Manuel d'utilisation / d'entretien du produit Wireless Gateway Series du fabricant ZyXEL Communications
Aller à la page of 420
ZyAIR Wireless Gateway Series User's Guide Version 3.50 May 2004.
ZyAIR Wireless Gatew ay Series User’s Guide ii Copyright Copyright Copyright © 2004 by Zy XEL Communications Corporation. The contents of this publ ication m ay not be reprod uced in any part or as.
ZyAIR Wireless Gatew ay Series User’s Guide FCC Statement i ii Federal Communications Commission (FCC) Interference S t atement This device complies with Part 15 of FCC rules. Operation is subject to the following two cond itions: • This device m ay not cause harm ful interferen ce.
ZyAIR Wireless Gatew ay Series User’s Guide iv ZyXEL Warranty ZyXEL Limited W arranty ZyXEL warrants to the original end us er (purchaser) that this product is free from any defects in materials or workm anship fo r a period of up to t wo years from the da te of purchase.
ZyAIR Wireless Gatew ay Series User’s Guide Customer Support v Customer Support Please have th e following i nformation re ady when you contact customer s upport. • Product model and serial number. • Warranty Information. • Date that you received your device.
ZyAIR Wireless Gatew ay Series User’s Guide vi C ustome r Support SUPPORT E-MAIL TELEPHONE 1 WEB SITE METHOD LOCATION SALES E-MAIL FAX 1 FTP SITE REGULAR MAIL support@zyxel.se +46 31 744 7700 www.zyx el.se SWEDEN sales@zyx el.se +46 31 744 7701 ZyXEL Communications A /S Sjöporten 4, 41764 Göteborg Sweden support@zyxel.
ZyAIR Wireless Gatew ay Series User’s Guide Table of Contents vii T able of Content s Copyright ...................................................................................................................... ..................................
ZyAIR Wireless Gateway Series User’ s Guide viii Table of Contents 4.1 System Overview ................................................................................................................ ....... 4-1 4.2 Configuring Ge neral Se tup .....
ZyAIR Wireless Gatew ay Series User’s Guide Table of Contents ix 7.10 Security Parameters S u mmary ................................................................................................. 7-1 1 7.11 Wireless Client WP A Su pplicants.......
ZyAIR Wireless Gateway Series User’ s Guide x Ta ble of Contents Chapter 1 1 Introduction to Fir ewalls ........................................................................................... ............ 1 1-1 11.1 Firewall Ov erview ..........
ZyAIR Wireless Gatew ay Series User’s Guide Table of Contents xi UPNP AND LOGS.................................................................................................................. ...................... VI Chapter 14 UPnP Screen .......
ZyAIR Wireless Gateway Series User’ s Guide xii Table of Contents 17.3 Changing the Syst em Password ............................................................................................... 17-2 17.4 ZyAIR SMT Menu Over view Exam ple ........
ZyAIR Wireless Gatew ay Series User’s Guide Table of Contents xiii 23.4.1 Example 1: Int ernet Access On ly ..................................................................................... 23-9 23.4.2 Example 2: Internet Access w ith an Inside Server .
ZyAIR Wireless Gateway Series User’ s Guide xiv Table of Contents 28.2.3 Example of FT P Commands from the Comm and Line.................................................... 28-4 28.2.4 GUI-based F TP Clients .........................................
ZyAIR Wireless Gatew ay Series User’s Guide Table of Contents xv APPENDICE S .............................................................................................................................................. XI Appendix A T ro ubleshoot ing .
ZyAIR Wireless Gateway Series User’ s Guide xvi List of Figures List of Figures Figure 1-1 Internet Acces s Applicati on Example ................................................................................. .......... 1-7 Figure 2-1 W eb Brow ser Addre ss Field .
ZyAIR Wireless Gatew ay Series User’s Guide List of Figures xvii Figure 8-2 Service T ype ............................................................................................................................... ... 8-2 Figure 8-3 PPPoE Encapsulation .
ZyAIR Wireless Gateway Series User’ s Guide xviii List of Figures Figure 16-4 As sociatio n List ................................................................................................... ...................... 16-5 Figure 16-5 Channel Usage (ZyAIR B- 20 00).
ZyAIR Wireless Gatew ay Series User’s Guide List of Figures xix Figure 23-1 Menu 4 In ternet Acce ss Setup ....................................................................................... ........... 23-1 Figure 23-2 Menu 1 1.3 Remote Node Network La yer Options .
ZyAIR Wireless Gateway Series User’ s Guide xx List of Figures Figure 26-5 Menu 23.4 Syst em Security : IEEE802 .1x ............................................................................. ... 26-4 Figure 27-1 Menu 24 System Main tenance ......
ZyAIR Wireless Gatew ay Series User’s Guide List of Figures xxi Figure 31-3 Applying Schedule Set( s) to a Remote Node (PP TP) ......................
.
ZyAIR Wireless Gatew ay Series User’s Guide Lists of Tables xxiii List of T ables T able 1-1 Model Sp ecific Features.............................................................................................. ................... 1-1 T able 3-1 W izard 1: General Setup .
ZyAIR Wireless Gatew ay Series User’s Guide xxiv Lists of Tables T able 1 1-2 ICMP Commands That T rig ger Alerts ................................................................................... ..... 1 1-6 T able 1 1-3 Legal NetBIOS Commands ...
ZyAIR Wireless Gatew ay Series User’s Guide Lists of Tables xxv T able 20-1 Internet Account Information ........................................................................................ ............. 20-1 T able 20-2 Menu 4 In ternet Acce ss Setup .
ZyAIR Wireless Gatew ay Series User’s Guide xxvi Preface Preface Congratulations on your purchase from the ZyAIR Wireless Gateway series. A wireless gateway is an access point and router rolled into one. It is a cost-effect solution to share Internet access with multiple computers and expand your wired network.
ZyAIR Wireless Gatew ay Series User’s Guide Preface xxvii • Mouse action s equences are denoted usi ng a com ma. For ex ample, “cli ck the Appl e icon, Control Panels and then Modem ” means first click the Apple icon, then point your mouse pointer to Control Panels and then click Modem .
.
Overview I Part I: OVERVIEW This part introduces the ma in features and appl ications of the ZyAIR and shows how to access the web configurator and u s e the Wiza rd to configure for Internet Access .
.
ZyAIR Wireless Gatew ay Series User’s Guide Getting to Know Your ZyAIR 1-1 Chapter 1 Getting to Know Your ZyAIR This chapter introduces the main features and applications of the ZyAIR. 1.1 Introducing the ZyAIR W ireless Gateway Series The ZyAIR Wireless Gateway prov ides wireless connectivity.
ZyAIR Wireless Gatew ay Series User’s Guide 1-2 Getting to Know Your ZyAIR Table 1-1 Model Specific Features ZYAIR MODEL FEATURES B-2000 B-2000 V.2 SPI/DoS prevention Firewall, including ACL O SSL Passthrough O O Wi-Fi Protected Access (WPA) O Table Key: An “O” in a model’s column sho ws that t he model has the specified f eature.
ZyAIR Wireless Gatew ay Series User’s Guide Getting to Know Your ZyAIR 1-3 ZyAIR LED The blue ZyA IR LED (als o known as t he Breathing LED) is on when the ZyAIR is on and blinks (or breaths) when data is being tran smitted to/from its wi reless stations.
ZyAIR Wireless Gatew ay Series User’s Guide 1-4 Getting to Know Your ZyAIR connection start with “https” instead of “http”. The ZyAIR allows SSL c onnections to take place through the ZyAIR. Wi-Fi Protected Access Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.
ZyAIR Wireless Gatew ay Series User’s Guide Getting to Know Your ZyAIR 1-5 PPTP Encapsulation Point-to-Poi nt Tunnelin g Protocol (PPTP) is a net work prot ocol that enabl es secure transfer of data f rom a remote client to a private server, c reating a Virtual Private Network (VPN) using a TCP/IP-b ased network.
ZyAIR Wireless Gatew ay Series User’s Guide 1-6 Getting to Know Your ZyAIR SNMP SNMP (Sim ple Network Managem ent Protocol ) is a pr otocol used for exchanging manag ement informati on between netw ork devices. SNMP is a m e mber of the TC P/IP protoc ol suite.
ZyAIR Wireless Gatew ay Series User’s Guide Getting to Know Your ZyAIR 1-7 1.3 Application for the Zy AIR Here is an application exam ple of what you can do with your ZyAIR. 1.3.1 Internet Access Application Add a wireless LAN to your existing network without expensive network cabl es.
.
ZyAIR Wireless Gatew ay Series User’s Guide Introducing the Web Configurato r 2-1 Chapter 2 Introducing the Web Configurator This chapter describes how to access the ZyAIR we b configurator and provides an overview of its screens. 2.1 W eb Configurator Overview The web configurator makes it easy to configure and manage the ZyAIR.
ZyAIR Wireless Gatew ay Series User’s Guide 2-2 Introducing the Web Configurator Figure 2-2 Change Password Screen Step 7. You should now see the MAIN MENU screen. The ZyAIR automatically times out af ter five minutes of inactivity . Simply log back into the ZyAIR if this happens to you.
ZyAIR Wireless Gatew ay Series User’s Guide Introducing the Web Configurato r 2-3 2.3.2 Uploading a Configurat ion File via Console Port This method i s only appl icable to Zy AIR models with a console port, suc h as the ZyAIR B-2000. Step 1. Download the defau lt configuration file from the ZyAIR FTP site, unzip it and save it in a folder.
ZyAIR Wireless Gatew ay Series User’s Guide 2-4 Introducing the Web Configurator 2.4 Navigating the Zy AIR W eb Configurator The followin g summari zes how to navi gate the web configurator from the MAIN MENU screen. We use the ZyAIR B-2000v.2 web conf igurator in this guid e as an example.
ZyAIR Wireless Gatew ay Series User’s Guide Wizard Setup 3-1 Chapter 3 Wizard Setup This chapter provides information on the Wiza rd Setup screens in the web configurator. 3.1 W i zard Setup Overview The web configurator’s setup wizard helps you configur e your Zy AIR for Internet access and set up wireless LAN.
ZyAIR Wireless Gatew ay Series User’s Guide 3-2 Wizard Setup 3.2 W i zard Setup: General Setup General Setup contains administrative and syste m-related information. Figure 3-1 Wizard 1: General Setup The following table describes the labels in this screen.
ZyAIR Wireless Gatew ay Series User’s Guide Wizard Setup 3-3 Table 3-1 Wizard 1: General Setup LA BEL DESCRIPTION System Name It is recommended you type your comp uter 's "Computer name". some ISPs check this name you should enter your computer's "Compute r Name".
ZyAIR Wireless Gatew ay Series User’s Guide 3-4 Wizard Setup Figure 3-2 Wizard 2: Wireless LAN Setup The following table describes the labels in this screen. Table 3-2 Wizard 2: Wireless LAN Setup LA BEL DESCRIPTION ESSID Enter a descriptive name (up to 32 printable 7- bit ASCII characters) for the wireless LAN.
ZyAIR Wireless Gatew ay Series User’s Guide Wizard Setup 3-5 Table 3-2 Wizard 2: Wireless LAN Setup LA BEL DESCRIPTION WEP Encryption Select Disable allows all wireless computers to communicate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to allo w data encryption.
ZyAIR Wireless Gatew ay Series User’s Guide 3-6 Wizard Setup Figure 3-3 Wizard 3: Ethernet Encapsulation The following table describes the labels in this screen.
ZyAIR Wireless Gatew ay Series User’s Guide Wizard Setup 3-7 Table 3-3 Wizard 3: Ethernet Enca psulation LA BEL DESCRIPTION User Name Type the username given to you by your ISP. Password Type the password ass ociated with the username above. Login Server IP Address The ZyAIR will find the Roadrunner Server IP if this field is left blank.
ZyAIR Wireless Gatew ay Series User’s Guide 3-8 Wizard Setup Figure 3-4 Wizard 3: PPTP Encapsulation The following table describes the labels in this screen. Table 3-4 Wizard 3: PPTP Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation Select PPTP from the drop-down list box.
ZyAIR Wireless Gatew ay Series User’s Guide Wizard Setup 3-9 Table 3-4 Wizard 3: PPTP Encapsulation LABEL DESCRIPTION Nailed-Up Connection Select Nailed-Up Connection if you do not want the connection to time out. Idle Timeout Type the time in seconds that elap ses before the ZyAIR automatically disconnects from the PPTP server.
ZyAIR Wireless Gatew ay Series User’s Guide 3-10 Wizard Setup Operationally, PPPoE saves sign ificant effort for both the subscri b er and the ISP/carrier, as it requires no specific configuration of the broadban d modem at the subscrib er’s site.
ZyAIR Wireless Gatew ay Series User’s Guide Wizard Setup 3-11 Table 3-5 Wizard 3: PPPoE Encapsulation LABEL DESCRIPTION Encapsulation Choose a n encapsulation method from the p ull-down list box. PPPoE forms a dial- up connection. Service Name Type the name of your serv ice provider.
ZyAIR Wireless Gatew ay Series User’s Guide 3-12 Wizard Setup Regardless of your p articular situation, do not create an arbitrary IP address; always follow the guidelines above.
