ZyXEL P320W Users Manual

The following table describes the labels in this screen.
Table 11 Extend(WPA-PSK) Security
LABEL DESCRIPTION
P-320W User’s Guide
Pre-Shared Key
Back Click Back to display the previous screen.
Next Click Next to proceed to the next screen.
Exit Click Exit to close the wizard screen without saving.
3.3.3 OTIST
The following screen allows you to enable Prestige One-Touch Intelligent Security Technology (OTIST). One-Touch Intelligent Security Technology (OTIST) allows your Prestige to assign wireless clients the Prestige’s SSID and static WEP or WPA-PSK encryption settings. The wireless client must also support OTIST and have OTIST enabled. See
Figure 18 OTIST
Type from 8 to 63 case-sensitive ASCII characters. You can set up the most secure wireless connection by configuring WPA in the wireless LAN screens. You need to configure an authentication server to do this.
Section 4.5 on page 72 for more information.
Chapter 3 Connection Wizard 51
P-320W User’s Guide
The following table describes the labels in this screen.
Table 12 OTIST
LABEL DESCRIPTION
Do you want to enable OTIST?
Setup Key The default OTIST Setup Key is “01234567”. This key can be changed in the
Back Click Back to display the previous screen.
Next Click Next to proceed to the next screen.
Exit Click Exit to close the wizard screen without saving.
Select the Yes radio button and click Next to proceed with the setup wizard and enable OTIST only when you click Finish in the final wizard screen.
Click No and then Next to proceed to the following screen.
web configurator. Be sure to use the same OTIST Setup Key on the Prestige and wireless clients.
Refer to the chapter on wireless LAN for more information.
3.4 Connection Wizard: STEP 3: Internet Configuration
The Prestige offers three Internet connection types. They are Ethernet, PPP over Ethernet or PPTP. The wizard attempts to detect which WAN connection type you are using. If the wizard
does not detect a connection type, you must select one from the drop-down list box. Check with your ISP to make sure you use the correct type.
Figure 19 Connection Wizard: STEP 3: WAN Connection Type.
52 Chapter 3 Connection Wizard
The following table describes the labels in this screen,
Table 13 Connection Wizard: STEP 3: WAN Connection Type
CONNECTION TYPE DESCRIPTION
Ethernet Select the Ethernet option when the WAN port is used as a regular Ethernet.
PPPoE Select the PPP over Ethernet option for a dial-up connection. If your ISP
gave you a an IP address and/or subnet mask, then select PPTP.
PPTP Select the PPTP option for a dial-up connection.
3.4.1 Ethernet Connection Type
Choose Ethernet when the WAN port is used as a regular Ethernet.
Figure 20 Ethernet Connection Type
P-320W User’s Guide
3.4.2 PPPoE Connection Type
Point-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IETF (Internet Engineering Task Force) standard specifying how a host personal computer interacts with a broadband modem (for example DSL, cable, wireless, etc.) to achieve access to high-speed data networks.
For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for instance, RADIUS).
Chapter 3 Connection Wizard 53
P-320W User’s Guide
One of the benefits of PPPoE is the ability to let end users access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for specific users.
Operationally, PPPoE saves significant effort for both the subscriber and the ISP/carrier, as it requires no specific configuration of the broadband modem at the subscriber’s site.
By implementing PPPoE directly on the Prestige (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Prestige does that part of the task. Furthermore, with NAT, all of the LAN's computers will have Internet access.
Refer to the appendix for more information on PPPoE.
Figure 21 PPPoE Connection Type
The following table describes the labels in this screen.
Table 14 PPPoE Connection Type
LABEL DESCRIPTION
ISP Parameter for Internet Access
Service Name Type the name of your service provider.
User Name Type the user name given to you by your ISP.
Password Type the password associated with the user name above.
Next Click Next to continue.
Back Click Back to return to the previous screen.
Exit Click Exit to close the wizard screen without saving.
54 Chapter 3 Connection Wizard
3.4.3 PPTP Connection Type
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/ IP-based networks.
PPTP supports on-demand, multi-protocol, and virtual private networking over public networks, such as the Internet.
Refer to the appendix for more information on PPTP.
Note: The Prestige supports one PPTP server connection at any given time.
Figure 22 PPTP Connection Type
P-320W User’s Guide
The following table describes the fields in this screen
Table 15 PPTP Connection Type
LABEL DESCRIPTION
ISP Parameters for Internet Access
User Name Type the user name given to you by your ISP.
Password Type the password associated with the User Name above.
