Manuals / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications HS100/HS100W manual Dynamic WEP Key Exchange

Models: HS100/HS100W

1 357

Download 357 pages 54.31 Kb

Page 105

HomeSafe User’s Guide

7.10 Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed.

If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled.

To use Dynamic WEP, enable and configure the RADIUS server (see section 7.17) and enable Dynamic WEP Key Exchange in the Wireless screen. Ensure that the wireless station’s EAP type is configured to one of the following:

•EAP-TLS

•EAP-TTLS

•PEAP

)EAP-MD5 cannot be used with Dynamic WEP Key Exchange.

7.11Configuring 802.1x and Dynamic WEP Key Exchange

In order to configure and enable 802.1x and Dynamic WEP Key Exchange; click the WIRELESS link under ADVANCED to display the Wireless screen. Select 802.1x + Dynamic WEP from the Security list.

Figure 7-9 WLAN : Wireless : 802.1x and Dynamic WEP

The following table describes the labels in this screen.

7-12	Wireless Security

Image 105

ZyXEL Communications HS100/HS100W manual Configuring 802.1x and Dynamic WEP Key Exchange

Contents

Version 10/2005 HS-100 / HS-100W Copyright 2004 by ZyXEL Communications Corporation DisclaimerTrademarks Certifications Information for Canadian Users Online Registration ZyXEL Limited Warranty Customer Support Table of Contents III 11-1 Viii 27.1 Page List of Figures Xiv List of Figures 10-1 Xvi List of Figures Xvii Xviii List of Figures List of Tables List of Tables 20-3 Xxii List of Tables Related Documentation User’s Guide Feedback¾ ZyXEL Glossary and Web Site Syntax Conventions Graphics Icons KeyDslam HomeSafe User’s Guide Preface Xxv Part Page Physical Features HomeSafe FeaturesNon-Physical Features Getting to Know Your HomeSafe Brute-Force Password Guessing Protection Content Filtering802.11b Wireless LAN Standard HS-100W only Firewall Universal Plug and Play UPnP Packet FilteringCall Scheduling PPPoE Upgrade HomeSafe Firmware via LAN Dhcp Dynamic Host Configuration ProtocolNetwork Address Translation NAT Traffic Redirect Wireless Association List HS-100W only Secure Broadband Internet Access via Cable or DSL ModemApplications for the HomeSafe HomeSafe Parental Control Gateway Wireless LAN Application Example Wireless LAN Application Introducing the Web Configurator Web Configurator OverviewAccessing the HomeSafe Web Configurator Wlan Setup System Administrator Password SetupSet up your wireless LAN using the second wizard screen Following table describes the fields in this screen Wlan Setup Basic Security Access screenEssid Following table describes the labels in this screen Wlan Setup Extended SecurityWEP Ascii Refer to the chapter on wireless LAN for more information Internet Configuration Setup Internet Access Setup Internet Configuration Setup ISP Parameters Dhcp Internet Access Static IP Address Setup Parental Control Wizard Internet Configuration Setup Complete Wizard Parental Control Wizard Parental Control Time Setup Parental Control Create or Edit a Profile 10 Wizard Parental Control Time Setup 11 Wizard Create or Edit a Profile Parental Control Profile Information 12 Wizard Parental Control Profile Information Parental Control User Group Access rights Administrator can decide each group’sParental Control Time Allowance 13 Wizard Parental Control User Group Parental Control Application Blocking Parental Control Account Summary 15 Wizard Parental Control Application BlockingAllowance screen 16 Wizard Parental Control Summary Parental Control Register for Content Filter Checking Content Filtering Activation Content Filtering with an External Server Content Filter Service Activation If you click Register Later you will proceed to FigureFollowing screen appears after you click Activate in Figure Content Filter Setup Complete Accessing the Internet via the HomeSafe Gateway 25 Password Screen Procedure To Use The Reset Button Resetting the HomeSafeHomeSafe Main Menu Navigation Panel Link TAB Function 17 Screens Summary Firewall MaintenanceRemote Mgmt Telnet FTPPage Chapter Connection Wizard Connection Wizard General Setup and System NameConnection Wizard