HS-100 / HS-100W Parental Control Gateway User’s Guide Version 3.
HomeSafe User’s Guide Copyright Copyright © 2004 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
HomeSafe User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: This device may not cause harmful interference. This device must accept any interference received, including interference that may cause undesired operations. This equipment has been tested and found to comply with the limits for a CLASS B digital device pursuant to Part 15 of the FCC Rules.
HomeSafe User’s Guide Information for Canadian Users The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Industry Canada does not guarantee that the equipment will operate to a user's satisfaction. Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company.
HomeSafe User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
HomeSafe User’s Guide Customer Support When you contact your customer support representative please have the following information ready: Please have the following information ready when you contact customer support. • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it.
HomeSafe User’s Guide Table of Contents Getting Started..................................................................................................................................................I Chapter 1 Getting to Know Your HomeSafe .............................................................................................. 1-1 1.1 HomeSafe Parental Control Gateway Overview ......................................................................... 1-1 1.2 HomeSafe Features ......................
HomeSafe User’s Guide 6.1 Wireless LAN Overview ................................................................................................................ 6-1 6.2 Wireless LAN Basics ...................................................................................................................... 6-3 6.3 Configuring Wireless ..................................................................................................................... 6-4 6.4 Configuring Roaming .............................
HomeSafe User’s Guide UPnP, Parental Control and Firewall ..........................................................................................................IV Chapter 11 UPnP ........................................................................................................................................ 11-1 11.1 Universal Plug and Play Overview......................................................................................... 11-1 11.2 UPnP and ZyXEL....................................
HomeSafe User’s Guide SMT General Configuration....................................................................................................................... VII Chapter 17 Introducing the SMT.............................................................................................................. 17-1 17.1 SMT Introduction.................................................................................................................... 17-1 17.2 Navigating the SMT Interface ..................
HomeSafe User’s Guide 27.1 Introduction to Filters............................................................................................................. 27-1 27.2 Configuring a Filter Set .......................................................................................................... 27-3 27.3 Example Filter ......................................................................................................................... 27-9 27.4 Filter Types and NAT ................................
HomeSafe User’s Guide List of Figures Figure 1-1 Secure Internet Access via Cable, DSL or Wireless Modem ..................................................... 1-5 Figure 1-2 HomeSafe Parental Control Gateway Application..................................................................... 1-5 Figure 1-3 Wireless LAN Application Example.......................................................................................... 1-6 Figure 2-1 Welcome Menu ........................................................
HomeSafe User’s Guide Figure 4-2 SYSTEM : DDNS...................................................................................................................... 4-3 Figure 4-3 SYSTEM : Password ................................................................................................................. 4-4 Figure 4-4 SYSTEM : Time Setting ............................................................................................................ 4-5 Figure 5-1 Any IP Example Application.............
HomeSafe User’s Guide Figure 9-7 Trigger Port Forwarding Process: Example ............................................................................. 9-10 Figure 9-8 Trigger Port.............................................................................................................................. 9-11 Figure 10-1 Example of Static Routing Topology ..................................................................................... 10-1 Figure 10-2 Static Route......................................
HomeSafe User’s Guide Figure 17-3 SMT Main Menu ................................................................................................................... 17-3 Figure 17-4 Menu 23 System Password .................................................................................................... 17-4 Figure 18-1 Menu 1 General Setup ........................................................................................................... 18-1 Figure 18-2 Menu 1.1 Configure Dynamic DNS ............
HomeSafe User’s Guide Figure 25-16 Example 3: Menu 15.1.1.1................................................................................................. 25-10 Figure 25-17 Example 3: Final Menu 15.1.1........................................................................................... 25-10 Figure 25-18 NAT Example 4 ................................................................................................................. 25-11 Figure 25-19 Example 4: Menu 15.1.1.1 Address Mapping Rule ....
HomeSafe User’s Guide Figure 32-2 Valid Commands.................................................................................................................... 32-2 Figure 32-3 Menu 24.9 System Maintenance : Call Control ..................................................................... 32-2 Figure 32-4 Budget Management .............................................................................................................. 32-2 Figure 32-5 Call History.........................................
HomeSafe User’s Guide List of Tables Table 1-1 IEEE 802.11b .............................................................................................................................. 1-2 Table 1-2 IEEE 802.11g .............................................................................................................................. 1-3 Table 2-1 Wizard Step 1 : Administrator Password .....................................................................................
HomeSafe User’s Guide Table 7-6 WLAN : Wireless : 802.1x and Dynamic WEP......................................................................... 7-13 Table 7-7 WLAN : Wireless : 802.1x and Static WEP .............................................................................. 7-14 Table 7-8 WLAN : Wireless: 802.1x ......................................................................................................... 7-16 Table 7-9 WLAN : MAC Address Filter ..............................................
HomeSafe User’s Guide Table 16-6 Maintenance : Firmware Upload ............................................................................................. 16-5 Table 16-7 Maintenance : Restore Configuration...................................................................................... 16-7 Table 17-1 Main Menu Commands ........................................................................................................... 17-2 Table 17-2 Main Menu Summary.........................................
HomeSafe User’s Guide Table 32-1 Budget Management................................................................................................................ 32-3 Table 32-2 Call History Fields................................................................................................................... 32-3 Table 32-3 Time and Date Setting Fields .................................................................................................. 32-4 Table 33-1 Menu 24.
HomeSafe User’s Guide Preface About This User's Manual Congratulations on your purchase of the HS-100 Parental Control Gateway or HS-100W Parental Control Gateway. This manual is designed to guide you through the configuration of your HomeSafe for its various applications. )Control Some parts of this manual relate to the Wireless Parental Gateway. )(SMT)Useorthecommand web configurator, System Management Terminal interpreter interface to configure your HomeSafe.
HomeSafe User’s Guide Syntax Conventions • • • • • • The version number on the title page is the latest firmware version that is documented in this User’s Guide. Earlier versions may also be included. “Enter” means for you to type one or more characters and press the carriage return. “Select” or “Choose” means for you to use one of the predefined choices. The SMT menu titles and labels are in Bold Times New Roman font. Command and arrow keys are enclosed in square brackets.
HomeSafe User’s Guide Preface xxv
Getting Started Part I: Getting Started This part helps you get to know your HomeSafe, introduces the web configurator and covers how to configure the Connection and Parental Control Wizard Setup screens.
HomeSafe User’s Guide Chapter 1 Getting to Know Your HomeSafe This chapter introduces the main features and applications of the HomeSafe. 1.1 HomeSafe Parental Control Gateway Overview HomeSafe is a parental control security gateway that can give a parent control over a child’s Internet access privileges. It is the ideal secure gateway for all data passing between the Internet and LAN’s.
HomeSafe User’s Guide Content Filtering The HomeSafe can block access to Internet services according to how you configure parental control application blocking. You can define time periods and days during which content filtering is enabled and include or exclude categories on the LAN. Firewall The HomeSafe is a stateful inspection firewall with DoS (Denial of Service) protection.
HomeSafe User’s Guide Table 1-2 IEEE 802.11g DATA RATE (MBPS) 6/9/12/18/24/36/48/54 MODULATION OFDM (Orthogonal Frequency Division Multiplexing) Packet Filtering The packet filtering mechanism blocks unwanted traffic from entering/leaving your network. Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the HomeSafe and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.
HomeSafe User’s Guide Network Address Translation (NAT) Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).
HomeSafe User’s Guide Wireless Association List (HS-100W only) With the wireless association list, you can see the list of the wireless stations that are currently using the HomeSafe to access your wired network. 1.3 Applications for the HomeSafe Here are some examples of HomeSafe applications. 1.3.1 Secure Broadband Internet Access via Cable or DSL Modem You can connect a cable modem, DSL or wireless modem to the HomeSafe for broadband Internet access via an Ethernet or a wireless port on the modem.
HomeSafe User’s Guide 1.3.3 Wireless LAN Application Add a wireless LAN to your existing network without expensive network cables. Wireless stations can move freely anywhere in the coverage area and use resources on the wired network.
HomeSafe User’s Guide Chapter 2 Introducing the Web Configurator This chapter describes how to access the HomeSafe web configurator and provides an overview of the initial configuration screens. 2.1 Web Configurator Overview The embedded web configurator allows you to manage the HomeSafe from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled.
HomeSafe User’s Guide )HomeSafe The Welcome screen only appears when you first enter the web browser. After you fully configure the wizard you automatically proceed to the Password screen for all future logins, see Figure 2-25. You may go to the Welcome screen after initial configuration, only by resetting your HomeSafe to factory defaults. 2.3 Step 1 : System Administrator Password Setup You can configure your system password in the following screen.
HomeSafe User’s Guide Figure 2-3 Wizard Step 2 : Wireless LAN Setup The following table describes the fields in this screen. Table 2-2 Wizard Step 2 : Wireless LAN Setup LABEL DESCRIPTION ESSID Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the HomeSafe, make sure all wireless stations use the same ESSID in order to access the network.
HomeSafe User’s Guide Figure 2-4 Wizard Step 2 : Wireless LAN Setup Basic Security The following table describes the labels in this screen. Table 2-3 Wizard Step 2 : Wireless LAN Setup Basic Security LABEL WEP Encryption DESCRIPTION Select 64-bit WEP or 128-bit WEP data encryption. ASCII Select this option in order to enter ASCII characters as the WEP keys. HEX Select this option to enter hexadecimal characters as the WEP keys. The preceding “0x” is entered automatically.
HomeSafe User’s Guide )ESSID, The wireless stations and HomeSafe must use the same channel ID and Pre-Shared Key for wireless communication. Figure 2-5 Wizard Step 2 : Wireless LAN Setup Extend Security The following table describes the labels in this screen. Table 2-4 Wizard Step 2 : Wireless LAN Setup Extend Security LABEL DESCRIPTION Pre-Shared Key Type from 8 to 63 case-sensitive ASCII characters. Back Click Back to display the previous screen. Next Click Next to proceed to the next screen.
HomeSafe User’s Guide Table 2-5 Wizard Step 3 : Internet Access Setup LABEL DESCRIPTION Are you using a DSL service provider that requires a PPPoE login name and password? Select Yes from the drop-down list box if you are using a DSL service provider that requires PPPoE login information. Select No from the drop-down list box if your service provider does not require you to enter PPPoE information. You can select whether to configure a static WAN IP address or have it assigned dynamically.
HomeSafe User’s Guide Figure 2-8 Wizard Step 3 : Internet Access Setup The following table describes the labels in this screen. Table 2-7 Wizard Step 3 : Internet Access Setup LABEL DESCRIPTION Static Select DHCP to have your Internet connection configured for dynamic WAN IP address assignment. Select Static to manually setup your WAN IP address. Back Click Back to display the previous screen.
HomeSafe User’s Guide Table 2-8 Wizard Step 3 : Internet Access Static IP Address Setup LABEL DESCRIPTION Internet Access Setup My WAN IP Address My WAN IP Subnet Mask Gateway IP Address Enter your WAN IP address in this field. Type your network's IP subnet Mask. Enter the gateway IP address (if your ISP gave you one) in this field. DNS Server Address Assignment (if applicable) DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa.
HomeSafe User’s Guide Figure 2-11 Wizard Step 4 : Parental Control Wizard The following table describes the labels in this screen. Table 2-9 Wizard Step 4 : Parental Control Wizard LABEL DESCRIPTION Enable the Parental Control System Select the check box to allow the parent (LAN administrator) to have access control over a child’s (LAN user) Internet access. Do not enable the Parental Control System Select the check box to have no parental control configured.
HomeSafe User’s Guide Figure 2-12 Wizard Step 4 : Parental Control Time Setup The following table describes the labels in this screen. Table 2-10 Wizard Step 4 : Parental Control Time Setup LABEL DESCRIPTION Time Zone Choose the Time Zone of your location. This will set the time difference between your time zone and Greenwich Mean Time (GMT). Daylight Savings Select this option if you use daylight savings time.
HomeSafe User’s Guide Figure 2-13 Wizard Step 4 : Create or Edit a Profile The following table describes the labels in this screen. Table 2-11 Wizard Step 4 : Create or Edit a Profile LABEL DESCRIPTION Click a radio button to select a users profile. Username This field displays the username (up to 30 characters) for this user profile. Group This field displays the category of the profile user.
HomeSafe User’s Guide Figure 2-14 Wizard Step 4 : Parental Control Profile Information The following table describes the labels in this screen. Table 2-12 Wizard Step 4 : Parental Control Profile Information LABEL DESCRIPTION User Name Type the profile user name. Password Type the password associated with the user name above. Back Click Back to display the previous screen. Next Click Next to proceed to the next screen. 2.6.
HomeSafe User’s Guide Table 2-13 Wizard Step 4 : Parental Control User Group Category Select a radio button to configure a user for one of the following categories: ¾ Kids ¾ Young Teen ¾ Mature Teen ¾ Adult )access The administrator can decide each group’s rights. For example, if you do not want a child to access a chat room or instant messenger, you can select the category as Kids or Young Teen and block those services, see Figure 2-17.
