ZyXEL Communications 2602HWNLI-D7A guide

Prestige 2602HWNLI-D7A Support Notes

∙EAP-Packet : Both the supplicant and the authenticator send this packet when authentication is taking place. This is the packet that contains either the MD5-Challenge or TLS information required for authentication.

∙EAPOL-Start : This supplicant sends this packet when it wants to initiate the authentication process.

∙EAPOL-Logoff : The supplicant sends this packet when it wants to terminate its 802.1x session.

∙EAPOL-Key : This is used for TLS authentication method. The Wireless AP uses this packet to send the calculated WEP key to the supplicant after TLS negotiation has completed between the supplicant and the RADIUS server.

IEEE 802.1x Configuration in ZyXEL Wireless Access Point

∙Enable 802.1x in AP

When the IEEE 802.1x authentication is enabled, the wireless client must be authenticated by the ZyXEL AP before it can communicate on your network through ZyXEL AP. By default, the 802.1x function is disabled (Authentication Control= Force Authorized) to allow all wireless client. You can use SMT or Web Configuration to configure it.

Enter SMT Menu 23.4 to setup the 802.1x authentication control.

114

All contents copyright (c) 2007 ZyXEL Communications Corporation.

Image 114

ZyXEL Communications manual Prestige 2602HWNLI-D7A Support Notes

Contents

Prestige 2602HWNLI-D7A Version Aug Prestige 2602HWNLI-D7A Support Notes FAQ Roduct FAQ Pstn L Ifeline FAQ Ontent F Ilter FAQ Ireless FAQ Application Notes All PCs must have an Ethernet adapter card installed TCP/IP InstallationEthernet connection TCP/IP Configuration Follow these steps to configure Windows TCP/IP∙ Setting up the Prestige router Prestige 2602HWNLI-D7A Support Notes Setup the Prestige as a Dhcp Relay ∙ Setup the Prestige as a Dhcp Client Press Enter to Confirm or ESC to Cancel Configure an Internal Server Behind SUA Service Port Number Smtp Configure a Pptp server Behind SUA ∙ Example 1723 192.168.1.10 Prestige 2602HWNLI-D7A Support Notes Using NAT / Multi-NAT ∙ What is Multi-NAT? Many to Many Overload One to OneMany to One Many to Many No Overload Following table summarizes these types NAT Type IP Mapping DirectionApplying NAT in the SMT Menus None Full FeatureField Options Description SUA Only Configuring NAT Table Applying NAT in Menu 4 and MenuAddress Mapping Sets and NAT Server Sets Prestige 2602HWNLI-D7A Support Notes Field Description Option/Example SUA Field Description Option Following table describes the fields in this screen Enter 2 to go to Menu 15.2.1-NAT Server Setup Internet Access Only See the following figure Prestige 2602HWNLI-D7A Support Notes Internet Access with an Internal Server Types are used Type One-to-One Start= Name= Example3 Support Non NAT Friendly Applications Type Many-to-Many No Overload Start= ∙ SUA NAT Type IP Mapping About Filter & Filter Examples How does ZyXEL filter work? ∙ Filter Structure ∙ Filter Types and SUA Prestige 2602HWNLI-D7A Support Notes Menu Protocol and device rule cannot be active together Filter for blocking the web service Create a filter set in Menu Rule one for a. http packet, TCP06/Port number Rule 2 for b.DNS request, TCP06/Port number Rule 3 for c. DNS packet UDP17/Port number Configuration Create a filter set in Menu 21, e.g., set Filter for blocking a specific client Addr= field, for one workstation it is One rule for blocking all packets from this clientEnter the client IP in this field Set to Drop to drop all the packets from this client Before you Begin Detailed format of the Ethernet Version Configurations Action Matched= Drop Action Not Matched= Forward Value= 0080c810234a Filter for blocking the NetBIOS packets Action Not Matched= Check Next Rule Prestige 2602HWNLI-D7A Support Notes Prestige 2602HWNLI-D7A Support Notes Menu 21.1.6 TCP/IP Filter Rule Filter # 1,6 Prestige 2602HWNLI-D7A Support Notes Prestige 2602HWNLI-D7A Support Notes Menu 3.1 General Ethernet Setup Input Filter Sets Using the Dynamic DNS Ddns Key Settings for using Ddns function Password Enable Wildcard Network Management Using Snmp Writes ∙ Set ∙ Get∙ GetNext ∙ Trap ZyXEL Snmp Implementation ∙ warmStart defined in RFC-1215 Configure the Prestige for Snmp Using syslog ∙ Unix Setup L02 Call Terminated C02 Call Terminated Example ∙ Packet triggered log∙ Filter log ∙ PPP Log Format SdcmdSyslogSend SYSLOGPPPLOG, SYSLOGNOTICE, String Using IP Alias ∙ What is IP Alias ? Dhcp Setup TCP/IP Setup Using Call Scheduling IP Alias Edit the Schedule sets in menu Select a Schedule Set number and give it a name Menu 26.1 Schedule Set Setup is as follows Enable Start Date How Often Forced On Forced Down ∙ Time Service in Prestige Using IP Multicast ∙ IP Multicast Setup Enable Igmp