ZyXEL Communications P-335WT 2

Contents

User’s Guide Page Copyright Disclaimer Trademarks Federal Communications Commission (FCC) Interference Statement Notice Certifications Safety Warnings ZyXEL Limited Warranty Note Customer Support Page Table of Contents Bandwidth Management Wizard Page Network Address Translation (NAT) Content Filtering Introduction to IPSec Page Static Route Screens Bandwidth Management Remote Management Screens System Introducing the SMT Menu 1 General Setup Menu 2 WAN Setup Menu 3 LAN Setup Internet Access Remote Node Configuration Static Route Setup Enabling the Firewall VPN/IPSec Setup SA Monitor Page Remote Management Call Scheduling Troubleshooting Page Page List of Figures Page Page Page Page Page Page Page List of Tables Page Page Page Page Page Preface About This User's Guide Related Documentation User Guide Feedback Syntax Conventions Graphics Icons Key Getting to Know Your Prestige USB Port OTIST Button (P-335WT) 10/100 Mbps Auto-negotiatingEthernet/Fast Ethernet Interface(s) Auto-crossover10/100 Mbps Ethernet Interface(s) 4-PortSwitch Reset Button Print Server IPSec VPN Capability Firewall Content Filtering Packet Filtering Time and Date PPTP Encapsulation Dynamic DNS Support IP Multicast IP Alias SNMP Port Forwarding DHCP (Dynamic Host Configuration Protocol) Any IP Full Network Management RoadRunner Support Wireless LAN Wi-FiProtected Access WPA(2) Antenna Wireless LAN MAC Address Filtering G-Plus Wireless List Wireless LAN Channel Usage 1.3.3 VPN Application 1.3.4 Wireless LAN Application (P-335WT) Page Page Introducing the Web Configurator RESET 2.3.1 Procedure To Use The Reset Button PWR Page Page 2.4.1 Navigation Panel Page 2.4.2 Summary: Any IP Table Any IP Table (Details...) 2.4.3 Summary: DHCP Table DHCP Table (Details...) 2.4.4 Summary: Parental Controls Statistics 2.4.5 Summary: Wireless Station Status (P-335WT) WLAN Station Status (Details...) Association List 2.4.6 Summary: Bandwidth Management Monitor BW MGMT Monitor (Details...) 2.4.7 Summary: Packet Statistics Packet Statistics (Details...) Poll Interval(s) 2.4.8 Summary: VPN Monitor VPN Monitor (Details...) Page Connection Wizard System Information 3.2.1 System Name Settings Control Panel Computer Name Page 3.3.1 Basic(WEP) Security Basic(WEP) Page 3.3.2 Extend(WPA-PSK)and (WPA2-PSK)Security Extend(WPA-PSK) Extend(WPA2-PSK) Pre-Shared Key Figure 23 OTIST Table 15 OTIST PPP over Ethernet 3.4.1 Ethernet Connection Type 3.4.2 PPPoE Connection Type 3.4.3 PPTP Connection Type 3.4.4 Your IP Address 3.4.5 WAN IP Address Assignment 3.4.6 IP Address and Subnet Mask 3.4.7 DNS Server Address Assignment 3.4.8WAN IP and DNS Server Address Assignment 3.4.9 WAN MAC Address 3.4.10 Connection Wizard Complete Page Page Bandwidth Management Wizard Welcome Priority Page Page Page Wireless LAN (P-335WT) 5.2.3 Restricted Access Allow Deny 5.2.4 Hide Prestige Identity 5.2.5 G-plus Apply Figure 37 Wireless Table 29 Wireless 5.4.1 No Security No Security 5.4.2 WEP Encryption 5.4.3 WEP Encryption Screen Static WEP Page 5.4.4 Introduction to WPA and WPA2 5.4.5 WPA(2)-PSKApplication Example 5.4.6 WPA-PSKAuthentication Screen Wireless LAN Wireless 5.4.7 Wireless Client WPA Supplicants 5.4.8 WPA(2) with RADIUS Application Example 5.4.9 WPA Authentication Screen Page 5.4.10 802.1x Overview 5.4.11802.1x and Dynamic WEP Key Exchange Screen 802.1x + Dynamic WEP Page 5.4.12 802.1x and Static WEP Key Exchange Screen 802.1x + Static WEP Page Page 5.4.13 802.1x Screen 802.1x + No WEP Page Figure 47 OTIST Wireless Yes 5.5.1 Activating OTIST 5.5.2 OTIST button Setup Key Page Figure 51 Advanced Table 39 Advanced 5.8.1 WMM QoS Example 5.8.2 WMM QoS Priorities 5.8.3 Services Page 5.9.1 ToS (Type of Service) and WMM QoS