Manuals / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications 2602HWL-DXA manual Using External Radius Authentication Server

Models: 2602HWL-DXA

1 218

Download 218 pages 45.38 Kb

Page 119

Prestige 2602HWL-DxA Support Notes

•Using External RADIUS Authentication Server

In addition to the internal authentication server inside ZyXEL AP, you can use external RADIUS authentication server to centrally manage the user account profile. RADIUS is based on a client-server model that supports authentication, authorization and accounting. The wireless AP is the client and the server is the RADIUS server.

The authenticator includes the RADIUS client, which is responsible for encapsulating and decapsulating the Extensible Authentication Protocol (EAP) frames and interacting with the authentication server. When the authenticator receives EAPOL frames and relays them to the authentication server, the Ethernet header is stripped and the remaining EAP frame is re-encapsulated in the RADIUS format. The EAP frames are not modified or examined during encapsulation, and the authentication server must support EAP within the native frame format. When the authenticator receives frames from the authentication server, the server＇s frame header is removed, leaving the EAP frame, which is then encapsulated for Ethernet and sent to the supplicant. When the client supplies its identity, the authenticator begins its role as the intermediary, passing EAP frames

119

All contents copyright (c) 2005 ZyXEL Communications Corporation.

Image 119

ZyXEL Communications 2602HWL-DXA manual Using External Radius Authentication Server