in Prestiges LAN in menu Enable Igmp in Prestiges remote node in menu Multicast SMT Menu 2 WAN Backup Setup Using Prestige traffic redirectYou can deploy the backup gateway on LAN of Prestige Traffic Redirect on LAN port WAN IP Using Universal Plug n Play UPnP ∙ 1. What is UPnP UPnP Operations ∙ 2. Using UPnP in ZyXEL devices Enable UPnP function in ZyXEL device Changes through UPnP Prestige 2602HWNLI-D7A Support Notes Finally, your video conversation is achieved Infrastructure mode What is Infrastructure mode? Configuration Prestige Wireless using SMT Prestige 2602HWNLI-D7A Support Notes ∙ Configuration Wireless Station to Infrastructure mode Double click on the AP you want to associated with Wireless MAC address filtering MAC Filter Overview Key Settings Option Descriptions Configured in this list will be blockedFilter Action Prestige 2602HWNLI-D7A Support Notes WEP configuration Wired Equivalent Privacy Introduction Setting up the Access Point Key settings Access point will decrypt the data by its Key Setting up the Station Prestige 2602HWNLI-D7A Support Notes Prestige 2602HWNLI-D7A Support Notes Configuring Ieee 802.1x Introduction Authenticator Authentication ServerSupplicant ∙ Authentication Port State and Authentication Control ∙ Re-Authentication Eapol Exchange between 802.1x Authenticator and Supplicant Prestige 2602HWNLI-D7A Support Notes Prestige 2602HWNLI-D7A Support Notes If you use WEB Configuration Wireless Port Control= No Authentication Required ∙ Using Internal Authentication Server If you use WEB Configurator Key settingsPassword User Name ∙ Using External Radius Authentication Server Prestige 2602HWNLI-D7A Support Notes Key settings for authentication server Server Address Port Shared Secret Site Survey Preparation Survey on Site Prestige 2602HWNLI-D7A Support Notes Pstn Lifeline Application Notes Usage of Pstn Lifeline Lifeline configuration How to connect Lifeline and DSL connection Relay to PstnFirgure 1 Splitter type Prestige 2602HWNLI-D7A Support Notes Isdn Lifeline Application Notes Usage of Isdn Lifeline Relay to Isdn Prestige 2602HWNLI-D7A Support Notes Setup SIP Account VoIP Application Notes Prestige 2602HWNLI-D7A Support Notes Local AccountNumber Port Reset PasswordSetup Domain Peer to Peer call Topology Topology Explanation Preparation and Steps Prestige 2602HWNLI-D7A Support Notes Setup--- Configuring SIP / VoIP related settings in device B Phone port settings Function menu Setting to take effectVolume Speaking Support Advanced voice settings configurationActive Dialing Each fields detail description of the page is listed below SIP Account URL Type TimerDtmf Mode Expiration Indication MessageWaiting Time Each fields detail description of the page is listed below Name Speed DialSIP Number Type Region Voice Common SettingsSettings Immediate Call Service Mode Services from your voice service providerVoice QoS setup Call Forwarding setup PriorityVoice Vlan Unconditional Forward to Number Busy Forward to NumberNo Answer Forward to Number Unconditional Table NumberForward to Busy Forward Call Waiting setup Number Setup sectionCall Hold setup Condition Scenario Prestige 2602HWNLI-D7A Support Notes Step Dial B phone number directly to make another call Three Way Conference setupStep Conversation Call Transfer setup Dial to B Off hook B conversation To active Blind Transfer please follow the below step Application scenario 2 Consult On Hold Transfer Application scenario 3 Attendant Transfer To active Attendant Transfer please follow the below step Internal CallCall Fallback Prestige 2602HWNLI-D7A Support Notes Call Park Call Flow Step Then a hang up the phoneCall Pickup Call Flow Call Return Distinctive Ringing Each filed is described in the following table How to configure DND on phone keypad? 95# Enable Do Not DisturbDo Not Disturb DND #95# Disable Do not Disturb 95#SIP Number*Active Timer# Hot Line Auto Dial Ras voice config fxs save Music on hold MWI Caller ID enable/disable Country Code Trunking Trunking Category Trunking Peer to Peer Configuration details Network Once dials #01 on phone 1, phone 3 will ring Prestige 2602HWNLI-D7A Support Notes Prestige 2602HWNLI-D7A Support Notes Trunking SIP to FXO Trunking GeneralGUI VoIP Trunking General, then click Apply button On Device B No special configuration needed Trunking FXO to SIP Prestige 2602HWNLI-D7A Support Notes Trunking FXO to FXO Prestige 2602HWNLI-D7A Support Notes Prestige 2602HWNLI-D7A Support Notes FAQ What is ZyNOS? How do I access the embedded web configurator? How do I upload or backup Romfile via web configurator? Why cant I make Telnet to Prestige from WAN? What is SUA? When should I use SUA? You have not enable Telnet service on WAN interface in MenuWhat