QoS Figure 52 QoS Table 42 QoS Page Page Page WAN WAN ISP 6.4.1 Ethernet Encapsulation 6.4.2 PPPoE Encapsulation PPP over Ethernet PPPoE Page 6.4.3 PPTP Encapsulation Page Page Figure 57 Advanced Table 47 Advanced Page Page Page Page LAN 7.2.2 IP Address and Subnet Mask Wizard Setup 7.2.3 RIP Setup RIP Direction Out Only IGMP-v1 IGMP-v2 7.3.1 How Any IP Works Figure 62 LAN IP Table 49 LAN IP IP Alias Figure 63 IP Alias Table 50 IP Alias Figure 64 Advanced Table 51 Advanced Page DHCP Server Static DHCP Client List DHCP Table (Details...) Status Page CHAPTER 9 Network Address Translation (NAT) 9.1.2 What NAT Does 9.1.3 How NAT Works 9.1.4 NAT Application 9.1.5 NAT Mapping Types One to One Many to One Many-to-Many Overload Many 9.2.1 SUA (Single User Account) Versus NAT Many-to-One 9.3.1 Default Server IP Address 9.3.2 Port Forwarding: Services and Port Numbers 9.3.3 Configuring Servers Behind SUA (Example) Figure 71 General Table 58 General Page 9.5.1 Rule Setup Screen Figure 73 Rule Setup 9.6.1 Trigger Port Forwarding Example 9.6.2Two Points To Remember About Trigger Ports Trigger Port Page Firewall 10.1.4 Guidelines For Enhancing Security With Your Firewall Figure 76 General Table 62 General Services Figure 77 Services Table 63 Services Page Page Content Filtering Figure 79 Filter Table 64 Filter Schedule Figure 80 Schedule Table 65 Schedule 11.6.1 Domain Name or IP Address URL Checking 11.6.2 Full Path URL Checking 11.6.3 File Name URL Checking Page Introduction to IPSec 12.1.3.1 Encryption 12.1.3.2 Data Confidentiality 12.1.3.3 Data Integrity 12.1.3.4 Data Origin Authentication 12.2.1 IPSec Algorithms 12.2.2 Key Management 12.3.1 Transport Mode ESP 12.3.2 Tunnel Mode Outside header Inside header Page Page VPN Screens Page 13.4.1 Dynamic Secure Gateway Address VPN Summary Figure 85 Summary Table 68 Summary 13.7.1 NAT Traversal Configuration 13.7.2 Remote DNS Server 13.8.1 ID Type and Content Examples Local ID type Peer ID type E-mail Edit Figure 89 Rule Setup Page Page Page 13.11.1 Negotiation Mode Negotiation Mode Main Mode Aggressive Mode Main Mode Page Page Page Page Page 13.13.1 Security Parameter Index (SPI) VPN Manual Key Manual Rule Setup Rule Setup Manual Page Page SA Monitor Refresh Figure 93 SA Monitor Global Setting 13.17.1 Telecommuters Sharing One VPN Rule Example 13.17.2 Telecommuters Using Unique VPN Rules Example (REMOTE MGNT) LAN & WAN Trend Micro Security Services Service Summary Activate My Services Service Summary Service Settings Virus Protection 14.2.1TMSS General Screen Page Page Page Page Page Page Page Static Route Screens 15.2.1 Static Route Setup Screen Page Page Bandwidth Management 16.1.2 Subnet-basedBandwidth Management Example 16.1.3Application and Subnet-basedBandwidth Management Example 16.1.4 Bandwidth Usage Example Use All Managed Bandwidth Page 16.1.5 Bandwidth Management Priorities 16.1.6 Bandwidth Management Services VoIP (SIP) FTP Services Page Bandwidth MGMT Configuration screen Bandwidth Management Rule Configuration 16.3.1 Bandwidth Borrowing Use All Managed Bandwidth Page Page Page Remote Management Screens 17.1.2Remote Management and NAT 17.1.3System Timeout Remote MGMT WWW Telnet FTP Page Page 17.6.1 Supported MIBs 17.6.2 SNMP Traps SNMP Page Page Page UPN P UPnP Page 18.4.1 Installing UPnP in Windows Me Add/Remove Programs Windows Setup Communication Components 18.4.2 Installing UPnP in Windows XP 1Click Start and Control Panel Network Connections Windows Optional Networking Components Wizard window displays 4Select Networking Service in the Components selection box and click Details Page 18.5.1Auto-discoverYour UPnP-enabledNetwork Device 18.5.2 Web Configurator Easy Access 1Click Start and then Control Panel 2Double-click Network