Manuale d’uso / di manutenzione del prodotto G-2000 Plus del fabbricante ZyXEL Communications
Vai alla pagina of 430
ZyAIR G-2000 Plus 802.1 1g Wireless 4-port Router User ’ s Guide V ersion 3.6 0 4/2005.
.
ZyAIR G-2000 Plus User’s Guide Copyright 2 Copyright Copyright © 2005 by ZyXEL Communications Corpo ration. The contents of this publication may not be reprod uced in any part or as a whole, transc.
ZyAIR G-2000 Plus User’s Guide 3 Federal Communications Commission (F CC) Interference Statement Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rul es. Operation is subject to the following two conditions: • This device may not cause harmful interference.
ZyAIR G-2000 Plus User’s Guide ZyXEL Limited Warranty 4 ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to tw o years from the date of purchase .
ZyAIR G-2000 Plus User’s Guide 5 Customer Suppo rt Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice.
ZyAIR G-2000 Plus User’s Guide Customer Support 6 SP AIN support@zyxel.es +34 902 195 420 www .zyxel.es Z y X E L C o m m u n i c a t i o n s A l e j a n d r o V i l l e g a s 3 3 1 º , 2 8 0 4 3 M a d r i d Sp a i n sales@zyxel.es +34 913 005 345 Sweden support@zyxel.
ZyAIR G-2000 Plus User’s Guide 7 Customer Suppo rt.
ZyAIR G-2000 Plus User’s Guide Table of Contents 8 T able of Content s Copyright .................................................. ................................................................ 2 Federal Communications Commissi on (FCC) Interference St atement .
ZyAIR G-2000 Plus User’s Guide 9 Table of Contents 1.2.2.16 PPPoE Support (RFC2516) ........... ............. ................ ................ ..40 1.2.2.17 PPTP Encapsulation ......... ................ ............. ................ ............. .
ZyAIR G-2000 Plus User’s Guide Table of Contents 10 3.6.1 WAN IP Address Assignment ............. ............. ................ ............. ............ 58 3.6.2 IP Address and Subnet Mask ............. ................ ................. ........
ZyAIR G-2000 Plus User’s Guide 11 Table of Contents Chapter 7 Wireless Security ..................................... .......................................... .................... 88 7.1 Wireless Security Overview ...................... ..........
ZyAIR G-2000 Plus User’s Guide Table of Contents 12 9.2.1 Ethernet Encapsulation . ................ ............. ................ ............. ................ 124 9.2.1.1 Service T ype .................... ................ ............. .........
ZyAIR G-2000 Plus User’s Guide 13 Table of Contents 12.3 Configuring T elnet ......................... ............. ................ ............. ................ .......158 12.4 Configuring TELNET ..... .................... ......... ............
ZyAIR G-2000 Plus User’s Guide Table of Contents 14 14.5.4 UDP/ICMP Security ....... ................ ............. ............. ................ ............. 187 14.5.5 Upper Layer Protocols ...... ................ ................ ............. .
ZyAIR G-2000 Plus User’s Guide 15 Table of Contents 17.2 Self-signed Certificates .... ............. .... ............. ............ ................. ............ ....... 215 17.3 Configuration Summary ....................... ............. ........
ZyAIR G-2000 Plus User’s Guide Table of Contents 16 Chapter 21 General Setup ..................................................... .................................................. 258 21.1 General Setup .. ............. ............. .............
ZyAIR G-2000 Plus User’s Guide 17 Table of Contents Chapter 26 St atic Route Setup ........................................................................................ ....... 290 26.1 IP S tatic Route Setup ................. ............. .....
ZyAIR G-2000 Plus User’s Guide Table of Contents 18 30.2 Access Methods ... ............ ............. ............. ................ ............. ............. .......... 326 30.3 Enabling the Firewall .. ................ ....... ...... ..........
ZyAIR G-2000 Plus User’s Guide 19 Table of Contents 34.2.5 Backup Conf iguration Using TFTP ................................................ .......354 34.2.6 Example: TFTP Co mmand .. ............. ................ ............. ................ ..
ZyAIR G-2000 Plus User’s Guide Table of Contents 20 Appendix D IP Address Assignment Conflicts ...................................................................... 392 Appendix E IP Subnetting ......................................................
ZyAIR G-2000 Plus User’s Guide 21 Table of Contents.
ZyAIR G-2000 Plus User’s Guide List of Fi gures 22 List of Figures Figure 1 Internet Access Application Example ....... ............. ............ ................. ............ ....... 42 Figure 2 Change Password Screen .......... ................ .
ZyAIR G-2000 Plus User’s Guide 23 List of Figures Figure 37 Wireless: WP A ...... ............. ................ ................. ............ ................. ............ ....... 103 Figure 38 Wireless: 802.1x and Dynamic WEP .............. ....
ZyAIR G-2000 Plus User’s Guide List of Fi gures 24 Figure 80 W AN to LAN Traf fic ............ ................ ............. ................ ............. ................ ....... 196 Figure 81 Default Rule ...... ............. ............. .....
ZyAIR G-2000 Plus User’s Guide 25 List of Figures Figure 123 Menu 1.1 Configure Dynamic DNS .............. ............. ................ ............. .......... 260 Figure 124 Menu 2 W AN Setup ......................... ................. .........
ZyAIR G-2000 Plus User’s Guide List of Fi gures 26 Figure 166 Example 4: Menu 15.1.1 Address M apping Rules ........ ................. ............ ....... 310 Figure 167 Menu 15.3 T rigger Port Setup ....... ... ............. ................ .....
ZyAIR G-2000 Plus User’s Guide 27 List of Figures Figure 209 Budget Management ........ ................ ................. ............ ................. ................ ... 364 Figure 210 Menu 24.9.2 - Call History ...................... .........
ZyAIR G-2000 Plus User’s Guide List of Tables 28 List of T ables T able 1 IEEE 802.1 1b ........... ................ ................. ................................................ ............. 37 T able 2 IEEE 802.1 1g ........... .............
ZyAIR G-2000 Plus User’s Guide 29 List of Tables T able 37 Ethernet Encapsulation ................... ................ ................ ............. ................ ....... 126 T able 38 PPPoE Encapsulation .. ................ ....................
ZyAIR G-2000 Plus User’s Guide List of Tables 30 T able 80 Firmware Upload ....... ... ............. ................ ............. ............. ................ ............. ... 245 T able 81 Restore Configuration ...... ................ ........
ZyAIR G-2000 Plus User’s Guide 31 List of Tables T able 123 Call History Fields .... ............ ................. ................ ............. ................ ................ 36 5 T able 124 System Maintenance : Time and Date Setting .........
ZyAIR G-2000 Plus User’s Guide Preface 32 Preface Congratulations on you r purchase of the ZyAIR G-2000 Plu s - 802.1 1g W ireless 4 port Router . A wireless router is an access point and router rolled into one. It is a cost-effect solution to share Internet access with multiple computers and e xpand your wired network.
ZyAIR G-2000 Plus User’s Guide 33 Preface User Guide Feedback Help us help you! E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The T echnical W riting T eam, ZyXEL Communications Corp.
ZyAIR G-2000 Plus User’s Guide Preface 34 Graphics Icons Key ZyAIR Computer Notebook computer Server DSLAM Firewall Modem Switch Router Wireless Signal.
ZyAIR G-2000 Plus User’s Guide 35 Preface.
ZyAIR G-2000 Plus User’s Guide Chapter 1 Getting to Know Your ZyAIR 36 C HAPTER 1 Getting to Know Y our ZyAIR This chapter introduces the main feat ures and applications of the ZyAIR. 1.1 Introducing the ZyAIR The ZyAIR G-2000 Plus, an IEEE802.1 1g compliant broadb and wireless sharing gateway , provides wireless connectivity .
ZyAIR G-2000 Plus User’s Guide 37 Chapter 1 Getting to Know Your ZyAIR 1.2.1.4 10/100 Mb ps E t h e r n et W A N The 10/100 Mbps Ethernet W AN port attac hes to the Internet via broa dband modem or router . 1.2.1.5 Reset Button The ZyAIR reset button is built into the side pa nel.
ZyAIR G-2000 Plus User’s Guide Chapter 1 Getting to Know Your ZyAIR 38 1.2.2.4 802.1 1g Wi reless LAN St andard The ZyAIR, complies with the 802.1 1g wireless standard and is also fully compatible with the 802.1 1b standard. This means an 802.11 b radio card can interface directly with an 802.
ZyAIR G-2000 Plus User’s Guide 39 Chapter 1 Getting to Know Your ZyAIR 1.2.2.9 Firewall The ZyAIR employs a stateful inspection firewall with DoS (Denial of Service) protection. By default, when the firewall is activated, a ll incoming traffic from the W AN to the LAN is blocked unless it is initiated from the LAN.
ZyAIR G-2000 Plus User’s Guide Chapter 1 Getting to Know Your ZyAIR 40 1.2.2.16 PPPo E Support (RFC2516) PPPoE (Point-to-Point Pro tocol over Ethernet) emulates a dial-up connection. It allows your ISP to use their existing netw ork configuration with newer broadband techn o logies such as ADSL.
ZyAIR G-2000 Plus User’s Guide 41 Chapter 1 Getting to Know Your ZyAIR 1.2.2.22 Multicast T raditionally , IP packets are transmitted in two ways - uni cast or broadcast. Multicast is a third way to deliver IP pack ets to a group of ho sts. IGMP (Internet Group Management Protocol) is the protocol used to support multicast groups.
ZyAIR G-2000 Plus User’s Guide Chapter 1 Getting to Know Your ZyAIR 42 1.2.2.29 Embedded FTP and TFTP Servers The ZyAIR’ s embedded FTP and TFTP servers en able fast firmware upgrades as well as configuration file backup s and restoration.
ZyAIR G-2000 Plus User’s Guide 43 Chapter 1 Getting to Know Your ZyAIR.
ZyAIR G-2000 Plus User’s Guide Chapter 2 Introdu cing the Web Configurator 44 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to access the ZyAIR web configurator and provides an overview of its screens. The default IP addr ess of the ZyAIR is 192.
ZyAIR G-2000 Plus User’s Guide 45 Chapter 2 Introducing the Web Configurator Figure 2 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate us ing your ZyAIR’ s MAC address that will be specific to this device.
ZyAIR G-2000 Plus User’s Guide Chapter 2 Introdu cing the Web Configurator 46 2.3 Resetting the ZyAIR If you forget your password or cannot access the web configurator, you will need to reload the factory-default configuration file or use the RESET button on the side pa nel of the Zy AIR.
ZyAIR G-2000 Plus User’s Guide 47 Chapter 2 Introducing the Web Configurator Figure 4 The MAIN MENU Screen of the Web Configurator Use submenus to configure ZyAIR features. Click WIZARD SETUP for initial configuration includin g general setup, wireless LAN setup, ISP Parameters for Internet Access and W AN IP/DNS/MAC Address Assignment.
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 48 C HAPTER 3 W izard Setup The web configurator’ s setup wizard helps you configure your ZyAIR for Internet access and set up wireless LAN. 3.1 Wizard Setup Overview The web configurator ’ s setup w izard helps you configure your devic e to access the Internet.
ZyAIR G-2000 Plus User’s Guide 49 Chapter 3 Wizard Setup 3.1.4 WP A-PSK W i-Fi Protected Access (WP A) is a subset of the IEEE 802.1 1i security specification draft. Key differences between WP A and WEP are user authentication and improved data encryption.
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 50 Figure 5 Wizard 1 : General Setup The following table describes the labels in this screen. Table 3 Wizard 1 : Genera l Setup LABEL DESCRIPTION System Name It is recommended you type your computer's "Co mputer name".
ZyAIR G-2000 Plus User’s Guide 51 Chapter 3 Wizard Setup Figure 6 Wizard 2 : Wireless LAN Setup The following table describes the labels in this screen. Table 4 Wizard 2 : Wireless LAN Setup LABEL DESCRIPTION Wireless LAN Setup ESSID Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 52 Figure 7 Wizard 3: Wireless LAN Setup: Basic Securit y The following table describes the labels in this screen.
ZyAIR G-2000 Plus User’s Guide 53 Chapter 3 Wizard Setup Figure 8 Wizard 3: Wireless LAN Setup: Extend Security The following table describes the labels in this screen. Table 6 Wizard 3: Wireless LAN Setup: Extend Security LABEL DESCRIPTION Pre-Shared Key T ype from 8 to 63 case-sensitive ASCI I c haracters.
