Home » ZyXEL Manuals » Networking » ZyXEL G-2000 Plus v2 » Manual Viewer

ZyXEL G-2000 Plus v2 User Guide - Page 191

Internal RADIUS Server Setting

Get ZyXEL G-2000 Plus v2 PDF manuals and user guides

View all ZyXEL G-2000 Plus v2 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 191 highlights

ZyXEL G-2000 Plus v2 User's Guide 15.2 Internal RADIUS Server Setting The INTERNAL RADIUS SERVER Setting screen displays information about certificates. The certificates are used by wireless clients to authenticate the RADIUS server. Information matching the certificate is held on the wireless clients utility, for example, Funk Software's Odyssey client. A password and user name on the utility must match the Trusted Users list so that the RADIUS server can be authenticated. ZyXEL recommends that you replace the factory default certificate with one that uses your ZyXEL device's MAC address. This can be done when you first log in to the ZyXEL device or in the Advanced web configurator Certificates screen. Note: The internal RADIUS server does not support domain accounts (DOMAIN/ user). When you configure your Windows XP SP2 Wireless Zero Configuration PEAP/MS-CHAPv2 settings, deselect the Use Windows logon name and password checkbox. When authentication begins, a pop-up dialog box requests you to type a Name, Password and Domain of the RADIUS server. Specify a Name and Password only, do not specify a domain. Refer to the My Certificates section in the Certifications chapter for information on how to replace, add or remove certificates. Click the AUTH SERVER link under ADVANCED and then the Setting tab. The screen appears as shown. Chapter 15 Internal RADIUS Server 191

Section	Page
User’s Guide	1
Copyright	3
Certifications	4
Safety Warnings	6
ZyXEL Limited Warranty	7
Customer Support	8
Table of Contents	11
List of Figures	25
List of Tables	31
Preface	35
Getting to Know Your Device	37
1.1 Introducing the ZyXEL G-2000 Plus v2	37
1.2 Features	37
1.2.1 Physical Features	37
1.2.2 Firmware Features	38
1.3 Applications for the ZyXEL device	43
1.3.1 Internet Access and Wireless Network	43
1.3.2 Firewall for Secure Broadband Internet Access	44
Introducing the Web Configurator	45
2.1 Web Configurator Overview	45
2.2 Accessing the ZyXEL device Web Configurator	45
2.3 Resetting the ZyXEL device	47
2.3.1 .Procedure To Use The Reset Button	47
2.3.2 Method of Restoring Factory-Defaults Via Web Configurator	47
2.4 Navigating the ZyXEL device Web Configurator	47
Wizard Setup	51
3.1 Wizard Setup Overview	51
3.2 General Setup	51
3.3 Wizard Setup Wireless LAN	52
3.3.1 Name (SSID), Channel ID and Security	53
3.3.2 Configuring WEP or WPA(2)-PSK Security	54
3.3.3 Confirm Security Settings	55
3.4 Wizard Setup WAN	56
3.4.1 Ethernet	56
3.4.2 PPPoE Encapsulation	58
3.4.3 PPTP Encapsulation	59
3.5 Wizard Setup WAN IP	61
3.5.1 WAN IP Address Assignment	61
3.5.2 IP Address and Subnet Mask	61
3.5.3 DNS Server Address Assignment	62
3.5.4 WAN MAC Address	62
3.6 Basic Setup Complete	64
System Screens	67
4.1 System Overview	67
4.2 Configuring General Setup	67
4.3 Dynamic DNS	68
4.3.1 DynDNS Wildcard	68
4.4 Configuring Dynamic DNS	69
4.5 Configuring Password	70
