Home

ZyXEL ZyAIR B-2000 User's Manual

Contents

1. i Bg ON V Start J Packet intoFilter Fetch First Filter Set Filter Set gt Fetch Next Fetch First Filter Set Filter Rule A Fetch Next Filter Rule gt Yes Yes T Next Filter Se Available Yes Y Execute N E S Filter Rule Check Next Rule l Forward Y x Drop f A Drop Packet j Accept Packet NS S Figure 7 2 Filter Rule Process 7 2 Filter Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch You can apply up to four filter sets to a particular port to block various types of packets Because each filter set can have up to six rules you can have a maximum of 24 rules active for a single port For incoming packets your ZyAIR applies data filters only Packets are processed depending on whether a match is found The following sections describe how to configure filter sets The Filter Structure of the ZyAIR A filter set consists of one or more filter rules Usually you would group related rules for example all the tules for NetBIOS into a single set and give it a descriptive name You can configure up to twelve filter sets with six rules in each set for a total of 72 filter rules in the system 7 2 Configuring a Filter Set To configure a filter set follow the steps shown next Step 1 Enter 21 in the main menu to display Menu 21 Filter Set Configuration Menu 21 Filter Set Configuration Filter Fil
2. PORT PVC PERMANENT VIRTUAL CIRCUIT 1 Ethernet LAN 2 1 3 2 13 12 14 xDSL 8 4 SNMP Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 9 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24 1 to 24 4 These tools include updates on system status port status log and trace capabilities and upgrades for the system software This chapter describes how to use these tools in detail Type 24 in the main menu to open Menu 24 System Maintenance as shown in the following figure Menu 24 System Maintenance System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode Call Control Time and Date Setting Remote Management Setup qs ER S4 4 Di 6 qe 8 95 T d Enter Menu Selection Number Figure 9 1 Menu 24 System Maintenance 9 1 System Status The first selection System Status gives you information on the status and statistics of the ports as shown in the next figure System Status is a tool that can be used to monitor your ZyAIR Specifically it gives you information on your LAN and Wireless LAN status number of packets sent and received To get to System Status type 24 to go to Menu 24 System Maintenance From this menu type 1 System Status There are two comman
3. 3 7 3 6 1 IP Alias Setup ioci ede ee Eee eid t Po Hes 3 8 3 7 Encapsul tion iicet i E ERR RE RT UR leven E E e E E 3 10 3 7 1 Ethemet A A A A te b c died ie beret 3 10 3 7 2 juu EE 3 10 3 7 3 Lu OR EE 3 10 3 8 IP Address Assignment o eet t STE Re Re eee ees 3 11 39 Internet Access CONABIO x RR ITA RR A ES 3 11 3 10 Internet Access Setup ie sore er teer eee ea EE I eere ete voee eto e uge 3 12 3 11 Wireless DANG s vets te acti e lia ends 3 13 Sell Wireless LAN Pa rametets eee e ere TEC eiie a 3 13 311 2 Wireless LAN Setup aet tee oe Oe t et Te REN aee Ee tests 3 15 A sexes RNAi RR RI En we 3 16 3 11 4 Requirements for Roaming sess 3 17 3 11 5 Enable the Roaming Feature on the ZyAIR ooocooccnnccncccoccnocnconnconoconccnnocn nono nonnnonnronnrnnnnnno 3 18 ADVANCED APPLICATIONS eee eese teen rssi Noraini tie EnS Nr sepa ens so poene se poena SS NAAS I Chapter 4 Wireless LAN Security Setup 4 celeres etes eese e eee ee enses tn netus sse tn stone seta setas s seta setas e sena 4 1 dt Levels of Security ice e d CREER ee e MERCURIUS Fa e ete Pee EE eC ate Bee 4 1 4 2 Data Encryption with WEP 228 66 anser e RO E e e esta 4 1 43 Network Authentication 2 eor SES Ee e Perte IER M e rote ee eei 4 3 4 3 1 EAP count e e Ado LI C Et due ctor e o Rus 4 3 4 3 2 DEBIT 4 3 4 3 3 Sequence for EAP Autbentteatton nono nonn non nono ronn ron n rro n rn nr ran rn nr rn rra nn 4 4
4. FIELD DESCRIPTION The filter rule number 1 to 6 A Active Y means the rule is active N means the rule is inactive Type The type of filter rule GEN for Generic IP for TCP IP Filter Rules These parameters are displayed here M More Y means there are more rules to check which form a rule chain with the present rule An action cannot be taken until the rule chain is complete N means there are no more rules to check You can specify an action to be taken for instance forward the packet drop the packet or check the next rule For the latter the next rule is independent of the rule just checked m Action Matched F means to forward the packet immediately and skip checking the remaining rules D means to drop the packet N means to check the next rule n Action Not Matched F means to forward the packet immediately and skip checking the remaining rules D means to drop the packet N means to check the next rule The protocol dependent filter rules abbreviation are listed as follows Table 7 2 Rule Abbreviations Used FILTER TYPE DESCRIPTION IP Pr Protocol SA Source Address SP Source Port Number DA Destination Address DP Destination Port Number Filter Configuration 7 5 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 7 2 Rule Abbreviations Used FILTER TYPE DESCRIPTION GEN Off Offset Len
5. 9 1 RTS Threshold ssesss 3 14 3 16 System Maintenance 9 1 9 3 10 2 10 5 10 13 10 14 11 1 11 2 A System Management Temmmnal 2 10 Schedule Sets System Timeout essere 13 4 Dita inertes 12 2 T Server 6 5 6 7 6 9 6 11 6 12 6 13 6 14 6 17 6 18 TOP P da 7 12 9 7 13 1 VIE iv TCP IP Parameters eee 3 2 setup a schedule sss 12 2 Telnet samt E den seien 13 1 Single PC per Modem Hardware Configuration I Telnet Configuration eee 13 1 SMT Menu Overview eene 2 8 Telnet Under NAT seen 13 1 SNMP TFTP CA 8 3 And FTP Over WAN 13 3 Configuration esses 8 2 Restrictions eis 13 3 EE 8 2 TFTP and FTP over WAN Will Not Work Manantial RERO 8 2 WHER ttr RUE OOERERSGEUE 10 4 HE 8 2 TETP File Transfer e 10 12 HH Index ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch TFTP Restrictions eese 10 4 The Teledat Router as a PPPoE Client J Time and Date Setting sss 11 2 Time Server 11 2 Time Zone eneit neesat ase ais eiaa 11 3 To avoid damage to the ZyAIR 2 4 Trace Records 9 4 Traditional Dial up Scenario I Troubleshooting Accessing ZyAIR B 1000 14 3 Ethernet Port 14 2 Password 14 1 SIE GE HE 14 1 U UNIX Syslog ense tee 9
6. FIELD DESCRIPTION Authentication Press SPACE BAR to select from Forced Authorized Forced Unauthorized or Control Auto The default is Forced Authorized Select Auto to authenticate all wireless clients Select Force Authorized to allow any user access to your wireless network without authentication Select Force UnAuthorized to deny all user access to your wireless network Wireless LAN Security Setup 4 5 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 4 2 IEEE802 1X System Security Field Descriptions FIELD DESCRIPTION ReAuthentica Specify the time interval between the RADIUS server s authentication checks of tion Timer wireless users connected to the network iniseconds This field is activated only when you select Auto authentication control The default time interval is 1800 seconds When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen Once you enable the EAP authentication you need to specify the external RADIUS server or create local user accounts for authentication 4 3 5 Configuring External RADIUS Server From Menu 23 System Security enter 2 to display Menu 23 2 System Security RADIUS Server as shown next Menu 23 2 System Security RADIUS Server Authentication Server Active No Server Address
7. ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch JAPAN PLUG STANDARDS AC Power Adapter Model JOD 48 1124 Input Power AC100Volts 50 60Hz 27VA Output Power DC12Volts 1 2A Power Consumption 10 W Safety Standards T Mark Japan Dentori AUSTRALIA AND NEW ZEALAND PLUG STANDARDS AC Power Adapter Model AD 1201200DS or AD 121200DS Input Power AC240Volts 50Hz 0 2A Output Power DC12Volts 1 2A Power Consumption 10 W Safety Standards NATA AS 3260 DD Power Adapter Specifications ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Clear to Send protocol sssse 3 14 4 Collision ets 9 2 EE a dec EUR eq apenas 1 1 Command Interpreten 11 1 Community is 8 2 A Computer Name 2 12 Ad hoc Configuration eee A condingns EE EE working over WAN 10 4 Antenna sister pibe festa 2 4 UE Connecting to a Cable Modem 2 3 Dircctiohal 25643 sena hon dk a G ecd Connecting to a DSL Modem 2 3 Omni directional sees G Types G Connections x R Additional Reme oce ceres 2 5 ENER NEE G ADSL Li 2 3 A 10 1 iia q A Se Console Ports gene Eege an esas 2 4 utbhenttcaton csse 5 3 5 4 EE IR eee Goes oes 1 1 Power Adapter 2 4 c Rear Panel ernan sz B Control and PPP Connectnons L Copy it pido 11 Back Panel Le Cost Of Transmission sse 5 6 5 9 connection
8. Y Apply DestAddrMask to Dest Addr Check Dest oP Ad dr Not Matched Matched y Check gt SC IP Pro tocol Not Matched gt Matched Y Check Sre amp _ _ Dest Port Ee Matched gt Matched y lt Moe gt Yes Y T No Action Not Matched Y Action Matched 3 Check Next Rule Check Next Rule Drop Forward an bg be Drop Forward a d E Drop Packet Check Next Rule gt AcceptPacket M M ES M A Figure 7 8 Executing an IP Filter Filter Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 7 3 2 Generic Filter Rule This section shows you how to configure a generic filter rule The purpose of generic rules is to allow you to filter non IP packets For IP it is generally easier to use the IP rules directly For generic rules the ZyAIR treats a packet as a byte stream as opposed to an IP packet You specify the portion of the packet to check with the Offset from 0 and the Length fields both in bytes The ZyAIR applies the Mask bit wise ANDing to the data portion before comparing the result against the Value to determine a match The Mask and Value fields are specified in hexadecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4 the value in either field will take 8 digits for example F
9. 0 0 1 Press ENTER to Confirm or ESC to Cancel Figure 6 10 Menu 15 2 NAT Server Setup Default Menu 15 2 NAT Server Setup End Port No 0 PRO0O0o0o0o0o0ooo Y ooooooooooo 027 ooooooooooo D oOooOoOoO OO OO OC Step 3 Enter a port number in an unused Start Port No field To forward only one port enter it again in the End Port No field To specify a range of ports enter the last port to be forwarded in the End Port No field Step 4 Enter the inside IP address of the server in the IP Address field In the following figure you have a computer acting as an FTP Telnet and SMTP server ports 21 23 and 25 at 192 168 1 33 Step 5 Press ENTER at the Press ENTER to confirm prompt to save your configuration after you define all the servers or press ESC at any time to cancel 6 14 NAT ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch The NAT network appears as a single host on the Internet 192 168 1 2 FTP TELNET SMTP server IP Address o 192 168 1 33 E 9 y Computer 2 5 Sp Address A C Y O 192 108 134 62 35 Computer S S90 ipAddrss GD a 192 168 1435 Computer IP Address IP ADDRESS ASSIGNED 192 168 1 36 BY ISP Figure 6 11 Multiple Servers Behind NAT Example NAT 6 15 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 6 5 General NAT Examples 6 5 1 Example 1 Internet Access Only In the following Internet access example you
10. ESS eR erre See Extended Service Set D EE 3 14 Ethernet tele el EES 3 10 Ethernet Encapsulation sss 6 12 Ethernet Traffic isn eee 7 16 Extended Service Set B External H b eI Eee 2 3 F EC x nose tote E Tee ce bees lii FHSS See Frequency Hopping Spread Spectrum Filename Conventions esee 10 1 Filter eere eet 2 17 Applying Filters eee 7 15 Ethernet traffic sse 7 16 Ethernet Traffic ooooonccccnnnncccnnoncccnonancnrnnnos 7 16 Filter Rules ie ccc eet 7 5 Filter Structure 7 3 Generic Filter Rule 7 11 Remote Node ete 5 6 Remote Node Filter 5 6 Remote Node Filters ssssss 7 16 Sample ai eese oeste eme 7 14 IB E 7 12 TCP IP Filter Rule ette 7 6 Filtet HOG uunc toot 9 6 Filter Rule ttt tte tts 7 7 Filter Rule Process 7 2 Filter Rule Setup 7 6 Filter Rules Summary Sample ee dide no Rees 7 15 Filter Set Class renovat 7 6 Filter Set Confteuratpon 7 3 Fill tt etes 7 1 7 6 Fragment Thresbhold seese 3 16 Fragmentation Thresbold 3 15 Frequency Hopping Spread Spectrum A RN LEE 13 3 Restrictions iie 13 3 FTP File Transfer sssseeeese 10 10 FTP Restrictions csccesceeseeseeeseeeeeeeeeeseees 10 4 LN E 6 19 G EE 5 9 General Setup sedentes 2 12 H Hidden Menus esee 2 10 Hidden Node problem ssse 3 14 Hop Count erret reet etre es 5 6 5 9
11. Managed Device Managed Device Managed Device Figure 8 1 SNMP Management Model SNMP Configuration 8 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch An SNMP managed network consists of two main components agents and a manager An agent is a management software module that resides in a managed device the ZyAIR An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations e Get Allows the manager to retrieve an object variable from the agent e GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPvI when a manager wants to retrieve all elements of a table from an agent it initiat
12. SYS Green On The ZyAIR is functioning properly Blinking The ZyAIR is rebooting Off The ZyAIR is not ready or has malfunctioned PWR Green On The ZyAIR is receiving power Off The ZyAIR is not receiving power 2 2 Hardware Installation and Initial Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 2 2 Side Panel and Connections of the ZyAIR The following figure shows the side panel of your ZyAIR e Ee q Figure 2 2 ZyAIR Side Panel and Connections 2 2 1 WAN Port Connecting the ZyAIR to a Cable Modem 1 Connect the WAN port on the ZyAIR to the Ethernet port on your cable modem using the Ethernet cable that came with your cable modem The Ethernet port on a cable modem is sometimes labeled PC or Workstation 2 Connect the coaxial cable from your cable service to the threaded coaxial cable connector on the back of the cable modem Connecting the ZyAIR to a DSL Modem Connect the WAN port on the ZyAIR to the Ethernet port on your DSL modem using the Ethernet cable that came with your DSL modem 2 2 2 Four LAN 10 100M Ports Ethernet 10Base T 100Base T networks use Shielded Twisted Pair STP cable with RJ 45 connectors that look like a bigger telephone plug with 8 pins All LAN ports are auto sensing so you may use the crossover cable provided or a straight through Ethernet cable to connect your ZyAIR to a computer external hub If you want to connect more than four computers to your ZyAIR you must use
13. port with a crossover Ethernet cable Windows 95 98 Me NT 2000 XP Macintosh OS 7 and later operating systems and all versions of UNIX LINUX include the software components you need to install and use TCP IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network Setting up Your Windows 95 98 Me Computer Installing TCP IP Components 1 Click Start Settings Control Panel and double click the Network icon The Network window Configuration tab displays a list of installed components You need a network adapter the TCP IP protocol and Client for Microsoft Networks If you need the adapter a Inthe Network window click Add b Select Adapter and then click Add c Select the manufacturer and model of your network adapter and then click OK If you need TCP IP a In the Network window click Add b Select Protocol and then click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks a Click Add TCP IP O ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch b c d e Select Client and then click Add Select M
14. 14 1 Edit Dial in User User Name test Active Yes Password kckckckckck kk Press ENTER to Confirm or ESC to Cancel Figure 4 8 Menu 14 1 Edit Dial in User The following table describes the fields in this screen Table 4 4 Menu 14 1 Edit Dial in User Field Description FIELD DESCRIPTION User Name Enter a username up to 31 alphanumeric characters long for this user profile Active Press SPACE BAR to select Yes and press ENTER to enable the user profile Password Enter a password up to 31 characters long for this user profile When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 4 5 MAC Address Filtering Your ZyAIR checks the MAC address of the wireless client device against a list of allowed or denied MAC addresses However intruders could fake allowed MAC addresses so MAC based authentication 1s less secure than EAP authentication 4 8 Wireless LAN Security Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Follow the steps below to create the MAC address table on your ZyAIR Step 1 From the main menu enter 3 to open Menu 3 LAN Setup Step 2 Enter 5 to display Menu 3 5 Wireless LAN Setup Menu 3 5 Wireless LAN Setup ESSID 432545 Hide ESSID No Channel ID CH11 2462MHz RTS Threshold 2432 Frag Threshold 2432 WEP Disabl
15. 2 Hardware Installation and Initial Setup This chapter describes the physical features of the ZyAIR and how to make cable connections 2 1 Front Panel LEDs of the ZyAIR The LEDs on the front panel indicate the operational status of your ZyAIR ie 9 LINK LED Figure 2 1 ZyAIR Front Panel Hardware Installation and Initial Setup 2 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 2 1 Front Panel LED Description LED COLOR STATUS DESCRIPTION LINK Green On The wireless card on the ZyAIR is working Off The wireless card on the ZyAIR is not working ZyAIR Blue On The ZyAIR is ready but is not sending receiving data through the WLAN dim wireless LAN a Breathing The ZyAIR is sending receiving data through the wireless LAN LAN 1 4 Green On The ZyAIR has a successful 10Mb Ethernet connection Blinking The ZyAIR is sending receiving data Off The ZyAIR does not have 10Mb Ethernet connection Orange On The ZyAIR has a successful 100Mb Ethernet connection Blinking The ZyAIR is sending receiving data Off The ZyAIR does not have 100Mb Ethernet connection WAN Green On The ZyAIR has successful 10Mb WAN connection Blinking The ZyAIR is sending receiving data Off The ZyAIR does not have 10Mb WAN connection Orange On The ZyAIR has successful 100Mb WAN connection Blinking The ZyAIR is sending receiving data Off The ZyAIR does not have 100Mb WAN connection
16. 255 255 128 Subnet Mask Binary 11111111 11111111 11111111 10000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 The remaining 7 bits determine the number of hosts each subnet can have Host IDs of all zeros represent the subnet itself and host IDs of all ones are the broadcast address for that subnet so the actual number of hosts available on each subnet in the example above is 2 2 or 126 hosts for each subnet 192 168 1 0 with mask 255 255 255 128 is the subnet itself and 192 168 1 127 with mask 255 255 255 128 is the directed broadcast address for the first subnet Therefore the lowest IP address that can be assigned to an actual host for the first subnet is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for the second subnet is 192 168 1 129 to 192 168 1 254 X IP Subnetting ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Example Four Subnets The above example illustrated using a 25 bit subnet mask to divide a class C address space into two subnets Similarly to divide a class C address into four subnets you need to borrow two host ID bits to give four possible combinations of 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 25 2 or 62 hosts for each subnet all 0 s is the subnet its
17. 3 System Maintenance Log and Trace 9 5 Figure 9 7 Sample Error and Information Messages essere ener nennen 9 5 Figure 9 8 Menu 24 3 2 System Maintenance Syslog eese 9 6 Figure 9 9 Menu 24 4 System Maintenance Diagnostic essseseseeseeeeeeen rennen nee 9 7 Fig re 10 1 Telnetan Mem Zeene e Deer teet een he eee re e Peeters 10 3 Fig re 10 2 ETP Session Example meri reete te i p terii heh es 10 4 Figure 10 3 System Maintenance Backup Configuration oooonooncccocconconcnonononononannncnnonnnononnnonnon conca ncnnci nens 10 6 Figure 10 4 System Maintenance Starting Xmodem Download Screen ees 10 6 Figure 10 5 Backup Configuration Example eese eene neret enne nete 10 7 Figure 10 6 Successful Backup Confirmation Screen essere nee 10 7 Fig te 10 7 Telnet into Menu lA bici eo eere Dain hia ene aerei des 10 8 Figure 10 8 Restore Using FTP Session Example sess 10 9 Figure 10 9 System Maintenance Restore Configuration essent 10 9 Figure 10 10 System Maintenance Starting Xmodem Download Screen ees 10 9 Figure 10 11 Restore Configuration Example nennen nenne 10 10 Figure 10 12 Successful Restoration Confirmation Screen eese 10 10 Figure 10 13 Telnet Into Menu 24 7 1 Upload System Firmware sess 10 11 Figure 10 14 Telnet Into Menu 24 7 2 System Maintenance sees 10 11 Figure 10
18. 4 9 6 UNIX syslog parameters oooocooccooonoccconccononnnonnos 9 6 Upload Firmware esee 10 10 User Profes air 4 7 V Valid CI Commande 11 1 W WEB dao ral ee 3 15 WEP Encryption essen 4 2 What is PPTP E K Wired Equivalent Privacy See WEP See WEP Wireless LAN ae eere res A 3 13 Benefits cuit eins ato a A Wireless LAN Sep 3 15 WEAN EENS See Wireless LAN X XMODEM protocol sseseese 10 2 Z LIN OS E 10 1 10 2 ZyNOS F W Version 10 1 ZyXEL Limited Warranty elen GE iv Error Not a valid document self reference on page 18 Index
19. 4 3 4 Enable EAP Authentication on Your ZyAIR essere enn 4 5 Table of Contents vii ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 4 3 5 Configuring External RADIUS Server cccecccccecsseeseessceeeceeecesecesecaecaeecaeeeseeneeeeeeeereeren 4 6 4 4 Creating User Accounts on the ZyAIR sse nennen nennen nennen enne 4 7 4 35 MAC Address Filtering ee ree tete ic dep eeepc desees iere eg 4 8 Chapter 5 Remote Node Configuration Leere esee esee eese ette eren nete setas etos ast ta se toss setas stone nooo nononenonos 5 1 SCH Remote Node Profile e ten e ie itae 5 1 5 1 1 Encapsulation Scenarios cccccsccsssesssesscesseeeecesecesecesecaeceecaeceaecsaecaeecaeecaeeeseeneeeareeeseearens 5 1 5 1 2 Outgoing Authentication Protocol ooooonncnnnnniconooononoconnconccnnconncnn nono nonnnonnrnnn ono n ronca nn rnnrn nens 5 4 5 1 3 Remote Node Setup aee a earn etr 5 4 5 2 Remote Node Ellterz ee eet eee re ee itd 5 6 5 2 1 IP Static Route Setup 54s o esee ida cd a 5 7 Chapter 6 Network Address Translation NAT e eeeeee esee sette ee eene nete setenta stone setas etn ne tenu 6 1 6 l Introduction ceci gener PO RD d o E eee t ore e eater 6 1 6 1 1 NAT Definitions Ad 6 1 6 1 2 What NAT DoS ia onte d e d er ORE 6 2 6 1 3 How NAT Works sits stented tte edet ore n e b eol 6 2 6 1 4 NAT Application geed te eee tede e letra 6 3 6 1 5 NA
20. 7 2 System Maintenance Upload System Configuration File To upload system configuration file 1 Enter y at the prompt below to go into debug mode 2 Enter atlc after Enter Debug Mode message 3 Wait for Starting XMODEM upload message before activating Xmodem upload on your terminal 4 After successful firmware upload enter atgo to restart the system Warning 1 Proceeding with the upload will erase the current configuration file 2 The system s console port speed Menu 24 2 2 may change when it is restarted please adjust your terminal s speed accordingly The password may change menu 23 also 3 When uploading the DEFAULT configuration file the console port speed will be reset to 9600 bps and the password to WE MR Do You Wish To Proceed Y N Figure 10 18 Menu 24 7 2 as seen using the Console Port Step 2 After the Starting Xmodem upload message appears activate the Xmodem protocol on your computer Follow the procedure as shown previously for the HyperTerminal program The procedure for other serial communications programs should be similar Step 3 Enter atgo to restart the ZyAIR 10 4 11Example Xmodem Configuration Upload Using HyperTerminal Click Transfer then Send File to display the following screen Firmware and Configuration File Maintenance 10 15 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Send File x C Product config rom Figure 10 19 Exam
21. Address Type the IP address of the PPTP server in dotted decimal notation Connection ID Name Enter the connection ID or connection name in this field It must follow the c id and n name format For example C 12 or N My ISP This field is optional and depends on the requirements of your xDSL modem Route This field determines the protocol used in routing Options are IP and None IP default Edit IP Press SPACE BAR to select Yes and press ENTER to display Menu 11 3 Remote Node Network Layer Options No Telco Option Telco Option is available only for PPTP or PPPoE encapsulation Allocated Budget min This sets a ceiling for outgoing call time for this remote node The default for this field is O meaning no budget control 0 default Remote Node Configuration 5 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 5 1 Remote Node Profile Menu Fields FIELD DESCRIPTION EXAMPLE Period hr This field is the time period that the budget should be reset For 0 example if we are allowed to call this remote node for a maximum default of 10 minutes every hour then the Allocated Budget is 10 minutes and the Period hr is 1 hour Schedule This field is only applicable for PPPoE and PPPTP encapsulation You can apply up to four schedule sets here For more details please refer to the Call Schedule Setup chapter Nailed up
22. Chart 2 Allowed IP Address Range By Class CLASS ALLOWED RANGE OF FIRST OCTET ALLOWED RANGE OF FIRST OCTET BINARY DECIMAL Class A 00000000 to 01111111 0 to 127 Class B 10000000 to 10111111 128 to 191 Class C 11000000 to 11011111 192 to 223 Class D 11100000 to 11101111 224 to 239 Subnet Masks A subnet mask is used to determine which bits are part of the network number and which bits are part of the host ID using a logical AND operation A subnet mask has 32 bits each bit of the mask corresponds to a bit of the IP address If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Chart 3 Natural Masks CLASS NATURAL MASK A 255 0 0 0 B 255 255 0 0 C 255 255 255 0 Subnetting With subnetting the class arrangement of an IP address is ignored For example a class C address no longer has to have 24 bits of network number and 8 bits of host ID With subnetting some of the host ID bits are converted into network number bits By convention subnet masks always consist of a continuous sequence of ones beginning from the left most bit of the mask followed by a continu
23. Ck Note that as you type a password the screen displays an asterisk for each character you type 2 9 General Setup Menu 1 General Setup contains administrative and system related information shown next The System Name field is for identification purposes However because some ISPs check this name you should enter your computer s Computer Name e In Windows 95 98 click Start Settings Control Panel Network Click the Identification tab note the entry for the Computer name field and enter it as the ZyAIR System Name 2 12 Hardware Installation and Initial Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch In Windows 2000 click Start Settings Control Panel and then double click System Click the Network Identification tab and then the Properties button Note the entry for the Computer name field and enter it as the ZyAIR System Name In Windows XP click start My Computer View system information and then click the Computer Name tab Note the entry in the Full computer name field and enter it as the ZyAIR System Name The Domain Name entry is what is propagated to the DHCP clients on the LAN If you leave this blank the domain name obtained by DHCP from the ISP is used While you must enter the host name System Name on each individual computer the domain name can be assigned from the ZyAIR via DHCP 2 9 1 Dynamic DNS Dynamic DNS Domain Name System allows you to update your current dynamic IP address wi
24. How PPPoE Works cooocccocococococononcnaconnononnninnonnons J HTTP iie tre tes 6 13 HyperTerminal program 10 6 10 9 I ANA do 3 2 3 3 IBSS See Independent Basic Service Set IEEE 02 11 neas aine eene A Deployment Issues ooooonccnicnnoonocnconnconnconoonnoo E Security Flaws eesseeseeseeseesessessrsrssrerersreresse E IEEE 802 D EE 1 1 IEEE SO E E E EA ET 1 2 Advantages e aeee a es a E IGMP Oe EE 5 6 Independent Basic Service Set B Infrastructure Confeuraton esee B PEI A 2 7 Internet ACCESS acia ii 3 1 Internet Access 1 2 1 4 2 11 3 1 3 11 3 12 FF Index ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Internet Access Setup 6 6 Example escocia 6 16 Internet Assigned Numbers Authority See IANA How NAT Works eee 6 2 IP Address 3 7 5 9 7 8 9 4 9 7 Mapping Tvpes ocooonocccoccnonocononnnonnnnanonnnonnnnos 6 4 IP Address Asstgmnment ooooccocccocononcconccnnonnnonos 3 11 Non NAT Friendly Application Programs 6 21 IP Alias Setup oi inoitia ipinasa 3 8 Ordering Rules sss 6 12 IP Falte thos in eines 7 10 What NAT does 6 2 Logic low 7 9 Network Address Translation 3 13 TP MASK o eee e ihres 7 8 Network Address Translation NAT 6 1 IP MulticaS E o ooooonnoninoniccnonononnonnconoconoco nono nccnnnnnnos 1 3 Network Management sss 1 3 IP network number 3 2 Network Topology
25. IP ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Setting up Your Windows NT 2000 Computer Configuring TCP IP 1 Click Start Settings Network and Dial up Connections and right click Local Area Connection or the connection you want to configure and click Properties 2 Select Internet Protocol TCP IP you may need to scroll down and click Properties 3 The Internet Protocol TCP IP Properties window opens f your IP address is dynamic click Obtain an IP address automatically f you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields 4 In the Internet Protocol TCP IP Properties window Click Obtain DNS server automatically if you do not know your DNS server IP address es If you know your DNS server IP address es type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them 5 Click Advanced If you do not know your gateway s IP address remove any previously installed gateways in the IP Settings tab and click OK 6 Click OK to save and close the Internet Protocol TCP IP Properties window 7 Click OK to close the Local Area Connection Properties window 8 Turn on your Prestige and restart your computer if prompted Verifying TCP IP Properties Click Start Programs Accessories and then Command Prompt In the Command Pro
26. In Both Only Out Only or None default Version Press SPACE BAR to select the RIP version Choices are RIP 1 RIP 1 RIP 2B or RIP 2M default Multicast IGMP Internet Group Multicast Protocol is a session layer protocol None used to establish membership in a Multicast group The ZyAIR supports default both IGMP version 1 IGMP v1 and version 2 IGMP v2 Press the SPACE BAR to enable IP Multicasting or select None to disable it Edit IP Alias The ZyAIR supports three logical LAN interfaces via its single physical No Ethernet interface with the ZyAIR itself as the gateway for each LAN default network Press SPACE BAR to select Yes and press ENTER to go to menu 3 2 1 When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel 3 6 IP Alias IP Alias allows you to partition a physical network into different logical networks over the same Ethernet interface The ZyAIR supports three logical LAN interfaces via its single physical Ethernet interface with the ZyAIR itself as the gateway for each LAN network Internet Access 3 7 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Ethernet LAN 1 IP Address Menu 3 2 Interface LAN 2 IP Alias 1 Menu 3 2 1 LAN 3 IP alias 2 Menu 3 2 1 BED Figure 3 3 Physical Network Figure 3 4 Partitioned Logical Networks Use menu 3 2 1 to con
27. LAN promiscuous mode 1 46 Sat Jan 00 00 00 2000 PINI FO Last errorlog repeat 1 Times 47 Sat Jan 00 00 00 2000 PINI FO main init completed 48 Sat Jan 00 00 02 2000 PPO5 WARN SNMP TRAP 3 link up 49 Sat Jan 00 00 02 2000 PP16 WARN Last errorlog repeat 2 Times 50 Sat Jan 00 00 02 2000 PP16 FO adjtime task pause 1 day 51 Sat Jan 00 00 30 2000 PSSV WARN SNMP TRAP 0 cold start 52 Sat Jan 00 32 34 2000 PP10 FO SMT Password pass 53 Sat Jan 00 32 34 2000 PINI FO SMT Session Begin 54 Sat Jan 00 32 55 2000 PINI FO SMT Session End Clear Error Log y n Figure 9 7 Sample Error and Information Messages 9 3 2 UNIX Syslog The ZyAIR uses the UNIX syslog facility to log the CDR Call Detail Record and system messages to a syslog server Syslog can be configured in Menu 24 3 2 System Maintenance UNIX Syslog as shown next System Information and Diagnosis 9 5 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 24 3 2 System Maintenance UNIX Syslog Syslog Active No Syslog IP Address Log Facility Local 1 Types CDR No Packet triggered No Filter log No PPP log No Press ENTER to Confirm or ESC to Cancel Figure 9 8 Menu 24 3 2 System Maintenance Syslog You need to configure the UNIX syslog parameters described in the following table to activate syslog and then choose what you want to log Table 9 3 System Maintenance Menu Syslog Parameters PARAMET
