ZyXEL Communications 320W User Manual

0 (0)

Prestige 320W

802.11g Wireless Firewall Router

Support Notes

Version v1.0

September 2005

P320W Support Notes

APPLICATION NOTES ............................................................................................................................ 5

GENERAL APPLICATION NOTES .................................................................................................................. 5

Internet Connection............................................................................................................................... 5

Configure an Internal Server Behind SUA........................................................................................... 9

Using the Dynamic DNS (DDNS).......................................................................................................11

Network Management Using SNMP.................................................................................................. 12

Using Prestige traffic redirect............................................................................................................. 18

Using Universal Plug n Play (UPnP).................................................................................................. 19

WLAN APPLICATION NOTES ................................................................................................................... 24

Infrastructure Mode ............................................................................................................................ 24

Wireless MA C Address Filtering........................................................................................................ 29

WEP Configuration............................................................................................................................. 31

IEEE 802.1x........................................................................................................................................ 37

Site Survey.......................................................................................................................................... 46

FAQ ............................................................................................................................................................ 50

PRODUCT FAQ......................................................................................................................................... 50

What is the P320W 802.11g Wireless Firewall Router?..................................................................... 50

Will the P320W work with my Internet connection?.......................................................................... 51

What do I need to use the Prestige?.................................................................................................... 51

What is PPPoE? .................................................................................................................................. 51

Does the Prestige support PPPoE?...................................................................................................... 51

How do I know I am using PPPoE?.................................................................................................... 52

Why does my provider use PPPoE?.................................................................................................... 52

Which Internet Applications can I use with the Prestige? .................................................................. 52

How can I configure the Prestige?...................................................................................................... 52

What network interface does the Prestige support?............................................................................ 52

What can we do with Prestige?........................................................................................................... 52

Does Prestige support dynamic IP addressing?.................................................................................. 52

What is the difference between the internal IP and the real IP from my ISP?.................................... 53

How does e-mail work through the Prestige?..................................................................................... 53

What is the main difference between WinGate and the Prestige?...................................................... 53

Is it possible to access a server running behind SUA from the outside Internet? If possible, how? .. 54

What DHCP capability does the Prestige support?............................................................................. 54

What network interface does the new Prestige series support?.......................................................... 54

How can I upload data to outside Internet over the one-way cable?.................................................. 54

How fast can the data go?................................................................................................................... 54

P320W Support Notes

My Prestige can not get an IP address from the ISP to connect to the Internet, what can I do?......... 55

What is BOOTP/DHCP ...................................................................................................................... 57

What is DDNS .................................................................................................................................... 57

When do I need DDNS service?......................................................................................................... 58

What DDNS servers does the Prestige support?................................................................................. 58

What is DDNS wildcard?.................................................................................................................... 58

Does the Prestige support DDNS wildcard?....................................................................................... 58

Why can't I use video conferencing with MSN 4.6? .......................................................................... 58

Should I create any firewall rule by myself to allow incoming traffic when NAT is used?............... 58

FIREWALL FAQ ........................................................................................................................................ 59

What is a network firewall?................................................................................................................ 59

What makes P320W secure?............................................................................................................... 59

What are the basic types of firewalls? ................................................................................................ 59

What kind of firewall is the P320W?.................................................................................................. 60

Why do you need a firewall when your router has packet filtering and NAT built-in?...................... 60

What is Denials of Service (DoS) attack?........................................................................................... 60

What is Ping of Death attack?............................................................................................................. 61

What is Teardrop attack?..................................................................................................................... 61

What is SYN Flood attack?................................................................................................................. 61

What is LAND attack?........................................................................................................................ 61

What is Brute-force attack? ................................................................................................................ 61

What is IP Spoofing attack?................................................................................................................ 62

WIRELESS FAQ........................................................................................................................................ 62

What is a Wireless LAN?.................................................................................................................... 62

What are the advantages of Wireless LANs?...................................................................................... 62

What are the disadvantages of Wireless LANs?................................................................................. 63

Where can you find wireless 802.11 networks? ................................................................................. 63

What is an Access Point?.................................................................................................................... 63

What is IEEE 802.11?......................................................................................................................... 64

What is 802.11b?................................................................................................................................. 64

How fast is 802.11b?........................................................................................................................... 64

What is 802.11a?................................................................................................................................. 64

What is 802.11g?................................................................................................................................. 64

Is it possible to use products from a variety of vendors?.................................................................... 65