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 54 Figure 9 Wizard 4: Ethernet Enca psulation The following table describes the labels in this screen.
ZyAIR G-2000 Plus User’s Guide 55 Chapter 3 Wizard Setup 3.5.2 PPPoE Encap sulation Point-to-Point Protocol ov er Ethernet (PPPoE) function s as a dial-up connection. PPPoE is an IETF (Internet Engineering T ask Force) draft standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 56 Figure 10 Wizard 4: PPPoE Encapsulation The following table describes the labels in this screen. Table 8 Wizard 4: PPPoE Encapsulation LABEL DESCRIPTION ISP Parameter for Internet Access Encapsulation Choose PPP over Ethernet from the pull-down list box.
ZyAIR G-2000 Plus User’s Guide 57 Chapter 3 Wizard Setup PP TP supports on-demand, multi-protocol, and virtual private n etworking over public networks, such as the Internet. Refer to the appendix for more information on PP TP . Note: The ZyAIR supports one PP TP server connection at any given time.
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 58 3.6 Wizard Setup: Screen 5 The fifth wizard screen allows you to configure W AN IP address assignme nt, DNS server address assignment and the W AN MAC address. 3.6.1 W AN IP Address Assignment Every computer on the Internet must have a unique IP address.
ZyAIR G-2000 Plus User’s Guide 59 Chapter 3 Wizard Setup 3.6.2 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number . Where you obtain your netwo rk number depends on your particular situation.
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 60 Y ou can configure the W AN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Onc e it is successfully configured, the address will be copied to the "r om" file (ZyNOS configuration f ile).
ZyAIR G-2000 Plus User’s Guide 61 Chapter 3 Wizard Setup Figure 12 Wizard 5: W AN Setup The following table describes the labels in this screen Table 12 Wizard 5: WAN Setup LABEL DESCRIPTION W AN IP Address Assignmen t Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address.
ZyAIR G-2000 Plus User’s Guide Chapter 3 Wi zard Setup 62 3.7 Basic Setup Complete Click Back to return to the previous screen or click Finish to complete and save the wizard setup. First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynami cally assigns DNS server information (and the ZyAIR's WAN IP address).
ZyAIR G-2000 Plus User’s Guide 63 Chapter 3 Wizard Setup Figure 13 Wizard Finish W ell done! Y ou have successfully set up the ZyAIR. A congratulations screen di splays some information.
ZyAIR G-2000 Plus User’s Guide Chapter 4 System Screens 64 C HAPTER 4 System Screens 4.1 System Overview This section provides information on general system setup. 4.2 Configuring General Setup Click the SYSTEM link under ADV ANCED to open the General screen.
ZyAIR G-2000 Plus User’s Guide 65 Chapter 4 S ystem Screen s 4.3 Dynamic DNS Dynamic DNS allows you to update your curre nt dynamic IP address with one or many dynamic DNS services so that anyone can c ont act you (in NetMeeting, CU-SeeMe, etc.
ZyAIR G-2000 Plus User’s Guide Chapter 4 System Screens 66 4.4 Configuring Dynamic DNS T o change your ZyAIR’ s DDNS, click SYSTEM , then the DDNS tab. The screen appears as shown. Figure 15 DDNS The following table describes the labels in this screen.
ZyAIR G-2000 Plus User’s Guide 67 Chapter 4 S ystem Screen s 4.5 Configuring Password T o change your ZyA IR’ s password (recommended), click the SYSTEM link under ADV ANCED and then the Password tab. The screen appears as shown. This screen allows you to change the ZyAIR’ s password.
ZyAIR G-2000 Plus User’s Guide Chapter 4 System Screens 68 4.6 Configuring T ime Setting T o change your ZyAIR ’ s time and date, click the SYSTEM link under ADV ANCED and then the T ime Setting tab. The screen appears as shown. Use this screen to configure the ZyAIR’ s time based on your local time zone.
ZyAIR G-2000 Plus User’s Guide 69 Chapter 4 S ystem Screen s New T ime (hh:mm:ss) This field displays the last updated time from the time server . When you select None in the Time Protocol fie ld, enter the new ti me in thi s field and then click Apply .
ZyAIR G-2000 Plus User’s Guide Chapter 5 LAN Screen s 70 C HAPTER 5 LAN Screens This chapter describes how to configure LAN settings. 5.1 LAN Overview Local Area Network (LAN) is a shared communic ation system to which many computers are attached.
ZyAIR G-2000 Plus User’s Guide 71 Chapter 5 LAN Screens • IP address of 1 92.168.1.1 with subn et mask of 255.255.25 5.0 (24 bits) • DHCP server enabled with 32 client IP addresses starting from 192.168.1.33. These parameters should work fo r the majority of installations .
ZyAIR G-2000 Plus User’s Guide Chapter 5 LAN Screen s 72 224.0.0.0 is not assigned to any group and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assi gned to the permanent group of all IP hosts (including gateways).
ZyAIR G-2000 Plus User’s Guide 73 Chapter 5 LAN Screens Figure 18 LAN IP The following table describes the labels in this screen. Table 17 LAN IP LABEL DESCRIPTION DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allow s individual clients (computers) to obtain TC P/IP configuration at startup from a server .
ZyAIR G-2000 Plus User’s Guide Chapter 5 LAN Screen s 74 First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assign s DNS server information (and the ZyAIR's W AN IP address). T he field to the right d isplays the (read-only) DNS server IP address that the ISP assigns.
ZyAIR G-2000 Plus User’s Guide 75 Chapter 5 LAN Screens 5.5 Configuring S tatic DHCP This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss.
ZyAIR G-2000 Plus User’s Guide Chapter 5 LAN Screen s 76 Figure 19 S tatic DHCP The following table describes the labels in this screen. Table 18 Static DHCP LABEL DESCRIPTION # This is the index number of the S tatic IP table entry (row). MAC Address T ype the MAC address (with colo ns) of a computer on your LAN.
ZyAIR G-2000 Plus User’s Guide 77 Chapter 5 LAN Screens Figure 20 IP Alias The following table describes the labels in this screen. Table 19 IP Alias LABEL DESCRIPTION IP Alias 1,2 Select the check box to configure another LAN network fo r the ZyAIR.
ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 78 C HAPTER 6 W ireless Configuration and Roaming This chapter discusses how to configure the W ireless and Roaming sc reens on the ZyAIR. 6.1 Wireless LAN Overview This section introduces the wireless LAN(WLAN) and some basic scenarios.
ZyAIR G-2000 Plus User’s Guide 79 Chapter 6 Wireless C o nfiguration and Roaming Intra-BSS traffic is traf fic betw een wireless sta tions in the BSS. When Intra-BSS is enabled, wireless station A and B can access the wired network and communicate with each other .
ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 80 Figure 23 Extended Service Set 6.2 Wireless LAN Basics Refer also to the Wi z a rd S e t u p chapter for more background information on W ireless LAN features, such as channels.
ZyAIR G-2000 Plus User’s Guide 81 Chapter 6 Wireless C o nfiguration and Roaming Figure 24 RTS /CT S When station A sends data to th e ZyAIR, it might not know that station B is already using the channel.
ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 82 A large Fragmentation Thr eshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks tha t are prone to interference.
ZyAIR G-2000 Plus User’s Guide 83 Chapter 6 Wireless C o nfiguration and Roaming Figure 25 Wirel ess The following table describes the general wireless LAN labels in this screen. Table 20 Wirel ess LABEL DESCRIPTION Enable Wireless LAN Click the check box to activate wireless LAN.
ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 84 See the W ir eless Security chapter for information on the other labels in this screen. 6.4 Configuring Roaming A wireless station is a device with an IEEE 802 .1 1mode compliant wireless adapter .
ZyAIR G-2000 Plus User’s Guide 85 Chapter 6 Wireless C o nfiguration and Roaming 1 As wireless station Y moves from the coverage area of access point P1 to that of access point 2 P2 , it scans and uses the si gnal of access point P2 .
ZyAIR G-2000 Plus User’s Guide Chapter 6 Wireles s Conf iguration and Roaming 86 Figure 27 Roaming The following table describes the labels in this screen. Table 21 Roaming LABEL DESCRIPTION Active Select Ye s from the drop-down list box to enab le roamin g on the ZyAIR if you have two or more ZyAIRs on the same subnet.
ZyAIR G-2000 Plus User’s Guide 87 Chapter 6 Wireless C o nfiguration and Roaming.
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 88 C HAPTER 7 Wireless Security This Chapter describes how to use the MAC Filter , 802.1x , Roaming and RADIUS to configure wireless security on your ZyAIR.
ZyAIR G-2000 Plus User’s Guide 89 Chapter 7 Wireless Security Figure 29 Wireless: No Security The following table describes the labels in this screen. Table 22 Wireless No Security LABEL DESCRIPTION Security Choose from one of the security f eatures listed in the drop-down box.
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 90 7.2 Security Parameters Summary Refer to this table to see what other secur ity parameters you shou ld configure for each Authentication Method/ key management pro toc ol type.
ZyAIR G-2000 Plus User’s Guide 91 Chapter 7 Wireless Security Figure 30 WEP Authenticat ion S teps Open system authentication in volves an unencrypted two-message procedure. A wireless station sends an open system authentication request to the AP , which will then automatically accept and connect the wireless station to the network.
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 92 Figure 31 Wireless: S tatic WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 24 Wireless: Static WEP Encryption LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and click Generate .
ZyAIR G-2000 Plus User’s Guide 93 Chapter 7 Wireless Security 7.5 Introduction to WP A W i-Fi Protected Access (WP A) is a subset of the IEEE 802.1 1 i security specification draft. Key differences between WP A and WEP are user authentication and improved data encryption.
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 94 7.5.2 Encryption WP A improves d ata encryption by using T emporal Key Inte grity Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. T emporal Key Integrity Protocol (TKIP) uses 12 8-bit keys that are dynamically generated and distributed by the authentication server .
ZyAIR G-2000 Plus User’s Guide 95 Chapter 7 Wireless Security Figure 32 WP A - PSK Authentication 7.6 Configuring WP A-PSK Authentication In order to configure and enable WP A-PSK Authentication; click the WIRELESS link under ADV ANCED to display the Wi rel e s s screen.
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 96 Figure 33 Wireless: WP A-PSK The following table describes the labels in this screen. Table 25 Wireless: WPA-PSK LABEL DESCRIPTION Pre-Shared Key The encryption mechanisms used for WP A and WP A-PSK are the same.
ZyAIR G-2000 Plus User’s Guide 97 Chapter 7 Wireless Security 7.7 Wireless Client WP A Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WP A.
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 98 Figure 34 WP A with RADIU S Application Example 7.8 Configuring WP A Authentication In order to configure and enable WP A Authentication; click the WIRELESS link under ADV ANCED to display the Wi rel e s s screen.
ZyAIR G-2000 Plus User’s Guide 99 Chapter 7 Wireless Security Figure 35 Wirel ess: W P A The following table describes the labels in this screen. Table 26 Wirel ess: WPA LABEL DESCRIPTION ReAuthentication T imer (in seconds) S pecify how often wireless stations have to reenter usernames and passwords in order to stay connected.
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 100 7.9 Introduction to RADIUS RADIUS is based on a client-sever model that supports authentication and accounting, where access point is the client and the server is the RADIUS server .
ZyAIR G-2000 Plus User’s Guide 101 Chapter 7 Wireless Security The following types of RADIUS messages are exchanged between the a ccess point and the RADIUS server for user accounting: 7.9.1.2 Accounting-Request Sent by the access point requesting accounting.
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 102 4 The RADIUS server checks the user informa tion against its user profile database and determines whether or not to au thenticate the wireless station.
ZyAIR G-2000 Plus User’s Guide 103 Chapter 7 Wireless Security Figure 37 Wirel ess: W P A The following table describes the labels in this screen. Table 27 RADIUS LABEL DESCRIPTION Internal RADIUS Server Select this radio button to use the ZyAIR’s Internal RA DIUS Server .
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 104 7.1 1 802.1x Overview The IEEE 802.1x standard outlines enhanced security methods for both the authentication of wireless stations and encryption key manage ment.