Overview Domain Name Connection Wizard Screen Connection Wizard General Setup Connection Wizard Wireless LAN Setup Basic Security Ethernet Connection Wizard Wireless LAN Setup Extend Security Connection Wizard Ethernet Encapsulation PPPoE Encapsulation Connection Wizard PPPoE Encapsulation Connection Wizard Pptp Encapsulation Pptp Encapsulation Private IP Address Ranges WAN IP Address Assignment IP Address and Subnet Mask DNS Server Address AssignmentWAN MAC Address ISP Connection Wizard WAN Setup Connection Wizard Finish Basic Setup Complete 10 Connection Wizard Problems HomeSafe User’s Guide Connection Wizard System, LAN, Wlan and WAN Chapter System Screens Configuring General SetupSystem Overview Click System to open the General screen Configuring Dynamic DNS Dynamic DNSDynDNS Wildcard System Ddns Configuring Time Setting Configuring Password System Time Setting Daylight Savings Dhcp Setup Chapter LAN ScreensLAN Overview Multicast Any IP Any IP Example Application How Any IP Works Click LAN to open the IP screen Configuring IP LAN TCP/IP LAN Static Dhcp Configuring Static Dhcp LAN IP Alias Configuring IP Alias LAN IP Alias Wireless LAN Overview Wireless Configuration and RoamingIbss 2 BSS 3 ESS Basic Service set 1 RTS/CTS Wireless LAN Basics Fragmentation Threshold Configuring Wireless RTS/CTS Configuring Roaming Roaming Example Requirements for Roaming Wireless stations must have the same Essid to All APs on the same subnetAllow roaming Page Wireless Security Overview Chapter Wireless Security WPA WPA-PSK Wireless Security Relational Matrix AuthenticationSecurity Parameters Summary WEP Overview Preamble Type WEP Authentication Steps Encryption field Configuring WEP Encryption User Authentication Introduction to WPAEncryption WPA-PSK application looks as follows WPA-PSK Application Example If wireless station authentication is done Configuring WPA-PSK AuthenticationUsing a Radius server, the reauthentication Timer on the Radius server has priority WPA with Radius Application Example Wireless Client WPA Supplicants WPA with Radius Application Example Configuring WPA Authentication 802.1x Overview Wlan Wireless WPA Configuring 802.1x and Dynamic WEP Key Exchange Dynamic WEP Key ExchangeEAP-MD5 cannot be used with Dynamic WEP Key Exchange Configuring 802.1x and Static WEP Key Exchange Wlan Wireless 802.1x and Static WEP 10 Wlan Wireless 802.1x and Static WEP Wlan Wireless 802.1x and Static WEP Reset Configuring MAC Filter Following table describes the labels in this menu Wlan MAC Address FilterMAC Introduction to Local User Database Configuring Local User Database10 Wlan Local User Database Active Select this option to activate the user profile Introduction to Radius EAP Authentication Overview Configuring Radius 11 Wlan Radius 15 Wlan Radius HomeSafe User’s Guide Page Chapter WAN Screens Configuring RouteWAN Overview TCP/IP Priority Metric Configuring WAN ISP Ethernet EncapsulationScreen shown next is for Ethernet encapsulation PPPoE Encapsulation WAN ISP PPPoE Encapsulation WAN ISP Pptp Encapsulation WAN IP Address Assignment Configuring WAN IP Selected Use Fixed IP Address WAN IPServer Choose Both, None, In Only or Out Only Configuring WAN MAC Choose RIP-1 , RIP-2B or RIP-2MRIP-1 Traffic Redirect Traffic Redirect WAN Setup WAN Traffic Redirect Configuring Traffic Redirect WAN Traffic Redirect SUA/NAT and Static Route Page NAT Overview Chapter Network Address Translation NAT ScreensNAT Definitions What NAT Does NAT Application How NAT Works Following table summarizes these types NAT Mapping Types SUA Server Using NATSUA Single User Account Versus NAT NAT Mapping Types Default Server IP Address Port Forwarding Services and Port NumbersServices and Port Numbers Services Port Number Configuring Servers Behind SUA Example Configuring SUA Server SUA/NAT Setup Configuring Address Mapping One-to-One and Server mapping types Address Mapping Configuring Address Mapping Trigger Port ForwardingMany-to-One and Server mapping types Trigger Port Forwarding Example Configuring Trigger Port ForwardingTwo Points To Remember About Trigger Ports Following is an example of trigger port forwarding