4.6 Configuring Time Setting	71
LAN Screens	73
5.1 LAN Overview	73
5.2 DHCP Setup	73
5.2.1 IP Pool Setup	73
5.2.2 System DNS Servers	73
5.3 LAN TCP/IP	73
5.3.1 Factory LAN Defaults	73
5.3.2 IP Address and Subnet Mask	74
5.3.3 RIP Setup	74
5.3.4 Multicast	74
5.4 Configuring IP	75
5.5 Configuring Static DHCP	78
5.6 Configuring IP Alias	79
Wireless LAN	81
6.1 Wireless Network Overview	81
6.2 Wireless Security Overview	82
6.2.1 SSID	82
6.2.2 MAC Address Filter	82
6.2.3 User Authentication	82
6.2.4 Encryption	83
6.3 Additional Wireless Terms	84
6.4 Configuring Wireless	84
6.5 Wireless Security - No Security	86
6.6 Configuring WEP Encryption	87
6.7 Configuring WPA(2)-PSK Authentication	89
6.8 Configuring WPA(2) Authentication	91
6.9 Configuring RADIUS	93
6.10 Configuring 802.1x	95
6.11 MAC Filter	97
6.12 Configuring Roaming	99
WAN	101
7.1 WAN Overview	101
7.2 Configuring WAN ISP	101
7.2.1 Ethernet Encapsulation	101
7.2.1.1 Service Type	102
7.2.2 PPPoE Encapsulation	103
7.2.3 PPTP Encapsulation	105
7.3 Configuring WAN IP	107
7.4 Configuring WAN MAC	110
Single User Account (SUA) / Network Address Translation (NAT)	113
8.1 NAT Overview	113
8.1.1 NAT Definitions	113
8.1.2 What NAT Does	114
8.1.3 How NAT Works	114
8.1.4 NAT Application	115
8.1.5 NAT Mapping Types	116
8.2 Using NAT	117
8.2.1 SUA (Single User Account) Versus NAT	117
8.3 SUA Server	117
8.3.1 Default Server IP Address	118
8.3.2 Port Forwarding: Services and Port Numbers	118
8.3.3 Configuring Servers Behind SUA (Example)	119
8.4 Configuring SUA Server	119
8.5 Configuring Address Mapping	121
8.5.1 Configuring Address Mapping	123
8.6 Trigger Port Forwarding	125
8.6.1 Trigger Port Forwarding Example	126
8.6.2 Two Points To Remember About Trigger Ports	126
8.7 Configuring Trigger Port Forwarding	126
Static Route Screens	129
9.1 Static Route Overview	129
9.2 Configuring IP Static Route	129
9.2.1 Configuring Route Entry	131
Firewalls	133
10.1 Firewall Overview	133
10.2 Types of Firewalls	133
10.2.1 Packet Filtering Firewalls	133
10.2.2 Application-level Firewalls	133
10.2.3 Stateful Inspection Firewalls	134
10.3 Introduction to ZyXEL’s Firewall	134
10.4 Denial of Service	135
10.4.1 Basics	135
10.4.2 Types of DoS Attacks	136
10.4.2.1 ICMP Vulnerability	139
10.4.2.2 Traceroute	139
10.5 Stateful Inspection	140
10.5.1 Stateful Inspection Process	140
10.5.2 Stateful Inspection and the ZyXEL device	141
10.5.3 TCP Security	142
10.5.4 UDP/ICMP Security	142
10.5.5 Upper Layer Protocols	142
10.6 Guidelines For Enhancing Security With Your Firewall	143
10.7 Packet Filtering Vs Firewall	143
10.7.1 Packet Filtering:	143
10.7.1.1 When To Use Filtering	144
10.7.2 Firewall	144
10.7.2.1 When To Use The Firewall	144
Firewall Screens	145
11.1 Access Methods	145
11.2 Firewall Policies Overview	145
11.3 Rule Logic Overview	146
11.3.1 Rule Checklist	146
11.3.2 Security Ramifications	146
11.3.3 Key Fields For Configuring Rules	147
11.3.3.1 Action	147
11.3.3.2 Service	147
11.3.3.3 Source Address	147
11.3.3.4 Destination Address	147
11.4 Connection Direction Examples	147
11.4.1 LAN to WAN Rules	148
11.4.2 WAN to LAN Rules	148
11.5 Alerts	149
11.6 Configuring Firewall	149
11.6.1 Rule Summary	150
11.6.2 Configuring Firewall Rules	152