ZyAIR G-2000 Plus User’s Guide 105 Chapter 7 Wireless Security •E A P - T L S •E A P - T T L S • PEAP Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange 7.13 Configuring 802.1x and Dynamic WEP Key Exchange In order to configure and enable 802.
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 106 Figure 38 Wireless: 802.1x and Dynamic WE P The following table describes the labels in this screen.
ZyAIR G-2000 Plus User’s Guide 107 Chapter 7 Wireless Security 7.14 Configuring 802.1x and S t atic WEP Key Exchange In order to configure and enable 802.1x and St atic WEP Key Exchange; click th e WIRELESS link under AD V ANCED to display the W ireless screen.
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireles s Security 108 Figure 39 Wireless: 802.1x and S tatic WEP The following table describes the labels in this screen. Table 29 Wireless: 80 2.1x and St atic WEP LABEL DESCRIPTION Passphrase Enter a Passphrase (up to 32 printable characters) and click Generate .
ZyAIR G-2000 Plus User’s Guide 109 Chapter 7 Wireless Security Authentication Method This field is activated when you select 64-bit WEP or 128-bit WEP in the WEP Encryption field. Select Auto, Ope n System or Shared Key from the drop-down list box. ASCII Select this option in order to enter ASCII characters as the WEP keys.
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 110 7.15 Configuring 802.1x In order to configure and enable 802.1x; click the W IRELESS link under ADV ANCED to display the Wire l es s screen. Select 802.1x + No WEP from the Security list.
ZyAIR G-2000 Plus User’s Guide 111 Chapter 7 Wireless Security Figure 40 Wireless: 80 2.1x The following table describes the labels in this screen. Table 30 Wireless: 80 2.1x and No WEP LABEL DESCRIPTION ReAuthentication T imer (in seconds) S pecify how often wireless stations have to reenter usernames and passwords in order to stay connected.
ZyAIR G-2000 Plus User’s Guide Chapter 7 Wireless Security 112 7.16 MAC Filter The MAC filter screen allows you to configure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (Deny Association).
ZyAIR G-2000 Plus User’s Guide 113 Chapter 7 Wireless Security Figure 41 MAC Addres s Filter The following table describes the labels in this menu. Table 31 MAC Address F ilter LABEL DESCRIPTION Active Select Ye s from the drop down list box to enable MAC address filtering.
ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 114 C HAPTER 8 Internal RADIUS Server This chapter describes how to u se the internal RADIUS server to authenticate wireless clients or other AP’ s in other wireless networks .For more backg round information on RA DIUS, see section 7.
ZyAIR G-2000 Plus User’s Guide 115 Chapter 8 Internal RADIUS Server Figure 42 ZyAIR Authenticates Wireless S tations Figure 43 ZyAIR as a RADIUS server Other AP’s ZyAIR Authenic ates other AP’s .
ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 116 8.2 Internal RADIUS Server Setting The INTERNAL RADIUS SER VER Setting screen displays inform ation about certificates. The certificates are used by wirele ss clients to authenticate the RADIUS server .
ZyAIR G-2000 Plus User’s Guide 117 Chapter 8 Internal RADIUS Server Figure 44 Internal RADIUS Server Setting Screen The following table describes the labels in this screen.
ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 118 8.3 T rusted AP Overview A trusted AP is an AP that uses the ZyAIR’ s internal RADIUS server to authenticate it’ s wireless clients. The following shows how this is done in two phases.
ZyAIR G-2000 Plus User’s Guide 119 Chapter 8 Internal RADIUS Server 2 Configure wireless client user names and passwords in the T rusted Users database to use a trusted AP as a relay between the RADIUS se rver and the wireless clie nts. The wireless clients can then be authenti cated by the RADIUS server .
ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 120 8.5 T rusted Users Overview A trusted user is a wireless client within the ZyAIR’ s wireless network. 8.6 Configuring T rusted Users T o change your ZyA IR’ s trusted users, click the AUTH SERVER link under ADV ANCED and then the T rusted User s tab.
ZyAIR G-2000 Plus User’s Guide 121 Chapter 8 Internal RADIUS Server Figure 47 T rusted Users Screen The following table describes the labels in this screen. Table 35 Trusted U sers LABEL DESCRIPTION # This field displays the trusted user index number .
ZyAIR G-2000 Plus User’s Guide Chapter 8 Intern al RADIUS Server 122 Apply Click Apply to save your change s back to the ZyAIR. Reset Click Reset to begin configurin g this screen afresh.
ZyAIR G-2000 Plus User’s Guide 123 Chapter 8 Internal RADIUS Server.
ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 124 C HAPTER 9 WA N This chapter describes how to configure W AN settings. 9.1 W AN Overview A W AN (Wide Area Network) is an outside conn ection to another network or t h e Internet. See the W izard Setup chapte r fo r more background information on most fields in the W AN screens.
ZyAIR G-2000 Plus User’s Guide 125 Chapter 9 WA N Figure 48 Ethernet Encapsulation The following table describes the labels in this screen. Table 36 Ethernet Encapsulat ion LABEL DESCRIPTION Encapsulation Y ou must choo se the Ethernet option when the WAN port is used as a regular Ethernet.
ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 126 Figure 49 Ethernet Encapsulation The following table describes the labels in this screen. Table 37 Ethernet Encapsulat ion LABEL DESCRIPTION Encapsulation Y ou must choose the Ethernet optio n when the WAN port is used as a regular Ethernet.
ZyAIR G-2000 Plus User’s Guide 127 Chapter 9 WA N For the service provider , PPPoE of fers an acces s and authentication method that works with existing access control systems (for exampl e Radius).
ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 128 Figure 50 PPPoE Encapsulation The following table describes the labels in this screen. Table 38 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up c onnection using PPPo E.
ZyAIR G-2000 Plus User’s Guide 129 Chapter 9 WA N 9.2.3 PPTP Encap sulation Point-to-Point T unneling Protocol (PP TP) is a ne twork protocol that enables secure transfer of data from a remote client to a private server , creating a V irtual Private Network (VPN) using TCP/IP-based networks.
ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 130 Figure 51 PPTP Encapsulation The following table describes the labels in this screen. Table 39 PPTP Encapsulation LABEL DESCRIPTION ISP Parameters fo.
ZyAIR G-2000 Plus User’s Guide 131 Chapter 9 WA N 9.3 TCP/IP Priority (Metric) The metric represents the "cost of transmissi on". A router determines the best route for transmission by choosing a path with the lowest "cost".
ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 132 Figure 52 WA N : IP The following table describes the labels in this screen. Table 40 WAN: I P LABEL DESCRIPTION W AN IP Address Assignmen t Get automatically from ISP Select this option If your ISP did not assi gn you a fixed IP address.
ZyAIR G-2000 Plus User’s Guide 133 Chapter 9 WA N Network Address T ransla tion Network Address T ransl ation (NA T) allows the translation of an Internet protocol address used wi thin one n etw ork.
ZyAIR G-2000 Plus User’s Guide Chapter 9 WAN 134 9.5 Configuring W AN MAC T o change your ZyAIR’ s W AN MAC settings, click WA N , then the WA N M A C tab.
ZyAIR G-2000 Plus User’s Guide 135 Chapter 9 WA N Otherwise, click Spoof this computer's MAC addr ess - IP Address and enter the IP address of the computer on the LAN w hose MAC you ar e cloning. Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file).
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 136 C HAPTER 10 Single User Account (SUA) / Network Address T r anslation (NA T) This chapter discusses how to configure SUA/NA T on the ZyAIR.
Note: NA T never changes the IP address (either local or global) of an outside ho st. ZyAIR G-2000 Plus User’s Guide 137 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) 10.
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 138 Figure 54 How NA T Works 10.1.4 NA T Application The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the ZyAIR can co mmunicate with three distinct W AN networks.
ZyAIR G-2000 Plus User’s Guide 139 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) Figure 55 NA T Application With IP Alias 10.1.5 NA T Mapping T ypes NA T sup ports five types of IP/port mapping. They are: • One to One : In One-to-One mode, the ZyAIR maps on e local IP addres s to one global IP address.
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 140 The following table summarizes these types.
ZyAIR G-2000 Plus User’s Guide 141 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) Y ou may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server . The port number identifies a service; for example, web service is on port 80 and FTP on port 21.
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 142 The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also re fer to the Supporting CD for more examples and details on SUA/NA T.
ZyAIR G-2000 Plus User’s Guide 143 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) Figure 56 Multiple Servers Be hind NA T Example 10.
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 144 Figure 57 SUA/NA T Setup The following table describes the labels in this screen. Table 44 SUA/NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specifi ed services, NA T supports a default server .
ZyAIR G-2000 Plus User’s Guide 145 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) 10.5 Configuring Address Mapping Ordering your rules is important because the Zy AIR applies the rules in the order that you specify .
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 146 Figure 58 Address Mapping The following table describes the labels in this screen. Table 45 Address Mapp ing LABEL DESCRIPTION Local S tart IP This refers to the Inside Local Address (ILA), which is the starting local IP address.
ZyAIR G-2000 Plus User’s Guide 147 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) 10.5.1 Configuring Address Mapping T o edit an address mapping rule, select the radio button of a rule and click the Edit button to display the screen shown next.
ZyAIR G-2000 Plus User’s Guide Chapter 10 Sin gle User A ccount (SUA ) / Network Ad dress Transla tion (NAT) 1 48 10.6 T rigger Port Forwarding Some services use a dedicated range of ports on the client side and a dedica ted range of ports on the server side.
ZyAIR G-2000 Plus User’s Guide 149 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT) Figure 60 T rigger Port Forwarding Process: Example 1 Jane requests a file from the Real Audio server (port 7070). 2 Port 7070 is a “trigger” port and causes the Zy AIR to record Jane’ s computer IP address.
ZyAIR G-2000 Plus User’s Guide Chapter 10 Single User A ccount (SUA ) / Network Address Tran slation (NA T) 150 Figure 61 T rigger Port The following table describes the labels in this screen. Table 47 Trigger Port LABEL DESCRIPTION # This is the rule index number (read-on ly).
ZyAIR G-2000 Plus User’s Guide 151 Chapter 10 Sin gle User Account (SUA) / Network Address Translation (NAT).
ZyAIR G-2000 Plus User’s Guide Chapter 11 Static Route Screens 152 C HAPTER 11 S t atic Route Screens This chapter shows you how to config ure static routes for your ZyAIR. 1 1 .1 St atic Route Overview Each remote node specifies only the network to which the gateway is di rectly connected, and the ZyAIR has no knowle dge of the networks be yond.
ZyAIR G-2000 Plus User’s Guide 153 Chapter 11 Static Route Screens Figure 63 S tatic Route The following table describes the labels in this screen. Table 48 Stati c Route LABEL DESCRIPTION # Number of an individual static route. Name Name that describes or identifies this route.
ZyAIR G-2000 Plus User’s Guide Chapter 11 Static Route Screens 154 Figure 64 S tatic Route: Edit The following table describes the labels in this screen. Table 49 Static Route: Edit LABEL DESCRIPTION Route Name Enter the n ame of the IP static route.
ZyAIR G-2000 Plus User’s Guide 155 Chapter 11 Static Route Screens.
ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 156 C HAPTER 12 Remote Management Screens This chapter provides information on the Remote Management screens. 12.1 Remote Management Overview Remote management allows you to determ ine which services/protocols can access which ZyAIR interface (if any) from which computers.
ZyAIR G-2000 Plus User’s Guide 157 Chapter 12 Remot e Manageme nt Screens 1 A filter in SMT menu 3.1 (LAN) or in menu 1 1.5 (W AN) is applied to block a T elnet, FTP or W eb service. 2 Y ou have disabled that service in one of the remote management screens.
ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 158 Figure 65 Remote Management: WWW The following table describes the labels in this screen.
ZyAIR G-2000 Plus User’s Guide 159 Chapter 12 Remot e Manageme nt Screens Figure 66 T elnet Configuration on a TCP/IP Network 12.4 Configuring TELNET Click REMOTE MGMT and the TELNET tab to display the screen as shown. Figure 67 Remote Management: T elnet The following table describes the labels in this screen.
ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 160 12.5 Configuring FTP Y ou can upload and download the ZyAIR’ s fi rmware and configuration fil e s using FTP , please see the chapter on firmware and configura tion file maintenance for details.
