background image

Appendix D Wireless LANs

P-320W v3 User’s Guide

242

However, MD5 authentication has some weaknesses. Since the authentication 
server needs to get the plaintext passwords, the passwords must be stored. Thus 
someone other than the authentication server may access the password file. In 
addition, it is possible to impersonate an authentication server as MD5 
authentication method does not perform mutual authentication. Finally, MD5 
authentication method does not support data encryption with dynamic session 
key. You must configure WEP encryption keys for data encryption. 

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless 
stations for mutual authentication. The server presents a certificate to the client. 
After validating the identity of the server, the client sends a different certificate to 
the server. The exchange of certificates is done in the open before a secured 
tunnel is created. This makes user identity vulnerable to passive attacks. A digital 
certificate is an electronic ID card that authenticates the sender’s identity. 
However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle 
certificates, which imposes a management overhead. 

EAP-TTLS (Tunneled Transport Layer Service) 

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for 
only the server-side authentications to establish a secure connection. Client 
authentication is then done by sending username and password through the 
secure connection, thus client identity is protected. For client authentication, EAP-
TTLS supports EAP methods and legacy authentication methods such as PAP, 
CHAP, MS-CHAP and MS-CHAP v2. 

PEAP (Protected EAP)

Like EAP-TTLS, server-side certificate authentication is used to establish a secure 
connection, then use simple username and password methods through the 
secured connection to authenticate the clients, thus hiding client identity. 
However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 
and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is 
implemented only by Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of 
IEEE 802.1x. 

Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key 
expires when the wireless connection times out, disconnects or reauthentication 
times out. A new WEP key is generated each time reauthentication is performed.

Summary of Contents for P-320W v3

Page 1: ... com www zyxel com P 320W v3 802 11g Wireless Firewall Router Copyright 2009 ZyXEL Communications Corporation Firmware Version 1 0 Edition 1 3 2009 Default Login Details IP Address http 192 168 1 1 Password 1234 ...

Page 2: ......

Page 3: ...way It contains information on setting up your network and configuring for Internet access Supporting Disc Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications User Guide Feedback Help us help you Send all User Guide related comments questions or suggestions for improvement to the following addre...

Page 4: ...tact your vendor then contact a ZyXEL office for the region in which you bought the device See http www zyxel com web contact_us php for contact information Please have the following information ready when you contact an office Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it ...

Page 5: ... key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Log Log Setting means you first click...

Page 6: ...t Conventions P 320W v3 User s Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons P 320W v3 Computer Notebook computer Server Modem Firewall Telephone Switch Router ...

Page 7: ...example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution If the power adaptor or cord is damaged remove it from the power outlet Do NOT attempt to repair the power adapto...

Page 8: ...Safety Warnings P 320W v3 User s Guide 8 ...

Page 9: ...55 Wireless Client Mode 73 Wireless Tutorial 77 LAN 85 DHCP Server 89 Network Address Translation NAT 93 VLAN 101 Security 105 WAN 107 Firewall 117 Content Filtering 125 Management 129 Static Route 131 Remote Management 135 Universal Plug and Play UPnP 141 Maintenance and Troubleshooting 155 System 157 Logs 163 Tools 179 Troubleshooting 185 Product Specifications 193 Appendices and Index 197 ...

Page 10: ...Contents Overview P 320W v3 User s Guide 10 ...

Page 11: ... LEDs 23 Chapter 2 Introducing the Web Configurator 25 2 1 Web Configurator Overview 25 2 2 Accessing the Web Configurator 25 2 3 Resetting the P 320W v3 27 2 3 1 Procedure to Use the Reset Button 27 2 4 Navigating the Web Configurator 27 2 4 1 Navigation Panel 30 2 4 2 Summary DHCP Table 32 2 4 3 Summary Association List 33 2 4 4 Summary Statistics 33 2 4 5 Summary Active Session 34 2 4 6 Summary...

Page 12: ... 4 8 WAN IP and DNS Server Address Assignment 50 3 4 9 WAN MAC Address 51 3 5 Connection Wizard Complete 52 Part II Network 53 Chapter 4 Wireless LAN 55 4 1 Overview 55 4 2 What You Can Do 56 4 3 What You Need To Know 56 4 3 1 SSID 56 4 3 2 MAC Address Filter 57 4 3 3 User Authentication 57 4 3 4 Encryption 58 4 3 5 WiFi Protected Setup 60 4 4 General Wireless LAN Screen 60 4 4 1 No Security 62 4 ...

Page 13: ... 1 Overview 85 7 2 What You Can Do 85 7 3 What You Need to Know 85 7 3 1 IP Pool Setup 86 7 3 2 System DNS Servers 86 7 3 3 LAN TCP IP 86 7 3 4 Factory LAN Defaults 86 7 3 5 IP Address and Subnet Mask 86 7 4 LAN IP Screen 87 Chapter 8 DHCP Server 89 8 1 Overview 89 8 2 What You Can Do 89 8 3 DHCP Server General Screen 89 8 4 Static DHCP Screen 91 8 5 Client List Screen 91 Chapter 9 Network Address...

Page 14: ...You Can Do 107 11 3 Internet Connection Screen 108 11 3 1 Ethernet Encapsulation 108 11 3 2 PPPoE Encapsulation 109 11 3 3 PPTP Encapsulation 111 11 4 Advanced Screen 114 11 5 Traffic Redirect Screen 114 Chapter 12 Firewall 117 12 1 Overview 117 12 2 What You Can Do 117 12 3 What You Need to Know 117 12 3 1 About the P 320W v3 Firewall 118 12 3 2 Security Parameter Index SPI 118 12 4 General Firew...

Page 15: ...3 Chapter 15 Remote Management 135 15 1 Overview 135 15 2 What You Can Do 136 15 3 What You Need to Know 136 15 3 1 Remote Management Limitations 136 15 3 2 Remote Management and NAT 136 15 3 3 System Timeout 136 15 4 WWW Screen 137 15 5 The SNMP Screen 138 15 6 Security Screen 139 Chapter 16 Universal Plug and Play UPnP 141 16 1 Overview 141 16 2 What You Can Do 141 16 3 What You Need to Know 141...

Page 16: ...63 18 4 View Log Screen 164 18 5 Log Settings Screen 165 18 6 Technical Reference 166 18 6 1 Log Descriptions 166 Chapter 19 Tools 179 19 1 Overview 179 19 2 What You Can Do 179 19 3 Firmware Upload Screen 179 19 4 Configuration Screen 181 19 4 1 Backup Configuration 181 19 4 2 Restore Configuration 182 19 4 3 Back to Factory Defaults 183 19 5 Restart Screen 183 Chapter 20 Troubleshooting 185 20 1...

Page 17: ...aScripts and Java Permissions 199 Appendix B IP Addresses and Subnetting 207 Appendix C Setting up Your Computer s IP Address 217 21 0 1 Verifying Settings 234 Appendix D Wireless LANs 235 21 0 2 WPA 2 PSK Application Example 245 21 0 3 WPA 2 with RADIUS Application Example 245 Appendix E Services 247 Appendix F Legal Information 251 Index 255 ...

Page 18: ...Table of Contents P 320W v3 User s Guide 18 ...

Page 19: ...19 PART I Introduction Getting to Know Your P 320W v3 21 Introducing the Web Configurator 25 Connection Wizard 37 ...

Page 20: ...20 ...

Page 21: ...E 802 11b g compatible devices The following figure shows computers in a WLAN connecting to the P 320W v3 A which has a DSL connection to the Internet The P 320W v3 has a built in firewall B to protect the network It also has the Network Address Translation NAT feature enabled by default Figure 1 Secure Wireless Internet Access in Router Mode The P 320W v3 can also serve as a wireless client enabl...

Page 22: ...its for Managing the P 320W v3 Do the following things regularly to make the P 320W v3 more secure and to manage the P 320W v3 more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it in a safe place Back up the configuration and make sure you know how to restore it...

Page 23: ... P 320W v3 is sending receiving data Off The LAN is not connected WAN Green On The P 320W v3 has a successful 10MB WAN connection Blinking The P 320W v3 is sending receiving data Amber On The P 320W v3 has a successful 100MB Ethernet connection Blinking The P 320W v3 is sending receiving data Off The WAN connection is not ready or has failed WLAN Green On The P 320W v3 is ready but is not sending ...

Page 24: ...Chapter 1 Getting to Know Your P 320W v3 P 320W v3 User s Guide 24 ...

Page 25: ...ended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java permissions enabled by default Refer to the Troubleshooting chapter to see how to make sure these functions are allowed in Internet Explorer 2 2 ...