Contents

Version Feb Prestige 2602HWL-DXAIndex Application Notes Prestige 2602HWL-DxA Support NotesFAQ VoIP FAQ Prestige 2602HWL-DxA Support Notes Prestige 2602HWL-DxA Support Notes Prestige 2602HWL-DxA Support Notes CLI Command List 218 Trouble Shooting 191Ethernet connection All PCs must have an Ethernet adapter card installedSetting up the Prestige router TCP/IP InstallationTCP/IP Configuration Follow these steps to configure Windows TCP/IPPrestige 2602HWL-DxA Support Notes Web screen shown below takes PPPoE as the example What is Dhcp Relay? Setup the Prestige as a Dhcp RelaySetup the Prestige as a Dhcp Client Introduction Configure an Internal Server Behind SUAPort Number ServiceConfigure a Pptp server Behind SUA Example 1723 Prestige 2602HWL-DxA Support Notes How NAT works Using NAT / Multi-NATMany to Many No Overload One to OneMany to One Many to Many OverloadApplying NAT in the SMT Menus Following table summarizes these typesNAT Type IP Mapping Direction SUA Only Full FeatureField Options Description NoneAddress Mapping Sets and NAT Server Sets Configuring NATTable Applying NAT in Menu 4 and Menu Menu 15.1.1 Address Mapping Rules Set Name= SUA SUA Field Description Option/ExampleField Description Option One-to-One,Many-to-One and Server types Following table describes the fields in this screenPrestige 2602HWL-DxA Support Notes Internet Access Only Service Port NumberPrestige 2602HWL-DxA Support Notes Internet Access with an Internal Server Prestige 2602HWL-DxA Support Notes Type One-to-One Start= Menu 15.1.1 Address Mapping Rules Support Non NAT Friendly Applications Type Many-to-Many No Overload 192.168.1.10 SUA/PAT NAT Type IP MappingFilter Structure About Filter & Filter Examples How does ZyXEL filter work?Filter Types and SUA Prestige 2602HWL-DxA Support Notes Menu Protocol and device rule cannot be active together Filter for blocking the web service Create a filter set in Menu Rule 2 for b.DNS request, TCP06/Port number Rule one for a. http packet, TCP06/Port numberRule 3 for c. DNS packet UDP17/Port number Filter Rules Configuration Create a filter set in Menu 21, e.g., setSet to Drop to drop all the packets from this client One rule for blocking all packets from this clientEnter the client IP in this field Addr= field, for one workstation it isDetailed format of the Ethernet Version Before you BeginConfigurations Key Settings Menu 3.1 General Ethernet Setup Input Filter Sets Filter for blocking the NetBIOS packets Action Not Matched= Check Next Rule Port # Comp= None TCP Estab= N/A More= No Log= None Menu 21.1.6 TCP/IP Filter Rule Filter # 1,6 Menu Filter Rules Summary Equal Rules Summary Using the Dynamic DNS Ddns Option Service Provider Active Host User Description Key Settings for using Ddns functionNetwork Management Using Snmp Password Enable WildcardWrites Trap GetGetNext SetZyXEL Snmp Implementation WarmStart defined in RFC-1215 Configure the Prestige for Snmp NMS managers Key SettingsUsing syslog Prestige SetupUnix Setup Filter log L02 Call Terminated C02 Call Terminated ExamplePacket triggered log Format SdcmdSyslogSend SYSLOGPPPLOG, SYSLOGNOTICE, String PPP LogWhat is IP Alias ? Using IP AliasDhcp Setup TCP/IP Setup IP Alias Using Call SchedulingSelect a Schedule Set number and give it a name Edit the Schedule sets in menuMenu 26.1 Schedule Set Setup is as follows How Often EnableDisable Start DateTime Service in Prestige IP Multicast Setup Enable Igmp in Prestiges LAN in menu Using IP MulticastMulticast Enable Igmp in Prestiges remote node in menuTraffic Redirect on LAN port Using Prestige traffic redirectYou can deploy the backup gateway on LAN of Prestige SMT Menu 2 WAN Backup SetupKey Settings What is UPnP Using Universal Plug n Play UPnPUPnP Operations Enable UPnP function in ZyXEL device Using UPnP in ZyXEL devicesPrestige 2602HWL-DxA Support Notes Prestige 2602HWL-DxA Support Notes Finally, your video conversation is achieved What is Infrastructure mode? Infrastructure modeConfiguration Prestige Wireless using SMT Prestige 2602HWL-DxA Support Notes Configuration Wireless Station to Infrastructure mode Double click on the AP you want to associated with MAC Filter Overview Wireless MAC address filteringFilter Action Key Settings OptionPrestige 2602HWL-DxA Support Notes Introduction WEP configuration Wired Equivalent PrivacySetting up the Access Point Key settings Access point will decrypt the data by its Key Setting up the Station Prestige 2602HWL-DxA Support Notes Prestige 2602HWL-DxA Support Notes Ieee 802.1x Introduction ConfiguringSupplicant AuthenticatorAuthentication Server Authentication Port State and Authentication Control Re-Authentication Eapol Exchange between 802.1x Authenticator and Supplicant Prestige 2602HWL-DxA Support Notes Prestige 2602HWL-DxA Support Notes Wireless Port Control= No Authentication Required If you use WEB ConfigurationUsing Internal Authentication Server Enter a username up to 31 alphanumeric characters long Key settingsUser Name Active Password If you use WEB ConfiguratorUsing External Radius Authentication Server Prestige 2602HWL-DxA Support Notes User Name Active Server Address Port Shared Secret Key settings for authentication serverPreparation Site SurveySurvey on Site Prestige 2602HWL-DxA Support Notes Usage of Pstn Lifeline Pstn Lifeline Application Notes For Lifeline model onlyLifeline configuration Firgure 1 Splitter type How to connect Lifeline and DSL connectionRelay to Pstn VoIP Application Notes Setup SIP Account Port AccountNumber