28. Port 1812 Key Accounting Server Active No Server Address Port 1813 Key Figure 4 6 Menu 23 2 System Security External Server The following table describes the fields in this screen Table 4 3 Menu 23 2 System Security External Server Field Description FIELD DESCRIPTION EXAMPLE Authentication Server Active Press SPACE BAR to select Yes and press ENTER to enable No user authentication through an external authentication server Select No to enable user authentication using the local user profile on the ZyAIR 4 6 Wireless LAN Security Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 4 3 Menu 23 2 System Security External Server Field Description FIELD DESCRIPTION EXAMPLE Server Address Enter the IP address of the external authentication server in 10 11 12 13 dotted decimal notation Port The default port of the RADIUS server for authentication is 1812 1812 You need not change this value unless your network administrator instructs you to do so with additional information Key Specify a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the access points The key is not sent over the network This key must be the same on the external authentication server and ZyAIR Accounting Server Active Press SPACE BAR to select Yes and press ENTER to enable No use
29. Table 3 5 Internet Access Setup Menu Fields nennen 3 12 Table 3 6 Wireless LAN Setup Field Description eene 3 16 Table 3 7 Roaming Configuration Field Descriptions esses 3 19 Table 4 1 Wireless LAN Setup Field Descerpton eene 4 2 Table 4 2 IEEE802 1X System Security Field Descriptions essen 4 5 Table 4 3 Menu 23 2 System Security External Server Field Description eee 4 6 Table 4 4 Menu 14 1 Edit Dial in User Field Descpton esses 4 8 Table 4 5 MAC Address Filter Field Description ccccecccsssesseeseeeseeeeceeeceseceseceseeeenseenseeeaeenaecnecseeeneeenes 4 10 Table 5 1 Remote Node Profile Menu Fields 5 2 Table 5 2 Remote Node Network Layer Oppons sss eene enne 5 5 Table 5 3 Edit IP Static Route Menu Fields 5 9 Table 6 1 NAT Definitions ciet ete E EA e RA TREE ERE ORE Re n qe 6 1 Table 6 2 NAT Mapping Types icon n ene eae e UHR OR e ee nena 6 5 Table 6 3 Applying NAT in Menus 4 amp II 6 7 Table 6 4 SUA Address Mapping Rules sss enne enne eren nnne 6 9 Table 6 5 Fields in Menu T5 EE 6 10 Table 6 6 Menu 15 1 1 1 Editing Configuring an Individual Rule in a Set 6 11 Table 6 7 Services amp Port Number 6 13 Table 7 1 Abbreviations Used in the Filter Rules Summary Mem 7 5 T ble 7 2 Rule Abbreviations Used ico cti 7 5 Table 7 3 TCP IP Filter Rule Menu Fields vico ie oe eet eee et eee eee cse aon 7 7 Table 7 4 Generic Filter Rule Menu Fields 7 1 Tabler7 5 Filtet S
30. This field is only applicable for PPPoE and PPTP encapsulation Connection This field specifies if you want to make the connection to this remote node a nailed up connection More details are given earlier in this section Session Options Use SPACE BAR to choose Yes and press ENTER to open No menu 11 5 to edit the filter sets See the Remote Node Filter default Edit Filter Sets section for more details Idle Timeout sec Type the number of seconds 0 9999 that can elapse when the 100 ZyAIR is idle there is no traffic going to the remote node before default the ZyAIR automatically disconnects the remote node 0 means that the session will not timeout This field is available only for PPTP or PPPoE encapsulations When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 5 1 2 Outgoing Authentication Protocol For obvious reasons you should employ the strongest authentication protocol possible However some vendors implementation includes specific authentication protocol in the user profile It will disconnect if the negotiated protocol is different from that in the user profile even when the negotiated protocol is stronger than specified If the peer disconnects right after a successful authentication make sure that you specify the correct authentication protocol
31. Yes IP Protocol Destination Source TCP Estab No More No Action Matche Action Not Ma Press ENTER t 6 P Source Route No IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 137 Port Comp Equal IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port Port Comp None Log None d Drop tched Check Next Rule o Confirm or ESC to Cancel Figure 7 7 Menu 21 1 1 TCP IP Filter Rule The following table describes how to configure your TCP IP filter rule Table 7 3 TCP IP Filter Rule Menu Fields is 17 and ICMP is 1 The value must be between 0 and 255 A value of 0 matches ANY protocol FIELD DESCRIPTION EXAMPLE Filter This is the filter set filter rule coordinates for instance 2 3 1 1 refers to the second filter set and the third filter rule of that set Filter Type Press SPACE BAR and the ENTER to select filter type TCP IP Filter Choices are TCP IP Filter Rule or Generic Filter Rule Rule default Active Select Yes to activate or No to deactivate the filter rule No default IP Protocol This is the upper layer protocol for example TCP is 6 UDP 0 to 255 Filter Configuration 7 7 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 7 3 TCP IP Filter Rule Menu Fields FIELD DESCRIPTION EXAMPLE IP Source Route IP Source Route is an optional header that dictates the route No an IP packet takes from its sour
32. actual remote DHCP server in the Remote DHCP Server in this case Server default When DHCP is used the following items need to be set Client IP Pool This field specifies the first of the contiguous addresses in the IP 192 168 1 33 Starting Address address pool Size of Client IP Pool This field specifies the size or count of the IP address pool 32 Primary DNS Server Enter the IP addresses of the DNS servers The DNSG servers are passed to the DHCP clients along with the IP address and the subnet Secondary DNS mask Server 3 6 Internet Access ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 3 1 DHCP Ethernet Setup Menu Fields FIELD DESCRIPTION EXAMPLE Remote DHCP If Relay is selected in the DHCP field above then enter the IP Server address of the actual remote DHCP server here Follow the instructions in the following table to configure TCP IP parameters for the Ethernet port Table 3 2 TCP IP Ethernet Setup Menu Fields FIELD DESCRIPTION EXAMPLE TCP IP Setup IP Address Enter the LAN IP address of your ZyAIR in dotted decimal notation 192 168 1 1 IP Subnet Mask Your ZyAIR will automatically calculate the subnet mask based on the 255 255 255 0 IP address that you assign Unless you are implementing subnetting use the subnet mask computed by the ZyAIR RIP Direction Press SPACE BAR to select the RIP direction Choices are Both
33. an external hub Connect a LAN port on the ZyAIR to a port on the hub using a crossover Ethernet cable Hardware Installation and Initial Setup 2 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch When the ZyAIR is on and properly connected to a computer or a hub the corresponding LAN LED on the front panel turns on 2 2 3 Console Port Use terminal emulator software on a computer for configuring your ZyAIR via the console port Connect the 7 pin end of the supplied console cable to the console port of the ZyAIR and the 9 pin female end to a serial port COMI COM2 or other COM port of your computer See the section on Additional Installation Requirements to configure the terminal emulator software to log in to the ZyAIR through the console port 2 2 4 Restore Factory Defaults Reset Button Reset to the factory defaults by holding the RESET button in for about 5 seconds to restart the ZyAIR Refer to section 2 6 for information on the factory default values on your ZyAIR All custom settings will be lost once you reset to the default settings 2 2 5 Power Port Connect the power adapter to the port labeled POWER on the side panel of your ZyAIR which then automatically turns on The ZyAIR will reboot if the supplied power is too low This is a normal operation To avoid damage to the ZyAIR make sure you use the correct power adapter Refer to the Power Adapter Specification Appendix for this informatio
34. and go back to the previous screen 4 2 Wireless LAN Security Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 4 3 Network Authentication Before a wireless client can communicate on your network through your ZyAIR it must be authenticated by the ZyAIR or your network 4 3 1 EAP EAP is an authentication protocol designed originally to run over PPP Point to Point Protocol frame in order to support multiple types of user authentication By using EAP to interact with an EAP compatible RADIUS server the access point helps a wireless client and a RADIUS server to perform mutual authentication 4 3 2 RADIUS RADIUS is based on a client sever model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADIUS server handles the following tasks e Authentication Determines the identity of the users e Authorization Determines the network services available to authenticated users once they are connected to the network e Accounting Keeps track of the client s network activity RADIUS is a simple package exchange in which your ZyAIR acts as a message relay between the wireless client and the network RADIUS server Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication e Access Request Sent by an access point requesting authenticat
35. any empty rules before your new configured rule your configured rule will be pushed up by that number of empty rules For example if you have already configured rules 1 to 6 in your current set and now you configure rule number 9 In the set summary screen the new rule will be rule 7 not 9 Now if you delete rule 4 rules 5 to 7 will be pushed up by rule so as old rule 5 becomes rule 4 old rule 6 becomes rule 5 and old rule 7 becomes rule 6 6 4 NAT Server Sets Port Forwarding A NAT server set is a list of inside behind NAT on the LAN servers for example web or FTP that you can make visible to the outside world even though NAT makes your whole inside network appear as a single machine to the outside world Use Menu 15 NAT Setup to forward incoming service requests to the server s on your local network You may enter a single port number or a range of port numbers to be forwarded and the local IP address of the desired server The port number identifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers In addition to the servers for specified services NAT supports a default server A service request that does not have a server explicitly designated for it is forwarded to the default server If the default is not defined
36. can also perform backup and restore using menu 24 through the console port Any serial communications program should work fine however you must use Xmodem protocol to perform the download upload and you don t have to rename the files Please note that terms download and upload are relative to the computer Download means to transfer from the ZyAIR to the computer while upload means from your computer to the ZyAIR 10 2 Firmware and Configuration File Maintenance ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 10 2 1 Backup Configuration Follow the instructions as shown in the next screen Menu 24 5 System Maintenance Backup Configuration To transfer the configuration file to your workstation follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router Then type root and SMT password as requested 3 Locate the rom 0 file 4 Type get rom 0 to back up the current router configuration to your workstation For details on FTP commands please consult the documentation of your FTP client program For details on backup using TFTP note that you must remain in this menu to back up using TFTP please see your router manual Press ENTER to Exit Figure 10 1 Telnet in Menu 24 5 10 2 2 Using the FTP Command from the Command Line Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Launch the FTP client on y
37. cancel NAT 6 9 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch User Defined Address Mapping Sets Now let s look at option 1 in menu 15 1 Enter 1 to bring up this menu We ll just look at the differences from the previous menu Note the extra Action and Select Rule fields mean you can configure rules in this screen Note also that the in the Set Name field means that this is a required field and you must enter a name for the set Menu 15 1 1 Address Mapping Rules Set Name Idx 2 Sis 4 5 6 7 8 95 0 m Local Start IP Local End IP Global Start IP Global End IP Action Edit Select Rule Press ENTER to Confirm or ESC to Cancel Figure 6 8 Menu 15 1 1 First Set The table below describes the fields for configuration in this screen Table 6 5 Fields in Menu 15 1 1 FIELD DESRIPTION EXAMPL E Set Name Enter a name for this set of rules This is a required field If this field is left NAT SET blank the entire set will be deleted Action The default is Edit Edit means you want to edit a selected rule see following Edit field Insert Before means to insert a rule before the rule selected The rules after the selected rule will then be moved down by one rule Delete means to delete the selected rule and then all the rules after the selected one will be advanced one rule None disables the Select Rule item Select When you choose Edit Insert B
38. configuration or press ESC to cancel 11 2 1 Resetting the Time The ZyAIR resets the time in three instances i On leaving menu 24 10 after making changes ii When the ZyAIR starts up if there is a time server configured in menu 24 10 iii 24 hour intervals after starting System Maintenance and Information 11 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 12 Call Scheduling Call scheduling applicable for PPPoE or PPTP encapsulation only allows you to dictate when a remote node should be called and for how long 12 1 Introduction The call scheduling feature allows the ZyAIR to manage a remote node and dictate when a remote node should be called and for how long This feature is similar to the scheduler in a video cassette recorder you can specify a time period for the VCR to record You can apply up to 4 schedule sets in Menu 11 1 Remote Node Profile From the main menu enter 26 to access Menu 26 Schedule Setup as shown next Menu 26 Schedule Setup Schedule Schedule Set Name Set Name d AM ALT citu un Wt AA DT Xn ricus Dur A na A 3 s 9 HEP TES A gee as ee ee AA NO ana sews 8 De 5 AA I 11 c 6 12 Enter Schedule Set Number to Configure 0 Edit Name N A Press ENTER to Confirm or ESC to Cancel Figure 12 1 Menu 26 Schedule Setup Lower numbered sets take precedence over higher numbered sets thereby avoiding scheduling conflicts For example if s
39. device complies with Part 15 of FCC rules Operation is subject to the following two conditions e This device may not cause harmful interference e This device must accept any interference received including interference that may cause undesired operations This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications If this equipment does cause harmful interference to radio television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and the receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for help Notice 1 Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment Certifications Refer to the product page at www zyxel com F
40. directional antennas are ideal for hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to point application position both transmitting and receiving antenna at the same height and in a direct line of sight to each other to attend the best performance For omni directional antennas mounted on a table desk and so on point the antenna up For omni directional antennas mounted on a wall or ceiling point the antenna down For a single AP application place omni directional antennas as close to the center of the coverage area as possible For directional antennas point the antenna in the direction of the desired coverage area H Antenna Selection and Positioning Recommendation ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Appendix D PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet PPP over Ethernet RFC 2516 from your PC to an ATM PVC Permanent Virtual Circuit which connects to an xDSL Access Concentrator where the PPP session terminates see the next figure One PVC can support any number of PPP sessions from your LAN PPPoE provides access control and billing functionality in a manner similar to dial up services using PPP Benefits of PPPoE PPPoE offers the following benefits 1 It provides you with a familiar dial up networking DUN user interface 2 It lesse
41. n i i i i H 1 1 1 j H i i The interface to e LAN is Ethernet _ o Mao aj z WA The interfac ito the salis d j a remote noi is the ADSL port A Figure 3 1 LAN amp WAN IPs er re 3 3 TCP IP Parameters 3 3 1 IP Address and Subnet Mask Like houses on a street that share a common street name the computers on a LAN share one common network number Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 ignoring the trailing zero and you must enable the Single User Account feature of the ZyAIR The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the network number which covers 254 individual addresses from 192 168 1 1 to 192 168 1 154 zero and 255 are reserved In other words the first three numbers specify the network number while the last
42. number RMA Products must be returned Postage Prepaid It is recommended that the unit be insured when shipped Any returned products without proof of purchase or those with an out dated warranty will be repaired or replaced at the discretion of ZyXEL and the customer will be billed for parts and labor All repaired or replaced products will be shipped by ZyXEL to the corresponding return address Postage Paid This warranty gives you specific legal rights and you may also have other rights that vary from country to country Safety Warnings 1 To reduce the risk of fire use only No 26 AWG or larger telephone wire 2 Do not use this product near water for example in a wet basement or near a swimming pool 3 Avoid using this product during an electrical storm There may be a remote risk of electric shock from lightening iv ZyXEL Warranty ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Customer Support Please have the following information ready when you contact customer support Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it METHOD E MAIL TELEPHONE FAX WEB SITE FTP SITE SUPPORT SALES LOCATION REGULAR MAIL WORLDWIDE support zyxel com tw 886 3 578 3942 www zyxel com www europe zyxel com sales zyxel com tw 886 3 578 2439 ftp europe zyxel com NORTH support zyxel com 1 714 632 0882 www
43. number identifies an individual computer on that network The subnet mask specifies the network number portion of an IP address Your ZyAIR will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the ZyAIR unless you are instructed to do otherwise 3 2 Internet Access ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 3 3 2 Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet for example only between your two branch offices you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks 10 0 0 0 0 255 255 2955 172 16 0 0 10724391 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assign
44. personal computer interacts with a broadband modem for example xDSL cable wireless etc to achieve access to high speed data networks It preserves the existing Microsoft Dial Up Networking experience and requires no new learning or procedures For the service provider PPPoE offers an access and authentication method that works with existing access control systems for example Radius For the user PPPoE provides a login and authentication method that the existing Microsoft Dial Up Networking software can activate and therefore requires no new learning or procedures for Windows users One of the benefits of PPPoE is the ability to let end users access one of multiple network services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for specific users Operationally PPPoE saves significant effort for both the end user and ISP carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the ZyAIR rather than individual computers the computers on the LAN do not need PPPoE software installed since the Teledat Router 400 does that part of the task Furthermore with SUA all of the LAN s computers will have access For more information on PPPoE please refer to the PPPoE Appendix 3 7 3 PPTP Point to Point Tunneling Protocol PPTP is a network protocol that enables transfer of data from a remo
45. remote RADIUS authentication for wireless clients you need gt A wireless client computer running IEEE 802 1x compliant software Currently this is offered in Windows XP gt A network RADIUS server for remote user authentication and accounting A computer equipped with a web browser with JavaScript enabled and or Telnet A computer equipped with communications software for example Hyper Terminal in Windows configured to the following parameters gt VT100 terminal emulation gt 9600 baud rate gt Parity set to none 8 data bits 1 stop bit gt Flow control set to none A cable xDSL modem and an ISP account for Internet access Hardware Installation and Initial Setup 2 5 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 2 5 ZyAIR Configuration Configure your ZyAIR using gt Web configurator gt SMT System Management Terminal Access the SMT via o LAN or WAN using Telnet o Console port using terminal emulation software 2 5 4 Connect to Your ZyAIR Using the Web Configurator Step 1 Make sure your computer IP address and the ZyAIR IP address are on the same subnet Refer to the TCP IP appendix Step 2 Launch your web browser and enter 192 168 1 1 as the URL Step 3 In the Password field type 1234 Click Login Step 4 Either enter a new password and retype it to confirm and click Apply or click Ignore Click the Help button for online web configurator HTML help 2 5 2 Connect to y
46. same ESSID Enter a descriptive name up to 32 printable 7 bit ASCII characters Hide ESSID Press SPACE BAR and select Yes to hide the ESSID in the outgoing beacon No frame so a station cannot obtain the ESSID through passive scanning Press SPACE BAR to select a channel This allows you to set the operating CH01 frequency channel depending on your particular region 2412MHz Channel ID Possible choices are CH01 2412MHz CH02 2417MHz CH03 2422MHz CH04 2427MHz CH05 2432MHz CH06 2437MHz CH07 2442MHz CH08 2447MHz CH09 2452MHz CH10 2457MHz or CH11 2462MHz RTS Request To Send threshold number of bytes enables RTS CTS 2432 handshake Data with its frame size larger than this value will perform the RTS RTS CTS handshake Setting this attribute to be larger than the maximum Threshold MSDU MAC Service Data Unit size turns off the RTS CTS handshake Setting this attribute to zero turns on the RTS CTS handshake Enter a value between 0 and 2432 The threshold number of bytes for the fragmentation boundary for directed 2432 messages It is the maximum data fragment size that can be sent Enter a value between 256 and 2432 Fragment Threshold When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen For WEP key configuration refer to section on WEP Data Encryption 3 1
47. the password will be reset to 1234 and the LAN IP address to 192 168 1 1 To obtain the default configuration file download it from the ZyXEL FTP site unzip it and save it in a folder 2 6 1 Methods of Restoring Factory Defaults You can erase the current configuration and restore factory defaults in three ways 1 Transfer the configuration file to your ZyAIR using the SMT menus See later in this User s Guide for more information on this 2 Use the RESET button on the side panel of the ZyAIR to upload the default configuration file hold this button in for more than 3 seconds Use this method for cases when the password or IP address of the ZyAIR is not known 3 Use the web configurator to restore defaults see the web configurator HTML help All custom settings will be lost once you reset to the default settings 2 6 2 ZyAIR SMT Menu Overview The following figure gives you an overview of the various SMT menu screens of your ZyAIR 2 8 Hardware Installation and Initial Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch ZAIR B D00 Nain Menu Menu Menu2 Menu3 Menu4 Menu 11 Menu t2 General Setup WAN Setup LAN dup Intemet Access Setup Remate Node Profile Stdic Routing Setup Menu 1 4 Menu 124 4 Menu 32 Mru 113 ConfiguingDONS Meru 3 2 1 Edi IP Stdic Route TCPMP andDHCP IP Alos Setup Remote Node Network Menu 15 1 Adiress Mapping Sets Setup Layer Optors Menu 115 Menu3 5 1 Menu 2
48. this computer See Section 6 5 3 for an example Local IP Only local IP fields are N A for server Global IP fields MUST be set for Server Start This is the starting local IP address ILA 0 0 0 0 End This is the ending local IP address ILA If the rule is for all local IPs then N A put the Start IP as 0 0 0 0 and the End IP as 255 255 255 255 This field is N A for One to One and Server types NAT 6 11 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch FIELD DESCRIPTION EXAMPLE Global IP Start This is the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 0 0 0 0 as the Global IP Start Note that Global IP Start can be set to 0 0 0 0 only if the types are Many to One or Server End This is the ending global IP address IGA This field is N A for One to N A One Many to One and Server types Server Only available when Type is set to Server Type a number from 1 to 10 to Mapping choose a server set from menu 15 2 Set Once you have finished configuring a rule in this menu press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC to cancel Ordering Your Rules Ordering your rules is important because the ZyAIR applies the rules in the order that you specify When a rule matches the current packet the ZyAIR takes the corresponding action and the remaining rules are ignored If there are
49. to configure the LAN network for the ZyAIR Yes IP Address Enter the IP address of your ZyAIR in dotted decimal notation 192 168 1 1 IP Subnet Mask Your ZyAIR will automatically calculate the subnet mask based on the IP address that you assign Unless you are implementing subnetting use the subnet mask computed by the ZyAIR 255 255 255 0 Protocol Filters RIP Direction Press SPACE BAR to select the RIP direction Choices are None None Both In Only or Out Only Version Press SPACE BAR to select the RIP version Choices are RIP 1 RIP 1 RIP 2B or RIP 2M Incoming Enter the filter set s you wish to apply to the incoming traffic between this node and the ZyAIR Outgoing Protocol Filters Enter the filter set s you wish to apply to the outgoing traffic between this node and the ZyAIR When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel Internet Access 3 9 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 3 7 Encapsulation Be sure to use the encapsulation method required by your ISP The ZyAIR supports the following methods 3 7 1 Ethernet This encapsulation method is used when the WAN port is used as a regular Ethernet 3 7 2 PPPoE Point to Point Protocol over Ethernet PPPoE functions as a dial up connection PPPoE is an IETF Draft standard specifying how a host
50. type Standard Choose a RoadRunner flavor if your ISP is using Time Warner s RoadRunner otherwise choose Standard The User Name Password and Login Server IP Address fields are not applicable N A for the latter Choose from Standard Telstra RoadRunner Telstra or BigPond authentication method RR Manager RoadRunner Manager authentication method or RR Toshiba RoadRunner Toshiba authentication method Service Name When using PPPoE encapsulation type the name of your PPPoE N A service here 5 2 Remote Node Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 5 1 Remote Node Profile Menu Fields FIELD DESCRIPTION EXAMPLE Outgoing My Login Type the login name assigned by your ISP when the ZyAIR calls this remote node My Password Type the password assigned by your ISP when the ZyAIR calls this remote node Authen This field sets the authentication protocol used for outgoing calls Options for this field are CHAP PAP Your ZyAIR will accept either CHAP or PAP when requested by this remote node CHAP accept CHAP Challenge Handshake Authentication Protocol only PAP accept PAP Password Authentication Protocol only PAP PPTP My IP Address Type the static IP address assigned to you by your ISP in dotted decimal notation 10 11 12 13 My IP Mask Type the subnet mask of the PPTP server Server IP
51. 1 1 Configure Dynamic DNS as shown next Menu 1 1 Configure Dynamic DNS Service Provider WWW DynDNS ORG Active Yes DDNSType DynamicDNS Host EMAIL USER Password KKKK KK KK Enable Wildcard No Offline N A Press ENTER to Confirm or ESC to Cancel Figure 2 9 Configure Dynamic DNS 2 14 Hardware Installation and Initial Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Follow the instructions in the next table to configure Dynamic DNS parameters Table 2 6 Configure Dynamic DNS Menu Fields DDNS Type field Check with your Dynamic DNS service provider to have traffic redirected to a URL that you can specify while you are off line FIELD DESCRIPTION EXAMPLE Service Provider This is the name of your Dynamic DNS service provider WWW DynDNS ORG default Active Press SPACE BAR to select Yes and then press ENTER to Yes make dynamic DNS active DDNS Type Select the type of service that you are registered for from your Dynamic DNS Dynamic DNS service provider default Host Enter the domain name assigned to your ZyAIR by your me dyndns org Dynamic DNS provider EMAIL Enter your e mail address mail mailserver USER Enter your user name Password Enter the password assigned to you Enable Wildcard Your ZyAIR supports DYNDNS Wildcard Press SPACE BAR No and then ENTER to select Yes to activate wildcard This field is N A when you choose DDN
52. 1 3 Roaming A wireless station is a computer with an IEEE 802 11b compliant wireless Network Interface Card NIC An Access Point AP acts as a bridge between the wireless and wired networks An AP creates its own wireless coverage area A wireless station can associate with a particular access point only if it is within the access point s coverage area In a network environment with multiple access points wireless stations are able to switch from one access point to another as they move between the coverage areas This is roaming As the wireless station moves from place to place it is responsible for choosing the most appropriate access point depending on the signal strength network utilization or other factors The roaming feature on the access points allows the access points to relay information about the wireless stations to each other When a wireless station moves from a coverage area to another it scans and uses the 3 16 Internet Access ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch signal of a new access point which then informs the access points on the LAN about the change The new information is then propagated to the other access points on the LAN An example is shown in Figure 3 10 If the roaming feature is not enabled on the access points information is not communicated between the access points when a wireless station moves between coverage areas The wireless station may not be able to communicate with other
53. 15 FTP Session Example of Firmware File Upload 10 12 Figure 10 16 Menu 24 7 1 as seen using the Console Port 10 14 Figure 10 17 Example Xmodem Upload 10 14 Figure 10 18 Menu 24 7 2 as seen using the Console Pot 10 15 Figure 10 19 Example Xmodem Upload 10 16 Figure 11 1 Menu 24 System Maintenance ener nennen enne 11 1 Figure 11 2 Valid CI Commande 11 1 Figure 11 3 Menu 24 10 System Maintenance Time and Date Seng 11 2 Figure 12 1 Menu 26 Schedule Setup 12 1 Figure 12 2 Schedule Set Setup 12 2 Figure 12 3 Applying Schedule Set s to a Remote Node DPI 12 4 Figure 13 1 Telnet Configuration on a TCP IP Network eese ener 13 1 Figure 13 2 Menu 24 11 Remote Management Control 13 2 List of Figures xiii ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch List of Table Table 2 1LFront Panel LED Desc ee A E EE E RR E R a aa 2 2 Table 1 2ZyATR Wireless LAN Coverage a 2 5 Table 2 3 Maiti Men Co ta 2 10 Table 2 4 Main Menu OA ias 2 11 Table 2 5 General Setup Menu Fields ts 2 14 Table 2 6 Configure Dynamic DNS Menu Feldes nono nonnnnnnonn nr n nro nor nnnnnnrn nono 2 15 Table 2 7 WAN Setup Field Descriptions essen ener nennen nne 2 16 Table 3 1 DHCP Ethernet Setup Menu Fields 3 6 Table 3 2 TCP IP Ethernet Setup Menu Fields sss eene 3 7 Table 3 3 IP Alias Setup Menu Fields 3 9 Table 3 4 Internet Account Informanon eee enne nennen entren nnne nnne nnns 3 11
