Identification = 0x0002 (2) Flags = 0x00 Fragment Offset = 0x00 Time to Live = 0xFE (254) Prot[...]

ZyAIR G-2000 Plus User’s Guide 347 Chapter 33 System Information and Diagnosis 2 From this menu , type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic . Menu 24.4 System Maintenance : Di agnostic Menu 24.4 - System Maintenance - Diagnostic TCP/IP 1. Pin g Host 2. WAN DHCP Release 3. WAN DHCP Renewal 4. Int ernet Setup Test S[...]

ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 348 W AN D HCP Renewal Get a new IP address from the DHCP server . Reboot System Reboot the ZyAIR. Host IP Address If you typed 1 to Ping Host, now type t he address of the computer you want to ping. Table 118 Menu 24.4 System Main tenance Menu: Diagnostic FIELD DESCRIPTIO[...]

ZyAIR G-2000 Plus User’s Guide 349 Chapter 33 System Information and Diagnosis[...]

ZyAIR G-2000 Plus User’s Guide Chapter 34 Firm ware and Configuration File Maintenance 350 C HAPTER 34 Firmware and Configuration File Maintenance This chapter tells y ou how to backup and restor e your configuration file as well as upload new firmware and configuratio n files using the SMT screens. 34.1 Filename Conventions The configuration fil[...]

ZyAIR G-2000 Plus User’s Guide 351 Chapter 34 Firmw are and Configu ration File Mainten ance The following table is a summary . Please note that the internal filename refe rs to the filename on the ZyAIR and the external f ilename refers to the filename not on the ZyAIR, that is, on your computer , local network or FTP site and so the name (but n[...]

ZyAIR G-2000 Plus User’s Guide Chapter 34 Firmwa re and Configuration F ile Maintenance 352 Figure 198 Menu 24.5 Bac kup Configuration Menu 24.5 – Backup Configura tion To transfer the configuratio n file to your workstation, follow the p rocedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP ad dress [...]

ZyAIR G-2000 Plus User’s Guide 353 Chapter 34 Firmw are and Configu ration File Mainten ance Figure 199 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.1 0Seconds 2[...]

ZyAIR G-2000 Plus User’s Guide Chapter 34 Firm ware and Configuration File Maintenance 354 34.2.5 Backup Configuration Using TFTP The ZyAIR supports the up/down loading of th e firmware and the configuration file using TFTP (T rivial File T ransfer Protocol) over LA N. Although TFTP should work over W AN as well, it is not recommended. T o use TF[...]

ZyAIR G-2000 Plus User’s Guide 355 Chapter 34 Firmw are and Configu ration File Mainten ance 34.2.7 GUI-based TFTP Client s The following table describes some of the fields that you may see in third party TFTP clients. Table 121 General Commands for Th ird Party TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyAIR. 192.168.1.2 [...]

ZyAIR G-2000 Plus User’s Guide Chapter 34 Firmwa re and Configuration F ile Maintenance 356 Figure 200 Menu 24.6 Restore Co nfiguration Menu 24 .6 – Restore Configuration To transfer the firmware and the configuration file, follow the proce dure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP ad dress of[...]

ZyAIR G-2000 Plus User’s Guide 357 Chapter 34 Firmw are and Configu ration File Mainten ance 34.4 Uploading Firmware and Configuration Files Menu 24.7 – System Maintenance – Upload Firmware allows you to upgrade the firmware and the configuration file. Note: W ARNING! PLEASE W AIT A FEW MINUTES FOR THE ZY AIR T O REST ART AFTER FIRMW ARE OR C[...]

ZyAIR G-2000 Plus User’s Guide Chapter 34 Firmwa re and Configuration F ile Maintenance 358 Figure 203 Menu 24.7.1 System Maintena nce : Upload System Firmware Menu 24.7.1 - Sy stem Maintenance - Upload System Firmwar e To upload the system firmwar e, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open&quo[...]

ZyAIR G-2000 Plus User’s Guide 359 Chapter 34 Firmw are and Configu ration File Mainten ance 4 Enter “root” and your SMT password as requested. The default is 1234. 5 Enter “bin” to set transfer mode to binary . 6 Use “put” to transfer files from the computer to the ZyAIR, e.g., put firmware.bin ras transfers the firmware on your comp[...]