ZyAIR G-2000 Plus User’s Guide 161 Chapter 12 Remot e Manageme nt Screens 12.6 SNMP Simple Network Management Protocol (SNM P) i s a protocol u sed for exchanging management information b etween network devices. SNMP is a member of the TCP/IP protocol suite.
ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 162 An agent is a management software module that resides in a managed de vice (the ZyAIR). An agent translates the local ma nagemen t information from the mana ged device into a form compatible with SNMP .
ZyAIR G-2000 Plus User’s Guide 163 Chapter 12 Remot e Manageme nt Screens 12.6.3 Configuring SNMP T o change yo ur ZyAIR’ s SNMP settings , click REMOTE MGMT , then the SNMP tab.
ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 164 Figure 70 Remote Management: SNMP The following table describes the labels in this screen.
ZyAIR G-2000 Plus User’s Guide 165 Chapter 12 Remot e Manageme nt Screens 12.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to the chapter on W izard Setup for background information.
ZyAIR G-2000 Plus User’s Guide Chapter 12 Remote Management Screens 166 12.8 Configuring Security T o change your ZyAIR’ s security settings, clic k REMOTE MGMT , then the Security tab. The screen appears as shown. If an outside user attempts to probe an unsupp orted port on your ZyAIR, an ICMP respo nse packet is automatically returned .
ZyAIR G-2000 Plus User’s Guide 167 Chapter 12 Remot e Manageme nt Screens Figure 72 Security The following table describes the labels in this screen. Table 56 Securi ty LABEL DESCRIPTION ICMP Internet Control Message Protocol is a message control and error-repo rting protocol between a host server and a gateway to the Internet.
ZyAIR G-2000 Plus User’s Guide Chapter 13 UPnP 168 C HAPTER 13 UP N P This chapter introduces the Universal Plug and Play feature. 13.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectiv ity between devices.
ZyAIR G-2000 Plus User’s Guide 169 Chapter 13 UPnP All UPnP-enabled devices may communicate freely with eac h other without additional configuration. Disable UPnP if this is not your intention. 13.2 UPnP and ZyXEL ZyXEL has achieved UPnP certification from th e Universal Plug and Play Forum Creates UPnP™ Implementers Corp.
ZyAIR G-2000 Plus User’s Guide Chapter 13 UPnP 170 Figure 73 Configuring U PnP The following table describes the labels in this screen. Table 57 Configuring U PnP LABEL DESCRIPTION Enable the Universal Plug and Play (UPnP) feature Select this checkbox to activate UPnP .
ZyAIR G-2000 Plus User’s Guide 171 Chapter 13 UPnP 13.4.1 Inst alling UPnP in Windows Me Follow the steps below to in stall UPnP in W indows Me. 1 Click St a r t and Control Panel . Double- click Add/Remove Programs . 2 Click on the Win d ow s S et u p ta b and select Communication in the Components selection box.
ZyAIR G-2000 Plus User’s Guide Chapter 13 UPnP 172 13.4.2 Inst alling UPnP in Windows XP Follow the steps below to install UPnP in W indows XP . 1 Click St a r t and Contr ol Panel . 2 Double-click Network Connections . 3 In the Network Connections window , click Advanced in the main menu and select Optional Networking Components … .
ZyAIR G-2000 Plus User’s Guide 173 Chapter 13 UPnP 13.5 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in W indows XP . Y ou must already hav e UPnP installed in W indows XP and UPnP activated on the ZyXEL devi ce.
ZyAIR G-2000 Plus User’s Guide Chapter 13 UPnP 174 13.5.1 Auto-discover Y our UPnP-enabled Network Device 1 Click St a r t and Control Panel . Double-click Network Connections . An icon displays under Internet Gateway . 2 Right-click the icon and select Prop erties .
ZyAIR G-2000 Plus User’s Guide 175 Chapter 13 UPnP 13.5.2 We b Configurator Easy Access W ith UPnP , you can access the web-based configur ator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device.
1 Click St a r t and then Control Pan e l . 2 Double-click Network Connections . 3 Select My Network Places under Other Places . 4 An icon with the d escription for each UPnP-enabled device display s under Local Network . 5 Right-click the icon for your ZyXEL device and select Invoke .
ZyAIR G-2000 Plus User’s Guide 177 Chapter 13 UPnP Follow the steps below to access the web configurator . 1 Click Start and then Control Panel. 2 Double-click Network Connections . 3 Select My Network Places under Other Places . 4 An icon with the d escription for each UPnP-enabled device display s under Local Network .
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 178 C HAPTER 14 Firewalls This chapter gives some background info rmation on firewalls and introduces the ZyAIRZyAIR firewall. 14.1 Firewall Overview Originally , the term fir ewall referred to a construction techni que designed to prevent the spread of fire from one room to another .
ZyAIR G-2000 Plus User’s Guide 179 Chapter 14 Firewalls 1 Information hiding prevents the names of internal systems from being made known via DNS to outside systems, since the applicatio n gateway is the only host whose name must be made known to outside systems.
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 180 Figure 74 ZyAIR Firewall Application 14.4 Denial of Service Denials of Service (DoS) attacks are aimed at devices and networks w ith a connection to the Internet.
ZyAIR G-2000 Plus User’s Guide 181 Chapter 14 Firewalls 14.4.2 T ypes of DoS Att acks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 182 Figure 75 Three-W ay Handshake Under normal circumstances, the applica tion that initiates a session sends a SYN (synchronize) packet to the receiving server .
ZyAIR G-2000 Plus User’s Guide 183 Chapter 14 Firewalls Figure 76 SYN Flood b In a LAND Attack , hackers flood SYN packets into the network with a spoofed source IP address of th e targeted system.
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 184 Figure 77 Smurf Attack 14.4.2.1 ICMP V ulnerability ICMP is an error -reporting protocol that work s in concert with IP .
ZyAIR G-2000 Plus User’s Guide 185 Chapter 14 Firewalls 14.5 S tateful Inspection W ith stateful inspection, fields of the packets are compared to packets that a re already known to be trusted.
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 186 3 The firewall inspects packets to dete rmine and record information about the state of the packet's connection. This inform ation is recorded in a new st ate table entry created for the new connection.
ZyAIR G-2000 Plus User’s Guide 187 Chapter 14 Firewalls Below is a brief technical description of how th ese connections are tracked. Connections may either be defined by the uppe r protocols (for instance, TCP), or by the Zy AIR itself (as with the "virtual connections" created for UDP and ICMP).
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 188 14.5.5 Upper Layer Protocols Some higher layer protocols (such as FTP and RealAudio) utilize multiple network connections simultaneous ly .
ZyAIR G-2000 Plus User’s Guide 189 Chapter 14 Firewalls 14.7.1 Packet Filtering: • The router filters packets as they pass through the router’ s interface according to the filter rules you designed.
ZyAIR G-2000 Plus User’s Guide Chapter 14 Firewalls 190 6 The firewall can block specific URL traffic th at might occur in the future. The URL can be saved in an Access Control List (ACL) database.
ZyAIR G-2000 Plus User’s Guide 191 Chapter 14 Firewalls.
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 192 C HAPTER 15 Firewall Screens This chapter shows you how to configure your ZyAIR firewall. 15.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your ZyAIR has to of fer .
ZyAIR G-2000 Plus User’s Guide 193 Chapter 15 Fi rewall Screens Y ou may define additional rules and sets or m odify existing ones but please exercise extreme caution in doing so.
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 194 15.3.2 Security Ramifications Once the logic of the rule has been defined, it is critical to consider th e security ramifications cre.
ZyAIR G-2000 Plus User’s Guide 195 Chapter 15 Fi rewall Screens 15.4 Connection Direction Examples This section describes examples for firewall ru les for connections go ing from LAN to W AN and from W AN to LAN. LAN to LAN/ZyAIR and W AN to W AN/ZyAIR ru les apply to pa ckets coming in on the associated interface (LAN or W AN respectiv ely).
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 196 Figure 80 W AN to LAN T raffic 15.5 Alert s Alerts are reports on events, such as attacks, that you may want to know about right away . Y ou can choose to generate an alert when a rule is matched in the Edit Rule screen ( Figure 83 ) .
ZyAIR G-2000 Plus User’s Guide 197 Chapter 15 Fi rewall Screens Figure 81 Default Rule The following table describes the labels in this screen. Table 60 Defaul t Rule LABEL DESCRIPTION Enable Firewall Select this check box to activate the fi rewall.
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 198 Figure 82 Rule Summary The following table describes the labels in this screen. Table 61 Rule Summary LABEL DESCRIPTION Firewall Rules S torage Sp ace in Use This read-only bar shows how much of th e ZyAIR's memory for recording firewall rules it is currently using.
ZyAIR G-2000 Plus User’s Guide 199 Chapter 15 Fi rewall Screens 15.6.2 Configuring Firewall Rules Follow these directions to create a new rule. 1 In the Rule Summary screen, type the index number for where you want to put the rule.
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 200 Figure 83 Creating/Editing A Firewall Rule.
ZyAIR G-2000 Plus User’s Guide 201 Chapter 15 Fi rewall Screens The following table describes the labels in this screen. Table 62 Creating/Editing A Firewall Rule LABEL DESCRIPTION Edit Source/Destination Address Address T ype Do you want your rule to apply to packets with a particular (single) IP , a range of IP addresses (e.
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 202 15.6.3 Configuring Custom Services Configure customized ports for services not predefined by the ZyAIR (See “Predefined Services” on page 206 for a list of predefined services) .
ZyAIR G-2000 Plus User’s Guide 203 Chapter 15 Fi rewall Screens 15.7 Example Firewall Rule The following Internet firewa ll rule example allows a hypot hetical My Service connection from the Internet. 1 Click the FIREW ALL link and then the Rule Summary tab.
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 204 Figure 86 Rule Edit Example 6 In the Edit Rule screen, click Add under Custom Service to open the Edit Custom Service screen.
ZyAIR G-2000 Plus User’s Guide 205 Chapter 15 Fi rewall Screens Figure 88 My Service Rule Configuration.
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 206 Figure 89 My Service Example Rule Summary Rule 1: Allows a My Service connection fro m the W AN to IP addresses 10.
ZyAIR G-2000 Plus User’s Guide 207 Chapter 15 Fi rewall Screens FTP(TCP:20.21) File Transfer Program, a program to enable fast transfer of files, including large fi les that may not be possible by e-mail. H.323(TCP:1720) NetMeeting uses this protocol.
ZyAIR G-2000 Plus User’s Guide Chapter 15 Fi rewall Sc reens 208 SMTP(TCP:25) Simple Mail T ransfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another . SNMP(TCP/UDP:161) Simple Network Management Program.
ZyAIR G-2000 Plus User’s Guide 209 Chapter 15 Fi rewall Screens.
ZyAIR G-2000 Plus User’s Guide Chapter 16 Content Filtering 210 C HAPTER 16 Content Filtering This chapter provides a brief overview of co ntent filtering using the embedded W ebGUI. 16.1 Introduction to Content Filtering Internet content filtering allows you to create and enforce Internet access policies tailored to their needs.
ZyAIR G-2000 Plus User’s Guide 211 Chapter 16 Conte nt Filtering Figure 90 Content Filter The following table describes the labels in this screen. Table 65 Content Filter LABEL DESCRIPTION Restrict Web Features Select the box(es) to restri ct a feature.
ZyAIR G-2000 Plus User’s Guide Chapter 16 Content Filtering 212 Keyword T ype a keyword in this field. Y ou may use any character (up to 64 characters). Wildcards are not allowed. Y ou can also enter a numerical IP address. Keyword List This list displays the keywords a lready added.
ZyAIR G-2000 Plus User’s Guide 213 Chapter 16 Con tent Filter ing.
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 214 C HAPTER 17 Certificates This chapter gives background in formation about public-key certificates and explains how to use them. 17.1 Certificates Overview The ZyAIR can use certificates (also called digita l IDs) to authenticate users.
ZyAIR G-2000 Plus User’s Guide 215 Chapter 17 Certificates 17.1.1 Advant ages of Certificates Certificates offer th e following benefits. • The ZyAIR only has to store the certificates of the certification authorities that you decide to trust, no matter how many de vices you need to authenticate.
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 216 Figure 91 My Certificates The following table describes the labels in this screen. Table 66 My Certificates LABEL DESCRIPTION PKI S torage S pace in Use This bar displays the percentage of the ZyAI R’s PKI storage space that is currently in use.