54. 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 More Subnets Similarly use a 27 bit mask to create 8 subnets 001 010 011 100 101 110 and so on The following table is a summary for class C subnet planning Chart 11 Class C Subnet Planning NO BORROWED HOST SUBNET MASK NO SUBNETS NO HOSTS PER BITS SUBNET 1 255 255 255 128 25 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Subnetting With Class A and Class B Networks For class A and class B addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID A class B address has two host ID octets available for subnetting and a class A address has three host ID octets see Chart 1 available for subnetting The following table is a summary for class B subnet planning Z IP Subnetting ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chart 12 Class B Subnet Planning NO BORROWED HOST SUBNET MASK NO SUBNETS NO HOSTS PER BITS SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382 3 255 255 224 0 19 8 8190 4 255 255 240 0 20 16 4094 5 255 255 248 0 21 32 20
55. 46 6 255 255 252 0 22 64 1022 7 255 255 254 0 23 128 510 8 255 255 255 0 24 256 254 9 255 255 255 128 25 512 126 10 255 255 255 192 26 1024 62 11 255 255 255 224 27 2048 30 12 255 255 255 240 28 4096 14 13 255 255 255 248 29 8192 6 14 255 255 255 252 30 16384 2 15 255 255 255 254 31 32768 1 IP Subnetting AA ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Appendix H Power Adapter Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model AD48 1201200DUY Input Power AC120Volts 60Hz 0 25A Output Power DC12Volts 1 2A Power Consumption 10 W Safety Standards UL CUL UL 1950 CSA C22 2 No 234 M90 NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model DV 121A2 5720 Input Power AC120Volts 60Hz 27VA Output Power DC12Volts 1 2A Power Consumption 10 W Safety Standards UL CUL UL 1310 CSA C22 2 No 223 M91 EUROPEAN PLUG STANDARDS AC Power Adapter Model AD 1201200DV Input Power AC230Volts 50Hz 0 2A Output Power DC12Volts 1 2A Power Consumption 10 W Safety Standards TUV CE EN 60950 UNITED KINGDOM PLUG STANDARDS AC Power Adapter Model AD 1201200DK Input Power AC230Volts 50Hz 0 2A Output Power DC12Volts 1 2A Power Consumption 10 W Safety Standards TUV CE EN 60950 BS7002 Power Adapter Specifications CC
56. 5 Menu 35 Remde NodeFilter WIAN MAC Ades wireless LAN Setup ROT SIG Fiter Configuration Menu 26 Menu 4 Man 23 Menu2 Menu 21 Schedule Setup Syslem Moirlenance SystemSecurity SNMP Configuration Filer Sel Configurdion Menu 26 x Menu 241 Manu 23 1 Menu 232 Meru 21 x Meru21 x 1 Schedule Set Setup System Maintenance System Password RADIUS Sewer Filter Rules S ummery TCPAP Filter Rule Status Menu 23 4 Menu21 x1 Menu 242 Menu 242 1 IEEEGQ 1X Genen FiterRule Sydem infomation System Mairtenance Informdion Maru 24 11 Meru 249 1 Remote Management Budget Management Menu 24 10 Menu 249 Menu 243 1 Time ard Date Cal oniro Sing Menu 247 2 Menu 247 1 System Maintenance System Maintenance Upload System Upload Syste mF irmw are Configuration File System Maintenance Restore Corfiguration Backup Configuration Figure 2 5 ZyAIR SMT Menu Overview Hardware Installation and Initial Setup 2 9 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 2 7 Navigating the SMT Interface The SMT System Management Terminal is the interface that you use to configure your ZyAIR Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below Table 2 3 Main Menu Commands previous menu OPERATION KEYSTROKE DESCRIPTION Move down to ENTER To move forward to a submenu type in the number of the desired another menu submenu and press ENTER
57. AN or Disable neither gt WAN only Internet gt ALL LAN and WAN gt LAN only Disable Neither If you enable remote management of a service but have applied a filter to block the service then you will not be able to remotely manage the service Enter 11 from menu 24 to display Menu 24 11 Remote Management Control shown next Menu 24 11 Remote Management Control TELNET Server Port 23 Access LAN only Secured Client 0 0 0 0 FTP Server Port Access LAN only Secured L 0 0 0 0 Web Server Port Access LAN only Secured L 0 0 0 0 SNMP Service Port Access AL Secured L 0 0 0 0 DNS Service Port Access AL Secured P 0 0 0 0 Press ENTER to Confirm or ESC to Cancel Figure 13 2 Menu 24 11 Remote Management Control Table 13 1 Menu 24 11 Remote Management Control FIELD DESCRIPTION EXAMPLE Telnet Server Each of these read only labels denotes a server or service that you FTP Server may use to remotely manage the ZyAIR Web Server SNMP Service DNS Service 13 2 Remote Management ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 13 1 Menu 24 11 Remote Management Control FIELD DESCRIPTION EXAMPLE This field shows the port number for the remote management service You may change the port number for a service if needed but you must use the same port number to use that service for remote management The DNS Service port nu
58. AN the gateway must be the IP address of one of the remote nodes Metric Metric represents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks Type a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number Private This parameter determines if the ZyAIR will include the route to this remote node in its RIP broadcasts If set to Yes this route is kept private and is not included in RIP broadcasts If No the route to this remote node will be propagated to other hosts through RIP broadcasts Remote Node Configuration 5 9 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 6 Network Address Translation NAT This chapter discusses how to configure NAT on the ZyAIR 6 1 Introduction NAT Network Address Translation NAT RFC 1631 is the translation of the IP address of a host in a packet for example the source address of an outgoing packet used within one network to a different IP address known within another network 6 1 1 NAT Definitions Inside outside denotes where a host is located relative to the ZyAIR for example the computers of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global local denotes the IP address of a host in a packet
59. AN or your LAN to provide authentication service for wireless clients Unique ESS ID Unique with Hide MAC ESSID ESSID Address WEP Default Enabled Filtering Encryption Least Secure Most Secure Figure 4 1 ZyAIR Wireless Security Levels If you do not enable any wireless security on your ZyAIR your network is accessible to any wireless networking device that is within range 4 2 Data Encryption with WEP WEP encryption scrambles the data transmitted between the wireless clients and the access points to keep network communications private It encrypts unicast and multicast communications in a network Both the wireless clients and the access points must use the same WEP key for data encryption and decryption For wireless LAN setup refer to section on Wireless LAN Setup Your ZyAIR allows you to configure up to four 64 bit or 128 bit WEP keys but only one key can be enabled at any one time Follow the steps below to configure and enable WEP encryption Wireless LAN Security Setup 4 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Step 1 From the main menu enter 3 to display Menu 3 Lan Setup Step 2 Enter 5 to display Menu 3 5 Wireless LAN Setup Menu 3 5 Wireless LAN Setup ESSID 432545 Hide ESSID No Channel ID CH11 2462MHz RTS Threshold 2432 Frag Threshold 2432 WEP Disable Default Key N A Keyl N A Key2 N A Key3 N A Key4 N A Edit MAC Address Filter No Edit Roaming Configur
60. CC Statement iii ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch ZyXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or components without charge for either parts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product is modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind of character to the purchaser To obtain the services of this warranty contact ZyXEL s Service Center for your Return Material Authorization
61. CP IP rules Generic Filter rules act on the raw data from to LAN and WAN Protocol Filter rules act on IP packets When NAT Network Address Translation is enabled the inside IP address and port number are replaced on a connection by connection basis which makes it impossible to know the exact address and port on the wire Therefore the ZyAIR applies the protocol filters to the native IP address and port number before NAT for outgoing packets and after NAT for incoming packets On the other hand the generic or device 7 12 Filter Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch filters are applied to the raw packets that appear on the wire They are applied at the point where the ZyAIR is receiving and sending the packets for instance the interface The interface can be an Ethernet or any other hardware port The following figure illustrates this Figure 7 10 Protocol and Device Filter Sets 7 5 Example Filter Let s look at an example to block outside users from telnetting into the ZyAIR Your LAN N User trying to telnet into the ZyAIR Incoming Traffic Filter Figure 7 11 Sample Telnet Filter Step 1 Enter 21 from the main menu to open Menu 21 Filter Set Configuration Step 2 Enter the index number of the filter set you want to configure in this example 3 Filter Configuration 7 13 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Step 3 Type a descript
62. ER DESCRIPTION UNIX Syslog Active Syslog IP address Press SPACE BAR and then ENTER to turn syslog on or off Type the IP address of your syslog server Log Facility Press SSPACE BAR and then ENTER to select one of seven different local options The log facility lets you log the message in different server files Refer to your UNIX manual Types CDR Call Detail Record CDR logs all data phone line activity if set to Yes Packet Triggered The first 48 bytes or octets and protocol type of the triggering packet is sent to the UNIX syslog server when this field is set to Yes Filter Log No filters are logged when this field is set to No Filters with the individual filter Log Filter field set to Yes are logged when this field is set to Yes PPP Log PPP events are logged when this field is set to Yes When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 9 6 System Information and Diagnosis ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 9 3 3 Call Triggering Packet Call Triggering Packet displays information about the packet that triggered a dial out call in an easy readable format Equivalent information is available in menu 24 1 in hex format 9 4 Diagnostic The diagnostic facility allows you to test the different aspects of your ZyA
63. FFFFFFF To configure a generic rule select an empty filter set in menu 21 for example 4 Select Generic Filter Rule in the Filter Type field and press ENTER to open Menu 21 4 1 Generic Filter Rule as shown in the following figure Menu 21 4 1 Generic Filter Rule Filter 4 1 Filter Type Generic Filter Rule Active No Offset 0 Length 0 Mask N A Value N A More No Log None Action Matched Check Next Rule Action Not Matched Check Next Rule Press ENTER to Confirm or ESC to Cancel Figure 7 9 Menu 21 4 1 Generic Filter Rule The next table describes the fields in the Generic Filter Rule menu Table 7 4 Generic Filter Rule Menu Fields FIELD DESCRIPTION EXAMPLE Filter This is the filter set filter rule coordinates for instance 2 3 refers to the second filter set and the third rule of that set 5 1 Filter Type Press SPACE BAR and then ENTER to select a type of rule Generic Filter Filter Configuration Parameters displayed below each type will be different Choices are Rule Generic Filter Rule or TCP IP Filter Rule Active Press SPACE BAR to select Yes and press ENTER to turn on the filter No rule default 7 11 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 7 4 Generic Filter Rule Menu Fields FIELD DESCRIPTION EXAMPLE Offset Type the starting byte of the data portion in t
64. Gateway with 4 Port Switch Transmission sese 9 2 bcn 8 2 Related Doceumentatpon sss xvil aps acces rte ee ee estis 8 3 Remote Authentication Dial In User Service See Trusted Host 8 3 RADIUS Static Route Setup 5 7 Remote DHCP Server 3 7 Static Routing Topologa sess 5 8 Remote Management Limitations 13 3 Eege ee 2 3 Remote Management Setup 13 1 13 2 SUA Single User Account See NAT Remote Node 5 1 9 2 Subnet Mask 3 2 3 7 5 5 5 9 9 4 Remote Node Profile 5 2 Support Disk xvil Request to Send protocol 3 14 Supporting Disk xvil Required Delde sss 2 10 Syntax Conventons xviii RESET Button 2 4 EEN 9 5 Restore Confteurapon 10 7 Syslog IP Address sss 9 6 Reverse SMA Conmnectors 2 4 Syslog S itvet cease tees 9 5 RF signals cse eee deciden A System RIP 3 7 5 6 See Routing Information Protocol Console Port Speed 9 4 A 3 16 RIETS 9 7 Enable on ZyAIR sese 3 18 Log and Tragedie 9 4 Example coincida 3 17 Syslog and Accounting oooocoococcconoconinnninnnonos 9 5 Reouements eeii 3 17 System Information ssseeeee 9 3 Routing Information Protocol 3 3 System Status oss esee 9 1 Direction onions 3 3 Time and Date ociosa 11 2 KEE 3 3 System Information sese 9 3 La See Request to Send System Information amp Diagnosis
65. How NAT WOR ntn deter erre rn id diia 6 3 Figure 6 2 NAT Application With IP Als 6 4 Figure 6 3 Menu 4 Applying NAT for Internet Access 6 6 Figure 6 4 Menu 11 3 Applying NAT to the Remote Node 6 7 Figure 6 5 Menu I5 NAT Setup onn dee Ree teen titur tete pe 6 8 Figure 6 6 Menu 15 1 Address Mapping Setz 6 8 Figure 6 7 Menu 15 1 255 SUA Address Mapping Rules sse 6 9 Figure 6 8 Men 15 1 1 First Set doe redegi e eee etre ee Drs 6 10 Figure 6 9 Menu 15 1 1 1 Editing Configuring an Individual Rule in a Set 6 11 Figure 6 10 Menu 15 2 NAT Server Setup 6 14 Figure 6 11 Multiple Servers Behind NAT Example seen ener nennen 6 15 Figure 6 12 NAT Example Dri hee peo he ade epe OU eet eph 6 16 Figure 6 13 Menu 4 Internet Access amp NAT Example esee eene enne eene 6 16 Figure 6 14 NAT Example iia 6 17 Figure 6 15 Menu 15 2 1 Specifying an Inside Server 6 17 Figure 6 I16 NAT Example 3 cen cea ie ei e as 6 18 Figure 6 17 Example 3 Menu 11 3 cene e ads 6 19 Figure 6 18 Example 3 Menu 15 1 1 1 eure iced ee Rte toto ces o Ee e erede tpe Denia 6 19 Figure 6 19 Example 3 Final Menu 15 1 1 enne ener ener entente nennen 6 20 Figure 6 20 NAT Example Ai HR e Tee RH te is Ie e te M RE dd 6 21 Figure 6 21 Example 4 Menu 15 17 l i oe Ee iet eU Ad Eee ee ed 6 21 Figure 0 22 Example 4 Menu Interes age ere A O ER E e CIEN ERR 6 22 Figure 7 1 Outgoing Packet Filterin
66. IP 2 IGA 2 LAN2 192 168 2 X we PC3 Network Server PCS iB TO ars Sales 192 168 2 1 PC4 NT Server 182 168 2 1 E PC PC Serverin n R amp D Network NT Serve PC3 IP 3 IGA 3 LAN3 192 168 3 X 192 168 3 1 Network Server R amp D 192 168 3 1 WAN Addresses LAN Addresses Default IPs IGA gt 192 168 1 2 192 168 2 1 192 168 3 1 Figure 6 2 NAT Application With IP Alias 6 1 5 NAT Mapping Types NAT supports five types of IP port mapping They are 1 One to One In One to One mode the ZyAIR maps one local IP address to one global IP address 2 Many to One In Many to One mode the ZyAIR maps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers 3 Many to Many Overload In Many to Many Overload mode the ZyAIR maps the multiple local IP addresses to shared global IP addresses 4 Many One to One In Many One to One mode the ZyAIR maps each local IP address to a unique global IP address 6 4 NAT ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 5 Server This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world although it is highly recommended that you use the DMZ port for these servers instead Port num
67. IPTION Name Displays the system name of your ZyAIR This information can be changed in Menu 1 General Setup Routing Refers to the routing protocol used System Information and Diagnosis 9 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 9 2 Fields in System Maintenance FIELD DESCRIPTION ZyNOS F W Version Refers to the ZyNOS ZyXEL Network Operating System system firmware version ZyNOS is a registered trademark of ZyXEL Communications Corporation LAN Ethernet Address Refers to the Ethernet MAC Media Access Control of your ZyAIR IP Address This is the IP address of the ZyAlRe in dotted decimal notation IP Mask This shows the subnet mask of the ZyAIR DHCP This field shows the DHCP setting of the ZyAIR When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 9 2 2 Console Port Speed You can set up different port speeds for the console port through Menu 24 2 2 System Maintenance Console Port Speed Your ZyAIR supports 9600 default 19200 38400 and 57600bps console port speeds Press SPACE BAR and then ENTER to select the desired speed in menu 24 2 2 as shown in the following figure Menu 24 2 2 System Maintenance Change Console Port Speed Console Port Speed 9600 Press ENTER to Con
68. IR for example put firmware bin ras transfers the firmware on your computer firmware bin to the ZyAIR and renames it ras Similarly put config rom rom 0 transfers the configuration file on your computer config rom to the ZyAIR and renames it rom 0 Likewise get rom 0 config rom transfers the configuration file on the ZyAIR to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Step 7 Enter quit to exit the ftp prompt 10 4 4 FTP Session Example of Firmware File Upload 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp put firmware bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp 1103936 bytes sent in 1 10Seconds 297 89Kbytes sec ftp quit Figure 10 15 FTP Session Example of Firmware File Upload More commands found in GUI based FTP clients are listed earlier in this chapter Refer to section 10 2 5 to read about configurations that disallow TFTP and FTP over WAN 10 4 5 TFTP File Upload The ZyAIR also supports the uploading of firmware files using TFTP Trivial File Transfer Protocol over LAN Although TFTP should work over WAN as well it is not recommended To use TFTP your computer must have both telnet and TFTP clients To transfer the firmware and the configuration file follow the procedure shown next 10 12 Firmware and Configurat
69. IR to determine if it is working properly Menu 24 4 allows you to choose among various types of diagnostic tests to evaluate your system as shown in the following figure Menu 24 4 System Maintenance Diagnostic TCP IP 1 Ping Host 2 WAN DHCP Release 3 WAN DHCP Renewal 4 Internet Setup Test System 11 Reboot System Enter Menu Selection Number Host IP Address N A Figure 9 9 Menu 24 4 System Maintenance Diagnostic Follow the procedure next to get to display this menu Step 1 From the main menu type 24 to open Menu 24 System Maintenance Step 2 From this menu type 4 Diagnostic to open Menu 24 4 System Maintenance Diagnostic The table below describes the diagnostic tests available in menu 24 4 for your ZyAIR and the connections Table 9 4 System Maintenance Menu Diagnostic FIELD DESCRIPTION Ping Host Ping the host to see if the links and TCP IP protocol on both systems are working DHCP Release Release the IP address assigned by the DHCP server DHCP Renewal Get a new IP address from the DHCP server Internet Setup Use this option to test your Internet connection Test Reboot System Reboot the ZyAIR Host IP Address If you typed 1 to ping host now type the address of the computer you want to ping System Information and Diagnosis 9 7 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 10 Firmware and Configurati
70. LAN Setup ute nde egere been RIP E be EH Pe o eee edits 3 18 Figure 3 12 Menu 3 5 2 Roaming Confeurapon sess ener ener nene 3 18 Figure 4 1 ZyAIR Wireless Security Levels enne enne 4 1 Figure 4 2 Wireless LAN Setup eese tiep i feste Hd ee ee Pe Hee eee eiie etae EE 4 2 Figure 4 3 Sequence for EAP Authentication sse 4 4 Figure 4 4 Menu 23 System Security eene entente enne 4 5 Figure 4 5 Menu 23 4 System Security IEEE802 IN 4 5 Figure 4 6 Menu 23 2 System Security External Server 4 6 Figure 4 7 Menu 14 Dial in User Setup sees erinnerte nre enne esei iiie 4 8 Figure 4 8 Menu 14 1 Edit Dial in User rennen enne nennen nennen A 4 8 Figure 4 9 Menu 3 5 Wireless LAN Setup 4 9 Figure 4 10 Menu 3 5 1 WLAN MAC Address Filter eese eene nennen 4 9 Figure 5 1 Menu 11 1 Remote Node Profile eene nennen enne nennen 5 2 Figure 5 2 Remote Node Network Layer Options esses enne ener nnns 5 5 Figure 5 3 Menu 11 5 Remote Node Filter Ethernet Encapsulatpon 5 7 Figure 5 4 Menu 11 5 Remote Node Filter PPTP or PPPoE Encapsulapon 5 7 List of Figures xi ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Figure 5 5 Sample Static Routing Topology sess enne ener nennen 5 8 Fig re 5 6 Menu 12 1 IP Static Route Set p dte etis due date eei He tede 5 8 Figure 5 7 Edit P Static ROUTE eege t eoo Ie e PR EEA to Pipe 5 9 Figure 621
71. Length 7 3 Configuring a Filter Rule To configure a filter rule type its number in Menu 21 1 Filter Rules Summary and press ENTER to open menu 21 1 1 for the rule There are two types of filter rules TCP IP and Generic Depending on the type of rule the parameters for each type will be different Use SPACE BAR to select the type of rule that you want to create in the Filter Type field and press ENTER to open the respective menu To speed up filtering all rules in a filter set must be of the same class for instance protocol filters or generic filters The class of a filter set is determined by the first rule that you create When applying the filter sets to a port separate menu fields are provided for protocol and device filter sets If you include a protocol filter set in a device filters field or vice versa the ZyAIR will warn you and will not allow you to save 7 3 1 TCP IP Filter Rule This section shows you how to configure a TCP IP filter rule TCP IP rules allow you to base the rule on the fields in the IP and the upper layer protocol for example UDP and TCP headers To configure TCP IP rules select TCP IP Filter Rule from the Filter Type field and press ENTER to open Menu 21 1 1 TCP IP Filter Rule as shown next 7 6 Filter Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 21 Filter 1 1 1 1 TCP IP Filter Rule Filter Type TCP IP Filter Rule Active
72. Move up toa ESC Press ESC to move back to the previous menu menu Move to a hidden Press SPACE BAR to change No to Yes then press ENTER Fields beginning with Edit lead to hidden menus and have a default setting of No Press SPACE BAR once to change No to Yes then press ENTER to go to the hidden menu ENTER Move the cursor ENTER or Within a menu press ENTER to move to the next field You can UP DOWN arrow also use the UP DOWN arrow keys to move to the previous keys and the next field respectively Entering Type in or press You need to fill in two types of fields The first requires you to type information SPACE BAR then in the appropriate information The second allows you to cycle press ENTER through the available choices by pressing SPACE BAR Required fields lt gt All fields with the symbol lt gt must be filled in order to be able to save the new configuration N A fields lt N A gt Some of the fields in the SMT will show a lt N A gt This symbol refers to an option that is Not Applicable Save your ENTER Save your configuration by pressing ENTER at the message configuration Press ENTER to confirm or ESC to cancel Saving the data on the screen will take you in most cases to the previous menu Exit the SMT Type 99 then press Type 99 at the main menu prompt and press ENTER to exit the SMT interface After you
73. N gt Use the ZyAIR s LAN IP address when configuring from the LAN Remote Management 13 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 13 6 System Timeout There is a system timeout of five minutes 300 seconds for Telnet web FTP connections Your ZyAIR will automatically log you out if you do nothing in this timeout period except when it is continuously updating the status in menu 24 1 or when sys stdio has been changed on the command line 13 4 Remote Management Additional Information Part IV ADDITIONAL INFORMATION ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 14 Troubleshooting This chapter covers potential problems and the corresponding remedies 14 1 Problem Starting Up the ZyAIR Table 14 1 Troubleshooting the Start Up of Your ZyAIR PROBLEM CORRECTIVE ACTION None of the LEDs turn on when plug in the power adapter Make sure you are using the supplied power adapter and that it is plugged in to an appropriate power source Check that the power source is turned on If the problem persists you may have a hardware problem In this case you should contact your local vendor cannot access the ZyAIR via the console port 1 Make sure the ZyAIR is connected to your computer s serial port 2 Make sure the VT100 terminal emulation communications program is configured correctly The communications software 9600 bp
74. P addresses from a DHCP server if using dynamic IP address assignment 3 11 5 Enable the Roaming Feature on the ZyAIR Enable the roaming feature if you have two or more ZyAIRs on the same subnet Follow the steps below to allow roaming on your ZyAIR Step 1 From the main menu enter 3 to display Menu 3 LAN Setup Step 2 Enter 5 to display Menu 3 5 Wireless LAN Setup Menu 3 5 Wireless LAN Setup ESSID Wireless Hide ESSID No Channel ID CH01 2412MHz RTS Threshold 2432 Frag Threshold 2432 WEP Disable Default Key N A Keyl N A Key2 N A Key3 N A Key4 N A Edit MAC Address Filter No Edit Roaming Configuration Yes Press ENTER to Confirm or ESC to Cancel Figure 3 11 Wireless LAN Setup Step 3 Move the cursor to the Edit Roaming Configuration field Press SPACE BAR to select Yes and then press ENTER Menu 3 5 2 Roaming Configuration displays as shown next Menu 3 5 2 Roaming Configuration Active Yes Port 16290 Press ENTER to Confirm or ESC to Cancel Figure 3 12 Menu 3 5 2 Roaming Configuration The following table describes the fields in this menu 3 18 Internet Access ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 3 7 Roaming Configuration Field Descriptions FIELD DESCRIPTION Active Press SPACE BAR and then ENTER to select Yes to allow roaming on the ZyAIR Press SPACE BAR and then ENTER to select Yes to enable roaming on the ZyAIR if you ha
75. P packets to a group of hosts on the network not everybody IGMP Internet Group Multicast Protocol is a session layer protocol used to establish membership in a multicast group it is not used to carry user data IGMP version 2 RFC 2236 is an improvement over version 1 RFC 1112 but IGMP version 1 is still in wide use If you would like to read more detailed information about interoperability between IGMP version 2 and version 1 please see sections 4 and 5 of RFC 2236 The class D IP address is used to identify host groups and can be in the range 224 0 0 0 to 239 255 255 255 The address 224 0 0 0 is not assigned to any group and is used by IP multicast computers The address 224 0 0 1 is used for query messages and is assigned to the permanent group of all IP hosts including gateways All hosts must join the 224 0 0 1 group in order to participate in IGMP The address 224 0 0 2 is assigned to the multicast routers group The ZyAIR supports both IGMP version 1 IGMP v1 and version 2 IGMP v2 At start up the ZyAIR queries all directly connected networks to gather group membership After that the ZyAIR periodically updates this information IP Multicasting can be enabled disabled on the ZyAIR LAN and or WAN interfaces using menus 3 2 LAN and 11 3 WAN Select None to disable IP Multicasting on these interfaces 3 5 TCP IP Ethernet and DHCP Setup Use menu 3 2 to configure your ZyAIR for TCP IP To edit menu 3 2 enter 3 from the main
76. Panel and Connections eese ener eene 2 3 Figure 2 3 Power On Display ebessi RE re REESE ESTNE 2 7 Figure 2 A Login SCreett EE 2 7 Eigure2 5 ZyAIR SMT Men OV etVIew adei eto omne ae cr EE etes dt 2 9 Figure 2 6 SMT Main Mello in o ROIG a D de etree Ne dE 2 11 Figure 2 7 Menu 23 System Dasswornd eene nnne en nnne 2 12 Figure 2 8 Menu 1 General Setup etica ais att e UI andes 2 13 Figure 2 9 Configure Dynamic DNS ccccssecsseesseeseeescesecesecesecseceaeceaecseecaeesaecaaecseecaeeeseesseeeeesereneaeenaeenaes 2 14 Figure 2 10 Menu 2 WAN Sell decai o ep Ep ha E n e a nr b ERU D reb cH Rede 2 16 Figure 2 11 Menu 3 LAN Setup essent nee nennen trennen inerenti netten nenne A enn 2 17 Figure 2 12 Menu 3 1 General Ethernet Setup 2 17 Figure 3 1 LAN amp WAN Jee eege eege Eed in ie ed eg oe de 3 2 Figure 3 2 Menu 3 2 TCP IP and DHCP Ethernet Setup esee ener 3 6 Figure 3 3 Physical Network o ed eee er Perte eren idee AAA 3 8 Figure 3 4 Partitioned Logical Networks eese eren enne nennt trennen nennen rene 3 8 Figure 3 5 Menu 3 2 TCP IP and DHCP Setup sessi nono cnn nete nein 3 8 Figure 3 6 Menu 3 2 1 IP Alias Semi 3 9 MARINAS e ear aee aa n aa a a ana a aae oaan ae an a araea Eeee Sanies arna 3 12 Figure 3 8 RES Ehreshold rete E A E E Ue e E 3 14 Figure 3 9 Menu 3 5 Wireless LAN Semi 3 15 Figure 3 10 Roaming sample 3 17 Figure 3 11 Wireless
77. RIP Direction Options are Both In Only Out Only or None None Version Press SPACE BAR and then ENTER to select the RIP version Options are RIP 1 RIP 2B or RIP 2M RIP 1 Multicast IGMP v1 sets IGMP to version 1 IGMP v2 sets IGMP to version 2 and None disables IGMP None When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 5 2 Remote Node Filter Move the cursor to the Edit Filter Sets field in menu 11 1 then press SPACE BAR to select Yes Press ENTER to display Menu 11 5 Remote Node Filter Use Menu 11 5 Remote Node Filter to specify the filter set s to apply to the incoming and outgoing traffic between this remote node and the ZyAIR and also to prevent certain packets from triggering calls You can specify up to 4 filter sets separated by comma for example 1 5 9 12 in each filter field Note that spaces are accepted in this field 5 6 Remote Node Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 11 5 Remote Node Filter Input Filter Sets protocol filters 1 2 3 device filters Output Filter Sets protocol filters device filters Enter here to CONFIRM or ESC to CANCEL Figure 5 3 Menu 11 5 Remote Node Filter Ethernet Encapsulation Menu 11 5 Remote Node Filter Input Filter S
78. S client as your service provider Offline This option is available when CustomDNS is selected in the N A When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel 2 10 WAN Setup The MAC address field allows users to configure the WAN port s MAC Address by either using the factory default or cloning the MAC address from a computer on your LAN Once it is successfully configured the address will be copied to the rom file ZyNOS configuration file It will not change unless you change the setting or upload a different rom file ZyXEL recommends you clone the MAC address from a workstation on your LAN even if your ISP does not require MAC address authentication Hardware Installation and Initial Setup 2 15 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch From the main menu enter 2 to display Menu 2 WAN Setup screen as shown Menu 2 WAN Setup MAC Address Assigned By Factory default IP Address N A Press ENTER to Confirm or ESC to Cancel Figure 2 10 Menu 2 WAN Setup The following table describes the fields in this screen Table 2 7 WAN Setup Field Descriptions FIELD DESCRIPTION EXAMPLE MAC Address Assigned By Press SPACE BAR to select Factory default and press ENTER to Factory default use the factory assigned MAC address Select IP address attached on LAN and
79. SFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR ZYAIR 10 4 1 Firmware File Upload FTP is the preferred method for uploading the firmware and configuration To use this feature your computer must have an FTP client When you telnet into the ZyAIR you will see the following screens for uploading firmware and the configuration file using FTP 10 10 Firmware and Configuration File Maintenance ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 24 7 1 System Maintenance Upload System Firmware To upload the system firmware follow the procedure below Launch the FTP client on your workstation Type open and the IP address of your system Then type root and SMT password as requested Type put firmwarefilename ras where firmwarefilename is the name of your firmware upgrade file on your workstation and ras is the remote file name on the system The system reboots automatically after a successful firmware upload For details on FTP commands please consult the documentation of your FTP client program For details on uploading system firmware using TFTP note that you must remain on this menu to upload system firmware using TFTP please see your manual Press ENTER to Exit Figure 10 13 Telnet Into Menu 24 7 1 Upload System Firmware 10 4 2 Configuration File Upload You see the following screen when you telnet into menu 24 7 2 Menu 24 7 2 System Maintenance Upload System Configuration F