ZyAIR Wireless Gatew ay Series User’s Guide Wizard Setup 3-13 3.5.4 W AN MAC Address Every Ethernet device ha s a unique MAC (Media Access Control) address. The MAC address is assigned at the factory an d consists of six pairs of he xadeci mal characters, for exampl e, 00:A 0:C5:00: 00:02.
ZyAIR Wireless Gatew ay Series User’s Guide 3-14 Wizard Setup Figure 3-6 Wizard 4: WAN and DNS The following table describes the labels in this screen. Table 3-8 Wizard 4: WAN and DNS LA BEL DESCRIPTION WAN IP Address Assignment Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address.
ZyAIR Wireless Gatew ay Series User’s Guide Wizard Setup 3-15 Table 3-8 Wizard 4: WAN and DNS LA BEL DESCRIPTION My WAN IP Subnet Mask Enter the IP subnet mask in this field if you selected Use Fixed IP Address . This field is not available when you select PPPoE and PPTP encapsul ation in the previous wizard screen.
ZyAIR Wireless Gatew ay Series User’s Guide 3-16 Wizard Setup Table 3-8 Wizard 4: WAN and DNS LA BEL DESCRIPTION Spoof this Computer's MAC address - IP Address Select this option and enter the IP addr ess of the computer on the LAN whose MAC address you are cloning .
ZyAIR Wireless Gatew ay Series User’s Guide Wizard Setup 3-17 Figure 3-7 Setup Complete Well done! You have successfully set up your ZyAIR to operate on your networ k and access the Internet.
.
System, LAN and Wireless II Part II: SYSTEM, LAN AND WIRELESS This part discusse s the System, LAN, and Wireless setup scre ens..
.
ZyAIR Wireless Gatew ay Series User’s Guide System Screens 4-1 Chapter 4 System Screens This chapter provides information on the System screens. 4.1 System Overview This section provides i nformation on general system setup. 4.2 Configuring General Setup Click ADVANC ED and th en SYSTEM to open the General screen.
ZyAIR Wireless Gatew ay Series User’s Guide 4-2 System Screens Table 4-1 System General Setup LABEL DESCRIPTION System Name Type a descriptive name for identific atio n purposes. Some ISPs check this name, so it is recommended you enter your comp uter's "Computer name" This name can be up to 30 alpha numeric charac ters long.
ZyAIR Wireless Gatew ay Series User’s Guide System Screens 4-3 First of all, y ou need to have registere d a dynamic DNS accou nt with ww w.dyndns .org. This is for pe ople with a dynamic IP from their ISP or DHCP serv er th at would still like to have a DNS name.
ZyAIR Wireless Gatew ay Series User’s Guide 4-4 System Screens Figure 4-2 DDNS The following table describes the labels in this screen. Table 4-2 DDNS LABEL DESCRIPTION Enable DDNS Select this check box to activate DDNS. Service Provider Select the name of your DDNS service provi der.
ZyAIR Wireless Gatew ay Series User’s Guide System Screens 4-5 Table 4-2 DDNS LABEL DESCRIPTION User Name Type your user name. Password Type the password assigned to you. Enable Wildcard Option Your ZyAIR supports DYNDNS wildcard. Select the check box to enable.
ZyAIR Wireless Gatew ay Series User’s Guide 4-6 System Screens Figure 4-3 Password The following table describes the labels in this screen. Table 4-3 Password LABEL DESCRIPTION Old Password Type in your existing system pass word (1234 is the default password).
ZyAIR Wireless Gatew ay Series User’s Guide System Screens 4-7 Figure 4-4 Time Setting The following table describes the labels in this screen. Table 4-4 Time Setting LABEL DESCRIPTION Time Protocol Select the time service protocol that your tim e server sends when you turn on the ZyAIR.
ZyAIR Wireless Gatew ay Series User’s Guide 4-8 System Screens Table 4-4 Time Setting LABEL DESCRIPTION Time Server Address Enter the IP address or the URL of your time server. Check with your ISP/network administrator if you are unsur e of this info rmation (the default is tick.
ZyAIR Wireless Gatew ay Series User’s Guide LAN Screens 5-1 Chapter 5 LAN Screens This chapter describes how to configure LAN settings. 5.1 LAN Overview Local Area Network (L AN) is a shared comm unication sy stem to which many computers are attached.
ZyAIR Wireless Gatew ay Series User’s Guide 5-2 LAN Screens 5.3 DHCP Setup DHCP (Dynamic H ost Configuration Protoco l, RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP config uration at start -up from a ser ver. You can configure the ZyAIR as a DHCP server or disable it.
ZyAIR Wireless Gatew ay Series User’s Guide LAN Screens 5-3 5.6 Multicast Traditionally, IP packets are tran smitted in one of eith er two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everyb ody on the network). Multi cast delivers IP packets to a group of hosts o n the network - not e verybody and not just 1.
ZyAIR Wireless Gatew ay Series User’s Guide 5-4 LAN Screens Figure 5-2 IP The following table describes the labels in this screen. Table 5-1 IP LABEL DESCRIPTION DHCP Setup DHCP Server Select this o.
ZyAIR Wireless Gatew ay Series User’s Guide LAN Screens 5-5 Table 5-1 IP LABEL DESCRIPTION Pool Size This field specifies the size or count of the IP addr ess pool.
ZyAIR Wireless Gatew ay Series User’s Guide 5-6 LAN Screens Table 5-1 IP LABEL DESCRIPTION Reset Click Reset to reload the pr evious configurati on for this screen.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Configuration and Roamin g 6-1 Chapter 6 Wireless Configuration and Roaming This chapter discusses how to configure the Wireless and Roaming screen s on the ZyAIR. 6.1 Wireless LAN Overview This section introduces the wireless LA N(WLAN) and so me basi c scenar ios.
ZyAIR Wireless Gatew ay Series User’s Guide 6-2 Wireless Configuration and Roaming Figure 6-2 Basic Service set 6.1.3 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each contai ning an access point, with each access point conne cted together by a wired ne twork.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Configuration and Roamin g 6-3 Figure 6-3 Extended Service Set 6.2 W ireless LAN Basics Refer also to the Wizard Setup chapter for more backgro und information on Wireless LAN features, such as channels.
ZyAIR Wireless Gatew ay Series User’s Guide 6-4 Wireless Configuration and Roaming Figure 6-4 RTS/CTS When station A sends data to th e ZyAIR, it might not know that station B is already using the channel.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Configuration and Roamin g 6-5 A large Fragmentation Thre shold is recommend ed for networks no t prone to interfere nce while you shou ld set a smaller t hreshold for busy networ ks or networ ks that are prone to i nterference .
ZyAIR Wireless Gatew ay Series User’s Guide 6-6 Wireless Configuration and Roaming Figure 6-5 Wireless The following table describes the general wireless LAN labels in this screen.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Configuration and Roamin g 6-7 Table 6-1 Wireless LABEL DESCRIPTION Enable Wireless LAN Click the check box to activate wireless LAN. ESSID (Extended Service Set IDentity) T he ESSI D identifies the Service Set with which a wireless station is associated .
ZyAIR Wireless Gatew ay Series User’s Guide 6-8 Wireless Configuration and Roaming 6.4 Configuring Roaming A wireless station is a device with an IEEE 802.11b c o mpliant wireless a dapter. An access point (AP) acts as a bridge betwe en the wireless and wi red network s.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Configuration and Roamin g 6-9 Step 1. As wireless station Y moves from the cover age area of a ccess point AP 1 to that of access point AP 2 , it scans and uses the signal of access point AP 2 . Step 2.
ZyAIR Wireless Gatew ay Series User’s Guide 6-10 Wireless Configuration and Roaming Table 6-2 Roaming LABEL DESCRIPTION Active Select Yes from the drop-down list box to e nable roaming on the ZyAIR if you have two or more ZyAIRs on the same subnet. All APs on the same subnet and the wireless st ations must have the same ESSID to allo w roaming.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Security 7-1 Chapter 7 Wireless Security This Chapter describes how to use the MAC F ilter, 802.
ZyAIR Wireless Gatew ay Series User’s Guide 7-2 Wireless Security 7.2.1 Dat a Encr yption WEP provides a mechanism for encrypting data us ing en cryption keys. Both th e AP and the wireless stations must use the same WEP key t o encrypt and decrypt data.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Security 7-3 Shared key authentication involves a four-message procedure. A wireless station sends a shared key authentication request to the AP, which will then reply with a challenge text message.
ZyAIR Wireless Gatew ay Series User’s Guide 7-4 Wireless Security Figure 7-3 Wireless The following table d escribes the wireless LAN security lab els in this screen.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Security 7-5 Table 7-1 Wireless : WEP Fields LABEL DESCRIPTION WEP Encryption Select Disable to allow wireless stations to communi cate with the access points without any data encryption. Select 64-bit WEP or 128-bit WEP to enable data e ncryption.
ZyAIR Wireless Gatew ay Series User’s Guide 7-6 Wireless Security 7.4 MAC Filter The MAC filter screen allows you to confi gure the ZyAIR to give exclusive access to up to 32 devices (Allow Association) or exclude up to 32 devices from accessing the ZyAIR (D eny Association).
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Security 7-7 Figure 7-4 MAC Address Filter The following table describes the labels in this menu.
ZyAIR Wireless Gatew ay Series User’s Guide 7-8 Wireless Security Table 7-2 MAC Address Filter LA BEL DESCRIPTION Active Select Yes from the drop down list bo x to enable MAC address filtering. Filter Action Define the filter action for t he list of MAC addresses in the MAC A ddress table.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Security 7-9 7.7 Introduction to WP A Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specificatio n draft. Key differences between WPA and WEP are user authenti cation an d improve d data encrypt ion.
ZyAIR Wireless Gatew ay Series User’s Guide 7-10 Wireless Security Step 1. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 a nd 63 ASCII characters (including spaces and symbols).
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Security 7-11 Figure 7-6 WPA with RADIUS Application Example 7.10 Security Parameters Summary Refer to this table to see what other secu rity pa rameters you shoul d configure for each Authentication Method/ key m anagement protocol ty pe.
ZyAIR Wireless Gatew ay Series User’s Guide 7-12 Wireless Security Table 7-3 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL ENCRYPTION METHOD ENTER MA NUAL KE Y IEEE 802.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Security 7-13 Figure 7-7 Wireless LAN: 802.1x/WPA The following table describes the labels in this screen. Table 7-4 Wireless LAN: 802.1x/WPA LABEL DESCRIPTION Wireless Port Control To control wireless stations access to the wired net work, select a control method from the drop-down list box.
ZyAIR Wireless Gatew ay Series User’s Guide 7-14 Wireless Security Figure 7-8 Wireless LAN: 802. 1x/WPA for 802.1x Protocol The following table describes the labels in this screen.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Security 7-15 Table 7-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION ReAuthentication Timer (In Seconds) Specify how often wireless stations have to reenter usern ames and passwords in order to stay connected.
ZyAIR Wireless Gatew ay Series User’s Guide 7-16 Wireless Security Table 7-5 Wireless LAN: 802.1x/WPA for 802.1x Protocol LABEL DESCRIPTION Authentication Databases The authentication databas e cont ains wireless station login information. The local user database is the built-in databas e on the ZyAIR.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Security 7-17 Figure 7-9 Wireless LAN: 802. 1x/WPA for WPA Protocol The following table describes the labels not previousl y discusse d Table 7-6 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTION Key Management Protocol Choose WPA in this field.
ZyAIR Wireless Gatew ay Series User’s Guide 7-18 Wireless Security Table 7-6 Wireless LAN: 802.1x/WPA for WPA Protocol LABEL DESCRIPTION Authentication Databases When you configure Key Management Protocol to WPA , the Authentication Databases must be RADIUS Only .
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Security 7-19 Table 7-7 Wireless LAN: 802.1x/WPA for WPA-PSK Proto col LABEL DESCRIPTION Key Management Protocol Choose WPA-PSK in this field. Pre-Shared Key The encryption mechanisms used for WPA and WPA- PSK are the same.
ZyAIR Wireless Gatew ay Series User’s Guide 7-20 Wireless Security Figure 7-11 Local User Database The following table describes the labels in this screen.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Security 7-21 Table 7-8 Local User Database LABEL DESCRIPTION Active Select this option to activate the user profile. User Name Enter the user name (up to 31 characters) for this user profile. Password T ype a password (up to 31 characters) for this user profil e.
ZyAIR Wireless Gatew ay Series User’s Guide 7-22 Wireless Security • Access-Challenge Sent by a RADIUS server requesting m ore inform ation in order to allow access. The access point sends a proper response from the user and then sends another Access-Request m essage.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless Security 7-23 • The ZyAIR sends a “request identity” message to the wireless station for identity information. • The wireless station replies with identity information, including username and p assword.
ZyAIR Wireless Gatew ay Series User’s Guide 7-24 Wireless Security Table 7-9 RADIUS LABEL DESCRIPTION Authentication Server Active Select Yes from the drop down list box to enab le user authentic ation through an external authenticati on server.
WAN III Part III: WAN This part covers the web configurator screen and information about W AN..
.
ZyAIR Wireless Gatew ay Series User’s Guide WAN Screens 8-1 Chapter 8 WAN Screens This chapter describes how to c onfigure the ZyAIR WAN screens. 8.1 W AN Overview A WAN (Wi de Area Netw ork) is an outside con nection to a nother net work or the I nternet.