ZyAIR G-2000 Plus User’s Guide 217 Chapter 17 Certificates Ty p e This field displays what kind of certificate this is. REQ represents a certification request an d is not yet a valid certificate. Send a certification request to a certification authority , which then issues a certificate.
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 218 17.5 Certificate File Format s The certification authority certific ate that yo u want to import ha s to be in one of these file formats: • Binary X.509: This is an ITU-T recommen dation that defines th e formats for X.
ZyAIR G-2000 Plus User’s Guide 219 Chapter 17 Certificates Figure 92 My Certificate Import The following table describes the labels in this screen. Table 67 My Certificate Import LABEL DESCRIPTION File Path T ype in the locati on of the file you w ant to upload i n this field or click Browse to find it.
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 220 Figure 93 My Certificate Create.
ZyAIR G-2000 Plus User’s Guide 221 Chapter 17 Certificates The following table describes the labels in this screen. Table 68 My Certificate Create LABEL DESCRIPTION Certificate Name T ype up to 31 ASCII characters (not includin g spaces) to identif y this certifi cate.
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 222 After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyAIR is generating the self-signed cer tificate or certification request.
ZyAIR G-2000 Plus User’s Guide 223 Chapter 17 Certificates Figure 94 My Certificate Deta ils.
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 224 The following table describes the labels in this screen. Table 69 My Certificate Det ails LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certifica te.
ZyAIR G-2000 Plus User’s Guide 225 Chapter 17 Certificates 17.9 T rusted CAs Click CER TIFICA TES , T rus ted CAs to open the T rusted CAs screen. This screen displays a summary list of certificates of the certifica tion authorities that you have set the ZyAIR to accept as trusted.
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 226 Figure 95 T rusted CAs The following table describes the labels in this screen. Table 70 Tr u s t ed C As LABEL DESCRIPTION PKI S torage S pace in Use This bar displays the percentage of the Zy AIR’s PKI storage space that is currently in use.
ZyAIR G-2000 Plus User’s Guide 227 Chapter 17 Certificates 17.10 Importing a T rusted CA ’ s Certificate Click CER TIFICA TES , T rusted CAs to open the Tr u s t e d C A s scree n and then click Import to open the T rusted CA Import screen.
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 228 17.1 1 T rusted CA Certificate Det ails Click CER TIFICA TES , T rusted CAs to open the Tr u s t e d C A s screen.
ZyAIR G-2000 Plus User’s Guide 229 Chapter 17 Certificates Figure 97 T rusted CA Details.
ZyAIR G-2000 Plus User’s Guide Chapter 17 Certificates 230 The following table describes the labels in this screen. Table 72 T rusted CA Details LABEL DESCRIPTION Name This field displays the iden tifying name of this certificate. If you w ant to change the name, type up to 31 characters to identify this key cert ificat e.
ZyAIR G-2000 Plus User’s Guide 231 Chapter 17 Certificates Key Algorithm This field displays the type of algorithm that was used to generate th e certificate’s key p air (the ZyAIR uses R SA encryp tion) and the le ngth of the key set in bits (1024 bits for example).
ZyAIR G-2000 Plus User’s Guide Chapter 18 Log Screen s 232 C HAPTER 18 Log Screens This chapter contains inform ation about configuring genera l log settings and viewing the ZyAIR’ s logs. Refer to the appendix for example log message explanations.
ZyAIR G-2000 Plus User’s Guide 233 Chapter 18 Log Screens 18.2 Configuring Log Settings T o change your ZyA IR’ s log settings, click the LOGS links under ADV ANCED and then the Log Settings tab.
ZyAIR G-2000 Plus User’s Guide Chapter 18 Log Screen s 234 Figure 99 Log Settings.
ZyAIR G-2000 Plus User’s Guide 235 Chapter 18 Log Screens The following table describes the labels in this screen. Table 74 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
ZyAIR G-2000 Plus User’s Guide Chapter 18 Log Screen s 236 18.3 Configuring Report s The Reports p age displays which computers on the LAN send and receive the most traffic, what kinds of traffic a re used the most and whic h web sites are visited the most often.
ZyAIR G-2000 Plus User’s Guide 237 Chapter 18 Log Screens Figure 100 Report s Note: Enabling the ZyAIR’ s reporting function decreases the overall throughput by about 1 Mbp s.
Note: All of the recorded report s data is e rased when you turn off the Z y AIR. ZyAIR G-2000 Plus User’s Guide Chapter 18 Log Screen s 238.
ZyAIR G-2000 Plus User’s Guide 239 Chapter 18 Log Screens.
ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 240 C HAPTER 19 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics.
ZyAIR G-2000 Plus User’s Guide 241 Chapter 19 Maintenance Figure 101 System S t atus The following table describes the labels in this screen. Table 76 System Status LABEL DESCRIPTION System Name This is the System Name you chose in th e first Internet Access Wizard screen.
ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 242 19.2.1 System St atistics Read-only information here incl udes port status, packet specific statistics and bridge link status. Also provided are "system up time" and "poll interval(s)".
ZyAIR G-2000 Plus User’s Guide 243 Chapter 19 Maintenance Click MAINTENANCE , and then the DHCP T able tab. Read-only information here relates to your DHCP status. The DHCP table shows cu rrent DHCP Client information (including IP Address , Host Name and MAC Address ) of all network clients using the DHCP server .
ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 244 Figure 104 Association List The following table describes the labels in this screen. Table 79 Association List LABEL DESCRIPTION # This is th e index number of an associated wireless station.
ZyAIR G-2000 Plus User’s Guide 245 Chapter 19 Maintenance Figure 105 Firmware Upload The following table describes the labels in this screen. Table 80 Firmware Uplo ad LABEL DESCRIPTION File Path T ype in the locati on of the file yo u want to up load in this field or cl ick Browse .
ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 246 Figure 106 Firmware Upload In Process The ZyAIR automatically restarts in this tim e causing a temporary network discon nect. In some operating systems, you may see the following icon on your desktop.
ZyAIR G-2000 Plus User’s Guide 247 Chapter 19 Maintenance Figure 108 Firmware Upload Error 19.6 Configuration Screen See the Firmwar e and Configura tion File Maintenance chapter for transferring configuration files using FTP/TFTP commands. Click MAINTENANCE , and then the Configuration tab.
ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 248 Figure 109 Configuration 19.6.1 Backup Configuration Backup configuration allows yo u to back up (sav e) the ZyAIR’ s current configuration to a file on your computer .
ZyAIR G-2000 Plus User’s Guide 249 Chapter 19 Maintenance After you see a “restore configuration successf ul” screen, you must then wa it one minute before logging into the ZyAIR again. Figure 1 10 Configuration Upload Successful The ZyAIR automatically restarts in this tim e causing a temporary network discon nect.
ZyAIR G-2000 Plus User’s Guide Chapter 19 Maintenance 250 Figure 1 12 Configuration Upload Error 19.6.3 Back to Factory Default s Pressing the Reset button in this section clears al l user-e ntered configuration information and returns the ZyAIR to its factory defaults as sh own on the screen.
ZyAIR G-2000 Plus User’s Guide 251 Chapter 19 Maintenance Figure 1 14 Rest art Screen.
ZyAIR G-2000 Plus User’s Guide Chapter 20 Intro ducing the SMT 252 C HAPTER 20 Introducing the SMT This chapter explains how to access and naviga te the System Management T erminal and gives an overview of its menus.
ZyAIR G-2000 Plus User’s Guide 253 Chapter 20 Intro ducing the SMT Please note that if there is no activity for longer than five minutes after you log in, your ZyAIR will automatically log you out. Figure 1 16 Login Screen Enter Password : **** 20.3 Changing the System Password Change the ZyAIR default password by following the steps shown next.
ZyAIR G-2000 Plus User’s Guide Chapter 20 Intro ducing the SMT 254 Figure 1 18 ZyAIR G-2000 Plu s SMT Menu Overview Example 20.5 Navigating the SMT Interface The SMT (System Manage ment T erminal) is the interface that you use to configure your ZyAIR.
ZyAIR G-2000 Plus User’s Guide 255 Chapter 20 Intr oducing the SMT After you enter the password, the SMT di splays the main menu, as shown next. Move to a “hidde n” menu Press [SP ACE BAR] to change No to Ye s then press [ENTER]. Fields beginning with “Ed it” lead to hidden menus and have a default setting of No .
ZyAIR G-2000 Plus User’s Guide Chapter 20 Intro ducing the SMT 256 Figure 1 19 ZyAIR G-2000 Plus SMT Main Menu Copyright (c) 1 994 - 2004 ZyXEL Communications Corp. ZyAIR G-2000PLUS Main Menu Getting Started Advanced Management 1. General Setup 21. Filter and Firewall S etup 2.
ZyAIR G-2000 Plus User’s Guide 257 Chapter 20 Intro ducing the SMT Change the ZyAIR default password by following the steps shown next. 1 Enter 23 in the main menu to display Menu 23 - System Securi ty as shown next. Figure 120 Menu 23: System Security Menu 23 - System Security 1.
ZyAIR G-2000 Plus User’s Guide Chapter 21 General Setup 258 C HAPTER 21 General Setup The chapter shows you th e information on gene ral setup. 21.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next).
ZyAIR G-2000 Plus User’s Guide 259 Chapter 21 General Setup Figure 122 Menu 1 General Setup Menu 1 - General Setup System N ame= G-2000PLUS Domain N ame= First Sy stem DNS Server= From ISP IP Add re.
ZyAIR G-2000 Plus User’s Guide Chapter 21 General Setup 260 21.1.2 Procedure to Configure Dynamic DNS Note: If you have a private W AN IP address, then you can not use Dynamic DNS T o configure Dynamic DNS, go to Menu 1 — General Setup and select Ye s in the Edit Dynamic DNS field.
ZyAIR G-2000 Plus User’s Guide 261 Chapter 21 General Setup Enable Wildcards Y our ZyAIR supports DYNDNS Wildcard. Press [SP ACE BAR] and the n [ENTER] to select Ye s or No This field is N/A when you choose DDNS client a s your service provider . Offline This field is only available when CustomDNS is selected in the DDNS T ype field.
ZyAIR G-2000 Plus User’s Guide Chapter 22 Menu 2 WAN Setup 262 C HAPTER 22 Menu 2 W AN Setup This chapter describes how to config ure the W AN using menu 2. 22.1 Introduction to W AN This chapter explains how to configure settings for your W A N port.
ZyAIR G-2000 Plus User’s Guide 263 Chapter 22 Menu 2 WAN Setup.
ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 264 C HAPTER 23 LAN Setup This chapter shows you h ow to configure wired Local Area Network (LAN) setti ngs on your ZyAIR. . 23.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 – LAN Setup .
ZyAIR G-2000 Plus User’s Guide 265 Chapter 23 LAN Setu p 23.2 Protocol Dependent Ethernet Setup Depending on the proto cols for your applications, yo u need to configure the respective Ethernet Setup, as outlined below . • For TCP/IP Ethernet setup refer to the Internet Access Application chapte r .
ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 266 Use the instructions in the following table to configure TCP/IP parameters for the LAN port.
ZyAIR G-2000 Plus User’s Guide 267 Chapter 23 LAN Setu p 23.3.1 IP Alias Setup IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface.
ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 268 Figure 129 Menu 3.2.1: IP Alias Setup Me nu 3.2.1 - IP Alias Setup IP Alias 1= No IP Add ress= N/A IP Sub net Mask= N/A RIP Di rection= N/A V.
ZyAIR G-2000 Plus User’s Guide 269 Chapter 23 LAN Setu p Figure 130 Menu 3.5 Wire less LAN Setup Me nu 3.5 - Wireless LAN Setup Enable Wireless LAN= Yes ESSID= Wireless Hide ESSID= No Edit MAC Address Filter= No Channel ID= CH06 2437MHz Edit Roaming Configuratio n= No RTS Threshold= 2432 Breathing LED= Yes Frag.
ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 270 23.4.1 Configurin g MAC Address Filter Y our ZyAIR checks the MAC address of the wirele ss station device against a lis t of allowed or denied MAC addresses. However , intruders could fake allowe d MAC addresses so MAC- based authentication is less secu re than EAP authentication.