Page 26: ... the default password appears automatically if this is the case click Login Figure 4 Change Password Screen 5 Select your language in the screen that follows and click Apply or click Reset Figure 5 Language Selection 6 You should see a screen asking you to change your password highly recommended as shown next Type a new password and retype it to confirm and click Apply or click Ignore Figure 6 Cha...

Page 27: ...configurator you will need to use the RESET button at the back of the P 320W v3 to reload the factory default configuration file This means that you will lose all configurations that you had previously saved the password will be reset to 1234 and the IP address will be reset to 192 168 1 1 2 3 1 Procedure to Use the Reset Button 1 Make sure the power LED is on 2 Press the RESET button for longer t...

Page 28: ... from the drop down list box to have the web configurator display in that language Click this icon to open the setup wizard Click this icon to view copyright and a link for related product information Click this icon at any time to exit the web configurator Select a number of seconds or None from the drop down list box to refresh all screen statistics automatically at the end of every time interva...

Page 29: ...Mask This shows the LAN port s subnet mask DHCP This shows the LAN port s DHCP is enabled WLAN Information Wireless This shows if the wireless LAN is enabled Name SSID This shows a descriptive name used to identify the P 320W v3 in the wireless LAN Channel This shows the channel number which you select manually Note To comply with US FCC regulation the country selection function has been completel...

Page 30: ... 320W v3 s IP address Table 3 Web Configurator Status Screen continued LABEL DESCRIPTION Table 4 Sub menus LINK TAB FUNCTION Status This screen shows the P 320W v3 s general device system and interface status information Use this screen to access the wizard and summary statistics tables Network Wireless LAN General Use this screen to configure wireless LAN MAC Filter Use the MAC filter screen to c...

Page 31: ...es and allows you to edit add a firewall rule Content Filter Filter Use this screen to block certain web features and sites containing certain keywords in the URL Management IP Static Route IP Static Route Use this screen to configure IP static routes Remote MGMT WWW Use this screen to configure through which interface s and from which IP address es users can use HTTP to manage the P 320W v3 SNMP ...

Page 32: ...320W v3 s DHCP server Figure 9 Summary DHCP Table The following table describes the labels in this screen Tools Firmware Use this screen to upload firmware to your P 320W v3 Configuratio n Use this screen to backup and restore the configuration or reset the factory defaults to your P 320W v3 Restart This screen allows you to reboot the P 320W v3 without turning the power off Table 4 Sub menus LINK...

Page 33: ...gs Figure 10 Summary Association List The following table describes the labels in this screen 2 4 4 Summary Statistics Click the Statistics Details hyperlink in the Status screen Read only information here includes port status packet specific statistics and the system up time The Poll Interval s field is configurable and is used for refreshing the screen Figure 11 Summary Statistics Table 6 Summar...

Page 34: ... number of transmitted packets on this port RxPkts This is the number of received packets on this port System Up Time This is the total time the P 320W v3 has been on Poll Interval s Enter the time interval for refreshing statistics in this field Set Interval Click this button to apply the new poll interval you entered in the Poll Interval s field Stop Click Stop to stop refreshing statistics Tabl...

Page 35: ...ick this to go to the previous page Next Click this to go to the next page First Page Click this to go to the first page Last Page Click this to go to the last page Refresh Click Refresh to renew the screen Table 8 Summary Active Sessiont LABEL DESCRIPTION Table 9 Summary Routing Table LABEL DESCRIPTION This is the index number of the routing entry Destination IP Address This is the destination IP...

Page 36: ...Chapter 2 Introducing the Web Configurator P 320W v3 User s Guide 36 ...

Page 37: ...ss the Internet Refer to your ISP Internet Service Provider checklist in the Quick Start Guide to know what to enter in each field Leave a field blank if you don t have that information 1 After you access the P 320W v3 web configurator click the Go to Wizard setup hyperlink You can click the Go to Advanced setup hyperlink to skip this wizard setup and configure advanced features accordingly Figure...

Page 38: ...nd enter it as the System Name In Windows 2000 click Start Settings and Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the System Name In Windows XP click Start My Computer View system information and then click the Computer Name tab Note the entry in the Full computer name fi...

Page 39: ...20W v3 in an Ethernet network Enter a descriptive name This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores _ are accepted Domain Name Type the domain name if you know it here If you leave this field blank the ISP may assign a domain name via DHCP The domain name entered by you is given priority over the ISP assigned domain name Back Click Back t...

Page 40: ...tive name up to 32 printable 7 bit ASCII characters for the wireless LAN If you change this field on the P 320W v3 make sure all wireless stations use the same SSID in order to access the network Channel Selection The range of radio frequencies used by IEEE 802 11b g wireless devices is called a channel Select a channel that is not used by any nearby devices Note To comply with US FCC regulation t...

Page 41: ... enable any wireless security on your P 320W v3 your network is accessible to any wireless networking device that is within range If you choose this option skip directly to Section 3 4 on page 43 Choose Basic WEP security if you want to configure WEP Encryption parameters If you choose this option go directly to Section 3 3 1 on page 42 Basic WEP is only available when WPS WiFi Protected Setup is ...

Page 42: ...n order to enter ASCII characters as the WEP keys HEX Select this option to enter hexadecimal characters as the WEP keys The preceding 0x is entered automatically Key 1 to Key 4 The WEP keys are used to encrypt data Both the P 320W v3 and the wireless stations must use the same WEP key for data transmission If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 ...

Page 43: ...mpts to detect which WAN connection type you are using If the wizard does not detect a connection type you must select one from the drop down list box Check with your ISP to make sure you use the correct type Table 13 Wizard Step 2 Extend WPA PSK Security LABEL DESCRIPTION Pre Shared Key Type from 8 to 63 case sensitive ASCII characters You can set up the most secure wireless connection by configu...

Page 44: ...thernet Connection 3 4 2 PPPoE Connection Point to Point Protocol over Ethernet PPPoE functions as a dial up connection PPPoE is an IETF Internet Engineering Task Force standard specifying how a host Table 14 Wizard Step 3 ISP Parameters CONNECTION TYPE DESCRIPTION Ethernet Select the Ethernet option when the WAN port is used as a regular Ethernet PPPoE Select the PPP over Ethernet option for a di...

Page 45: ...s no specific configuration of the broadband modem at the subscriber s site By implementing PPPoE directly on the P 320W v3 rather than individual computers the computers on the LAN do not need PPPoE software installed since the P 320W v3 does that part of the task Furthermore with NAT all of the LAN s computers will have Internet access Refer to the appendix for more information on PPPoE Figure 2...

Page 46: ... using TCP IP based networks PPTP supports on demand multi protocol and virtual private networking over public networks such as the Internet Refer to the appendix for more information on PPTP Note The P 320W v3 supports one PPTP server connection at any given time Figure 23 Wizard Step 3 PPTP Connection Next Click Next to continue Exit Click Exit to close the wizard screen without saving Table 15 ...

Page 47: ...y your ISP Password Type the password associated with the User Name above PPTP Configuration Get automatically from ISP Select this radio button if your ISP did not assign you a fixed IP address Use fixed IP address Select this radio button provided by your ISP to give the P 320W v3 a fixed unique IP address My IP Address Type the static IP address assigned to you by your ISP My IP Subnet Mask Typ...

Page 48: ...ines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space 3 4 6 IP Address and Subnet Mask Similar to the way houses on a street share a common street name so too do computers on a LAN share one common network number Where you obtain your network number depends on your particula...

Page 49: ...etwork is using that IP address The subnet mask specifies the network number portion of an IP address Your P 320W v3 will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the P 320W v3 unless you are instructed to do otherwise 3 4 7 DNS Server Address Assignment Use DNS Domain Name System to map a domain name to its...

Page 50: ...ateway IP Address Enter the gateway IP address in this field System DNS Server Address Assignment if applicable DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a computer before you can access it The P 320W v3 uses a system DNS server in the order you specify ...

Page 51: ...not presently require MAC address authentication Figure 26 Wizard Step 3 WAN MAC Address The following table describes the fields in this screen Table 20 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address 192 168 1 2 192 168 1 32 192 168 1 65 192 168 1 254 Subnet mask 255 255 255 0 Gateway or default route 192 168 1 1 P 320W v3 LAN IP Table 21 Wizard Step 3 ...

Page 52: ...ck Apply to save your configuration Figure 27 Connection Wizard Save Follow the on screen instructions and click Finish to complete the wizard setup Figure 28 Connection Wizard Complete Well done You have successfully set up your P 320W v3 to operate on your network and access the Internet ...