ZyAIR Wireless Gatew ay Series User’s Guide 8-2 WAN Screens Table 8-1 Ethernet Encapsulation LABEL DESCRIPTION Encapsulation You must choose the Ethernet opt ion when the WAN port is used as a regular Ethernet.
ZyAIR Wireless Gatew ay Series User’s Guide WAN Screens 8-3 Table 8-2 Service Type LABEL DESCRIPTION Encapsulation You must choose the Ethern et opt ion when the WAN port is used as a regular Ethernet.
ZyAIR Wireless Gatew ay Series User’s Guide 8-4 WAN Screens Figure 8-3 PPPoE Encapsulation The following table describes the labels in this screen. Table 8-3 PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters fo r Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE.
ZyAIR Wireless Gatew ay Series User’s Guide WAN Screens 8-5 Table 8-3 PPPoE Encapsulation LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyAIR.
ZyAIR Wireless Gatew ay Series User’s Guide 8-6 WAN Screens Figure 8-4 PPTP Encapsulation The following table describes the labels in this screen. Table 8-4 PPTP Encapsulation LABEL DESCRIPTION ISP .
ZyAIR Wireless Gatew ay Series User’s Guide WAN Screens 8-7 Table 8-4 PPTP Encapsulation LABEL DESCRIPTION User Name Type the user name given to you b y your ISP.
ZyAIR Wireless Gatew ay Series User’s Guide 8-8 WAN Screens 8.4 Configur ing W AN IP To change your ZyAIR’s WAN IP settings, click ADVANCED , WAN an d then the IP tab.
ZyAIR Wireless Gatew ay Series User’s Guide WAN Screens 8-9 Table 8-5 IP Setup LA BEL DESCRIPTION Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address. This is the default selection. Use fixed IP address Select this option If the ISP assigned a fixed IP address.
ZyAIR Wireless Gatew ay Series User’s Guide 8-10 WAN Screens Table 8-5 IP Setup LA BEL DESCRIPTION Private (PPPoE and PPTP only) This parameter determines if the Z yAIR will include the route to this remote node in its RIP broadcasts. If select Yes , this route is kept privat e and not included in RIP broadcast.
ZyAIR Wireless Gatew ay Series User’s Guide WAN Screens 8- 11 Table 8-5 IP Setup LA BEL DESCRIPTION Allow between LAN and WAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN.
.
SUA/NAT and Static Route IV Part IV: SUA/NAT AND STATIC ROUTE This part covers the inform ation about SUA/NA T and S tatic Route setup..
.
ZyAIR Wireless Gatew ay Series User’s Guide SUA/NAT 9-1 Chapter 9 Single User Account (SUA) / Network Address Translation (NAT) This chapter discusses how to configure SUA/NAT on the ZyAIR . 9.1 NA T Overview NAT (Network Address Tran slation - NAT, RFC 1631) is the translation of the IP addr ess of a host in a packet.
ZyAIR Wireless Gatew ay Series User’s Guide 9-2 SUA/NAT NA T never changes the IP address (either local or global) of an outside host. 9.1.2 What NA T Does In the simplest form, NAT changes the sour.
ZyAIR Wireless Gatew ay Series User’s Guide SUA/NAT 9-3 Figure 9-1 How NAT Works 9.1.4 NA T Application The following figure illu strates a possible NAT applicatio n, where three inside LANs (logical LANs using IP Alias) behi nd the ZyAIR ca n comm unicate with three distinct WA N networks.
ZyAIR Wireless Gatew ay Series User’s Guide 9-4 SUA/NAT Figure 9-2 NAT Application w ith IP Alias 9.1.5 NA T Mapping T ypes NAT supports five types of IP/port m apping. They are: One to One : In One-to-One mode, the ZyAIR maps o ne local IP address to one gl obal IP addres s.
ZyAIR Wireless Gatew ay Series User’s Guide SUA/NAT 9-5 Server : This type allows you to sp ecify inside server s of different services b ehind the NAT to be accessible to the outside world. Port numbers do not change for One-to-One and Many-One-to-One NA T mapping types.
ZyAIR Wireless Gatew ay Series User’s Guide 9-6 SUA/NAT 9.2 SUA Server An SUA server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visibl e to the outside w o rld even thou gh SUA makes y our whole inside networ k appear as a si ngle computer to the outside world.
ZyAIR Wireless Gatew ay Series User’s Guide SUA/NAT 9-7 Table 9-3 Services and Port Numbers SERVICES PORT NUMBER SNMP (Simple Network Management Protocol) 161 SNMP trap 162 PPTP (Point-to-Point Tunnelin g Protocol) 1723 9.
ZyAIR Wireless Gatew ay Series User’s Guide 9-8 SUA/NAT Figure 9-4 SUA/NAT Setup The following table describes the labels in this screen. Table 9-4 SUA/NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specified services, NAT supp orts a default server.
ZyAIR Wireless Gatew ay Series User’s Guide SUA/NAT 9-9 Table 9-4 SUA/NAT Setup LABEL DESCRIPTION Start Port End Port Enter a port number here. To forward only one port, enter the port num ber in the Start Port field and then type it again in the End Port field.
ZyAIR Wireless Gatew ay Series User’s Guide 9-10 SUA/NAT Figure 9-5 Address Mapping The following table describes the labels in this screen. Table 9-5 Address Mapping LABEL DESCRIPTION # T his field displays the index number of the address mappin g rule.
ZyAIR Wireless Gatew ay Series User’s Guide SUA/NAT 9-11 Table 9-5 Address Mapping LABEL DESCRIPTION Insert Click Insert to insert a new mapping rule before an existin g one. Edit Click Edit to go to the Address Ma pping Rule screen. Delete Click Delete to delete an address mapping rule.
ZyAIR Wireless Gatew ay Series User’s Guide 9-12 SUA/NAT Table 9-6 Address Mapping Rule LABEL DESCRIPTION Local End IP This is the end local IP address (ILA). If your rule is for all lo cal IP addresses, then enter 0.0.0.0 as the Local Start IP address and 255.
ZyAIR Wireless Gatew ay Series User’s Guide Static Route 10-1 Chapter 10 Static Route This chapter shows you how to config ure static routes for your ZyAIR. 10.1 S t atic Route Overview Each remote n ode specifies only the netw ork to which t he gateway is directly conne cted, and the ZyAIR has no knowledge of the networks bey o nd.
ZyAIR Wireless Gatew ay Series User’s Guide 10-2 Static Route Figure 10-2 IP Static Route Summary The following table describes the labels in this screen. Table 10-1 IP Static Route Summary LABEL DESCRIPTION # This field displays an individual static route i ndex number.
ZyAIR Wireless Gatew ay Series User’s Guide Static Route 10-3 Table 10-1 IP Static Route Summary LABEL DESCRIPTION Delete To remove a static route on the ZyAIR, click the radio button next to the static route index number you want to remove, then click Delete .
ZyAIR Wireless Gatew ay Series User’s Guide 10-4 Static Route Table 10-2 Edit IP Static Route LABEL DESCRIPTION Destination IP Address Type the IP network address of the final destination. Routing is al ways based on network number. If you need to specify a route to a singl e host, use a subnet mask of 255.
Firewall and Remote Manageme nt V Part V: FIREWALL A ND REMOTE MANAGEMENT This part introduces fire walls in general and the ZyAIR firewall. It also explains custom port s and gives example firewall rules and informa tion on Remote Management.
.
ZyAIR Wireless Gatew ay Series User’s Guide Introduction to Firewalls 11-1 Chapter 11 Introduction to Firewalls This chapter gives some background information on firewalls and introduces the ZyAIR firewall. This chapter is not applicable to the ZyAIR B-2000 .
ZyAIR Wireless Gatew ay Series User’s Guide 11-2 Introduction to Firewalls i. Information hi ding prevents the nam es of internal systems from being made known via D NS to outside system s, since the ap plication gate way is the only host wh ose name m ust be made know n to outside systems.
ZyAIR Wireless Gatew ay Series User’s Guide Introduction to Firewalls 11-3 Figure 11-1 Fire wall Application 11.4.1 Basics Computers s hare inform ation over the Internet usi ng a com mon languag e called TCP/ IP. TCP/IP, in turn, i s a set of applicati on protocol s that perform specific functions.
ZyAIR Wireless Gatew ay Series User’s Guide 11-4 Introduction to Firewalls 11.4.2 T ypes of DoS Att acks There are four types of DoS a ttacks: 1. Those that e xploit bu gs in a TCP/IP im plementation. 2. Those that exploit weaknesse s in the TCP/IP specification.
ZyAIR Wireless Gatew ay Series User’s Guide Introduction to Firewalls 11-5 2-a SYN Attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response.
ZyAIR Wireless Gatew ay Series User’s Guide 11-6 Introduction to Firewalls Figure 11-4 Smurf Attack ICMP Vulnerability ICMP is a n error-re porting protocol t hat works i n conc ert with IP.
ZyAIR Wireless Gatew ay Series User’s Guide Introduction to Firewalls 11-7 Table 11-4 Legal SMTP Commands AUTH DATA EHLO ETRN EXPN HELO HELP MAIL NOOP QUIT RCPT RSET SAML SEND SOML TURN VRFY Traceroute Traceroute is a utility used to determ ine the path a packet takes between t w o endpoints.
ZyAIR Wireless Gatew ay Series User’s Guide 11-8 Introduction to Firewalls Figure 11-5 Stateful Inspection The previous figure shows the Zy AIR’s defaul t firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Teln et session from within the LAN and responses to this request are allowed.
ZyAIR Wireless Gatew ay Series User’s Guide Firewall Screens 12-1 Chapter 12 Firewall Screens This chapter shows you how to configure your ZyAIR firewall. This chapter is not applicable to the ZyAIR B-2000. 12.1 Access Methods The web confi gurator is, by far, the most comprehensi ve firewall c onfiguration tool your ZyAIR has t o offer.
ZyAIR Wireless Gatew ay Series User’s Guide 12-2 Firewall Screens If you configure firewall rules without a good underst anding of how they work, you might inadvertently introduce security risks to the fire w all and to the protected network. Make sure y ou test your rules af ter you configure th em.
ZyAIR Wireless Gatew ay Series User’s Guide Firewall Screens 12-3 2. Is it possible to modify the rule to be more specifi c? For example, if IRC is blocked for all users, will a rule that blocks just certain users be more ef fective? 3.
ZyAIR Wireless Gatew ay Series User’s Guide 12-4 Firewall Screens 12.5 Connection Direction Examples This section de scribes examples for fire wall rules for conne ctions goin g from LAN t o WAN and from WA N to LAN. LAN to LAN/ZyAIR and WAN to WAN/ ZyAIR rules apply to packets com i ng in on the associated interface (LAN or WAN respectiv ely).
ZyAIR Wireless Gatew ay Series User’s Guide Firewall Screens 12-5 Figure 12-1 LAN to WAN Traffic 12.5.2 W AN to LAN Rules WAN-to-LAN rules are Internet to your local network firewall rules. The default is to block all traffic from the Internet to your local network.
ZyAIR Wireless Gatew ay Series User’s Guide 12-6 Firewall Screens Figure 12-2 WAN to LA N Traffic 12.6 Enabling Firewall The ordering of your rules is very import ant as rules are applied in turn. The default rules allow LAN-to-WAN traffic and deny traffic initiated from WAN-to-LAN.
ZyAIR Wireless Gatew ay Series User’s Guide Firewall Screens 12-7 Figure 12-3 Fire wall Settings The following table describes the labels in this screen. Table 12-1 Firewall Settings LA BEL DESCRIPTION Enable Firewall Select this che ck box to activate the firewall.
ZyAIR Wireless Gatew ay Series User’s Guide 12-8 Firewall Screens Table 12-1 Firewall Settings LA BEL DESCRIPTION Packets to Log Choose what LA N to W AN packets to log.
ZyAIR Wireless Gatew ay Series User’s Guide Firewall Screens 12-9 Figure 12-4 Fire wall Filter The following table describes the labels in this screen. Table 12-2 Firewall Filter LABEL DESCRIPTION Restrict Web Features Select the categories of web featur es that you want to restrict.
ZyAIR Wireless Gatew ay Series User’s Guide 12-10 Firewall Screens Table 12-2 Firewall Filter LABEL DESCRIPTION ActiveX ActiveX is a tool for building dynamic and act ive Web pages and distri buted object applications.
ZyAIR Wireless Gatew ay Series User’s Guide Firewall Screens 12-11 12.6.2 Configuring Firewall Services Click ADVANC ED , FIREWALL and then the Services tab to open the Services screen. Use this screen to enable service blocking, e n ter/delet e/modify t he services yo u want to bl ock and t he date/tim e you want to block them .
ZyAIR Wireless Gatew ay Series User’s Guide 12-12 Firewall Screens Table 12-3 Creating/Editing A Fire w all Rule LABEL DESCRIPTION Enable Services Blocking Select the check box to activate service blocking. Available Services This is a list of pre-defined se rvices (ports) yo u may proh ibit your LAN com puters from using.