should I do if I forget the system password? What is the difference between NAT and SUA? How many network users can the SUA/NAT support? Why cant I configure device filters or protocol filters?What is the Prestige Integrated Access Device? What are Device filters and Protocol filters? Will the Prestige work with my Internet connection? What is PPPoE?How do I know I am using PPPoE? What do I need to use the Prestige? Which Internet Applications can I use with the Prestige? Why does my provider use PPPoE?How can I configure the Prestige? What network interface does the Prestige support? Default IP address is 192.168.1.1, Password How does e-mail work through the Prestige?What Dhcp capability does the Prestige support? How does the Prestige support TFTP? Can the Prestige support Tftp over WAN?How fast can the data go? What is Multi-NAT? When do I need Multi-NAT? What IP/Port mapping does Multi-NAT support? Server What is the difference between SUA and Multi-NAT? What is BOOTP/DHCP?What is DDNS? When do I need Ddns service? Can I connect more than one phone on the phone port? What does Lifeline mean?Do I need Lifeline? Can I receive incoming Pstn call through P2602HWNLI- D7A? What is the relationship between codec and VoIP? What is Voice over IP?Why use VoIP? Can I make an outgoing Pstn call through P2602HWNLI D7A? What is codec? What is the difference between H.323 and SIP?What is voice quality? What advantage does Voice over IP can provide? Which codec should I choose? What is the relation of codec and VoIP?What codec does Prestige support? What do I need in order to use SIP? Unable to register with the SIP server? Can register but can not establish a call? What is a network firewall? What makes Prestige firewall secure?What are the basic types of firewalls? What kind of firewall is the Prestige? What is Teardrop attack? What is Denials of Service DoSattack?What is Ping of Death attack? What is SYN Flood attack? What is IP Spoofing attack? What is Land attack?What is Brute-force attack? What are the default ACL firewall rules in Prestige? How can I protect against IP spoofing attacks? Can I override block or allow certain URLs by wording? What is VPN?Why do I need VPN? Security What is IPSec? What is PPTP?What is L2TP? Cost What is SA? What is IKE?What secure protocols does IPSec support? What are the differences between IKE and manual key VPN? What is Pre-Shared Key?What is Phase 1 ID for? What are Local ID and Peer ID? Is my Prestige ready for IPSec VPN? When should I use FQDN?How do I configure Prestige VPN? How many VPN connections does Prestige support? What types of authentication does Prestige VPN support? What VPN protocols are supported by Prestige?What types of encryption does Prestige VPN support? Does Prestige support dynamic secure gateway IP? Will ZyXEL support Secure Remote Management? Does Prestige VPN support NetBIOS broadcast?Where can I configure Phase 1 ID in Prestige? Is the host behind NAT allowed to use IPSec? We presume your environment may look like this How can I keep a tunnel alive? Can Prestige support IPSec passthrough? What is a Wireless LAN ? What are the advantages of Wireless LANs ? What is an Access Point ? What are the disadvantages of Wireless LANs ?Where can you find wireless 802.11 networks ? What is Ieee 802.11 ? What is 802.11g ? What is 802.11b ?What is 802.11a ? How fast is 802.11b ? Can radio signals pass through walls ? What is Wi-Fi ?Does the 802.11 interfere with Bluetooth devices ? What types of devices use the 2.4GHz Band ? How many Access Points are required in a given area ? What is Ad Hoc mode ?What is Infrastructure mode ? What is Direct-Sequence Spread Spectrum Technology Dsss ? What is Server Set ID Ssid ? What is Frequency-hopping Spread Spectrum Technology Fhss ?Why the 2.4 Ghz Frequency range ? What is an Essid ? What is a WEP key ? What is WEP ?What is the difference between 40-bit and 64-bit WEP ? Can the Ssid be encrypted ? What is Wireless Sniffer? What is 802.1x ?What are Insertion Attacks? What is AAA ? What is Radius ?What is WPA ? Trouble Shooting What is WPA-PSK? Online Trace Example TCP/IP 0001 RAW Data Urgent Ptr TCP Data Length=6 Captured=6 0000 20 20 20 20 20 Prestige 2602HWNLI-D7A Support Notes Be 2F FE EF D0 7637 Checksum = 0x7A12 31250 Urgent Ptr Offline Trace TCP 0000 80 C8 A0-C5 0010 0020 1B-18 FA F0 04-05 Prestige 233 Prestige 2602HWNLI-D7A Support Notes Debug PPPoE Connection Example- a trace with system crashes Prestige 2602HWNLI-D7A Support Notes Prestige 2602HWNLI-D7A Support Notes LAN/WAN Packet Trace Trace LAN packet Trace WAN packet Example RAW Data Size 60 Time 12090.210 sec Frame Type TCP = 0xE8ED 0030 22 38 E8 ED 00 00 20 20-20 20 20 FB be 2F FE EF D0 CLI Command List