HomeSafe User’s Guide The following table describes the labels in this screen. Table 2-14 Wizard Step 4 : Parental Control Time Allowance LABEL Unrestricted DESCRIPTION Select the check box for the day(s) that you do not want any time restrictions for user Internet access. )of time If services have been blocked and the amount has been selected as unrestricted, a user will still be unable to access those services.
HomeSafe User’s Guide Figure 2-17 Wizard Step 4 : Parental Control Application Blocking The following table describes the labels in this screen. Table 2-15 Wizard Step 4 : Parental Control Application Blocking LABEL DESCRIPTION Available services Select a service from the list and click the >> button to have the service blocked on a weekday (Monday to Friday), on a day in the weekend (Saturday or Sunday) or both.
HomeSafe User’s Guide Figure 2-18 Wizard Step 4 : Parental Control Summary The following table describes the labels in this screen. Table 2-16 Wizard Step 4 : Parental Control Summary LABEL DESCRIPTION Back Click Back to display the previous screen. Add/Edit Another User Click this button to proceed to the Create/Edit a Profile screen, see Figure 2-13. You can edit an existing account or add a new profile. Finish Click Finish to proceed to the next screen.
HomeSafe User’s Guide )mayThetakewebup site displays a registration successful web page. It to another ten minutes for content filtering to be activated. See Checking Content Filtering Activation for how to know if the content filtering has been activated. Content Filtering with an External Server Your HomeSafe uses a content filter lookup process as described below. Figure 2-19 Content Filtering Lookup Procedure A computer sends an HTTP request to a web server.
HomeSafe User’s Guide Figure 2-20 Wizard Step 4 : Content Filter Registration If you click Register Later you will proceed to Figure 2-24. 2.7 Step 5 : Content Filter Service Activation Once you have completed the registration process you can click Activate to begin the content filtering service now or click Activate Later to activate the service at a later date. Figure 2-21 Content Filter Activation in Progress The following screen appears after you click Activate in Figure 2-21.
HomeSafe User’s Guide Figure 2-23 Content Filter Activation Failure 2.7.1 Content Filter Setup Complete Well done! You have finished configuration of Content Filter Service Activation. You may now click Close to finish using the setup wizard and close your browser. Figure 2-24 Content Filter Setup Complete )configure To use the HomeSafe content filtering you must enable and Pre-defined Web Content Categories in the ADVANCED Parental Control group edit configuration screen. 2.
HomeSafe User’s Guide If you want to configure more of your HomeSafe features, proceed with the rest of this User’s Guide. 2.9 Accessing the HomeSafe Web Configurator )address You have to open a new browser and enter the device IP to log in again. 1. 2. 3. Launch your web browser. Type "192.168.1.1" as the URL. Type "1234" (default) as the password and click Login. In some versions, the default password appears automatically - if this is the case, click Login. Figure 2-25 Password Screen 4.
HomeSafe User’s Guide 5. You should now see the MAIN MENU screen (see Figure 2-27). )timeTheperiod management session automatically times out when the set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the HomeSafe if this happens to you. 2.10 Resetting the HomeSafe If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the HomeSafe to reload the factory-default configuration file.
HomeSafe User’s Guide Table 2-17 Screens Summary LINK TAB FUNCTION WIZARD SETUP Use these screens for initial configuration including general setup, Wireless LAN setup, ISP parameters for Internet Access and WAN IP/DNS Server/MAC address assignment. CONNECTION PARENTAL CONTROL Use these screens to create user profiles, configure a user category for blocking services, register for content filtering and configure time allowances. ADVANCED SYSTEM General DDNS Use this screen to set up dynamic DNS.
HomeSafe User’s Guide Table 2-17 Screens Summary LINK TAB PARENTAL General CONTROL Bypass List FIREWALL Settings FUNCTION Use this screen to enable/disable parental control, configure idle timeout and group categories, register for content filtering service and edit user profiles. Use this screen to allow devices in your network access the Internet without using parental control. Use this screen to activate/deactivate the firewall and log packets related to firewall rules.
HomeSafe User’s Guide Chapter 3 Connection Wizard This chapter provides information on the Connection Wizard screens in the main menu web configurator. 3.1 Connection Wizard Overview The web configurator’s setup wizard helps you configure your device to access the Internet. The second screen has three variations depending on what encapsulation type you use. Refer to your ISP for details on what to enter in each field. Leave a field blank if you don’t have that information. 3.
HomeSafe User’s Guide Figure 3-1 Connection Wizard : General Setup 3.3 Connection Wizard: Screen 2 Set up your wireless LAN using the second wizard screen. Figure 3-2 Connection Wizard : Wireless LAN Setup The following table describes the fields in this screen. Table 3-1 Connection Wizard : Wireless LAN Setup LABEL DESCRIPTION ESSID Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
HomeSafe User’s Guide Table 3-1 Connection Wizard : Wireless LAN Setup LABEL DESCRIPTION The level of Security can be selected as none, basic or extended. Choose No security to have no wireless LAN security configured and proceed to the ISP Parameters for Internet Access screen. Choose Basic security if you want to configure WEP Encryption parameters. Choose Extend security to configure a Pre-Shared Key. The third screen varies depending on which security level you select.
HomeSafe User’s Guide Key 1 to Key 4 The WEP keys are used to encrypt data. Both the HomeSafe and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F"). You must configure all four keys, but only one key can be activated at any one time. The default key is key 1.
HomeSafe User’s Guide Figure 3-5 Connection Wizard : Ethernet Encapsulation The following table describes the fields in this screen. Table 3-4 Connection Wizard : Ethernet Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet. Otherwise, choose PPP over Ethernet or PPTP for a dial-up connection.
HomeSafe User’s Guide For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for instance, Radius). For the user, PPPoE provides a login and authentication method that the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures for Windows users.
HomeSafe User’s Guide Table 3-5 Connection Wizard : PPPoE Encapsulation LABEL DESCRIPTION Idle Timeout Type the time in seconds that elapses before the router automatically disconnects from the PPPoE server. The default time is 100 seconds. Next Click Next to continue. Back Click Back to return to the previous screen. 3.5.
HomeSafe User’s Guide Table 3-6 Connection Wizard : PPTP Encapsulation LABEL DESCRIPTION User Name Type the user name given to you by your ISP. Password Type the password associated with the User Name above. Nailed-Up Connection Select Nailed-Up Connection if you do not want the connection to time out. Idle Timeout Type the time in seconds that elapses before the router automatically disconnects from the PPTP server. The default is 100 seconds.
HomeSafe User’s Guide )arbitrary Regardless of your particular situation, do not create an IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. 3.6.2 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.
HomeSafe User’s Guide Table 3-8 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address 192.168.1.2-192.168.1.32; 192.168.1.65-192.168.1.254. Subnet mask 255.255.255.0 Gateway (or default route) 192.168.1.1(HomeSafe LAN IP) The fifth wizard screen varies according to the type of encapsulation that you select in the third wizard screen. Figure 3-8 Connection Wizard : WAN Setup The following table describes the fields in this screen.
HomeSafe User’s Guide Table 3-9 Connection Wizard : WAN Setup LABEL First DNS Server Second DNS Server Third DNS Server WAN MAC Address Factory Default Spoof this Computer's MAC address - IP Address DESCRIPTION Select From ISP if your ISP dynamically assigns DNS server information (and the HomeSafe's WAN IP address). The field to the right displays the (readonly) DNS server IP address that the ISP assigns. Select User-Defined if you have the IP address of a DNS server.
HomeSafe User’s Guide Figure 3-10 Connection Wizard Problems Well done! You have successfully set up your HomeSafe to operate on your network and access the Internet.
HomeSafe User’s Guide Connection Wizard 3-13
System, LAN, and Wireless LAN Part II: System, LAN, WLAN and WAN This part covers configuration of the system, LAN, WLAN and WAN screens.
HomeSafe User’s Guide Chapter 4 System Screens This chapter provides information on the System screens. 4.1 System Overview See the Wizard Setup chapter for more information on the next few screens. 4.2 Configuring General Setup Click SYSTEM to open the General screen. Figure 4-1 SYSTEM : General Setup The following table describes the labels in this screen. Table 4-1 SYSTEM : General Setup LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes.
HomeSafe User’s Guide Table 4-1 SYSTEM : General Setup LABEL First DNS Server Second DNS Server Third DNS Server DESCRIPTION Select From ISP if your ISP dynamically assigns DNS server information (and the HomeSafe's WAN IP address). The field below displays the (read-only) DNS server IP address that the ISP assigns. Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field below. If you chose User-Defined, but leave the IP address set to 0.0.0.
HomeSafe User’s Guide Figure 4-2 SYSTEM : DDNS The following table describes the labels in this screen. Table 4-2 SYSTEM : DDNS LABEL DESCRIPTION Enable DDNS Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider. DDNS Type Select the type of service that you are registered for from your Dynamic DNS service provider. Host Names 1~3 Enter the host names in the three fields provided.
HomeSafe User’s Guide Table 4-2 SYSTEM : DDNS LABEL DESCRIPTION Apply Click Apply to save your changes back to the HomeSafe. Reset Click Reset to begin configuring this screen afresh. 4.5 Configuring Password To change your HomeSafe’s password (recommended), click SYSTEM, then the Password tab. The screen appears as shown. This screen allows you to change the HomeSafe’s password. Figure 4-3 SYSTEM : Password The following table describes the labels in this screen.
HomeSafe User’s Guide Figure 4-4 SYSTEM : Time Setting The following table describes the labels in this screen. Table 4-4 SYSTEM : Time Setting LABEL DESCRIPTION Time Protocol Select the time service protocol that your time server sends when you turn on the HomeSafe. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works. The main difference between them is the format.
HomeSafe User’s Guide Table 4-4 SYSTEM : Time Setting LABEL DESCRIPTION Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening. Start Date Enter the month and day that your daylight-savings time starts on if you selected Daylight Savings.
HomeSafe User’s Guide Chapter 5 LAN Screens This chapter describes how to configure LAN settings. 5.1 LAN Overview Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks. 5.
HomeSafe User’s Guide packets. When set to Both or Out Only, the HomeSafe will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets received. RIP Version controls the format and the broadcasting method of the RIP packets that the HomeSafe sends (it recognizes both formats when receiving).
HomeSafe User’s Guide use the computer to access the Internet without changing the network settings, even when the IP addresses of the computer and the HomeSafe are not in the same subnet. Figure 5-1 Any IP Example Application The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the HomeSafe’s IP address. )HomeSafe. You must enable NAT/SUA to use the Any IP feature on the 5.4.
HomeSafe User’s Guide 5.5 Configuring IP Click LAN to open the IP screen. Figure 5-2 LAN : IP The following table describes the fields in this screen. Table 5-1 LAN : IP LABEL DHCP Server IP Pool Starting Address Pool Size DESCRIPTION DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server. Leave the DHCP Server check box selected unless your ISP instructs you to do otherwise.
HomeSafe User’s Guide Table 5-1 LAN : IP LABEL DESCRIPTION First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the HomeSafe's WAN IP address). The field to the right displays the (read-only) DNS server IP address that the ISP assigns. Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.
HomeSafe User’s Guide Table 5-1 LAN : IP LABEL Active DESCRIPTION Select this option to activate the Any-IP feature. This allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the HomeSafe are not in the same subnet.
HomeSafe User’s Guide Table 5-2 LAN : Static DHCP LABEL DESCRIPTION # This is the index number of the Static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN. IP Address This field specifies the size, or count of the IP address pool. Apply Click Apply to save your changes back to the HomeSafe. Reset Click Reset to begin configuring this screen afresh. 5.
HomeSafe User’s Guide Table 5-3 LAN : IP Alias LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None. When set to Both or Out Only, the HomeSafe will broadcast its routing table periodically.
HomeSafe User’s Guide Chapter 6 Wireless Configuration and Roaming This chapter discusses how to configure the Wireless and Roaming screens on the HomeSafe. 6.1 Wireless LAN Overview This section introduces the wireless LAN(WLAN) and some basic scenarios. 6.1.1 IBSS An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest WLAN configuration.
HomeSafe User’s Guide Figure 6-2 Basic Service set 6.1.3 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate.
HomeSafe User’s Guide 6.2 Wireless LAN Basics Refer also to the Wizard Setup chapter for more background information on Wireless LAN features, such as channels. 6.2.1 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node.
HomeSafe User’s Guide )overhead Enabling the RTS Threshold causes redundant network that could negatively affect the throughput performance instead of providing a remedy. 6.2.2 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the HomeSafe will fragment the packet into smaller data frames.
HomeSafe User’s Guide Table 6-1 WLAN : Wireless LABEL DESCRIPTION Enable Wireless LAN Click the check box to activate wireless LAN. ESSID (Extended Service Set IDentity) The ESSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same ESSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
HomeSafe User’s Guide station may not be able to communicate with other wireless stations on the network and vice versa. Figure 6-6 Roaming Example The steps below describe the roaming process. 1. As wireless station Y moves from the coverage area of access point P1 to that of access point P2, it scans and uses the signal of access point P2. 2. Access point P2 acknowledges the presence of wireless station Y and relays this information to access point P1 through the wired LAN. 3.