What is Wi-Fi?.................................................................................................................................... 65

What types of devices use the 2.4GHz Band?.................................................................................... 65

Does the 802.11 interfere with Bluetooth devices?............................................................................ 65

P320W Support Notes

Can radio signals pass through walls?................................................................................................ 65

What are potential factors that may causes interference among WLAN products?........................... 66

What's the difference between a WLAN and a WWAN? ................................................................... 66

What is Ad Hoc mode? ....................................................................................................................... 66

What is Infrastructure mode?.............................................................................................................. 66

How many Access Points are required in a given area? ..................................................................... 66

What is Direct-Sequence Spread Spectrum Technology – (DSSS)? .................................................. 67

What is Frequency-hopping Spread Spectrum Technology – (FHSS)?.............................................. 67

Do I need the same kind of antenna on both sides of a link?.............................................................. 67

Why the 2.4 Ghz Frequency range?.................................................................................................... 67

What is Server Set ID (SSID)? ........................................................................................................... 67

What is an ESSID?.............................................................................................................................. 68

How do I secure the data across an Access Point's radio link?........................................................... 68

What is WEP?..................................................................................................................................... 68

What is the difference between 40-bit and 64-bit WEP?.................................................................... 68

What is a WEP key?............................................................................................................................ 68

Will 128-bit WEP communicate with 64-bit WEP?........................................................................... 68

Can the SSID be encrypted?............................................................................................................... 69

By turning off the broadcast of SSID, can someone still sniff the SSID?.......................................... 69

What are Insertion Attacks?................................................................................................................ 69

What is Wireless Sniffer?.................................................................................................................... 69

What is the difference between Open System and Shared Key of Authentication Type? .................. 69

What is 802.1x? .................................................................................................................................. 70

What is the difference between force-authorized, force-unauthorized and auto?............................... 70

What is AAA?..................................................................................................................................... 70

What is RADIUS?............................................................................................................................... 70

TROUBLE SHOOTING.......................................................................................................................... 71

Why none of the LEDs turn on when connect the Prestige’s power?................................................. 71

Why cannot access the Prestige from my computer?......................................................................... 71

Why cannot access the Internet?......................................................................................................... 71

Unable to run applications.................................................................................................................. 73

P320W Support Notes

Application Notes

General Application Notes

Internet Connection

A typical Internet access application of the Prestige is shown below. For a small office, there are some components needs to be checked before accessing the Internet.

• Before you begin

• Setting up the Windows

• Setting up the Prestige router

• Troubleshooting

• Before you begin

The Prestige is shipped with the following factory default:

1. IP address = 192.168.1.1, subnet mask = 255.255.255.0 (24 bits)

2. DHCP server enabled with IP pool starting from 192.168.1.33

• Setting up the PC (Windows OS)

1. Ethernet connection

All PCs must have an Ethernet adapter card installed.

P320W Support Notes

• If you only have one PC, connect the PC's Ethernet adapter to the Prestige's LAN port with a

Ethernet cable.

• If you have more than one PC, both the PC's Ethernet adapters and the Prestige's LAN port must

be connected to an external hub with straight Ethernet cable.

2. TCP/IP Installation

You must first install TCP/IP software on each PC before you can use it for Internet access. If you have already installed TCP/IP, go to the next section to configure it; otherwise, follow these steps to install:

• In the Control Panel/Network window, click Add button.

• In the Select Network Component Type windows, select Protocol and click Add.

• In the Select Network Protocol windows, select Microsoft from the manufacturers, then select

TCP/IP from the Network Protocols and click OK.

3. TCP/IP Configuration

Follow these steps to configure Windows TCP/IP:

• In the Control Panel/Network window, click the TCP/IP entry to select it and click Properties

button.

• In the TCP/IP Properties window, select obtain an IP address automatically.

Note: Do not assign arbitrary IP address and subnet mask to your PCs, otherwise, you will not be able to access the Internet.

• Click the WINS configuration tab and select Disable WINS Resolution.

• Click the Gateway tab. Highlight any installed gateways and click the Remove button until there

are none listed.

• Click the DNS Configuration tab and select Disable DNS.

• Click OK to save and close the TCP/IP properties window

• Click OK to close the Network window. You will be prompted to insert your Windows CD or disk.

When the drivers are updated, you will be asked if you want to restart the PC. Make sure your Prestige is powered on before answering Yes to the prompt. Repeat the above steps for each Windows PC on your network.