Only one LAN computer can use a trigger port range at a time Page Chapter Static Route Screens Configuring IP Static RouteStatic Route Overview Click Static Route to open the screen as shown next Static Route Edit Configuring Route Entry NAT Screens 10-3 UPnP, Parental Control and Firewall Chapter UPnP How Do I Know If Im Using UPnP?Universal Plug and Play Overview UPnP and ZyXEL Configuring UPnP Installing UPnP in Windows ExampleClick UPnP to display the screen shown next Installing UPnP in Windows XP Installing UPnP in Windows MeFollow the steps below to install UPnP in Windows Me Follow the steps below to install UPnP in Windows XP Auto-discover Your UPnP-enabled Network Device Using UPnP in Windows XP Example Internet Connection Properties Connections Select My Network Places under Other Places Web Configurator Easy Access UPnP 11-7 Page Initial Configuration Parental Control LoginsChapter Parental Control Parental Control Overview Parental Control Application Parental Administrator log HomeSafe Parental Control Wireless Gateway Application Configuring Parental Control Parental Control Content filtering activation For content filtering to be activated. See CheckingWeb site displays a registration successful Web page. It may take up to another ten minutes Content Filtering with an External Server Reset Click Reset to start configuring this screen againParental Control Group Edit Filter Parental Control Group Edit Configuration Parental Control Filter Parental Control 12-9 12-10 Parental Control Parental Control 12-11 See the Customizing Keyword How to set how much of the URLBlocking URL Checking section for HomeSafe checks Parental Control Edit Customizing Keyword Blocking URL Checking Service Description Services PPTPTUNNELGRE0 RLOGINTCP513RCMDTCP512 REALAUDIOTCP7070 Parental Control Edit User access will be denied after the End Access, you should select the unrestrictedIf you want to allow twenty-four hour Check box Weekdays or Weekend boxes Parental Control Bypass List Parental Control 12-19 Page Chapter Firewall IntroductionGuidelines For Enhancing Security With Your Firewall Firewall Settings Firewall Settings Screen LAN-to-WAN rules Firewall, NAT and Remote ManagementNo Log Log All log all LAN to WAN packets WAN-to-LAN rules Services Firewall Service Click Clear All to empty the Blocked Service Remote Management Page Chapter Remote Management Screens Only LAN only Neither DisableRemote Management Overview Remote Management Limitations Configuring WWW System TimeoutRemote Management and NAT Telnet Configuration on a TCP/IP Network Configuring Telnet Remote Management Telnet Configuring FTP Remote Management FTP Snmp Snmp Management Model Snmp is only available if TCP/IP is configured Supported MIBs Configuring SnmpSnmp Traps Snmp Traps Remote Management Snmp Remote Management DNS Configuring DNS Icmp Configuring Security Remote Management Screens 14-11 Page HomeSafe User’s Guide VPN Screens 14-1 Logs and Maintenance View Log Chapter Centralized Logs Settings, see section Log Settings Log Settings Daily When Log is FullWeekly Hourly Chapter Maintenance Maintenance OverviewStatus Screen System Statistics Maintenance System Statistics Dhcp Table Screen Maintenance Dhcp Table Association List Any IP Table 16.6 F/W Upload Screen Maintenance Firmware Upload Upload Warning Configuration Screen Backup Configuration Restore ConfigurationMaintenance Restore Configuration 11 Configuration Restore Successful Back to Factory Defaults Restart Screen 14 Factory Defaults SMT General Configuration Page SMT Introduction Chapter Introducing the SMT Navigating the SMT Interface Main Menu CommandsOperation Keystroke Description Enter Main Menu Summary System Management Terminal Interface Summary? or ChangeMe Menu Title Description Menu 23 System Password Changing the System Password General Setup Chapter Menu 1 General SetupProcedure To Configure Menu Field Description Example Select Yes to configure Menu 1.1 Configure Dynamic DNS Procedure to Configure Dynamic DNS Yes DynamicDNSUser Specified IP Address field WAN Setup Chapter Menu 2 WAN SetupIntroduction to WAN From the main