ZyAIR G-2000 Plus User’s Guide 271 Chapter 23 LAN Setu p 2 Enter 5 to display Menu 3.5 – Wir eles s LAN Setup . Figure 131 Menu 3.5 Wireless LAN Setup Men u 3.
ZyAIR G-2000 Plus User’s Guide Chapter 23 LAN Set up 272 Figure 132 Menu 3.5.1 WLAN MAC Address Filter Menu 3.5.1 - WLAN MAC Address Filter Active= No Filter A ction= Allowed Association -----------.
ZyAIR G-2000 Plus User’s Guide 273 Chapter 23 LAN Setup.
ZyAIR G-2000 Plus User’s Guide Chapter 24 In ternet Access 274 C HAPTER 24 Internet Access This chapter shows you how to config ure your ZyAIR for Internet access . 24.1 Introduction to Internet Access Setup Use information from your ISP along with the in st ructions in this chapter to set up your ZyAIR to access the Internet.
ZyAIR G-2000 Plus User’s Guide 275 Chapter 24 Internet Access Figure 133 Men u 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= Ethernet Servic e Type= Standard My Log in= N/A My.
ZyAIR G-2000 Plus User’s Guide Chapter 24 In ternet Access 276 24.3 Configuring the PPTP Client Note: T he ZyAIR supports only one PP TP server connection at any given time T o configure a PP TP client, you must configure the My Login and Password fields for a PPP connection and the PP TP parame ters for a PP TP connection.
ZyAIR G-2000 Plus User’s Guide 277 Chapter 24 Internet Access Figure 134 Internet Access Setup (PPTP) Men u 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= PPTP Servic e Type= N.
ZyAIR G-2000 Plus User’s Guide Chapter 24 In ternet Access 278 Figure 135 Men u 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= PPPoE Servic e Type= N/A My Log in= My Pas sword=.
ZyAIR G-2000 Plus User’s Guide 279 Chapter 24 Internet Access.
ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 280 C HAPTER 25 Remote Node Configuration This chapter covers remo te node configuration. 25.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gatewa y .
ZyAIR G-2000 Plus User’s Guide 281 Chapter 25 Remote Node Configu r ation Figure 136 Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes ISP= No Apply Alias= None Encapsula.
ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 282 25.2.2 PPPoE Encap sulation The ZyAIR supports PPPoE (Point-t o-Point Protocol over Ethern et). Y ou can only use PPPoE encapsulation when you’re using the ZyAIR with a DSL modem as the W AN device.
ZyAIR G-2000 Plus User’s Guide 283 Chapter 25 Remote Node Configu r ation Figure 137 Menu 11.1 - Remote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes ISP= No Apply Alias= None Encapsula.
ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 284 The following table describes the fields not already described in see T a ble 95 . Table 96 Fields in Menu 11.1 (PPPo E Encapsulation Specific) FIELD DESCRIPTION Service Name If you are usin g PPPoE encapsulation, then type the name of your PPPoE service here.
ZyAIR G-2000 Plus User’s Guide 285 Chapter 25 Remote Node Configu r ation Figure 138 Menu 11.1 - Re mote Node Profile Rem Node Name= ChangeMe Route= IP Active= Yes ISP= No Apply Alias= None Encapsul.
ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 286 Figure 139 Menu 1 1.3 Remote Node Network Layer Op tions for Ethernet Encapsulation Menu 11.
ZyAIR G-2000 Plus User’s Guide 287 Chapter 25 Remote Node Configu ration 25.4 Remote Node Filter Move the cu rsor to the field Edit Filter Sets in menu 1 1.1, and then press [SP ACE BAR] to set the value to Ye s . Pre ss [ENTER] to open Menu 1 1.5 - Remote Node Filter .
ZyAIR G-2000 Plus User’s Guide Chapter 25 Remot e Node Configur ation 288 Figure 140 M Menu 11.5 - Remote Node Filt er Input Filter Sets: protocol filters= device filters= Output Filter Sets: protocol filters= device filters= Enter here to CONFIRM or ESC to CANCEL: enu 1 1.
ZyAIR G-2000 Plus User’s Guide 289 Chapter 25 Remote Node Configu ration.
ZyAIR G-2000 Plus User’s Guide Chapter 26 Static Route Setup 290 C HAPTER 26 S t atic Route Setup This chapter shows how to setup IP static routes. 26.1 IP S tatic Route Setup T o configure an IP static route, use Menu 12 – S tatic Routing Setup (shown next).
ZyAIR G-2000 Plus User’s Guide 291 Chapter 26 Static Route Setup Figure 143 Menu12.1 Edit IP S tatic Route Menu 12.1 - Edit IP Static R oute Route #: 1 Route Name= ? Active= No Destination IP Addr e.
ZyAIR G-2000 Plus User’s Guide Chapter 27 Dial-in User Setup 292 C HAPTER 27 Dial-in User Setup This chapter shows you how to cr eate user accounts on the ZyAIR. 27.1 Dial-in User Setup By storing user profiles locally , your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server .
ZyAIR G-2000 Plus User’s Guide 293 Chapter 27 Dial-in User Setu p Figure 145 Menu 14.1- Edit Dial-in User Menu 14.1 - Edit Dial-in User User Nam e= tester one Active= Yes Password = ******** Leave name f ield blank to delete profile The following table describes th e fields in this screen.
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 294 C HAPTER 28 Network Address T ranslation (NA T) This chapter discusses how to configure NA T on the ZyAIR. 28.1 Using NA T Note: Y ou must create a firewall rule in addition to setting up SUA/NA T , to allow traffic from the W AN to be forwarded through the ZyAIR 28.
ZyAIR G-2000 Plus User’s Guide 295 Chapter 28 Network Addr ess Translation (NAT) Figure 146 Menu 4 Applying NA T for Internet Access Menu 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsu.
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 296 Figure 147 Menu 11.3 - Remote Node Network Layer Options IP Addre ss Assignment= Dynamic IP Addre ss= N/A IP Subne t M.
ZyAIR G-2000 Plus User’s Guide 297 Chapter 28 Network Addr ess Translation (NAT) Figure 148 Menu 15 - NAT Setup 1. Address Mappin g Sets 2. Port Forwardin g Setup 3. Trigger Port S etup Enter Menu Selection Number: Menu 15 NA T Setup 28.3.1 Address Mapping Set s Enter 1 to bring up Menu 15.
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 298 Figure 150 Menu 15.1.255 SUA Address Mapping Rule s Menu 15.1 .255 - Address Mapping Rules Set Name= SUA Idx Local Start IP Local E nd IP Global Start IP Global End IP Type --- -------------- ------- -------- --------------- --------------- ------ 1.
ZyAIR G-2000 Plus User’s Guide 299 Chapter 28 Network Addr ess Translation (NAT) Figure 151 Menu 15.1.1 - Address Mappin g Rules Set Name= NAT_SET Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- -------------- ---- ----------- --------------- ------ 1.
Note: Y ou must press [ENTER] at the bottom of the screen to save the whole set. Y ou must do this again if you make any changes to the set – including deleting a rule.
ZyAIR G-2000 Plus User’s Guide 301 Chapter 28 Network Addr ess Translation (NAT) 28.4 Configuring a Server behind NA T Follow these steps to config ure a server behind NA T : 1 Enter 15 in the main menu to go to Menu 15 - NA T Setup. 2 Enter 2 to display Menu 15.
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 302 Figure 154 Multiple Servers Behind NA T Example 28.5 General NA T Examples The following are some exam ples of NA T configuration.
ZyAIR G-2000 Plus User’s Guide 303 Chapter 28 Network Addr ess Translation (NAT) Figure 155 NA T Examp le 1 Figure 156 Menu 4 - Internet Access Setup ISP's Na me= ChangeMe Encapsul ation= Ether.
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 304 Figure 157 NA T Exam ple 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NA T as shown in the next figure.
ZyAIR G-2000 Plus User’s Guide 305 Chapter 28 Network Addr ess Translation (NAT) 4 Y ou also map your third IGA to th e web server and mail server on the LAN. T ype Server allows you to specify multiple servers, of different t ypes, to other computers behind NA T on the LAN.
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 306 Figure 160 Menu 11.3 - Remote Node Network Layer Options IP Addre ss Assignment= Dynamic IP Addre ss= N/A IP Subne t M.
ZyAIR G-2000 Plus User’s Guide 307 Chapter 28 Network Addr ess Translation (NAT) Figure 161 Example 3: Menu 15.1.1.1 Menu 15.1.1.1 Address Mappin g Rule Type= One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= 10.132.50.1 End = N/A Press ENTER to Confirm or ES C to Cancel: Press Space Bar to Toggle.
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 308 Figure 163 Example 3: Menu 15.2 Menu 15. 2 - NAT Server Setup Rule Start Port N o. End Port No. IP Address ------------------- -------------------------------- 1. Default Default 0.
ZyAIR G-2000 Plus User’s Guide 309 Chapter 28 Network Addr ess Translation (NAT) Figure 164 NA T Examp le 4 Note: Other applications such as some gaming programs are NA T unfriendly because they embed addressing information in the data str eam.
ZyAIR G-2000 Plus User’s Guide Chapter 28 Network Address Translation (NAT) 310 Figure 166 Example 4: Menu 15.1.1 Addre ss Mapping Rules Menu 15.1.1 - Address Mappin g Rules Set Name= Example4 Idx Local Start IP Local E nd IP Global Start IP Global End IP T ype --- -------------- ------- ------- --------------- --------------- - ----- 1.
ZyAIR G-2000 Plus User’s Guide 311 Chapter 28 Network Addr ess Translation (NAT) Figure 167 Menu 15.3 T rigger Port Setup Menu 15.3 - Trigger Po rt Setup Incoming Trigger Rule Name St art Port End Port Start Port End Po rt -------------------------- ----------------------------------------- --- 1.
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 312 C HAPTER 29 Filter Configuration This chapter shows you how to create and apply filters. 29.1 Introduction to Filters Y our ZyAIR uses filters to decide whether to allo w passage of a data packet and/or to make a call.
ZyAIR G-2000 Plus User’s Guide 313 Chapter 29 Filter Configuration 29.1.1 The Filter Structure of the ZyAIR A filter set consists of one or more filter rules. Usually , you would group related rules, e.g., all the rules for NetBIOS, into a single set and gi ve it a descriptive name.
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 314 Figure 169 Filter Rule Process Y ou can apply up to four filter sets to a particular port to block multiple types of packets. W ith each filter set having up to six rules, you can have a maximum of 24 rules active for a single port.
ZyAIR G-2000 Plus User’s Guide 315 Chapter 29 Filter Configuratio n Figure 170 Menu 21: Filter and Firewa ll Setup Menu 21 - Filter and Firewal l Setup 1. Filter Setup 2. Firewall Setup Enter Menu Selection Number: 2 Enter 1 to bring up the following menu.
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 316 The protocol dependent filter rules abbreviation are listed as follows: Table 107 Rule Abbreviations Used ABBREVIA TION DESCRIPTION.
ZyAIR G-2000 Plus User’s Guide 317 Chapter 29 Filter Configuratio n 29.2.2 Configuring a TCP/IP Filter Rule This section shows you how to configure a TCP/IP filter rule. TCP/IP rules allow you to base the rule on the fiel ds in the IP and the upper layer protocol, for example, UDP and TCP headers.
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 318 Port # Enter th e destination port of the p ackets that you wi sh to filter . The range of th is field is 0 to 65535.
ZyAIR G-2000 Plus User’s Guide 319 Chapter 29 Filter Configuratio n The following figure illustrates th e logic flow of an IP filter . Figure 173 Executing an IP Filter 29.2.3 Configuring a Generic Filter Rule This section shows y ou how to configure a gen e ri c filter rule.
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 320 For generic rules, the ZyAIR treats a packet as a byte stream as opposed to an IP or IPX packet. Y ou specify the portion of the packet to check with the Offset (from 0) and the Length fields, both in bytes.
ZyAIR G-2000 Plus User’s Guide 321 Chapter 29 Filter Configuratio n 29.3 Example Filter Let’ s look at an example to block outsid e users from accessing the ZyAIR via te lnet. Figure 175 T elnet Filter Examp le 1 Enter 21 from the main menu to open Menu 21 - Filter and Firewall Setup .
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 322 5 Press [ENTER] at the message [Press EN TER to confirm] to open Menu 21.1.3 - Filter Rules Summary 6 Enter 1 to configure the first filter rule (the only f ilter rule of this set). Make the entries in this menu as shown in the following figure.