PPTP Configuration
Get automatically from ISP
Use fixed IP address
My IP Address Type the (static) IP address assigned to you by your ISP.
Chapter 3 Connection Wizard 55
Select this radio button if your ISP did not assign you a fixed IP address.
Select this radio button, provided by your ISP to give the Prestige a fixed, unique IP address.
P-320W User’s Guide
Table 15 PPTP Connection Type
LABEL DESCRIPTION
My IP Subnet Mask
Server IP Address
Connection ID/ Name
Back Click Back to return to the previous screen.
Next Click Next to continue.
Exit Click Exit to close the wizard screen without saving.
3.4.4 Your IP Address
The following wizard screen allows you to assign a fixed IP address or give the Prestige an automatically assigned IP address depending on your ISP.
Figure 23 Your IP Address
Type the subnet mask assigned to you by your ISP (if given).
Type the IP address of the PPTP server.
Enter the connection ID or connection name in this field. It must follow the "c:id" and "n:name" format. For example, C:12 or N:My ISP.
This field is optional and depends on the requirements of your ISP.
56 Chapter 3 Connection Wizard
The following table describes the labels in this screen
Table 16 Your IP Address
LABEL DESCRIPTION
P-320W User’s Guide
Get automatically from ISP
Use fixed IP address provided by your ISP
Back Click Back to return to the previous screen.
Next Click Next to continue.
Exit Click Exit to close the wizard screen without saving.
3.4.5 WAN MAC Address
Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00­A0-C5-00-00-02.
You can configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Once it is successfully configured, the address will be copied to the "rom" file (ZyNOS configuration file). It will not change unless you change the setting or upload a different "rom" file.
Table 17 Example of Network Properties for LAN Servers with Fixed IP Addresses
Select this option If your ISP did not assign you a fixed IP address. This is the default selection.
Select this option If the ISP assigned a fixed IP address. The fixed IP address should be in the same subnet as your broadband modem or router.
Choose an IP address 192.168.1.2-192.168.1.32; 192.168.1.65-192.168.1.254.
Subnet mask 255.255.255.0
Gateway (or default route) 192.168.1.1(Prestige LAN IP)
This screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN.
Chapter 3 Connection Wizard 57
P-320W User’s Guide
Figure 24 WAN MAC Address
The following table describes the fields in this screen.
Table 18 WAN MAC Address
LABEL DESCRIPTION
Factory Default Select Factory Default to use the factory assigned default MAC address.
Spoof this computer’s MAC address
MAC Address Enter the MAC address of the computer on the LAN whose MAC address you
Back Click Back to return to the previous screen.
Next Click Next to continue.
Exit Click Exit to close the wizard screen without saving.
Select this option and click Clone MAC to clone the MAC address in the MAC Address field.
Once it is successfully configured, the address will be copied to the rom file (ZyNOS configuration file). It will not change unless you change the setting or upload a different ROM file. It is advisable to clone the MAC address from a computer on your LAN even if your ISP does not presently require MAC address authentication.
want to clone.
3.4.6 Connection Wizard Complete
Follow the on-screen instructions and click Next.
58 Chapter 3 Connection Wizard
Figure 25 Connection Wizard Complete
P-320W User’s Guide
Click Finish to complete the wizard setup and save your configuration.
Figure 26 Connection Wizard: Congratulation
Well done! You have successfully set up your Prestige to operate on your network and access the Internet.
Chapter 3 Connection Wizard 59
P-320W User’s Guide
60 Chapter 3 Connection Wizard
This chapter discusses how to configure Wireless LAN.
4.1 Introduction
A wireless LAN can be as simple as two computers with wireless LAN adapters communicating in a peer-to-peer network or as complex as a number of computers with wireless LAN adapters communicating through access points which bridge network traffic to the wired LAN.
Note: See the WLAN appendix for more detailed information on WLANs.
P-320W User’s Guide
CHAPTER 4
Wireless LAN
4.2 Wireless Security Overview
Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.
Wireless security methods available on the Prestige are data encryption, wireless client authentication, restricting access by device MAC address and hiding the Prestige identity.
4.2.1 Encryption
• Use WPA security if you have WPA-aware wireless clients and a RADIUS server. WPA has user authentication and improved data encryption over WEP.
• Use WPA-PSK if you have WPA-aware wireless clients but no RADIUS server.
• If you don’t have WPA-aware wireless clients, then use WEP key encrypting. A higher bit key offers better security at a throughput trade-off. You can use Passphrase to automatically generate 64-bit or 128-bit WEP keys or manually enter 64-bit or 128-bit WEP keys.