ZyAIR Wireless Gatew ay Series User’s Guide Firewall Screens 12-13 12.6.3 Predefined Services The Available Services list box in the Services screen (see Figure 12-5 ) displays all predefined services that the ZyAIR already supports. Next to the na me of the se rvice, two fields a ppear in brackets.
ZyAIR Wireless Gatew ay Series User’s Guide 12-14 Firewall Screens Table 12-4 Predefined Services SERVICE DESCRIPTION NNTP(TCP:119) Network News Transport Protoc ol is the deli very mechanism for the USENET newsgroup service.
ZyAIR Wireless Gatew ay Series User’s Guide Firewall Screens 12-15 Table 12-4 Predefined Services SERVICE DESCRIPTION TFTP(UDP:69) T rivial File Transfer Protocol is an Internet file transfe r protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather tha n TCP (Transmission Control Protocol).
.
ZyAIR Wireless Gatew ay Series User’s Guide Remote Management 13-1 Chapter 13 Remote Management This chapter provides information on the Remo te Management screens.
ZyAIR Wireless Gatew ay Series User’s Guide 13-2 Remote Management 1. A filter in SMT m enu 3.1 (LAN) or in menu 11.5 (WAN) is applied to block a Telnet, FTP or Web service. 2. You have disabled that service in one of the remote m anagement screens.
ZyAIR Wireless Gatew ay Series User’s Guide Remote Management 13-3 13.3 Configuring TELNET Click ADVANC ED and th en REMOTE MGNT to open the TELNET s creen.
ZyAIR Wireless Gatew ay Series User’s Guide 13-4 Remote Management 13.4 Configuring FTP You can uploa d and download the Zy AIR’s firm ware and configuration fil es using FTP, please see the chapter on firmware and configuration file maintenance for details.
ZyAIR Wireless Gatew ay Series User’s Guide Remote Management 13-5 Table 13-2 FTP LABEL DESCRIPTION Reset Click Reset to beg in configuring this screen afresh. 13.5 Configuring WWW To change your ZyAIR’s World Wide Web setting s, click ADVANC ED , REMOTE MGNT and then the WWW tab.
ZyAIR Wireless Gatew ay Series User’s Guide 13-6 Remote Management Table 13-3 WWW LABEL DESCRIPTION Secured Client IP Address A secured client is a “trusted” computer that is allowed to communicate with the ZyAIR using this service. Select Al l to allo w any computer to access the ZyAIR using this service.
ZyAIR Wireless Gatew ay Series User’s Guide Remote Management 13-7 Figure 13-5 SNMP Management Mod el An SNMP m a naged netwo rk consists of two m ain types of compone nt: agents and a manager. An agent is a managem ent software m o dule that resides i n a managed device (the Zy AIR).
ZyAIR Wireless Gatew ay Series User’s Guide 13-8 Remote Management • Set - Allows the manager to set values for object variables within an agent. • Trap - Used by the a gent to inform the manager of some events. 13.6.1 Supported MIBs The ZyAIR supports MIB II that is defin ed in RFC-1213 and RFC-1215.
ZyAIR Wireless Gatew ay Series User’s Guide Remote Management 13-9 13.6.3 REMOTE MANAGEMENT : SNMP To change your ZyAIR’s SNMP settings, click ADVANCED , REMOTE MGNT a nd then the SNMP tab. The screen appears as shown. Figure 13-6 SNMP The following table describes the labels in this screen.
ZyAIR Wireless Gatew ay Series User’s Guide 13-10 Remote Management Table 13-6 SNMP LABEL DESCRIPTION Set Community Enter the Set community , which is the password for incoming Set request s from the management station. Trusted Host If you enter a trusted host, your ZyAI R will only respond to SNMP messages from this address.
ZyAIR Wireless Gatew ay Series User’s Guide Remote Management 13-11 Figure 13-7 DNS The following table describes the labels in this screen. Table 13-7 DNS LABEL DESCRIPTION Server Port The DNS service port num ber is 53 and cannot be changed here. Server Access Select the int erface(s) through wh ich a computer may send DNS queries to the ZyAIR.
ZyAIR Wireless Gatew ay Series User’s Guide 13-12 Remote Management anti-probing, which prevents the ICMP respons e packet from being sent. This keeps out siders from discovering y our ZyAIR w hen unsu pported po rts are probe d. Figure 13-8 Security The following table describes the labels in this screen.
ZyAIR Wireless Gatew ay Series User’s Guide Remote Management 13-13 Table 13-8 Security LABEL DESCRIPTION Do not respond to requests for unauthorized services Select this option to prevent hackers from finding the Z yAIR by probing for unused ports.
.
UPnP and Logs VI Part VI: UPNP AND LOGS This part prov ides information and configuration instructions for UPnP (Universal Plug and Play) and the logs.
.
ZyAIR Wireless Gatew ay Series User’s Guide UPnP Screens 14-1 Chapter 14 UPnP Screen This chapter introduces the Universal Plug and Play feature. 14.1 Universal Plug and Play Overview Universal Plug and Play (U PnP) is a distri buted, open networking st andard that uses TCP/IP for si mple peer-to-peer network connectiv ity between dev ices.
ZyAIR Wireless Gatew ay Series User’s Guide 14-2 UPnP Screens 14.1.3 Cautions with UPnP The automat ed nature of N AT traversal a pplications in establi shing their own services a nd openin g firewall ports may present netwo rk security issues.
ZyAIR Wireless Gatew ay Series User’s Guide UPnP Screens 14-3 Figure 14-1 Configuring UPnP The following table describes the labels in this screen. Table 14-1 Configuring UPnP LA BEL DESCRIPTION Device Name (or UPnP Name) This identifies the ZyAIR in UPnP applic ations.
ZyAIR Wireless Gatew ay Series User’s Guide 14-4 UPnP Screens Table 14-1 Configuring UPnP LA BEL DESCRIPTION Allow UPnP to pass through Firewall Select this check box to create a static LAN to LAN/ ZyAIR rule that allows forwarding of ports 1900 and 80.
ZyAIR Wireless Gatew ay Series User’s Guide UPnP Screens 14-5 Step 3. In the Communications window, select the Universal Plug and Play check box i n the Components selection box. Step 4. Click OK to go back to the Add/Remove Programs Properties window and click Next .
ZyAIR Wireless Gatew ay Series User’s Guide 14-6 UPnP Screens Step 5. In the Networ king Services window, select the Universal Plu g and Play check box. Step 6. Click OK to go back to the Windows Optional Ne tworking Component Wizard window and click Next .
ZyAIR Wireless Gatew ay Series User’s Guide UPnP Screens 14-7 Step 3. In the Internet Connection P roperties window, click Settings to see th e por t mappings that were aut omatically created. Step 4. You may edit or delete the port mappings or cli ck Add to manually ad d port m appings.
ZyAIR Wireless Gatew ay Series User’s Guide 14-8 UPnP Screens When the UPnP-enabled device is disconn ected from your computer , all port mappings will be deleted automaticall y . Step 5. Select the Show icon in notification area when connected check box and click OK .
ZyAIR Wireless Gatew ay Series User’s Guide UPnP Screens 14-9 Step 1. Click Start and then Control Panel . Step 2. Double-click Network Connections . Step 3. Select My Network Pl aces under Other Places . Step 4. An icon with the description for each UPnP-enabled device displays un der Local Network .
ZyAIR Wireless Gatew ay Series User’s Guide 14-10 UPnP Screens Step 6. Right-click the icon fo r your ZyAIR and select Properties . A properties window displays with basic in formation about the ZyAIR.
ZyAIR Wireless Gatew ay Series User’s Guide Logs Screens 15-1 Chapter 15 Logs Screens This chapter contains informati on about configuring general log s ettings and viewing the ZyAIR’s logs. Refer to the appendix for example log message explanations.
ZyAIR Wireless Gatew ay Series User’s Guide 15-2 Logs Screen s Figure 15-1 View Log The following table describes the labels in this screen. Table 15-1 View Log LABEL DESCRIPTION Display Select a log category from the drop do wn list box to display l ogs within the selected category.
ZyAIR Wireless Gatew ay Series User’s Guide Logs Screens 15-3 Table 15-1 View Log LABEL DESCRIPTION Email Log Now Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page. Refresh Click Refresh to rene w the log screen.
ZyAIR Wireless Gatew ay Series User’s Guide 15-4 Logs Screen s Figure 15-2 Log Settings.
ZyAIR Wireless Gatew ay Series User’s Guide Logs Screens 15-5 The following table describes the labels in this screen. Table 15-2 Log Settings LABEL DESCRIPTION Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mai l addresses specified belo w.
ZyAIR Wireless Gatew ay Series User’s Guide 15-6 Logs Screen s Table 15-2 Log Settings LABEL DESCRIPTION Time for Sending Log Enter the time of the day in 24-hour format (for example 23:00 equ als 11:00 pm) to send the logs. Log Select the categories of logs that you want to record.
ZyAIR Wireless Gatew ay Series User’s Guide Logs Screens 15-7 The web site hit count may not be 100% accurate because sometimes when an individual web page loads, it may cont ain references to other web sites that also get counted as hit s. The ZyAIR records web site hits by counting the H TTP GET packets.
ZyAIR Wireless Gatew ay Series User’s Guide 15-8 Logs Screen s Table 15-3 Reports LABEL DESCRIPTION Report Type Use the drop-down list box to select the type of reports to displa y. Web Site Hits displays the web sites that have bee n visited the most often from the LAN and how many times they have been visited.
ZyAIR Wireless Gatew ay Series User’s Guide Logs Screens 15-9 Figure 15-4 Protocol/Port Report The following table describes the labels in this screen. Table 15-4 Protocol/Port Report LABEL DESCRIPTION Protocol/Port This column lists the protocols or service ports for which the most traffic has gone through the ZyAIR.
ZyAIR Wireless Gatew ay Series User’s Guide 15-10 Logs Screens Table 15-4 Protocol/Port Report LABEL DESCRIPTION Refresh Click Refresh to update the report d isplay. The re port also re freshes automa tically when you close and reopen the scre en. Direction This field displays Incoming to denote traffic that is coming in from the WAN to the LAN.
ZyAIR Wireless Gatew ay Series User’s Guide Logs Screens 15-11 The following table describes the labels in this screen. Table 15-5 LAN IP Address Rep ort LABEL DESCRIPTION Start Collection/ Stop Col.
.
Maintenance VII Part VII: MAINTENANCE This part describ es the Maintenan ce web configurator screen s..
.
ZyAIR Wireless Gatew ay Series User’s Guide Maintenance 16-1 Chapter 16 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics.
ZyAIR Wireless Gatew ay Series User’s Guide 16-2 Maintenance Table 16-1 Status LA BEL DESCRIPTION Syst em Na me This is the System Name you enter in the first Internet Access Wizard screen. It is for identification purposes. Model Name The model name identifies your device type.
ZyAIR Wireless Gatew ay Series User’s Guide Maintenance 16-3 Figure 16-2 Status: Show Statis tics The following table describes the labels in this screen.
ZyAIR Wireless Gatew ay Series User’s Guide 16-4 Maintenance Table 16-2 Status: Show Statistics LA BEL DESCRIPTION Stop Click this button to stop refreshing statistics. 16.3 DHCP T able Screen DHCP (Dynamic Ho st Configuration Protoco l, RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP config uration at sta rt-up from a server.
ZyAIR Wireless Gatew ay Series User’s Guide Maintenance 16-5 Table 16-3 DHCP Table LA BEL DESCRIPTION MAC Address The MAC (Media Access Control) or Ethern et addr ess on a LAN (Local Area Net work) is unique to your computer (six pai rs of he xadecimal notation).
ZyAIR Wireless Gatew ay Series User’s Guide 16-6 Maintenance 16.5 Channel Usage The Channel Usage screen displays w hether a cha nnel is used by another wireless netw ork or not. If a channel is bein g used, y ou should select a c hannel removed from it by five channels to c o mpletel y avoid overlap.
ZyAIR Wireless Gatew ay Series User’s Guide Maintenance 16-7 Table 16-5 Channel Usage (ZyAIR B-2 000) LA BEL DESCRIPTION Channel T his is the index number of the channel currently used by the associate d AP in an Infrastructure wireless network or wireless station in an Ad- Hoc wireless network.
ZyAIR Wireless Gatew ay Series User’s Guide 16-8 Maintenance Table 16-6 Channel Usage LA BEL DESCRIPTION Channel T his is the index number of the channel currently used by the associate d AP in an Infrastructure wireless network or wireless station in an Ad- Hoc wireless network.
ZyAIR Wireless Gatew ay Series User’s Guide Maintenance 16-9 Table 16-7 Firmware Upload LA BEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the .
ZyAIR Wireless Gatew ay Series User’s Guide 16-10 Maintenance If the upload was not successful, the fo llowing screen will appear. Click Ret urn to go back to the F/W Upload screen.
ZyAIR Wireless Gatew ay Series User’s Guide Maintenance 16-11 Figure 16-11 Configurati on 16.7.1 Backup Configuration Backup config uration allows you to back up (save) th e Zy AIR’s cu rrent configuration to a file on your computer.
ZyAIR Wireless Gatew ay Series User’s Guide 16-12 Maintenance Click Backup to save your current ZyAIR confi guration t o your com puter. 16.7.2 Restore Configuration Restore configur ation replaces your ZyAIR's current configuration (conte nt filters, firewall settings, etc.