HomeSafe User’s Guide Figure 6-7 WLAN : Roaming The following table describes the labels in this screen. Table 6-2 WLAN : Roaming LABEL Active DESCRIPTION Select Yes from the drop-down list box to enable roaming on the HomeSafe if you have two or more HomeSafes on the same subnet. )wireless All APs on the same subnet and the stations must have the same ESSID to allow roaming. Port Enter the port number to communicate roaming information between APs. The port number must be the same on all APs.
HomeSafe User’s Guide Chapter 7 Wireless Security This Chapter describes how to use the MAC Filter, 802.1x, Local User Database and RADIUS to configure wireless security on your HomeSafe. 7.1 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network. The figure below shows the possible wireless security levels on your HomeSafe.
HomeSafe User’s Guide Figure 7-2 WLAN : Wireless : No Security The following table describes the labels in this screen. Table 7-1 WLAN : Wireless : No Security LABEL DESCRIPTION Security Choose from one of the security features listed in the drop-down box. ¾ No Security ¾ Static WEP ¾ WPA-PSK ¾ WPA ¾ 802.1x + Dynamic WEP ¾ 802.1x + Static WEP ¾ 802.1x + No WEP Preamble Select a preamble type from the drop-down list menu. Choices are Long, Short and Dynamic. The default setting is Long.
HomeSafe User’s Guide Table 7-1 WLAN : Wireless : No Security LABEL Click Reset to reload the previous configuration for this screen. Reset 7.2 DESCRIPTION Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes.
HomeSafe User’s Guide Figure 7-3 WEP Authentication Steps Open system authentication involves an unencrypted two-message procedure. A wireless station sends an open system authentication request to the AP, which will then automatically accept and connect the wireless station to the network. In effect, open system is not authentication at all as any station can gain access to the network. Shared key authentication involves a four-message procedure.
HomeSafe User’s Guide Select Dynamic to have the HomeSafe automatically use short preamble when all wireless clients support it, otherwise the HomeSafe uses long preamble. )sameThepreamble HomeSafe and the wireless stations MUST use the mode in order to communicate. 7.4 Configuring WEP Encryption In order to configure and enable WEP encryption; click the WIRELESS link under ADVANCED to display the Wireless screen. Select Static WEP from the Security list.
HomeSafe User’s Guide Table 7-3 WLAN : Wireless : Static WEP Encryption LABEL DESCRIPTION Key 1 to Key 4 The WEP keys are used to encrypt data. Both the HomeSafe and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F").
HomeSafe User’s Guide Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice.
HomeSafe User’s Guide 7.6 Configuring WPA-PSK Authentication In order to configure and enable WPA-PSK Authentication; click the WIRELESS link under ADVANCED to display the Wireless screen. Select WPA-PSK from the Security list. Figure 7-6 WLAN : Wireless : WPA-PSK The following table describes the labels in this screen. Table 7-4 WLAN : Wireless : WPA-PSK LABEL DESCRIPTION Pre-Shared Key The encryption mechanisms used for WPA and WPA-PSK are the same.
HomeSafe User’s Guide Table 7-4 WLAN : Wireless : WPA-PSK LABEL DESCRIPTION WPA Group Key Update Timer The WPA Group Key Update Timer is the rate at which the AP (if using WPA-PSK key management) or RADIUS server (if using WPA key management) sends a new group key out to all clients. The re-keying process is the WPA equivalent of automatically changing the WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the WPA Group Key Update Timer is also supported in WPA-PSK mode.
HomeSafe User’s Guide generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients. Figure 7-7 WPA with RADIUS Application Example 7.8 Configuring WPA Authentication In order to configure and enable WPA Authentication; click the WIRELESS link under ADVANCED to display the Wireless screen. Select WPA from the Security list. Figure 7-8 Wireless: WPA The following table describes the labels in this screen.
HomeSafe User’s Guide Table 7-5 WLAN : Wireless : WPA LABEL ReAuthentication Timer (in seconds) DESCRIPTION Specify how often wireless stations have to reenter usernames and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). )usingIf wireless station authentication is done a RADIUS server, the reauthentication timer on the RADIUS server has priority.
HomeSafe User’s Guide 7.10 Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. If this feature is enabled, it is not necessary to configure a default encryption key in the Wireless screen. You may still configure and store keys here, but they will not be used while Dynamic WEP is enabled.
HomeSafe User’s Guide Table 7-6 WLAN : Wireless : 802.1x and Dynamic WEP LABEL ReAuthentication Timer (in seconds) DESCRIPTION Specify how often wireless stations have to reenter usernames and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). )usingIf wireless station authentication is done a RADIUS server, the reauthentication timer on the RADIUS server has priority.
HomeSafe User’s Guide Figure 7-10 WLAN : Wireless : 802.1x and Static WEP The following table describes the labels in this screen. Table 7-7 WLAN : Wireless : 802.1x and Static WEP LABEL DESCRIPTION WEP Encryption Select 64-bit WEP or 128-bit WEP to enable data encryption. Authentication Method This field is activated when you select 64-bit WEP or 128-bit WEP in the WEP Encryption field. Select Auto, Open System or Shared Key from the drop-down list box.
HomeSafe User’s Guide Table 7-7 WLAN : Wireless : 802.1x and Static WEP LABEL ReAuthentication Timer (in seconds) DESCRIPTION Specify how often wireless stations have to reenter usernames and passwords in order to stay connected. Enter a time interval between 10 and 9999 seconds. The default time interval is 1800 seconds (30 minutes). )usingIf wireless station authentication is done a RADIUS server, the reauthentication timer on the RADIUS server has priority.
HomeSafe User’s Guide Table 7-7 WLAN : Wireless : 802.1x and Static WEP LABEL Reset DESCRIPTION Click Reset to reload the previous configuration for this screen. 7.13 Configuring 802.1x In order to configure and enable 802.1x; click the WIRELESS link under ADVANCED to display the Wireless screen. Select 802.1x + No WEP from the Security list. Figure 7-11 WLAN : Wireless: 802.1x The following table describes the labels in this screen. Table 7-8 WLAN : Wireless: 802.
HomeSafe User’s Guide Table 7-8 WLAN : Wireless: 802.1x LABEL DESCRIPTION Authentication Databases The authentication database contains wireless station login information. The local user database is the built-in database on the HomeSafe. The RADIUS is an external server. Use this drop-down list box to select which database the HomeSafe should use (first) to authenticate a wireless station. Before you specify the priority, make sure you have set up the corresponding database correctly first.
HomeSafe User’s Guide Figure 7-12 WLAN : MAC Address Filter The following table describes the labels in this menu. Table 7-9 WLAN : MAC Address Filter LABEL DESCRIPTION Active Select Yes from the drop down list box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
HomeSafe User’s Guide 7.15 Introduction to Local User Database By storing user profiles locally on the HomeSafe, your HomeSafe is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way. You can only use Local User Database with 802.1x key management protocol. 7.
HomeSafe User’s Guide Table 7-10 WLAN : Local User Database LABEL DESCRIPTION User Name Enter the username (up to 31 characters) for this user profile. Password Type a password (up to 31 characters) for this user profile. Note that as you type a password, the screen displays a (*) for each character you type. Apply Click Apply to save your changes back to the HomeSafe. Reset Click Reset to reload the previous configuration for this screen. 7.
HomeSafe User’s Guide 7.17.1 EAP Authentication Overview EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server or the AP.
HomeSafe User’s Guide Figure 7-15 WLAN : RADIUS The following table describes the labels in this screen. Table 7-11 WLAN : RADIUS LABEL DESCRIPTION Authentication Server Active Server IP Address Port Number Shared Secret Select Yes from the drop down list box to enable user authentication through an external authentication server. Enter the IP address of the external authentication server in dotted decimal notation. Enter the port number of the external authentication server.
HomeSafe User’s Guide Table 7-11 WLAN : RADIUS LABEL Reset Wireless Security DESCRIPTION Click Reset to reload the previous configuration for this screen.
HomeSafe User’s Guide Chapter 8 WAN Screens This chapter describes how to configure WAN settings. 8.1 WAN Overview See the Wizard Setup chapter for more information on the fields in the WAN screens. 8.2 TCP/IP Priority (Metric) The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1" for directly connected networks.
HomeSafe User’s Guide Table 8-1 WAN : Route LABEL WAN Traffic Redirect DESCRIPTION The default WAN connection is "1' as your broadband connection via the WAN port should always be your preferred method of accessing the WAN. The default priority of the routes is WAN and then Traffic Redirect. Apply Click Apply to save your changes back to the HomeSafe. Reset Click Reset to begin configuring this screen afresh. 8.
HomeSafe User’s Guide Table 8-2 WAN ISP : Ethernet Encapsulation LABEL DESCRIPTION Login Server This field only applies when you select Telia Login in the Service Type field. Type the domain name of the Telia login server, for example “login1.telia.com”. Relogin Every(min) This field only applies when you select Telia Login in the Service Type field. The Telia server logs the HomeSafe out if the HomeSafe does not log in periodically.
HomeSafe User’s Guide Figure 8-3 WAN ISP : PPPoE Encapsulation The following table describes the labels in this screen. Table 8-3 WAN ISP : PPPoE Encapsulation LABEL DESCRIPTION ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The HomeSafe supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an IETF Draft standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (i.e.
HomeSafe User’s Guide PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. The screen shown next is for PPTP encapsulation. Figure 8-4 WAN ISP : PPTP Encapsulation The following table describes the labels in this screen.
HomeSafe User’s Guide Table 8-4 WAN ISP : PPTP Encapsulation LABEL DESCRIPTION My IP Subnet Mask Your HomeSafe will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the HomeSafe. Server IP Address Type the IP address of the PPTP server. Connection ID/Name Type your identification name for the PPTP server. Apply Click Apply to save your changes back to the HomeSafe.
HomeSafe User’s Guide Table 8-5 WAN : IP LABEL DESCRIPTION My WAN IP Address Enter your WAN IP address in this field if you selected Use Fixed IP Address. My WAN IP Subnet Mask (Ethernet only) Type your network's IP subnet Mask. Remote IP Address Enter the Remote IP Address (if your ISP gave you one) in this field. Gateway/Remote IP Address Enter the gateway IP address (if your ISP gave you one) in this field if you selected Use Fixed IP Address.
HomeSafe User’s Guide Table 8-5 WAN : IP LABEL DESCRIPTION RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the HomeSafe sends (it recognizes both formats when receiving). Choose RIP-1, RIP-2B or RIP-2M. RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.
HomeSafe User’s Guide The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Choose Factory Default to select the factory assigned default MAC Address. Otherwise, click Spoof this computer's MAC address - IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning.
HomeSafe User’s Guide 8.8 Configuring Traffic Redirect To change your HomeSafe’s Traffic Redirect settings, click WAN, then the Traffic Redirect tab. The screen appears as shown. Figure 8-9 WAN : Traffic Redirect The following table describes the labels in this screen. Table 8-6 WAN : Traffic Redirect LABEL DESCRIPTION Active Select this check box to have the HomeSafe use traffic redirect if the normal WAN connection goes down.
HomeSafe User’s Guide Table 8-6 WAN : Traffic Redirect LABEL DESCRIPTION Apply Click Apply to save your changes back to the HomeSafe. Reset Click Reset to begin configuring this screen afresh.
SUA/NAT and Static Route Part III: SUA/NAT and Static Route This part covers Network Address Translation and setting up static routes.
HomeSafe User’s Guide Chapter 9 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the HomeSafe. 9.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network. 9.1.1 NAT Definitions Inside/outside denotes where a host is located relative to the HomeSafe.
HomeSafe User’s Guide (for Many-to-One and Many-to-Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your HomeSafe filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT). 9.1.3 How NAT Works Each packet has two addresses – a source address and a destination address.
HomeSafe User’s Guide Figure 9-2 NAT Application With IP Alias 9.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: ¾ One to One: In One-to-One mode, the HomeSafe maps one local IP address to one global IP address. ¾ Many to One: In Many-to-One mode, the HomeSafe maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL’s Single User Account feature (the SUA Only option).
HomeSafe User’s Guide Table 9-2 NAT Mapping Types TYPE IP MAPPING SMT ABBREVIATION One-to-One ILA1ÅÆ IGA1 1-1 Many-to-One (SUA/PAT) ILA1ÅÆ IGA1 ILA2ÅÆ IGA1 … M-1 Many-to-Many Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA1 ILA4ÅÆ IGA2 … M-M Ov Many One-to-One ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 … M-1-1 Server 1 IPÅÆ IGA1 Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1 Server Server 9.
HomeSafe User’s Guide Default Server IP Address In addition to the servers for specified services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in this screen. )HomeSafe If you do not assign a Default Server IP Address, the discards all packets received for ports that are not specified in this screen or remote management. 9.3.