Connections 3Select My Network Places under Other Places Local Network Invoke Connections Page Page Print Server Page System 20.3.1 DynDNS Wildcard Dynamic DNS Figure 130 Dynamic DNS Time Setting Page Page Logs Figure 132 View Log Table 101 View Logs System Errors Log Schedule Access Control Page Page Page Tools Return Firmware Tools 22.2.1 Backup Configuration Backup 22.2.2 Restore Configuration 22.2.3 Back to Factory Defaults Reset Restart Page Page Introducing the SMT 23.1.3 Prestige SMT Menu Overview Page Page 23.2.1 System Management Terminal Interface Summary Menu 23.1 - System Security - Change Password Old Password New Password Retype to confirm Menu 1 General Setup Page 24.2.1 Procedure to Configure Dynamic DNS Edit Dynamic DNS Menu 1.1— Configure Dynamic DNS Page Menu 2 WAN Setup Page Menu 3 LAN Setup Menu 3.2 — TCP/IP and DHCP Ethernet Setup Page 26.3.1 IP Alias Setup Edit IP Alias Yes Menu 3.2.1 - IP Alias Setup Page Page Internet Access Page Menu -Internet Access Setup Page Service Name Page Remote Node Configuration Page 28.2.2.1 Outgoing Authentication Protocol 28.2.2.2 Nailed-UpConnection Page My WAN Addr Gateway IP Addr Edit Filter Sets Menu 11.5 - Remote Node Filter 28.4.1 Traffic Redirect Setup Menu 11.6 — Traffic Redirect Setup Page Page Static Route Setup Menu 12.1 – Edit IP Static Route Setup Network Address Translation (NAT) [ENTER] to bring up Menu 11.3 - Remote Node Network Layer Options Page 30.3.1Address Mapping Sets Enter 1 to bring up Menu 15.1 — Address Mapping Sets 30.3.1.1 User-DefinedAddress Mapping Sets 30.3.1.2 Ordering Your Rules Edit Menu 15.1.1.1 - Address Mapping Rule Local Global Start/End IPs Menu 15 - NAT Setup Menu 15.2 - NAT Server Setup Start Port No End Port No 30.5.1 Example 1: Internet Access Only Network Address Translation 30.5.2 Example 2: Internet Access with an Inside Server 30.5.3 Example 3: Multiple Public IP Addresses With Inside Servers 1 : Many : Menu 15.1 - Address Mapping Sets Edit Action Start IP Page 9Enter 2 in Menu 15 - NAT Setup 30.5.4 Example 4: NAT Unfriendly Application Programs Many-to-Many No Overload Menu 15.3 — Trigger Port Setup Page Page Enabling the Firewall Page VPN/IPSec Setup Menu 27.1 IPSec Summary Figure 191 Menu Page Page Page Page Page Menu 27.1.1 – IPSec Setup IKE Edit Key Management Setup Menu – IKE Setup Page Menu 27.1.1.2 – Manual Setup Manual Key Management 32.4.1 Active Protocol 32.4.2 Security Parameter Index (SPI) Edit Manual Setup Page SA Monitor Page Page Page Filter Configuration 34.1.1 The Filter Structure of the Prestige Page Edit Comments 34.2.1 Configuring a Filter Rule 34.2.2 Configuring a TCP/IP Filter Rule TCP/IP Filter Rule Filter Type Menu 21.1.1.1 - TCP/IP Filter Rule Page 34.2.3 Configuring a Generic Filter Rule Offset Length Mask Value Page 2Enter 1 to open Menu 21.1 - Filter Set Configuration Menu 21.1.3 - Filter Rules Summary •6 is the TCP IP Protocol Port # Equal Port # Comp Drop A = Y Type = IP Pr DP M = N 34.6.1 Applying LAN Filters 34.6.2 Applying Remote Node Filters SNMP Configuration Menu 22 — SNMP Configuration Page Page System Information and Diagnosis Page 1Enter 24 to display Menu 24 — System Information and Console Port Speed 2Enter 2 to display Menu 24.2 — System Information 36.2.1 System Information 36.2.2 Console Port Speed Menu 24.2.2 – System Maintenance – Console Port Speed 36.3.1 Syslog Logging Menu 24.3.2 — System Maintenance - Syslog Logging 36.3.1.1 CDR 36.3.1.2 Packet triggered 36.3.1.3 Filter log 36.3.1.4 PPP log 36.3.1.5 Firewall log 2From this menu, type 4 to open Menu 24.4 – System Maintenance – Diagnostic 36.4.1 WAN DHCP IP Address Assignment Encapsulation None WAN Release Page Page Firmware and Configuration File Maintenance ZyNOS F/W Version Menu 