80. Setup Use this menu to set up local user profiles on the ZyAIR 15 NAT Setup Use this menu to specify inside servers when NAT is enabled 21 Filter Set Configuration Use this menu to set up filters to provide security etc 22 SNMP Configuration Use this menu to set up SNMP related parameters 23 System Password Use this menu to change your password Hardware Installation and Initial Setup 2 11 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 2 4 Main Menu Summary MENU TITLE DESCRIPTION 24 System Maintenance This menu provides system status diagnostics software upload etc 26 Schedule Setup Use this menu to schedule outgoing calls 99 Exit Use this to exit from SMT and return to a blank screen 2 8 Changing the System Password Change the ZyAIR default password by following the steps shown next Step 1 Enter 23 in the main menu to display Menu 23 System Password as shown next Step 2 Type your existing system password in the Old Password field for example 1234 and press ENTER Menu 23 System Password Old Password New Password Retype to confirm Enter here to CONFIRM or ESC to CANCEL Figure 2 7 Menu 23 System Password Step 3 Type your new system password in the New Password field up to 30 characters and press ENTER Step 4 Re type your new system password in the Retype to confirm field for confirmation and press ENTER
81. T Mapping Types deed NEESS de eee te ts 6 4 62 Using NAT ict nere Edi reete e ee e d e eie der dae dee t iei 6 6 6 2 1 SUA Single User Account Versus NAT cooconconocnonoconcnononnnonnnonnonncnnn canon nono nnon nro nrcn nro 6 6 6 2 2 Applying NA Ti A eee bees 6 6 63 NADA td 6 7 6 3 1 Address Mapping Sets ita A dea ee dei Ta 6 8 6 3 2 Configuring Individual Rule coi e heeds 6 11 6 4 NAT Server Sets Port Forwarding sese 6 12 6 4 1 Configuring a Server behind NAT ener 6 13 6 5 General NAT Examples s A te ee eR 6 16 6 5 1 Example 1 Internet Access Only iiss seco st vse ede as 6 16 6 5 2 Example 2 Internet Access with an Inside Server 6 17 6 5 3 Example 3 Multiple Public IP Addresses With Inside Serverg sss 6 18 6 5 4 Example 4 NAT Unfriendly Application Programs 6 21 ADVANCED MANAGEMENT c sssscscssosecsssosecsessosecsessesecsersesecsersesecsessesecsessesecsessesecsessesecsersesecserseserses II Chapter 7 Filter Configuration csccssscsssssssssssssssesscssscssscssssssssssesssesssessssssssessnessneessessessssesssssesseseees 7 1 deck About Filtering st eee ie ee eee a E ae 7 1 7 2 Configuring a Filter Sets i RR EE on aes MAAN EE 7 3 7 2 1 Filter Rules Summary Menus ccccesccsseesseeseeeeeeseeeseceeeeesecesecaecaecaecseecaeeesesseeeneeeeeeens 7 5 3 Configuring Filter Rule RR pne eom Ue e pt cen OR Qu Nee Ue ede CU 7 6 7 3 1 TEPIP Filter Rule ete RC Rene RR RISE Re
82. TP You can apply up to four schedule sets separated by commas for one remote node Change the schedule set numbers to your preference s Call Scheduling ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 13 Remote Management This chapter covers remote management SMT menu 24 11 13 1 Telnet You can configure your ZyAIR for remote Telnet access as shown next ZyAIR B p lt Wireless LAN Incoming Traffic connections User telnets into the LAN Figure 13 1 Telnet Configuration on a TCP IP Network 13 2 FTP You can upload and download ZyAIR firmware and configuration files using FTP To use this feature your computer must have an FTP client 13 3 Web You can use the ZyAIR s embedded web configurator for configuration and file management See the online help for details 13 4 Remote Management To disable remote management of a service select Disable in the corresponding Server Access field Enter 11 from menu 24 to display Menu 24 11 Remote Management Control Remote Management 13 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 13 4 1 Remote Management Setup Remote management setup is for managing Telnet FTP and Web services You can customize the service port access interface and the secured client IP address to enhance security and flexibility You may manage your ZyAIR from a remote location via the Internet WAN only the LAN only All LAN and W
83. With RADIUS Server IP PACK Ct aine eet 7 11 Example eo E IP Beleeg dre tns 3 4 IP Static Route e eaa aanren aaea as 5 7 P IP Static Route Setup sss 5 8 Packet Tnggered 9 6 L NL 9 2 PAP EE 5 3 Link typerna nni lei eee 9 2 Password EE 2 7 2 12 5 3 8 2 Log and Trace miii ien 9 5 LTE 9 7 Log Facility nsns eee 9 6 PPP Data Connection sess M Logging Option 7 9 7 12 PPP LOog i veces cece e ne eH 9 6 IN NEE I M PPPoE Encapsulatton 3 10 MAC Address PPPOE E I Cloning Recommendation 2 15 RTE ccciuvcssceseses LEE K MAC Address Filter Acten 4 10 PPTP Encapsulapon 3 10 MAC Address Filtering 4 8 PPTP Protocol Overview oooooooconoconocononnconnonnnnnos L Main Men ges netter 2 10 PPTP Support En 12 Management Information Base MIB 8 2 PVE c 5 6 5 9 Message Login 9 Protocol eene diets 7 7 Eeer 5 6 5 9 Protocol Filter Rules en 7 12 Mounting Options oooooonconiconocnnonoconoconoconocnncnnnos 2 5 Q WE Uer 5 6 My WAN Address eese 5 5 Quick Start Guide sess xvii N R Nailed Up Connection 5 1 EES geseet eer nitide 4 3 NEE Sot neg sse ie edem 7 12 Shared Secret Ken 4 4 Application Lia tio 6 3 RADIUS Message Tvpes eee 4 3 Applying NAT in the SMT Menus 6 6 LN 9 4 Confeurmg A 6 7 Rate Definitions ss See 6 1 Regent ode ree es 9 2 Index GG ZyAIR B 2000 Wireless LAN
84. ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch User s Guide Version 3 50 October 2002 ZyXEL TOTAL INTERNET ACCESS SOLUTION ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Copyright Copyright 2002 by ZyXEL Communications Corporation The contents of this publication may not be reproduced in any part or as a whole transcribed stored in a retrieval system translated into any language or transmitted in any form or by any means electronic mechanical magnetic optical chemical photocopying manual or otherwise without the prior written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners ii Copyright ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Federal Communications Commission FCC Interference Statement This
85. address of the telnet client and accepts TFTP requests only from this address Step 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance Step 3 Enter command sys stdio 0 to disable the SMT timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute SMT timeout default when the file transfer is complete Step 4 Launch the TFTP client on your computer and connect to the ZyAIR Set the transfer mode to binary before starting data transfer Step 5 Use the TFTP client see the example below to transfer files between the ZyAIR and the computer The file name for the configuration file is rom 0 rom zero not capital o Note that the telnet connection must be active and the SMT in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to transfer from the ZyAIR to the computer and binary to set binary transfer mode 10 2 7 TFTP Command Example The following is an example TFTP command tftp i host get rom 0 config rom where i specifies binary image transfer mode use this mode when transferring binary files host is the ZyAIR IP address get transfers the file source on the ZyAIR rom 0 name of the configuration file on the ZyAIR to the file destination on the computer and renames it co
86. age transfer mode use this mode when transferring binary files host is the ZyAIR s IP address and put transfers the file source on the computer firmware bin name of the firmware on the computer to the file destination on the remote host ras name of the firmware on the ZyAIR Commands that you may see in GUI based TFTP clients are listed earlier in this chapter 10 4 7 Uploading Via Console Port FTP or TFTP are the preferred methods for uploading firmware to your ZyAIR However in the event of your network being down uploading files is only possible with a direct connection to your ZyAIR via the console port Uploading files via the console port under normal conditions is not recommended since FTP or TFTP is faster Any serial communications program should work fine however you must use the Xmodem protocol to perform the download upload Firmware and Configuration File Maintenance 10 13 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 10 4 8 Uploading Firmware File Via Console Port Step 1 Select 1 from Menu 24 7 System Maintenance Upload Firmware to display Menu 24 7 1 System Maintenance Upload System Firmware then follow the instructions as shown in the following screen Menu 24 7 1 System Maintenance Upload System Firmware To upload system firmware 1 Enter y at the prompt below to go into debug mode 2 Enter atur after Enter Debug Mode message 3 Wait for St
87. ages from this address A blank default field means your ZyAIR will respond to all SNMP messages it receives regardless of source Trap public C it Type the trap community which is the password sent with each ommunity trap to the SNMP manager Destination Type the IP address of the station to send your SNMP traps to 0 0 0 0 When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 8 4 SNMP Traps The ZyAIR will send traps to the SNMP manager when any one of the following events occurs SNMP Configuration 8 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 8 2 SNMP Traps TRAP TRAP NAME DESCRIPTION 1 coldStart defined in RFC 1215 A trap is sent after booting power on 2 warmsStart defined in RFC 1215 A trap is sent after booting software reboot 3 linkUp defined in RFC 1215 A trap is sent with the port number 4 authenticationFailure defined in A trap is sent to the manager when receiving any SNMP RFC 1215 get or set requirements with wrong community password 6 linkDown defined in RFC 1215 A trap is sent with the port number when any of the links are down See the following table The port number is its interface index under the interface group Table 8 3 Ports and Permanent Virtual Circuits
88. alPlayer VDOLive Quake and PPTP No configuration is needed to support these applications Dynamic DNS Support With Dynamic DNS support you can have a static hostname alias for a dynamic IP address allowing the host to be more easily accessible from various locations on the Internet You must register for this service with a Dynamic DNS client 1 2 Getting To Know Your ZyAIR ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch DHCP Support DHCP Dynamic Host Configuration Protocol allows the individual clients computers to obtain the TCP IP configuration at start up from a centralized DHCP server The ZyAIR has built in DHCP server capability enabled by default It can assign IP addresses an IP default gateway and DNS servers to DHCP clients The ZyAIR also acts as a surrogate DHCP server DHCP Relay where it relays IP address assignment from the actual real DHCP server to the clients Multicast Traditionally IP packets are transmitted in two ways unicast or broadcast Multicast is a third way to deliver IP packets to a group of hosts IGMP Internet Group Management Protocol is the protocol used to support multicast groups The latest version is version 2 see RFC 2236 The ZyAIR supports versions 1 and 2 Network Management Menu driven SMT System Management Terminal management Embedded Web Configurator CLI Command Line Interpreter Remote SMT session via Telnet Remote Management via Telnet FTP or We
89. ardware Installation and Initial Setup 2 13 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Step 2 Fillin the required fields Refer to the table shown next for more information about these fields Table 2 5 General Setup Menu Fields FIELD DESCRIPTION EXAMPLE System Name Choose a descriptive name for identification purposes This name can ZyAIR be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores are accepted Domain Name Enter the domain name if you know it here If you leave this field blank zyxel com t the ISP may assign a domain name via DHCP You can go to menu 24 8 w and type sys domainname to see the current domain name used by your gateway If you want to clear this field just press the SPACE BAR The domain name entered by you is given priority over the ISP assigned domain name Edit Dynamic DNS Press SPACE BAR to select Yes and press ENTER to configure No Menu 1 1 Configure Dynamic DNS discussed next When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel 2 9 3 Procedure to Configure Dynamic DNS If you have a private WAN IP address then you cannot use Dynamic DNS Step 1 To configure Dynamic DNS go to Menu 1 General Setup and select Yes in the Edit Dynamic DNS field Press ENTER to display Menu
90. arting XMODEM upload message before activating Xmodem upload on your terminal 4 After successful firmware upload enter atgo to restart the router Warning Proceeding with the upload will erase the current system firmware Do You Wish To Proceed Y N Figure 10 16 Menu 24 7 1 as seen using the Console Port Step 2 After the Starting Xmodem upload message appears activate the Xmodem protocol on your computer Follow the procedure as shown previously for the HyperTerminal program The procedure for other serial communications programs should be similar 10 4 9 Example Xmodem Firmware Upload Using HyperTerminal Click Transfer then Send File to display the following screen Send File i Type the firmware file s location or lick B to look for it Folder C Product d bcd IL Filename C Product firmware bi Browse T Protocol modem Choose the Xmodem protocol Then click Send Figure 10 17 Example Xmodem Upload After the firmware upload process has completed the ZyAIR will automatically restart 10 14 Firmware and Configuration File Maintenance ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 10 4 10Uploading Configuration File Via Console Port Step 1 Select 2 from Menu 24 7 System Maintenance Upload Firmware to display Menu 24 7 2 System Maintenance Upload System Configuration File Follow the instructions as shown in the next screen Menu 24
91. ary 11111111 11111111 11111111 00000000 The first three octets of the address make up the network number class C You want to have two separate networks Divide the network 192 168 1 0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit The borrowed host ID bit can be either 0 or 1 thus giving two subnets 192 168 1 0 with mask 255 255 255 128 and 192 168 1 128 with mask 255 255 255 128 IP Subnetting W ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch In the following charts shaded bolded last octet bit values indicate host ID bits borrowed to form network ID bits The number of borrowed host ID bits determines the number of subnets you can have The remaining number of host ID bits after borrowing determines the number of hosts you can have on each subnet Chart 5 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask 255 255 255 128 Subnet Mask Binary 11111111 11111111 11111111 10000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Chart 6 Subnet 2 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask 255
92. as the packet traverses a router for example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the location of a host while global local refers to the IP address of a host used in a packet Thus an inside local address ILA is the IP address of an inside host in a packet when the packet is still in the local network while an inside global address IGA is the IP address of the same inside host when the packet is on the WAN side The following table summarizes this information Table 6 1 NAT Definitions ITEM DESCRIPTION Inside This refers to the host on the LAN Outside This refers to the host on the WAN Local This refers to the packet address source or destination as the packet travels on the LAN Global This refers to the packet address source or destination as the packet travels on the WAN NAT never changes the IP address either local or global of an outside host NAT 6 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 6 1 2 What NAT Does In the simplest form NAT changes the source IP address in a packet received from a subscriber the inside local address to another the inside global address before forwarding the packet to the WAN side When the response comes back NAT translates the
93. ation No Figure 4 2 Wireless LAN Setup The following table describes the WEP related fields in this screen For wireless LAN field descriptions refer to section on Wireless LAN Setup Table 4 1 Wireless LAN Setup Field Description FIELD DESCRIPTION EXMAPLE WEP Wired Equivalent Privacy provides data encryption to prevent unauthorized Disable wireless stations from accessing data transmitted over the wireless network WEP Select Disable to allow wireless clients to communicate with the access points without any data encryption Select 64 bit WEP or 128 bit WEP to enable data encryption Default Enter the key number 1 to 4 in this field Only one key cab be enabled at any 1 Key one time If you chose 64 bit WEP in the WEP Encryption field then enter any 5 characters ASCII string or 10 hexadecimal digits 0 9 A F preceded by Ox for each key If you chose 128 bit WEP in the WEP Encryption field then enter 13 characters ASCII string or 26 hexadecimal digits 0 9 A F preceded by Ox for each key Key 1 to Key 4 There are four data encryption keys to secure your data from eavesdropping by unauthorized wireless users The values for the keys must be set up exactly the same on the access points as they are on the wireless client computers When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel
94. b servers Console port management SNMP manageable DHCP Server Client Built in Diagnostic Tools Syslog Telnet Support Password protected telnet access to internal configuration manager TFTP FTP server firmware upgrade and configuration backup support supported Diagnostics Capabilities The ZyAIR can perform self diagnostic tests These tests check the integrity of the following circuitry FLASH memory DRAM LAN port Getting To Know Your ZyAIR 1 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Wireless port Ease of Installation Your ZyAIR is designed for quick intuitive and easy installation Housing Your ZyAIR s all new compact and ventilated housing minimizes space requirements making it easy to position anywhere in your busy office 1 3 Application for the ZyAIR 1 3 4 Broadband Internet Access via Cable or DSL modem A cable modem or DSL modem can be connected to the ZyAIR WAN port and up to four computers can be connected to the ZyAIR LAN ports for super fast broadband Internet access Wireless clients also enjoy the LAN connectivity to the Internet The ZyAIR provides not only the high speed Internet access but also a complete solution to efficiently manage data traffic on your network RH E j Cable DSL modem B Wireless LAN connection Figure 1 1 Internet Access Application 1 4 Getting To Know Your ZyAIR ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter
95. bers do not change for One to One and Many One to One NAT mapping types The following table summarizes these types Table 6 2 NAT Mapping Types TYPE IP MAPPING SMT ABBREVIATION One to One ILA1 amp IGA1 1 1 Many to One SUA PAT ILA1 amp IGA1 M 1 ILA2 gt IGA1 Many to Many Overload ILA1 lt gt 3 IGA1 M M Ov ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 Many One to One ILA1 IGA1 M 1 1 ILA2 IGA2 ILA3 IGA3 Server Server 1 IP IGA1 Server Server 2 IP IGA1 Server 3 IP IGA1 NAT 6 5 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 6 2 Using NAT 6 2 1 SUA Single User Account Versus NAT SUA Single User Account is a ZyNOS implementation of a subset of NAT that supports two types of mapping Many to One and Server See section 6 3 1 for a detailed description of the NAT set for SUA The ZyAIR also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types as outlined in Table 6 2 1 Choose SUA Only if you have just one public WAN IP address for your ZyAIR 2 Choose Full Feature if you have multiple public WAN IP addresses for your ZyAIR 6 2 2 Applying NAT You apply NAT via menus 4 or 11 3 as displayed next The next figure shows you how to apply NAT for Internet access in menu 4 Enter 4 from the main menu to go to Menu 4 Internet Access Setup Menu 4 Intern
96. cation server EAP RFC2284 EAP Extensible Authentication Protocol supports multiple authentication methods to ensure the highest security level available RADIUS RFC2138 2139 RADIUS Remote Authentication Dial In User Service server enables authentication authorization and accounting for your wireless network PPPoE Support RFC2516 PPPoE Point to Point Protocol over Ethernet emulates a dial up connection It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL The PPPoE driver on the ZyAIR is transparent to the computers on the LAN which see only Ethernet and are not aware of PPPoE thus saving you from having to manage PPPoE clients on individual computers PPTP Support Point to Point Tunneling Protocol PPTP is a network protocol that enables secure transfer of data from a remote client to a private server creating a Virtual Private Network VPN using a TCP IP based network PPTP supports on demand multi protocol and virtual private networking over public networks such as the Internet Use PPTP to connect to a broadband modem to achieve access to high speed data networks via a familiar dial up networking user interface NAT for Single IP address Internet Access The ZyAIR s SUA Single User Account feature allows multiple user Internet access for the cost of a single IP account NAT supports popular Internet applications such as MS traceroute CuSeeMe IRC Re
97. ce to its destination If Yes default the rule applies to any packet with an IP source route The majority of IP packets do not have source route Destination IP address IP Add Type the destination IP address of the packet you want to filter This field is ignored if it is 0 0 0 0 IP Mask Type the IP mask to apply to the Destination IP Addr field IP mask Port Type the destination port of the packets you want to filter 0 to 65535 The field range is O to 65535 A 0 field is ignored Port Comp Select the comparison to apply to the destination port in the None packet against the value given in Destination Port Choices are None Less Greater Equal or Not Equal Source IP address IP Add Type the source IP Address of the packet you want to filter r A 0 0 0 0 field is ignored IP Mask Type the IP mask to apply to the Source IP Addr field IP mask Port Type the source port of the packets you want to filter The 0 to 65535 range of this field is 0 to 65535 A 0 field is ignored Port Comp Select the comparison to apply to the source port in the None packet against the value given in Source Port field Choices are None Less Greater Equal or Not Equal TCP Estab This applies only when the IP Protocol field is 6 TCP If No Yes the rule matches packets that want to establish TCP default connection s SYN 1 and ACK 0 else it is ignored More If Yes a matching packet is passed to the next filter rule No before a
98. channel has been connected to the current remote node Ethernet Address Shows the MAC address of the port IP Address Shows the IP address of the network device connected to the port IP Mask Shows the subnet mask of the network device connected to the port DHCP Shows the DHCP setting None Relay or Server of the network device connected to the port System Up Time The time the ZyAIR is up and running from the last reboot 9 2 System Information and Diagnosis ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 9 2 System Information To get to the System Information Step1 Enter 24 to display Menu 24 System Maintenance Step 2 Enter 2 to display Menu 24 2 System Information and Console Port Speed Step 3 From this menu you have two choices as shown in the next figure Menu 24 2 System Information and Console Port Speed 1 System Information 2 Console Port Speed Please enter selection Figure 9 3 Menu 24 2 System Information and Console Port Speed 9 2 1 System Information Enter 1 in menu 24 2 to display the screen shown next Menu 24 2 1 System Maintenance Information Name Routing IP ZyNOS F W Version V3 50 HB 0 b2 07 25 2002 LAN Ethernet Address 00 A0 C5 00 15 37 IP Address 192 168 1 1 IP Mask 255 255 255 0 DHCP Server Press ESC or RETURN to Exit Figure 9 4 Menu 24 2 1 System Maintenance Information Table 9 2 Fields in System Maintenance FIELD DESCR
99. ciency when high traffic flows along in the wireless network WEP As the first line of protection against wireless network intrusion the ZyAIR provides the standard WEP Wired Equivalent Privacy for data encryption However there may be a significant degradation of the data throughput on the wireless link when WEP is enabled See section on Wireless Security Setup for more information about configuring WEP data encryption 3 11 2 Wireless LAN Setup Use menu 3 5 to set up your ZyAIR as the wireless access point To edit menu 3 5 enter 3 from the main menu to display Menu 3 LAN Setup When menu 3 appears press 5 and then press ENTER to display Menu 3 5 Wireless LAN Setup as shown next Menu 3 5 Wireless LAN Setup ESSID Wireless Hide ESSID No Channel ID CHO1 2412MHz RTS Threshold 2432 Frag Threshold 2432 WEP Disable Default Key N A Keyl N A Key2 N A Key3 N A Key4 N A Edit MAC Address Filter No Edit Roaming Configuration Yes Press ENTER to Confirm or ESC to Cancel Figure 3 9 Menu 3 5 Wireless LAN Setup The following table describes the fields in this screen Internet Access 3 15 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 3 6 Wireless LAN Setup Field Description FIELD DESCRIPTION EXMAPLE The ESSID Extended Service Set IDentity identifies the AP the wireless client Wireless ESSID is to associate to Wireless clients associating to the AP must have the
100. ction In NAT mode the ZyAIR is able to pass the PPTP packets to the internal PPTP server for example NT server behind the NAT In the case above as the PPTP connection is initialized by the remote PPTP Client the user must configure the PPTP clients The ZyAIR initializes the PPTP connection hence there is no need to configure the remote PPTP clients PPTP K ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch PPTP Protocol Overview PPTP is very similar to L2TP since L2TP is based on both PPTP and L2F Cisco s Layer 2 Forwarding Conceptually there are three parties in PPTP namely the PNS PPTP Network Server the PAC PPTP Access Concentrator and the PPTP user The PNS is the box that hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel The PAC is the box that dials answers the phone calls and relays the PPP frames to the PNS The PPTP user is not necessarily a PPP client can be a PPP server too Both the PNS and the PAC must have IP connectivity however the PAC must in addition have dial up capability The phone call is between the user and the PAC and the PAC tunnels the PPP frames to the PNS The PPTP user is unaware of the tunnel between the PAC and the PNS PPTP User Phone call PAC PPP frames PNS Diagram 7 PPTP Protocol Overview Microsoft includes PPTP as a part of the Windows OS In Microsoft s implementation the PC and hence the ZyAIR is the PNS that requests the PAC the ANT
101. d The third method is infrared technology using very high frequencies just below visible light in the electromagnetic spectrum to carry data Ad hoc Wireless LAN Configuration The simplest WLAN configuration is an independent Ad hoc WLAN that connects a set of computers with wireless nodes or stations STA which is called a Basic Service Set BSS In the most basic form a Wireless LAN and IEEE 802 11 A ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch wireless LAN connects a set of computers with wireless adapters Any time two or more wireless adapters are within range of each other they can set up an independent network which is commonly referred to as an Ad hoc network or Independent Basic Service Set IBSS See the following diagram of an example of an Ad hoc wireless LAN d Y Nofebook with Desktop with Wireless NIC Wireless NIC i i i a Ad hoc Wireless i i LAN Ke e Aa e ee Been 5 5 5 Ks REESE EA Desktop with Wireless NIC Wireless NIC Diagram 1 Peer to Peer Communication in an Ad hoc Network Infrastructure Wireless LAN Configuration For Infrastructure WLANs multiple access points APs link the WLAN to the wired network and allow users to efficiently share network resources The access points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood Multiple access points can provide wireless co
102. d up connection can be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connection and the cost is of no concern Remote Node Configuration 5 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 11 1 Remote Node Profile Rem Node Name ChangeMe Route IP Active Yes Encapsulation PPTP Edit IP No Service Type Standard Telco Option Service Name N A Allocated Budget min 0 Outgoing Period hr 0 My Login Schedules My Password Nailed Up Connection No Authen CHAP PAP PPTP Session Options My IP Addr Edit Filter Sets No My IP Mask Idle Timeout sec 100 Server IP Addr Connection ID Name Press ENTER to Confirm or ESC to Cancel Figure 5 1 Menu 11 1 Remote Node Profile In Menu 11 1 Remote Node Profile fill in the fields as described in the following table Table 5 1 Remote Node Profile Menu Fields FIELD DESCRIPTION EXAMPLE Rem Node Name Type a unique descriptive name of up to eight characters for this ChangeMe node Active Press SPACE BAR and then ENTER to select No to deactivate Yes this node Inactive nodes are displayed with a minus sign in default SMT menu 11 Encapsulation Press SPACE BAR to select from Ethernet PPPoE or PPTP and Ethernet press ENTER Service Type Press SPACE BAR and then ENTER to select the service
103. destination address the inside global address back to the inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outside host is never changed The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP In addition you can designate servers for example a web server and a telnet server on your local network and make them accessible to the outside world Although you can make designated servers on the LAN accessible to the outside world it is strongly recommended that you attach those servers to the DMZ port instead If you do not define any servers for Many to One and Many to Many Overload mapping see Table 6 2 NAT offers the additional benefit of firewall protection With no servers defined your ZyAIR filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 6 1 3 How NAT Works Each packet has two addresses a source address and a destination address For outgoing packets the ILA Inside Local Address is the source address on the LAN and the IGA Inside Global Address is the source address on the WAN For incoming packets the ILA is the destination address on the LAN and the IGA is the destination address on the WAN NAT maps private local IP addresses to globally unique ones req
104. ds in Menu 24 1 System Maintenance Status Entering resets the counters pressing ESC takes you back to the previous screen System Information and Diagnosis 9 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Port WAN LAN WLAN Port WAN LAN WLAN Menu 24 1 System Maintenance Status 04 27 14 Sat Jan 01 2000 Status TxPkts RxPkts Cols Tx B s Rx B s Up Time 100M Full 2138 0 0 0 0 4 27 12 100M Full 1205 1762 0 0 0 4 27 12 11M 656 354 0 0 0 4 27 12 Ethernet Address IP Address IP Mask DHCP 00 A0 C5 00 15 38 0 0 0 0 0 0 0 0 Client 00 A0 C5 00 15 37 192 168 1 1 255 255 255 0 Server 00 A0 C5 00 15 37 System up Time 4 27 18 Press Command COMMANDS 1 Drop WAN 9 Reset Counters ESC Exit Figure 9 2 Menu 24 1 System Maintenance Status The following table describes the fields present in Menu 24 1 System Maintenance Status which are read only and meant for diagnostic purposes Table 9 1 System Maintenance Status Menu Fields FIELD DESCRIPTION Port This is the port type Port types are LAN WAN and WLAN Status Shows the status of the port TxPkts The number of transmitted packets to this remote node RxPkts The number of received packets from this remote node Cols The number of collisions on this connection Tx B s Shows the transmission rate in bytes per second Rx B s Shows the receiving rate in bytes per second Up Time Time this
105. e Default Key N A Keyl N A Key2 N A Key3 N A Key4 N A Edit MAC Address Filter No Edit Roaming Configuration No Press ENTER to Confirm or ESC to Cancel Figure 4 9 Menu 3 5 Wireless LAN Setup Step 3 In the Edit MAC Address Filtering field press SPACE BAR to select Yes and press ENTER Menu 3 5 1 WLAN MAC Address Filter displays as shown next Menu 3 5 1 WLAN MAC Address Filter Active No Filter Action Allowed Association MAC Address Filter Address Address Address Address Address Address Address Address Address Address Address Address 00 Enter here to CONFIRM ESC to CANCEL Figure 4 10 Menu 3 5 1 WLAN MAC Address Filter The following table describes the fields in this menu Wireless LAN Security Setup 4 9 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 4 5 MAC Address Filter Field Description FIELD DESCRIPTION Active To enable MAC address filtering press SPACE BAR to select Yes and press ENTER Define the filter action for the list of MAC addresses in the MAC address filter table To deny access to the ZyAIR press SPACE BAR to select Deny Association and press Filter Action ENTER MAC addresses not listed will be allowed to access the router The default action Allowed Association permits association with the ZyAIR MAC addresses not listed will be denied access to the router MAC Address Filter Address 1 12 Enter