• Setting up the Prestige router

P320W Support Notes

The following procedure is for the most typical usage of the Prestige where you have a single-user account (SUA). The Prestige supports embedded web server that allows you to use Web browser to configure it.

1. Retrieve Prestige Web

Please enter the LAN IP address of the Prestige router in the URL location to retrieve the web screen from the

Prestige. The default LAN IP of the Prestige is 192.168.1.1. See the example below. Note that you can either

use

http://192.168.1.1

2. Login first

The default password is the ‘1234’.

3. Configure Prestige for Internet access on Network > WAN > Internet Connection

The Web screen shown below takes PPPoE as the example.

P320W Support Notes

Select “Get automatically from ISP” if the ISP provides the IP dynamically, otherwise select “Use Fixed IP address” and enter the static IP given by ISP in the box following “MY WAN IP Address”

field.

P320W Support Notes

Configure an Internal Server Behind SUA

• Introduction

If you wish, you can make internal servers (e.g., Web, ftp or mail server) accessible for outside users, even though SUA makes your LAN appear as a single machine to the outside world. A service is identified by the port number. Also, since you need to specify the IP address of a server in the Prestige, a server must have a fixed IP address and not be a DHCP client whose IP address potentially changes each time it is powered on.

In addition to the servers for specific services, SUA supports a default server. A service request that does not have a server explicitly designated for it is forwarded to the default server. If the default server is not defined, the service request is simply discarded.

• Configuration

To make a server visible to the outside world, specify the port number of the service and the inside address of the server in Network > NAT > Port Forwarding. The outside users can access the local server using the Prestige's

WAN IP address.

For example (Configuring internal FTP, Telnet, and emule server for outside access) each on a different PC you would have to make configuration as follow:

P320W Support Notes

• Port numbers for some common services

Service Port Number

FTP 21

Telnet 23

SMTP 25

DNS (Domain Name Server) 53

www-http (Web) 80

P320W Support Notes

Using the Dynamic DNS (DDNS)

1. What is DDNS?

The DDNS service, an IP Registry provides a public central database where information such as email addresses, hostnames, IPs etc. can be stored and retrieved. This solves the problems if your DNS server uses an IP associated with dynamic IPs.

Without DDNS, we always tell the users to use the WAN IP of the Prestige to access the internal server. It is inconvenient for the users if this IP is dynamic. With DDNS supported by the Prestige, you apply a DNS name (e.g., www.zyxel.com.tw) for your server (e.g., Web server) from a DDNS server. The outside users can always access the web server using the www.zyxel.com.tw regardless of the WAN IP of the Prestige.

When the ISP assigns the Prestige a new IP, the Prestige must inform the DDNS server the change of this IP so that the server can update its IP-to-DNS entry. Once the IP-to-DNS table in the DDNS server is updated, the DNS name for your web server (i.e., www.zyxel.com.tw) is still usable.

The DDNS server stores password-protected email addresses with IPs and hostnames and accepts queries based on email addresses. So, there must be an email entry in the Prestige menu 1.

The DDNS servers the Prestige supports currently is

WWW.DYNDNS.ORG where you apply the DNS

from and update the WAN IP to.

• Setup the DDNS

• Before configuring the DDNS settings in the Prestige, you must register an account from the

DDNS server such as WWW.DYNDNS.ORG first. After the registration, you have a hostname for your internal server and a password using to update the IP to the DDNS server.

• Go to menu Maintenance > System > Dynamic DNS to configure DDNS

P320W Support Notes

Key Settings for using DDNS function:

Option Description

Enter the DDNS server in this field. Currently, we support

Service Provider

WWW.DYNDNS.ORG.

Active

Toggle to

'Yes'.

Enter the hostname you subscribe from the above DDNS server. For example,

Host

zyxel.com.tw.

User Name Password

Enter the user name that Enter the password that the DDNS server gives to you. Enter the hostname for the wildcard function that the

Enable Wildcard

supports. Note that Wildcard option is available only when the provider is

WWW.DYNDNS.ORG.

Network Management Using SNMP

WWW.DYNDNS.ORG

1. SNMP Overview

The Simple Network Management Protocol (SNMP) is an applications-layer protocol used to exchange the management information between network devices (e.g., routers). By using SNMP, network administrators can more easily manage network performance, find and solve network problems. The

P320W Support Notes

SNMP is a member of the TCP/IP protocol suite, it uses the UDP to exchange messages between a management Client and an Agent, residing in a network node.