ZyAIR Wireless Gatew ay Series User’s Guide Maintenance 16-13 The ZyAIR automatically restarts in this time causing a te mporary net work disconnect.
ZyAIR Wireless Gatew ay Series User’s Guide 16-14 Maintenance Figure 16-15 Reset Warni ng Message You can also press the RESET button on the side panel to reset the factory defaults of your ZyAIR. Refer to the Resetting the ZyAIR section for more info rmation on the RESET button.
SMT Getting Started Menus VIII Part VIII: SMT GETTING STARTED M ENUS This part introduces the SM T (System M anagement T erminal) and discusses the “Getting S tarted” SMT menus. See the web configurator p arts of this guide for background information on features configurable by web configurator a nd SMT .
.
ZyAIR Wireless Gatew ay Series User’s Guide Introducing the SMT 17-1 Chapter 17 Introducing the SMT This chapter describes how to access the SMT and provides an overview of its menus . 17.1 Connect to your ZyAIR Using T elnet The following proced ure details how to telnet into your ZyAIR.
ZyAIR Wireless Gatew ay Series User’s Guide 17-2 Introducing the SMT Please note that if there is no activity for longer than fiv e minutes (default timeout period) af ter you log in, your ZyAIR will automatically log you out. 17.2.1 Initial Screen When you turn on your ZyAIR, it performs several internal tests as well as line initializatio n.
ZyAIR Wireless Gatew ay Series User’s Guide Introducing the SMT 17-3 Figure 17-3 Menu 23.1 Sy stem Securit y : Change Pass w ord Step 4. Type your new syst em password i n the New Password field (up t o 30 characters), and press [ENTER] .
ZyAIR Wireless Gatew ay Series User’s Guide 17-4 Introducing the SMT Menu 3 LAN Setup Menu 4 Intern et Access Setu p Menu 1 2 S tatic Routing Setup Menu 1 1.5 Remote Node Filter Menu 1 1 Remote N ode Profil e Menu 1 1.3 Remote Node Network Lay er O pt ions Menu 3.
ZyAIR Wireless Gatew ay Series User’s Guide Introducing the SMT 17-5 17.5 Navigating the SMT Interface Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
ZyAIR Wireless Gatew ay Series User’s Guide 17-6 Introducing the SMT Figure 17-5 ZyAIR B-200 0 v.2 SMT Main Menu 17.5.1 System Management T erminal Interface Summary Table 17-2 Main Menu Summary # MENU TITLE DESCRIPTION 1 General Setup Use this menu to set up your general information.
ZyAIR Wireless Gatew ay Series User’s Guide Introducing the SMT 17-7 Table 17-2 Main Menu Summary # MENU TITLE DESCRIPTION 99 Exit Use this to exit from SMT and return to a blank screen.
.
ZyAIR Wireless Gatew ay Series User’s Guide General and WAN Setup 18-1 Chapter 18 General and WAN Setup The chapter shows you the information on general setup and how t o configure the WAN. 18.1 General Setup Menu 1 – General Setup contains admini strative and syste m-related informati on (shown ne xt).
ZyAIR Wireless Gatew ay Series User’s Guide 18-2 General and WAN Setup Figure 18-1 Menu 1 General Setup Step 2. Fill in the required fields. Refer to the table shown nex t for more information about these fields. Table 18-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE System Name Choose a descriptive name for identification purposes.
ZyAIR Wireless Gatew ay Series User’s Guide General and WAN Setup 18-3 Table 18-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE Edit Dynamic DNS Press [SPACE BAR] to select Yes and press [ENTER] to configure Menu 1.1 – Configure Dy namic DNS (discussed next).
ZyAIR Wireless Gatew ay Series User’s Guide 18-4 General and WAN Setup Table 18-2 Menu 1.1 Configure Dy namic DNS FIELD DESCRIPTION EXAMPLE Active Press [SPACE BAR] to select Yes and then press [ENT ER] to make dynamic DNS active. Yes DDNS Type Press [SPACE BAR] and then [ENTER] to select DynamicDNS if you have a dynamic IP address(es).
ZyAIR Wireless Gatew ay Series User’s Guide General and WAN Setup 18-5 Table 18-2 Menu 1.1 Configure Dy namic DNS FIELD DESCRIPTION EXAMPLE User Specified IP Address Press [SPACE BAR] to select Yes and then press [ENTER] to update the IP address of the ho st name(s) to the IP address specified below.
ZyAIR Wireless Gatew ay Series User’s Guide 18-6 General and WAN Setup Table 18-3 Menu 2 WAN Setup FIELD DESCRIPTION EXAMPLE Assigned By Press [SPACE BAR] to select Factory de fault and press [ENTER] to use the factory assigned MAC address.
ZyAIR Wireless Gatew ay Series User’s Guide LAN Setup 19-1 Chapter 19 LAN Setup This chapter shows you how to configure the LAN on your ZyAIR. . 19.1 LAN Setup This section describes how to configure the Ethern et using Menu 3 – LAN Setup . From the main menu, enter 3 to displ ay menu 3.
ZyAIR Wireless Gatew ay Series User’s Guide 19-2 LAN Setup If you need to define filters, please read the Filter Set Configuration chapter first, then return to th is menu to define the filter sets. 19.2 TCP/IP Ethernet and DHCP Setup Use menu 3. 2 to config ure your Zy AIR for TC P/IP.
ZyAIR Wireless Gatew ay Series User’s Guide LAN Setup 19-3 Table 19-1 Menu 3.2 DHCP Ethernet Setup FIELD DESCRIPTION EXAMPLE DHCP If set to Ser ver , your ZyAIR can assign IP addresses, an IP default gateway and DNS servers to Windo ws 95, Windows NT and other systems that support the DHCP client.
ZyAIR Wireless Gatew ay Series User’s Guide 19-4 LAN Setup Table 19-2 Menu3.2 TCP/IP Ethernet Setup FIELD DESCRIPTION EXAMPLE Version Press [ SPACE BAR] to select the RIP version.
ZyAIR Wireless Gatew ay Series User’s Guide LAN Setup 19-5 19.3.1 IP Alias Setup Use menu 3. 2 to confi gure the first netw ork. Move the cursor to Edit IP Alias field and press [ SPACE BAR] to choose Yes and press [ENTER] to configure the second and third ne twork.
ZyAIR Wireless Gatew ay Series User’s Guide 19-6 LAN Setup Table 19-3 Menu 3.2.1 IP Alias Setup FIELD DESCRIPTION EXAMPLE IP Alias Choose Yes to configure the LAN network for the ZyAIR. Yes IP Address Enter the IP address of your ZyAIR in dotted decimal notation 192.
ZyAIR Wireless Gatew ay Series User’s Guide LAN Setup 19-7 Figure 19-8 Menu 3.5 Wireless LAN Setup The following table describes the fields in this menu. Table 19-4 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXMAPLE ESSID The ESSID (Extended Service Set IDentit y) identifies the AP to which the wireless stations associate.
ZyAIR Wireless Gatew ay Series User’s Guide 19-8 LAN Setup Table 19-4 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXMAPLE WEP Select Disable to allow wireless stations to communicate with the access points without any data encr yption. Select 64-bit WEP or 128-bit WEP to enable data e ncryption.
ZyAIR Wireless Gatew ay Series User’s Guide LAN Setup 19-9 Table 19-4 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXMAPLE When you have compl eted this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [E SC] to cancel and go back to the prev ious screen.
ZyAIR Wireless Gatew ay Series User’s Guide 19-10 LAN Setup Figure 19-10 Menu 3.5.1 WLAN MAC Address Filter The following table describes the fields in this menu. Table 19-5 Menu 3.5.1 WLAN M AC Address Filter FIELD DESCRIPTION Active To enable MAC address filter ing, press [SPACE BAR] to select Yes and press [ENTER].
ZyAIR Wireless Gatew ay Series User’s Guide LAN Setup 19-11 19.4.2 Configuring Ro aming on the ZyAIR Enable the roaming featur e if you have two or more ZyAIRs on the same subnet. Follow th e steps below to allow roam ing on your ZyAIR. Step 1. From the main menu, enter 3 to display Menu 3 – LAN Setup .
ZyAIR Wireless Gatew ay Series User’s Guide 19-12 LAN Setup Table 19-6 Menu 3.5.2 Roaming Confi guration FIELD DESCRIPTION Active Press [SPACE BAR] and then [ENTER] to select Yes to enable roamin g on the ZyAIR if you have two or more ZyAIRs on the same subnet.
ZyAIR Wireless Gatew ay Series User’s Guide Internet Access 20-1 Chapter 20 Internet Access This chapter describes how to configu re the ZyAIR for Internet Access. 20.1 Internet Access Configuration Menu 4 allows you to enter the In ternet Access information in one screen.
ZyAIR Wireless Gatew ay Series User’s Guide 20-2 Internet Access Table 20-1 Internet Account Informa tion FIELD DESCRIPTION YOUR INFORMATION DNS Server Address Assignment Primary DNS server Secondary DNS s erver Enter when using RFC 1483 Encaps ulation or a static IP address.
ZyAIR Wireless Gatew ay Series User’s Guide Internet Access 20-3 Table 20-2 Menu 4 Internet Acces s Setup FIELD DESCRIPTION EXAMPLE Service Type This field is available if you select the Ethernet encaps ulation. Press [SPACE BAR] to select the se rvice type then press [ENTER].
.
SMT Advanced Applications Menus IX Part IX: SMT ADVANCED APPLICATION M ENUS This part shows h ow to configure Remote Node, S tatic Routing, Dial-in Use r and NA T .
.
ZyAIR Wirel ess Gateway Serie s User’s Guide Remote Node Configuration 21-1 Chapter 21 Remote Node Configuration This chapter shows you how to set up remote nodes on the WAN side. A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and th e network be hind it acr oss a WAN c onnection.
ZyAIR Wireless Gatew ay Series User’s Guide 21-2 Remote Node Configuration Figure 21-1 Menu 11.1 Remote Node Profile In Menu 11.1 – Remote N ode Profile , fill in the fields as described in the following table.
ZyAIR Wirel ess Gateway Serie s User’s Guide Remote Node Configuration 21-3 Table 21-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Outgoing: My Login Type the login name assign ed by your ISP when the ZyAIR calls this remote node. My Password Type the password assigned b y your ISP when the ZyAIR calls this remote node.
ZyAIR Wireless Gatew ay Series User’s Guide 21-4 Remote Node Configuration Table 21-1 Menu 11.1 Remote Node Profile FIELD DESCRIPTION EXAMPLE Period (hr) This field is the time period that the budget should be reset.
ZyAIR Wirel ess Gateway Serie s User’s Guide Remote Node Configuration 21-5 Move the cur sor to the Edit IP field, press [ SPACE BAR ] to select Yes , then press [ENTER] to display Menu 11.3 – Rem ote Node Network Layer Options shown below. Figure 21-2 Menu 11.
ZyAIR Wireless Gatew ay Series User’s Guide 21-6 Remote Node Configuration Table 21-2 Menu 11.3 Remote Node Netw ork Layer Options FIELD DESCRIPTION EXAMPLE Network Address Translation Press [SPACE BAR] and then [ENTER] to select Full Feature if you have multiple public WAN IP address es for your ZyAIR.
ZyAIR Wirel ess Gateway Serie s User’s Guide Remote Node Configuration 21-7 Figure 21-3 Menu 11.5 Remote Node Filter (Eth ernet Encapsulation ) Figure 21-4 Menu 11.
ZyAIR Wireless Gatew ay Series User’s Guide 21-8 Remote Node Configuration Configuration Step 1. To configure an IP static route, use Menu 12 - Static Route Setup as shwon ne xt. Figure 21-5 Menu 12.1 IP Static Route Setup Step 2. Now, type the route number of a st atic route you want to confi gure.
ZyAIR Wirel ess Gateway Serie s User’s Guide Remote Node Configuration 21-9 Table 21-3 Menu 12.1 Edit IP Static Route FIELD DESCRIPTION Destination IP Address This parameter specifies the IP net work address of the final destination. Routing is always based on net work number.
.
ZyAIR Wirel ess Gateway Serie s User’s Guide Dial-in User Setup 22-1 Chapter 22 Dial-in User Setup This chapter shows you how to create user accounts on the ZyAIR. 22.1 Dial-in User Setup By storing user profiles locally, your ZyAIR is able to authenticate wireless users without interacting with a network RAD IUS server.
ZyAIR Wireless Gatew ay Series User’s Guide 22-2 Dial-in Use r Setup Table 22-1 Menu 14.1- Edit Dial-in User FIELD DESCRIPTION User Name Enter a usern ame up to 31 alphanumer ic characters long for this user profile. This field is case sensitive. Active Press [SPACE BAR] to select Yes and press [ENT ER] to enable the user profile.
ZyAIR Wirel ess Gateway Serie s User’s Guide NAT 23-1 Chapter 23 Network Address Translation (NAT) This chapter discusses h ow to configure NAT on the ZyAIR.
ZyAIR Wireless Gatew ay Series User’s Guide 23-2 NAT Figure 23-2 Menu 11.3 Remote Node Net w ork Layer Options The following table describes the op tions for Network Address Translation.