ZyAIR G-2000 Plus User’s Guide Chapter 34 Firm ware and Configuration File Maintenance 360 5 Use the TFTP client (see the example below) to transfer files between the ZyAIR and the computer . The file name for the firmware is “ras ” and the configuration file is “rom-0” (rom-zero, not capital o). Note that the telnet co nnection must be a[...]

ZyAIR G-2000 Plus User’s Guide 361 Chapter 34 Firmw are and Configu ration File Maint enance[...]

ZyAIR G-2000 Plus User’s Guide Chapter 35 System Maintenance and Information 362 C HAPTER 35 System Maintenance and Information This chapter leads you through SM T menus 24.8 and 24.10. 35.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the ma in system firmware. The CI provides much of the same functionality as the SMT , whi[...]

ZyAIR G-2000 Plus User’s Guide 363 Chapter 35 System Mainten ance and Information Figure 206 Menu 24 System Maintenan c e Me nu 24 - System Maintenance 1. System Status 2. System Information and Console Port Spee d 3. Log and Trace 4. Diagnostic 5. Backup Configuration 6. Restore Configuration 7. Upload Firmware 8. Command Interpreter Mode 9. Cal[...]

ZyAIR G-2000 Plus User’s Guide Chapter 35 System Maintenance and Information 364 Figure 208 Menu 24.9 System Maintenance : Call Control Menu 24.9 - System Main tenance - Call Control 1. Budget Manageme nt 2. Call History Enter Menu Selectio n Number: 35.2.1 Budget Management Menu 24.9.1 shows the budget management st atistics for outgoing calls. [...]

ZyAIR G-2000 Plus User’s Guide 365 Chapter 35 System Mainten ance and Information Figure 210 Menu 24.9.2 - Call History M enu 24.9.4 - Call History Phone Number Dir Rate #call Max Min Total 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Ente r Entry to Delete(0 to exit): The following table describes the fields in this menu. Table 123 Call History Fields FIELD D[...]

ZyAIR G-2000 Plus User’s Guide Chapter 35 System Maintenance and Information 366 Figure 21 1 Menu 24.10 System Maint e nance : T ime and Date Setting Menu 24.10 - S ystem Maintenance - Time and Date Setting Time Protocol= Man ual Time Server Addres s= N/A Current Time: 01 : 00 : 37 New Time (hh:mm:ss ): 01 : 00 : 34 Current Date: 2000 - 01 - 01 N[...]

ZyAIR G-2000 Plus User’s Guide 367 Chapter 35 System M aintenance and Information 35.3.1 Resetting the T ime The ZyAIR resets the time in three instances: 1 On leaving menu 24.10 after making changes. 2 When the ZyAIR starts up, if there is a timeserver configured in menu 24.10. 3 24-hour intervals after starting.[...]

ZyAIR G-2000 Plus User’s Guide Chapter 36 Remo te Management 368 C HAPTER 36 Remote Management This chapter covers remote ma nagement (SMT menu 24.1 1). 36.1 Remote Management Remote management allows you to determ ine which services/protocols can access which ZyAIR interface (if any) from which computers. Y ou may manage your ZyAIR from a remote[...]

ZyAIR G-2000 Plus User’s Guide 369 Chapter 36 Remote Manageme nt Figure 212 Menu 24 .11 - Remote Management Control TELNET Server: Port = 23 Access = LAN only Secu re Client IP = 0.0.0.0 FTP Server: Port = 21 Access = LAN only Secu re Client IP = 0.0.0.0 Web Server: Port = 80 Access = LAN only Secu re Client IP = 0.0.0.0 SNMP Service: Port = 161 [...]

ZyAIR G-2000 Plus User’s Guide Chapter 36 Remo te Management 370 Figure 213 T elnet Configuration on a TCP/IP Network 36.1.2 FTP Y ou can upload and download Zy AIR firmware an d configuration files using FTP . T o use this feature, your computer must have an FTP client. 36.1.3 We b Y ou can use the ZyAIR’ s embedde d web configur ator for conf[...]