Page 53: ...53 PART II Network Wireless LAN 55 Wireless Tutorial 77 WAN 107 LAN 85 Guest WLAN 117 DHCP Server 89 Network Address Translation NAT 93 Dynamic DNS 123 ...

Page 54: ...54 ...

Page 55: ...mple of a Wireless Network The wireless network is the part in the blue circle In this wireless network devices A and B are called wireless clients The wireless clients use the access point AP to interact with other devices such as the printer or with the Internet Your P 320W v3 is the AP Every wireless network must follow these basic guidelines Every wireless client in the same wireless network m...

Page 56: ... on page 69 to enable disable WPS view or generate a new PIN number and check current WPS status Use the WPS Station screen Section 4 7 on page 70 to add a wireless station using WPS Use the Wireless LAN Advanced screen Section 4 8 on page 70 to configure your P 320W v3 s advanced wireless setup 4 3 What You Need To Know The following sections provide information that can help you set up your wire...

Page 57: ...n You can make every user log in to the wireless network before they can use it This is called user authentication However every wireless client in the wireless network has to support IEEE 802 1x to do this For wireless networks there are two typical places to store the user names and passwords for each user In the AP this feature is called a local user database or a local database In a RADIUS ser...

Page 58: ...WEP in the wireless network Note It is recommended that wireless networks use WPA PSK WPA or stronger encryption IEEE 802 1x and WEP encryption are better than none at all but it is still possible for unauthorized devices to figure out the original information pretty quickly Note It is not possible to use WPA PSK WPA or stronger encryption with a local user database In this case it is better to se...

Page 59: ...e the TKIP or AES encryption process the PMK and information exchanged in a handshake to create temporal encryption keys They use these keys to encrypt data exchanged between them Figure 30 WPA PSK Authentication 4 3 4 2 WPA with RADIUS Application Example To set up WPA you need the IP address of the RADIUS server its port number default is 1812 and the RADIUS shared secret A WPA application examp...

Page 60: ...igure security settings manually Depending on the devices in your network you can either press a button on the device itself or in its configuration utility or enter a PIN Personal Identification Number in the devices Then they connect and set up a secure network by themselves See how to set up a secure wireless network using WPS in the Section 6 2 on page 77 4 4 General Wireless LAN Screen Use th...

Page 61: ...k the check box to activate wireless LAN Name SSID Service Set IDentity The SSID identifies the Service Set with which a wireless station is associated Wireless stations associating to the access point AP must have the same SSID Enter a descriptive name up to 32 printable 7 bit ASCII characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a ...

Page 62: ...he wireless clients which want to associate to this network must have same wireless security settings as this device After you select to use a security additional options appears in this screen See 4 4 2 4 4 3 4 4 4 sections Or you can select No Security to allow any client to associate this network without authentication Note If you enable the WPS function only No Security and WPA PSK are availab...

Page 63: ... Wireless LAN to display the General screen Select Static WEP from the Security Mode list Figure 34 Network Wireless LAN General Static WEP The following table describes the wireless LAN security labels in this screen Table 25 Network Wireless LAN General Static WEP LABEL DESCRIPTION Passphrase Enter a passphrase password phrase of up to 32 printable characters and click Generate The P 320W v3 aut...

Page 64: ...y 1 to Key 4 The WEP keys are used to encrypt data Both the P 320W v3 and the wireless stations must use the same WEP key for data transmission If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You must configure at least one key only one key can be activated at...

Page 65: ...PSK uses a simple common password instead of user specific credentials Type a pre shared key from 8 to 63 case sensitive ASCII characters including spaces and symbols Apply Click Apply to save your changes back to the P 320W v3 Reset Click Reset to reload the previous configuration for this screen Table 27 Network Wireless LAN General WPA WPA2 LABEL DESCRIPTION Authentication Server IP Address Ent...

Page 66: ...t over the network Apply Click Apply to save your changes back to the P 320W v3 Reset Click Reset to reload the previous configuration for this screen Table 27 Network Wireless LAN General WPA WPA2 LABEL DESCRIPTION Table 28 Network Wireless LAN General 802 1x Dynamic WEP LABEL DESCRIPTION Dynamic WEP Key Exchange The WEP keys are used to encrypt data Both the P 320W v3 and the wireless stations m...

Page 67: ...the key to be shared between the external authentication server and the P 320W v3 The key must be the same on the external authentication server and your P 320W v3 The key is not sent over the network Apply Click Apply to save your changes back to the P 320W v3 Reset Click Reset to reload the previous configuration for this screen Table 28 Network Wireless LAN General 802 1x Dynamic WEP LABEL DESC...

Page 68: ...n this menu Table 30 Network Wireless LAN MAC Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering Filter Action Define the filter action for the list of MAC addresses in the MAC Address table Select Deny to block access to the P 320W v3 MAC addresses not listed will be allowed to access the P 320W v3 Select Allow to permit access to the P 320W v3 ...

Page 69: ...W v3 has connected to a wireless network using WPS or Enable WPS is selected and wireless or wireless security settings have been changed The current wireless and wireless security settings also appear in the screen This displays Unconfigured if WPS is disabled and there is no wireless or wireless security changes on the P 320W v3 or you click Release_Configuration to remove the configured wireles...

Page 70: ... 4 8 Wireless LAN Advanced Screen Use this screen to configure your P 320W v3 s advanced wireless setup Table 32 WPS Station LABEL DESCRIPTION Push Button Use this button when you use the PBC Push Button Configuration method to configure wireless stations s wireless settings See Section 6 2 1 on page 78 Click this to start WPS aware wireless station scanning and the wireless security information s...

Page 71: ...6 and 2432 Preamble Preamble is used to signal that data is coming to the receiver Short and Long refer to the length of the synchronization field in a packet Select Long preamble if you are unsure what preamble mode the wireless adapters support and to provide more reliable communications in busy wireless networks Select Short preamble if you are sure the wireless adapters support it and to provi...

Page 72: ...Chapter 4 Wireless LAN P 320W v3 User s Guide 72 ...

Page 73: ...wireless client has two clients that need to connect to the Internet The P 320W v3 wirelessly connects to the available access point B Figure 43 Wireless Client Mode After the P 320W v3 and the access point connect the P 320W v3 acquires its WAN IP address from the access point The clients of the P 320W v3 can now surf the Internet 5 2 What You Can Do Use the Wireless Client Mode screen Section 5 ...

Page 74: ...P 320W v3 User s Guide 74 5 3 Wireless Client Mode Screen Use this screen to use your P 320W v3 as a wireless client and connect to an existing AP Click Wireless Client Mode to open the following screen Figure 44 Wireless Client Mode ...

Page 75: ... When the signal strength between the two devices goes below the value you set in this field the wireless client searches for and connects to another access point within the roaming threshold Encryption type Select WEP if you want to secure the wireless connection Otherwise select No Security WEP key length This field appears when you select WEP as the security type Select either 64 bit or 128 bit...

Page 76: ...Chapter 5 Wireless Client Mode P 320W v3 User s Guide 76 ...

Page 77: ...is example uses the P 320W v3 as the AP and NWD210N as the wireless client which connects to a notebook Note The wireless client must be a WPS aware device for example a WPS USB adapter or PCI card There are two WPS methods for creating a secure connection This tutorial shows you how to do both Push Button Configuration PBC create a secure wireless network simply by pressing a button See Section 6...

Page 78: ...g into P 320W v3 s web configurator and press the Push Button button in the Network Wireless Client WPS Station screen Note Your P 320W v3 has a WPS button located on its panel as well as a WPS button in its configuration utility Both buttons have exactly the same function you can use one or the other Note It doesn t matter which button is pressed first You must press the second button within two ...

Page 79: ...s configuration utility go to the WPS settings and select the PIN method to get a PIN number 2 Enter the PIN number to the PIN field in the Network Wireless LAN WPS Station screen on the P 320W v3 3 Click Start buttons or button next to the PIN field on both the wireless client utility screen and the P 320W v3 s WPS Station screen within two minutes The P 320W v3 authenticates the wireless client ...

Page 80: ... shows you the example to set up wireless network and security on P 320W v3 and wireless client ex NWD210N in this example by using PIN method Figure 47 Example WPS Process PIN Method Authentication by PIN SECURITY INFO WITHIN 2 MINUTES Wireless Client P 320W v3 COMMUNICATION ...