HomeSafe User’s Guide 9.3.2 Configuring Servers Behind SUA (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. IP address assigned by ISP. Figure 9-3 Multiple Servers Behind NAT Example 9.
HomeSafe User’s Guide Figure 9-4 SUA/NAT Setup The following table describes the labels in this screen. Table 9-4 SUA/NAT Setup LABEL DESCRIPTION Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP Address, the HomeSafe discards all packets received for ports that are not specified in this screen or remote management.
HomeSafe User’s Guide set summary screen, the new rule will be rule 7, not 9. Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. To change your HomeSafe’s Address Mapping settings, click SUA/NAT, then the Address Mapping tab. The screen appears as shown. Figure 9-5 Address Mapping The following table describes the labels in this screen.
HomeSafe User’s Guide Configuring Address Mapping To edit an address mapping rule, select the radio button of a rule and click the Edit button to display the screen shown next. Figure 9-6 Address Mapping Edit The following table describes the labels in this screen. Table 9-6 Address Mapping Edit LABEL DESCRIPTION Type Choose the port mapping type from one of the following. 1. One-to-One: One-to-one mode maps one local IP address to one global IP address.
HomeSafe User’s Guide service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address.
HomeSafe User’s Guide )time.Only one LAN computer can use a trigger port (range) at a Figure 9-8 Trigger Port The following table describes the labels in this screen. Table 9-7 Trigger Port LABEL DESCRIPTION # This is the rule index number (read-only). Name Type a unique name (up to 15 characters) for identification purposes. All characters are permitted - including spaces. Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service.
HomeSafe User’s Guide Chapter 10 Static Route Screens This chapter shows you how to configure static routes for your HomeSafe. 10.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the HomeSafe has no knowledge of the networks beyond. For instance, the HomeSafe knows about network N2 in the following figure through remote node router R1.
HomeSafe User’s Guide Table 10-1 Static Route LABEL DESCRIPTION # Number of an individual static route. Name Name that describes or identifies this route. Active This field shows whether this static route is active (Yes) or not (No). Destination This parameter specifies the IP network address of the final destination. Routing is always based on network number. Gateway This is the IP address of the gateway.
HomeSafe User’s Guide Table 10-2 Static Route: Edit LABEL DESCRIPTION Metric Metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
UPnP, Parental Control and Firewall Part IV: UPnP, Parental Control and Firewall This part provides information and configuration instructions for configuration of Universal Plug and Play, parental control, firewall and content filtering.
HomeSafe User’s Guide Chapter 11 UPnP This chapter introduces the Universal Plug and Play feature. 11.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
HomeSafe User’s Guide Gateway Device). At the time of writing ZyXEL's UPnP implementation supports Windows Messenger 4.6 and 4.7 while Windows Messenger 5.0 and Xbox are still being tested. UPnP broadcasts are only allowed on the LAN. Please see later in this User’s Guide for examples of installing UPnP in Windows XP and Windows Me as well as an example of using UPnP in Windows. 11.3 Configuring UPnP Click UPnP to display the screen shown next.
HomeSafe User’s Guide 11.4.1 Installing UPnP in Windows Me Follow the steps below to install UPnP in Windows Me. Step 1. Click Start and Control Panel. Double-click Add/Remove Programs. Step 2. Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Step 3. In the Communications window, select the Universal Plug and Play check box in the Components selection box. Click OK to go back to the Add/Remove Programs Properties window and click Next.
HomeSafe User’s Guide Step 4. Select Networking Service in the Components selection box and click Details. Step 5. In the Networking Services window, select the Universal Plug and Play check box. Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. Step 6. 11.5 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL device.
HomeSafe User’s Guide Step 3. In the Internet Connection Properties window, click Settings to see the port mappings that were automatically created. Step 4. You may edit or delete the port mappings or click Add to manually add port mappings. )computer, When the UPnP-enabled device is disconnected from your all port mappings will be deleted automatically. Step 5. UPnP Select the Show icon in notification area when connected check box and click OK.
HomeSafe User’s Guide Step 6. Double-click the icon to display your current Internet connection status. 11.5.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device. Follow the steps below to access the web configurator. Step 1. Step 2. Step 3. Step 4. Step 5. 11-6 Click Start and then Control Panel.
HomeSafe User’s Guide Step 6. UPnP Right-click the icon for your ZyXEL device and select Properties. A properties window displays with basic information about the ZyXEL device.
HomeSafe User’s Guide Chapter 12 Parental Control This chapter gives some background information on parental control and explains how to get started with the HomeSafe parental control. 12.1 Parental Control Overview Parental Control lets a parent (LAN administrator) control a child’s (LAN user) Internet access privileges by blocking services that you specify. The parent can create a login name and password for each person (user) on the network.
HomeSafe User’s Guide Figure 12-2 User Status Window 4. 5. You can start browsing the web from the current window, or use the link on the top of the box to open a new web browser. ¾ If you close or navigate away from the status screen, you can redisplay the status screen by typing status into the address bar on your web browser and hitting enter. There are five ways to be logged out of the system. ¾ Click the Logout button on the status screen.
HomeSafe User’s Guide Internet A B Figure 12-3 HomeSafe Parental Control Wireless Gateway Application 12.4 Configuring Parental Control From the MAIN MENU, click PARENTAL CONTROL to open the configuration screen.
HomeSafe User’s Guide Figure 12-4 Parental Control The following table describes the labels in this screen. Table 12-1 Parental Control LABEL DESCRIPTION Enable Parental Control Select the check box to allow the parent (LAN administrator) to have control over a child’s (LAN user’s) Internet access. Idle Timeout Type the time in minutes that elapses before the connection automatically terminates the Internet session. The default time is 5 minutes.
HomeSafe User’s Guide Table 12-1 Parental Control LABEL Group DESCRIPTION Select from the drop-down list box a category of web pages that you want to have access control over ¾ Kids ¾ Young Teen ¾ Mature Teen ¾ Adult These groups are used in conjunction with content filtering to decide which web pages cannot be accessed by the user. Edit Click Edit to proceed to a pre-defined web content categories page for the group that you select. Refer to section 12.6 for more information.
HomeSafe User’s Guide Table 12-1 Parental Control LABEL Reset DESCRIPTION Click Reset to start configuring this screen again. 12.5 Parental Control Group Edit Filter The HomeSafe content filtering allows you to block services and block web sites by URL keywords that you specify, for example, you can block access to all web sites with the word “bad” in the URL by specifying “bad’ as a keyword. 12.5.
HomeSafe User’s Guide The HomeSafe either blocks or forwards the request based on the services you select in the Available Services field in the Parental Control Activation Blocking screen. Checking Content Filtering Activation After you register for content filtering, the browser displays a registration successful web page. This does not mean the content filtering is active yet. You need to wait up to ten minutes for the content filtering to be activated.
HomeSafe User’s Guide Figure 12-6 Parental Control : Filter The following table describes the labels in this screen. Table 12-3 Parental Control : Filter LABEL DESCRIPTION Pre-defined Web Content Categories Enable Pre-defined Web Content Categories to have the HomeSafe check an external database to find to which category a requested web page belongs. The HomeSafe then blocks or forwards access to the web page depending on the configuration of the rest of this page.
HomeSafe User’s Guide Table 12-3 Parental Control : Filter LABEL DESCRIPTION Sex Education Selecting this category excludes pages that provide graphic information (sometimes graphic) on reproduction, sexual development, safe sex practices, sexuality, birth control, and sexual development. It also includes pages that offer tips for better sex as well as products used for sexual enhancement.
HomeSafe User’s Guide Table 12-3 Parental Control : Filter LABEL DESCRIPTION Business/Economy Selecting this category excludes pages devoted to business firms, business information, economics, marketing, business management and entrepreneurship. This does not include pages that perform services that are defined in another category (such as Information Technology companies, or companies that sell travel services).
HomeSafe User’s Guide Table 12-3 Parental Control : Filter LABEL DESCRIPTION Computers/Internet Selecting this category excludes pages that sponsor or provide information on computers, technology, the Internet and technology-related organizations and companies.
HomeSafe User’s Guide Table 12-3 Parental Control : Filter LABEL DESCRIPTION Gay/Lesbian Selecting this category excludes pages that provide information, promote, or cater to gay and lesbian lifestyles. This does not include pages that are sexually oriented. Restaurants/Dining/Food Selecting this category excludes pages that list, review, discuss, advertise and promote food, catering, dining services, cooking and recipes.
HomeSafe User’s Guide Table 12-3 Parental Control : Filter LABEL DESCRIPTION Clear All Click Clear All to empty the keyword list. Keyword Type a keyword in the Keyword field and click then Add Keyword to add a keyword to the list of keywords. The list of keywords that will be inaccessible to computers on your LAN once you enable URL keyword blocking. Close Click Close to exit this screen without saving changes. Apply Click Apply to save the settings.
HomeSafe User’s Guide type (TCP, UDP, or ICMP). The second field indicates the IP port number that defines the service. (Note that there may be more than one IP protocol type. For example, look at the default configuration labeled “(DNS)”. (UDP/TCP:53) means UDP port 53 and TCP port 53. Table 12-4 Services SERVICE DESCRIPTION AIM/New-ICQ(TCP:5190) AOL’s Internet Messenger service, used as a listening port by ICQ. AUTH(TCP:113) Authentication protocol used by some servers.
HomeSafe User’s Guide Table 12-4 Services SERVICE DESCRIPTION POP3(TCP:110) Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other). PPTP(TCP:1723) Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel. PPTP_TUNNEL(GRE:0) Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the data channel.
HomeSafe User’s Guide Figure 12-7 Parental Control : Edit The following table describes the labels in this screen. Table 12-5 Parental Control : Edit LABEL DESCRIPTION Username Type a name to identify this user. Password Type a password. This password is used each time you log in to access the Internet.
HomeSafe User’s Guide Table 12-5 Parental Control : Edit LABEL DESCRIPTION Groups Select a group from the drop down list box. The category of web pages to block are grouped as one of the following ¾ Kids ¾ Young Teen ¾ Mature Teen ¾ Adult These groups are used in conjunction with content filtering to decide which web pages, cannot be accessed by the user. Time Scheduling Select the first radio button to allow everyday access at the same times to the Internet.
HomeSafe User’s Guide Table 12-5 Parental Control : Edit LABEL DESCRIPTION Edit Customized Services A Customized Service is a service that is not available in the pre-defined Available Services list and you must define using the next two fields. Type Services are either TCP and/or UDP. Select from either TCP or UDP. Port Number Enter a port number or a range of port numbers to define the service. For example, suppose you want to define the Gnutella service.
HomeSafe User’s Guide Table 12-6 Parental Control : Bypass List LABEL DESCRIPTION Name Type a name to identify a device on your LAN. MAC Address Type the MAC address (with colons) of a device on your LAN. Apply Click Apply to save your changes back to the HomeSafe. Reset Click Reset to begin configuring this screen afresh.
HomeSafe User’s Guide Chapter 13 Firewall This chapter gives some background information on firewalls and explains how to get started with the HomeSafe firewall. 13.1 Introduction What is a Firewall? Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term "firewall" is a system or group of systems that enforces an access-control policy between two networks.
HomeSafe User’s Guide 4. 5. 6. 7. Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network. For local services that are enabled, protect against misuse.
HomeSafe User’s Guide Table 13-1 Firewall: Settings LABEL Packets to Log WAN to LAN Packets to Log DESCRIPTION Choose what LAN to WAN packets to log. Choose from: ¾ No Log ¾ Log Blocked (blocked LAN to WAN services appear in the Blocked Services textbox in the Services screen (with Enable Services Blocking selected)) ¾ Log All (log all LAN to WAN packets) To log packets related to firewall rules, make sure that Access Control under Log is selected in the Logs, Log Settings screen.
HomeSafe User’s Guide LAN-to-LAN/HomeSafe means the LAN to the HomeSafe LAN interface. This is always allowed, as this is how you manage the HomeSafe from your local computer. 13.3.2 WAN-to-LAN rules WAN-to-LAN rules are Internet to your local network firewall rules. The default is to block all traffic from the Internet to your local network.
HomeSafe User’s Guide Figure 13-3 Firewall: Service The following table describes the labels in this screen. Table 13-2 Firewall: Service LABEL DESCRIPTION Enable Services Blocking Select this check box to enable this feature. Available Service This is a list of pre-defined services (ports) you may prohibit your LAN computers from using. Select the port you want to block using the drop-down list and click Add to add the port to the Blocked Service field.
HomeSafe User’s Guide Table 13-2 Firewall: Service LABEL DESCRIPTION Clear All Click Clear All to empty the Blocked Service. Day to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active. Time of Day to Block (24-Hour Format) Select the time of day you want service blocking to take effect. Configure blocking to take effect all day by selecting the All Day check box.
Remote Management Part V: Remote Management This part provides information and configuration instructions for configuration of remote management.
HomeSafe User’s Guide Chapter 14 Remote Management Screens This chapter provides information on the Remote Management screens. 14.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which HomeSafe interface (if any) from which computers. ) When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access. See the firewall chapters for details on configuring firewall rules.
HomeSafe User’s Guide 3. The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the HomeSafe will disconnect the session immediately. 4. There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. 5. There is a firewall rule that blocks it. 14.1.
HomeSafe User’s Guide Table 14-1 Remote Management : WWW LABEL DESCRIPTION Server Access Select the interface(s) through which a computer may access the HomeSafe using this service. Secured Client IP Address A secured client is a “trusted” computer that is allowed to communicate with the HomeSafe using this service. Select All to allow any computer to access the HomeSafe using this service.
HomeSafe User’s Guide Figure 14-3 Remote Management : Telnet The following table describes the labels in this screen. Table 14-2 Remote Management : Telnet LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the HomeSafe using this service.
HomeSafe User’s Guide Figure 14-4 Remote Management : FTP The following table describes the labels in this screen. Table 14-3 Remote Management : FTP LABEL DESCRIPTION Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the HomeSafe using this service.
HomeSafe User’s Guide ) SNMP is only available if TCP/IP is configured. Figure 14-5 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the HomeSafe). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
HomeSafe User’s Guide 14.6.1 Supported MIBs The HomeSafe supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. 14.6.2 SNMP Traps The HomeSafe will send traps to the SNMP manager when any one of the following events occurs: Table 14-4 SNMP Traps TRAP # TRAP NAME DESCRIPTION 0 coldStart (defined in RFC-1215) A trap is sent after booting (power on).
HomeSafe User’s Guide Figure 14-6 Remote Management : SNMP The following table describes the labels in this screen. Table 14-5 Remote Management : SNMP LABEL DESCRIPTION SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station. The default is public and allows all requests. Set Community Enter the Set community, which is the password for incoming Set requests from the management station.
HomeSafe User’s Guide Table 14-5 Remote Management : SNMP LABEL DESCRIPTION Service Access Select the interface(s) through which a computer may access the HomeSafe using this service. Secured Client IP Address A secured client is a “trusted” computer that is allowed to communicate with the HomeSafe using this service. Select All to allow any computer to access the HomeSafe using this service.
HomeSafe User’s Guide 14.8 Configuring Security To change your HomeSafe’s security settings, click REMOTE MGMT, then the Security tab. The screen appears as shown. If an outside user attempts to probe an unsupported port on your HomeSafe, an ICMP response packet is automatically returned. This allows the outside user to know the HomeSafe exists. Your HomeSafe supports anti-probing, which prevents the ICMP response packet from being sent.
HomeSafe User’s Guide Table 14-7 Remote Management : Security LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh.
HomeSafe User’s Guide VPN Screens 14-1
Logs and Maintenance Part VI: Logs and Maintenance This part covers the centralized logs and maintenance screens.
HomeSafe User’s Guide Chapter 15 Centralized Logs This chapter contains information about configuring general log settings and viewing the HomeSafe’s logs. Refer to the appendices for example log message explanations. 15.1 View Log The web configurator allows you to look at all of the HomeSafe’s logs in one location. Click the LOGS in the navigation panel to open the View Log screen. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see section 15.2).
HomeSafe User’s Guide Table 15-1 View Logs LABEL DESCRIPTION Destination This field lists the destination IP address and the port number of the incoming packet. Note This field displays additional information about the log entry. Email Log Now Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page (make sure that you have first filled in the Address Info fields in Log Settings, see section 15.2). Refresh Click Refresh to renew the log screen.
HomeSafe User’s Guide Figure 15-2 Log Settings The following table describes the labels in this screen. Table 15-2 Log Settings LABEL DESCRIPTION Address Info Mail Server Logs Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via email.
HomeSafe User’s Guide Table 15-2 Log Settings LABEL DESCRIPTION Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the HomeSafe sends. Not all HomeSafe models have this field. Send Log To The HomeSafe sends logs to the e-mail address specified in this field. If this field is left blank, the HomeSafe does not send logs via e-mail.
HomeSafe User’s Guide Chapter 16 Maintenance This chapter displays system information such as ZyNOS firmware, port IP addresses and port traffic statistics. 16.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your HomeSafe. 16.2 Status Screen Click MAINTENANCE to open the Status screen, which you can use to monitor your HomeSafe. Note that these fields are READ-ONLY and only for diagnostic purposes.
HomeSafe User’s Guide Table 16-1 Maintenance : Status LABEL DESCRIPTION IP Subnet Mask DHCP This is the WAN port subnet mask. This is the WAN port DHCP role - Client or None. LAN Port IP Address IP Subnet Mask DHCP Show Statistics This is the LAN port IP address. This is the LAN port subnet mask. This is the LAN port DHCP role - Server, Relay or None. Click Show Statistics to display the real-time system statistics. Refer to Section 16.2.1 for more information. 16.2.
HomeSafe User’s Guide Table 16-2 Maintenance : System Statistics LABEL DESCRIPTION Poll Interval(s) Enter the time interval for refreshing statistics in this field. Set Interval Click this button to apply the new poll interval you entered in the Poll Interval(s) field. Stop Click Stop to stop refreshing statistics, click Stop. 16.3 DHCP Table Screen DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server.
HomeSafe User’s Guide 16.4 Any IP Table Click MAINTENANCE, Any IP Table. The Any IP table shows current read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the HomeSafe. Figure 16-4 Maintenance : Any IP The following table describes the labels in this screen. Table 16-4 Maintenance : Any IP LABEL DESCRIPTION # This field displays the index number.
HomeSafe User’s Guide Table 16-5 Maintenance : Association List LABEL DESCRIPTION Association Time This field displays the time a wireless station first associated with the HomeSafe. Refresh Click Refresh to redisplay the current screen. 16.6 F/W Upload Screen Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a "*.bin" extension, e.g., "HomeSafe.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes.
HomeSafe User’s Guide Figure 16-7 Upload Warning The HomeSafe automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 16-8 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the F/W Upload screen.
HomeSafe User’s Guide Figure 16-10 Maintenance : Configuration 16.7.1 Backup Configuration Backup configuration allows you to back up (save) the HomeSafe’s current configuration to a file on your computer. Once your HomeSafe is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
HomeSafe User’s Guide Figure 16-11 Configuration : Restore Successful The HomeSafe automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 16-12 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default HomeSafe IP address (192.168.1.1).
HomeSafe User’s Guide Figure 16-14 Factory Defaults You can also press the RESET button on the rear panel to reset the factory defaults of your HomeSafe. Refer to the Hardware Installation chapter for more information on the RESET button. 16.8 Restart Screen System restart allows you to reboot the HomeSafe without turning the power off. Click MAINTENANCE, and then Restart. Click Restart to have the HomeSafe reboot. This does not affect the HomeSafe's configuration.
SMT General Configuration Part VII: SMT General Configuration This part covers System Management Terminal configuration for general setup, WAN setup, LAN setup, WLAN setup, Internet access, remote node, static route, NAT and enabling the firewall. ) See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
HomeSafe User’s Guide Chapter 17 Introducing the SMT This chapter explains how to access and navigate the System Management Terminal and gives an overview of its menus. 17.1 SMT Introduction The HomeSafe’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection.
HomeSafe User’s Guide Figure 17-2 SMT Menu Overview 17.2 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your HomeSafe. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below. Table 17-1 Main Menu Commands OPERATION KEYSTROKE DESCRIPTION Move down to another menu [ENTER] To move forward to a submenu, type in the number of the desired submenu and press [ENTER].
HomeSafe User’s Guide Table 17-1 Main Menu Commands Entering information Type in or press You need to fill in two types of fields. The first requires you to type [SPACE BAR], then in the appropriate information. The second allows you to cycle press [ENTER]. through the available choices by pressing [SPACE BAR]. Required fields or ChangeMe All fields with the symbol must be filled in order to be able to save the new configuration.
HomeSafe User’s Guide Table 17-2 Main Menu Summary # MENU TITLE DESCRIPTION 14 Dial-in User Setup Use this menu to set up local user profiles on the HomeSafe. 15 NAT Setup Use this menu to specify inside servers when NAT is enabled. 21 Filter and Firewall Setup Use this menu to configure filters, activate/deactivate the firewall and view the firewall log. 22 SNMP Configuration Use this menu to set up SNMP related parameters. 23 System Security Use this menu to change your password.
HomeSafe User’s Guide Chapter 18 Menu 1 General Setup Menu 1 - General Setup contains administrative and system-related information. 18.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". • In Windows 95/98 click Start, Settings, Control Panel, Network.
HomeSafe User’s Guide Table 18-1 Menu 1 General Setup FIELD DESCRIPTION EXAMPLE Domain Name Enter the domain name (if you know it) here. If you leave this field blank, the ISP may assign a domain name via DHCP. You can go to menu 24.8 and type "sys domain name" to see the current domain name used by your router. The domain name entered by you is given priority over the ISP assigned domain name. If you want to clear this field just press [SPACE BAR] and then [ENTER].
HomeSafe User’s Guide Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No DDNS Type= DynamicDNS Host Name 1= Host Name 2= Host Name 3= Username= Password= ******** Enable Wildcard Option= No Enable Off Line Option= N/A IP Address Update Policy: DDNS Server Auto Detect IP Address= No Use Specified IP Address= No Use IP Address= N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 18-2 Menu 1.
HomeSafe User’s Guide Table 18-2 Menu 1.1 Configure Dynamic DNS FIELD DESCRIPTION EXAMPLE IP Address Update Policy: You can select Yes in either the Use Server Detected IP field (recommended) or the User Specified IP Addr field, but not both. With the Use Server Detected IP and User Specified IP Addr fields both set to No, the DDNS server automatically updates the IP address of the host name(s) with the HomeSafe’s WAN IP address. DDNS does not work with a private IP address.
HomeSafe User’s Guide Chapter 19 Menu 2 WAN Setup This chapter describes how to configure the WAN using menu 2. 19.1 Introduction to WAN This chapter explains how to configure settings for your WAN port. 19.2 WAN Setup From the main menu, enter 2 to open menu 2. Menu 2 - WAN Setup MAC Address: Assigned By= Factory default IP Address= N/A Press ENTER to Confirm or ESC to Cancel: Figure 19-1 Menu 2 WAN Setup The following table describes the fields in this menu.
HomeSafe User’s Guide Chapter 20 Menu 3 LAN Setup This chapter covers how to configure your wired Local Area Network (LAN) settings. 20.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3. Menu 3 - LAN Setup 1. LAN Port Filter Setup 2. TCP/IP and DHCP Setup 5. Wireless LAN Setup Figure 20-1 Menu 3 LAN Setup 20.1.
HomeSafe User’s Guide First address in the IP pool Menu 3.2 - TCP/IP and DHCP Ethernet Setup DHCP= Server Client IP Pool: Starting Address= 192.168.1.33 Size of Client IP Pool= 32 First DNS Server= From ISP IP Address= N/A Second DNS Server= From ISP IP Address= N/A Third DNS Server= DNS Relay IP Address= N/A DHCP Server Address= N/A Size of the IP Pool TCP/IP Setup: This is the IP address of the IP Address= 192.168.1.1 HomeSafe IP Subnet Mask= 255.255.255.
HomeSafe User’s Guide Table 20-1 Menu 3.2: DHCP Ethernet Setup Fields FIELD DESCRIPTION EXAMPLE First DNS Server Second DNS Server Third DNS Server The HomeSafe passes a DNS (Domain Name System) server IP address (in the order you specify here) to the DHCP clients. Select From ISP if your ISP dynamically assigns DNS server information (and the HomeSafe's WAN IP address). The IP Address field below displays the (read-only) DNS server IP address that the ISP assigns.
HomeSafe User’s Guide Table 20-2 Menu 3.2: LAN TCP/IP Setup Fields FIELD Edit IP Alias DESCRIPTION EXAMPLE The HomeSafe supports three logical LAN interfaces via its single physical Ethernet interface with the HomeSafe itself as the gateway for each LAN network. Press [SPACE BAR] to select Yes and then press [ENTER] to display menu 3.2.1 No When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel. 20.3.
HomeSafe User’s Guide Table 20-3 Menu 3.2.1: IP Alias Setup FIELD DESCRIPTION EXAMPLE IP Alias 1, 2 Choose Yes to configure the LAN network for the HomeSafe. IP Address Enter the IP address of your HomeSafe in dotted decimal notation. 192.168.1.1 IP Subnet Mask Your HomeSafe will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the HomeSafe. 255.255.255.
HomeSafe User’s Guide Table 20-4 Menu 3.5 Wireless LAN Setup FIELD DESCRIPTION EXAMPLE AP must have the same ESSID. Enter a descriptive name of up to 32 printable 7-bit ASCII characters. No Hide ESSID Press [SPACE BAR] and select Yes to hide the ESSID in the outgoing data frame so an intruder cannot obtain the ESSID through passive scanning. Channel ID Press [SPACE BAR] to select a channel. This allows you to set the operating frequency/channel depending on your particular region.
HomeSafe User’s Guide Table 20-4 Menu 3.5 Wireless LAN Setup FIELD 802.11 Mode DESCRIPTION EXAMPLE Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the HomeSafe. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the HomeSafe. Select Mixed to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices to associate with the HomeSafe. The transmission rate of your HomeSafe might be reduced.
HomeSafe User’s Guide Menu 3.5.
HomeSafe User’s Guide Menu 3.5 - Wireless LAN Setup ESSID= ZyXEL Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Authen. Method= N/A Edit MAC Address Filter= No Edit Roaming Configuration= Yes Preamble= Long 802.11 Mode= Mixed Press ENTER to Confirm or ESC to Cancel: Figure 20-9 Menu 3.5 Wireless LAN Setup Step 3. Move the cursor to the Edit Roaming Configuration field.
HomeSafe User’s Guide Chapter 21 Internet Access This chapter shows you how to configure your HomeSafe for Internet access . 21.1 Introduction to Internet Access Setup Use information from your ISP along with the instructions in this chapter to set up your HomeSafe to access the Internet. There are three different menu 4 screens depending on whether you chose Ethernet, PPTP or PPPoE Encapsulation. Contact your ISP to determine what encapsulation type you should use. 21.
HomeSafe User’s Guide Table 21-1 Menu 4: Internet Access Setup (Ethernet) FIELD DESCRIPTION Retype to Confirm Login Server Relogin Every (min) IP Address Assignment Enter your password again to make sure that you have entered is correctly. The HomeSafe will find the RoadRunner Server IP if this field is left blank. If it does not, then you must enter the authentication server IP address. This field is available when you select Telia Login in the Service Type field.
HomeSafe User’s Guide Menu 4 - Internet Access Setup ISP's Name= MyISP Encapsulation= PPTP Service Type= N/A My Login= My Password= ******** Retype to Confirm= ******** Idle Timeout= 100 IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Address= N/A Network Address Translation= SUA Only Figure 21-2 Internet Access Setup (PPTP) The following table contains instructions about the new fields when you choose PPTP in the Encapsulation field in menu 4.
HomeSafe User’s Guide Table 21-3 New Fields in Menu 4 (PPPoE) screen FIELD DESCRIPTION Idle Timeout EXAMPLE 100 (default) This value specifies the time in seconds that elapses before the HomeSafe automatically disconnects from the PPPoE server. If you need a PPPoE service name to identify and reach the PPPoE server, please go to menu 11 and enter the PPPoE service name provided to you in the Service Name field. 21.
HomeSafe User’s Guide Chapter 22 Remote Node Configuration This chapter covers remote node configuration. 22.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. Note that when you use menu 4 to set up Internet access, you are actually configuring a remote node. The following describes how to configure Menu 11.1 Remote Node Profile, Menu 11.
HomeSafe User’s Guide Table 22-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation FIELD DESCRIPTION EXAMPLE Rem Node Name Enter a descriptive name for the remote node. This field can be up to eight characters. LAoffice Active Press [SPACE BAR] and then [ENTER] to select Yes (activate remote node) or No (deactivate remote node). Encapsulation Ethernet is the default encapsulation. Press [SPACE BAR] and then [ENTER] to change to PPPoE or PPTP encapsulation.
HomeSafe User’s Guide Table 22-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation FIELD DESCRIPTION EXAMPLE Once you have configured this menu, press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press [ESC] at any time to cancel. 22.2.2 PPPoE Encapsulation The HomeSafe supports PPPoE (Point-to-Point Protocol over Ethernet). You can only use PPPoE encapsulation when you’re using the HomeSafe with a DSL modem as the WAN device.
HomeSafe User’s Guide Table 22-2 Fields in Menu 11.1 (PPPoE Encapsulation Specific) FIELD DESCRIPTION Service Name Authen EXAMPLE If you are using PPPoE encapsulation, then type the name of your PPPoE service here. Only valid with PPPoE encapsulation. This field sets the authentication protocol used for outgoing calls. Options for this field are: CHAP/PAP - Your HomeSafe will accept either CHAP or PAP when requested by this remote node. CHAP - accept CHAP only. PAP - accept PAP only.
HomeSafe User’s Guide Table 22-3 Menu 11.1 Remote Node Profile for PPTP Encapsulation FIELD DESCRIPTION Press [SPACE BAR] and then [ENTER] to select PPTP. You must also go to menu 11.3 to check the IP Address setting once you have selected the encapsulation method. Encapsulation My IP Addr Enter the IP address of the WAN Ethernet port. My IP Mask Enter the subnet mask of the WAN Ethernet port. Server IP Addr Connection ID/Name EXAMPLE PPTP 10.0.0.140 255.255.255.
HomeSafe User’s Guide Table 22-4 Remote Node Network Layer Options FIELD DESCRIPTION My WAN Addr This field is applicable to PPPoE and PPTP encapsulations only. Some implementations, especially the UNIX derivatives, require the WAN link to have a separate IP network number from the LAN and each end must have a unique address within the WAN network number. If this is the case, enter the IP address assigned to the WAN port of your HomeSafe.
HomeSafe User’s Guide Use menu 11.5 to specify the filter set(s) to apply to the incoming and outgoing traffic between this remote node and the HomeSafe to prevent certain packets from triggering calls. You can specify up to 4 filter sets separated by commas, for example, 1, 5, 9, 12, in each filter field. Note that spaces are accepted in this field. For more information on defining the filters, please refer to the Filters chapter.
HomeSafe User’s Guide Table 22-5 Menu 11.6: Traffic Redirect Setup FIELD DESCRIPTION EXAMPLE Press [SPACE BAR] and select Yes (to enable) or No (to disable) traffic redirect setup. The default is No. Yes Backup Gateway IP Address Enter the IP address of your backup gateway in dotted decimal notation. The HomeSafe automatically forwards traffic to this IP address if the HomeSafe’s Internet connection terminates. 0.0.0.
HomeSafe User’s Guide Chapter 23 Static Route Setup This chapter shows how to setup IP static routes. 23.1 IP Static Route Setup Step 1. To configure an IP static route, use Menu 12 – Static Routing Setup (shown next). Menu 12 - IP Static Route Setup 1. 2. 3. 4. 5. 6. 7. 8. ________ ________ ________ ________ ________ ________ ________ ________ Enter selection number: Figure 23-1 Menu 12 IP Static Route Setup Step 2. Now, type the route number of a static route you want to configure. Menu 12.
HomeSafe User’s Guide Table 23-1 Menu12.1 Edit IP Static Route FIELD DESCRIPTION IP Subnet Mask Type the subnet mask for this destination. Follow the discussion on IP Subnet Mask in this manual. Gateway IP Address Type the IP address of the gateway. The gateway is an immediate neighbor of your HomeSafe that will forward the packet to the destination. On the LAN, the gateway must be a router on the same segment as your HomeSafe; over WAN, the gateway must be the IP address of one of the remote nodes.
HomeSafe User’s Guide Chapter 24 Dial-in User Setup This chapter shows you how to create user accounts on the HomeSafe. 24.1 Dial-in User Setup By storing user profiles locally, your HomeSafe is able to authenticate wireless users without interacting with a network RADIUS server. Follow the steps below to set up user profiles on your HomeSafe. Step 1. From the main menu, enter 14 to display Menu 14 - Dial-in User Setup. Menu 14 - Dial-in User Setup 1. 2. 3. 4. 5. 6. 7. 8. Step 2.
HomeSafe User’s Guide Chapter 25 Network Address Translation (NAT) This chapter discusses how to configure NAT on the HomeSafe. 25.1 Using NAT ) You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the HomeSafe. 25.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server. See section 25.3.
HomeSafe User’s Guide Step 3. Move the cursor to the Edit IP field, press [SPACE BAR] to select Yes and then press [ENTER] to bring up Menu 11.3 - Remote Node Network Layer Options. Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A Gateway IP Addr= N/A Network Address Translation= SUA Only Metric= 1 Private= N/A RIP Direction= None Version= N/A Multicast= None Figure 25-2 Menu 11.
HomeSafe User’s Guide 25.3.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 — Address Mapping Sets. Menu 15.1 - Address Mapping Sets 1. NAT_SET 255. SUA (read only) Figure 25-4 Menu 15.1 Address Mapping Sets SUA Address Mapping Set Enter 255 to display the next screen (see also section 25.1.1). The fields in this menu cannot be changed. Menu 15.1.255 - Address Mapping Rules Set Name= SUA Idx --1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Local Start IP --------------0.0.0.0 Local End IP --------------255.255.
HomeSafe User’s Guide Table 25-2 SUA Address Mapping Rules FIELD DESCRIPTION EXAMPLE These are the mapping types. Server allows us to specify multiple servers of different types behind NAT to this machine. See later for some examples. Type Server When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
HomeSafe User’s Guide Table 25-3 Menu 15.1.1 First Set FIELD DESRIPTION EXAMPLE Set Name Enter a name for this set of rules. This is a required field. If this field is left blank, the entire set will be deleted. NAT_SET Action The default is Edit. Edit means you want to edit a selected rule (see following field). Insert Before means to insert a rule before the rule selected. The rules after the selected rule will then be moved down by one rule.
HomeSafe User’s Guide Table 25-4 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set FIELD DESCRIPTION EXAMPLE Server. Start This is the starting local IP address (ILA). 0.0.0.0 End This is the ending local IP address (ILA). If the rule is for all local IPs, then put the Start IP as 0.0.0.0 and the End IP as 255.255.255.255. This field is N/A for One-to-One and Server types. N/A Start This is the starting inside global IP address (IGA). If you have a dynamic IP, enter 0.0.0.
HomeSafe User’s Guide Figure 25-9 Multiple Servers Behind NAT Example 25.5 General NAT Examples The following are some examples of NAT configuration. 25.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where the ILAs (Inside Local Addresses) of computers A through D map to one dynamic IGA (Inside Global Address) assigned by your ISP.
HomeSafe User’s Guide 25.5.2 Example 2: Internet Access with an Inside Server The dynamic Inside Global Address is assigned by the ISP. Figure 25-12 NAT Example 2 In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure. Menu 15.2.1 - NAT Server Setup Rule Start Port No. End Port No. IP Address --------------------------------------------------1. Default Default 192.168.1.10 2.
HomeSafe User’s Guide Figure 25-14 NAT Example 3 Step 1. Step 2. Step 3. Step 4. Step 5. Step 6. Step 7. Step 8. Step 9. In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in Figure 25-15. Then enter 15 from the main menu. Enter 1 to configure the Address Mapping Sets. Enter 1 to begin configuring this new set.
HomeSafe User’s Guide Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 End = N/A Global IP: Start= 10.132.50.1 End = N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 25-16 Example 3: Menu 15.1.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= NAT_SET Idx --1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Local Start IP --------------192.168.1.10 192.168.1.11 0.0.0.0 Local End IP --------------- 255.255.255.255 Action= None Global Start IP --------------10.
HomeSafe User’s Guide Example 3: Menu 15.2 25.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numbers do not change for Many-to-Many No Overload (and One-to-One) NAT mapping types. The following figure illustrates this.
HomeSafe User’s Guide Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Idx --1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Local Start IP --------------192.168.1.10 Local End IP --------------192.168.1.12 Action= Edit Global Start IP --------------10.132.50.1 Global End IP --------------10.132.50.3 Type -----M:M NO OV Select Rule= Press ENTER to Confirm or ESC to Cancel: Figure 25-20 Example 4: Menu 15.1.1 Address Mapping Rules 25.
HomeSafe User’s Guide Table 25-5 Menu 15.3 Trigger Port Setup FIELD DESCRIPTION EXAMPLE Rule This is the rule index number. 1 Name Enter a unique name for identification purposes. You may enter up to 15 characters in this field. All characters are permitted - including spaces. Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service.
HomeSafe User’s Guide Chapter 26 Enabling the Firewall This chapter shows you how to get started with the HomeSafe firewall. 26.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: • The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it. • The firewall allows remote management from the LAN. 26.
SMT Advanced Management Part VIII: SMT Advanced Management This part discusses filtering setup, SNMP, system security, system information and diagnosis, firmware and configuration file maintenance, system maintenance, remote management and call scheduling. ) See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
HomeSafe User’s Guide Chapter 27 Filter Configuration This chapter shows you how to create and apply filters. 27.1 Introduction to Filters Your HomeSafe uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later. Data filtering screens the data to determine if the packet should be allowed to pass.
HomeSafe User’s Guide apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. Sets of factory default filter rules have been configured in menu 21 to prevent NetBIOS traffic from triggering calls and to prevent incoming telnet sessions. A summary of their filter rules is shown in the figures that follow.
HomeSafe User’s Guide 27.2 Configuring a Filter Set The HomeSafe includes filtering for NetBIOS over TCP/IP packets by default. To configure another filter set, follow the procedure below. Step 1. Enter 21 in the main menu to open menu 21. Menu 21 - Filter and Firewall Setup 1. Filter Setup 2. Firewall Setup Enter Menu Selection Number: Figure 27-4 Menu 21: Filter and Firewall Setup Step 2. Enter 1 to bring up the following menu. Menu 21.
HomeSafe User’s Guide Table 27-1 Abbreviations Used in the Filter Rules Summary Menu FIELD DESCRIPTION M More. “Y” means there are more rules to check which form a rule chain with the present rule. An action cannot be taken until the rule chain is complete. “N” means there are no more rules to check. You can specify an action to be taken i.e., forward the packet, drop the packet or check the next rule. For the latter, the next rule is independent of the rule just checked. m Action Matched.
HomeSafe User’s Guide To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.1.1 - TCP/IP Filter Rule, as shown next. Menu 21.1.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 0 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 137 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.
HomeSafe User’s Guide Table 27-3 TCP/IP Filter Rule FIELD Port # Port # Comp DESCRIPTION OPTIONS Enter the source port of the packets that you wish to filter. The range of this field is 0 to 65535. This field is ignored if it is 0. 0-65535 Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the source port in the packet against the value given in Source: Port #. None Less Greater Equal Not Equal TCP Estab This field is applicable only when the IP Protocol field is 6, TCP.
HomeSafe User’s Guide Packet into IP Filter Filter Active? No Yes Apply SrcAddrMask to Src Addr Check Src IP Addr Not Matched Matched Apply DestAddrMask to Dest Addr Check Dest IP Addr Not Matched Matched Check IP Protocol Not Matched Matched Check Src & Dest Port Not Matched Matched More? Yes No Action Not Matched Action Matched Check Next Rule Check Next Rule Drop Drop Packet Drop Forward Forward Check Next Rule Accept Packet Figure 27-7 Executing an IP Filter 27.2.
HomeSafe User’s Guide To configure a generic rule, select Generic Filter Rule in the Filter Type field in menu 21.1.4.1 and press [ENTER] to open Generic Filter Rule, as shown below. Menu 21.1.4.1 - Generic Filter Rule Filter #: 4,1 Filter Type= Generic Filter Rule Active= No Offset= 0 Length= 0 Mask= N/A Value= N/A More= No Log= None Action Matched= Check Next Rule Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: Figure 27-8 Menu 21.1.4.
HomeSafe User’s Guide Table 27-4 Generic Filter Rule Menu Fields FIELD Action Not Matched DESCRIPTION Select the action for a packet not matching the rule. OPTIONS Check Next Rule Forward Drop Once you have completed filling in Menu 21.4.1.1 - Generic Filter Rule, press [ENTER] at the message “Press ENTER to Confirm” to save your configuration, or press [ESC] to cancel. This data will now be displayed on Menu 21.1.1 - Filter Rules Summary. 27.
HomeSafe User’s Guide Step 6. Enter 1 to configure the first filter rule (the only filter rule of this set). Make the entries in this menu as shown in the following figure. Menu 21.1.3.1 - TCP/IP Filter Rule Press [SPACE BAR] and then [ENTER] to choose this filter rule Filter #: 3,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 23 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.
HomeSafe User’s Guide Menu 21.1.3 - Filter Rules Summary # 1 2 3 4 5 6 A Type Filter Rules M m n - ---- --------------------------------------------------------------- - - Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 N D F N N N N N Enter Filter Rule Number (1-6) to Configure: M = N means an action can be taken immediately.
HomeSafe User’s Guide Figure 27-12 Protocol and Device Filter Sets 27.5 Firewall Versus Filters Firewall configuration is discussed in the firewall chapters of this manual. Further comparisons are also made between filtering, NAT and the firewall. 27.6 Applying a Filter This section shows you where to apply the filter(s) after you design it (them). The HomeSafe already has filters to prevent NetBIOS traffic from triggering calls, and block incoming telnet, FTP and HTTP connections.
HomeSafe User’s Guide four filter sets by entering their numbers separated by commas. The HomeSafe already has filters to prevent NetBIOS traffic from triggering calls, and block incoming telnet, FTP and HTTP connections. Menu 11.
HomeSafe User’s Guide Chapter 28 SNMP Configuration This chapter explains SNMP Configuration menu 22. 28.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your HomeSafe supports SNMP agent functionality, which allows a manager station to manage and monitor the HomeSafe through the network. The HomeSafe supports SNMP version one (SNMPv1) and version two c (SNMPv2c).
HomeSafe User’s Guide • • • GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. Set - Allows the manager to set values for object variables within an agent. Trap - Used by the agent to inform the manager of some events. 28.
HomeSafe User’s Guide 28.4 SNMP Traps The HomeSafe will send traps to the SNMP manager when any one of the following events occurs: Table 28-2 SNMP Traps TRAP # TRAP NAME DESCRIPTION 1 coldStart (defined in RFC-1215) A trap is sent after booting (power on). 2 warmStart (defined in RFC-1215) A trap is sent after booting (software reboot). 3 linkDown (defined in RFC-1215) A trap is sent with the port number when any of the links are down. See the following table.
HomeSafe User’s Guide Chapter 29 System Security This chapter describes how to configure the system security on the HomeSafe. 29.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu. 29.1.1 System Password Menu 23 - System Security 1. Change Password 2. RADIUS Server 4. IEEE802.1x Figure 29-1 Menu 23 System Security You should change the default password. If you forget your password you have to restore the default configuration file.
HomeSafe User’s Guide Table 29-1 Menu 23.2 System Security : RADIUS Server FIELD DESCRIPTION EXAMPLE Press [SPACE BAR] to select Yes and press [ENTER] to enable user authentication through an external authentication server. No Authentication Server Active Server Address Enter the IP address of the external authentication server in dotted decimal notation. 10.11.12.13 Port The default port of the RADIUS server for authentication is 1812.
HomeSafe User’s Guide Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= No Authentication Required ReAuthentication Timer (in second)= N/A Idle Timeout (in second)= N/A Key Management Protocol= N/A Dynamic WEP Key Exchange= N/A PSK = N/A WPA Mixed Mode= N/A Data Privacy = N/A WPA Broadcast/Multicast Key Update Timer= N/A Authentication Databases= N/A Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 29-5 Menu 23.4 System Security : IEEE802.
HomeSafe User’s Guide Table 29-2 Menu 23.4 System Security : IEEE802.1x FIELD DESCRIPTION PSK Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols) when you select WPA-PSK in the Key Management Protocol field. WPA Mixed Mode Select Enable to activate WPA mixed mode. Otherwise, select Disable and configure Group Data Privacy field.
HomeSafe User’s Guide Chapter 30 System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu to open Menu 24 – System Maintenance, as shown in the following figure. Menu 24 - System Maintenance 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
HomeSafe User’s Guide Menu 24.1 - System Maintenance - Status 23:08:27 Sat. Jan. 01, 2000 Port WAN LAN WLAN Port WAN LAN WLAN Status TxPkts RxPkts Down 6 7038 100M/Full 9253 6154 54M 3934 0 Ethernet Address IP Address 00:50:8D:48:59:1F 172.21.3.125 00:A0:C5:01:20:05 192.168.1.1 00:A0:C5:01:20:05 System up Time: 23:08:31 Cols 0 0 0 Tx B/s 0 0 0 IP Mask 255.255.0.0 255.255.255.0 Name: HS-100W.zyxel.com.tw Routing: IP ZyNOS F/W Version: V3.60(JM.
HomeSafe User’s Guide 30.2 System Information To get to the System Information: Step 1. Step 2. Step 3. Enter 24 to display Menu 24 — System Information and Console Port Speed. Enter 2 to display Menu 24.2 — System Information. From this menu you have two choices as shown in the next figure: Menu 24.2 - System Information and Console Port Speed 1. System Information 2. Console Port Speed Please enter selection: Figure 30-3 Menu 24.2 System Information and Console Port Speed 30.2.
HomeSafe User’s Guide 30.2.2 Console Port Speed You can set up different port speeds for the console port through Menu 24.2.2 – System Maintenance – Console Port Speed. Your HomeSafe supports 9600 (default), 19200, 38400, 57600 and 115200 bps. Press [SPACE BAR] and then [ENTER] to select the desired speed in menu 24.2.2, as shown in the following figure. Menu 24.2.2 – System Maintenance – Change Console Port Speed Console Port Speed: 9600 Press ENTER to Confirm or ESC to Cancel: Figure 30-5 Menu 24.2.
HomeSafe User’s Guide Your HomeSafe sends five types of syslog messages. Some examples (not all HomeSafe specific) of these syslog messages with their message formats are shown next: 1.
HomeSafe User’s Guide 5. Firewall log Firewall Log Message Format SdcmdSyslogSend(SYSLOG_FIREWALL, SYSLOG_NOTICE, buf); buf = IP[Src=xx.xx.xx.xx : spo=xxxx Dst=xx.xx.xx.xx : dpo=xxxx | prot | rule | action] Src: Source Address spo: Source port (empty means no source port information) Dst: Destination Address dpo: Destination port (empty means no destination port information) prot: Protocol (“TCP”,”UDP”,”ICMP”, ”IGMP”, ”GRE”, ”ESP”) rule: where a means "set" number; b means "rule" number.
HomeSafe User’s Guide Menu 24.4 - System Maintenance - Diagnostic TCP/IP 1. Ping Host 2. WAN DHCP Release 3. WAN DHCP Renewal 4. Internet Setup Test System 11. Reboot System Enter Menu Selection Number: Figure 30-8 Menu 24.4 System Maintenance : Diagnostic 30.4.1 WAN DHCP DHCP functionality can be enabled on the LAN or WAN as shown in Figure 30-9. LAN DHCP has already been discussed. The HomeSafe can act either as a WAN DHCP client (IP Address Assignment field in menu 4 or menu 11.
HomeSafe User’s Guide Table 30-4 System Maintenance Menu Diagnostic Reboot System Enter 11 to reboot the HomeSafe. Host IP Address= If you entered 1 in Ping Host, then enter the IP address of the computer you want to ping in this field. Enter the number of the selection you would like to perform or press [ESC] to cancel.
HomeSafe User’s Guide Chapter 31 Firmware and Configuration File Maintenance This chapter tells you how to backup and restore your configuration file as well as upload new firmware and configuration files. 31.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom” filename extension.
HomeSafe User’s Guide 31.2 Backup Configuration Option 5 from Menu 24 – System Maintenance allows you to backup the current HomeSafe configuration to your computer. Backup is highly recommended once your HomeSafe is functioning properly. FTP is the preferred methods for backing up your current configuration to your computer since they are faster. Please note that terms “download” and “upload” are relative to the computer.
HomeSafe User’s Guide 31.2.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 31-2 General Commands for GUI-based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server. Login Type Anonymous. This is when a user I.D. and password is automatically supplied to the server for anonymous access. Anonymous logins will work only if your ISP or service administrator has enabled this option. Normal.
HomeSafe User’s Guide 31.2.7 TFTP Command Example The following is an example TFTP command: tftp [-i] host get rom-0 config.rom where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the HomeSafe IP address, “get” transfers the file source on the HomeSafe (rom-0, name of the configuration file on the HomeSafe) to the file destination on the computer and renames it config.rom. 31.2.
HomeSafe User’s Guide Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your HomeSafe. Then type "root" and SMT password as requested. 3. Type "put backupfilename rom-0" where backupfilename is the name of your backup configuration file on your workstation and rom-0 is the remote file name on the HomeSafe.
HomeSafe User’s Guide ) WARNING! DO NOT INTERRUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR HOMESAFE. 31.4.1 Firmware File Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the HomeSafe, you will see the following screens for uploading firmware and the configuration file using FTP. Menu 24.7.
HomeSafe User’s Guide 31.4.3 FTP File Upload Command from the DOS Prompt Example Step 6. Launch the FTP client on your computer. Enter “open”, followed by a space and the IP address of your HomeSafe. Press [ENTER] when prompted for a username. Enter your password as requested (the default is “1234”). Enter “bin” to set transfer mode to binary. Use “put” to transfer files from the computer to the HomeSafe, for example, “put firmware.bin ras” transfers the firmware on your computer (firmware.
HomeSafe User’s Guide Use the TFTP client (see the example below) to transfer files between the HomeSafe and the computer. The file name for the firmware is “ras”. Note that the telnet connection must be active and the HomeSafe in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program.
HomeSafe User’s Guide Chapter 32 System Maintenance This chapter leads you through SMT menus 24.8 to 24.10. 32.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands.
HomeSafe User’s Guide HS-100W> com Valid commands are: sys exit poe pptp ip ppp radius 8021x HS-100W> device config bridge ether wlan parentCtrl Figure 32-2 Valid Commands 32.2 Call Control Support The HomeSafe provides two call control functions: budget management and call history. Please note that this menu is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1.
HomeSafe User’s Guide Table 32-1 Budget Management FIELD DESCRIPTION EXAMPLE Remote Node Enter the index number of the remote node you want to reset (just one in this case) Connection Time/Total Budget This is the total connection time that has gone by (within the allocated budget that you set in menu 11.1). Elapsed Time/Total Period The period is the time cycle in hours that the allocation budget is reset (see menu 11.1.) The elapsed time is the time used up within this period.
HomeSafe User’s Guide 32.3 Time and Date Setting The Real Time Chip (RTC) keeps track of the time and date (not available on all models). There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your HomeSafe. Menu 24.10 allows you to update the time and date settings of your HomeSafe. The real time is then displayed in the HomeSafe error logs and firewall logs.
HomeSafe User’s Guide Table 32-3 Time and Date Setting Fields FIELD DESCRIPTION Time Zone Press [SPACE BAR] and then [ENTER] to set the time difference between your time zone and Greenwich Mean Time (GMT). Daylight Saving Daylight Saving Time is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daylight time in the evenings. If you use daylight savings time, then choose Yes.
HomeSafe User’s Guide Chapter 33 Remote Management This chapter covers remote management (SMT menu 24.11). 33.1 Remote Management Remote management allows you to determine which services/protocols can access which HomeSafe interface (if any) from which computers. You may manage your HomeSafe from a remote location via: ¾ Internet (WAN only) ¾ ALL (LAN and WAN) ¾ LAN only ¾ Neither (Disable). ) When you Choose WAN only or ALL (LAN & WAN), you still need to configure a firewall rule to allow access.
HomeSafe User’s Guide Table 33-1 Menu 24.11 – Remote Management Control FIELD DESCRIPTION EXAMPLE Port This field shows the port number for the service or protocol. You may change the port number if needed, but you must use the same port number to access the HomeSafe. Access Select the access interface (if any) by pressing [SPACE BAR], then [ENTER] to choose from: LAN only, WAN only, ALL or Disable. Secure Client IP The default 0.0.0.
HomeSafe User’s Guide Chapter 34 Call Scheduling Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 34.1 Introduction to Call Scheduling The call scheduling feature allows the HomeSafe to manage a remote node and dictate when a remote node should be called and for how long. This feature is similar to the scheduler in a videocassette recorder (you can specify a time period for the VCR to record).
HomeSafe User’s Guide Menu 26.1 - Schedule Set Setup Active= Yes Start Date(yyyy/mm/dd) = 2000 – 01 - 01 How Often= Once Once: Date(yyyy/mm/dd)= 2000 – 01 - 01 Weekdays: Sunday= N/A Monday= N/A Tuesday= N/A Wednesday= N/A Thursday= N/A Friday= N/A Saturday= N/A Start Time (hh:mm)= 00 : 00 Duration (hh:mm)= 00 : 00 Action= Forced On Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle Figure 34-2 Menu 26.
HomeSafe User’s Guide Table 34-1 Menu 26.1 Schedule Set Setup FIELD Action DESCRIPTION EXAMPLE Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field. Forced On Forced Down means that the connection is blocked whether or not there is a demand call on the line. Enable Dial-On-Demand means that this schedule permits a demand call on the line.
Appendices and Index Part IX: Appendices and Index This section provides some Appendices and an Index.
HomeSafe User’s Guide Appendix A Troubleshooting PROBLEM CORRECTIVE ACTION None of the LEDs turn on when you turn on the HomeSafe. Make sure that you have the correct power adapter connected to the HomeSafe and plugged in to an appropriate power source. Check all cable connections. If the LEDs still do not turn on, you may have a hardware problem. In this case, you should contact your local vendor. Cannot access the HomeSafe from the LAN.
HomeSafe User’s Guide PROBLEM CORRECTIVE ACTION Make sure that the Time Scheduling configured in the Parental Control Edit screen restricts access at the scheduled time. Access to a web page with a URL containing a forbidden keyword is not blocked. Make sure that you select the Keyword Blocking check box in the Parental Control Group Edit screen. Make sure that the keywords that you type are listed in the Block Websites list.
HomeSafe User’s Guide Appendix B PPPoE PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) that connects to an xDSL Access Concentrator where the PPP session terminates (see the next figure). One PVC can support any number of PPP sessions from your LAN. PPPoE provides access control and billing functionality in a manner similar to dial-up services using PPP.
HomeSafe User’s Guide With PPPoE, the VC (Virtual Circuit) is equivalent to the dial-up connection and is between the modem and the AC, as opposed to all the way to the ISP. However, the PPP negotiation is between the PC and the ISP. The HomeSafeas a PPPoE Client When using the HomeSafeas a PPPoE client, the PCs on the LAN see only Ethernet and are not aware of PPPoE. This alleviates the administrator from having to manage the PPPoE clients on the individual PCs.
HomeSafe User’s Guide Appendix C PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a PC to a broadband modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the short haul between the PC and the modem over Ethernet.
HomeSafe User’s Guide PPTP Protocol Overview PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Cisco’s Layer 2 Forwarding). Conceptually, there are three parties in PPTP, namely the PNS (PPTP Network Server), the PAC (PPTP Access Concentrator) and the PPTP user. The PNS is the box that hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel. The PAC is the box that dials/answers the phone calls and relays the PPP frames to the PNS.
HomeSafe User’s Guide The PPP frames are tunneled between the PNS and PAC over GRE (General Routing Encapsulation, RFC 1701, 1702). The individual calls within a tunnel are distinguished using the Call ID field in the GRE header.
HomeSafe User’s Guide Appendix D Log Descriptions Configure centralized logs using the embedded web configurator; see the online help for details. This appendix describes some of the log messages. Chart 1 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max. number of session per host! This attempt to create a NAT session exceeds the maximum number of NAT session table entries allowed to be created per host.
HomeSafe User’s Guide Chart 2 System Maintenance Logs LOG MESSAGE DESCRIPTION mismatch ID content. !! No known phase 1 ID type found The ID type of an incoming packet does not match any known ID type. Chart 3 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall.
HomeSafe User’s Guide Chart 4 Content Filtering Logs LOG MESSAGE DESCRIPTION %s When the content filter is not on according to the time schedule or you didn't select the "Block Matched Web Site” checkbox, the system forwards the web content. Waiting content filter server timeout The external content filtering server did not respond within the timeout period. DNS resolving failed The HomeSafe cannot get the IP address of the external content filtering via DNS query.
HomeSafe User’s Guide Chart 5 ICMP Type and Code Explanations TYPE CODE DESCRIPTION 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded Parameter Problem 12 Pointer indicates the error 0 Timestamp 13 Timestamp request message 0 Timestamp Reply 14 Timestamp reply message 0 Information Request 15 Information request message 0 Information Reply 16 Information reply message 0 Log Commands Go to the command interpreter interface (Chapter 32 explains how to access and
HomeSafe User’s Guide Usage: [0:none/1:log/2:alert/3:both] [0:don't show debug type/1:show debug type] 4. Use sys logs category followed by a log category and a parameter to decide what to record. Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Not every parameter is available with every category. 5.
HomeSafe User’s Guide Appendix E Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
HomeSafe User’s Guide b. Select Protocol and then click Add. c. Select Microsoft from the list of manufacturers. d. Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: a. Click Add. b. Select Client and then click Add. c. Select Microsoft from the list of manufacturers. d. Select Client for Microsoft Networks from the list of network clients and then click OK. e. Restart your computer so the changes you made take effect.
HomeSafe User’s Guide -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. 4. Click OK to save and close the TCP/IP Properties window. 5. Click OK to close the Network window. Insert the Windows CD if prompted. 6. Turn on your HomeSafeand restart your computer when prompted. Checking/Modifying Your Computer’s IP Address 1. Click Start and then Run. 2.
HomeSafe User’s Guide Windows 2000/NT/XP 1. In Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. 2. In Windows XP, click Network Connections. In Windows 2000/NT, click Network and Dial-up Connections. E-4 3. Right-click Local Area Connection and then click Properties.
HomeSafe User’s Guide 4. Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. 5. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). - To have your computer assigned a dynamic IP address, click Obtain an IP address automatically. -If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields.
HomeSafe User’s Guide 6. -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add. -In TCP/IP Address, type an IP address in IP address and a subnet mask in Subnet mask, and then click Add. -Repeat the above two steps for each IP address you want to add.
HomeSafe User’s Guide 7. In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you wish to have more than two DNS servers, click Advanced, the DNS tab and then configure them using Add. 8.
HomeSafe User’s Guide Macintosh OS 8/9 1. Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. 2. Select Ethernet built-in from the Connect via list. 3. For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4. For statically assigned settings, do the following: -From the Configure box, select Manually. -Type your IP address in the IP Address box. -Type your subnet mask in the Subnet mask box.
HomeSafe User’s Guide Verifying Your Computer’s IP Address Check your TCP/IP properties in the TCP/IP Control Panel window. Macintosh OS X 1. Click the Apple menu, and click System Preferences to open the System Preferences window. 2. Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list. - Click the TCP/IP tab. 3. For dynamically assigned settings, select Using DHCP from the Configure list. 4.
HomeSafe User’s Guide Appendix F Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environment provides you the freedom to stay connected to the network while roaming around in the coverage area. WLAN is not available on all models.
HomeSafe User’s Guide time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS). See the following diagram of an example of an Ad-hoc wireless LAN.
HomeSafe User’s Guide Diagram F-2 ESS Provides Campus-Wide Coverage Wireless LAN and IEEE 802.
HomeSafe User’s Guide Appendix G Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address. As the MAC address is sent across the wireless link in clear text, it is easy to spoof and fake.
HomeSafe User’s Guide Client computer access authorized. Client computer access not authorized. Diagram G-1 Sequences for EAP MD5–Challenge Authentication G-2 Wireless LAN with IEEE 802.
HomeSafe User’s Guide Appendix H Types of EAP Authentication This appendix discusses the four popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS and PEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless station.
HomeSafe User’s Guide Comparison of EAP Authentication Types EAP-MD5 EAP-TLS EAP-TTLS PEAP Certificate – Client No Yes Optional Optional Certificate – Server No Yes Yes Yes No Yes Yes Yes Credential Security None Strong Strong Strong Deployment Difficulty Easy Hard Moderate Moderate Wireless Security Poor Best Good Good No No Yes Yes Dynamic Key Exchange Client Identity Protection H-2 Types of EAP Authentication
HomeSafe User’s Guide Appendix I Antenna Selection and Positioning Recommendation An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Choosing the right antennas and positioning them properly increases the range and coverage area of a wireless LAN. Antenna Characteristics ¾ Frequency An antenna in the frequency of 2.
HomeSafe User’s Guide • Directional antennas concentrate the RF signal in a beam, like a flashlight. The angle of the beam width determines the direction of the coverage pattern; typically ranges from 20 degrees (less directional) to 90 degrees (very directional). The directional antennas are ideal for hallways and outdoor point-to-point applications. Positioning Antennas In general, antennas should be mounted as high as practically possible and free of obstructions.
HomeSafe User’s Guide Appendix J Brute-Force Password Guessing Protection The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See other appendices for information on the command structure. Chart 6 Brute-Force Password Guessing Protection Commands COMMAND DESCRIPTION sys pwderrtm This command displays the brute-force guessing password protection settings.
HomeSafe User’s Guide Appendix K Triangle Route The Ideal Setup When the firewall is on, your HomeSafeacts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the HomeSafeto protect your LAN against attacks. Diagram K-1 Ideal Setup The “Triangle Route” Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices.
HomeSafe User’s Guide Step 1. Step 2. Step 3. A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. The HomeSafereroutes the packet to Gateway B which is in Subnet 2. The reply from WAN goes through the HomeSafeto the computer on the LAN in Subnet 1. Diagram K-3 IP Alias Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows.
HomeSafe User’s Guide Appendix L Index 8 802.1x........................................................... 7-11 A Active ........................................................... 22-2 Address Assignment................................ 3-8, 3-9 Address Resolution Protocol (ARP)............... 5-3 Ad-hoc Configuration..................................... F-1 Allocated Budget.......................................... 22-4 Antenna Directional...................................................
HomeSafe User’s Guide Ethernet Encapsulation........9-5, 21-1, 22-1, 22-7 Extended Service Set...............................F-2, 6-2 Extended Service Set IDentification............... 6-5 F Factory Default............................................. 19-1 Factory LAN Defaults .................................... 5-1 Fail Tolerance............................................... 22-8 FCC .................................................................. iii FHSS .
HomeSafe User’s Guide Management Information Base (MIB) 14-6, 28-1 Many to Many No Overload.................. See NAT Many to Many Overload ....................... See NAT Many to One.......................................... See NAT MD5 .............................................................. H-1 Message Digest Algorithm 5 .................See MD5 Message Logging ......................................... 30-4 Metric ..................................8-1, 10-3, 22-6, 23-2 Multicast....................
HomeSafe User’s Guide Roaming ......................................................... 6-5 Enable on ZyAIR ..................................... 20-8 Example ..................................................... 6-6 Requirements ............................................. 6-6 Route ............................................................ 22-2 RTC ......................................See Real Time Chip RTS Threshold ...................................... 6-3, 20-6 Rules Predefined Services...........
HomeSafe User’s Guide V VPN................................................................ 8-4 W WAN DHCP................................................. 30-7 WAN Setup ........................................... 3-9, 19-1 Warranty.............................................................v Web .............................................................. 14-2 Web Configurator.........................2-1, 2-20, 26-1 WEP ............................................................... 7-3 WEP Encryption.