ZyAIR Wirel ess Gateway Serie s User’s Guide NAT 23-3 Figure 23-3 Menu 15 NAT Setup 23.2.1 Address Mapping Sets Enter 1 to brin g up Menu 15.1 – Address Mapping Sets . Figure 23-4 Menu 15.1 Address Map ping Sets SUA Addr ess Mapping Set Enter 255 to display t he next screen .
ZyAIR Wireless Gatew ay Series User’s Guide 23-4 NAT Figure 23-5 Menu 15.1.255 SUA Addr ess Mapping Rules The following table explains the fields in this menu. Table 23-2 Menu 15.1.255 SUA Ad dress Mapping Rules FIELD DESCRIPTION EX AMPLE Set Name This is the name of the set yo u selected in menu 15.
ZyAIR Wirel ess Gateway Serie s User’s Guide NAT 23-5 User-Defined Address Mapping Set s Now let’s look at option 1 in menu 15.1. Enter 1 to brin g up this menu. We’ll just look at the differences from the pre v ious m enu. Note the extra Act ion and Select Rule fields mean you can configure rules in this screen.
ZyAIR Wireless Gatew ay Series User’s Guide 23-6 NAT Y ou must press [ENTER] at the bottom of the scr een to save the w hole set. Y ou must do this again if you make any changes to the set – includi ng deleting a rule. No changes to the set t ake place until this action is t aken.
ZyAIR Wirel ess Gateway Serie s User’s Guide NAT 23-7 Table 23-4 Menu 15.1.1.1 Address Ma pping Rule FIELD DESCRIPTION EXAMPLE End This is the ending local IP address (ILA). If the rule is for all l ocal IPs, then put the Start IP as 0.0.0. 0 and the End IP as 255.
ZyAIR Wireless Gatew ay Series User’s Guide 23-8 NAT In addition to the servers for specified services, NAT supports a default server. A service request that does not have a server explicitly design ated for it is forwarded to the default server. If the default is not defined, the service request is simply discarded.
ZyAIR Wirel ess Gateway Serie s User’s Guide NAT 23-9 Figure 23-8 Menu 15.2 Port For w arding Setup Step 3. Enter a port number in an unused Start Port No field. To forward only one port, en ter it again in the End Port No field. To specify a range of ports, e nte r the last po rt to be forwar ded in the End Port No field.
ZyAIR Wireless Gatew ay Series User’s Guide 23-10 NAT Figure 23-9 NAT Example 1 Figure 23-10 Menu 4 Internet Access Setup From m enu 4, choose the SUA Onl y option from the Network Address Translation fi eld. This is the Many-to-One m apping discussed in section 23.
ZyAIR Wirel ess Gateway Serie s User’s Guide NAT 23-11 23.4.2 Example 2: Internet A ccess with an Inside Server Figure 23-11 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured S UA Only set) and then go to menu 15.
ZyAIR Wireless Gatew ay Series User’s Guide 23-12 NAT an FTP server and all depart ments use the other IGA. Map the FTP servers to the first two IGAs and the other LAN traffic to the remaining IGA. Map the third IGA to an insi de web server and m ail server.
ZyAIR Wirel ess Gateway Serie s User’s Guide NAT 23-13 Figure 23-14 Menu 11.3 Remote Node Net w ork Layer Options Step 2. Then enter 15 f rom the m ain menu. Step 3. Enter 1 to configure th e Address Mapping Sets. Step 4. Enter 1 to begin configur ing this new set.
ZyAIR Wireless Gatew ay Series User’s Guide 23-14 NAT Step 7. When finished, menu 15. 1.1 should look like as shown next. Figure 23-16 Menu 15.1.1 Address Ma pping Rules Now conf igure th e IGA3 to map to our web serv er and mail serv er on the LAN.
ZyAIR Wirel ess Gateway Serie s User’s Guide NAT 23-15 23.4.4 Example 4: NA T Unfr iendl y Application Programs Some applications do not support NAT Mapping using TC P or UDP port address translation.
ZyAIR Wireless Gatew ay Series User’s Guide 23-16 NAT After you’ve configured your rule, you should b e able to check the settings in menu 15.1.1 as shown next.
ZyAIR Wirel ess Gateway Serie s User’s Guide NAT 23-17 2. Port 7070 is a “trigger” port and causes the ZyAIR to rec ord Jane’s c omputer IP ad dress. The ZyA IR associates Jane's com puter IP address with the "incoming" port range of 69 70-7170.
ZyAIR Wireless Gatew ay Series User’s Guide 23-18 NAT Table 23-6 Menu 15.3 Trigger Port Setup FIELD DESCRIPTION EXAMPLE Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service.
SMT Advanced Management Menus X Part X: SMT ADVANCED MANAGEMENT MENUS This part discusse s Filtering and Firewall setup, SNMP , System Security , System Information and Diagnosis, Firmware and Configuration F ile Main tenance, System Maintenance and Information, Call Scheduling and Remote Manage ment.
.
ZyAIR Wireless Gatew ay Series User’s Guide Filter and Firewall Configuration 24 -1 Chapter 24 Filter and Firewall Configuration This chapter shows you how to create and apply filters and setup firewall. 24.1 About Filtering Your ZyAIR uses filters to decide whether or not to allow passage of a data packet and/or to make a call.
ZyAIR Wireless Gatew ay Series User’s Guide 24-2 Filter and Firewall Configuration Two sets of factory filter rules have been configured in menu 21 to prevent NetBIOS traffic from triggering calls. A summary of their filter rules is shown in the figures that follow.
ZyAIR Wireless Gatew ay Series User’s Guide Filter and Firewall Configuration 24 -3 You can apply up to four filter sets to a particular po rt to bl ock various types of packets. Because each filter set can have up to six rules, you can have a maximum of 24 rule s active for a si ngle port.
ZyAIR Wireless Gatew ay Series User’s Guide 24-4 Filter and Firewall Configuration Figure 24-4 NetBIOS_WAN Filte r Rules Summary Figure 24-5 NetBIOS_LAN Filter Rules Summary Figure 24-6 TEL_FTP_WEB_WAN Filter Rules Summary Menu 21.
ZyAIR Wireless Gatew ay Series User’s Guide Filter and Firewall Configuration 24 -5 24.2.1 Filter Rules Summary Menus The following tables briefly describe the abbreviations used in menus 21.1 .x. Table 24-1 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION # The filter rule number: 1 to 6.
ZyAIR Wireless Gatew ay Series User’s Guide 24-6 Filter and Firewall Configuration Table 24-2 Rule Abbreviations Used FILTER TYPE DESCRIPTION Off Offset Len Length 24.3 Configuring a Filter Rule To configure a filter rule, type its number in Menu 21.
ZyAIR Wireless Gatew ay Series User’s Guide Filter and Firewall Configuration 24 -7 Figure 24-7 Menu 21.1.1 TCP/IP Filter Rule The following table describes how to con figure your TCP/IP filter rule.
ZyAIR Wireless Gatew ay Series User’s Guide 24-8 Filter and Firewall Configuration Table 24-3 Menu 21.1.1 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE IP Addr Type the destination IP address of the packet you want to filter. This field is igno red if it is 0.
ZyAIR Wireless Gatew ay Series User’s Guide Filter and Firewall Configuration 24 -9 Table 24-3 Menu 21.1.1 TCP/IP Filter Rule FIELD DESCRIPTION EXAMPLE Action Matched Select the action for a matching packet. Choices are Check Next Rule , Forward or Drop .
ZyAIR Wireless Gatew ay Series User’s Guide 24-10 Filter and Firewall Configuration Packet into IP Filter Matched Matched Yes Action Matched Action Not Matched More? No Filter Active? Check IP Proto.
ZyAIR Wireless Gatew ay Series User’s Guide Filter and Firewall Configuration 24 -11 24.3.2 Generic Filter Rule This section shows you how to co nfigure a generic filte r rule. The purpose of generic rules is to allow you to filter non-IP packets. For IP, it is generally easier to use the IP rules directly.
ZyAIR Wireless Gatew ay Series User’s Guide 24-12 Filter and Firewall Configuration Table 24-4 Menu 21.1.4.1 Generic Filter Rule FIELD DESCRIPTION EX AMPLE Offset T ype the starting byte of the data portion in the packet that you want to compare. The range for this field is from 0 to 255.
ZyAIR Wireless Gatew ay Series User’s Guide Filter and Firewall Configuration 24 -13 is receiving and sending the packets; for instance, the interface. T he in terface can be an Ethernet, or any other hardware port. The following figure illustrates this.
ZyAIR Wireless Gatew ay Series User’s Guide 24-14 Filter and Firewall Configuration Step 4. Press [ENTER] at the message “ Press ENTER to confirm or ESC to cance l” to open Menu 21.1.3.1 – TCP/IP Filter Rule . Step 5. Type 1 to conf igure the first filter rule.
ZyAIR Wireless Gatew ay Series User’s Guide Filter and Firewall Configuration 24 -15 Figure 24-13 Sample Filter Rules Summary - Menu 21.1.3 After you have created the filter set, you must apply it. Step 1. Enter 11 in the main menu to display menu 11 and type the remote node number to edit.
ZyAIR Wireless Gatew ay Series User’s Guide 24-16 Filter and Firewall Configuration 24.6.1 Ethernet T raffic You seldom need to filter Ethernet tr affic; however, the filter sets may be useful to block certain packets, reduce traffic and prevent security breaches.
ZyAIR Wireless Gatew ay Series User’s Guide Filter and Firewall Configuration 24 -17 24.7 Firewall Setup The ZyAIR wireless gateways employ a stateful in spection firewall with DoS (Denial of Service) protection.
.
ZyAIR Wireless Gatew ay Series User’s Guide SNMP Configuration 25-1 Chapter 25 SNMP Configuration This chapter explains SNMP Configuration menu 22. 25.1 SNMP Configuration To configure SNMP, select optio n 22 from the m ain menu to ope n Menu 22 – S NMP Configuration as shown next .
ZyAIR Wireless Gatew ay Series User’s Guide 25-2 SNMP C onfiguratio n Table 25-1 Menu 22 SNMP Configur ation FIELD DESCRIPTION EXAMPLE Community Type the trap community, which is the pass word sent with each trap to the SNMP manager. public Destination Type the IP address of the stat ion to send your SNMP trap s to.
ZyAIR Wireless Gatew ay Series User’s Guide System Security 26-1 Chapter 26 System Security This chapter describes how to configu re the system security on the ZyAIR. 26.1 System Security You can confi gure the system password, a n external RADIUS server a nd 802.
ZyAIR Wireless Gatew ay Series User’s Guide 26-2 S ystem Security Figure 26-3 Menu 23.2 Sy stem Securit y : RADIUS Server The following table describes the fields in this screen.
ZyAIR Wireless Gatew ay Series User’s Guide System Security 26-3 Table 26-1 Menu 23.2 Sy s tem Security : RADIUS Serv er FIELD DESCRIPTION EXAMPLE Port The default port of the RADIUS server for accounting is 1813 . You need not change this value unl ess your network administrator instructs you to do so with additional information.
ZyAIR Wireless Gatew ay Series User’s Guide 26-4 S ystem Security Figure 26-5 Menu 23.4 Sy stem Securit y : IEEE802.1x The following table describes the fields in this menu. Table 26-2 Menu 23.4 Sy stem Security : IEEE802.1x FIELD DESCRIPTION Wireless Port Control Press [SPACE BAR] and select a security mode for the wireless LAN access.
ZyAIR Wireless Gatew ay Series User’s Guide System Security 26-5 Table 26-2 Menu 23.4 Sy stem Security : IEEE802.1x FIELD DESCRIPTION Idle Timeout (in second) The ZyAIR automatically disconn ects a client from the wired net work after a period of inactivity.
ZyAIR Wireless Gatew ay Series User’s Guide 26-6 S ystem Security Table 26-2 Menu 23.4 Sy stem Security : IEEE802.1x FIELD DESCRIPTION Authentication Databases The authentication databas e contains wireless station login information. The local user database is the built-in database on the Z yAIR.
ZyAIR Wireless Gatew ay Series User’s Guide System Information and Diagnosis 27-1 Chapter 27 System Information and Diagnosis This chapter covers the information and diag nostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software.
ZyAIR Wireless Gatew ay Series User’s Guide 27-2 System Information and Diagnos is Figure 27-2 Menu 24.1 Sy stem Maintenance : Status The following ta ble describe s the fields present in Menu 24.1 – System Maintenance – Status which are read-only and meant fo r diagnosti c purpose s.
ZyAIR Wireless Gatew ay Series User’s Guide System Information and Diagnosis 27-3 Table 27-1 Menu 24.1 Sy stem Maintenance : Status FIELD DESCRIPTION System Up Time T his is the time the ZyAI R is up and running from the last reboot. 27.2 System Information To get to the System Information: Step 1.
ZyAIR Wireless Gatew ay Series User’s Guide 27-4 System Information and Diagnos is The table bel ow describes t he fields f or configurat ion in thi s menu. Table 27-2 Menu 24.2.1 Sy stem Maintenance – Information FIELD DESCRIPTION Name Displa ys the system name of your Zy AIR.