menu, enter 2 to open menuPage LAN Setup Chapter Menu 3 LAN SetupProtocol Dependent Ethernet Setup 20.3 TCP/IP Ethernet Setup and Dhcp Menu 3.2 Dhcp Ethernet Setup Fields Menu 3.2 TCP/IP and Dhcp Ethernet Setup Both Menu 3.2 LAN TCP/IP Setup FieldsRIP-1 RIP-1,RIP-2B or RIP-2M Physical Network & Partitioned Logical Networks IP Alias Setup Wireless LAN Setup Both, In Only, Out Only or NoneField Description Example Essid CH06 2437MHz DisableRTS Auto Mixed Configuring MAC Address Filter Menu 3.5.1 Wlan MAC Address Filter Configuring Roaming on the HomeSafe Menu 3.5.2 Roaming Configuration 10 Menu 3.5.2 Roaming ConfigurationPage Introduction to Internet Access Setup Chapter Internet AccessMenu 4 Internet Access Setup Ethernet Ethernet Encapsulation Configuring the Pptp Client Default Configuring the PPPoE ClientNew Fields in Menu 4 Pptp Screen New Fields in Menu 4 PPPoE screen 21-4 Internet Access Chapter Remote Node Configuration Introduction to Remote Node SetupRemote Node Profile Setup Alias EthernetPress Enter to go to Menu 11.3 Remote Node Network Layer Options Nailed-Up Connection Outgoing Authentication Protocol CHAP/PAP Fields in Menu 11.1 PPPoE Encapsulation Specific Menu 11.1 Remote Node Profile for Pptp Encapsulation Edit IPRemote Node Network Layer Options Dynamic SUA Only Remote Node FilterMany-to-One and Server RIP-1/RIP-2B/RIP-2M or None Menu 11.5 Remote Node Filter Ethernet Encapsulation Traffic Redirect Setup 22-8 Remote Node Configuration IP Static Route Setup Chapter Static Route Setup 23-2 Static Route Setup Dial-in User Setup Chapter Dial-in User SetupPage Applying NAT Menu 4 Applying NAT for Internet Access Full Feature NAT SetupApplying NAT in Menus 4 NAT SUA Address Mapping Set Address Mapping SetsFollowing table explains the fields in this menu Menu 15.1.255 is read-only SUA Address Mapping Rules Ordering Your Rules User-Defined Address Mapping Sets Field Desription Example Menu 15.1.1 First SetEdit Select Rule item Configuring a Server behind NAT Follow these steps to configure a server behind NATOne-to-One,Many-to-One and Server types Example 1 Internet Access Only Following are some examples of NAT configurationGeneral NAT Examples Example 2 Internet Access with an Inside Server Example 3 Multiple Public IP Addresses With Inside ServersDynamic Inside Global Address is assigned by the ISP Following figures show how to configure the first rule Enter 1 to configure the Address Mapping SetsAddress Translation field in menu 4 or menu 11.3 Then enter 15 from the main menu Enter 2 in Menu 15 NAT Setup Example 3 Menu Example 4 NAT Unfriendly Application Programs 20 Example 4 Menu 15.1.1 Address Mapping Rules Menu 15.3 Trigger Port Setup Page Chapter Enabling the Firewall Access MethodsRemote Management and the Firewall Enabling the Firewall SMT Advanced Management Chapter Filter Configuration Introduction to FiltersFilter Structure of the HomeSafe Execute Abbreviations Used in the Filter Rules Summary Menu Configuring a Filter Set Configuring a TCP/IP Filter Rule Configuring a Filter RuleRule Abbreviations Used Abbreviation Description Field Description Options TCP/IP Filter RuleLess Equal Following figure illustrates the logic flow of an IP filter Executing an IP Filter Configuring a Generic Filter Rule Generic Filter Rule Menu Fields HomeSafe User’s Guide Generic Filter Rule Menu Fields Example Filter 10 Example Filter Menu Filter Types and NAT Applying a Filter Firewall Versus FiltersApplying LAN Filters Applying Remote Node Filters 14 Filtering Remote Node Traffic Page About Snmp Chapter Snmp Configuration Snmp Configuration Following table describes the Snmp configuration parametersSupported MIBs Snmp Traps Ports and Permanent Virtual CircuitsPort PVC Permanent Virtual Circuit Page Configuring External Radius Server System PasswordChapter System Security System Security Enter 4 to display Menu 23.4 System Security IEEE802.1x 29.1.3 Menu 23.4 System Security IEEE802.1x No Access Allowed Group Data Privacy field PSKMode Management Protocol is selected System Status System Information and Diagnosis System Maintenance Status Menu Fields Menu 24.1 System Maintenance