106. e Configuration via Xmodem Do you want to continue y n Figure 10 9 System Maintenance Restore Configuration Step 2 The following screen indicates that the Xmodem download has started Starting XMODEM download CRC mode GECECCECE Figure 10 10 System Maintenance Starting Xmodem Download Screen Step 3 Run the HyperTerminal program by clicking Transfer then Send File as shown in the following screen Firmware and Configuration File Maintenance 10 9 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Send File Type the configuration file s location or click Browse to search Folder C Product for it Filename C Product contig rom Protocol modem E Figure 10 11 Restore Configuration Example Choose the Xmodem protocol Then click Send Step 4 Aftera successful restoration you will see the following screen Press any key to restart the ZyAIR and retum to the SMT menu Save to ROM Hit any key to start system reboot Figure 10 12 Successful Restoration Confirmation Screen 10 4 Uploading Firmware and Configuration Files This section shows you how to upload firmware and configuration files You can upload configuration files by following the procedure in the previous Restore Configuration section or by following the instructions in Menu 24 7 2 System Maintenance Upload System Configuration File for console port WARNING DO NOT INTERUPT THE FILE TRAN
107. e EU RR HEUS RR SEN 7 6 7 3 2 Generic buten d t eh eR a eric aad 7 11 EN Filter Types and NAT 3e Re e e OR ea IEEE aaa UE ged eee 7 12 75 Example Filter eege ete st atu tu en eu uela desees 7 13 7 6 Applying Filters and Factory Defaults essere 7 15 viii Table of Contents ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 7 6 1 Ethernet rath EE 7 16 7 6 2 Remote Node Filters aereo nth heo eina ete ranch eo eee 7 16 Chapter 8 SNMP Configuration eere eee essen ee eese en eene tn natns tn setas tosta seta setas esses sensns ense suse tuse tn 8 1 SE haet NM S ee nre ere en esee eent UR OG 8 1 82 Suppotted MIBS 4 3 aeos iere edt editi em E 8 2 8 3 SNMP Configuration c ot eee te c eut ab Pu e RO E 8 2 As SNMP Trape A ee feds ee Eege cr e OPER IGI DU QURE 8 3 Chapter 9 System Information and Diagnosis eee esee eee eee eene eene en setenta stent stesse seen netu seen seta 9 1 VR E ENEE 9 1 H System nformation 4 oeste oe O ere 9 3 9 2 1 System InfoMine 9 3 9 2 2 Console Port Speed eee eee et ite tede e dat 9 4 9 3 Log and Trace esee eee eR Re ete e ei ei te t e t 9 4 9 3 1 Viewing Error EE 9 5 9 3 2 UNIX EE 9 5 9 3 3 Call Triggering Packet ici tia 9 7 94 Di gnOstiox iuis eet dee eee RR RR ELE HR E e ERO det 9 7 Chapter 10 Firmware and Configuration File Maintenance eese esee ee ee eene tne tn natn aetas tns 10 1 IO l Filename Convent
108. e Select Rule field Press ENTER to confirm Step 5 Select Type as One to One direct mapping for packets going both ways and enter the local Start IP as 192 168 1 10 the IP address of FTP Server 1 the global Start IP as 10 132 50 1 our first IGA The following figure shows how to configure the first rule Menu 15 1 1 1 Address Mapping Rule Type One to One Local IP Start 192 168 1 10 End N A Global IP Start 10 132 50 1 End N A Press ENTER to Confirm or ESC to Cancel Figure 6 18 Example 3 Menu 15 1 1 1 NAT 6 19 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Step 6 Repeat the previous step for rules 2 to 4 as outlined above Step 7 When finished menu 15 1 1 should look like as shown next Menu 15 1 1 Address Mapping Rules Set Name Eample3 Idx Local Start IP Local End IP Global Start IP Global End IP m 192 168 1 10 192 168 1 11 0 0 0 0 255 2554 255 255 O 0 0 AO Us GA m Action None Select Rule N A Press ENTER to Confirm or ESC to Cancel Figure 6 19 Example 3 Final Menu 15 1 1 Now configure the IGA3 to map to our web server and mail server on the LAN Step 1 Enter 15 from the main menu Step 2 Enter 2 in to display Menu 15 2 NAT Server Sets and configure it as shown Menu 15 2 NAT Server Setup Default Default 80 80 25 25 0 0 OoooooooNNoOo 20 5 05 0 027 RR Reserved 0 0 0 0 0 0 0 T 0 0 0 0 0 0 0 1 027 Press ENTER
109. eck the LAN LEDs on the front panel One of these LEDs should be on If they are all off check the cables between your ZyAIR and the Ethernet device 14 4 Problem with the WAN Interface Table 14 4 Troubleshooting the WAN Interface PROBLEM CORRECTIVE ACTION cannot get a WAN IP address from the ISP The WAN IP address is provided when the ISP recognizes the user as an authorized user after verifying the MAC address Host Name or User ID Find out the verification method used by your ISP If the ISP checks the LAN MAC address inform the ISP of the ZyAIR s WAN MAC address To view the WAN MAC address in SMT menu 24 1 In case the ISP does not allow you to use a new MAC you can clone the MAC from the LAN as the WAN MAC and send it to the ISP using SMT menu 2 It is recommended that you configure this menu even if your ISP presently does not require MAC address authentication If the ISP checks the Host Name enter host name in the System Name field in the SMT menu 1 when you connect the ZyAIR to a cable xDSL modem If the ISP checks the User ID make sure that you have entered the correct Service Type user name in the My Login field and password in the My Password field in SMT menu 4 14 2 Troubleshooting ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 14 5 Problem with Internet Access Table 14 5 Troubleshooting the Internet Access PROBLEM CORRECTIVE ACTION ca
110. eck the settings in menu 15 1 1 as shown next Menu 15 1 1 Address Mapping Rules Set Name Example4 Idx Local Start IP Local End IP Global Start IP Global End IP 192 168 1 10 192 168 1 12 LOS 2 5 04 1 1 2 3 4 55 6 7 8 9 0 LO Action Edit Select Rule Press ENTER to Confirm or ESC to Cancel Figure 6 22 Example 4 Menu 15 1 1 6 22 NAT Advanced Management Part III ADVANCED MANAGEMENT This part discusses Filtering SNMP System Information and Diagnosis Firmware and Configuration File Maintenance System Maintenance and Information IP Policy Routing Call Scheduling and Remote Management ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 7 Filter Configuration This chapter shows you how to create and apply filters 7 1 About Filtering Your ZyAIR uses filters to decide whether or not to allow passage of a data packet and or to make a call There are two types of filter applications data filtering and call filtering Filters are subdivided into device and protocol filters which are discussed later Data filtering screens data to determine if the packet should be allowed to pass Data filters are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the Ethernet side Call filtering is used to determine if a packet should be allowed to trigger a call Out
111. eege 1 4 1 3 1 Broadband Internet Access via Cable or DSL modem sse 1 4 Chapter 2 Hardware Installation and Initial Setup 4 eee ee eee eee eese entente setenta cono conconoconocono 2 1 2 1 Front Panel LEDs of the ZyAIR ooooconnccnocnconnoonconnconnconoconconncon nono nono enne en rr en nennen enne 2 1 2 2 Side Panel and Connections of the ZyAIR sesssssssesssseeeeeeeneneee eene 2 3 2 2 1 WAN Bet eegene e deest eere ter e mee ter SEP te ded 2 3 2 22 Four LAN 10 100M Portz 2 3 2 2 3 Console POort us n oet ed i o Cx eter eed 2 4 2 2 4 Restore Factory Defaults Reset Button 2 4 2 2 5 POWet PORt esi oor eto e t p Rorate e EP Re i e e 2 4 2 2 6 EG Erame Ground t at eR aut oett es 2 4 2 2 7 Antennas oe Seren teq uii eg ro e ete EHE CRT Di eoe e e eg 2 4 2 3 Hardware Mounting Options esiste dni eerte Haee rere des 2 5 2 4 Additional Installation Requirements oooonnnnicnnonnnonnconcnnncnnnonnnonnnonncon nono nonn ron nrnnnnnnn rn nennen enn 2 5 2 5 ZyAIR Configura adas 2 6 2 5 1 Connect to Your ZyAIR Using the Web Configurator sse 2 6 2 52 Connect to your ZyAIR Using Telnert ener 2 6 2 5 3 Connect to Your ZyAIR Using the Console Pont 2 6 2 5 4 Initial Screen ecc eg eon e Re n ie ce pea hb E Rete 2 7 2 5 5 Entering Password eee Hee ede c e cte Reda 2 7 2 0 Resetting the ZyAIR iecit piceee ti tecti ec RR Heec Re E ERES 2 8 2 6 1 Methods of Restori
112. efore or Delete in the previous field the 1 Rule cursor jumps to this field to allow you to select the rule to apply the action in question 6 10 NAT ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch You must press ENTER at the bottom of the screen to save the whole set You must do this again if you make any changes to the set including deleting a rule No changes to the set take place until this action is taken An End IP address must be numerically greater than its corresponding IP Start address If the Set Name field is left blank the entire set will be deleted 6 3 2 Configuring Individual Rule In Menu 15 1 1 Address Mapping Rules select Edit in the Action field and then selecting a rule brings up the following menu Menu 15 1 1 1 Address Mapping Rule in which you can edit an individual rule and configure the Type Local and Global Start End IPs Menu 15 1 1 1 Address Mapping Rule Type One to One Local IP Start End N A Global IP Start End N A Press ENTER to Confirm or ESC to Cancel Figure 6 9 Menu 15 1 1 1 Editing Configuring an Individual Rule in a Set Table 6 6 Menu 15 1 1 1 Editing Configuring an Individual Rule in a Set FIELD DESCRIPTION EXAMPLE Type Press SPACE BAR and then ENTER to select from a total of five types One to One These are the mapping types discussed in Table 6 2 Server allows you to specify multiple servers of different types behind NAT to
113. elds in DHCP Setup otherwise leave them blank Some ISP s choose to pass the DNS servers using the DNS server extensions of PPP IPCP IP Control Protocol after the connection is up If your ISP did not give you explicit DNS servers chances are the DNS servers are conveyed through IPCP negotiation The ZyAIR supports the IPCP DNS server extensions through the DNS proxy feature If the Primary and Secondary DNS Server fields in DHCP Setup are not specified for instance left as 0 0 0 0 the ZyAIR tells the DHCP clients that it itself is the DNS server When a computer sends a DNS query to the ZyAIR the ZyAIR forwards the query to the real DNS server learned through IPCP and relays the response back to the computer Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances If your ISP gives you explicit DNS servers make sure that you enter their IP addresses in the DHCP Setup menu This way the ZyAIR can pass the DNS servers to the computers and the computers can query the DNS server directly without the ZyAIR s intervention 3 4 Internet Access ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 3 4 IP Multicast Traditionally IP packets are transmitted in one of either two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast is a third way to deliver I
114. elf all 1 s is the broadcast address on the subnet Chart 7 Subnet 1 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highest Host ID 192 168 1 62 Chart 8 Subnet 2 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host ID 192 168 1 65 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Chart 9 Subnet 3 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 IP Subnetting ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chart 10 Subnet 4 NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 192 IP Address Binary 11000000 10101000 00000001 11000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address
115. enter the IP address in the IP Address field below to clone the MAC address of the computer on the Ethernet IP Address Enter the IP address of the computer whose MAC address you are N A cloning This field is available if you select IP address attached on LAN in the Assigned By field 2 11 LAN Setup This section describes how to configure the Ethernet using Menu 3 LAN Setup From the main menu enter 3 to display menu 3 2 16 Hardware Installation and Initial Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 3 LAN Setup 1 LAN Port Filter Setup 2 TCP IP and DHCP Setup 5 Wireless LAN Setup Enter Menu Selection Number Figure 2 11 Menu 3 LAN Setup Detailed explanation about the LAN Setup screens is given in the next chapter 2 11 1 General Ethernet Port Filter Setup This menu allows you to specify filter set s that you wish to apply to the Ethernet traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Menu 3 1 LAN Port Filter Setup Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Press ENTER to Confirm or ESC to Cancel Figure 2 12 Menu 3 1 General Ethernet Setup If you need to define filters please read the Filter Set Configuration chapter first then return to this menu
116. enter the password the SMT displays the main menu as shown next 2 10 Hardware Installation and Initial Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Copyright Getting Started 1 General Setup 2 WAN Setup 3 LAN Setup 4 Internet Access Setup 24 System Maintenance Advanced Applications 11 Remote Node Setup 12 Static Routing Setup 14 Dial in User Setup 15 NAT Setup Enter Menu Selection Number c 1994 2002 ZyXEL Communications Corp ZyAIR B 2000 Main Menu Advanced Management 21 Filter Set Configuration 22 SNMP Configuration 23 System Password 26 Schedule Setup 99 Exit Figure 2 6 SMT Main Menu The SMT menu continually improves and changes with new firmware upgrades Check the release notes at www zyxel com to find the most recent upgrades and information 2 7 1 System Management Terminal Interface Summary Table 2 4 Main Menu Summary MENU TITLE DESCRIPTION 1 General Setup Use this menu to set up your general information 2 WAN Use this menu to set up your WAN connection 3 LAN Setup Use this menu to set up your LAN and WLAN connection 4 Internet Access Setup A quick and easy way to set up an Internet connection 11 Remote Node Setup Use this menu to set up the Remote Node for LAN to LAN connection including Internet connection 12 Static Routing Setup Use this menu to set up static routes 14 Dial in User
117. es a Get operation followed by a series of GetNext operations e Set Allows the manager to set values for object variables within an agent e Trap Used by the agent to inform the manager of some events 8 2 Supported MIBs The ZyAIR supports RFC 1215 and MIB II as defined in RFC 1213 The focus of the MIBs is to let administrators collect statistic data and monitor status and performance 8 3 SNMP Configuration To configure SNMP select option 22 from the main menu to open Menu 22 SNMP Configuration as shown next The community for Get Set and Trap fields is SNMP terminology for password 8 2 SNMP Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 22 SNMP Configuration SNMP Get Community public Set Community public Trusted Host 0 0 0 0 Trap Community public Destination 0 0 0 0 Press ENTER to Confirm or ESC to Cancel Figure 8 2 Menu 22 SNMP Configuration The following table describes the SNMP configuration parameters Table 8 1 SNMP Configuration Menu Fields FIELD DESCRIPTION EXAMPLE SNMP Get Community Type the Get Community which is the password for the incoming public Get and GetNext requests from the management station Set Community Type the Set community which is the password for incoming Set public requests from the management station Trusted Host If you enter a trusted host your ZyAIR will only respond to SNMP 0 0 0 0 mess
118. estos materials and classrooms 2 Doctors and nurses can access a complete patient s profile on a handheld or notebook computer upon entering a patient s room 3 It allows flexible workgroups a lower total cost of ownership for networks that are frequently reconfigured 4 Conference room users can access the network as they move from meeting to meeting accessing up to date information that facilitates the ability to communicate decisions on the fly 5 It provides campus wide networking coverage allowing enterprises the roaming capability to set up easy to use wireless networks that transparently covers an entire campus IEEE 802 11 The 1997 completion of the IEEE 802 11 standard for wireless LANs WLANs was a first important step in the evolutionary development of wireless networking technologies The standard was developed to maximize interoperability between differing brands of wireless LANs and to introduce a variety of performance improvements and benefits On September 16 1999 the 802 11b provided much higher data rates of up to 11Mbps while maintaining the 802 11 protocol The IEEE 802 11 specifies three different transmission methods for the PHY the layer responsible for transferring data between nodes Two of the methods use spread spectrum RF signals Direct Sequence Spread Spectrum DSSS and Frequency Hopping Spread Spectrum FHSS in the 2 4 to 2 4825 GHz unlicensed ISM Industrial Scientific and Medical ban
119. et Access Setup ISP s Name ChangeMe Encapsulation Ethernet Service Type Standard My Login N A My Password N A Login Server N A IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Address N A Network Address Translation Full Feature Press ENTER to Confirm or ESC to Cancel Figure 6 3 Menu 4 Applying NAT for Internet Access The following figure shows how you apply NAT to the remote node in menu 11 1 Step 1 Enter 11 from the main menu Step 2 Move the cursor to the Edit IP field press SPACE BAR to select Yes and press ENTER to bring up Menu 11 3 Remote Node Network Layer Options 6 6 NAT ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 11 3 Remote Node Network Layer Options IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Addr N A Network Address Translation Full Feature Metric 1 Private N A RIP Direction None Version N A Multicast None Enter here to CONFIRM or ESC to CANCEL Figure 6 4 Menu 11 3 Applying NAT to the Remote Node The following table describes the options for Network Address Translation Table 6 3 Applying NAT in Menus 4 amp 11 3 FIELD DESCRIPTION EXAMPLE Network Press SPACE BAR and then ENTER to select Full Feature if you Full Feature Address have multiple public WAN IP addresses for your ZyAIR Mapping Select None to disable NAT When you select SUA Only the SMT u
120. ets protocol filters device filters Output Filter Sets protocol filters 1 device filters Call Filter Sets protocol filters device filters Enter here to CONFIRM or ESC to CANCEL Figure 5 4 Menu 11 5 Remote Node Filter PPTP or PPPoE Encapsulation 5 2 1 IP Static Route Setup Static routes tell the ZyAIR routing information that it cannot learn automatically through other means This can arise in cases where RIP is disabled on the LAN or a remote network is beyond the one that is directly connected to a remote node Each remote node specifies only the network to which the gateway is directly connected and the ZyAIR has no knowledge of the networks beyond For instance the ZyAIR knows about network N2 in the following figure through remote node Router 1 However the ZyAIR is unable to route a packet to network N3 because it does not know that there is a route through remote node Router 1 via Router 2 The static routes allow you to tell the ZyAIR about the networks beyond the remote nodes Remote Node Configuration 5 7 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch N2 N3 Figure 5 5 Sample Static Routing Topology Configuration Step 1 Toconfigure an IP static route use Menu 12 Static Route Setup as shwon next Menu 12 IP Static Route Setup co AU bs QN IS Enter selection number Figure 5 6 Menu 12 1 IP Static Route Setup Step 2 Now type the route number of a
121. ets 1 2 3 and 4 in are applied in the remote node then set 1 will take precedence over set 2 3 and 4 as the ZyAIR by default applies the lowest numbered set first Set 2 will take precedence over set 3 and 4 and so on You can design up to 12 schedule sets but you can only apply up to four schedule sets for a remote node Call Scheduling 12 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch To delete a schedule set enter the set number and press SPACE BAR and then ENTER or delete in the Edit Name field To setup a schedule set select the schedule set you want to setup from menu 26 1 12 and press ENTER to see Menu 26 1 Schedule Set Setup as shown next Menu 26 1 Schedule Set Setup Active Yes Start Date yyyy mm dd 2000 01 01 How Often Once Once Date yyyy mm dd 2000 01 01 Weekdays Sunday N A Monday N A Tuesday N A Wednesday N A Thursday N A Friday N A Saturday N A Start Time hh mm 00 00 Duration hh mm 00 00 Action Forced On Press ENTER to Confirm or ESC to Cancel If a connection has been already established your ZyAIR will not drop it Once the connection is dropped Figure 12 2 Schedule Set Setup manually or it times out then that remote node can t be triggered up until the end of the Duration Table 12 1 Schedule Set Setup Fields FIELD DESCRIPTION EXAMPLE Active Press SPACE BAR to No and press ENTER to d
122. ets Table eee deer ide po od e e epe ae eer es dead iene 7 15 Table 8 1 SNMP Configuration Menu Felds essere enne nnns 8 3 Table 8 2 SNMP Traps 5 5 rore Ee ette tdt diete hu tee utes lost loud ius 8 4 Table 8 3 Ports and Permanent Virtual Circuits ooocoonnoninononnnonnnoncnoncnnnonononn nono nonnono non nn corn rn nr nr enne 8 4 Table 9 1 System Maintenance Status Menu Fields 9 2 Table 9 2 Fields in System Maintenance sse ennt enne nennen enne nennen 9 3 Lists of Tables and Diagrams XV ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 9 3 System Maintenance Menu Syslog Parameters ccccccceesceescesecesecesecseecaeeeseeseecaeesaeeeaeeneeesneees 9 6 Table 9 4 System Maintenance Menu Diagnostic ssssssssssseseeseeeeenenenenerenr enne 9 7 Table 10 1 Filename Conventions ooooonoccnocononcnonconnconocononnono nono nronnron nr nono nn ro nn rn nr nan ron n ran r ron n nan n nn nr nn nr an nnn rra nrnnss 10 2 Table 10 2 General Commands for GUI based FTP Clients sess 10 4 Table 10 3 General Commands for GUI based TFTP Clients 10 6 Table 11 1 Time and Date Setting Helde 11 2 Table 12 1 Schedule Set Setup Helde 12 2 Table 13 1 Menu 24 11 Remote Management Control 13 2 Table 14 1 Troubleshooting the Start Up of Your ZyAIR essere 14 1 Table 14 2 Troubleshooting the Password sess 14 1 Table 14 3 Troubleshooting the Ethernet Interface 14 2 Table 14 4 Tr
123. f the ISP does not assign you one Encapsulation Ethernet PPPoE or PPTP My Login Enter the login name assigned by your ISP for PPP PPPoE only My Password Enter the password associated with your ISP assigned My Login for PPP PPPoE only Idle Timeout Enter the time lapse in seconds before you PPPoE or PPP automatically disconnect from the PPPoE or PPP server IP Address Enter if your IP address is not dynamically assigned Network Address Full Feature SUA Only or None Translation DNS Server Primary DNS server Address Secondary DNS server Assignment Enter when using RFC 1483 Encapsulation or a static IP address Internet Access 3 11 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 3 10 Internet Access Setup From the main menu type 4 to display Menu 4 Internet Access Setup as shown next Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation Ethernet Service Type Standard My Login N A My Password N A Login Server N A IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Address N A Network Address Translation SUA Only Press ENTER to Confirm or ESC to Cancel Figure 3 7 Internet Access Setup The following table contains instructions on how to configure your ZyAIR for Internet access Table 3 5 Internet Access Setup Menu Fields FIELD DESCRIPTION EXAMPLE ISP s Name Enter the name of your Internet Ser
124. fer is complete Firmware and Configuration File Maintenance 10 7 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch WARNING DO NOT INTERUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR ZYAIR WHEN THE RESTORE CONFIGURATION PROCESS IS COMPLETE THE ZYAIR WILL AUTOMATICALLY RESTART 10 3 1 Restore Using FTP For details about backup using T FTP please refer to earlier sections on FTP and TFTP file upload in this chapter Menu 24 6 System Maintenance Restore Configuration To transfer the firmware and configuration file to your workstation follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router Then type root and SMT password as requested 3 Type put backupfilename rom 0 where backupfilename is the name of your backup configuration file on your workstation and rom 0 is the remote file name on the router This restores the configuration to your router 4 The system reboots automatically after a successful file transfer For details on FTP commands please consult the documentation of your FTP client program For details on backup using TFTP note that you must remain in this menu to back up using TFTP please see your router manual Press ENTER to Exit Figure 10 7 Telnet into Menu 24 6 Step 1 Launch the FTP client on your computer Step 2 Enter open followed by a space and the IP address of
125. field Forced Down means that the connection is blocked whether or not there is a demand call on the line Enable Dial On Demand means that this schedule permits a demand call on the line Disable Dial On Demand means that this schedule prevents a demand call on the line When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel Once your schedule sets are configured you must then apply them to the desired remote node s Enter 11 from the Main Menu and then enter the target remote node index Using SPACE BAR select PPPoE or PPTP in the Encapsulation field and then press ENTER to make the schedule sets field available as shown next Call Scheduling 12 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 11 1 Remote Node Rem Node Name ChangeMe Active Yes Encapsulation PPTP Service Type Standard Service Name N A Outgoing My Login My Password Authen CHAP PAP PPTPS My IP Addr My IP Mask Server IP Addr Connection ID Name Profile Route IP Edit IP No Telco Option Allocated Budget min 0 Period hr 0 Schedules 1 2 3 4 Nailed Up Connection No Session Options Edit Filter Sets No Idle Timeout sec 100 Press ENTER to Confirm or ESC to Cancel Apply your schedule sets here Figure 12 3 Applying Schedule Set s to a Remote Node PP
126. figure IP Alias on your ZyAIR 3 6 1 IP Alias Setup Use menu 3 2 to configure the first network Move the cursor to Edit IP Alias field and press SPACE BAR to choose Yes and press ENTER to configure the second and third network Menu 3 2 TCP IP and DHCP Setup DHCP Setup DHCP Server Client IP Pool Starting Addres 192 168 1 33 Size of Client IP Pool Primary DNS Server 0 0 Secondary DNS Server 0 Remote DHCP Server N A TCP IP Setup IP Address 192 168 1 1 IP Subnet Mask 255 255 255 0 RIP Direction None Version N A Multicast None IP Policies Edit IP Alias Yes oon 0 0 0 Press ENTER to confirm or ESC to Cancel Figure 3 5 Menu 3 2 TCP IP and DHCP Setup Press ENTER to display Menu 3 2 1 IP Alias Setup as shown next 3 8 Internet Access ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 3 2 1 IP Alias Setup IP Alias 1 No P Address N A P Subnet Mask N A RIP Direction N A Version N A ncoming protocol filters N A Outgoing protocol filters N A IP Alias 2 No P Address N A P Subnet Mask N A RIP Direction N A Version N A ncoming protocol filters N A Outgoing protocol filters N A Enter here to CONFIRM or ESC to CANCEL Figure 3 6 Menu 3 2 1 IP Alias Setup Follow the instructions in the table below to configure IP Alias parameters Table 3 3 IP Alias Setup Menu Fields FIELD DESCRIPTION EXAMPLE IP Alias Choose Yes
127. filters for traffic leaving the ZyAIR You may apply filter rules for protocol or device filters See earlier in this section for information on types of filters Call Filter Sets Apply filters to decide if a packet should be allowed to trigger a call Filter Configuration 7 15 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 7 6 1 Ethernet Traffic You seldom need to filter Ethernet traffic however the filter sets may be useful to block certain packets reduce traffic and prevent security breaches Go to menu 3 1 shown next and type the number s of the filter set s that you want to apply as appropriate You can choose up to four filter sets from twelve by typing their numbers separated by commas for example 3 4 6 11 The factory default filter set NetBIOS LAN is inserted in the protocol filters field under Input Filter Sets in menu 3 1 in order to prevent local NetBIOS messages from triggering calls to the DNS server Menu 3 1 LAN Port Filter Setup Apply filter 2 to Input Filter Sets E block NETBIOS protocol filters 2 traffic from the device filters LAN Output Filter Sets protocol filters device filters Press ENTER to Confirm or ESC to Cancel Figure 7 14 Filtering Ethernet Traffic 7 6 2 Remote Node Filters Go to menu 11 5 shown next and type the number s of the filter set s as appropriate You can cascade up to four filter sets by typing their numbers
128. find a protocol that works The main differences between them are the format Daytime RFC 867 format is day month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 None The default enter the time manually 11 2 System Maintenance and Information ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 11 1 Time and Date Setting Fields FIELD DESCRIPTION Time Server Enter the IP address or domain name of your time server Check with your Address ISP network administrator if you are unsure of this information Current Time This field displays an updated time only when you reenter this menu New Time Enter the new time in hour minute and second format Current Date This field displays an updated date only when you re enter this menu New Date Enter the new date in year month and day format Time Zone Press SPACE BAR and then ENTER to set the time difference between your time zone and Greenwich Mean Time GMT Daylight Saving If you use daylight savings time then choose Yes Start Date If using daylight savings time enter the month and day that it starts on End Date If using daylight savings time enter the month and day that it ends on Once you have filled in this menu press ENTER at the message Press ENTER to Confirm or ESC to Cancel to save your
129. firm or ESC to Cancel Figure 9 5 Menu 24 2 2 System Maintenance Change Console Port Speed After you changed the console port speed on your ZyAIR you must also make the same change to the console port speed parameter of your communication software 9 3 Log and Trace There are two logging facilities in the ZyAIR The first is the error logs and trace records that are stored locally The second is the UNIX syslog facility for message logging 9 4 System Information and Diagnosis ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 9 3 1 Viewing Error Log The first place you should look for clues when something goes wrong is the error log Follow the procedures to view the local error trace log Step 1 Type 24 in the main menu to display Menu 24 System Maintenance Step 2 From menu 24 type 3 to display Menu 24 3 System Maintenance Log and Trace Menu 24 3 System Maintenance Log and Trace 1 View Error Log 2 UNIX Syslog and Accounting 4 Call Triggering Packet Figure 9 6 Menu 24 3 System Maintenance Log and Trace Step 3 Enter 1 from Menu 24 3 System Maintenance Log and Trace and press ENTER twice to display the error log in the system After the ZyAIR finishes displaying the error log you will have the option to clear it Samples of typical error and information messages are presented in the next figure 45 Sat Jan 00 00 00 2000 PP0e FO
130. g Process 7 1 Figure 7 2 Filter Rule Process E eee e REN enn Bk een tede 7 2 Figure 7 3 Menu 21 Filter Set Configuration NENNEN 7 3 Figure 7 4 NetBIOS WAN Filter Rules Summars essere ener nnne nnns 7 4 Figure 7 5 NetBIOS LAN Filter Rules Summary 7 4 Figure 7 6 TEL _FTP_WEB WAN Filter Rules Summarg eese nennen nennen 7 4 Figure 7 7 Menu 21 1 1 TCP IP Filter Rule 7 7 Fig re 7 8 Executinp an IP Filter as uge onn eerte e iine e teste hee 7 10 Figure 7 9 Menu 21 4 1 Generic Filter Rule 7 1 Figure 7 10 Protocol and Device Filter Beie 7 13 Figure 7 11 Sample Tel et Filtee ie Ib kee 7 13 Figure 7 12 Sample Filter Menu 21 3 1 eene nennen nennen ener nnns 7 14 Figure 7 13 Sample Filter Rules Summary Menu 21 1 esee eene nre 7 15 Figure 7 14 Filtering Ethernet Traffic 7 16 Figure 7 15 Filtering Remote Node Traffic 7 16 Figure 8 1 SNMP Management Model 8 1 xii List of Figures ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Figure 8 2 Menu 22 SNMP Confira egeket a aa aa a aaaeei 8 3 Figure 9 1 Menu 24 System Maintenance apee emr a a aa a oneni 9 1 Figure 9 2 Menu 24 1 System Maintenance Stats 9 2 Figure 9 3 Menu 24 2 System Information and Console Port Speed sse 9 3 Figure 9 4 Menu 24 2 1 System Maintenance Information eese eene 9 3 Figure 9 5 Menu 24 2 2 System Maintenance Change Console Port Speed 9 4 Figure 9 6 Menu 24