ZyAIR G-2000 Plus User’s Guide 323 Chapter 29 Filter Configuratio n Figure 177 Menu 21.1.3 - Filter Rules Summary # A Type Filter Rules M m n - - ---- ------------------ --------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.
ZyAIR G-2000 Plus User’s Guide Chapter 29 Filter Configuration 324 Figure 178 Protocol and Device Filter Set s 29.5 Firewall V ersus Filters Firewall configuration is discussed in the fir ewall chapters of this manual. Further comparisons are also made between filtering, NA T and the firewall.
ZyAIR G-2000 Plus User’s Guide 325 Chapter 29 Filter Configuratio n Figure 179 Filtering LAN T raffic Menu 3.1 - LAN Port Filter S etup Input Filter Set s: protocol filte rs= device filte rs= Output Filter Se ts: protocol filte rs= device filte rs= Press ENTER to Confirm or ES C to Cancel: 29.
ZyAIR G-2000 Plus User’s Guide Chapter 30 Enablin g the Firewall 326 C HAPTER 30 Enabling the Firewall This chapter shows you how to get started with the ZyAIR firewall.
ZyAIR G-2000 Plus User’s Guide 327 Chapter 30 Enablin g the Firewall Figure 181 Menu 21.2 Firewa ll Setup M enu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks w hen it is active. Your network is vulner able to attacks when the firewall is turn ed off.
ZyAIR G-2000 Plus User’s Guide Chapter 31 SNMP Configuration 328 C HAPTER 31 SNMP Configuration This chapter explains SNMP Configuratio n menu 22. 31.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging man agement information between network devices.
ZyAIR G-2000 Plus User’s Guide 329 Chapter 31 SNMP Configuration The managed devices cont ain object variables/ managed objects that define each piece of information to be collected ab out a device. Examples of vari ables include the number of packets received, node port status etc.
ZyAIR G-2000 Plus User’s Guide Chapter 31 SNMP Configuration 330 Figure 183 Menu 22 SNMP Configuration Menu 22 - SNMP Configuration SNMP: Get Community= public Set Community= public Trusted Host= 0.
ZyAIR G-2000 Plus User’s Guide 331 Chapter 31 SNMP Configuration The following table maps the physical port and encapsulation to the interface type, Table 112 Ports and Inte rface Types PHYSICAL POR.
ZyAIR G-2000 Plus User’s Guide Chapter 32 Sy stem Security 332 C HAPTER 32 System Security This chapter describes how to configur e the system security on the ZyAIR. 32.1 System Security Y ou can configure the system password, an exte rnal RADIUS server and 802.
ZyAIR G-2000 Plus User’s Guide 333 Chapter 32 System Security Figure 185 Menu 23 System Security Menu 23 - Sy stem Security 1. Change Passwo rd 2. RADIUS Server 4. IEEE802.1x Enter Menu Selection Number: From Menu 23- System Security , enter 2 to display Menu 23.
ZyAIR G-2000 Plus User’s Guide Chapter 32 Sy stem Security 334 32.1.3 802.1x The IEEE 802.1x standards outline enhanced security methods for both the authentication of wireless stations and en cryption key managemen t. Follow the steps below to enable EA P authentication on your ZyAIR.
ZyAIR G-2000 Plus User’s Guide 335 Chapter 32 System Security Figure 188 Menu 23.4 System Security : IEEE802.1x Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= Authentication Required ReAuthentication Timer (in second)= 1800 Idle Timeout (in secon d)= 3600 Key Management Protoco l= 802.
ZyAIR G-2000 Plus User’s Guide Chapter 32 Sy stem Security 336 Once you enable user authenticatio n, you need to specify an exte rnal RADIUS server or create local user accounts on th e ZyAIR for authentication Dynamic WEP Key Exchange This field is activated only when you sele ct Authentication Required in the Wireless Port Control field.
ZyAIR G-2000 Plus User’s Guide 337 Chapter 32 System Security.
ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 338 C HAPTER 33 System Information and Diagnosis This chapter covers the information and diag nostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status , port status, log and trace capabiliti es and upgrades for the system software.
ZyAIR G-2000 Plus User’s Guide 339 Chapter 33 System Information and Diagnosis Figure 190 Menu 24.1 System Maintenan ce : St atus Menu 24.1 - System Mainte nance - Status 00:55:58 Sat.
ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 340 33.2 System Information T o get to the System Information: 1 Enter 24 to display Menu 24 – System Maintenance . 2 Enter 2 to display Menu 24.2 – System Information and Con sole Port Speed .
ZyAIR G-2000 Plus User’s Guide 341 Chapter 33 System Information and Diagnosis 33.2.2 Console Port Speed Y ou can set up different port speeds for the console port through Menu 24.2. 2 – System Maintenance – Console Port Speed . Y our ZyAIR supports 9600 (default), 1920 0, 38400, 57600 and 1 15200 bps console port speeds.
ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 342 Figure 194 Menu 24.3 System Maintenan ce : Log and T race Menu 24.3 - Sy stem Maintenance - Log and Trace 2.
ZyAIR G-2000 Plus User’s Guide 343 Chapter 33 System Information and Diagnosis 33.3.2.1 CDR SdcmdSyslogSend ( SYSLOG_CDR , SYSLOG_INFO, String); String = board xx line xx ch annel xx, call xx, str b.
ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 344 33.3.2.3 Filter log Filter log Message Format SdcmdSyslogSend(SYSLOG_FILLO G, SYSLOG_NOTICE, String ); String = IP[Src=xx.
ZyAIR G-2000 Plus User’s Guide 345 Chapter 33 System Information and Diagnosis 33.3.2.5 Firewall log Firewall Log Message Format SdcmdSyslogSend(SYSLOG_FIREW ALL, SYSLOG_NOTICE, buf); buf = IP[Src=xx.
ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 346 Figure 196 IP Frame: ENET0-RECV Size: 44/ 44 Time: 17:02:44.262 Frame Type: IP Header: IP Version = 4 Header Length = 2.
ZyAIR G-2000 Plus User’s Guide 347 Chapter 33 System Information and Diagnosis 2 From this menu , type 4. Diagnostic to open Menu 24.4 – System Maintenance – Diagnostic . Menu 24.4 System Maintenance : Di agnostic Menu 24.4 - System Maintenance - Diagnostic TCP/IP 1.
ZyAIR G-2000 Plus User’s Guide Chapter 33 System Information and Diagnosis 348 W AN D HCP Renewal Get a new IP address from the DHCP server . Reboot System Reboot the ZyAIR. Host IP Address If you typed 1 to Ping Host, now type t he address of the computer you want to ping.
ZyAIR G-2000 Plus User’s Guide 349 Chapter 33 System Information and Diagnosis.
ZyAIR G-2000 Plus User’s Guide Chapter 34 Firm ware and Configuration File Maintenance 350 C HAPTER 34 Firmware and Configuration File Maintenance This chapter tells y ou how to backup and restor e your configuration file as well as upload new firmware and configuratio n files using the SMT screens.
ZyAIR G-2000 Plus User’s Guide 351 Chapter 34 Firmw are and Configu ration File Mainten ance The following table is a summary . Please note that the internal filename refe rs to the filename on the .
ZyAIR G-2000 Plus User’s Guide Chapter 34 Firmwa re and Configuration F ile Maintenance 352 Figure 198 Menu 24.5 Bac kup Configuration Menu 24.5 – Backup Configura tion To transfer the configuratio n file to your workstation, follow the p rocedure below: 1.
ZyAIR G-2000 Plus User’s Guide 353 Chapter 34 Firmw are and Configu ration File Mainten ance Figure 199 FTP Session Example 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.
ZyAIR G-2000 Plus User’s Guide Chapter 34 Firm ware and Configuration File Maintenance 354 34.2.5 Backup Configuration Using TFTP The ZyAIR supports the up/down loading of th e firmware and the configuration file using TFTP (T rivial File T ransfer Protocol) over LA N.
ZyAIR G-2000 Plus User’s Guide 355 Chapter 34 Firmw are and Configu ration File Mainten ance 34.2.7 GUI-based TFTP Client s The following table describes some of the fields that you may see in third party TFTP clients. Table 121 General Commands for Th ird Party TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyAIR.
ZyAIR G-2000 Plus User’s Guide Chapter 34 Firmwa re and Configuration F ile Maintenance 356 Figure 200 Menu 24.6 Restore Co nfiguration Menu 24 .6 – Restore Configuration To transfer the firmware and the configuration file, follow the proce dure below: 1.
ZyAIR G-2000 Plus User’s Guide 357 Chapter 34 Firmw are and Configu ration File Mainten ance 34.4 Uploading Firmware and Configuration Files Menu 24.7 – System Maintenance – Upload Firmware allows you to upgrade the firmware and the configuration file.
ZyAIR G-2000 Plus User’s Guide Chapter 34 Firmwa re and Configuration F ile Maintenance 358 Figure 203 Menu 24.7.1 System Maintena nce : Upload System Firmware Menu 24.7.1 - Sy stem Maintenance - Upload System Firmwar e To upload the system firmwar e, follow the procedure below: 1.
ZyAIR G-2000 Plus User’s Guide 359 Chapter 34 Firmw are and Configu ration File Mainten ance 4 Enter “root” and your SMT password as requested. The default is 1234. 5 Enter “bin” to set transfer mode to binary . 6 Use “put” to transfer files from the computer to the ZyAIR, e.
ZyAIR G-2000 Plus User’s Guide Chapter 34 Firm ware and Configuration File Maintenance 360 5 Use the TFTP client (see the example below) to transfer files between the ZyAIR and the computer . The file name for the firmware is “ras ” and the configuration file is “rom-0” (rom-zero, not capital o).
ZyAIR G-2000 Plus User’s Guide 361 Chapter 34 Firmw are and Configu ration File Maint enance.
ZyAIR G-2000 Plus User’s Guide Chapter 35 System Maintenance and Information 362 C HAPTER 35 System Maintenance and Information This chapter leads you through SM T menus 24.8 and 24.10. 35.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the ma in system firmware.
ZyAIR G-2000 Plus User’s Guide 363 Chapter 35 System Mainten ance and Information Figure 206 Menu 24 System Maintenan c e Me nu 24 - System Maintenance 1. System Status 2. System Information and Console Port Spee d 3. Log and Trace 4. Diagnostic 5. Backup Configuration 6.
ZyAIR G-2000 Plus User’s Guide Chapter 35 System Maintenance and Information 364 Figure 208 Menu 24.9 System Maintenance : Call Control Menu 24.9 - System Main tenance - Call Control 1. Budget Manageme nt 2. Call History Enter Menu Selectio n Number: 35.
ZyAIR G-2000 Plus User’s Guide 365 Chapter 35 System Mainten ance and Information Figure 210 Menu 24.9.2 - Call History M enu 24.9.4 - Call History Phone Number Dir Rate #call Max Min Total 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Ente r Entry to Delete(0 to exit): The following table describes the fields in this menu.
ZyAIR G-2000 Plus User’s Guide Chapter 35 System Maintenance and Information 366 Figure 21 1 Menu 24.10 System Maint e nance : T ime and Date Setting Menu 24.
ZyAIR G-2000 Plus User’s Guide 367 Chapter 35 System M aintenance and Information 35.3.1 Resetting the T ime The ZyAIR resets the time in three instances: 1 On leaving menu 24.10 after making changes. 2 When the ZyAIR starts up, if there is a timeserver configured in menu 24.
ZyAIR G-2000 Plus User’s Guide Chapter 36 Remo te Management 368 C HAPTER 36 Remote Management This chapter covers remote ma nagement (SMT menu 24.1 1). 36.1 Remote Management Remote management allows you to determ ine which services/protocols can access which ZyAIR interface (if any) from which computers.
ZyAIR G-2000 Plus User’s Guide 369 Chapter 36 Remote Manageme nt Figure 212 Menu 24 .11 - Remote Management Control TELNET Server: Port = 23 Access = LAN only Secu re Client IP = 0.0.0.0 FTP Server: Port = 21 Access = LAN only Secu re Client IP = 0.
ZyAIR G-2000 Plus User’s Guide Chapter 36 Remo te Management 370 Figure 213 T elnet Configuration on a TCP/IP Network 36.1.2 FTP Y ou can upload and download Zy AIR firmware an d configuration files using FTP . T o use this feature, your computer must have an FTP client.