ZyAIR G-2000 Plus User’s Guide 371 Chapter 36 Remote Manag ement • Use the ZyAIR’ s W AN IP address when configuring from the W AN. • Use the ZyAIR’ s LAN IP address when configuring from the LAN. 36.3 System T imeout There is a system timeout of five minutes (300 seconds) for T eln et/web/FTP co nnections. Y our ZyAIR will automatically [...]

ZyAIR G-2000 Plus User’s Guide Chapter 37 Call Scheduling 372 C HAPTER 37 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulati on only) allows you to dictate when a remote node should be called and for how long. 37.1 Introduction to Call Scheduling The call scheduling feature allows the ZyAIR to manage a remote no de and dic[...]

ZyAIR G-2000 Plus User’s Guide 373 Chapter 37 Call Scheduling T o setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.1 — Schedule Set Setup as shown next. Figure 215 Menu 26.1 Schedule Set Setup Active= Yes Start Date(yyyy-mm -dd)= 2000 - 01 - 01 How Often= Once Once: Date(yyyy-m[...]

ZyAIR G-2000 Plus User’s Guide Chapter 37 Call Scheduling 374 Once your schedule sets are conf igured, yo u must then apply them to the desired remote node(s). Enter 1 1 from the Main Menu and then enter the tar get remote node index. Using [SP ACE BAR] , select PPPoE or PPPoA in the Encapsulation field and then press [ENTER] to make the schedule[...]

ZyAIR G-2000 Plus User’s Guide 375 Chapter 37 Call Scheduling[...]

ZyAIR G-2000 Plus User’s Guide Appendix A 376 Appendix A T roubleshooting This appendix covers poten tial problems and possible re medies. After each problem description, some instructions ar e provided to help you to diag nose and to solve the problem. Problems St arting Up the ZyAIR Problems with the Ethernet Interface Table 127 Troubleshooting[...]

ZyAIR G-2000 Plus User’s Guide 377 Appendix A Problems with the Password Problems with T elnet Problems with the WLAN Interface Table 129 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the ZyAIR. The Password and Username fields are case-sensitive. Make sure that you enter the correct password and username using the proper[...]

ZyAIR G-2000 Plus User’s Guide Appendix B 378 Appendix B Brute-Force Password Guessing Protection The following describes the commands for enablin g, disabling and configuring the brute-force password guessing protect ion m echanism for the password. See Appendix F for information on the command structure. Table 132 Brute-Force Pas sword Gu essin[...]

ZyAIR G-2000 Plus User’s Guide 379 Appendix B[...]

ZyAIR G-2000 Plus User’s Guide Appendix C 380 Appendix C Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed. W indows 95/98/Me/NT/2000/XP , Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use [...]

ZyAIR G-2000 Plus User’s Guide 381 Appendix C Figure 217 WIndows 95/98 /Me: Networ k: Configu ration Inst alling Component s The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks. If you need the adapter: 1 In the Network window , click Ad[...]

ZyAIR G-2000 Plus User’s Guide Appendix C 382 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect. Configuring 1 In the Network window Configuration tab, select your network adapter' s TCP/IP[...]

ZyAIR G-2000 Plus User’s Guide 383 Appendix C Figure 219 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know you r gateway’ s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add . 5 Click OK to save and close t[...]

ZyAIR G-2000 Plus User’s Guide Appendix C 384 Figure 220 Windows XP: S tar t Menu 2 For W indows XP , click Network Connections . For W indows 2000/NT , click Network and Dial-up Connections . Figure 221 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .[...]

ZyAIR G-2000 Plus User’s Guide 385 Appendix C Figure 222 Windows XP: Control Panel: Network Connections: Proper ties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and click Properties . Figure 223 Windows XP: Local Area Conne ction Properties 5 The Internet Pr otocol TCP/IP Properties window opens (the General tab in W i[...]