There are two versions of SNMP: Version 1 and Version 2. ZyXEL supports SNMPv1. Most of the changes introduced in Version 2 increase SNMP's security capabilities. SNMP encompasses three main areas:

1. A small set of management operations.

2. Definitions of management variables.

3. Data representation.

The operations allowed are: Get, GetNext, Set, and

Trap. These functions operate on variables that exist

in network nodes. Examples of variables include statistic counters, node port status, and so on. All of the SNMP management functions are carried out through these simple operations. No action operations are available, but these can be simulated by the setting of flag variables. For example, to reset a node, a counter variable named 'time to reset' could be set to a value, causing the node to reset after the time had elapsed.

SNMP variables are defined using the OSI Abstract Syntax Notation One (ASN.1). ASN.1 specifies how a variable is encoded in a transmitted data frame; it is very powerful because the encoded data is self-defining. For example, the encoding of a text string includes an indication that the data unit is a string, along with its length and value. ASN.1 is a flexible way of defining protocols, especially for network management protocols where nodes may support different sets of manageable variables.

The net of variables that each node supports is called the Management Information Base (MIB). The MIB is made up of several parts, including the Standard MIB, specified as part of SNMP, and Enterprise Specific MIB, which are defined by different manufacturer for hardware specific management.

The current Internet-standard MIB, MIB-II, is defined in RFC 1213 and contains 171 objects. These objects are grouped by protocol (including TCP, IP, UDP, SNMP, and other categories, including 'system' and 'interface.'

The Internet Management Model is as shown in figure 1. Interactions between the NMS and managed devices can be any of four different types of commands:

6. Reads

Read is used to monitor the managed devices, NMSs read variables that are maintained by the devices.

P320W Support Notes

7. Writes

Write is used to control the managed devices, NMSs write variables that are stored in the managed devices.

8. Traversal operations

NMSs use these operations to determine which variables a managed device supports and to sequentially gather information from variable tables (such as IP routing table) in managed devices.

9. Traps

The managed devices to asynchronously report certain events to NMSs use trap.

2. SNMPv1 Operations

SNMP itself is a simple request/response protocol. 4 SNMPv1 operations are defined as below.

P320W Support Notes

• Get

Allows the NMS to retrieve an object variable from the agent.

• GetNext

Allows the NMS to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a NMS wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.

• Set

Allows the NMS to set values for object variables within an agent.

• Trap

Used by the agent to inform the NMS of some events.

The SNMPv1 messages contains two part. The first part contains a version and a community name. The second part contains the actual SNMP protocol data unit (PDU) specifying the operation to be performed (Get, Set, and so on) and the object values involved in the operation. The following figure shows the SNMPv1 message format.

The SNMP PDU contains the following fields:

• PDU type Specifies the type of PDU.

• Request ID Associates requests with responses.

• Error status Indicates an error and an error type.

• Error index Associates the error with a particular object variable.

P320W Support Notes

• Variable-bindings Associates particular object with their value.

3. ZyXEL SNMP Implementation

ZyXEL currently includes SNMP support in some Prestige routers. It is implemented based on the SNMPv1, so it will be able to communicate with SNMPv1 NMSs. For SNMPv1 operation, ZyXEL permits one community string so that the router can belong to only one community and allows trap messages to be sent to only one NMS manager.

Some traps are sent to the SNMP manager when anyone of the following events happens:

• coldStart (defined in RFC-1215) :

If the machine coldstarts, the trap will be sent after booting.

• warmStart (defined in RFC-1215) :

If the machine warmstarts, the trap will be sent after booting.

• linkDown (defined in RFC-1215) :

If any link of WAN is down, the trap will be sent with the port number . The port number is its interface index under the interface group.

• linkUp (defined in RFC-1215) :

If any link of WAN is up, the trap will be sent with the port number . The port number is its interface index under the interface group.

• authenticationFailure (defined in RFC-1215) :

When receiving any SNMP get or set requirement with wrong community, this trap is sent to the manager.

1. whyReboot (defined in ZYXEL-MIB) :

When the system is going to restart (warmstart), the trap will be sent with the reason of restart before rebooting.

(i) For intentional reboot:

P320W Support Notes

In some cases (download new files, CI command "sys reboot", ...), reboot is done intentionally. And traps with the message "System reboot by user!" will be sent.

(ii) For fatal error:

System has to reboot for some fatal errors. And traps with the message of the fatal code will be sent.