131. going packets must undergo data filtering before they encounter call filtering Call filters are divided into two groups the built in call filters and user defined call filters Your ZyAIR has built in call filters that prevent administrative for example RIP packets from triggering calls These filters are always enabled and not accessible to you Your ZyAIR applies the built in filters first and then the user defined call filters if applicable as shown next Send packet Call Filtering No s l etch ive Data ne h Built in User defined Outgoing b Data matc b default Call Filters Initiate call Packet Filtering Call Filters if applicable if line not up and reset Match Match Match Selm Drop Drop packet Drop packet packet if line not up if line not up Or Or Send packet Send packet but do not reset but do not reset Idle Timer Idle Timer Figure 7 1 Outgoing Packet Filtering Process Filter Configuration 7 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Two sets of factory filter rules have been configured in menu 21 to prevent NetBIOS traffic from triggering calls A summary of their filter rules is shown in the figures that follow The following figure illustrates the logic flow when executing a filter rule
132. hanged Menu 15 1 255 is read only 6 8 NAT ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Set Name 2y ES 4 Dis 6 Es 8 CR 0 m Start IP Menu 15 1 1 Address Mapping Rules SUA Local End IP Global Start IP Global End IP Server Figure 6 7 Menu 15 1 255 SUA Address Mapping Rules The following table explains the fields in this screen Table 6 4 SUA Address Mapping Rules FIELD DESCRIPTION EXAMPLE Set Name This is the name of the set you selected in menu 15 1 or enter the SUA name of a new Set you want to create Idx This is the index or rule number 1 Local Start IP Local Start IP is the starting local IP address ILA see Figure 6 1 0 0 0 0 Local End IP is the ending local IP address ILA If the rule is for all Local End IP local IPs then the Start IP is 0 0 0 0 and the End IP is EE 255 255 255 255 Global Start IP This is the starting global IP address IGA If you have a dynamic 0 0 0 0 IP enter 0 0 0 0 as the Global Start IP Global End IP This is the ending global IP address IGA Type These are the mapping types discussed above see Table 6 2 Server Server allows us to specify multiple servers of different types behind NAT to this machine See later for some examples Once you have finished configuring a rule in this menu press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC to
133. he packet that you want to 0 compare The range for this field is from 0 to 255 default Length Type the byte count of the data portion in the packet that you want to 0 compare The range for this field is O to 8 default Mask Type the mask in Hexadecimal to apply to the data portion before comparison Value Type the value in Hexadecimal to compare with the data portion More If Yes a matching packet is passed to the next filter rule before an action No is taken or else the packet is disposed of according to the action fields default If More is Yes then Action Matched and Action Not Matched will be N A Log Select the logging option from the following None No packets will be logged None Action Matched Only matching packets and rules will be logged Action Not Matched Only packets that do not match the rule parameters will be logged Both All packets will be logged Action Select the action for a matching packet Choices are Check Next Rule Check Next Matched Forward or Drop Rule Action Not Select the action for a packet not matching the rule Choices are Check Check Next Matched Next Rule Forward or Drop Rule When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 7 4 Filter Types and NAT There are two classes of filter rules Generic Filter Device rules and Protocol Filter T
134. he wireless clients RADIUS Server Authentication Sequence The following figure depicts a typical wireless network with a remote RADIUS server for user authentication using EAPOL EAP Over LAN Wireless LAN with IEEE 802 1X E ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch M ZyAIR d EE ke Ee H Radius Server Unauthorized State RADIUS Server RADIUS Access Request RADIUS Access Challenge IR RADIUS Access Request RADIUS Access Accept Client computer access authorized Client computer access not authorized Diagram 3 Sequences for EAP MD5 Challenge Authentication F Wireless LAN with IEEE 802 1X ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Appendix C Antenna Selection and Positioning Recommendation The access points in a wireless LAN send a radio frequency RF signal to the antennas which propagate and capture the RF signal Choosing the right antennas and positioning them properly increases the range and coverage area of a wireless LAN Antenna Characteristics e Frequency An antenna in the frequency of 2 4GHz IEEE 802 11b or SGHz IEEE 802 1 1a is needed to communicate efficiently in a wireless LAN e Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna s coverage area e Antenna Gain Antenna gain measured in dB decibel is the increase in co
135. her a crossover or straight through Ethernet cable ZyAIR B 2000 has an embedded IEEE802 11b compliant 11Mpbs Ethernet wireless access point It is suited for wireless connection to the wired network in the home and office environment allowing users to enjoy the convenience of wireless LAN access within the coverage area For security your ZyAIR supports the latest IEEE802 1x standard WEP Wire Equivalent Privacy and MAC address filtering Your ZyAIR is easy to install and configure All functions are configurable via the SMT System Management Terminal embedded web configurator or the console port Advanced users may configure the ZyAIR using CLI Command Line Interface commands Don t forget to register your ZyAIR fast easy online registration at www zyxel com for free future product updates and information About This User s Guide This user s guide covers all aspects of ZyAIR operations and shows you how to get the best out of the multiple advanced features of your ZyAIR using the SMT It is designed to guide you through the correct configuration of your ZyAIR for various applications Related Documentation Supporting Disk More detailed information and examples can be found in our included disk as well as on the zyxel com web site This disk contains information on configuring your ZyAIR for Internet access general and advanced FAQs Application Notes Troubleshooting a reference for CI Commands and bundled soft
136. her station is already using the wireless medium When these two stations send data at the same time they might collide when arriving simultaneously at the AP The collision will most certainly result in a loss of messages for both stations RTS Range Tane CTS Range p AR CR p d Stations do yot hear each other But they fear the AP Figure 3 8 RTS Threshold Thus RTS Threshold mechanism provides a solution to prevent data collisions When you enable RTS Threshold on a possible hidden station this station and its AP will use a Request to Send Clear to Send protocol RTS CTS The station will send an RTS message to the AP informing that it is going to transmit the data Upon receipt the Access Point will respond with a CTS message to all stations within its range to 3 14 Internet Access ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch notify all other stations to defer transmission It will also confirm with the requesting station that the AP has reserved it for the time frame of the requested transmission The RTS function will be activated if the packet size exceeds the value you set It is highly recommended that you set the value ranging from 0 to 2432 Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy Fragmentation Threshold Fragmentation improves the effi
137. ia list For dynamically assigned settings select Using DHCP Server from the Configure list For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Prestige in the Router address box Close the TCP IP Control Panel Click Save if prompted to save changes to your configuration Turn on your Prestige and restart your computer 1f prompted Verifying TCP IP Properties Check your TCP IP properties in the TCP IP Control Panel TCP IP S ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Appendix G IP Subnetting IP Addressing Routers route based on the network number The router that delivers the data packet to the correct destination host uses the host ID IP Classes An IP address is made up of four octets eight bits written in dotted decimal notation for example 192 168 1 1 IP addresses are categorized into different classes The class of an address depends on the value of its first octet gt Class A addresses have a 0 in the left most bit In a class A address the first octet is the network number and the remaining three octets make up the host ID gt Class B addresses have a 1 in the left most bit and a 0 in the next left most bit In a class B address the first two octets make up the network number and the two rema
138. icrosoft from the list of manufacturers Select Client for Microsoft Networks from the list of network clients and then click OK Restart your computer so the changes you made take effect Configuring TCP IP l 5 6 7 In the Network window Configuration tab select your network adapter s TCP IP entry and click Properties Click the IP Address tab f your IP address is dynamic select Obtain an IP address automatically f you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Click the DNS Configuration tab If you do not know your DNS information select Disable DNS If you know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in Click the Gateway tab If you were not given a gateway IP address remove previously installed gateways If you have a gateway IP address type it in the New gateway field and click Add Click OK to save and close the TCP IP Properties window Click OK to close the Network window Insert the Windows CD if prompted Turn on your Prestige and restart your computer when prompted Verifying TCP IP Properties 1 Click Start and then Run 2 Inthe Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default gateway P TCP
139. ile To upload the system configuration file follow the procedure below Launch the FTP client on your workstation Type open and the IP address of your system Then type root and SMT password as requested Type put configurationfilename rom 0 where configurationfilename is the name of your system configuration file on your workstation which will be transferred to the rom 0 file on the system The system reboots automatically after the upload system configuration file process is complete For details on FTP commands please consult the documentation of your FTP client program For details on uploading system firmware using TFTP note that you must remain on this menu to upload system firmware using TFTP please see your manual Press ENTER to Exit Figure 10 14 Telnet Into Menu 24 7 2 System Maintenance To upload the firmware and the configuration file follow these examples Firmware and Configuration File Maintenance 10 11 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 10 4 3 FTP File Upload Command from the DOS Prompt Example Step 1 Launch the FTP client on your computer Step 2 Enter open followed by a space and the IP address of your ZyAIR Step 3 Press ENTER when prompted for a username Step 4 Enter your password as requested the default is 1234 Step 5 Enter bin to set transfer mode to binary Step 6 Use put to transfer files from the computer to the ZyA
140. ining octets make up the host ID gt Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octets make up the network number and the last octet is the host ID gt Class D addresses begin with 1 1 1 0 Class D addresses are used for multicasting There is also a class E address It is reserved for future use Chart 1 Classes of IP Addresses IP ADDRESS OCTET 1 OCTET2 OCTET 3 OCTET 4 Class A 0 Network number Host ID Host ID Host ID Class B 10 Network number Network number Host ID Host ID Class C 110 Network number Network number Network number Host ID Host IDs of all zeros or all ones are not allowed Therefore gt A class C network 8 host bits can have 2 2 or 254 hosts gt A class B address 16 host bits can have 2 2 or 65534 hosts A class A address 24 host bits can have 2 2 hosts approximately 16 million hosts IP Subnetting U ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Since the first octet of a class A IP address must contain a 0 the first octet of a class A address can have a value of 0 to 127 Similarly the first octet of a class B must begin with 10 therefore the first octet of a class B address has a valid range of 128 to 191 The first octet of a class C address begins with 110 and therefore has a range of 192 to 223
141. ion e Access Reject Sent by a RADIUS server rejecting access Wireless LAN Security Setup 4 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch e Access Accept Sent by a RADIUS server allowing access e Access Challenge Sent by a RADIUS server requesting more information in order to allow access The access point sends a proper response from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting e Accounting Request Sent by the access point requesting accounting e Accounting Response Sent by the RADIUS server to indicate that it has started or stopped accounting In order to ensure network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauthorized access 4 3 3 Sequence for EAP Authentication The following figure shows the authentication steps when you enable EAP and specify a RADIUS server on your access point SS Computer qE Emet Figure 4 3 Sequence for EAP Authentication Radius Server The steps below describe how the IEEE 802 1X EAP authentication works Step 1 The wireless client sents a request message to the ZyAIR Step 2 The ZyAIR sends a request
142. ion File Maintenance ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Step 1 Use telnet from your computer to connect to the ZyAIR and log in Because TFTP does not have any security checks the ZyAIR records the IP address of the telnet client and accepts TFTP requests only from this address Step 2 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Maintenance Step 3 Enter the command sys stdio 0 to disable the console timeout so the TFTP transfer will not be interrupted Enter command sys stdio 5 to restore the five minute console timeout default when the file transfer is complete Step 4 Launch the TFTP client on your computer and connect to the ZyAIR Set the transfer mode to binary before starting data transfer Step 5 Use the TFTP client see the example below to transfer files between the ZyAIR and the computer The file name for the firmware is ras Note that the telnet connection must be active and the ZyAIR in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to transfer from the ZyAIR to the computer put the other way around and binary to set binary transfer mode 10 4 6 TFTP Upload Command Example The following is an example TFTP command tftp i host put firmware bin ras 11327 where i specifies binary im
143. ioris rere iR e ict he ie reete deer 10 1 10 2 Backup Configuration sce eee eei eie i 10 2 10 2 1 Backup Configuration icici cect ee eem eie e o tei i tds 10 3 10 2 2 Using the FTP Command from the Command Line eene 10 3 10 2 3 Example of FTP Commands from the Command me 10 4 10 2 4 GUEbased FTP Clients eoi dere a ea 10 4 10 2 5 TFTP and FTP over WAN Will Not Work When 10 4 10 2 6 Backup Configuration Using TFTP enne 10 5 10 2 7 TETP Command Example 635 0e ERR ne A RN ae TE dn 10 5 10 2 8 GUl based TETP Chemts coria Ree eerte Ee ea eee cette ds 10 5 10 2 9 Backup Via Console Port tene RENE RA A EG I ed 10 6 10 3 Restore COn UCI acte te RR leti O eese dutem er 10 7 10 31 Restore Using E TP Sei io SUR ee eus 10 8 10 3 2 Restore Using FTP Session sample 10 9 10 3332 Restore Via Console BOttu uoo ee RODA here Dad et Berti ees 10 9 10 4 Uploading Firmware and Configuration les 10 10 10 41 Firmware File Uplo d eee ee e e NG Ame 10 10 10 4 2 Configuration File Upload 10 11 10 4 3 FTP File Upload Command from the DOS Prompt Example sss 10 12 10 4 4 FTP Session Example of Firmware File Upload 10 12 10 4 57 TETP Bile Uplo d i ee ret ee e el ee ir ERR Da 10 12 10 4 6 TFTP Upload Command Example essere 10 13 10 4 7 Uploading Via Console Port 10 13 Table of Contents ix ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 10 4 8 Uploadi
144. isable the schedule set Yes Start Date Enter the start date when you wish the set to take effect in year month date format Valid dates are from the present to 2036 February 5 2000 01 01 How Often Should this schedule set recur weekly or be used just once only Press SPACE BAR and then ENTER to select Once or Weekly Both these options are mutually exclusive If Once is selected then all weekday settings are N A When Once is selected the schedule rule deletes automatically after the scheduled time elapses Once 12 2 Call Scheduling ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch FIELD DESCRIPTION EXAMPLE Once If you selected Once in the How Often field above then enter the date 2000 01 01 Date the set should activate here in year month date format Weekday If you selected Weekly in the How Often field above then select the Yes day s when the set should activate and recur by going to that day s Day and pressing SPACE BAR to select Yes then press ENTER No N A Start Time Enter the start time when you wish the schedule set to take effect in 09 00 hour minute format Duration Enter the maximum length of time this connection is allowed in hour 08 00 minute format Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period Forced On specified in the Duration
145. ive name or comment in the Edit Comments field for example TELNET WAN and press ENTER Step 4 Press ENTER at the message Press ENTER to confirm or ESC to cancel to open Menu 21 3 1 TCP IP Filter Rule Step 5 Type to configure the first filter rule Make the entries in this menu as shown next Menu 21 3 1 TCP IP Filter Rule Filter 4 3 1 Filter Type TCP IP Fi Active Yes IP Protocol 6 Destination IP Addr 0 IP Mask 0 Port 23 Port Comp Equal Source IP Addr 0 0 0 0 The port number for the telnet IP Mask 0 0 0 0 service TCP protocol is 23 See Port RFC 1060 for port numbers of well Port Comp None known services TCP Estab No 0 0 ion Not Mat hed Forward Select Equal here as we are looking for packets going to port 23 only Pfess ENTER to Confirm or ESC to Mancel There are no more rules to check Select Forward here so that the packet will be forwarded if its destination is not the telnet port and there are no more Select Drop here so that the rules in this filter set to check Select Next if there are packet will be dropped if its more rules to check destination is the telnet port Figure 7 12 Sample Filter Menu 21 3 1 When you press ENTER to confirm the following screen appears Note that there is only one filter rule in this set 7 14 Filter Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 21 1 Filter Rules Summary Filte
146. l Commands System Maintenance and Information 11 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 11 2 Time and Date Setting The ZyAIR keeps track of the time and date There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your ZyAIR Menu 24 10 allows you to update the time and date settings of your ZyAIR The real time is then displayed in the ZyAIR error logs and firewall logs Step 1 Select menu 24 in the main menu to open Menu 24 System Maintenance Step 2 Then enter 10 to go to Menu 24 10 System Maintenance Time and Date Setting to update the time and date settings of your ZyAIR as shown in the following screen Menu 24 10 System Maintenance Time and Date Setting Use Time Server when Bootup NTP RFC 1305 Time Server Address 128 105 39 21 Current Time New Time hh mm ss Current Date New Date yyyy mm dd Time Zone GMT Daylight Saving No Start Date mm dd End Date mm dd Press ENTER to Confirm or ESC to Cancel Figure 11 3 Menu 24 10 System Maintenance Time and Date Setting Table 11 1 Time and Date Setting Fields FIELD DESCRIPTION Use Time Server Enter the time service protocol that your time server sends when you turn on the when Bootup ZyAIR Not all time servers support all protocols so you may have to check with your ISP network administrator or use trial and error to
147. mber is 53 This cannot be changed Access Select the access interface if any by pressing the SPACE BAR LAN only Choices are LAN only WAN only All or Disable The default is LAN only Secured Client IP The default 0 0 0 0 allows any client to use this service to remotely manage the ZyAIR Enter an IP address to restrict access to a client with a matching IP address Once you have filled in this menu press ENTER at the message Press ENTER to Confirm or ESC to Cancel to save your configuration or press ESC to cancel 13 4 2 Remote Management Limitations Remote management over LAN or WAN will not work when 1 A filter in menu 3 1 LAN or in menu 11 5 WAN is applied to block a Telnet FTP or Web service 2 You have disabled that service in menu 24 11 3 The IP address in the Secured Client IP field menu 24 11 does not match the client IP address If it does not match the ZyAIR will disconnect the session immediately 4 There is already another remote management session of the same type Telnet FTP or Web running You may only have one remote management session of the same type running at one time 5 There is a web remote management session running with a Telnet session A Telnet session will be disconnected if you begin a web session it will not begin if there already is a web session 13 5 Remote Management and NAT When NAT is enabled gt Use the ZyAIR s WAN IP address when configuring from the WA
148. ment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space 3 3 3 RIP Setup RIP Routing Information Protocol allows a router to exchange routing information with other routers The RIP Direction field controls the sending and receiving of RIP packets When set to 1 Both the ZyAIR will broadcast its routing table periodically and incorporate the RIP information that it receives 2 In Only the ZyAIR will not send any RIP packets but will accept all RIP packets received 3 Out Only the ZyAIR will send out RIP packets but will not accept any RIP packets received 4 None the ZyAIR will not send any RIP packets and will ignore any RIP packets received The Version field controls the format and the broadcasting method of the RIP packets that the ZyAIR sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting Internet Access 3 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 3 3 4 DHCP Configuration DHCP Dynamic Host Configuration Protocol allows the individual clients computers to obtain the TCP IP configuration at start up from a centrali
149. mentations especially UNIX derivatives require separate IP network numbers for the WAN and LAN links and each end to have a unique address within the WAN network number In that case type the IP address assigned to the WAN port of your ZyAIR Network Press SPACE BAR and then ENTER to select Full Feature if you Full Address have multiple public WAN IP addresses for your ZyAIR Feature Translation Remote Node Configuration 5 5 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 5 2 Remote Node Network Layer Options FIELD DESCRIPTITON EXAMPLE Select SUA Only if you have just one public WAN IP address for your ZyAIR The SMT uses Address Mapping Set 255 menu 15 1 see section 6 3 f Select None to disable NAT Metric The metric represents the cost of transmission for routing purposes IP routing uses hop count as the cost measurement with a minimum of 1 for directly connected networks Type a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number Private This determines if the ZyAIR will include the route to this remote node in its RIP broadcasts If set to Yes this route is kept private and not included in RIP broadcast If No the route to this remote node will be propagated to other hosts through RIP broadcasts No RIP Direction Press SPACE BAR and then ENTER to select the
150. menu to display Menu 3 Ethernet Setup When menu 3 appears press 2 and press ENTER to display Menu 3 2 TCP IP and DHCP Ethernet Setup as shown next Internet Access 3 5 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch First address in Menu 3 2 TCP IP and DHCP Ethernet Setup the IP Pool DHCP Setup DHCP Server Client IP Pool Starting Address 192 168 1 33 Size of the IP Size of Client IP Pool 32 Pool Primary DNS Server 0 0 0 0 T Secondary DNS Server 0 0 0 0 Remote DHCP Server N A TCP IP Setup IP Address 192 68 1 1 IP addresses of IP Subnet Mask 255 255 255 the DNS RIP Direction Both servers Version RIP 1 Multicast None Edit IP Alias No r This is the IP address of the Press Space Bar to Toggle ZyAIR Press ENTER to Confirm or ESC to Cancel Figure 3 2 Menu 3 2 TCP IP and DHCP Ethernet Setup Follow the instructions in the following table on how to configure the DHCP fields Table 3 1 DHCP Ethernet Setup Menu Fields FIELD DESCRIPTION EXAMPLE DHCP Setup DHCP If set to Server your ZyAIR can assign IP addresses an IP default gateway and DNS servers to Windows 95 Windows NT and other systems that support the DHCP client If set to None the DHCP server will be disabled If set to Relay the ZyAIR acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients Enter the IP address of the
151. message to the wireless client for identity information Step 3 The wireless client replies with the password and username information Step 4 The ZyAIR receives the message and repackets this information into an Access Request package which is then sent to the remote RADIUS server or the Authentication server 4 4 Wireless LAN Security Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Step 5 The RADIUS server checks the user information against its user profile database and sends an accept or a deny packet to ZyAIR Step 6 When ZyAIR receives the accept package the client port is placed into an authorized state and traffic is allowed to proceed Otherwise no traffic is allowed 4 3 4 Enable EAP Authentication on Your ZyAIR Follow the steps below to enable EAP authentication on your ZyAIR Step 1 From the main menu enter 23 to display Menu23 System Security Menu 23 System Security 1 Change Password 2 RADIUS Server IEEE802 1X Figure 4 4 Menu 23 System Security Step 2 Enter 4 to display Menu 23 4 System Security IEEE802 1X Menu 23 4 System Security IEEE802 1X Authentication Control Force Authorized ReAuthentication Timer in second N A Press ENTER to Confirm or ESC to Cancel Figure 4 5 Menu 23 4 System Security IEEE802 1X The following table describes the fields in this screen Table 4 2 IEEE802 1X System Security Field Descriptions
152. mpt window type ipconfig and then press ENTER The window will display information about your connection specific DNS suffix IP Address Subnet Mask and Default Gateway Setting up Your Windows XP Computer Configuring TCP IP 1 Click start Control Panel Network and Internet Connections and then Network Connections 2 Right click the network connection you want to configure and then click Properties 3 Under the General tab select Internet Protocol TCP IP you may need to scroll down and click Properties TCP IP Q ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 4 6 de 8 The Internet Protocol TCP IP Properties window opens If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields To configure advanced static address settings for a local area connection click Advanced and do one or more of the following to configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway T
153. n 2 2 6 F G Frame Ground Ground the ZyAIR by connecting a grounded wire to the F G terminal 2 2 7 Antennas The ZyAIR is equipped with two reverse SMA connectors and two detachable omni directional 2dBi antennas to provide clear radio signal between the wireless stations and the access points Refer to the Antenna Selection and Positioning Recommendations appendix for more information The following table shows the ZyAIR s coverage in meters using the included antennas The distance may differ depending on the network environment 2 4 Hardware Installation and Initial Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 1 2 ZyAIR Wireless LAN Coverage 11 Mbps lt 5 5 Mbps Indoor 50m 80m Outdoor 200m 300 m ZyXEL offers several optional antennas to provide optimum coverage and performance for your ZyAIR Refer to the Quick Start Guide for instructions to attach the antennas to your ZyAIR 2 3 Hardware Mounting Options The ZyAIR may be placed on a flat surface or wall mounted In general the best location to place the access point is at the center of your intended wireless coverage area For better performance mount the ZyAIR in a high position free of obstructions Refer to the Quick Start Guide for hardware installation procedure 2 4 Additional Installation Requirements A computer with an IEEE 802 11b wireless LAN card or an Ethernet 10Base T 100Base T NIC To enable
154. n action is taken or else the packet is disposed of default according to the action fields If More is Yes then Action Matched and Action Not Matched will be N A 7 8 Filter Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 7 3 TCP IP Filter Rule Menu Fields FIELD DESCRIPTION EXAMPLE Log Select the logging option from the following None No packets will be logged None Action Matched Only packets that match the rule parameters will be logged Action Not Matched Only packets that do not match the rule parameters will be logged Both All packets will be logged Action Matched Select the action for a matching packet Choices are Check Check Next Rule Next Rule Forward or Drop default Action Not Matched Select the action for a packet not matching the rule Choices Check Next Rule are Check Next Rule Forward or Drop default When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen The following figure illustrates the logic flow of an IP filter Filter Configuration 7 9 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Packet into IP Filter Filter Active No Yes Y Apply SrcAddrMask to Src Addr Check S NES TEN Aser IPAddr Not Matched Matched
155. nfig rom 10 2 8 GUI based TFTP Clients The following table describes some of the fields that you may see in GUI based TFTP clients Firmware and Configuration File Maintenance 10 5 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 10 3 General Commands for GUI based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyAIR 192 168 1 1 is the ZyAIR s default IP address when shipped Send Fetch Use Send to upload the file to the ZyAIR and Fetch to back up the file on your computer Local File Enter the path and name of the firmware file bin extension or configuration file rom extension on your computer Remote File This is the filename on the ZyAIR The filename for the firmware is ras and for the configuration file is rom 0 Binary Transfer the file in binary mode Abort Stop transfer of the file Refer to section 10 2 5 to read about configurations that disallow TFTP and FTP over WAN 10 2 9 Backup Via Console Port Back up configuration via console port by following the HyperTerminal procedure shown next Procedures using other serial communications programs should be similar 66 99 Step 1 Display menu 24 5 and enter y at the following screen Ready to backup Configuration via Xmodem Do you want to continue y n Figure 10 3 System Maintenance Backup Configuration Step 2 The following screen indicates tha
156. ng Factory Def ults nennen 2 8 2 6 2 ZYAIR SMT Menu Overview esses enne E ener einen nennen nennen 2 8 2 15 Navigating the SM T Interface aos Ree ied a I WEG 2 10 2 4 System Management Terminal Interface Summary sse 2 1 2 8 Changing the System Password 2 12 2 0 General Setup e tette tee i Teste ben ta Boke 2 12 vi Table of Contents ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 2 9 1 Dynamic DNS 55 iaa dil a nno ea ee vie e rens 2 13 2 9 2 Procedure To Configure Menu lisina sa na Or UO ea iet d 2 13 2 9 3 Procedure to Configure Dynamic DNS sse eene 2 14 2 10 WASNUSETUD aeree teret ree Pt imt DERE OPER DER 2 15 SID SN RON 2 16 2 11 1 General Ethernet Port Filter Setup sss 2 17 Chapter 3 Internet ACCESS nconncn coca roca acoso 3 1 3 1 Factory Ethernet Defaults eene enne nennen etea oeaiei sinisita 3 1 2322 ANS atid EE 3 1 3 2 1 LANs WANS and the ZyAIR eseseseseeeeene enne nennen nennen ener enne 3 1 SG E TOPP MELEN 3 2 3 3 1 IP Address and Subnet Mask NENNEN 3 2 3 3 2 Private IP Addresses eee ee di een 3 3 3 3 3 RIP Setup need ea t i gie reed b tie e i ares 3 3 3 3 4 DHCP Configuration ee eite ded ee eee e etie eee e Ea 3 4 34 IP Multicast aotem en e prete dere ee o ege nete a es 3 5 3 5 TCP IP Ethernet and DHCP Setup iii ei i de rites 3 5 26 TP UL