ZyAIR G-2000 Plus User’s Guide Appendix C 386 • If you have a static IP address click Use the following IP Address and fill in the IP addr ess , Subnet mask , and Default gateway fields. Click Advanced . Figure 224 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address , remove any previously installed gateways[...]

ZyAIR G-2000 Plus User’s Guide 387 Appendix C • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es ). • If you know your DNS server IP address(es), click Use the following DNS server addresses , and type them in the Pr eferred DNS server and Alternate DNS server fields. If you have previously config[...]

ZyAIR G-2000 Plus User’s Guide Appendix C 388 Figure 226 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 227 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configur e: list.[...]

ZyAIR G-2000 Plus User’s Guide 389 Appendix C 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your ZyAIR in the Router address box. 5 Close the TCP/IP Contr ol Pane[...]

ZyAIR G-2000 Plus User’s Guide Appendix C 390 Figure 229 Macintosh O S X: Netw ork 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your ZyAIR in the Router address [...]

ZyAIR G-2000 Plus User’s Guide 391 Appendix C[...]

ZyAIR G-2000 Plus User’s Guide Appendix D 392 Appendix D IP Address Assignment Conflict s This appendix describes situations where IP address conflicts may occur . Subscribers with duplicate IP addresses will not be able to access the Internet. Case A: The ZyAIR is using the same LAN and W AN IP addresses The following figure shows an example whe[...]

ZyAIR G-2000 Plus User’s Guide 393 Appendix D Figure 231 IP Address Conflicts: Case B T o solve this problem, make sure the ZyAIR L AN IP address is not in the DHCP IP address pool. Case C: The Subscriber IP address is the same as the IP address of a network device The following figure depicts an example where the subscriber IP address is the sam[...]

ZyAIR G-2000 Plus User’s Guide Appendix D 394 In this case, the subscribers are not able to access the Internet. Figure 233 IP Address Conflicts: Case D This problem can be solved b y adding a VLAN- enabled switch or set the computers to obtain IP addresses dynamically .[...]

ZyAIR G-2000 Plus User’s Guide 395 Appendix D[...]

ZyAIR G-2000 Plus User’s Guide Appendix E 396 Appendix E IP Subnetting IP Addressing Routers “route” based on the network number . The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (ei ght bits), wri tten in dotted decimal notation, for example, 192.16[...]

ZyAIR G-2000 Plus User’s Guide 397 Appendix E Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127. Similarly the first octet of a clas s “B” must begi n with “10”, therefore the first octet of a class “B” address has a valid range of 128 to[...]

ZyAIR G-2000 Plus User’s Guide Appendix E 398 Since the mask is always a continuous number of ones begin ning from the left, followe d by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet. This is usually specified by writing a “/” followed b[...]

ZyAIR G-2000 Plus User’s Guide 399 Appendix E Divide the network 192.168.1. 0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “ borrowed” host ID bit can be either “0” or “1” thus giving two subnets; 19 2.168.1.0 with mask 255 .255.255.128 and 192.168.1.128 with mask 255.2[...]

ZyAIR G-2000 Plus User’s Guide Appendix E 400 Example: Four Subnet s The above exampl e illustrated using a 25-bit subne t mask to divide a class “C” address space into two subnets. Similarly to divide a class “C” address into four subnets, you need to “borrow” two host ID bits to give four possible combinations of 00 , 01, 10 and 1 1[...]

Table 143 Subnet 4 NETWORK NUMBER LAST OCTET BIT V ALUE IP Address 192.168.1. 192 IP Address (Binary) 1 1000 000.10101000.00000 001. 11 000000 Subnet Mask (Binary) 11 111111 . 11111111 . 11111111 . 11 000000 Subnet Address: 192.168.1.192 Lowest Host ID: 192.168.1.19 3 Broadcast Address: 192.168.1.255 Highest Host ID: 192.16 8.1.254 ZyAIR G-2000 Plu[...]

ZyAIR G-2000 Plus User’s Guide Appendix E 402 Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet ma sk also determines which bits are part of the network number and which are part of the host ID. A class “B” address has two host ID octets ava ilable for subnetting and a class “A” address[...]

ZyAIR G-2000 Plus User’s Guide 403 Appendix E[...]