4. Configure the Prestige for SNMP

The SNMP related settings in Prestige are configured in Management > Remote Management > SNMP The following screenshot describe a simple setup procedure for configuring all SNMP setting s.

Key Settings:

Option Descriptions

Enter the correct Get Community. This Get Community must match the 'Get-' and

Get Community

'GetNext' community requested from the NMS.

P320W Support Notes

Set Community

Enter the correct Set Community. This Set Community must match the 'Set-community requested from the NMS.

Using Prestige traffic redirect

• What is Traffic Redirect?

Traffic redirect forwards WAN traffic to a backup gateway when Prestige cannot connect to the Internet through its normal gateway. Thus make your backup gateway as an auxiliary backup of your WAN connection. Once Prestige detects it's WAN connectivity is broken, Prestige will try to forward outgoing traffic to backup gateway that users specify in traffic redirect configuration menu.

• How to deploy backup gateway?

You can deploy the backup gateway on LAN of Prestige.

Traffic Redirect on LAN port

• Traffic Redirect Setup

Configure parameters that determine when Prestige will forward WAN traffic to the backup gateway using web configuration. The configuration page is in Network > WAN > Traffic Redirect.

P320W Support Notes

Using Universal Plug n Play (UPnP)

• 1. What is UPnP

UPnP (Universal Plug and Play) makes connecting PCs of all form factors, intelligent appliances, and wireless devices in the home, office, and everywhere in between easier and even automatic by leveraging TCP/IP and Web technologies. UPnP can be supported on essentially any operating system and works with essentially any type of physical networking media – wired or wireless.

UPnP also supports NAT Traversal which can automatically solve many NAT unfriendly problems. By UPnP, applications assign the dynamic port mappings to Internet gateway and delete the mappings when the connections are complete.

The key components in UPnP are devices, services, and control points.

• Devices: Network devices, such as networking gateways, TV, refrigerators, printers...etc, which

provides services.

• Services: Services are provided by devices, such as time services provided by alarm clocks. In

UPnP, services are described in XML format. Control points can set/get services information from devices.

P320W Support Notes

• Control points: Control points can manipulate network devices when you add a new control point

(in this case, a laptop) to a network, the device may ask the network to find UPnP-enabled devices. These devices respond with their URLs and device descriptions.

UPnP Operations

• Addressing: UPnPv1 devices MAY support IPv4, IPv6, or both. For IPv4, each devices should

have DHCP client, when the device gets connected to the network, it will discover DHCP server on network to get an IP address. If not, then Auto-IP mechanism should be supported so that the device can give itself an IP address.(169.254.0.0/16)

• work, it will advertise it's service over the

Discovery: Whenever a device is added on the net network. Control point can also discover services provided by devices.

• om devices' description in

Description: Control points can get more detailed service information fr XML format. The description may include product name, model name, serial number, vendor ID, and embedded services...etc.

• ipulated by control points through Control message.

Control: Devices can be man

• Eventing: Devices can send event message to notify control points if there is

any update on

services provided.

• device can provide their own control interface by URL link. So that users can

Presentation: Each go to the device's presentation web page by the URL to control this device.

• 2. Using UPnP in ZyXEL devices

P320W Support Notes

In t nable UPnP function in ZyXEL devices. Currently, Microsoft

his example, we will introduce how to e MSN is the most popular application exploiting UPnP, so we take Microsoft MSN application as an example in this support note. You can learn how MSN benefit from NAT traversal feature in UPnP in this application note.

In the diagram, su

ppose PC1 and PC2 both sign in MSN server, and they would like to establish a video conference. PC1 is behind PPPoE dial-up router which supports UPnP. Since the router supports UPnP, we don't need to setup NAT mapping for PC1. As long as we enable UPnP function on the router, PC1 will assign the mapping to the router dynamically. Note that since PC1 must support UPnP, we presume that it's OS is Microsoft WinME or WinXP.

Device: P320W

Service: NAT function provided by Prestige Router

Control Point: PC

1. Enable UPnP fun

Go to Management->UPnP, check Enable

ction in ZyXEL device

UPnP service.

This check box enables UPnP function in this device.

P320W Support Notes

2. After getting IP address, you can go to open MSN application on PC and sign in MSN server.

3. Start a Video conversation with one online user.

4. On the opposite side, your partner select Accept to accept your conversation request.

P320W Support Notes

5. Finally, your video conversation is achieved.

+ 52 hidden pages