Page 81: ...rator through your LAN connection see Section 2 2 on page 25 1 Open the Wireless LAN General screen in the AP s web configurator 2 Make sure the Enable Wireless LAN check box is selected 3 Enter SSID_Example3 as the SSID and select a channel Note To comply with US FCC regulation the country selection function has been completely removed from all US models The above function is for non US models on...

Page 82: ...EE 802 11b and IEEE 802 11g wireless clients Make sure that your notebook or computer s wireless adapter supports one of these standards 2 Wireless adapters come with software sometimes called a utility that you install on your computer See your wireless adapter s User s Guide for information on how to do that 3 After you ve installed the utility open it If you cannot see your utility s icon on yo...

Page 83: ...ick Connect Figure 50 Connecting a Wireless Client to a Wireless Network t 5 Select WPA PSK and type the security key in the following screen Click Next Figure 51 Security Settings 6 The Confirm Save window appears Check your settings and click Save to continue Figure 52 Confirm Save ...

Page 84: ...ion is weak or you have no connection see the Troubleshooting section of this User s Guide Figure 53 Link Status 8 If your connection is successful open your Internet browser and enter http www zyxel com or the URL of any other web site in the address bar If you are able to access the web site your wireless connection is successfully configured ...

Page 85: ...mputer network limited to the immediate area usually the same building or floor of a building The LAN screen can help you identify your local network Figure 54 Local Area Network 7 2 What You Can Do Use the LAN IP screen Section 7 4 on page 87 to change your basic LAN settings 7 3 What You Need to Know The following sections provide information that you may need when configuring the LAN IP screen ...

Page 86: ...lt in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability 7 3 4 Factory LAN Defaults The LAN parameters of the P 320W v3 are preset in the factory with the following values IP address of 192 168 1 1 with subnet mask of 255 255 255 0 24 bits DHCP server enabled with 32 client IP addresses starting from 192 168 1 33 These parameters should ...

Page 87: ...P address of your P 320W v3 in dotted decimal notation 192 168 1 1 factory default IP Subnet Mask The subnet mask specifies the network number portion of an IP address Your P 320W v3 will automatically calculate the subnet mask based on the IP address that you assign Unless you are implementing subnetting use the subnet mask computed by the P 320W v3 Apply Click Apply to save your changes back to ...

Page 88: ...Chapter 7 LAN P 320W v3 User s Guide 88 ...

Page 89: ...he clients If DHCP service is disabled you must have another DHCP server on your LAN or Guest WLAN or else the computer must be manually configured 8 2 What You Can Do Use the DHCP Server General screen Section 8 3 on page 89 to enable and configure your DHCP server Use the Static DHCP screen Section 8 4 on page 91 to change your P 320W v3 s Static DHCP settings Use the Client List screen Section ...

Page 90: ...field specifies the size or count of the IP address pool Lease Time Select how long a computer can lease its IP address in the network You can select from 1 HOUR default to as long as Forever unlimited time DNS Servers The P 320W v3 passes a DNS Domain Name System server IP address in the order you specify here to the DHCP clients The P 320W v3 only passes this information to the LAN DHCP clients ...

Page 91: ...P tab The following screen displays Figure 57 Network DHCP Server Advanced The following table describes the labels in this screen 8 5 Client List Screen The DHCP table shows current DHCP client information including IP Address Host Name and MAC Address of LAN or Guest WLAN network clients using the P 320W v3 s DHCP servers Table 37 Network DHCP Server Advanced LABEL DESCRIPTION This is the index ...

Page 92: ...d above Host Name This field displays the computer host name MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal notation A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory This address follows an industry standard that ensures no other adapter has a si...

Page 93: ...r P 320W v3 Use the Port Forwarding screen Section 9 5 on page 97 to define the local servers to which the incoming services will be forwarded Use the Trigger Port screen Section 9 3 2 on page 95 change your P 320W v3 s trigger port settings 9 3 What You Need to Know The following section provides information on how you can properly configure NAT Note You must create a firewall rule in addition to...

Page 94: ...is simply discarded Note Many residential broadband ISP accounts do not allow you to run any server processes such as a Web or FTP server from your location Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP 9 3 1 1 Configuring Servers Behind Port Forwarding Example Let s say you want to ...

Page 95: ...uest After that computer s connection for that service closes another computer on the LAN can use the service in the same manner This way you do not need to configure a new IP address each time you want a different LAN computer to use the application 9 3 2 1 Trigger Port Forwarding Example The following is an example of trigger port forwarding Figure 60 Trigger Port Forwarding Process Example 1 Ja...

Page 96: ...screen 9 5 Port Forwarding Screen Port forwarding allows you to define the local servers to which the incoming services will be forwarded To change your P 320W v3 s port forwarding settings click Network NAT Application The screen appears as shown Table 39 Network NAT General LABEL DESCRIPTION Enable Network Address Translation Network Address Translation NAT allows the translation of an Internet ...

Page 97: ...erver Setup Default Server Type the inside IP address of the server that receives packets from the port s that are not specified in the Port field Port Forwarding This is the number of an individual port forwarding server entry Active This icon is turned on when the rule is enabled Name This field displays a name to identify this rule Start Port This field displays a start port number End Port Thi...

Page 98: ...ce Name and Port fields to the previous one Table 40 NAT Application continued LABEL DESCRIPTION Table 41 Network NAT General LABEL DESCRIPTION Active Select the check box to enable this port forwarding entry Clear the checkbox to disallow forwarding of these ports to an inside server without having to delete the entry Service Name Type a Service Name to identify this port forwarding rule Start Po...

Page 99: ...racters are permitted including spaces Incoming Incoming is a port or a range of ports that a server on the WAN uses when it sends out a particular service The P 320W v3 forwards the traffic with this port or range of ports to the client computer on the LAN that requested the service Start Port Type a port number or the starting port number in a range of port numbers End Port Type a port number or...

Page 100: ...ttlefield 1942 port 14567 22000 23000 23009 27900 28900 2 name Call of Duty port 28960 3 name Civilization IV port 2056 4 name Diablo I and II port 6112 6119 4000 5 name Doom 3 port 27666 6 name F E A R port 27888 7 name Final Fantasy XI port 25 80 110 443 50000 65535 8 name Guild Wars port 6112 80 9 name Half Life port 6003 7002 27005 27010 27011 27015 10 name Jedi Knight III Jedi Academy port 28...

Page 101: ...s Frames coming from computer A are tagged with Port VLAN ID PVID 1 and those from computer B are tagged with PVID 2 When computers A and B request IP addresses the P 320W v3 forwards this to the VLAN aware switch D The switch sends each request to the corresponding DHCP server Computer A gets its IP address from DHCP Server 1 and computer B gets its IP address from DHCP server 2 Figure 66 VLAN Ex...

Page 102: ...AN Tag The CFI Canonical Format Indicator is a single bit flag always set to zero for Ethernet switches If a frame received at an Ethernet port has a CFI set to 1 then that frame should not be forwarded as it is to an untagged port The remaining twelve bits define the VLAN ID giving a possible maximum number of 4 096 VLANs Note that user priority and VLAN ID are independent of each other A frame w...

Page 103: ...lays the port name LAN1 LAN4 Setting Specify whether a port is LAN default for all ports or is part of a VLAN Note Port 4 s setting is always set to LAN This ensures that you can manage the P 320W v3 through a LAN port if necessary PVID Enter the Port VLAN ID 1 4094 to add to untagged frames received on each port Apply Click Apply to save your changes back to the P 320W v3 Reset Click Reset to beg...

Page 104: ...Chapter 10 VLAN P 320W v3 User s Guide 104 ...

Page 105: ...105 PART III Security Firewall 117 Content Filtering 125 ...

Page 106: ...106 ...

Page 107: ...so that a computer in one location can communicate with computers in other locations Figure 68 LAN and WAN See the chapter about the connection wizard for more information on the fields in the WAN screens 11 2 What You Can Do Use the Internet Connection screen Section 11 3 on page 108 to configure your P 320W v3 s Internet access settings Use the Advanced screen Section 11 4 on page 114 to change ...

Page 108: ...ABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation Choose the Ethernet option when the WAN port is used as a regular Ethernet Service Type Choose from Standard RR Toshiba Roadrunner Toshiba authentication method RR Manager Roadrunner Manager authentication method RR Telstra RoadRunner Telstra authentication method or Telia Login The following fields do not appear with the Standard s...

Page 109: ...ed PPPoE software installed since the P 320W v3 does that part of the task Furthermore with NAT all of the LANs computers will have access Get automatically from ISP Select this option If your ISP did not assign you a fixed IP address This is the default selection Use Fixed IP Address Select this option If the ISP assigned a fixed IP address IP Address Enter your WAN IP address in this field if yo...