ZyAIR G-2000 Plus User’s Guide Appendix F 404 Appendix F Command Interpreter The following describes how to use the comman d interpreter . Enter 24 in the main menu to bring up the system maintena nce menu. Enter 8 to go to Menu 24.8 - Command Interpr e ter Mode . See the included disk or zyxel.com for more detailed information on these commands.[...]

ZyAIR G-2000 Plus User’s Guide 405 Appendix F[...]

ZyAIR G-2000 Plus User’s Guide Appendix G 406 Appendix G Log Descriptions This appendix provides descrip tions of example log messages Table 147 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. number of session per host! This attempt to create a NA T session exceeds the maximum number of NA T session table entries allowed to be crea[...]

ZyAIR G-2000 Plus User’s Guide 407 Appendix G Log Commands Go to the command inte rpreter interface (the Command In terpreter Appendix explai ns how to access and use the comman ds). 4 A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) 5 Source route failed 4 Source Quench 0 A gateway may discard interne[...]

ZyAIR G-2000 Plus User’s Guide Appendix G 408 Configuring What Y ou W a nt the ZyAIR to Log Use the sys logs load command to load the log se tting buffer th at allows you to configur e which logs the ZyAIR is to record. Use sys logs category followed by a log category and a parameter to decide what to record Table 151 Log Categories an d Availabl[...]

ZyAIR G-2000 Plus User’s Guide 409 Appendix G Log Command Example This example shows how to set the ZyAIR to record the error logs and alerts and then view the results. ras> sys logs load ras> sys logs category error 3 ras> sys logs save ras> sys logs display access # .time source destination notes message 0|11/11/2002 15:10:12 |172.2[...]

ZyAIR G-2000 Plus User’s Guide Appendix H 410 Appendix H W ireless LAN and IEEE 802.1 1 A wireless LAN (WLAN) provides a fle xible data communications system that you can use to access various services (navigating the Internet, em ail, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environment provides yo[...]

ZyAIR G-2000 Plus User’s Guide 411 Appendix H Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pe ndent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (ST A), whic h is called a Basic Se rvice Set (BSS). In the most basic form, a wireless LAN connects a set of computers with wireless ada[...]

ZyAIR G-2000 Plus User’s Guide Appendix H 412 Figure 235 ESS Provides Camp us-Wide Coverage[...]

ZyAIR G-2000 Plus User’s Guide 413 Appendix H[...]

ZyAIR G-2000 Plus User’s Guide Appendix I 414 Appendix I Wireless LAN W ith IEEE 802.1x As wireless networks become po pular for both portable comp uting and corporate networks , security is now a priority . Security Flaws with IEEE 802.1 1 W ireless networks based on the original IEEE 802.1 1 have a poor reputation for safety . The IEEE 802.1 1b[...]

ZyAIR G-2000 Plus User’s Guide 415 Appendix I RADIUS Server Authentication Sequence The following figure depicts a typical wireless ne tw ork with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Figure 236 Sequences for EAP MD5–Ch allenge Authentication Mutual Authentication with Internal RADIUS server . Microsofts Ch[...]

ZyAIR G-2000 Plus User’s Guide Appendix I 416 Figure 237 Sequences for PEAP , MS– CHAP V2 Authentication[...]

ZyAIR G-2000 Plus User’s Guide 417 Appendix I[...]

ZyAIR G-2000 Plus User’s Guide Appendix J 418 Appendix J T ypes of EAP Authentication This appendix discusses popu lar EAP authentication types. The type of authentication you use depends on the RADIUS ser ver or the AP . Consult your network administrator for more information. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simple[...]

ZyAIR G-2000 Plus User’s Guide 419 Appendix J PEAP (Protected EAP) Like EAP-TTLS, server-side certific ate authentication is used to establish a secure connection, then use simple username and p assword methods thro ugh the secured co nnection to authenticate the clients, thus hiding client identity . However , PEAP only supports EAP methods, suc[...]

ZyAIR G-2000 Plus User’s Guide Appendix K 420 Appendix K Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air . A tran smitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air . The antenna also operates in reverse by capturing RF signals fro m the air . Cho[...]