ZyAIR Wireless Gatew ay Series User’s Guide System Information and Diagnosis 27-5 27.3 Log and T race There are two logging facilities in the ZyAIR. The first is the error logs and trace records that are stored locally. The second is the UNIX sysl og facility for m essage logging.
ZyAIR Wireless Gatew ay Series User’s Guide 27-6 System Information and Diagnos is Figure 27-8 Sample Error and Information Mes sages 27.3.2 Syslog Logging The ZyAIR uses the syslog facility to log the CDR (C all Detail Record) and system messages to a syslog server.
ZyAIR Wireless Gatew ay Series User’s Guide System Information and Diagnosis 27-7 Figure 27-10 Menu 24.3.2 Sy stem Maintenance : Syslog Logging You need to configure the UNIX syslog parameters described in the following table to activate syslog and then choose what you want t o log.
ZyAIR Wireless Gatew ay Series User’s Guide 27-8 System Information and Diagnos is 27.4 Diagnostic The diagnostic facility allows you to test the different aspects of your ZyAIR to determine if it is working properly.
ZyAIR Wireless Gatew ay Series User’s Guide Firmware and Configuration File Maintenance 28-1 Chapter 28 Firmware and Configuration File Maintenance This chapter tells you how to back up and restore your configurati on file as well as upload new firmware and a new configuration file.
ZyAIR Wireless Gatew ay Series User’s Guide 28-2 Firmware and Configuration File Maintenanc e Table 28-1 Filename Conventions FILE TYPE INTERNAL NAME EXTERN AL NA M E DESCRIPTION Configuration File Rom-0 T his is the configuration filenam e on the ZyAIR.
ZyAIR Wireless Gatew ay Series User’s Guide Firmware and Configuration File Maintenance 28-3 28.2.1 Backup Configuration Follow the instructions as shown in the next screen. Figure 28-1 Telnet in Menu 24.5 28.2.2 Using the FTP Command from the Command Line Step 1.
ZyAIR Wireless Gatew ay Series User’s Guide 28-4 Firmware and Configuration File Maintenanc e 28.2.3 Example of FTP Commands from the Command Line Figure 28-2 FTP Session Example 28.2.4 GUI-based FTP Client s The followin g table describes some of the comma nds that you m ay see in GUI-based FTP clie nts.
ZyAIR Wireless Gatew ay Series User’s Guide Firmware and Configuration File Maintenance 28-5 3. The IP addres s in the Secured Client IP fie ld in menu 24.11 d oes not m atch the client IP. If it does not match, the ZyAIR will disconnect the Telnet session immediately.
ZyAIR Wireless Gatew ay Series User’s Guide 28-6 Firmware and Configuration File Maintenanc e Table 28-3 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyAIR. 192. 168.1 .1 is the ZyAIR’s default IP address when shipped.
ZyAIR Wireless Gatew ay Series User’s Guide Firmware and Configuration File Maintenance 28-7 Step 3. Run the HyperT erminal pro gram by clickin g Transfer , then Receive File as shown in the following screen. Figure 28-5 Backup Configuration Example Step 4.
ZyAIR Wireless Gatew ay Series User’s Guide 28-8 Firmware and Configuration File Maintenanc e WA R N I N G ! DO NOT INTERUPT THE FILE TRAN SFER PROCESS AS THIS MA Y PERMANENTL Y DAMAGE YOUR ZY AIR. WHEN THE RESTORE CONFIGURA TION PROCESS IS COMPLETE, THE ZY AIR WILL AUTOMA TICALL Y REST ART .
ZyAIR Wireless Gatew ay Series User’s Guide Firmware and Configuration File Maintenance 28-9 28.3.2 Restore Using FTP Session Example Figure 28-8 Restore Usi ng FTP Session Example Refer to section 28 .2.5 to read about configurations that disallo w TFTP and FTP over WAN.
ZyAIR Wireless Gatew ay Series User’s Guide 28-10 Firmware and Configuration File Maintena nce Figure 28-11 Restore Configuration Example Step 4. After a successful restoration you will see the fo llowing screen. Press any key to restart the ZyAIR and ret urn to the SMT me nu.
ZyAIR Wireless Gatew ay Series User’s Guide Firmware and Configuration File Maintenance 28-11 Figure 28-13 Telnet Into Menu 24.7.1 Upload Sy stem Firmware 28.4.2 Configuration File Upload You see the following screen when you telnet into menu 24.7 .
ZyAIR Wireless Gatew ay Series User’s Guide 28-12 Firmware and Configuration File Maintena nce 28.4.3 FTP File Upload Command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Step 2. Enter “open”, followed by a s pace and th e IP address of y o ur ZyAIR.
ZyAIR Wireless Gatew ay Series User’s Guide Firmware and Configuration File Maintenance 28-13 Step 1. Use telnet from your computer to connect to th e ZyAIR and lo g in. Because T FTP does not ha ve any security checks, the ZyAIR records the IP address of the telnet client and accepts TFTP requests only from this address.
ZyAIR Wireless Gatew ay Series User’s Guide 28-14 Firmware and Configuration File Maintena nce 28.4.8 Uploading Firmware File Via C onsole Port (only for ZyAIR B-2000) Step 1. Select 1 from Menu 24.7 – S ystem Maintenance – Upload Firmware to d ispla y Menu 24.
ZyAIR Wireless Gatew ay Series User’s Guide Firmware and Configuration File Maintenance 28-15 28.4.10Uploading Configur ation File V ia Console Port (only for Zy AIR B- 2000) Step 1. Select 2 from Menu 24.7 – S ystem Maintenance – Upload Firmware to d ispla y Menu 24.
ZyAIR Wireless Gatew ay Series User’s Guide 28-16 Firmware and Configuration File Maintena nce Figure 28-19 Example Xmodem Upload After the co nfiguration upload process has c ompleted, rest art the ZyAIR by enterin g “atgo”. Type the configuration file’s location, or click Browse to search for it.
ZyAIR Wireless Gatew ay Series User’s Guide System Maintenance and SMT Menu 2 4 .8 to 24.10 29-1 Chapter 29 System Maintenance and SMT Menu 24.8 to 24.10 This chapter leads yo u through SMT menus 24.8 to 24.10. 29.1 Command Interpreter Mode The Command I nterpreter (CI) is a part o f the main system firmware.
ZyAIR Wireless Gatew ay Series User’s Guide 29-2 System Maintenance and SMT Menu 24.8 to 24.10 29.2 Call Control Support The ZyAIR pr ovides two cal l control funct ions: bu dget managem ent and call history. Pl ease note that thi s menu is only applicab le when Encapsulation is set to PPPoE or PPTP in me nu 4 or m enu 11.
ZyAIR Wireless Gatew ay Series User’s Guide System Maintenance and SMT Menu 2 4 .8 to 24.10 29-3 After each period, the total budget is reset. The default for the total budget is 0 minutes and the period is 0 hours, meaning no budget control. You can reset the accumulated connection time in this menu b y entering the index of a remote node.
ZyAIR Wireless Gatew ay Series User’s Guide 29-4 System Maintenance and SMT Menu 24.8 to 24.10 Table 29-2 Menu 24.9.2 Call History FIELD DESCRIPTION Phone Number The PPPoE service nam es are shown here. Dir T his shows whether the call was incoming or outgo ing.
ZyAIR Wireless Gatew ay Series User’s Guide System Maintenance and SMT Menu 2 4 .8 to 24.10 29-5 Figure 29-6 Menu 24.10 Sy stem Maintenance : Time and Date Setting The following table describes the fields in this menu.
ZyAIR Wireless Gatew ay Series User’s Guide 29-6 System Maintenance and SMT Menu 24.8 to 24.10 Table 29-3 Menu 24.10 System Main tenance : Time and Date Setting FIELD DESCRIPTION Current Date This field displays an updated date o nly when you re-enter this menu.
ZyAIR Wireless Gatew ay Series User’s Guide Remote Management 30-1 Chapter 30 Remote Management This chapter cove rs remote management (SMT m enu 24.11). 30.1 T elnet You can configure y o ur ZyAIR for remote Telnet access as shown ne xt. Figure 30-1 Telnet Confi guration on a TCP/IP Network 30.
ZyAIR Wireless Gatew ay Series User’s Guide 30-2 Remote Man agement 30.4.1 Remote Management Setup Remote manag ement setup is for managing Telnet, FTP an d Web services . You can cust omize the service port, access interface and t he secured client IP address to enhance sec urity and flexibility.
ZyAIR Wireless Gatew ay Series User’s Guide Remote Management 30-3 Table 30-1 Menu 24.11 Remote Man agement Control FIELD DESCRIPTION EX AMPLE Telnet Server FTP Server Web Server SNMP Service DNS Service Each of these read-only l abels denotes a serv er or service that you may use to remotely ma nage the Zy AIR.
ZyAIR Wireless Gatew ay Series User’s Guide 30-4 Remote Man agement 30.5 Remote Management and NA T When NAT is enabled: Use the ZyAIR’s WAN IP address wh en confi guring from the WAN. Use the ZyAIR’s LAN IP address when configuring from the LAN.
ZyAIR Wireless Gatew ay Series User’s Guide Call Scheduling 31-1 Chapter 31 Call Scheduling Call scheduling (applicable for PPPoE or PPTP encaps ulation only) allows you to dictate when a remote node should be call ed and for how long.
ZyAIR Wireless Gatew ay Series User’s Guide 31-2 Call Scheduling T o delete a schedule set, enter the set number and press [SP ACE BAR] and then [ENTER] (or delete) in the Edit Name field. To setup a schedule set, select the schedule set you want to setup from men u 26 (1-12) and pr ess [ENTER] to see Menu 26.
ZyAIR Wireless Gatew ay Series User’s Guide Call Scheduling 31-3 Table 31-1 Menu 26.1 Schedule Set Setup FIELD DESCRIPTION EX AMPLE Once: Date If you selected Once in the How Often field above, then enter the date the set should activate here in year-month-date format.
ZyAIR Wireless Gatew ay Series User’s Guide 31-4 Call Scheduling Figure 31-3 Apply ing Schedule Set( s) to a Remote Node (PPTP) You can ap ply up to f our schedul e sets, separ ated by com mas, for one remote node. Chan ge the schedule set numbers to your pref erence(s).
Appendices XI Part XI: APPENDICES This part prov ides cont ains troubleshooting and additi onal background information on setting up your computer ’s IP address, wireless LA N, 802.1x, PPPoE, PPTP and IP subnetting. It also provides information on the command int erpreter interface, NetBIOS command s and logs.
.
ZyAIR Wireless Gatew ay Series User’s Guide T r oubleshooting A-1 Appendix A Troubleshooting This appendix covers potential problems and possibl e remedies. After each problem description, some instructions are provided to help you to diagnose and to solve the problem.
ZyAIR Wireless Gatew ay Series User’s Guide Troubleshooting A-2 Problems with the Ethernet Interface Chart A-3 Troubleshooti ng the Ethernet Interfa ce PROBLEM CORRECTIVE ACTION I cannot access the .
ZyAIR Wireless Gatew ay Series User’s Guide T r oubleshooting A-3 Problems with Internet Access Chart A-5 Troubleshooti ng Internet Access PROBLEM CORRECTIVE ACTION Connect your cable/DSL mod em to the ZyAIR using the appropriate cable.
ZyAIR Wireless Gatew ay Series User’s Guide Troubleshooting A-4 Problems with the WLAN Interface Chart A-7 Troubleshooti ng the WLAN Interface PROBLEM CORRECTIVE ACTION I cannot ping any computer on the WLAN. Make sure the wireless card is properl y inserted in the ZyAIR and the WLAN LED is on.
ZyAIR Wireless Gatew ay Series User’s Guide Brute-Force Password Guessing Protection B-1 Appendix B Brute-Force Password Guessing Protection The followin g describes t he commands for enablin g, disabl ing and configuring the brute -force passw ord guessing prote ction mechanism for the password.
.
ZyAIR Wireless Gatew ay Series User’s Guide Setting Up Y our Computer ’s IP Addres s C-1 Appendix C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethe rnet adapter card and TCP/IP installed.
ZyAIR Wireless Gatew ay Series User’s Guide Setting Up Your Computer’s IP Addre ss C-2 If yo u need th e adap ter: a. In the Network window, click Add . b. Select Ad a p te r and then click Ad d . c. Select the manufacturer and model of your net work adapter and then click OK .
ZyAIR Wireless Gatew ay Series User’s Guide Setting Up Y our Computer ’s IP Addres s C-3 1. Click the IP Address tab. -If your IP address is dynamic, select Obtain an IP address automatically . -If you have a static IP address, select Specify an IP address and type your informatio n into the IP Address and Subne t Mask fields.
ZyAIR Wireless Gatew ay Series User’s Guide Setting Up Your Computer’s IP Addre ss C-4 3. Click the Gateway tab. -If you do not know your gateway’s IP address, remove previously installed gate ways. -If you have a gateway IP address, type it in the Ne w gat ewa y f iel d and click Add .
ZyAIR Wireless Gatew ay Series User’s Guide Setting Up Y our Computer ’s IP Addres s C-5 1. For Windo ws XP, click start , Control Panel . In Windows 2000/NT, click Start , Settings , Control Panel . 2. For Windo ws XP, click Network Connections .