11.6.3 Configuring Custom Services	155
11.7 Example Firewall Rule	156
11.8 Predefined Services	159
Content Filtering	163
12.1 Introduction to Content Filtering	163
12.2 Restrict Web Features	163
12.3 Days and Times	163
12.4 Configure Content Filtering	163
Remote Management Screens	167
13.1 Remote Management Overview	167
13.1.1 Remote Management Limitations	167
13.1.2 Remote Management and NAT	168
13.1.3 System Timeout	168
13.2 Configuring WWW	168
13.3 Configuring TELNET	169
13.4 Configuring FTP	171
13.5 SNMP	172
13.5.1 Supported MIBs	173
13.5.2 SNMP Traps	173
13.5.3 Configuring SNMP	174
13.6 Configuring DNS	175
13.7 Configuring Security	176
UPnP	179
14.1 Universal Plug and Play Overview	179
14.1.1 How Do I Know If I'm Using UPnP?	179
14.1.2 NAT Traversal	179
14.1.3 Cautions with UPnP	179
14.2 UPnP and ZyXEL	180
14.3 Configuring UPnP	180
14.4 Installing UPnP in Windows Example	181
14.4.1 Installing UPnP in Windows Me	181
14.4.2 Installing UPnP in Windows XP	182
14.5 Using UPnP in Windows XP Example	183
14.5.1 Auto-discover Your UPnP-enabled Network Device	184
14.5.2 Web Configurator Easy Access	185
14.5.3 Web Configurator Easy Access	186
Internal RADIUS Server	189
15.1 Internal RADIUS Overview	189
15.2 Internal RADIUS Server Setting	191
15.3 Trusted AP Overview	193
15.4 Configuring Trusted AP	194
15.5 Trusted Users Overview	195
15.6 Configuring Trusted Users	195
Certificates	199
16.1 Certificates Overview	199
16.1.1 Advantages of Certificates	200
16.2 Self-signed Certificates	200
16.3 Configuration Summary	200
16.4 My Certificates	200
16.5 Certificate File Formats	203
16.6 Importing a Certificate	203
16.7 Creating a Certificate	204
16.8 My Certificate Details	207
16.9 Trusted CAs	210
16.10 Importing a Trusted CA’s Certificate	212
16.11 Trusted CA Certificate Details	213
Log Screens	217
17.1 Configuring View Log	217
17.2 Configuring Log Settings	218
17.3 Configuring Reports	221
Maintenance	223
18.1 Maintenance Overview	223
18.2 System Status Screen	223
18.2.1 System Statistics	225
18.3 DHCP Table Screen	225
18.4 Association List	227
18.5 F/W Upload Screen	228
18.6 Configuration Screen	230
18.6.1 Backup Configuration	231
18.6.2 Restore Configuration	231
18.6.3 Back to Factory Defaults	233
18.7 Restart Screen	233
Introducing the SMT	235
19.1 SMT Introduction	235
19.2 Connect to your ZyXEL device Using Telnet	235
19.2.1 Entering Password	235
19.3 Changing the System Password	236
19.4 ZyXEL device SMT Menu Overview Example	236
19.5 Navigating the SMT Interface	237
19.5.1 System Management Terminal Interface Summary	239
19.6 Changing the System Password	239
General Setup	241
20.1 General Setup	241
20.1.1 Procedure To Configure Menu 1	241
20.1.2 Procedure to Configure Dynamic DNS	243
Menu 2 WAN Setup	245
21.1 Introduction to WAN	245
21.2 WAN Setup	245
LAN Setup	247
22.1 LAN Setup	247
22.1.1 General Ethernet Setup	247
22.2 Protocol Dependent Ethernet Setup	248
22.3 TCP/IP Ethernet Setup and DHCP	248
22.3.1 IP Alias Setup	250
22.4 Wireless LAN Setup	252
22.4.1 Configuring MAC Address Filter	254
Internet Access	257
23.1 Introduction to Internet Access Setup	257
23.2 Ethernet Encapsulation	257
23.3 Configuring the PPTP Client	258
23.4 Configuring the PPPoE Client	260