Page 110: ...each the PPPoE server User Name Type the user name given to you by your ISP Password Type the password associated with the user name above Retype to Confirm Type your password again to make sure that you have entered is correctly Nailed Up Connection Select Nailed Up Connection if you do not want the connection to time out MTU The Maximum Transmission Unit MTU refers to the largest packet size tha...

Page 111: ...in this field if you selected Use Fixed IP Address Remote IP Address Enter the remote IP address if your ISP gave you one in this field Remote IP Subnet Mask Enter the remote IP subnet mask in this field WAN MAC Address The MAC address section allows users to configure the WAN port s MAC address by using the P 320W v3 s MAC address copying the MAC address from a computer on your LAN or manually en...

Page 112: ... client you must configure the User Name and Password fields for a PPP connection and the PPTP parameters for a PPTP connection User Name Type the user name given to you by your ISP Password Type the password associated with the user name above Retype to Confirm Type your password again to make sure that you have entered is correctly For PPTP Route Nailed up Connection Select Nailed Up Connection ...

Page 113: ...y from ISP Select this option If your ISP did not assign you a fixed IP address This is the default selection Use Fixed IP Address Select this option If the ISP assigned a fixed IP address My WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address Remote IP Address Enter the remote IP address if your ISP gave you one in this field Remote IP Subnet Mask Enter the...

Page 114: ...ed The screen appears as shown Figure 73 Network WAN Advanced Table 47 WAN Advanced LABEL DESCRIPTION First DNS Server Second DNS Server Enter the DNS server s IP address in the field to the right If you set a second choice to User Defined and enter the same IP address the second User Defined changes to None after you click Apply If you do not configure a DNS server you must know the IP address of...

Page 115: ...PPTP or PPPoE Encapsulation type 0 0 0 0 to configure the P 320W v3 to check the PVC Permanent Virtual Circuit or PPTP tunnel Fail Tolerance Type the number of times your P 320W v3 may attempt and fail to connect to the Internet before traffic is forwarded to the backup gateway Period Type the number of seconds for the P 320W v3 to wait between checks to see if it can connect to the WAN IP address...

Page 116: ...Chapter 11 WAN P 320W v3 User s Guide 116 ...

Page 117: ...ewall is one of the mechanisms used to establish a network security perimeter in support of a network security policy It should never be the only mechanism or method employed For a firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be implemented within the fire...

Page 118: ... and the World Wide Web However inbound access is not allowed by default unless the remote host is authorized to use a specific service 12 3 1 1 Stateful Inspection Firewall Stateful inspection firewalls restrict access by screening data packets against defined access rules They make access control decisions based on IP address and protocol They also inspect the session data to assure the integrit...

Page 119: ...ify the services you want to block and the date time you want to block them Table 49 Security Firewall General LABEL DESCRIPTION Enable SPI mode Check this to enable SPI The inspects incoming packets and determines whether the destination and source port is in the session table or not Enable Firewall Select this check box to activate the firewall The P 320W v3 performs access control and protects ...

Page 120: ...Add to add the port to the Blocked Services field Blocked Services This is a list of services ports that will be inaccessible to computers on your LAN once you enable service blocking Choose the IP port TCP UDP or TCP UDP that defines your customized port from the drop down list box Custom Port A custom port is a service that is not available in the pre defined Available Services list and you must...

Page 121: ...ing rules to block packets for the services at specific interfaces 6 Protect against IP spoofing by making sure the firewall is active Keep the firewall in a secured locked room Delete Select a service from the Blocked Services list and then click Delete to remove this service from the list Clear Click Clear to empty the Blocked Services Schedule to Block Day to Block Select a check box to configu...

Page 122: ... Finger is a UNIX or Internet related command that can be used to find out if a user is logged on FTP TCP 20 21 File Transfer Program a program to enable fast transfer of files including large files that may not be possible by e mail H 323 TCP 1720 Net Meeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS HTTPS is a secured http s...

Page 123: ...ssages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for use with the SNMP RFC 1215 SQL NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems including mainframes midrange systems UNIX systems and network servers SSDP UDP 1900 Simole Service Discovery Protocol SSDP is a d...

Page 124: ...Chapter 12 Firewall P 320W v3 User s Guide 124 ...

Page 125: ...ock certain web features or specific URL keywords The P 320W v3 can block web features such as ActiveX controls Java applets cookies and disable web proxies 13 2 What You Can Do Use the Filter screen Section 13 3 on page 125 to configure filter rules on your P 320W v3 13 3 Filter Screen Use this screen to block web features such as ActiveX controls Java applets cookies and disable web proxies You ...

Page 126: ...intranet business applications of all kinds Cookies Used by Web servers to track usage and provide service based on ID Web Proxy A server that acts as an intermediary between a user and the Internet to provide security administrative control and caching service When a proxy server is located on the WAN it is possible for LAN users to circumvent content filtering by pointing to this proxy server Ke...

Page 127: ...ords within www zyxel com tw 13 4 2 Full Path URL Checking Full path URL checking has the P 320W v3 check the characters that come before the last slash in the URL For example with the URL www zyxel com tw news pressroom php full path URL checking searches for keywords within www zyxel com tw news Add Click Add after you have typed a keyword Repeat this procedure to add other keywords Up to 64 key...

Page 128: ... URL s full path 13 4 3 File Name URL Checking Filename URL checking has the P 320W v3 check all of the characters in the URL For example filename URL checking searches for keywords within the URL www zyxel com tw news pressroom php Use the ip urlfilter customize actionFlags 8 disable enable command to extend or not extend the keyword blocking search to include the URL s complete filename ...

Page 129: ...129 PART IV Management Static Route 131 Remote Management 135 Universal Plug and Play UPnP 141 ...

Page 130: ...130 ...

Page 131: ...e through the default gateway use static routes For example the next figure shows a computer A connected to the P 320W v3 s LAN interface The P 320W v3 routes most traffic from A to the Internet through the P 320W v3 s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network beh...

Page 132: ... is active Click the Edit icon under Modify and select the Active checkbox in the Static Route Setup screen to enable the static route Clear the checkbox to disable this static route without having to delete the entry Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gateway The gatew...

Page 133: ... parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address Enter the IP address of the gateway The gateway is an im...

Page 134: ...Chapter 14 Static Route P 320W v3 User s Guide 134 ...

Page 135: ...terface if any from which computers You may manage your P 320W v3 from a remote location via LAN only Both WAN and LAN Figure 80 Remote Management Example In the figure above the P 320W v3 A is being managed by a desktop computer B connected via LAN Land Area Network It is also being accessed by a notebook C connected via WAN Wide Area Network You may only have one remote management session runnin...

Page 136: ...of the remote management screens 2 The IP address in the Secured Client IP Address field Section 15 4 on page 137 does not match the client IP address If it does not match the P 320W v3 will disconnect the session immediately 3 There is already another remote management session with an equal or higher priority running You may only have one remote management session running at one time 4 There is a...

Page 137: ...for a service if needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access the P 320W v3 using this service Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the P 320W v3 using this service Select All to allow any computer to access ...

Page 138: ...efault is public and allows all requests Set Community Enter the Set community which is the password for incoming Set requests from the management station The default is public and allows all requests SNMP Service Access Select the interface s through which a computer may access the P 320W v3 using this service Secured Client IP Address A secured client is a trusted computer that is allowed to com...

Page 139: ...application user To configure how your P 320W v3 responds to ping from WAN click Management Remote MGMT to display the Security screen Figure 83 Management Remote MGMT Security The following table describes the labels in this screen Table 57 Management Remote MGMT Security LABEL DESCRIPTION Do not respond to ping from WAN Check this if you do not want the P 320W v3 respond to any incoming WAN Ping...

Page 140: ...Chapter 15 Remote Management P 320W v3 User s Guide 140 ...

Page 141: ...can leave a network smoothly and automatically when it is no longer in use See Section 16 4 on page 143 for configuration instructions 16 2 What You Can Do Use the General screen Section 16 4 on page 143 to activate UPnP 16 3 What You Need to Know The following sections provide information that can help you configure the UPnP screen 16 3 1 How do I know if I m using UPnP UPnP hardware is identifie...

Page 142: ...ons with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues Network information and configuration may also be obtained and modified by users in some network environments When a UPnP device joins a network it announces its presence with a multicast message For security reasons the P 320W v3 allows...