ZyAIR Wireless Gatew ay Series User’s Guide Setting Up Your Computer’s IP Addre ss C-6 4. Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties . 5. T he Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
ZyAIR Wireless Gatew ay Series User’s Guide Setting Up Y our Computer ’s IP Addres s C-7 6. -If you do not know your gate way's IP address, remove any previously installed gate ways in the IP Settin gs tab and click OK .
ZyAIR Wireless Gatew ay Series User’s Guide Setting Up Your Computer’s IP Addre ss C-8 7. In the Internet Protocol TCP/IP Properties window (the Gene ral tab in W indows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
ZyAIR Wireless Gatew ay Series User’s Guide Setting Up Y our Computer ’s IP Addres s C-9 1. Click the Apple menu, Control Pane l and double-click TCP/IP to open the TCP/IP Control Panel . 2. Select Ethernet built-in from the Connect v i a list. 3.
ZyAIR Wireless Gatew ay Series User’s Guide Setting Up Your Computer’s IP Addre ss C-10 4. For statically assigned settings, do the following: -From the Configure box, select Manually . -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box.
ZyAIR Wireless Gatew ay Series User’s Guide Setting Up Y our Computer ’s IP Addres s C-1 1 2. Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. 3. For dynamically assigned settings, select Using DHCP from the Configure list.
.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless LAN and IEEE 802.1 1 D -1 Appendix D Wireless LAN and IEEE 802.11 A wireless LAN (WLA N) provides a flexi ble data co mmunications system that you can use to access various services (navi g ating the Internet, email, printer services, etc.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless LAN and IEEE 802.11 D-2 unlicensed ISM (Industrial, Scientific and Medical) ba nd. The th ird method is infrared technology, using very high fre quencies, just below vi sible light i n the electrom agnetic spectrum to carry dat a.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless LAN and IEEE 802.1 1 D -3 The Extended Service Set (ESS) shown in the next figure consists of a series of overlapping BSSs (each containing an Access Point) connected together by means of a Distribution System (DS).
.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless LAN with IEEE 802.1x E-1 Appendix E Wireless LAN With IEEE 802.1x As wireless networks becom e popular for both portable com puting an d corporate networks, sec urity is now a priority. Security Flaws with IEEE 802.
ZyAIR Wireless Gatew ay Series User’s Guide Wireless LAN with IEE E 802.1x E-2 RADIUS Server Authentication Seque nce The following figure depicts a ty pical wirele ss network wi th a re m ote RADIUS server for user authentication using EA POL (EAP Over LA N).
ZyAIR Wireless Gatew ay Series User’s Guide Types of EAP Authentication F-1 Appendix F Types of EAP Authentication This appendix discu sses the four popular EAP authen tication types: EAP-MD5 , EAP-TLS , EAP-TTLS and PEAP . The type of auth entication you use depen ds on the RADIUS server or th e AP.
ZyAIR Wireless Gatew ay Series User’s Guide F-2 Types of EAP Authentication hiding client identity. However, PEAP only su pports EAP methods, such as EAP-MD5 a nd EAP- MSCHAPv2, for client authenticatio n. For added sec urity, certifi cate-based authe ntications (EAP-TLS, EAP-TT LS and PEAP) use dynam ic keys for data enc ryption.
ZyAIR Wireless Gatew ay Series User’s Guide Antenna Selection and Positioning Recommendation G-1 Appendix G Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propag ates the signal through the air.
ZyAIR Wireless Gatew ay Series User’s Guide G-2 Antenna Selection and Positioning Recommendation • Directional antennas conce ntrate the RF signal in a beam , like a flashlight. The angle of the beam width determ ines the direction of the covera ge pattern; typically ranges from 20 degrees (less directional) t o 90 degrees (very directi onal).
ZyAIR Wireless Gatew ay Series User’s Guide PPPoE H-1 Appendix H PPPoE PPPoE in Action An ADSL m odem bridges a PPP session over Ether net (PPP ove r Ethernet , RFC 2516) from your PC to an ATM PVC (Pe rmanent Virt ual Circuit), which con nects to a DSL Access Concent rator where t he PPP session terminates (see the next figure).
ZyAIR Wireless Gatew ay Series User’s Guide H-2 PPPoE How PPPoE Works The PPPoE driver m akes the Ethernet appear as a seri al link to the PC an d the PC runs PPP over it, while the modem bridge s the Ethernet frames to the Access Concentrator (AC ) .
ZyAIR Wireless Gatew ay Series User’s Guide PPTP I-1 Appendix I PPTP What is PPTP? PPTP (Point -to-Point T u nneling Pr otocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames.
ZyAIR Wireless Gatew ay Series User’s Guide I-2 PPTP PPTP Protocol Overview PPTP is very si milar to L2TP, since L2T P is based on both PPTP a nd L2F (Cisco’s Layer 2 Forwardi ng). Conceptually, there are three parties in PPTP, name ly the PNS (PPTP Network Serve r), the PAC (PPTP Access Concentrator) and the PPTP user.
ZyAIR Wireless Gatew ay Series User’s Guide PPTP I-3 Diagram I-3 Example Message Exchange bet w een PC and an ANT PPP Data Connection The PPP frames are tunneled betwee n the PNS and PAC over GRE (General Ro uting Encapsulation, RFC 1701, 1702). The indiv idual calls within a tunnel are distingu ished using the Call ID field in the GRE header.
.
ZyAIR Wireless Gatew ay Series User’s Guide IP Subnetting J-1 Appendix J IP Subnetting IP Addressing Routers “route” base d on the network num ber.
ZyAIR Wireless Gatew ay Series User’s Guide J-2 IP Subnetting A class “A” address (24 host bits) can have 2 24 –2 hosts (app roximately 16 m illion hosts). Since the first octet of a class “A” IP addre ss must c ontain a “0”, the first octet of a class “A” ad dress can have a value of 0 to 127.
ZyAIR Wireless Gatew ay Series User’s Guide IP Subnetting J-3 sequence of ones beginning from the left most bit of the mask, followed by a contin uous sequence of zeros, for a total number of 32 bits.
ZyAIR Wireless Gatew ay Series User’s Guide J-4 IP Subnetting Divide the network 19 2.168.1. 0 into two separate su bnets by co nverting one of the host ID bits of the IP address to a networ k number bit. The “borrow ed” host ID bit can be either “0” or “1” thus giving two subnets; 192.
ZyAIR Wireless Gatew ay Series User’s Guide IP Subnetting J-5 to an actual host for the first su bnet is 192.168.1.1 an d the highest is 192.168.1.126.
ZyAIR Wireless Gatew ay Series User’s Guide J-6 IP Subnetting Broadcast Address: 192.168. 1.191 Hig hest Host ID: 192.168.1.190 Chart J-10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 192 IP Address (Binary) 11000 000.10101000.
ZyAIR Wireless Gatew ay Series User’s Guide IP Subnetting J-7 Chart J-12 Class C Subnet Planning NO. “BORROWED” HOST BITS SUBNET M ASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.128 (/25) 2 126 2 255.255.255.192 (/26) 4 62 3 255.255.255.224 (/27) 8 30 4 255.
ZyAIR Wireless Gatew ay Series User’s Guide J-8 IP Subnetting Chart J-13 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 10 255.255.255.192 (/26) 1024 62 11 255.255.255.224 (/27) 2048 30 12 255.255.255.
ZyAIR Wireless Gatew ay Series User’s Guide Command Interpreter K-1 Appendix K Command Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system m a intenance m enu. Enter 8 to go to Menu 24.
.
ZyAIR Wireless Gatew ay Series User’s Guide NetBIOS Filter Commands L- 1 Appendix L NetBIOS Filter Commands The following describes the NetBIOS packet filter commands.
ZyAIR Wireless Gatew ay Series User’s Guide L-2 NetBIOS Filter Com mands Chart L-1 NetBIOS Filter Def ault Settings NAME DESCRIPTION EXAMPLE WAN to LAN This field displays whether NetBIOS packets are block ed or forwarded from the WAN to the LAN.
ZyAIR Wireless Gatew ay Series User’s Guide Boot Commands M-1 Appendix M Boot Commands The BootMod ule AT comm an ds execute from within the router’s boot up software, w hen debug m ode is selected before the m ain router firm ware (ZyNOS) is started.
ZyAIR Wireless Gatew ay Series User’s Guide M-2 Bo ot Commands Diagram M-2 Boot Module Command s AT just answer OK ATHE print help ATBAx change baudrate.
ZyAIR Wireless Gatew ay Series User’s Guide Triangle Route N-1 Appendix N Triangle Route The Ideal Setup When the firewall is on, your ZyAIR acts as a secure gateway b etween your LAN and th e Internet. In an ideal network t opology, all i ncoming and outgoing network traf fic passes thro ugh the Zy AIR to prot ect your LAN against attacks.
ZyAIR Wireless Gatew ay Series User’s Guide N-2 Triangle Route Diagram N-2 “Triangle Route” Problem The “T riangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logi cal sections over the same Ethernet interface.
ZyAIR Wireless Gatew ay Series User’s Guide Triangle Route N-3 Diagram N-3 IP Alias Gateways on the W AN Side A second sol ution to the “triangle route” problem is to put all of y our network gateways on the WAN side as the following figure sh ows.
.
ZyAIR Wireless Gatew ay Series User’s Guide Log Descriptions O-1 Appendix O Log Descriptions Chart O-1 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. number of session per host! This attempt to create a NAT session exceeds the maximum number of NAT session table entries allowed to be crea ted per host.
ZyAIR Wireless Gatew ay Series User’s Guide O-2 Lo g Descriptions Chart O-2 System Mainte nance Logs LOG MESSAGE DESCRIPTION FTP Login Successfully Someone has logged on to the router via FT P. FTP Login Fail Someone has failed to log on to the router via FTP.
ZyAIR Wireless Gatew ay Series User’s Guide Log Descriptions O-3 Chart O-4 ICMP Notes TYPE CODE DESCRIPTION 0 A gateway may discard internet datagram s if it does not have the buffer space needed to queue the datagrams for output to the ne xt network on the route to the destination network.
ZyAIR Wireless Gatew ay Series User’s Guide O-4 Lo g Descriptions Chart O-5 Sys log LOG MESSAGE DESCRIPTION Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" This message is sent by the "RAS" when this syslog is generated.
ZyAIR Wireless Gatew ay Series User’s Guide Log Descriptions O-5 Displaying Logs Use the sys logs display command to show all of the logs in the ZyAIR’s log. Use the sys logs category display command to show the log settings for all of the log categories.
ZyAIR Wireless Gatew ay Series User’s Guide O-6 Lo g Descriptions 4|11/11/2002 15:10:10 |192.168.10.1:520 |192.168.10.255:520 |ACCESS BLOCK Firewall default policy: UDP(set:8) 5|11/11/2002 15:10:10 |172.
ZyAIR Wireless Gatew ay Series User’s Guide Power Adaptor Specifications P-1 Appendix P Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adaptor Model AD48 -120120 0DUY Input Power AC120Volts/60Hz/0.25A Output Power DC12Volts/1.2A Power Consumption 10 W Safety Standards UL, CUL (UL 1950, CSA C22.
ZyAIR Wireless Gatew ay Series User’s Guide P-2 Power Adaptor Specific ations JAPAN PLU G STANDA RDS AC Power Adaptor Model JOD-48-112 4 Input Power AC100Volts/ 50/60Hz/ 27VA Output Power DC12Volts/1.
ZyAIR Wireless Gatew ay Series User’s Guide Index Q-1 Appendix Q Index 4 4-Port Switch .................................................. 1-2 A Address Assignment ........................... 3-11, 3-12 Ad-hoc Configuration ..........................
ZyAIR Wireless Gatew ay Series User’s Guide Q-2 Index DMZ Setup ..................................................... 8-1 DNS ................................................... 13-10, 19-3 Domain Nam e ....................... 3-3, 3-12, 9-6, 23- 8 DoS Basics .
ZyAIR Wireless Gatew ay Series User’s Guide Index Q-3 Fragmentation Thre shold ................................ 6-4 Frequency-Hoppi ng Spread Spectrum ........... D-2 FTP....................... 4-2, 5-2 , 9-6, 13-1, 13 -4, 30-3 Restrictions ........
ZyAIR Wireless Gatew ay Series User’s Guide Q-4 Index Management Inform ati on Base (MIB).......... 13-7 Many to Many No Overloa d .................. See NAT Many to Many Overload ........................ See NAT Many to One ........................
ZyAIR Wireless Gatew ay Series User’s Guide Index Q-5 Remote Node Profile................................. 21-2 Reports .......................................................... 15-6 Consideration ............................................ 15-7 Required fields .
ZyAIR Wireless Gatew ay Series User’s Guide Q-6 Index And FTP Over WAN} .............................. 30-3 Restrictions ............................................... 30-3 TFTP and FTP over WAN Will Not Work When…................................
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté ZyXEL Communications Wireless Gateway Series c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du ZyXEL Communications Wireless Gateway Series - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation ZyXEL Communications Wireless Gateway Series, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le ZyXEL Communications Wireless Gateway Series va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le ZyXEL Communications Wireless Gateway Series, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du ZyXEL Communications Wireless Gateway Series.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le ZyXEL Communications Wireless Gateway Series. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei ZyXEL Communications Wireless Gateway Series ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.