23.5 Basic Setup Complete	261
Remote Node Configuration	263
24.1 Introduction to Remote Node Setup	263
24.2 Remote Node Profile Setup	263
24.2.1 Ethernet Encapsulation	263
24.2.2 PPPoE Encapsulation	266
24.2.2.1 Outgoing Authentication Protocol	266
24.2.2.2 Nailed-Up Connection	266
24.2.3 PPTP Encapsulation	267
24.3 Edit IP	269
24.4 Remote Node Filter	271
Static Route Setup	273
25.1 IP Static Route Setup	273
Dial-in User Setup	275
26.1 Dial-in User Setup	275
Network Address Translation (NAT)	277
27.1 Using NAT	277
27.1.1 SUA (Single User Account) Versus NAT	277
27.2 Applying NAT	277
27.3 NAT Setup	279
27.3.1 Address Mapping Sets	279
27.3.1.1 User-Defined Address Mapping Sets	281
27.3.1.2 Ordering Your Rules	282
27.4 Configuring a Server behind NAT	284
27.5 General NAT Examples	285
27.5.1 Example 1: Internet Access Only	286
27.5.2 Example 2: Internet Access with an Inside Server	286
27.5.3 Example 3: Multiple Public IP Addresses With Inside Servers	287
27.5.4 Example 4: NAT Unfriendly Application Programs	291
27.6 Configuring Trigger Port Forwarding	292
Filter Configuration	295
28.1 Introduction to Filters	295
28.1.1 The Filter Structure of the ZyXEL device	296
28.2 Configuring a Filter Set	297
28.2.1 Configuring a Filter Rule	300
28.2.2 Configuring a TCP/IP Filter Rule	300
28.2.3 Configuring a Generic Filter Rule	304
28.3 Example Filter	306
28.4 Filter Types and NAT	309
28.5 Firewall Versus Filters	309
28.6 Applying a Filter	309
28.6.1 Applying LAN Filters	309
28.6.2 Applying Remote Node Filters	310
Enabling the Firewall	311
29.1 Remote Management and the Firewall	311
29.2 Access Methods	311
29.3 Enabling the Firewall	311
SNMP Configuration	313
30.1 About SNMP	313
30.2 Supported MIBs	314
30.3 SNMP Configuration	314
30.4 SNMP Traps	315
System Security	317
31.1 System Security	317
31.1.1 System Password	317
31.1.2 Configuring External RADIUS Server	317
31.1.3 802.1x	319
System Information and Diagnosis	323
32.1 System Status	323
32.2 System Information	325
32.2.1 System Information	325
32.2.2 Console Port Speed	326
32.3 Log and Trace	326
32.3.1 Viewing Error Log	326
32.3.2 UNIX Syslog	327
32.3.2.1 CDR	328
32.3.2.2 Packet triggered	328
32.3.2.3 Filter log	329
32.3.2.4 PPP log	329
32.3.2.5 Firewall log	330
32.3.3 Call-Triggering Packet	330
32.4 Diagnostic	331
32.4.1 WAN DHCP	332
Firmware and Configuration File Maintenance	335
33.1 Filename Conventions	335
33.2 Backup Configuration	336
33.2.1 Backup Configuration Using FTP	336
33.2.2 Using the FTP command from the DOS Prompt	337
33.2.3 GUI-based FTP Clients	338
33.2.4 TFTP and FTP over WAN Management Limitations	338
33.2.5 Backup Configuration Using TFTP	339
33.2.6 Example: TFTP Command	339
33.2.7 GUI-based TFTP Clients	340
33.3 Restore Configuration	340
33.3.1 Restore Using FTP	340
33.3.2 Restore Using FTP Session Example	341
33.4 Uploading Firmware and Configuration Files	342
33.4.1 Firmware Upload	342
33.4.2 Configuration File Upload	343
33.4.3 Using the FTP command from the DOS Prompt Example	343
33.4.4 TFTP File Upload	344
33.4.5 Example: TFTP Command	345
System Maintenance and Information	347
34.1 Command Interpreter Mode	347
34.2 Call Control Support	348