Status System Information Menu 1 General SetupSystem Information To get to the System Information Log and Trace Menu 24.3.2 System Maintenance Syslog and AccountingConsole Port Speed Syslog Logging System Information and Diagnosis 30-5 Call-Triggering Packet Diagnostic WAN Dhcp System Maintenance Menu Diagnostic 30-8 System Information and Diagnosis Filename Conventions Chapter Firmware and Configuration File MaintenanceFilename Conventions File Type Internal Name External Name Description Using the FTP Command from the Command Line Backup ConfigurationExample of FTP Commands from the Command Line Follow the instructions as shown in the next screen General Commands for GUI-based FTP Clients Backup Configuration Using TftpCommand Description GUI-based FTP Clients Tftp Command Example Restore ConfigurationRestore Using FTP Following is an example Tftp command Restore Using FTP Session Example Uploading Firmware and Configuration Files Configuration File Upload You see the following screen when you telnet into menuFirmware File Upload FTP File Upload Command from the DOS Prompt Example FTP Session Example of Firmware File UploadTftp File Upload Tftp Upload Command Example Command Interpreter Mode Chapter System MaintenanceCommand Syntax Command Usage Budget Management Call Control Support Call History Fields Call History Time and Date Setting Time and Date Setting FieldsNTP RFC-1305 the default, is similar to Time RFC-868 Daylight Saving field Resetting the TimePage Remote Management Chapter Remote Management LAN Only Introduction to Call Scheduling Chapter Call Scheduling Once Menu 26.1 Schedule Set Setup Applying Schedule Sets to a Remote Node PPPoE Appendices and Index Page Troubleshooting Problem Corrective ActionAppendix a Control Group Edit screen PPPoE in Action Appendix B PPPoEBenefits of PPPoE Traditional Dial-up Scenario HomeSafeas a PPPoE Client Diagram B-2 The HomeSafeas a PPPoE Client Diagram C-1 Transport PPP frames over Ethernet What is PPTP?Appendix C Pptp and the HomeSafe Diagram C-3 Example Message Exchange between PC and an ANT Diagram C-2 Pptp Protocol OverviewPptp Protocol Overview Control & PPP connections Pptp Page Chart 2 System Maintenance Logs Chart 1 System Error LogsAppendix D Log Descriptions LOG Message Description Chart 3 UPnP Logs Chart 4 Content Filtering LogsID content Type Code Description Chart 5 Icmp Type and Code Explanations Configuring What You Want the HomeSafe to Log Log Commands Displaying Logs Page Appendix E Setting up Your Computer’s IP Address Windows 95/98/MeIf you need TCP/IP If you need Client for Microsoft Networks Checking/Modifying Your Computer’s IP Address Windows 2000/NT/XP Click Advanced to go to the Advanced TCP/IP HomeSafe User’s Guide Turn on your HomeSafeand restart your computer if prompted Macintosh OS 8/9 Select Ethernet built-in from the Connect via listClose the TCP/IP Control Panel Macintosh OS Check your TCP/IP properties in the Network windowSelect Built-in Ethernet from the Show list Page Benefits of a Wireless LAN Appendix F Wireless LAN and IeeeAd-hoc Wireless LAN Configuration Ieee Diagram F-1 Peer-to-Peer Communication in an Ad-hoc Network Infrastructure Wireless LAN Configuration Diagram F-2 ESS Provides Campus-Wide Coverage Page Deployment Issues with Ieee Appendix G Wireless LAN With IeeeSecurity Flaws with Ieee Advantages of the Ieee Diagram G-1 Sequences for EAP MD5-Challenge Authentication EAP-TTLS Tunneled Transport Layer Service Appendix H Types of EAP AuthenticationEAP-MD5 Message-Digest Algorithm EAP-TLS Transport Layer Security Certificate Client Difficulty Wireless SecurityCertificate Server Dynamic Key Antenna Characteristics Appendix Antenna Selection and Positioning RecommendationTypes of Antennas For Wlan Positioning Antennas Appendix J Brute-Force Password Guessing Protection Chart 6 Brute-Force Password Guessing Protection CommandsExample Page Triangle Route Problem Ideal SetupTriangle Route Solutions Appendix K Triangle Route Diagram K-3 IP Alias How To Configure Triangle RouteDiagram K-4 Gateways on the WAN Side Gateways on the WAN Side BSS Appendix L Index Ibss See NAT See Ttls Wlan