4.2.2 Authentication
WPA has user authentication and you can also configure IEEE 802.1x to use a RADIUS server to authenticate wireless clients before joining your network.
• Use RADIUS authentication if you have a RADIUS server. See the appendices for information on protocols used when a client authenticates with a RADIUS server via the Prestige.
Chapter 4 Wireless LAN 61
P-320W User’s Guide
4.2.3 Restricted Access
The MAC Filter screen allows you to configure the AP to give exclusive access to devices (Allow) or exclude them from accessing the AP (Deny).
4.2.4 Hide Prestige Identity
If you hide the ESSID, then the Prestige cannot be seen when a wireless client scans for local APs. The trade-off for the extra security of “hiding” the Prestige may be inconvenient for some valid WLAN clients.
4.2.5 Using OTIST
In a wireless network, the wireless clients must have the same SSID and security settings as the access point (AP) or wireless router (we will refer to both as “AP” here) in order to associate with it. Traditionally this meant that you had to configure the settings on the AP and then manually configure the exact same settings on each wireless client.
OTIST (One-Touch Intelligent Security Technology) allows you to transfer your AP’s SSID and WEP or WPA-PSK security settings to wireless clients that support OTIST and are within transmission range. You can also choose to have OTIST generate a WPA-PSK key for you if you didn’t configure one manually.
Note: OTIST replaces the pre-configured wireless settings on the wireless clients.
4.3 Configuring Wireless LAN on the Prestige
1 Configure the SSID and Security Mode in the Wireless screen. If you configure WEP,
you can’t configure WPA or WPA-PSK.
2 Use the MAC Filter screen to restrict access to your wireless network by MAC address.
3 If you have OTIST-enabled clients, configure OTIST in the OTIST screen. OTIST
transfers device SSID and WEP or WPA-PSK key settings (if enabled) to wireless clients.
62 Chapter 4 Wireless LAN
The following figure shows the relative effectiveness of these wireless security methods available on your Prestige.
Table 19 ZyAIR Wireless Security Levels
Security Level Security Type
Least Secure
Most Secure
Unique SSID (Default)
Unique SSID with Hide SSID Enabled
MAC Address Filtering
WEP Encryption
IEEE802.1x EAP with RADIUS Server Authentication
Wi-Fi Protected Access (WPA)
Note: You must enable the same wireless security settings on the Prestige and on all
wireless clients that you want to associate with it.
4.4 General Wireless LAN Screen
P-320W User’s Guide
Note: If you are configuring the Prestige from a computer connected to the wireless
LAN and you change the Prestige’s SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings.
Click the Wireless LAN link under Network to open the General screen.
Figure 27 Wireless: General
Chapter 4 Wireless LAN 63
P-320W User’s Guide
The following table describes the general wireless LAN labels in this screen.
Table 20 Wireless: General
LABEL DESCRIPTION
Enable Wireless LAN
Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless
Click the check box to activate wireless LAN.
station is associated. Wireless stations associating to the access point (AP) must have the same SSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Note: If you are configuring the Prestige from a computer connected
to the wireless LAN and you change the Prestige’s SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the Prestige’s new settings.
Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station
cannot obtain the SSID through passive scanning using a site survey tool.
Channel Selection
Apply Click Apply to save your changes back to the Prestige.
Reset Click Reset to reload the previous configuration for this screen.
Set the operating frequency/channel depending on your particular region. Select a channel from the drop-down list box. Refer to the Connection Wizard chapter for more information on channels.
See the rest of this chapter for information on the other labels in this screen.
4.4.1 No Security
Select No Security to allow wireless stations to communicate with the access points without any data encryption.
Note: If you do not enable any wireless security on your Prestige, your network is
accessible to any wireless networking device that is within range.
64 Chapter 4 Wireless LAN
Figure 28 Wireless: No Security
The following table describes the labels in this screen.
Table 21 Wireless No Security
P-320W User’s Guide
LABEL DESCRIPTION
Security Mode Choose No Security from the drop-down list box.
Apply Click Apply to save your changes back to the Prestige.
Reset Click Reset to reload the previous configuration for this screen.
4.4.2 WEP Encryption
WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private. It encrypts unicast and multicast communications in a network. Both the wireless stations and the access points must use the same WEP key.
Your Prestige allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time.
In order to configure and enable WEP encryption; click Wireless LAN and Wireless to display the General screen.
Select Static WEP from the Security Mode list.
Chapter 4 Wireless LAN 65
Loading...
+ 35 hidden pages