Page 143: ... in Windows Me and Windows XP 16 5 1 1 Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me 1 Click Start and Control Panel Double click Add Remove Programs Table 58 Management UPnP General LABEL DESCRIPTION Enable the Universal Plug and Play UPnP Feature Select this check box to activate UPnP Be aware that anyone could use a UPnP application to open the web confi...

Page 144: ...d select Communication in the Components selection box Click Details Figure 85 Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Figure 86 Add Remove Programs Windows Setup Communication Components ...

Page 145: ...lick Next 5 Restart the computer when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Figure 87 Network Connections ...

Page 146: ...ay UPnP P 320W v3 User s Guide 146 4 The Windows Optional Networking Components Wizard window displays Select Networking Service in the Components selection box and click Details Figure 88 Windows Optional Networking Components Wizard ...

Page 147: ... click Next 16 5 1 2 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the P 320W v3 Make sure the computer is connected to a LAN port of the P 320W v3 Turn on your computer and the P 320W v3 Auto discover Your UPnP enabled Network Device 1 Click Start and Control Panel Double c...

Page 148: ...Chapter 16 Universal Plug and Play UPnP P 320W v3 User s Guide 148 2 Right click the icon and select Properties Figure 90 Network Connections ...

Page 149: ...iversal Plug and Play UPnP P 320W v3 User s Guide 149 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Figure 91 Internet Connection Properties ...

Page 150: ...he port mappings or click Add to manually add port mappings Figure 92 Internet Connection Properties Advanced Settings Figure 93 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically ...

Page 151: ...display your current Internet connection status Figure 95 Internet Connection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the P 320W v3 without finding out the IP address of the P 320W v3 first This comes helpful if you do not know the IP address of the P 320W v3 Follow the steps below to access the web configurator 1 Click Start and then Control Pane...

Page 152: ...ersal Plug and Play UPnP P 320W v3 User s Guide 152 3 Select My Network Places under Other Places Figure 96 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network ...

Page 153: ...and select Invoke The web configurator login screen displays Figure 97 Network Connections My Network Places 6 Right click on the icon for your P 320W v3 and select Properties A properties window displays with basic information about the P 320W v3 Figure 98 Network Connections My Network Places Properties Example ...

Page 154: ...Chapter 16 Universal Plug and Play UPnP P 320W v3 User s Guide 154 ...

Page 155: ...155 PART V Maintenance and Troubleshooting System 157 Logs 163 Product Specifications 193 ...

Page 156: ...156 ...

Page 157: ...de information that can be helpful in configuring the screens in this chapter 17 3 1 Dynamic DNS Introduction Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you in NetMeeting CU SeeMe etc You can also access your FTP server or Web site on your own computer using a domain name for instance myhost dhs org where myhost...

Page 158: ...t dyndns org to be aliased to the same IP address as yourhost dyndns org This feature is useful if you want to be able to use for example www yourhost dyndns org and still reach your hostname If you have a private WAN IP address then you cannot use Dynamic DNS 17 4 System General Screen Use this screen to identify the P 320W v3 in an Ethernet network Click Maintenance System The following screen d...

Page 159: ... 5 minutes After it times out you have to log in with your password again Very long idle timeouts may have security risks A value of 0 means a management session never times out no matter how long it has been left idle not recommended Administrator Password Setup Change the administrator s password using the fields as shown Old Password Type the default password or the existing password you use to...

Page 160: ...Select this check box to use dynamic DNS Service Provider Select the name of your Dynamic DNS service provider Host Name Enter a host names in the field provided You can specify up to two host names in the field separated by a comma User Name Enter your user name Password Enter the password assigned to you Enable Wildcard Option Select the check box to enable DynDNS Wildcard Apply Click Apply to s...

Page 161: ...oad this page the P 320W v3 synchronizes the time with the time server Current Date This field displays the date of your P 320W v3 Each time you reload this page the P 320W v3 synchronizes the date with the time server Time and Date Setup Manual Select this radio button to enter the time and date manually If you configure a new time and date Time Zone and Daylight Saving at the same time the new t...

Page 162: ... Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sunday March The time you type in the o clock field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GM...

Page 163: ...P 320W v3 to send 18 3 What You Need to Know An alert is a type of log that warrants more serious attention They include system errors attacks access control and attempted access to blocked web sites or web sites with restricted web features such as cookies active X and so on Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View...

Page 164: ...indicates ascending or descending sort order Click Maintenance Logs to open the View Log screen Figure 102 Maintenance Logs View Log The following table describes the labels in this screen Table 62 Maintenance Logs View Log LABEL DESCRIPTION Email Log Now Click Email Log Now to send the log screen to the e mail address specified in the Log Settings page make sure that you have first filled in the ...

Page 165: ...ing table describes the labels in this screen Table 63 Maintenance Logs Log Settings LABEL DESCRIPTION E mail Log Settings Active Click Active to enable the log feature Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert messages will not be sent via E mail Mail Subject Type a title that you want...

Page 166: ... with the user name above Syslog Logging The P 320W v3 sends a log to an external syslog server Active Click Active to enable syslog logging Syslog Server IP Address Enter the server name or IP address of the syslog server that will log the selected categories of logs Log Facility Select a location from the drop down list box The log facility allows you to log the messages to different files in th...

Page 167: ... initialized by Daytime Server The router got the time and date from the Daytime server Time initialized by Time server The router got the time and date from the time server Time initialized by NTP server The router got the time and date from the NTP server Connect to Daytime server fail The router was not able to connect to the Daytime server Connect to Time server fail The router was not able to...

Page 168: ...tion rule d Attempted TCP UDP IGMP ESP GRE OSPF access matched or did not match a configured firewall rule denoted by its number and was blocked or forwarded according to the rule Triangle route packet forwarded TCP UDP IGMP ESP GRE OSPF The firewall allowed a triangle route session to pass through Packet without a NAT table entry blocked TCP UDP IGMP ESP GRE OSPF The router blocked a packet that ...

Page 169: ...er sent a TCP reset packet when the number of incomplete connections TCP and UDP exceeded the user configured threshold Incomplete count is for all TCP and UDP connections through the firewall Note When the number of incomplete connections TCP UDP Maximum Incomplete High the router sends TCP RST packets for TCP connections and destroys TOS firewall dynamic sessions until incomplete connections Max...

Page 170: ...ICMP packet ICMP The router sent an ICMP reply packet to the sender Table 70 CDR Logs LOG MESSAGE DESCRIPTION board d line d channel d call d s C01 Outgoing Call dev x ch x s The router received the setup requirements for a call call is the reference count number of the call dev is the device type 3 is for dial up 6 is for PPPoE 10 is for PPTP channel or ch is the call channel ID For example board...

Page 171: ... detected proxy mode in the packet s The content filter server responded that the web site is in the blocked category list but it did not return the category type s s The content filter server responded that the web site is in the blocked category list and returned the category type s cache hit The system detected that the web site is in the blocked list from the local cache but does not know the ...

Page 172: ... detected an ICMP echo attack For type and code details see Table 78 on page 175 syn flood TCP The firewall detected a TCP syn flood attack ports scan TCP The firewall detected a TCP port scan attack teardrop TCP The firewall detected a TCP teardrop attack teardrop UDP The firewall detected an UDP teardrop attack teardrop ICMP type d code d The firewall detected an ICMP teardrop attack For type an...

Page 173: ...ate with subject name as recorded from the LDAP server whose IP address and port are recorded in the Source field Rcvd CRL size issuer name The router received a CRL Certificate Revocation List with size and issuer name as recorded from the LDAP server whose IP address and port are recorded in the Source field Rcvd ARL size issuer name The router received an ARL Authority Revocation List with size...

Page 174: ...er Please check the RADIUS Server Local User Database does not support authentication method The local user database only supports the EAP MD5 method A user tried to use another authentication method and was not authenticated User logout because of session timeout expired The router logged out a user whose session expired User logout because of user deassociation The router logged out a user who e...

Page 175: ...o WAN P 320W v3 ACL set for packets traveling from the WAN to the WAN or the P 320W v3 Table 78 ICMP Notes TYPE CODE DESCRIPTION 0 Echo Reply 0 Echo reply message 3 Destination Unreachable 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don t Fragment DF 5 Source route failed 4 Source Quench 0 A g...

Page 176: ...s hostname src srcIP srcPort dst dstIP dstPort msg msg note note devID mac address last three numbers cat category This message is sent by the system RAS displays as the system name if you haven t configured one when the router generates a syslog The facility is defined in the web MAIN MENU LOGS Log Settings page The severity is the log s syslog class The definition of messages and notes are defin...