24.2.1 – System Maintenance – Information 37.2.1 Backup Configuration 37.2.2 Using the FTP Command from the Command Line 37.2.3 Example of FTP Commands from the Command Line 37.2.4 GUI-basedFTP Clients 37.2.5 TFTP and FTP over WAN Management Limitations 37.2.6 Backup Configuration Using TFTP 37.2.7 TFTP Command Example 37.2.8 GUI-basedTFTP Clients 37.3.1 Restore Using FTP Page 37.3.2 Restore Using FTP Session Example Menu 24.7.2 – System Maintenance – Upload System Configuration File 37.4.1 Firmware File Upload 37.4.2 Configuration File Upload 37.4.3 FTP File Upload Command from the DOS Prompt Example 37.4.4 FTP Session Example of Firmware File Upload 37.4.5 TFTP File Upload 37.4.6 TFTP Upload Command Example Page System Maintenance 38.1.2 Command Usage Menu 24.9 — System Maintenance — Call Control 38.2.1 Budget Management Menu 24.9 - System Maintenance - Call Control 38.2.2 Call History Menu 24 - System Maintenance Page Page 38.3.1 Resetting the Time Page Remote Management 39.1.1 Remote Management Limitations Secure Client IP Page Call Scheduling Menu 26.1 — Schedule Set Setup Duration Main Menu PPPoA Page Troubleshooting Page Page 41.5.1Pop-upWindows, JavaScripts and Java Permissions 41.5.1.1 Internet Explorer Pop-upBlockers 2Select Settings…to open the Pop-upBlocker Settings screen Allowed sites Pop-up Blocker Settings 41.5.1.2JavaScripts Custom Level Scripting Active scripting Scripting of Java applets 41.5.1.3 Java Permissions 2Make sure that Use Java 2 for <applet> under Java (Sun) is selected 41.5.2 ActiveX Controls in Internet Explorer 2In the Internet Options window, click Custom Level Page Page Table 160 Device Table 161 Firmware Page Page Page Page Call Connection PPP Data Connection Page Setup Wizard for Windows NT/2000/XP Windows 2000/NT/XP : Computer Wizard Setup Wizard for Windows 98/ME/NT/2000/XP Macintosh OS Network Print Server Setup 2Click the Setup Wizard for Windows NT/2000/XP link Select A Print Server Page Page Select A Printer Page Page Choose Destination Location Setup Complete Printers Add Printer Add Printer Wizard Local printer Create a new port Standard TCP/IP Port Port Name Custom Settings… LPR 14 Type LP1 in the LPR Settings Queue Name field Manufacturers Have Disk… Keep Location Comment Page Print Center Macintosh HD Applications Utilities Printer List IP Printing Printer’s Address 9Deselect the Use default queue on server check box LP1 LP1 on Page Page Page Page Page Page Page Page Page Page Page Table 168 UPnP Logs Page Installing Components Adapter Microsoft manufacturers TCP/IP Client for Microsoft Networks Configuring Obtain an IP address automatically Specify an IP address Subnet Mask New gateway field TCP/IP Properties Verifying Settings IP Configuration Network and Dial-up 3Right-click Local Area Connection and then click Properties Internet Protocol (TCP/IP) Use the following IP Address IP address Subnet mask Default gateway IP Settin Use the following DNS server addresses Preferred DNS server Alternate DNS server 8Click OK to close the Internet Protocol (TCP/IP) Properties window 9Click OK to close the Local Area Connection Properties window Apple TCP/IP Control Panel 2Select Ethernet built-in from the Connect via list Using DHCP Server Configure: Configure Manually Router address •Select Built-inEthernet from the Show list Using DHCP Apply Now Page Ad-hocWireless LAN Configuration BSS ESS Page RTS/CTS RTS/CTS Fragmentation Threshold IEEE 802.11g Wireless LAN Types of RADIUS Messages Page EAP-MD5 EAP-TLS EAP- TTLS PEAP LEAP PEAP (Protected EAP) LEAP Open System Shared Key Auto Dynamic WEP Key Exchange Page Page Requirements for Roaming Page Frequency Radiation Pattern Antenna Gain Positioning Antennas Page Page Page Page Page Page Numerics