LocalAddress SIP Server PasswordSetup ResetPreparation and Steps Peer to Peer callTopology Topology Explanation Setup--- Configuring SIP / VoIP related settings in device a Setup--- Configuring SIP / VoIP related settings in device B Prestige 2602HWL-DxA Support Notes Phone port settings Listening VolumeSpeaking Dialing Advanced voice settings configurationActive SupportSIP Account Each fields detail description of the page is listed belowExpiration TimerDtmf Mode URL TypeTime MessageWaiting IndicationEach fields detail description of the page is listed below Type Speed DialSIP Number NameVoice Vlan Voice QoS setupPriority Unconditional Forward to Number Call Forwarding setupVlan group to communicate with the SIP server Busy Forward Table NumberForward to UnconditionalIncoming Call Number Setup sectionWaiting Time ActivateIncoming Call Number field Voice Common Settings Region SettingsCall Service What is ZyNOS?How do I access the embedded web configurator? How do I upload or backup Romfile via web configurator? What is SUA? When should I use SUA? Why cant I make Telnet to Prestige from WAN?What should I do if I forget the system password? What are Device filters and Protocol filters? What is the difference between NAT and SUA?Why cant I configure device filters or protocol filters? How many network users can the SUA/NAT support?What do I need to use the Prestige? What is the Prestige Integrated Access Device?What is PPPoE? Will the Prestige work with my Internet connection?Does the Prestige support PPPoE? How do I know I am using PPPoE?Why does my provider use PPPoE? How can I configure the Prestige?What Dhcp capability does the Prestige support? Does Prestige support dynamic IP addressing?How does e-mail work through the Prestige? How fast can the data go? Default IP address is 192.168.1.1, PasswordHow does the Prestige support TFTP? Can the Prestige support Tftp over WAN?When do I need Multi-NAT? What is Multi-NAT?What IP/Port mapping does Multi-NAT support? What is BOOTP/DHCP? What is the difference between SUA and Multi-NAT?What is DDNS? When do I need Ddns service? Do I need Lifeline? What does Lifeline mean?Can I receive incoming Pstn call through P2602HWL- 6xC? What is Voice over IP?Why use VoIP? Can I connect more than one phone on the phone port?What advantage does Voice over IP can provide? What is the relationship between codec and VoIP?What is the difference between H.323 and SIP? What is voice quality?Which codec should I choose? What is codec?What is the relation of codec and VoIP? What codec does Prestige support?Can register but can not establish a call? Unable to register with the SIP server?What makes Prestige firewall secure? What is a network firewall?What kind of firewall is the Prestige? What are the basic types of firewalls?What is SYN Flood attack? What is Denials of Service DoSattack?What is Ping of Death attack? What is Teardrop attack?What are the default ACL firewall rules in Prestige? What is Land attack?What is Brute-force attack? What is IP Spoofing attack?How can I protect against IP spoofing attacks? Can I override block or allow certain URLs by wording? What is VPN?Cost Why do I need VPN?What is PPTP? SecurityWhat secure protocols does IPSec support? What is L2TP?What is IPSec? What is Phase 1 ID for? What is SA?What is IKE? What is Pre-Shared Key?Is my Prestige ready for IPSec VPN? When should I use FQDN?What are Local ID and Peer ID? What VPN protocols are supported by Prestige? How do I configure Prestige VPN?What types of authentication does Prestige VPN support? How many VPN connections does Prestige support?Does Prestige support dynamic secure gateway IP? NAT Condition Supported IPSec Protocol Does Prestige VPN support NetBIOS broadcast?Will ZyXEL support Secure Remote Management? Is the host behind NAT allowed to use IPSec?Where can I configure Phase 1 ID in Prestige? Can Prestige support IPSec passthrough? How can I keep a tunnel alive?What are the advantages of Wireless LANs ? What is a Wireless LAN ?What is an Access Point ? What are the disadvantages of Wireless LANs ?Where can you find wireless 802.11 networks ? What is 802.11g ? What is Ieee 802.11 ?What is 802.11b ? What is 802.11a ?Is it possible to use products from a variety of vendors ? What is Wi-Fi ?Does the 802.11 interfere with Bluetooth devices ? Can radio signals pass through walls ?Whats the difference between a Wlan and a Wwan ? What is Ad Hoc mode ?What is Infrastructure mode ? Why the 2.4 Ghz Frequency range ? How many Access Points are required in a given area ?What is Direct-Sequence Spread Spectrum Technology Dsss ? What is Frequency-hopping Spread Spectrum Technology Fhss ?What is a WEP key ? What is an Essid ?What is WEP ? What is the difference between 40-bit and 64-bit WEP ?What are Insertion Attacks ? What is Wireless Sniffer ?Can the Ssid be encrypted ? What is Radius ? What is 802.1x ?What is AAA ? What is WPA-PSK? What is WPA ?Example Online TraceTCP TCP/IP RAW Data RAW Data Time 12387.260 sec 0xCA849B61 31244 Flags MAC Addr = 00A0C5921312 Network Type Offline Trace Destination MAC Addr Flags = 0x12 .A..S Size 247/ 96 Time 12865.120 sec Addr = 00A0C5591284 Debug PPPoE Connection Example- a trace with system crashes Prestige 2602HWL-DxA Support Notes Prestige 2602HWL-DxA Support Notes Trace LAN packet Trace WAN packet LAN/WAN Packet TraceSource MAC Addr 0080C84CEA63 Network Type 0x0800 TCP/IP 13067 Frame Type TCP Ethernet Header FA F0 @...y MAC Addr = 00A0C5012345 Network Type 0020 9B CLI Command List