Page 177: ...Logs P 320W v3 User s Guide 177 CER_REQ Certificate Request HASH Hash SIG Signature NONCE Nonce NOTFY Notification DEL Delete VID Vendor ID Table 80 RFC 2408 ISAKMP Payload Types continued LOG DISPLAY PAYLOAD TYPE ...

Page 178: ...Chapter 18 Logs P 320W v3 User s Guide 178 ...

Page 179: ...a configuration file to your P 320W v3 You can also reset the P 320W v3 to its factory default settings Use the Restart screen Section 19 5 on page 183 to reboot your P 320W v3 19 3 Firmware Upload Screen Find firmware at www zyxel com in a file that usually uses the system model name with a bin extension e g P 320W v3 bin The upload process uses HTTP Hypertext Transfer Protocol and may take up to...

Page 180: ...s time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 106 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen Table 81 Maintenance Tools Firmware LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to ...

Page 181: ...nce Tools Configuration Figure 108 Maintenance Tools Configuration 19 4 1 Backup Configuration Backup configuration allows you to back up save the P 320W v3 s current configuration to a file on your computer Once your P 320W v3 is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup configuration file w...

Page 182: ...nect In some operating systems you may see the following icon on your desktop Figure 110 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default P 320W v3 IP address 192 168 1 1 See Appendix C on page 217 for details on how to set up your computer s IP address Table 82 Maintenance...

Page 183: ...ation and returns the P 320W v3 to its factory defaults You can also press the RESET button on the rear panel to reset the factory defaults of your P 320W v3 Refer to the chapter about introducing the web configurator for more information on the RESET button 19 5 Restart Screen System restart allows you to reboot the P 320W v3 without turning the power off Click Maintenance Tools Restart Click Res...

Page 184: ...Chapter 19 Tools P 320W v3 User s Guide 184 ...

Page 185: ... 1 Power Hardware Connections and LEDs The P 320W v3 does not turn on None of the LEDs turn on 1 Make sure you are using the power adaptor or cord included with the P 320W v3 2 Make sure the power adaptor or cord is connected to the P 320W v3 and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or cord to the P 320W v3 ...

Page 186: ... address of the P 320W v3 it depends on the network so enter this IP address in your Internet browser Login see the Quick Start Guide for instructions and go to the Device Information table in the Status screen Your P 320W v3 s IP address is available in the Device Information table If the DHCP setting under LAN information is Enabled The P 320W v3 is a DHCP server on LAN 3 If your P 320W v3 is a ...

Page 187: ... If you know that there are routers between your computer and the P 320W v3 skip this step If there is a DHCP server on your network make sure your computer is using a dynamic IP address See Section 7 3 on page 102 If there is no DHCP server on your network make sure your computer s IP address is in the same subnet as the P 320W v3 See Section 7 3 on page 102 5 Reset the device to its factory defa...

Page 188: ... and make sure the LEDs are behaving as expected See the Quick Start Guide 2 Make sure you entered your ISP account information correctly in the wizard These fields are case sensitive so make sure Caps Lock is not on 3 If you are trying to access the Internet wirelessly make sure the wireless settings in the wireless client are the same as the settings in the AP 4 Disconnect all the cables from yo...

Page 189: ... v3 4 If the problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Check the settings for bandwidth management If it is disabled you might consider activating it If it is enabled you might consider changing the allocations Check the settings for QoS If it is disabled you might consider activating it If it is enabled you might cons...

Page 190: ...AN is enabled on the P 320W v3 2 Make sure the wireless adapter on the wireless station is working properly 3 Make sure the wireless adapter installed on your computer is IEEE 802 11 compatible and supports the same wireless standard as the P 320W v3 4 Make sure your computer with a wireless adapter installed is within the transmission range of the P 320W v3 5 Check that both the P 320W v3 and you...

Page 191: ...you select the Enable URL Keyword Blocking check box in the Content Filtering screen Make sure that the keywords that you type are listed in the Keyword List If a keyword that is listed in the Keyword List is not blocked when it is found in a URL customize the keyword blocking using commands See the Customizing Keyword Blocking URL Checking section in the Content Filter chapter ...

Page 192: ...Chapter 20 Troubleshooting P 320W v3 User s Guide 192 ...

Page 193: ...to the P 320W v3 without the cost of a hub when connecting to the Internet through the WAN port You can add up to five computers to the P 320W v3 when you connect to the Internet in AP mode Add more than four computers to your LAN by using a hub LEDs PWR LAN1 4 WAN WLAN WPS Reset Button The reset button is built into the rear panel Use this button to restore the P 320W v3 to its factory default se...

Page 194: ...e to RF Radio Frequency interference from other 2 4 GHz devices such as microwave ovens wireless phones Bluetooth enabled devices and other wireless LANs Firmware Upgrade Download new firmware when available from the ZyXEL web site and use the web configurator to put it on the P 320W v3 Note Only upload firmware for your specific model Configuration Backup Restoration Make a copy of the P 320W v3 ...

Page 195: ... a server mail or web server for example on your network then use this feature to let people access it from the Internet DHCP Dynamic Host Configuration Protocol Use this feature to have the P 320W v3 assign IP addresses an IP default gateway and DNS servers to computers on your network Dynamic DNS Support With Dynamic DNS Domain Name System support you can use a fixed URL www zyxel com for exampl...

Page 196: ...Chapter 21 Product Specifications P 320W v3 User s Guide 196 ...

Page 197: ...I Appendices and Index Pop up Windows JavaScripts and Java Permissions 199 IP Addresses and Subnetting 207 Setting up Your Computer s IP Address 217 Wireless LANs 235 Services 247 Legal Information 251 Index 255 ...

Page 198: ...198 ...

Page 199: ...t Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocke...

Page 200: ...n the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 114 Internet Options Privacy 3 Click Apply to save this setting Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab ...

Page 201: ... 320W v3 User s Guide 201 2 Select Settings to open the Pop up Blocker Settings screen Figure 115 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 ...

Page 202: ...Add to move the IP address to the list of Allowed sites Figure 116 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScripts are allowed ...

Page 203: ...orer click Tools Internet Options and then the Security tab Figure 117 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default ...

Page 204: ...k OK to close the window Figure 118 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected ...

Page 205: ...ssions P 320W v3 User s Guide 205 5 Click OK to close the window Figure 119 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected ...

Page 206: ...Appendix A Pop up Windows JavaScripts and Java Permissions P 320W v3 User s Guide 206 3 Click OK to close the window Figure 120 Java Sun ...

Page 207: ...r and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the ...

Page 208: ...re part of the host ID using a logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network num...

Page 209: ...ines the maximum number of possible hosts you can have on your network The larger the number of network number bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address with host IDs of all ones is the broadcast address for that network 192 168 1 255 with a 24 bit s...

Page 210: ...s For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks using both notations Table 87 Maximum Host Numbers SUBNET MASK HOST ID SIZE MAXIMUM NUMBER OF HOSTS 8 bits 255 0 0 0 24 bits 224 2 16777214 16 bits 255 255 0 0 16 bits 216 2 65534 24 bits 255 255 255 0 8 bits 28 2 254 29 bits 255 255 255 2 48 3 bits 23 ...

Page 211: ...s 192 168 1 0 The first three octets of the address 192 168 1 are the network number and the remaining octet is the host ID allowing a maximum of 28 2 or 254 possible hosts The following figure shows the company network before subnetting Figure 122 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet...

Page 212: ...255 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 b...

Page 213: ...ER LAST OCTET BIT VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host ID 192 168 1 65 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Table 91 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 1010...

Page 214: ...92 168 1 255 Highest Host ID 192 168 1 254 Table 92 Subnet 4 continued IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE Table 93 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Table 94 24 bit Network Number Subnet Planning NO BORROWED H...

Page 215: ...please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the P 320W v3 Once you have decided on the network number pick an IP address for your P 320W v3 that is easy to remember for instance 192 168 1 1 but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of a...

Page 216: ...etworks 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger orga...

Page 217: ... IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dyna...

Page 218: ...Installing Components The Network window Configuration tab displays a list of installed components You need a network adapter the TCP IP protocol and Client for Microsoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window click...

Page 219: ...Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer so the changes you made take effect Configuring 1 In the Network window Configuration tab select your network adapter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Spe...

Page 220: ...operties DNS Configuration 4 Click the Gateway tab If you do not know your gateway s IP address remove previously installed gateways If you have a gateway IP address type it in the New gateway field and click Add 5 Click OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your Prestige and restart your computer when p...

Page 221: ...elect your network adapter You should see your computer s IP address subnet mask and default gateway Windows 2000 NT XP The following example figures use the default Windows XP GUI theme 1 Click start Start in Windows 2000 NT Settings Control Panel Figure 127 Windows XP Start Menu ...