34.2.1 Budget Management	349
34.2.2 Call History	350
34.3 Time and Date Setting	351
34.3.1 Resetting the Time	353
Remote Management	355
35.1 Remote Management	355
35.1.1 Telnet	356
35.1.2 FTP	357
35.1.3 Web	357
35.1.4 Remote Management Limitations	357
35.2 Remote Management and NAT	357
35.3 System Timeout	358
Call Scheduling	359
36.1 Introduction to Call Scheduling	359
Troubleshooting	363
Problems Starting Up the ZyXEL device	363
Problems with the Ethernet Interface	363
Problems with the Password	364
Problems with Telnet	364
Problems with the WLAN Interface	364
Product Specifications	365
Brute-Force Password Guessing Protection	367
Example	367
Setting up Your Computer’s IP Address	369
Windows 95/98/Me	369
Installing Components	370
Configuring	371
Verifying Settings	372
Windows 2000/NT/XP	372
Verifying Settings	376
Macintosh OS 8/9	376
Verifying Settings	378
Macintosh OS X	378
Verifying Settings	379
IP Address Assignment Conflicts	381
Case A: The ZyXEL device is using the same LAN and WAN IP addresses	381
Case B: The ZyXEL device LAN IP address conflicts with the DHCP client IP address	381
Case C: The Subscriber IP address is the same as the IP address of a network device	382
Case D: Two or more subscribers have the same IP address.	382
IP Subnetting	385
IP Addressing	385
IP Classes	385
Subnet Masks	386
Subnetting	386
Example: Two Subnets	387
Example: Four Subnets	389
Example Eight Subnets	390
Subnetting With Class A and Class B Networks.	391
Command Interpreter	393
Command Syntax	393
Command Usage	393
Log Descriptions	395
Log Commands	396
Configuring What You Want the ZyXEL device to Log	397
Displaying Logs	397
Log Command Example	398
Wireless LAN and IEEE 802.11	399
Benefits of a Wireless LAN	399
IBSS	399
BSS	400
ESS	401
Wireless LAN Basics	402
RTS/CTS	402
Fragmentation Threshold	403
IEEE 802.11	404
Wireless LAN Security	405
IEEE 802.11g Wireless LAN	405
IEEE 802.1x	405
RADIUS	406
Types of RADIUS Messages	406
Types of Authentication	407
EAP-MD5 (Message-Digest Algorithm 5)	407
EAP-TLS (Transport Layer Security)	407
EAP-TTLS (Tunneled Transport Layer Service)	407
PEAP (Protected EAP)	408
LEAP	408
Dynamic WEP Key Exchange	408
WEP Authentication	408
WPA(2)	410
Encryption	410
User Authentication	411
Wireless Client WPA Supplicants	411
WPA with RADIUS Application Example	411
Security Parameters Summary	413
RADIUS Server Authentication Sequence	414
Mutual Authentication with Internal RADIUS server.	414
Types of EAP Authentication	417
EAP-MD5 (Message-Digest Algorithm 5)	417
EAP-TLS (Transport Layer Security)	417
EAP-TTLS (Tunneled Transport Layer Service)	417
PEAP (Protected EAP)	418
LEAP	418
Roaming	419
Roaming Overview	419
Requirements for Roaming	420
Antenna Selection and Positioning Recommendation	421
Antenna Characteristics	421
Frequency	421
Radiation Pattern	421
Antenna Gain	421
Types of Antennas For WLAN	422
Positioning Antennas	422
Connector Type	422
Triangle Route	423
The Ideal Setup	423
The “Triangle Route” Problem	423
The “Triangle Route” Solutions	424
IP Aliasing	424
Gateways on the WAN Side	425
Numerics	427
A	427
B	428
C	428
D	429
E	429
F	430
G	431
H	431
I	431
J	432
K	432
L	432
M	433
N	433
O	434
P	434
Q	435
R	435
S	436
T	438
U	439
V	439
W	439