ZyAIR G-2000 Plus User’s Guide 421 Appendix K • Omni-directional antennas send the RF signal out in all directions on a horizontal p lane. The covera ge area is torus -shaped (lik e a donut) which makes these antennas ideal for a room environment. W ith a wide coverage area, it is possible to make circular overlapping coverage areas w ith multi[...]

ZyAIR G-2000 Plus User’s Guide Appendix L 422 Appendix L Power Adaptor S pecifications Table 153 NORTH AMERICAN PLUG STANDARDS AC Power Adaptor Model AD48-1201200D UY Input Power AC120V olts/60Hz/0.25A Output Power DC12V olts/1.2A Power Consumption 10 W Safety S tandards UL, CUL (UL 1950, CSA C22.2 No.234-M90) Table 154 NORTH AMERICAN PLUG STANDA[...]

Table 158 Australia and New Ze aland plug standards AC Power Adaptor Model AD-1201200DS or AD-121200 DS Input Power AC240V olts/50Hz/0.2A Output Power DC12V olts/1.2A Power Consumption 10 W Safety S tandards NA T A (AS 3260) ZyAIR G-2000 Plus User’s Guide 423 Appendix L[...]

ZyAIR G-2000 Plus User’s Guide Index 424 Index Numerics 802.1x 104 A Action for Matched Packe ts 202 Active 281 ActiveX 21 1 Allocated Bu dget 284 Alternative Subnet Mask Notation 398 Antenna Directional 421 Omni-directional 421 Antenna gain 420 Application-level Firewalls 178 Applications 42 Attack T ypes 184 Authen 284 Authentication 90 Authent[...]

ZyAIR G-2000 Plus User’s Guide 425 Index Direct Sequence S pread Spectrum 410 Distribution System 41 1 DNS 165 Domain Name 142 DoS Basics 180 Ty p e s 181 DS 41 1 DSSS 410 Dynamic DNS 65 , 259 Dynamic WEP Key Exchange 104 DYNDNS Wildcard 65 E EAP 39 EAP Authentication 101 , 418 ECHO 142 Edit IP 282 Encapsulation 281 , 285 Encryption 94 Error Log [...]

ZyAIR G-2000 Plus User’s Guide Index 426 Idle T imeout 283 , 284 IEEE 802.1x 39 IGMP 71 , 72 Independent Basi c Service Set 78 , 41 1 Inside 136 Inside Global Address 136 Inside Local Address 136 Internet Access 274 ISP's Name 275 Internet ac cess 264 , 274 Internet Access Setup 275 , 29 4 Internet Control Mess age Protocol (ICMP) 183 Intern[...]

ZyAIR G-2000 Plus User’s Guide 427 Index O One to One 139 Outside 136 P Packet Filtering 189 Packet Filtering Firewalls 178 Packets 339 Password 67 , 252 , 25 3 , 257 , 275 , 329 Period(hr) 284 Ping 347 Ping of Death 181 Point-to-Point Tunneling Protocol 129 , 142 POP3 142 , 180 Port Numbers 142 PPPoE Encapsulation 278 , 280 , 283 , 284 PPTP 142 [...]

ZyAIR G-2000 Plus User’s Guide Index 428 S pain, C onta ct Information 6 SSL Passthrough 38 S tateful Inspection 178 , 179 , 185 Process 185 S tatic Route 152 STP (S panning T ree Protocol) 38 SUA 140 , 142 SUA (Single User Account) 140 Subnet Mask 71 , 74 , 201 , 266 , 276 , 286 , 291 , 341 Subnet Masks 397 Subnetting 397 Support E-mail 5 Sweden[...]

ZyAIR G-2000 Plus User’s Guide 429 Index Wizard Setup 48 , 49 , 50 WLAN 410 Worldwide Contact Information 5 WP A 37 , 93 WP A with RADIU S Application 97 WP A-PSK Application 94 www .dyndns.org 261 Z ZyAIR LED 37 ZyNOS 351 ZyNOS F/W V ersi on 351 ZyXEL ’s Firewall Introduction 179[...]