157. ng Firmware File Via Console Pot 10 14 10 4 9 Example Xmodem Firmware Upload Using HyperTerminal sess 10 14 10 4 10 Uploading Configuration File Via Console Port 10 15 10 4 11 Example Xmodem Configuration Upload Using HyperTerminal 10 15 Chapter 11 System Maintenance and Information 4 eeeeee esee e esee esee eene eren netos etna setas stone se tnann 11 1 11 1 Command Interpreter Mode 11 1 11 2 Titne and Dit Sed ee ee e tette pe ti E e E Wen UE 11 2 FZL Resetting the Times insect die ese ads te oben EHE NER 11 3 Cliapter 12 Call Scheduling ere eodeni NT 12 1 12 1 Introd ctioti z o ore tet tS tt nu eene Oe petet 12 1 Chapter 13 Remote Management eese esee eene eee eee entes tn netus tasa tasto seta sets nono sonas n sens ense enses nano 13 1 13 1 Telnet zoe eee ere apo en a eins 13 1 A edet ehe t e ete e Rte 13 1 IS EE EE 13 1 13 4 Remote Management sc ec eee eret d ime ete ie eee ir see eene rd 13 1 13 4 Remote Management Setup 13 2 13 4 2 Remote Management Lmmmtatons nono non nono nconnrnn nono nr nn nn rrnnrnnnns 13 3 13 5 Remote Management and NAT sse nennen eren enne enne 13 3 13 6 System Timeout ves iii sce ee ER Re RERO EU den 13 4 ADDITIONAL INFORMATION ssssssssssssssssossosssassscosssncsocsnssossecsnssossossenenassesesssessessessonsnassnsosssassossessosseass IV Chapter 14 Troubleshooting sists sis ccscstsvss enero svsvsssevesececdssessseesesws
158. nnot access the Internet Connect your cable DSL modem with the ZyAIR using the appropriate cable Check with the manufacturer of your cable DSL device about your cable requirement because for some devices may require a crossover cable and others a straight through Ethernet cable Verify your WAN settings in SMT menu 2 and Internet access settings in SMT menu 4 Internet connection disconnects Check the schedule rules in SMT menu 26 If you use PPPoE encapsulation check the idle time out setting in SMT menu 11 5 Contact your ISP 14 6 Problem with Telnet Table 14 6 Troubleshooting Telnet PROBLEM CORRECTIVE ACTION cannot access the ZyAIR through Telnet Refer to the Problems with the Ethernet Interface section for instructions on checking your Ethernet connection Troubleshooting 14 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Appendix A Wireless LAN and IEEE 802 11 A wireless LAN WLAN provides a flexible data communications system that you can use to access various services navigating the Internet email printer services etc without any expensive network cabling infrastructure In effect a wireless LAN environment provides you the freedom to stay connected to the network while in the coverage area Benefits of a Wireless LAN 1 Access to network services in areas otherwise hard or expensive to wire such as historical buildings buildings with asb
159. ns the burden on the carriers of provisioning virtual circuits all the way to the ISP on multiple switches for thousands of users For GSTN PSTN amp ISDN the switching fabric is already in place 3 It allows the ISP to use the existing dial up model to authenticate and optionally to provide differentiated services Traditional Dial up Scenario The following diagram depicts a typical hardware configuration where PCs use traditional dial up networking ISP 1 O 4 o L 4 E m O E ISP 2 O O Diagram 4 Single PC per Modem Hardware Configuration PPPoE ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch How PPPoE Works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over it while the modem bridges the Ethernet frames to the Access Concentrator AC Between the AC and an ISP the AC is acting as a L2TP Layer 2 Tunneling Protocol LAC L2TP Access Concentrator and tunnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and is between the modem and the AC as opposed to all the way to the ISP However the PPP negotiation is between the PC and the ISP The ZyAIR as a PPPoE Client When using the ZyAIR as a PPPoE client the PCs on the LAN see only Ethernet and are not aware of PPPoE This alleviates the administrator from having to manage the PPPoE clie
160. nts on the individual PCs d L2TP hr 5 D c 9 2 o Oo Ethernet xDSL Diagram 5 ZyAIR as a PPPoE Client J PPPoE ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Appendix E PPTP What is PPTP PPTP Point to Point Tunneling Protocol is a Microsoft proprietary protocol RFC 2637 for PPTP is informational only to tunnel PPP frames How can we transport PPP frames from a PC to a broadband modem over Ethernet A solution is to build PPTP into the ANT ADSL Network Termination where PPTP is used only over the short haul between the PC and the modem over Ethernet For the rest of the connection the PPP frames are transported with PPP over AALS RFC 2364 The PPP connection however is still between the PC and the ISP The various connections in this setup are depicted in the following diagram The drawback of this solution is that it requires one separate ATM VC per destination PC ANT ISP SS mmm A __ _ q _ PPTP RFC 2364 nn eee PPP Diagram 6 Transport PPP frames over Ethernet PPTP and the ZyAIR When the ZyAIR is deployed in such a setup it appears as a PC to the ANT ADSL Network Termination In Windows VPN or PPTP Pass Through feature the PPTP tunneling is created from Windows 95 98 and NT clients to an NT server in a remote location The pass through feature allows users on the network to access a different remote server using the ZyAIR s Internet conne
161. o manually configure a default metric the number of transmission hops clear the Automatic metric check box and type a metric in Metric Click Add Repeat the previous three steps for each default gateway you want to add Click OK when finished In the Internet Protocol TCP IP Properties window s General tab Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them Click OK to close the Internet Protocol TCP IP Properties window Click OK to close the Local Area Connection Properties window Turn on your Prestige and restart your computer if prompted Verifying TCP IP Properties l 2 Click Start All Programs Accessories and then Command Prompt In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab TCP IP ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Setting up Your Macintosh Computer Configuring TCP IP Properties 1 2 3 4 5 6 T Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Select Ethernet from the Connect v
162. on File Maintenance This chapter tells you how to back up and restore your configuration file as well as upload new firmware and a new configuration file 10 1 Filename Conventions The configuration file often called the romfile or rom 0 contains the factory default settings in the menus such as password DHCP Setup TCP IP Setup etc It arrives from ZyXEL with a rom filename extension Once you have customized the ZyAIR s settings they can be saved back to your computer under a filename of your choosing ZyNOS ZyXEL Network Operating System sometimes referred to as the ras file is the system firmware and has a bin filename extension With many FTP and TFTP clients the filenames are similar to those seen next ftp gt put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the ZyAIR ftp get rom 0 config cfg This is a sample FTP session saving the current configuration to the computer file config cfg If your T FTP client does not allow you to have a destination filename different than the source you will need to rename them as the ZyAIR only recognizes rom 0 and ras Be sure you keep unaltered copies of both files for later use The following table is a summary Please note that the internal filename refers to the filename on the ZyAIR and the external filename refers to the filename not on the ZyAIR that is on your computer local netw
163. only need one rule where your ILAs Inside Local addresses all map to one dynamic IGA Inside Global Address assigned by your ISP Inside Local One Dynamic PC 3 E 5 Addresses ILA Inside Global Addresses IGA Assigned by ISP Figure 6 12 NAT Example 1 Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation Ethernet Service Type Standard My Login N A My Password N A Login Server N A IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Address N A Network Address Translation SUA Only Press ENTER to Confirm or ESC to Cancel Figure 6 13 Menu 4 Internet Access amp NAT Example From menu 4 choose the SUA Only option from the Network Address Translation field This is the Many to One mapping discussed in section 6 5 The SUA Only read only option from the Network Address Translation field in menus 4 and 11 3 is specifically pre configured to handle this case 6 16 NAT ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 6 5 2 Example 2 Internet Access with an Inside Server Inside Local One Dynamic PC 3 O 1 Addresses ILA Inside Global Addresses IGA Assigned by ISP Inside Server IP 192 168 1 10 Figure 6 14 NAT Example 2 In this case you do exactly as above use the convenient pre configured SUA Only set and then go to menu 15 2 to specify the Inside Server behind the NAT as shown in the next figure Menu 15 2 NAT Server Set
164. ork or FTP site and so the name but not the extension may vary After uploading new firmware see the ZyNOS F W Version field in Menu 24 2 1 System Maintenance Information to confirm that you have uploaded the correct firmware version The AT command is the command you enter after you press y when prompted in the SMT menu to go into debug mode Firmware and Configuration File Maintenance 10 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 10 1 Filename Conventions FILE TYPE INTERNAL NAME EXTERNAL NAME DESCRIPTION Configuration Rom 0 This is the configuration filename on the rom File ZyAIR Uploading the rom 0 file replaces the entire ROM file system including your ZyAIR configurations system related data including the default password the error log and the trace log Firmware Ras This is the generic name for the ZyNOS bin firmware on the ZyAIR 10 2 Backup Configuration The ZyAIR displays different messages explaining different ways to backup restore and upload files in menus 24 5 24 6 24 7 1 and 24 7 2 depending on whether you use the console port or Telnet Option 5 from Menu 24 System Maintenance allows you to backup the current ZyAIR configuration to your computer Backup is highly recommended once your ZyAIR is functioning properly FTP is the preferred methods for backing up your current configuration to your computer since they are faster You
165. osstalk occurs when the radio signals from access points overlap and interfere one another degrading performance Internet Access 3 13 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch ESS ID Extended Service Set ESS is defined as one or more access points APs acting as a bridge between a wired LAN and the associated wireless clients The ESS ID is a unique ID given to the APs and the wireless clients that participate in the same wireless network You can think the EES ID as being similar to a workgroup name in a Microsoft network Wireless LANs can be as simple as two computers with wireless network interface cards NICs communicating in a peer to peer network or as complex as a number of computers with wireless NICs communicating through access points which bridge network traffic to the wired LAN The ESS ID provides minimum security for your network see section on Wireless Security Setup for more information RTS Threshold The RTS Request To Send Threshold prevents the hidden node problem Hidden node problem occurs when two stations are within the range of the same access point but are not within the range of each other The following figure illustrates the hidden node problem Both stations STA are within the range of the AP however they cannot hear each other Therefore they are considered as hidden nodes from each other When a station starts data transmission with the access point it might not know that the ot
166. oubleshooting the WAN Interface 14 2 Table 14 5 Troubleshooting the Internet Access 14 3 Table 14 6 Troubleshooting Telnet sess enne nennen nnne nennen 14 3 Diagram 1 Peer to Peer Communication in an Ad hoc Network B Diagram 2 ESS Provides Campus Wide Coverage nono nono non ron ron ran nro r ran rn r rn nn rn nr rn nran nn C Diagram 3 Sequences for EAP MD5 Challenge Authentication eese F Diagram 4 Single PC per Modem Hardware Confgeurapon essent ener I Diagram ZyAIR asa PPPOE Client eandem beato orat tee ects J Diagram 6 Transport PPP frames over Ethernet ooooonncnnnicnncnocnnccnnonononacononnnnonncn nono co nennen nennen nennen nennen ener K Diagram 7 PPTP Protocol Overview eese neeaaea enia aa eisai aaaea reinen trennen L Diagram 8 Example Message Exchange between PC and an ANT sese L xvi Lists of Tables and Diagrams ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Preface The ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch is the ideal all in one device for small networks connecting to the Internet via a cable DSL modem The ZyAIR is equipped with four auto sensing 10 100BASE T Ethernet ports to connect to your network and an RJ 45 port to connect to your ADSL service The ZyAIR B 2000 s 10 100M auto negotiating LAN interface enables fast data transfer of either 10Mbps or 100Mbps in either half duplex or full duplex mode depending on your Ethernet network using eit
167. our ZyAIR Using Telnet The following procedure details how to telnet into your ZyAIR Step 1 Make sure your computer IP address and the ZyAIR IP address are on the same subnet Refer to the TCP IP appendix Step 2 In Windows click Start usually in the bottom left corner Run and then type telnet 192 168 1 1 the default IP address and click OK Step 3 Enter 1234 in the Password field Step 4 After entering the password you will see the main menu 2 5 3 Connect to Your ZyAIR Using the Console Port Step 1 Connect the 7 pin male end of a console port cable to the port labelled CONSOLE on the ZyAIR and the 9 pin female end to an avaliable serial port on your computer Step 2 Run the communications software and configure the communication parameteres as described in the Additional Installation Requirements section Step 3 Turn on your ZyAIR and you should see the initial screen shown next 2 6 Hardware Installation and Initial Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Please note that if there is no activity for longer than five minutes default timeout period after you log in your ZyAIR will automatically log you out The remainder of this user s guide shows you how to configure the ZyAIR for Internet access using SMT screens through the console port There are also some sections in this guide that focus on using Telnet to configure the ZyAIR 2 5 4 Initial Screen When you turn on yo
168. our computer Enter open followed by a space and the IP address of your ZyAIR Press ENTER when prompted for a username Enter your password as requested the default is 1234 Enter bin to set transfer mode to binary Use get to transfer files from the ZyAIR to the computer for example get rom 0 config rom transfers the configuration file on the ZyAIR to your computer and renames it config rom See earlier in this chapter for more information on filename conventions Enter quit to exit the ftp prompt Firmware and Configuration File Maintenance 10 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 10 2 3 Example of FTP Commands from the Command Line 331 Enter PASS command Password 230 Logged in ftp gt bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp 16384 bytes sent in 1 10Seconds 297 89Kbytes sec ftp quit Figure 10 2 FTP Session Example 10 2 4 GUI based FTP Clients The following table describes some of the commands that you may see in GUI based FTP clients Table 10 2 General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Login Type Anonymous This is when a user I D and password is automatically supplied to the server for anonymous access Anonymous logins will work only if your ISP o
169. ous sequence of zeros for a total number of 32 bits V IP Subnetting ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Since the mask is always a continuous number of ones beginning from the left followed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with mask 255 255 255 128 The following table shows all possible subnet masks for a class C address using both notations Chart 4 Alternative Subnet Mask Notation SUBNET MASK IP SUBNET MASK 1 BITS LAST OCTET BIT VALUE ADDRESS 255 255 255 0 124 0000 0000 255 255 255 128 125 1000 0000 255 255 255 192 126 1100 0000 255 255 255 224 127 1110 0000 255 255 255 240 28 1111 0000 255 255 255 248 129 1111 1000 255 255 255 252 30 1111 1100 The first mask shown is the class C natural mask Normally if no mask is specified it is understood that the natural mask is being used Example Two Subnets As an example you have a class C address 192 168 1 0 with subnet mask of 255 255 255 0 NETWORK NUMBER HOST ID IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet Mask 255 255 255 0 Subnet Mask Bin
170. p guide to help you connect install and set up your ZyAIR to operate on your network and to access the Internet Described are Key Features and Application Hardware Installation Initial Setup and Internet Access ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 1 Getting To Know Your ZyAIR This chapter describes the key features and applications of your ZyAIR 1 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch The ZyAIR is a cost effective wireless LAN gateway with an integrated 10 100 Mbps and wireless interfaces and robust network management features for Internet access via an external cable xDSL modem Equipped with a 10Mbps Ethernet WAN port four auto negotiating 10 100Mbps Ethernet LAN ports and the Single User Account SUA feature the ZyAIR is uniquely suited as a broadband Internet access sharing gateway for multi computer homes and home offices For added security your ZyAIR supports various methods of network security WEP MAC address filtering and IEEE 802 1x authentication ZyAIR provides ease of installation and superior network security What s more users enjoy the convenience and mobility with wireless LAN connectivity working anywhere within the coverage area 1 2 Features of the ZyAIR Your ZyAIR is packed with a number of features that give it the flexibility to provide a complete networking solution for almost any user 4 Port Switch A combination of switch and router makes
171. ple Xmodem Upload After the configuration upload process has completed restart the ZyAIR by entering atgo 10 16 Firmware and Configuration File Maintenance ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 11 System Maintenance and Information This chapter leads you through SMT menus 24 8 to 24 11 11 1 Command Interpreter Mode The Command Interpreter CI is a part of the main system firmware The CI provides much of the same functionality as the SMT while adding some low level setup and diagnostic functions Enter the CI from the SMT by selecting menu 24 8 See the included disk or the zyxel com web site for more detailed information on CI commands Enter 8 from Menu 24 System Maintenance A list of valid commands can be found by typing help or at the command prompt Type exit to return to the SMT main menu when finished Ta 25 35 4 5 6 d 8 9 1 T Menu 24 System Maintenance System Status System Information and Console Port Speed Log and Trace Diagnostic Backup Configuration Restore Configuration Upload Firmware Command Interpreter Mode Call Control Time and Date Setting Remote Management Setup Enter Menu Selection Number Figure 11 1 Menu 24 System Maintenance Copyright c 1994 2002 ZyXEL Communications Corp ras Valid commands are Sys exit poe radius hdap ras device ether config wlan ppp bridge Figure 11 2 Valid C
172. r Rules SA 0 0 0 0 DA 0 0 0 0 DP 23 1 2 3 4 5 6 Enter Filter Rule Number 1 6 to Configure 1 This shows you that you have M N means an action can be taken immediately configured and activated A Y a The action is to drop the packet m D if the TCP IP filter rule Type IP Pr 6 action is matched and to forward the packet for destination telnet ports DP immediately n F if the action is not matched no 23 matter whether there are more rules to be checked there aren t in this example Figure 7 13 Sample Filter Rules Summary Menu 21 1 After you have created the filter set you must apply it Step 1 Enter 11 in the main menu to display menu 11 and type the remote node number to edit Step 2 Go to the Edit Filter Sets field press SPACE BAR to choose Yes and press ENTER Step 3 This brings you to menu 11 5 Apply the example filter set for example filter set 3 in this menu as shown in the next section 7 6 Applying Filters and Factory Defaults This section shows you where to apply the filter s after you design it them Sets of factory default filter tules have been configured in menu 21 but have not been applied to filter traffic Table 7 5 Filter Sets Table FILTER SETS DESCRIPTION Input Filter Sets Apply filters for incoming traffic You may apply protocol or device filter rules See earlier in this chapter for information on filters Output Filter Sets Apply
173. r Static Assignment Dynamic address assignment IP Address Enter the IP address supplied by your ISP if applicable 10 11 12 20 IP Subnet Mask Your ZyAIR will automatically calculate the subnet mask based on the IP address that you entered Unless you are implementing subnetting use the subnet mask computed by the ZyAIR Gateway IP Type the IP address of the gateway The gateway is an immediate Address neighbor of your ZyAIR that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyAIR Network Address Press SPACE BAR and then ENTER to select None SUA Only SUA Only Translation or Full Feature Please see the NAT Chapter for more details When you have completed this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time to cancel If all your settings are correct your ZyAIR should connect automatically to the Internet If the connection fails note the error message that you receive on the screen and take the appropriate troubleshooting steps 3 11 Wireless LAN 3 11 1 Wireless LAN Parameters Channel The range of radio frequencies used by IEEE 802 11b wireless devices is called a channel You can choose the radio channel depending on your geographical area Adjacent Access Points APs with overlapping coverage areas should use different channels to reduce crosstalk Cr
174. r authentication through an external accounting server Server Address Enter the IP address of the external accounting server in dotted 10 11 12 13 decimal notation Port The default port of the RADIUS server for accounting is 1813 1813 You need not change this value unless your network administrator instructs you to do so with additional information Key Specify a password up to 31 alphanumeric characters as the key to be shared between the external accounting server and the access points The key is not sent over the network This key must be the same on the external accounting server and ZyAIR When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 4 4 Creating User Accounts on the ZyAIR By storing user profiles locally your ZyAIR is able to authenticate wireless users without interacting with a network RADIUS server Follow the steps below to set up user profiles on your ZyAIR Step 1 From the main menu enter 14 to display Menu 14 Dial in User Setup Wireless LAN Security Setup 4 7 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 14 Dial in User Setup im 2 33 4 5 6 7 8 Enter Menu Selection Number Figure 4 7 Menu 14 Dial in User Setup Step 2 Type a number and press ENTER to edit the user profile Menu
175. r service administrator has enabled this option Normal The server requires a unique User ID and Password to login Transfer Type Transfer files in either ASCII plain text format or in binary mode Initial Remote Directory Specify the default remote directory path Initial Local Directory Specify the default local directory path 10 2 5 TFTP and FTP over WAN Will Not Work When TFTP FTP and Telnet over WAN will not work when 1 You have disable Telnet service in menu 24 11 2 You have applied a filter in menu 3 1 LAN or in menu 11 5 WAN to block Telnet service 10 4 Firmware and Configuration File Maintenance ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 3 The IP address in the Secured Client IP field in menu 24 11 does not match the client IP If it does not match the ZyAIR will disconnect the Telnet session immediately 4 You have an SMT console session running 10 2 6 Backup Configuration Using TFTP The ZyAIR supports the up downloading of the firmware and the configuration file using TFTP Trivial File Transfer Protocol over LAN Although TFTP should work over WAN as well it is not recommended To use TFTP your computer must have both telnet and TFTP clients To backup the configuration file follow the procedure shown next Step 1 Use telnet from your computer to connect to the ZyAIR and log in Because TFTP does not have any security checks the ZyAIR records the IP
176. rs behind NAT on the LAN The example situation looks somewhat like this Other Computers on the LAN Web Server 192 168 1 21 Mapping Rules 1 FTP 1 lt gt IGA 1 Type 1 1 2 FTP 2 lt gt IGA 2 Type 1 1 3 Other LAN traffic gt IGA 3 Type M 1 Outgoing Traffic gt Internal web server and mail server Incoming Traffic Mail Server 192 168 1 20 INTERNET 3 IGAs 10 132 50 1 IGA 1 10 132 50 2 IGA 2 10 132 50 3 IGA 3 FTP Server 1 192 168 1 10 FTP Server 2 192 168 1 11 Figure 6 16 NAT Example 3 6 18 NAT ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Step 1 In this case you need to configure Address Mapping Set 1 from Menu 15 1 Address Mapping Sets Therefore you must choose the Full Feature option from the Network Address Translation field in menu 4 or menu 11 3 as shown in the finger below Menu 11 3 Remote Node Network Layer Options IP Address Assignment Dynamic IP Address N A IP Subnet Mask N A Gateway IP Addr N A Network Address Translation Full Feature Metric 1 Private N A RIP Direction None Version N A Multicast None Enter here to CONFIRM or ESC to CANCEL Figure 6 17 Example 3 Menu 11 3 Step 2 Then enter 15 from the main menu Step 3 Enter 1 to configure the Address Mapping Sets Step 4 Enter 1 to begin configuring this new set Enter a Set Name choose the Edit Action and then enter 1 for th
177. s description 2 3 RN 2 5 Backup zx E 10 2 CPU L ad cos mU lo s sr cu 9 2 Basic Service Set eed A Crossover Ethernet Cable sss 2 3 Benefits of PPPoE sssseee een tees ee I CRT i as rto nore ra rr er See Clear to Send BSS sss See Basic Service Set Customer Support v C D Call Connection L data colo ieser 3 14 Call Filtering un 7 1 Data Eiltering eee tee 7 1 Call Filters Device Filter rules eene 7 12 Built In sce era eect td ena 7 1 DHGCP eiie Eee eS 1 3 9 4 User Defien 7 1 Diagnostic rra es ER Call Scheduling 12 1 Diagnostic Tools id Ho oe 9 1 Maximum Number of Schedule Sets 12 1 Direct Sequence Spread Spectmum A NH ee 12 3 Distribution System ees B Precedence eenneeeee 12 1 NS nts ua UN S ud 3 6 Precedence Example See precedence Domain Name 6 13 CDR orrasa EE 9 6 Domain Name System nieee nnn 3 4 CDR Call Detail Revolt 9 5 DS inci cepi See Distribution System Channel Deeg n dee 3 16 Dess See Direct Sequence Spread Spectrum E EE 5 3 Dynamic DNS eee 1 2 2 13 2 14 Index EE ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Dynamic Host Configuration Protocol 3 4 Dynamic Service Selection 3 10 DYNDNS wWildcard 2 13 E ENEE 4 3 EAP Authentication Beguence 4 4 Encapsulaton sss 3 10 3 12 5 1 Error E 9 5 Error Information Messages A eed 9 5
178. s is the default speed on leaving the factory Try other speeds in case the speed has been should be configured as changed Get No parity 8 data bits 1 stop bit data flow set to none 14 2 Problem with the Password Table 14 2 Troubleshooting the Password PROBLEM CORRECTIVE ACTION cannot access the ZyAIR The Password and Username fields are case sensitive Make sure that you enter the correct password and username using the proper casing Use the RESET button to restore the factory default configuration file This will restore all of the factory defaults including the password Refer to section on resetting to factory defaults for details Troubleshooting 14 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 14 3 Problem with the Ethernet Interface Table 14 3 Troubleshooting the Ethernet Interface PROBLEM CORRECTIVE ACTION Cannot access the ZyAIR from the Ethernet If the all the LAN LEDs on the front panel are off check the Ethernet cable connection between your ZyAIR and the computer connected to the LAN port Check the faulty Ethernet cables Make sure the NIC Network Interface Card on the Ethernet device is installed and working properly Check the IP address of the Ethernet device Make sure that the IP address and the subnet mask of the ZyAIR and the Ethernet device are on the same subnet cannot ping any computer on the LAN Ch
179. separated by commas The factory default filter set NetBIOS WAN is inserted in the protocol filters field under Call Filter Sets in menu 11 5 to block local NetBIOS traffic from triggering calls to the ISP Apply filter 3 to block Tel FTP and Web Input Filter Sets traffic from the WAN protocol filters 3 device filters Output Filter Sets Menu 11 5 Remote Node Filter protocol filters 1 device filters Call Filter Sets Apply filter 1 to block Protocol filters NETBIOS traffic to Device filters the WAN Enter here to CONFIRM or ESC to CANCEL Figure 7 15 Filtering Remote Node Traffic Note that call filter sets are visible when you select PPTP or PPPoE encapsulation 7 16 Filter Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 8 SNMP Configuration This chapter explains SNMP Configuration menu 22 SNMP is only available if TCP IP is configured 8 1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices SNMP is a member of the TCP IP protocol suite Your ZyAIR supports SNMP agent functionality which allows a manager station to manage and monitor the ZyAIR through the network The ZyAIR supports SNMP version one SNMPv1 The next figure illustrates an SNMP management operation SNMP is only available if TCP IP is configured MANAGER SNMP AGENT AGENT AGENT
180. ses Address Mapping Set 255 menu 15 1 see Section 6 3 1 Choose SUA Only if you have just one public WAN IP address for your ZyAIR 6 3 NAT Setup Use the Address Mapping Sets menus and submenus to create the mapping table used to assign global addresses to computers on the LAN You can see two NAT Address Mapping sets in menu 15 1 You can only configure Set 1 Set 255 is used for SUA When you select Full Feature in menu 4 or 11 3 the SMT will use Set 1 which supports all mapping types as outlined in Table 6 2 When you select SUA Only the SMT will use the pre configured Set 255 read only The Server Set is a list of LAN side servers mapped to external ports To use this set a server rule must be set up inside the NAT Address Mapping set Please see Section 6 4 for further information on these menus To configure NAT enter 15 from the main menu to bring up the following screen NAT 6 7 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 15 NAT Setup Address Mapping Sets NAT Server Sets Enter Menu Selection Number Figure 6 5 Menu 15 NAT Setup 6 3 1 Address Mapping Sets Enter 1 to bring up Menu 15 1 Address Mapping Sets Menu 15 1 Address Mapping Sets La 255 SUA read only Enter Menu Selection Number Figure 6 6 Menu 15 1 Address Mapping Sets SUA Address Mapping Set Enter 255 to display the next screen see also Section 6 2 1 The fields in this menu cannot be c
181. st published in 1999 was based on the MAC address As the MAC address is sent across the wireless link in clear text it is easy to spoof and fake Even the WEP Wire Equivalent Privacy data encryption is unreliable as it can be easily decrypted with current computer speed Deployment Issues with IEEE 802 11 User account management has become a network administrator s nightmare in a corporate environment as the IEEE 802 11b standard does not provide any central user account management User access control is done through manual modification of the MAC address table on the access point Although WEP data encryption offers a form of data security you have to reset the WEP key on the clients each time you change your WEP key on the access point IEEE 802 1x In June 2001 the IEEE 802 1x standard was designed to extend the features of IEEE 802 11 to support extended authentication as well as providing additional accounting and control features It is already supported by Windows XP other operating systems and a number of network devices Advantages of the IEEE 802 1x e User based identification that allows for roaming e Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and accounting management on a network RADIUS server e Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or t
182. static route you want to configure 5 8 Remote Node Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Menu 12 1 Edit IP Static Route Route 1 Route Name Active No Destination IP Address IP Subnet Mask Gateway IP Address Metric 2 Private No Press ENTER to Confirm or ESC to Cancel Figure 5 7 Edit IP Static Route The following table describes the fields for Menu 12 1 Edit IP Static Route Setup Table 5 3 Edit IP Static Route Menu Fields FIELD DESCRIPTION Route This is the index number of the static route that you chose in menu 12 1 Route Name Type a descriptive name for this route This is for identification purpose only Active This field allows you to activate deactivate this static route Destination IP This parameter specifies the IP network address of the final destination Routing is Address always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Type the subnet mask for this destination Follow the discussion on P Subnet Mask in Mask this manual Gateway IP Type the IP address of the gateway The gateway is an immediate neighbor of your Address ZyAIR that will forward the packet to the destination On the LAN the gateway must be a router on the same segment as your ZyAIR over W
183. steccsssesscvessssutevbsessssssecesivesesecsssescveecess 14 1 14 1 Problem Starting Up the ZyAIR cceceeccesccesecesecscecseeeseeeseeeeceesenseensecsesseceseceaeeaecnaecneeeneeenes 14 1 14 2 Problem with the Password AAA 14 1 14 3 Problem with the Ethernet Interface 14 2 14 4 Problem with the WAN Interface sees e nennen nennen 14 2 14 5 Problem with Internet ACCESS viii lernte terre on esa e Beda ds eere etes 14 3 14 6 Problem with Telnet e Rr Ra ree er Ee ain 14 3 Appendix A Wireless LAN and IEEE 802 11 eee eee eee eee ee seen eene ens tn netus tns sn netu netu seta seta conoces A Appendix B Wireless LAN With IEEES02 1x eeeeeee esset eene eene n tnn tna tns tn seta stesse essen sensns ennee E Appendix C Antenna Selection and Positioning Recommendation eere eese eee eene G Appendix D PPPoE Appendix E PP TP Appendix F TCP IP Appendix G IP Subnetting q coca roo noss U Appendix H Power Adapter Specifications sscssccsscssscssscsssssssssssssssscsssesssssssesssesesssscessessesssessoess CC tt E EE X Table of Contents ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch List of Figures Figure 1 1 Internet Access Applicator uae eer CER C R ERE ERE FHe ENS SERE YE 1 4 LEE ZYATRELO EE 2 1 Figure 2 2 ZyAIR Side
184. t the Xmodem download has started You can enter ctrl x to terminate operation any time Starting XMODEM download Figure 10 4 System Maintenance Starting Xmodem Download Screen 10 6 Firmware and Configuration File Maintenance ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Step 3 Run the HyperTerminal program by clicking Transfer then Receive File as shown in the following screen Receive File Type a location for storing the configuration file or click Browse to Place received file in the follows look for one c NProduct F SCH Use receiving protocol Choose the Xmodem protocol modem Then click Receive Figure 10 5 Backup Configuration Example Receiw Step 4 After a successful backup you will see the following screen Press any key to return to the SMT menu Backup Configuration completed OK Hit any key to continue Figure 10 6 Successful Backup Confirmation Screen 10 3 Restore Configuration This section shows you how to restore a previously saved configuration Note that this function erases the current configuration before restoring a previous back up configuration please do not attempt to restore unless you have a backup configuration file stored on disk FTP is the preferred method for restoring your current computer configuration to your ZyAIR since FTP is faster Please note that you must wait for the system to automatically restart after the file trans
185. te client to a private server creating a Virtual Private Network VPN using TCP IP based networks PPTP supports on demand multi protocol and virtual private networking over public networks such as the Internet For more information on PPTP please refer to the PPTP Appendix 3 10 Internet Access ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 3 8 IP Address Assignment A static IP is a fixed IP that your ISP gives you A dynamic IP is not fixed the ISP assigns you a different one each time The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP However the encapsulation method assigned influences your choices for IP Address 3 9 Internet Access Configuration Menu 4 allows you to enter the Internet Access information in one screen Menu 4 is actually a simplified setup for one of the remote nodes that you can access in menu 11 Before you configure your ZyAIR for Internet access you need to collect your Internet account information from your ISP and telephone company Use the following table to record your Internet Account Information Note that if you are using PPP or PPPoE encapsulation then the only ISP information you need is a login name and password Table 3 4 Internet Account Information FIELD DESCRIPTION YOUR INFO System Name Name of the ZyAIR optional Service Name Enter the PPPoE service name if the ISP supplies one PPPoE Enter any i
186. ter Comments Comments NetBIOS WAN NetBIOS LAN TEL FTP WEB WAN Enter Filter Set Number to Configure 0 Figure 7 3 Menu 21 Filter Set Configuration Step 2 Type the filter set to configure no 1 to 12 and press ENTER Step 3 Type a descriptive name or comment in the Comments field and press ENTER Step 4 Press ENTER at the message Press ENTER to confirm to display Menu 21 1 Filter Rules Summary that is 1f you selected filter set 1 in menu 21 The following figures show the summary of three filter sets of your ZyAIR Filter Configuration 7 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 1 2 3 4 5 6 AoRWNE Id 1 2 3 4 5 6 Menu 21 1 Filter Rules Summary Filter Rules Enter Filter Rule Number 1 6 to Configure Figure 7 4 NetBIOS_WAN Filter Rules Summary Menu 21 2 Filter Rules Summary Filter Rules Pr 17 SA 0 0 0 0 SP 137 DA 0 0 0 0 DP 53 Enter Filter Rule Number 1 6 to Confiaure Figure 7 5 NetBIOS_LAN Filter Rules Summary Menu 21 3 Filter Rules Summary Filter Rules Enter Filter Rule Number 1 6 to Configure Figure 7 6 TEL_FTP_WEB_WAN Filter Rules Summary Filter Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 7 2 1 Filter Rules Summary Menus The following tables briefly describe the abbreviations used in menus 21 1 and 21 2 Table 7 1 Abbreviations Used in the Filter Rules Summary Menu
187. th one or many dynamic DNS services so that anyone can contact you in NetMeeting CU SeeMe or other services You can also access your FTP server or Web site on your own computer using a DNS like address for example myhost dhs org where myhost is a name of your choice which will never change instead of using an IP address that changes each time you reconnect Your friends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a DNS name To use this service you must register with the Dynamic DNS service provider The Dynamic DNS service provider will give you a password or key The ZyAIR supports www dyndns org You can apply to this service provider for Dynamic DNS service DYNDNS Wildcard Enabling the wildcard feature for your host causes yourhost dyndns org to be aliased to the same IP address as yourhost dyndns org This feature is useful if you want to be able to use for example www yourhost dyndns org and still reach your hostname 2 9 2 Procedure To Configure Menu 1 Step 1 Enter 1 in the Main Menu to open Menu 1 General Setup shown next Menu 1 General Setup System Name Domain Name Edit Dynamic DNS No Press ENTER to Confirm or ESC to Cancel Figure 2 8 Menu 1 General Setup H
188. the MAC addresses in XX XX XX XX XX XX format of the client computers that are allowed or denied access to the ZyAIR in these address fields When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen 4 10 Wireless LAN Security Setup ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 5 Remote Node Configuration This chapter shows you how to set up remote nodes on the WAN side A remote node is required for placing calls to a remote gateway A remote node represents both the remote gateway and the network behind it across a WAN connection When you use menu 4 to set up Internet access you are configuring one of the remote nodes 5 1 Remote Node Profile Use Menu 11 Remote Node Profile to setup the remote node From the main menu enter 11 to display Menu 11 Remote Node Profile as shown in Figure 5 1 5 1 1 Encapsulation Scenarios For Internet access you should use the encapsulation used by your ISP Nailed Up Connection PPPoE PPTP A nailed up connection is a dial up line where the connection is always up regardless of traffic demand The ZyAIR does two things when you specify a nailed up connection The first is that idle timeout is disabled The second is that the ZyAIR will try to bring up the connection when turned on and whenever the connection is down A naile
189. the service request is simply discarded 6 12 NAT ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Many residential broadband ISP accounts do not allow you to run any server processes such as a Web or FTP server from your location Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP The most often used port numbers are shown in the following table Please refer to RFC 1700 for further information about port numbers Please also refer to the included disk for more examples and details on NAT Table 6 7 Services amp Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 Telnet 23 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Finger 79 HTTP Hyper Text Transfer protocol or WWW Web 80 POP3 Post Office Protocol 110 NNTP Network News Transport Protocol 119 SNMP Simple Network Management Protocol 161 SNMP trap 162 PPTP Point to Point Tunneling Protocol 1723 6 4 1 Configuring a Server behind NAT Follow these steps to configure a server behind NAT Step 1 Enter 15 in the main menu to go to Menu 15 NAT Setup Step 2 Enter 2 to display Menu 15 2 NAT Server Sets as shown next NAT 6 13 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Rule Start Port No Default 0 0 0 0 0 0 0 0
190. to Confirm or ESC to Cancel Example 3 Menu 15 2 6 20 NAT ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 6 5 4 Example 4 NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation In this case it is better to use Many One to One mapping as port numbers do not change for Many One to One and One to One NAT mapping types The following figure illustrates this Game Player 1 192 168 1 10 Mapping Rules 1 Game Players 1 to 3 lt gt IGAs 1 to 3 Type Many One to One en Game Player 2 192 168 1 11 INTERNET 3IGAs 10 132 50 1 IGA 1 10 132 50 2 IGA 2 10 132 50 3 IGA 3 Game Player 3 192 168 1 12 Figure 6 20 NAT Example 4 Other applications such as some gaming programs are NAT unfriendly because they embed addressing information in the data stream These applications won t work through NAT even when using One to One and Many One to One mapping types Follow the steps outlined in example 3 to configure these two menus as follows Menu 15 1 1 1 Address Mapping Rule Type Many One to One Local IP Start 192 168 1 10 End 192 168 1 12 Global IP Start 10 132 50 1 End 10 132 50 3 Press ENTER to Confirm or ESC to Cancel Figure 6 21 Example 4 Menu 15 1 1 1 NAT 6 21 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch After you ve configured your rule you should be able to ch
191. to define the filter sets Hardware Installation and Initial Setup 2 17 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 3 Internet Access This chapter shows you how to configure the LAN and WAN of your ZyAIR for Internet access 3 1 Factory Ethernet Defaults The Ethernet parameters of the ZyAIR are preset in the factory with the following values Ethernet IP address of 192 168 1 1 with subnet mask of 255 255 255 0 24 bits 2 DHCP server enabled with 32 client IP addresses starting from 192 168 1 33 These parameters should work for the majority of installations If the parameters are satisfactory you can skip to TCP IP Ethernet Setup and DHCP to enter the DNS server address es if your ISP gives you explicit DNS server address es If you wish to change the factory defaults or to learn more about TCP IP please read on 3 2 LANs and WANS A LAN Local Area Network is a computer network limited to the immediate area usually the same building or floor of a building A WAN Wide Area Network on the other hand is an outside connection to another network or the Internet 3 2 1 LANs WANs and the ZyAIR The actual physical connection determines whether the ZyAIR ports are LAN or WAN ports There are two separate IP networks one inside the LAN network the other outside the WAN network as shown next Internet Access 3 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch x LAN y
192. to place an outgoing call over AALS to an RFC 2364 server Control and PPP Connections Each PPTP session has distinct control connection and PPP data connection Call Connection The control connection runs over TCP Similar to L2TP a tunnel control connection is first established before call control messages can be exchanged Please note that a tunnel control connection supports multiple call sessions The following diagram depicts the message exchange of a successful call setup between a PC and an ANT Start Control Connection Request gt a Start Control Connection Reply Outgoing Call Request gt Outgoing Call Reply PPP Frames d PPP Frames Diagram 8 Example Message Exchange between PC and an ANT L PPTP ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch PPP Data Connection The PPP frames are tunneled between the PNS and PAC over GRE General Routing Encapsulation RFC 1701 1702 The individual calls within a tunnel are distinguished using the Call ID field in the GRE header PPTP ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Appendix F TCP IP All computers must have a 10M or 100M Ethernet adapter card and TCP IP installed Use straight through Ethernet cables to connect your computer s Ethernet adapter to a hub or switch and to connect the hub or switch to the ZyAIR s LAN port Otherwise connect your computer s Ethernet adapter directly to the LAN
193. uired for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and then forwards it to the Internet The ZyAIR keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored The following figure illustrates this 6 2 NAT ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch NAT Table Inside Local Inside Global IP Address IP Address LAN 192 168 1 10 IGA 1 WAN 192 168 1 11 IGA 2 192 168 1 12 IGA 3 Computer IP 192 168 1 13 IGA 4 192 168 1 13 Computer IP 192 168 1 12 Computer IP 192 168 1 11 Inside Global Addresses IGA Inside Local Addresses ILA Computer IP 192 168 1 10 Figure 6 1 How NAT Works 6 1 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP Alias behind the ZyAIR can communicate with three distinct WAN networks More examples follow at the end of this chapter NAT 6 3 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch LANI 192 168 1 X Network Server Serverin Admin 192 168 1 2 Admin Network PC2 PC3 IP 1 IGA 1 Corporation A l PC3 PC2 NT Server ll 192 168 1 1 j PC4 Pes Corporation B PC1 Ro A PC 2 Server in Sales Network Ss a A C INFERNET gt wand z
194. up Rule Start Port No End Port No IP Address Default Default Hn 000000000 0 0 0 0 0 0 0 0 0 0 al 0 0 0 0 0 0 0 0 0 0 L uUoooooooooo 027 027 Press ENTER to Confirm or ESC to Cancel Figure 6 15 Menu 15 2 1 Specifying an Inside Server NAT 6 17 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 6 5 3 Example 3 Multiple Public IP Addresses With Inside Servers In this example there are 3 IGAs from our ISP There are many departments but two have their own FTP server All departments share the same router The example will reserve one IGA for each department with an FTP server and all departments use the other IGA Map the FTP servers to the first two IGAs and the other LAN traffic to the remaining IGA Map the third IGA to an inside web server and mail server Four rules need to be configured two bi directional and two uni directional as follows Rule 1 Map the first IGA to the first inside FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses Rule 2 Map the second IGA to our second inside FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses Rule 3 Map the other outgoing LAN traffic to IGA3 Many 1 mapping Rule 4 You also map your third IGA to the web server and mail server on the LAN Type Server allows you to specify multiple servers of different types to other compute
195. ur ZyAIR it performs several internal tests as well as line initialization After the initialization the ZyAIR asks you to press ENTER to continue as shown Copyright c 1994 2002 ZyXEL Communications Corp initialize ch 0 ethernet address 00 A0 C5 00 15 37 initialize ch 1 ethernet address 00 A0 C5 00 15 38 initialize ch 2 ethernet address 00 A0 C5 00 15 37 Press ENTER to continue Figure 2 3 Power On Display 2 5 5 Entering Password The login screen appears after you press ENTER prompting you to enter the password as shown next For your first login enter the default password 1234 As you type the password the screen displays an x for each character you type Please note that if there is no activity for longer than five minutes after you log in your ZyAIR will automatically log you out and will display a blank screen If you see a blank screen press ENTER to display the login screen again Enter Password XXXX Figure 2 4 Login Screen Hardware Installation and Initial Setup 2 7 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 2 6 Resetting the ZyAIR If you forget your password or cannot access the ZyAIR you will need to reload the factory default configuration file Uploading this configuration file replaces the current configuration file with the factory default configuration file This means that you will lose all configurations that you had previously
196. ve two or more ZyAIRs on the same subnet Port Enter the port number to communicate roaming information between access points The port number must be the same on all access points The default is 16290 Make sure this port is not used by other services When you have completed this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel to save your configuration or press ESC to cancel and go back to the previous screen Internet Access 3 19 Advanced Applications Part II ADVANCED APPLICATIONS This part shows how to configure Wireless Security Remote Node Remote Node TCP IP and NAT l__ 4 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Chapter 4 Wireless LAN Security Setup This chapter describes the types of security you can enable on the ZyAIR 4 1 Levels of Security Wireless security is vital to your network to protect wireless communication between wireless clients access points and other wireless The figure below shows the possible wireless security levels on your ZyAIR The highest security level is EAP Extensible Authentication Protocol authentication It requires interaction with a RADIUS Remote Authentication Dial In User Service server either on the W
197. verage for an entire building or campus All communications between stations or between a station and a wired network client go through the access point The Extended Service Set ESS shown in the next figure consists of a series of overlapping BSSs each containing an access point connected together by means of a Distribution System DS Although the DS Wireless LAN and IEEE 802 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch could be any type of network it is almost invariably an Ethernet LAN Mobile nodes can roam between access points and seamless campus wide coverage is possible Desktop with Ethernet NIC Ethernet Notebook with i Wireless N Desktop with i Wireless NIC i i i 1 Desktop with 1 i i i Wireless NIC Access Point am BSS1 BSS2 hi j i Desktop with Wirelegs NIC A amp TERM P d N Fd Mi Desktop with ZU LM ESS Ba KN Wireless NIC P o Lt oi _ Meer c ig Notebook with Wireless NIC Diagram 2 ESS Provides Campus Wide Coverage Wireless LAN and IEEE 802 11 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Appendix B Wireless LAN With IEEE802 1x As wireless networks become popular for both portable computing and corporate networks security is now a priority Security Flaws with IEEE 802 11 Wireless networks based on the original IEEE802 11 have a poor reputation for safety The IEEE802 11b wireless access standard fir
198. verage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an indoor site each 1 dB increase in antenna gain results in a range increase of approximately 2 5 For an unobstructed outdoor site each 1dB increase in gain results in a range increase of approximately 5 Actual results may vary depending on the network environment Antenna gain is sometimes specified in dBi which is how much the antenna increases the signal power compared to using an isotropic antenna An isotropic antenna is a theoretical perfect antenna that sends out radio signals equally well in all directions dBi represents the true gain that the antenna provides Types of Antennas For WLAN There are two types of antennas used for wireless LAN applications e Omni directional antennas send the RF signal out in all directions on a horizontal plane The coverage area is torus shaped like a donut which makes these antennas ideal for a room environment With a wide coverage area it is possible to make circular overlapping coverage areas with multiple access points e Directional antennas concentrate the RF signal in a beam like a flashlight The angle of the beam width determines the direction of the coverage pattern typically ranges from 20 degrees less Antenna Selection and Positioning Recommendation G ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch directional to 90 degrees very directional The
199. vice Provider This information is MyISP for identification purposes only Encapsulation Press SPACE BAR to select the method of encapsulation used Ethernet by your ISP Choices are PPPoE PPP or Ethernet Service Type This field is available if you select the Ethernet encapsulation Standard Press SPACE BAR to select the service type then press ENTER Choose a RoadRunner flavor if your ISP is using Time Warner s RoadRunner otherwise choose Standard The User Name Password and Login Server fields are not applicable N A for the latter Choose from Standard Telstra RoadRunner Telstra or BigPond authentication method RR Manager RoadRunner Manager authentication method or RR Toshiba RoadRunner Toshiba authentication method 3 12 Internet Access ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table 3 5 Internet Access Setup Menu Fields FIELD DESCRIPTION EXAMPLE My Login Configure the My Login and My Password fields for PPP and N A PPPoE encapsulation only Enter the login name that your ISP gives you If you are using PPPoE encapsulation then this field must be of the form user domain where domain identifies your PPPoE service name My Password Enter the password associated with the login name above N A Login Server Enter the IP address of the login server in dotted decimal notation 10 11 12 13 IP Address Press SPACE BAR and then ENTER to select Static o
200. ware Quick Installation Guide Our Quick Installation Guide 1s designed to help you get up and running right away It contains a detailed easy to follow connection diagram default settings handy checklists and information on setting up your network and configuring for Internet access ZyXEL Web Site Preface xvii ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch The ZyXEL download library at www zyxel com contains additional support documentation Please also refer to www zyxel com for an online glossary of networking terms Syntax Conventions e Type means for you to type one or more characters and press the carriage return Select or Choose means for you to use one predefined choices e The SMT menu titles and labels are in Bold Times New Roman font Predefined field choices are in Bold Arial font Command and arrow keys are enclosed in square brackets ENTER means the Enter or carriage return key ESC means the Escape key and SPACE BAR means the Space Bar e For brevity s sake we will use e g as a shorthand for for instance and i e for that is or in other words throughout this manual e The ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch may be referred to as the ZyAIR B 2000 or simply as the ZyAIR in this user s guide xviii Preface Getting Started Part I GETTING STARTED This part is structured as a step by ste
201. when connecting to such an implementation 5 1 3 Remote Node Setup For the TCP IP parameters perform the following steps to edit Menu 11 3 Remote Node Network Layer Options 5 4 Remote Node Configuration ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Move the cursor to the Edit IP field press SPACE BAR to select Yes then press ENTER to display Menu 11 3 Remote Node Network Layer Options shown below Menu 11 3 Remote Node Network Layer Options IP Address Assignment Static Rem IP Addr 0 0 0 0 Rem Subnet Mask 0 0 0 0 My WAN Addr 0 0 0 0 Network Address Translation None Metric 1 Private No RIP Direction None Version N A Multicast None Enter here to CONFIRM or ESC to CANCEL Figure 5 2 Remote Node Network Layer Options The next table explains fields in Menu 11 3 Remote Node Network Layer Options Table 5 2 Remote Node Network Layer Options FIELD DESCRIPTITON EXAMPLE IP Address Press SPACE BAR and then ENTER to select Dynamic if the remote Static Assignment node is using a dynamically assigned IP address or Static if it is using a static fixed IP address You will only be able to configure this in the ISP node also the one you configure in menu 4 all other nodes are set to Static Rem IP Addr This is the IP address you entered in the previous menu Rem Subnet Type the subnet mask assigned to the remote node Mask My WAN Addr Some imple
202. wireless stations on the network and vice versa Coverage area of AP 2 Y roams between Y access points while Y _ Maintaining uninterrupted e network connectivity Figure 3 10 Roaming Example The steps below describe the roaming process Step 1 As wireless station Y moves from the coverage area of access point AP 1 to that of acces point AP 2 it scans and uses the signal of access point AP 2 Step 2 Access point AP 2 acknowledges the pressence of wireless station Y and relays this information to access point AP 1 through the wired LAN Step 3 Access point AP 1 updates the new position of wireless station Step 4 Wireless station Y sends a request to access point AP 2 for reauthentication 3 11 4 Requirements for Roaming The following requirements must be met in order for wireless stations to roam between the coverage areas 1 All the access points must be on the same subnet and configured with the same ESSID 2 IfIEEE 802 1x user authentication is enabled and to be done locally on the access point the new access point must have the user profile for the wireless station Internet Access 3 17 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 3 The adjacent access points should use different radio channels when their coverage areas overlap 4 All access points must use the same port number to relay roaming information 5 The access points must be connected to the Ethernet and be able to get I
203. your ZyAIR Step 3 Press ENTER when prompted for a username Step 4 Enter your password as requested the default is 1234 Step 5 Enter bin to set transfer mode to binary Step 6 Find the rom file on your computer that you want to restore to your ZyAIR Step 7 Use put to transfer files from the ZyAIR to the computer for example put config rom rom 0 transfers the configuration file config rom on your computer to the ZyAIR See earlier in this chapter for more information on filename conventions Step 8 Enter quit to exit the ftp prompt The ZyAIR will automatically restart after a successful restore process 10 8 Firmware and Configuration File Maintenance ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 10 3 2 Restore Using FTP Session Example ftp gt put config rom rom 0 200 Port command okay 150 Opening data connection for STOR rom 0 226 File received OK 221 Goodbye for writing flash ftp 16384 bytes sent in 0 06Seconds 273 07Kbytes sec ftp gt quit Figure 10 8 Restore Using FTP Session Example Refer to section 10 2 5 to read about configurations that disallow TFTP and FTP over WAN 10 3 3 Restore Via Console Port Restore configuration via console port by following the HyperTerminal procedure shown next Procedures using other serial communications programs should be similar Step 1 Display menu 24 6 and enter y at the following screen Ready to restor
204. your ZyAIR a cost effective and viable network solution You can connect up to four computers to the LAN ports on you ZyAIR without the cost of a hub 10 100M Auto negotiation Ethernet Fast Ethernet Interface This auto negotiation feature allows the ZyAIR to detect the speed of incoming transmissions and adjust appropriately without manual intervention It allows data transfer of either 10 Mbps or 100 Mbps in either half duplex or full duplex mode depending on your Ethernet network IEEE 802 11b 11 Mbps Wireless LAN The 11 Mbps wireless LAN provides wireless mobility and a fast network environment for small and home offices Computers with IEEE 802 11b wireless NICs Network Interface Cards can connect to the local area network without any wiring efforts and enjoy reliable high speed connectivity Getting To Know Your ZyAIR 1 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Wireless LAN MAC Address Filtering MAC Address Filtering together with ESSID Extended Service Set IDentifier WEP Wired Equivalent Privacy and IEEE 802 1x to ensure wireless network security IEEE 802 1x for Network Security Your ZyAIR supports the IEEE 802 1x standard that works with the IEEE 802 11 to enhance user authentication With the local user profile the ZyAIR allows you to configure up 32 user profiles without a network authentication server In addition centralized user and accounting management is possible on an optional network authenti
205. zed DHCP server The ZyAIR has built in DHCP server capability enabled by default which means it can assign IP addresses an IP default gateway and DNS servers to Windows 95 Windows NT and other systems that support the DHCP client The ZyAIR can also act as a surrogate DHCP server where it relays IP address assignment from the actual DHCP server to the clients IP Pool Setup The ZyAIR is pre configured with a pool of 32 IP addresses starting from 192 168 1 33 to 192 168 1 64 for the client machines This leaves 31 IP addresses 192 168 1 3 to 192 168 1 32 excluding the ZyAIR itself which has a default IP of 192 168 1 1 for other server machines for example server for mail FTP telnet web etc that you may have DNS Server Address DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa for example the IP address of www zyxel com 1s 204 217 0 2 The DNS server is extremely important because without it you must know the IP address of a machine before you can access it The DNS server addresses that you enter in the DHCP setup are passed to the client machines along with the assigned IP address and subnet mask There are two ways that an ISP disseminates the DNS server addresses The first is for an ISP to tell a customer the DNS server addresses usually in the form of an information sheet when s he signs up If your ISP does give you the DNS server addresses enter them in the DNS Server fi
206. zyxel com AMERICA 800 255 4101 sales zyxel com 1 714 632 0858 ftp zyxel com SCANDINAVIA support zyxel dk 45 3955 0700 www zyxel dk a sales zyxel dk 45 3955 0707 ftp zyxel dk GERMANY support zyxel de 49 2405 6909 0 www zyxel de sales zyxel de 49 2405 6909 99 ZyXEL Communications Corp 6 Innovation Road ll Science Based Industrial Park Hsinchu 300 Taiwan ZyXEL Communications Inc 1650 Miraloma Avenue Placentia CA 92870 U S A ZyXEL Communications A S Columbusvej 5 2860 Soeborg Denmark ZyXEL Deutschland GmbH Adenauerstr 20 A4 D 52146 Wuerselen Germany Customer Support ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch Table of Contents OO E ii Federal Communications Commission FCC Interference Statement c ecce eee eere iii ZyXEL Limited Warranty iv Customer SUDDO TL E v AN O xi List Of Tables PP Xv List Of Diagram C M rss xvi IN xvii GETTING STARTED NEE I Chapter 1 Getting To Know Your ZyAIR 4 cene eerte ee eene eren etn erento sssr tostio ros ves ta seta sese ta sto naso 1 1 1 1 ZyAIR B 2000 Wireless LAN Gateway with 4 Port Switch 1 1 Ki Features of the Zy AUR Gros nae PONCII NUR aue tm esten 1 1 I 3 Application for the ZyAIR mienste dE EO PRO e OBEN GRE

Download Pdf Manuals

Related Search

Related Contents

  Alternateur  Binder FP400 operating manual ENG  ECC Member Area User Guide  100088-c ER_I  innen.  manual de instrucciones para el martillo percutor  Tulle en Corrèze  Visualizza  

Copyright © All rights reserved. Failed to retrieve file