ZyAIR G-2000 Plus User’s Guide 371 Chapter 36 Remote Manag ement • Use the ZyAIR’ s W AN IP address when configuring from the W AN. • Use the ZyAIR’ s LAN IP address when configuring from the LAN. 36.3 System T imeout There is a system timeout of five minutes (300 seconds) for T eln et/web/FTP co nnections.
ZyAIR G-2000 Plus User’s Guide Chapter 37 Call Scheduling 372 C HAPTER 37 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulati on only) allows you to dictate when a remote node should be called and for how long.
ZyAIR G-2000 Plus User’s Guide 373 Chapter 37 Call Scheduling T o setup a schedule set, select the schedule set you want to setup from menu 26 (1-12) and press [ENTER] to see Menu 26.
ZyAIR G-2000 Plus User’s Guide Chapter 37 Call Scheduling 374 Once your schedule sets are conf igured, yo u must then apply them to the desired remote node(s).
ZyAIR G-2000 Plus User’s Guide 375 Chapter 37 Call Scheduling.
ZyAIR G-2000 Plus User’s Guide Appendix A 376 Appendix A T roubleshooting This appendix covers poten tial problems and possible re medies. After each problem description, some instructions ar e provided to help you to diag nose and to solve the problem.
ZyAIR G-2000 Plus User’s Guide 377 Appendix A Problems with the Password Problems with T elnet Problems with the WLAN Interface Table 129 Troubleshooting the Password PROBLEM CORRECTIVE ACTION I cannot access the ZyAIR. The Password and Username fields are case-sensitive.
ZyAIR G-2000 Plus User’s Guide Appendix B 378 Appendix B Brute-Force Password Guessing Protection The following describes the commands for enablin g, disabling and configuring the brute-force password guessing protect ion m echanism for the password.
ZyAIR G-2000 Plus User’s Guide 379 Appendix B.
ZyAIR G-2000 Plus User’s Guide Appendix C 380 Appendix C Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed.
ZyAIR G-2000 Plus User’s Guide 381 Appendix C Figure 217 WIndows 95/98 /Me: Networ k: Configu ration Inst alling Component s The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microso ft Networks.
ZyAIR G-2000 Plus User’s Guide Appendix C 382 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect.
ZyAIR G-2000 Plus User’s Guide 383 Appendix C Figure 219 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know you r gateway’ s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add .
ZyAIR G-2000 Plus User’s Guide Appendix C 384 Figure 220 Windows XP: S tar t Menu 2 For W indows XP , click Network Connections . For W indows 2000/NT , click Network and Dial-up Connections . Figure 221 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .
ZyAIR G-2000 Plus User’s Guide 385 Appendix C Figure 222 Windows XP: Control Panel: Network Connections: Proper ties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and click Properties .
ZyAIR G-2000 Plus User’s Guide Appendix C 386 • If you have a static IP address click Use the following IP Address and fill in the IP addr ess , Subnet mask , and Default gateway fields.
ZyAIR G-2000 Plus User’s Guide 387 Appendix C • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es ). • If you know your DNS server IP address(es), click Use the following DNS server addresses , and type them in the Pr eferred DNS server and Alternate DNS server fields.
ZyAIR G-2000 Plus User’s Guide Appendix C 388 Figure 226 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 227 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configur e: list.
ZyAIR G-2000 Plus User’s Guide 389 Appendix C 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box.
ZyAIR G-2000 Plus User’s Guide Appendix C 390 Figure 229 Macintosh O S X: Netw ork 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address box. • T ype your subnet mask in the Subnet mask box.
ZyAIR G-2000 Plus User’s Guide 391 Appendix C.
ZyAIR G-2000 Plus User’s Guide Appendix D 392 Appendix D IP Address Assignment Conflict s This appendix describes situations where IP address conflicts may occur .
ZyAIR G-2000 Plus User’s Guide 393 Appendix D Figure 231 IP Address Conflicts: Case B T o solve this problem, make sure the ZyAIR L AN IP address is not in the DHCP IP address pool.
ZyAIR G-2000 Plus User’s Guide Appendix D 394 In this case, the subscribers are not able to access the Internet. Figure 233 IP Address Conflicts: Case D This problem can be solved b y adding a VLAN- enabled switch or set the computers to obtain IP addresses dynamically .
ZyAIR G-2000 Plus User’s Guide 395 Appendix D.
ZyAIR G-2000 Plus User’s Guide Appendix E 396 Appendix E IP Subnetting IP Addressing Routers “route” based on the network number . The router that delivers the data packet to the correct destination host uses the host ID. IP Classes An IP address is made up of four octets (ei ght bits), wri tten in dotted decimal notation, for example, 192.
ZyAIR G-2000 Plus User’s Guide 397 Appendix E Since the first octet of a class “A” IP address must contain a “0”, the first octet of a class “A” address can have a value of 0 to 127.
ZyAIR G-2000 Plus User’s Guide Appendix E 398 Since the mask is always a continuous number of ones begin ning from the left, followe d by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
ZyAIR G-2000 Plus User’s Guide 399 Appendix E Divide the network 192.168.1. 0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The “ borrowed” host ID bit can be either “0” or “1” thus giving two subnets; 19 2.
ZyAIR G-2000 Plus User’s Guide Appendix E 400 Example: Four Subnet s The above exampl e illustrated using a 25-bit subne t mask to divide a class “C” address space into two subnets.
Table 143 Subnet 4 NETWORK NUMBER LAST OCTET BIT V ALUE IP Address 192.168.1. 192 IP Address (Binary) 1 1000 000.10101000.00000 001. 11 000000 Subnet Mask (Binary) 11 111111 . 11111111 . 11111111 . 11 000000 Subnet Address: 192.168.1.192 Lowest Host ID: 192.
ZyAIR G-2000 Plus User’s Guide Appendix E 402 Subnetting With Class A and Class B Networks. For class “A” and class “B” addresses the subnet ma sk also determines which bits are part of the network number and which are part of the host ID.
ZyAIR G-2000 Plus User’s Guide 403 Appendix E.
ZyAIR G-2000 Plus User’s Guide Appendix F 404 Appendix F Command Interpreter The following describes how to use the comman d interpreter . Enter 24 in the main menu to bring up the system maintena nce menu. Enter 8 to go to Menu 24.8 - Command Interpr e ter Mode .
ZyAIR G-2000 Plus User’s Guide 405 Appendix F.
ZyAIR G-2000 Plus User’s Guide Appendix G 406 Appendix G Log Descriptions This appendix provides descrip tions of example log messages Table 147 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max.
ZyAIR G-2000 Plus User’s Guide 407 Appendix G Log Commands Go to the command inte rpreter interface (the Command In terpreter Appendix explai ns how to access and use the comman ds).
ZyAIR G-2000 Plus User’s Guide Appendix G 408 Configuring What Y ou W a nt the ZyAIR to Log Use the sys logs load command to load the log se tting buffer th at allows you to configur e which logs the ZyAIR is to record.
ZyAIR G-2000 Plus User’s Guide 409 Appendix G Log Command Example This example shows how to set the ZyAIR to record the error logs and alerts and then view the results. ras> sys logs load ras> sys logs category error 3 ras> sys logs save ras> sys logs display access # .
ZyAIR G-2000 Plus User’s Guide Appendix H 410 Appendix H W ireless LAN and IEEE 802.1 1 A wireless LAN (WLAN) provides a fle xible data communications system that you can use to access various services (navigating the Internet, em ail, printer services, etc.
ZyAIR G-2000 Plus User’s Guide 411 Appendix H Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an inde pe ndent (Ad-hoc) WLAN that connects a set of computers with wireless nodes or stations (ST A), whic h is called a Basic Se rvice Set (BSS).
ZyAIR G-2000 Plus User’s Guide Appendix H 412 Figure 235 ESS Provides Camp us-Wide Coverage.
ZyAIR G-2000 Plus User’s Guide 413 Appendix H.
ZyAIR G-2000 Plus User’s Guide Appendix I 414 Appendix I Wireless LAN W ith IEEE 802.1x As wireless networks become po pular for both portable comp uting and corporate networks , security is now a priority . Security Flaws with IEEE 802.1 1 W ireless networks based on the original IEEE 802.
ZyAIR G-2000 Plus User’s Guide 415 Appendix I RADIUS Server Authentication Sequence The following figure depicts a typical wireless ne tw ork with a remote RADIUS server for user authentication using EAPOL (EAP Over LAN). Figure 236 Sequences for EAP MD5–Ch allenge Authentication Mutual Authentication with Internal RADIUS server .
ZyAIR G-2000 Plus User’s Guide Appendix I 416 Figure 237 Sequences for PEAP , MS– CHAP V2 Authentication.
ZyAIR G-2000 Plus User’s Guide 417 Appendix I.
ZyAIR G-2000 Plus User’s Guide Appendix J 418 Appendix J T ypes of EAP Authentication This appendix discusses popu lar EAP authentication types. The type of authentication you use depends on the RADIUS ser ver or the AP . Consult your network administrator for more information.
ZyAIR G-2000 Plus User’s Guide 419 Appendix J PEAP (Protected EAP) Like EAP-TTLS, server-side certific ate authentication is used to establish a secure connection, then use simple username and p assword methods thro ugh the secured co nnection to authenticate the clients, thus hiding client identity .
ZyAIR G-2000 Plus User’s Guide Appendix K 420 Appendix K Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air . A tran smitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air .
ZyAIR G-2000 Plus User’s Guide 421 Appendix K • Omni-directional antennas send the RF signal out in all directions on a horizontal p lane. The covera ge area is torus -shaped (lik e a donut) which makes these antennas ideal for a room environment.
ZyAIR G-2000 Plus User’s Guide Appendix L 422 Appendix L Power Adaptor S pecifications Table 153 NORTH AMERICAN PLUG STANDARDS AC Power Adaptor Model AD48-1201200D UY Input Power AC120V olts/60Hz/0.25A Output Power DC12V olts/1.2A Power Consumption 10 W Safety S tandards UL, CUL (UL 1950, CSA C22.
Table 158 Australia and New Ze aland plug standards AC Power Adaptor Model AD-1201200DS or AD-121200 DS Input Power AC240V olts/50Hz/0.2A Output Power DC12V olts/1.
ZyAIR G-2000 Plus User’s Guide Index 424 Index Numerics 802.1x 104 A Action for Matched Packe ts 202 Active 281 ActiveX 21 1 Allocated Bu dget 284 Alternative Subnet Mask Notation 398 Antenna Direct.
ZyAIR G-2000 Plus User’s Guide 425 Index Direct Sequence S pread Spectrum 410 Distribution System 41 1 DNS 165 Domain Name 142 DoS Basics 180 Ty p e s 181 DS 41 1 DSSS 410 Dynamic DNS 65 , 259 Dynam.
ZyAIR G-2000 Plus User’s Guide Index 426 Idle T imeout 283 , 284 IEEE 802.1x 39 IGMP 71 , 72 Independent Basi c Service Set 78 , 41 1 Inside 136 Inside Global Address 136 Inside Local Address 136 In.
ZyAIR G-2000 Plus User’s Guide 427 Index O One to One 139 Outside 136 P Packet Filtering 189 Packet Filtering Firewalls 178 Packets 339 Password 67 , 252 , 25 3 , 257 , 275 , 329 Period(hr) 284 Ping.
ZyAIR G-2000 Plus User’s Guide Index 428 S pain, C onta ct Information 6 SSL Passthrough 38 S tateful Inspection 178 , 179 , 185 Process 185 S tatic Route 152 STP (S panning T ree Protocol) 38 SUA 1.
ZyAIR G-2000 Plus User’s Guide 429 Index Wizard Setup 48 , 49 , 50 WLAN 410 Worldwide Contact Information 5 WP A 37 , 93 WP A with RADIU S Application 97 WP A-PSK Application 94 www .
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il ZyXEL Communications G-2000 Plus è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del ZyXEL Communications G-2000 Plus - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso ZyXEL Communications G-2000 Plus imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul ZyXEL Communications G-2000 Plus ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il ZyXEL Communications G-2000 Plus, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del ZyXEL Communications G-2000 Plus.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il ZyXEL Communications G-2000 Plus. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo ZyXEL Communications G-2000 Plus insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.