Page 222: ...22 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 128 Windows XP Control Panel 3 Right click Local Area Connection and then click Properties Figure 129 Windows XP Control Panel Network Connections Properties ...

Page 223: ... Properties Figure 130 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields ...

Page 224: ...P addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default met...

Page 225: ...rties 7 In the Internet Protocol TCP IP Properties window the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields ...

Page 226: ...lick Close OK in Windows 2000 NT to close the Local Area Connection Properties window 10 Close the Network Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your Prestige and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also...

Page 227: ...etting up Your Computer s IP Address P 320W v3 User s Guide 227 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 134 Macintosh OS 8 9 Apple Menu ...

Page 228: ... assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Prestige in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your Prestige and restart your computer if prompted Verifying Settin...

Page 229: ...references to open the System Preferences window Figure 136 Macintosh OS X Apple Menu 2 Click Network in the icon bar Select Automatic from the Location list Select Built in Ethernet from the Show list Click the TCP IP tab 3 For dynamically assigned settings select Using DHCP from the Configure list Figure 137 Macintosh OS X Network ...

Page 230: ...f prompted Verifying Settings Check your TCP IP properties in the Network window Linux This section shows you how to configure your computer s TCP IP settings in Red Hat Linux 9 0 Procedure screens and file location may vary depending on your Linux distribution and release version Note Make sure you are logged in as the root administrator Using the K Desktop Environment KDE Follow the steps below ...

Page 231: ...tically obtain IP address settings with and select dhcp from the drop down list If you have a static IP address click Statically set IP Addresses and fill in the Address Subnet mask and Default Gateway Address fields 3 Click OK to save the changes and close the Ethernet Device General screen 4 If you know your DNS server IP address es click the DNS tab in the Network Configuration screen Enter the...

Page 232: ...uration screen Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address 1 Assuming that you have only one network card on the computer locate the ifconfig eth0 configuration file where eth0 is the name of the Ethernet card Open the configuration file with any plain text editor If you have a dynamic IP address enter dhcp in the BOOTPR...

Page 233: ... in the etc directory The following figure shows an example where two DNS server IP addresses are specified Figure 144 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configuration files you must restart the network card Enter network restart in the etc rc d init d directory The following figure shows an example Figure 145 Red Hat 9 0 Restart Ethernet Card DEVICE eth0 ONBOOT ...

Page 234: ...ies root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717 errors 0 dropped 0 overruns 0 frame 0 TX packets 13 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 100 RX bytes 730412 713 2 Kb TX bytes 1570 1 5 Kb Interrupt 10 Base address 0x1...

Page 235: ...t network which is commonly referred to as an Ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an Ad hoc wireless LAN Figure 147 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless stations or between a wireless station and a wired...

Page 236: ...nded Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network tr...

Page 237: ...a different channel than an adjacent AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if yo...

Page 238: ...before an RTS Request To Send CTS Clear to Send handshake is invoked When a data frame exceeds the RTS CTS value you set between 0 to 2432 bytes the station that wants to transmit this frame must first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer their tra...

Page 239: ...ere are two preamble modes Long and Short Short preamble takes less time to process and minimizes overhead so it should be used in a good wireless network environment when all wireless stations support it Select Long if you have a noisy network or are unsure of what preamble mode your wireless stations support as all IEEE 802 11b compliant wireless adapters must support long preamble However not a...

Page 240: ...at allows additional authentication methods to be deployed with no changes to the access point or the wireless stations RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADIUS server handles the following tasks Authentication Determines the identity of the users Authoriza...

Page 241: ...sponse Sent by the RADIUS server to indicate that it has started or stopped accounting In order to ensure network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauthorized access Types of Authen...

Page 242: ... you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the server side authentications to establish a secure connection Client authentication is then done by sending username and password through the secure connection thus client ...

Page 243: ...roved data encryption and user authentication Encryption Both WPA and WPA2 improve data encryption by using Temporal Key Integrity Protocol TKIP Message Integrity Check MIC and IEEE 802 1x In addition to TKIP WPA2 also uses Advanced Encryption Standard AES in the Counter mode with Cipher block chaining Message authentication code Protocol CCMP to offer stronger encryption Temporal Key Integrity Pr...

Page 244: ...lt to decode data on a Wi Fi network than WEP making it difficult for an intruder to break into the network The encryption mechanisms used for WPA and WPA PSK are the same The only difference between the two is that WPA PSK uses a simple common password instead of user specific credentials The common password approach makes WPA PSK susceptible to brute force password guessing attacks but it s stil...

Page 245: ...uthentication 21 0 3 WPA 2 with RADIUS Application Example You need the IP address of the RADIUS server its port number default is 1812 and the RADIUS shared secret A WPA 2 application example with an external RADIUS server looks as follows A is the RADIUS server DS is the distribution system 1 The AP passes the wireless client s authentication request to the RADIUS server 2 The RADIUS server then...

Page 246: ...e these security features Table 98 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD ENTER MANUAL KEY IEEE 802 1X Open None No Disable Enable without Dynamic WEP Key Open WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable Shared WEP No Enable with Dynamic WEP Key Yes Enable without Dynamic WEP Key Yes Disable WPA TKI...

Page 247: ...e of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is User Defined the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation o...

Page 248: ...related command that can be used to find out if a user is logged on FTP TCP TCP 20 21 File Transfer Program a program to enable fast transfer of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used i...

Page 249: ...ce Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or other POP3S TCP 995 This is a more secure version of POP3 that runs over SSL PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_TUNNEL GRE User Defined 47 PPTP Point to Point Tunneling Protocol enables...

Page 250: ...Service Discovery Protocol supports Universal Plug and Play UPnP SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the In...

Page 251: ...sing out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of Zy...

Page 252: ...nd on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and the receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for help FCC Radiat...

Page 253: ... materials or workmanship for a period of up to two years from the date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent it shall deem necessary ...

Page 254: ...the services of this warranty contact your vendor You may also refer to the warranty policy for the region in which you bought the device at http www zyxel com web support_warranty_info php Registration Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com for global products or at www us zyxel com for North American products ...

Page 255: ...lts 183 restore 182 Cookies 126 copyright 251 CTS Clear to Send 238 D Daylight saving 162 DDNS 157 see also Dynamic DNS DHCP 32 89 DHCP server see also Dynamic Host Configuration Protocol DHCP client information 91 DHCP client list 91 DHCP server 86 89 DHCP table 32 91 DHCP client information DHCP status Dimensions 193 disclaimer 251 DNS 49 DNS server see also Domain name system Domain name 38 vs ...

Page 256: ...9 Independent Basic Service Set 235 Install UPnP 143 Windows Me 143 Windows XP 145 Internet Assigned Numbers Authority See IANA Internet connection Ethernet PPPoE see also PPP over Ethernet PPTP WAN connection Internet connection wizard 43 IP Address 87 97 IP address 49 dynamic IP Pool 90 J Java 126 L LAN 85 IP pool setup 86 LAN overview 85 LAN setup 85 LAN TCP IP 86 local user database 57 and enc...

Page 257: ...nt to Point Tunneling Protocol 46 Preamble Mode 239 Private 133 product registration 254 R RADIUS 240 Shared Secret Key 241 RADIUS Message Types 241 RADIUS Messages 241 RADIUS server 57 registration product 254 related documentation 3 Remote management 135 and NAT 136 limitations 136 remote management session 135 system timeout 136 Reset button 27 183 Reset the device 27 Restore configuration 182 ...

Page 258: ...e Authentication 244 user authentication 57 local user database 57 RADIUS server 57 User Name 160 V VID 102 number of possible VIDs 102 priority frame 102 VID VLAN Identifier 102 VLAN 101 ID 102 tagged 101 VPN 111 W WAN IP address assignment 48 WAN Wide Area Network 107 WAN advanced 114 WAN IP address 48 WAN IP address assignment 50 warranty 253 note 253 Web Configurator how to access 25 Overview ...

Page 259: ... 77 Wizard setup 37 complete 52 Internet connection 43 system information 38 wireless LAN 40 WLAN Interference 237 Security Parameters 246 WPA with RADIUS application example 59 WPA compatible 58 WPA WPA2 243 WPA2 with RADIUS application example 59 WPA2 PSK application example 59 WPA PSK application example 59 WPS 23 Z ZyNOS 29 ...

Page 260: ...Index P 320W v3 User s Guide 260 ...

Page 261: ......

Page 262: ......

Reviews: