ZyXEL Communications 2602HWL-DXA manual

Prestige 2602HWL-DxA Support Notes

•EAP-Packet : Both the supplicant and the authenticator send this packet when authentication is taking place. This is the packet that contains either the MD5-Challenge or TLS information required for authentication.

•EAPOL-Start : This supplicant sends this packet when it wants to initiate the authentication process.

•EAPOL-Logoff : The supplicant sends this packet when it wants to terminate its 802.1x session.

•EAPOL-Key : This is used for TLS authentication method. The Wireless AP uses this packet to send the calculated WEP key to the supplicant after TLS negotiation has completed between the supplicant and the RADIUS server.

IEEE 802.1x Configuration in ZyXEL Wireless Access Point

•Enable 802.1x in AP

When the IEEE 802.1x authentication is enabled, the wireless client must be authenticated by the ZyXEL AP before it can communicate on your network through ZyXEL AP. By default, the 802.1x function is disabled (Authentication Control= Force Authorized) to allow all wireless client. You can use SMT or Web Configuration to configure it.

Enter SMT Menu 23.4 to setup the 802.1x authentication control.

115

All contents copyright (c) 2005 ZyXEL Communications Corporation.

Image 115

ZyXEL Communications 2602HWL-DXA manual Prestige 2602HWL-DxA Support Notes

Contents

Version Feb Prestige 2602HWL-DXA Index Application Notes Prestige 2602HWL-DxA Support Notes FAQ VoIP FAQ Prestige 2602HWL-DxA Support Notes Prestige 2602HWL-DxA Support Notes Prestige 2602HWL-DxA Support Notes CLI Command List 218 Trouble Shooting 191 Ethernet connection All PCs must have an Ethernet adapter card installed Setting up the Prestige router TCP/IP InstallationTCP/IP Configuration Follow these steps to configure Windows TCP/IP Prestige 2602HWL-DxA Support Notes Web screen shown below takes PPPoE as the example What is Dhcp Relay? Setup the Prestige as a Dhcp Relay Setup the Prestige as a Dhcp Client Introduction Configure an Internal Server Behind SUA Port Number Service Configure a Pptp server Behind SUA Example 1723 Prestige 2602HWL-DxA Support Notes How NAT works Using NAT / Multi-NAT Many to Many No Overload One to OneMany to One Many to Many Overload NAT Type IP Mapping Direction Following table summarizes these typesApplying NAT in the SMT Menus SUA Only Full FeatureField Options Description None Table Applying NAT in Menu 4 and Menu Configuring NATAddress Mapping Sets and NAT Server Sets Menu 15.1.1 Address Mapping Rules Set Name= SUA SUA Field Description Option/Example Field Description Option One-to-One,Many-to-One and Server types Following table describes the fields in this screen Prestige 2602HWL-DxA Support Notes Internet Access Only Service Port Number Prestige 2602HWL-DxA Support Notes Internet Access with an Internal Server Prestige 2602HWL-DxA Support Notes Type One-to-One Start= Menu 15.1.1 Address Mapping Rules Support Non NAT Friendly Applications Type Many-to-Many No Overload 192.168.1.10 SUA/PAT NAT Type IP Mapping Filter Structure About Filter & Filter Examples How does ZyXEL filter work? Filter Types and SUA Prestige 2602HWL-DxA Support Notes Menu Protocol and device rule cannot be active together Filter for blocking the web service Create a filter set in Menu Rule 2 for b.DNS request, TCP06/Port number Rule one for a. http packet, TCP06/Port number Rule 3 for c. DNS packet UDP17/Port number Filter Rules Configuration Create a filter set in Menu 21, e.g., set Set to Drop to drop all the packets from this client One rule for blocking all packets from this clientEnter the client IP in this field Addr= field, for one workstation it is Detailed format of the Ethernet Version Before you Begin Configurations Key Settings Menu 3.1 General Ethernet Setup Input Filter Sets Filter for blocking the NetBIOS packets Action Not Matched= Check Next Rule Port # Comp= None TCP Estab= N/A More= No Log= None Menu 21.1.6 TCP/IP Filter Rule Filter # 1,6 Menu Filter Rules Summary Equal Rules Summary Using the Dynamic DNS Ddns Option Service Provider Active Host User Description Key Settings for using Ddns function Network Management Using Snmp Password Enable Wildcard Writes Trap GetGetNext Set ZyXEL Snmp Implementation WarmStart defined in RFC-1215 Configure the Prestige for Snmp NMS managers Key SettingsUsing syslog Prestige Setup Unix Setup Packet triggered log L02 Call Terminated C02 Call Terminated ExampleFilter log Format SdcmdSyslogSend SYSLOGPPPLOG, SYSLOGNOTICE, String PPP Log What is IP Alias ? Using IP Alias Dhcp Setup TCP/IP Setup IP Alias Using Call Scheduling Select a Schedule Set number and give it a name Edit the Schedule sets in menu Menu 26.1 Schedule Set Setup is as follows How Often EnableDisable Start Date Time Service in Prestige IP Multicast Setup Enable Igmp in Prestiges LAN in menu Using IP Multicast Multicast Enable Igmp in Prestiges remote node in menu Traffic Redirect on LAN port Using Prestige traffic redirectYou can deploy the backup gateway on LAN of Prestige SMT Menu 2 WAN Backup Setup Key Settings What is UPnP Using Universal Plug n Play UPnP UPnP Operations Enable UPnP function in ZyXEL device Using UPnP in ZyXEL devices Prestige 2602HWL-DxA Support Notes Prestige 2602HWL-DxA Support Notes Finally, your video conversation is achieved What is Infrastructure mode? Infrastructure mode Configuration Prestige Wireless using SMT Prestige 2602HWL-DxA Support Notes Configuration Wireless Station to Infrastructure mode Double click on the AP you want to associated with MAC Filter Overview Wireless MAC address filtering Filter Action Key Settings Option Prestige 2602HWL-DxA Support Notes Introduction WEP configuration Wired Equivalent Privacy Setting up the Access Point Key settings Access point will decrypt the data by its Key Setting up the Station Prestige 2602HWL-DxA Support Notes Prestige 2602HWL-DxA Support Notes Ieee 802.1x Introduction Configuring Authentication Server AuthenticatorSupplicant Authentication Port State and Authentication Control Re-Authentication Eapol Exchange between 802.1x Authenticator and Supplicant Prestige 2602HWL-DxA Support Notes Prestige 2602HWL-DxA Support Notes Wireless Port Control= No Authentication Required If you use WEB Configuration Using Internal Authentication Server Enter a username up to 31 alphanumeric characters long Key settingsUser Name Active Password If you use WEB Configurator Using External Radius Authentication Server Prestige 2602HWL-DxA Support Notes User Name Active Server Address Port Shared Secret Key settings for authentication server Preparation Site Survey Survey on Site Prestige 2602HWL-DxA Support Notes Usage of Pstn Lifeline Pstn Lifeline Application Notes For Lifeline model only Lifeline configuration Relay to Pstn How to connect Lifeline and DSL connectionFirgure 1 Splitter type VoIP Application Notes Setup SIP Account Port AccountNumber Local Address SIP Server PasswordSetup Reset Topology Topology Explanation Peer to Peer callPreparation and Steps Setup--- Configuring SIP / VoIP related settings in device a Setup--- Configuring SIP / VoIP related settings in device B Prestige 2602HWL-DxA Support Notes Phone port settings Speaking VolumeListening Dialing Advanced voice settings configurationActive Support SIP Account Each fields detail description of the page is listed below Expiration TimerDtmf Mode URL Type Time MessageWaiting Indication Each fields detail description of the page is listed below Type Speed DialSIP Number Name Priority Voice QoS setupVoice Vlan Vlan group to communicate with the SIP server Call Forwarding setupUnconditional Forward to Number Busy Forward Table NumberForward to Unconditional Incoming Call Number Setup sectionWaiting Time Activate Incoming Call Number field Voice Common Settings Region SettingsCall Service What is ZyNOS? How do I access the embedded web configurator? How do I upload or backup Romfile via web configurator? What should I do if I forget the system password? Why cant I make Telnet to Prestige from WAN?What is SUA? When should I use SUA? What are Device filters and Protocol filters? What is the difference between NAT and SUA?Why cant I configure device filters or protocol filters? How many network users can the SUA/NAT support? What do I need to use the Prestige? What is the Prestige Integrated Access Device?What is PPPoE? Will the Prestige work with my Internet connection? Does the Prestige support PPPoE? How do I know I am using PPPoE?Why does my provider use PPPoE? How can I configure the Prestige? How does e-mail work through the Prestige? Does Prestige support dynamic IP addressing?What Dhcp capability does the Prestige support? How fast can the data go? Default IP address is 192.168.1.1, PasswordHow does the Prestige support TFTP? Can the Prestige support Tftp over WAN? When do I need Multi-NAT? What is Multi-NAT? What IP/Port mapping does Multi-NAT support? What is BOOTP/DHCP? What is the difference between SUA and Multi-NAT? What is DDNS? When do I need Ddns service? Do I need Lifeline? What does Lifeline mean? Can I receive incoming Pstn call through P2602HWL- 6xC? What is Voice over IP?Why use VoIP? Can I connect more than one phone on the phone port? What advantage does Voice over IP can provide? What is the relationship between codec and VoIP?What is the difference between H.323 and SIP? What is voice quality? Which codec should I choose? What is codec?What is the relation of codec and VoIP? What codec does Prestige support? Can register but can not establish a call? Unable to register with the SIP server? What makes Prestige firewall secure? What is a network firewall? What kind of firewall is the Prestige? What are the basic types of firewalls? What is SYN Flood attack? What is Denials of Service DoSattack?What is Ping of Death attack? What is Teardrop attack? What are the default ACL firewall rules in Prestige? What is Land attack?What is Brute-force attack? What is IP Spoofing attack? How can I protect against IP spoofing attacks? Can I override block or allow certain URLs by wording? What is VPN? Cost Why do I need VPN?What is PPTP? Security What is IPSec? What is L2TP?What secure protocols does IPSec support? What is Phase 1 ID for? What is SA?What is IKE? What is Pre-Shared Key? What are Local ID and Peer ID? When should I use FQDN?Is my Prestige ready for IPSec VPN? What VPN protocols are supported by Prestige? How do I configure Prestige VPN?What types of authentication does Prestige VPN support? How many VPN connections does Prestige support? Does Prestige support dynamic secure gateway IP? NAT Condition Supported IPSec Protocol Does Prestige VPN support NetBIOS broadcast?Will ZyXEL support Secure Remote Management? Is the host behind NAT allowed to use IPSec? Where can I configure Phase 1 ID in Prestige? Can Prestige support IPSec passthrough? How can I keep a tunnel alive? What are the advantages of Wireless LANs ? What is a Wireless LAN ? Where can you find wireless 802.11 networks ? What are the disadvantages of Wireless LANs ?What is an Access Point ? What is 802.11g ? What is Ieee 802.11 ?What is 802.11b ? What is 802.11a ? Is it possible to use products from a variety of vendors ? What is Wi-Fi ?Does the 802.11 interfere with Bluetooth devices ? Can radio signals pass through walls ? What is Infrastructure mode ? What is Ad Hoc mode ?Whats the difference between a Wlan and a Wwan ? Why the 2.4 Ghz Frequency range ? How many Access Points are required in a given area ?What is Direct-Sequence Spread Spectrum Technology Dsss ? What is Frequency-hopping Spread Spectrum Technology Fhss ? What is a WEP key ? What is an Essid ?What is WEP ? What is the difference between 40-bit and 64-bit WEP ? Can the Ssid be encrypted ? What is Wireless Sniffer ?What are Insertion Attacks ? What is AAA ? What is 802.1x ?What is Radius ? What is WPA-PSK? What is WPA ? Example Online Trace TCP TCP/IP RAW Data RAW Data Time 12387.260 sec 0xCA849B61 31244 Flags MAC Addr = 00A0C5921312 Network Type Offline Trace Destination MAC Addr Flags = 0x12 .A..S Size 247/ 96 Time 12865.120 sec Addr = 00A0C5591284 Debug PPPoE Connection Example- a trace with system crashes Prestige 2602HWL-DxA Support Notes Prestige 2602HWL-DxA Support Notes Trace LAN packet Trace WAN packet LAN/WAN Packet Trace Source MAC Addr 0080C84CEA63 Network Type 0x0800 TCP/IP 13067 Frame Type TCP Ethernet Header FA F0 @...y MAC Addr = 00A0C5012345 Network Type 0020 9B CLI Command List