Page 31 / 46 Scroll up to view Page 26 - 30
Prestige 2602HW Series Quick Start Guide
31
Table 4 Wireless LAN: MAC Address Filter
LABEL
DESCRIPTION
Action
Define the filter action for the list of MAC addresses in the
MAC Address
table.
Select
Deny Association
to block access to the router, MAC addresses not
listed will be allowed to access the router
Select
Allow Association
to permit access to the router, MAC addresses
not listed will be denied access to the router.
MAC
Address
Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless
station that are allowed or denied access to the Prestige in these address
fields.
6.3 802.1x and WPA Overview
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification
draft. Key differences between WPA and WEP are user authentication and improved
data encryption. WPA applies IEEE 802.1x and Extensible Authentication Protocol
(EAP) to authenticate wireless clients using an external RADIUS database. You can’t
use the Prestige’s local user database for WPA authentication purposes since the local
user database uses MD5 EAP, which cannot be used to generate keys.
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP),
Message Integrity Check (MIC) and IEEE 802.1x. Temporal Key Integrity Protocol
(TKIP) uses 128-bit keys that are dynamically generated and distributed by the
authentication server. It includes a per-packet key mixing function, a Message Integrity
Check (MIC) named Michael, an extended initialization vector (IV) with sequencing
rules, and a re-keying mechanism.
To change your Prestige’s authentication settings, click the
Wireless LAN
link under
Advanced Setup
and then the
802.1x/WPA
tab.
The screen varies by the wireless
port control and key management protocol
you select
.
6.4 Network Address Translation Overview
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP
address of a host in a packet. For example, the source address of an outgoing packet,
used within one network is changed to a different IP address known within another
network.
Page 32 / 46
Prestige 2602HW Series Quick Start Guide
32
If you have a single public IP address then select
SUA Only
in the
NAT-Mode
screen
(see
Figure 18
). If you have multiple public IP addresses then you may use full feature
mapping types (see the
User’s Guide
for more details).
NAT supports five types of IP/port mapping. They are:
1.
One-to-One
: One-to-one mode maps one local IP address to one global IP
address. Note that port numbers do not change for One-to-one NAT mapping
type.
2.
Many-to-One
: Many-to-One mode maps multiple local IP addresses to one
global IP address.
3.
Many-to-Many Overload
: Many-to-Many Overload mode maps multiple
local IP addresses to shared global IP addresses.
4.
Many-to-Many No Overload
: Many-to-Many No Overload mode maps each
local IP address to unique global IP addresses.
5.
Server
: This type allows you to specify inside servers of different services
behind the NAT to be accessible to the outside world.
6.5 Configuring SUA Server
An SUA server set is a list of inside (behind NAT on the LAN) servers, for example,
web or FTP, that you can make visible to the outside world even though SUA makes
your whole inside network appear as a single computer to the outside world.
1.
From the main screen click
Advanced Setup
and then
NAT
to open the
NAT-Mode
screen. Select
SUA Only
.
Figure 18 NAT: Mode
2.
Click
Edit Details
.
Page 33 / 46
Prestige 2602HW Series Quick Start Guide
33
Figure 19 SUA/NAT Server
The following table describes the labels in this screen.
Table 5 SUA/NAT Server
LABEL
DESCRIPTION
Start Port
No.
Type a port number in this field. To forward only one port, type the port
number again in the
End Port
field. To forward a series of ports, type the
start port number here and the end port number in the
End Port
field.
End Port
No.
Type a port number in this field. To forward only one port, type the port
number in the
Start
Port
field above and then type it again in this field. To
forward a series of ports, type the last port number in a series that begins
with the port number in the
Start
Port
field above.
IP
Address
Enter the inside IP address of the server here.
Page 34 / 46
Prestige 2602HW Series Quick Start Guide
34
6.6 Firewall Overview
The Prestige firewall is a stateful inspection firewall and is designed to protect against
Denial of Service attacks when activated. The Prestige’s purpose is to allow a private
Local Area Network (LAN) to be securely connected to the Internet. The Prestige can be
used to prevent theft, destruction and modification of data, as well as log events, which
may be important to the security of your network. The Prestige also has packet-filtering
capabilities.
When activated, the firewall allows all traffic to the Internet that originates from the
LAN, and blocks all traffic to the LAN that originates from the Internet. In other words
the Prestige will:
¾
Allow all sessions originating from the LAN to the WAN
¾
Deny all sessions originating from the WAN to the LAN
Local Network to Internet Set
rules are local network to Internet firewall rules. The
default is to forward all traffic from your local network to the Internet.
The following figure illustrates a Prestige firewall application.
Figure 20 Prestige Firewall Application
Denial of Service Attacks
Page 35 / 46
Prestige 2602HW Series Quick Start Guide
35
6.7 Enabling the Firewall with Default Policy
From the main screen, click
Firewall
and then
Default Policy
to display the following
screen. Activate the firewall by selecting the
Firewall Enabled
check box as seen in the
following screen.
Figure 21 Default Policy
The following table describes the labels in this screen.
Table 6 Firewall: Default Policy
LABEL
DESCRIPTION
Firewall
Enabled
Select this check box to activate the firewall. The Prestige performs
access control and protects against Denial of Service (DoS) attacks
when the firewall is activated.
Allow
Asymmetrical
Route
Select this check box to have the Prestige firewall permit the use of
triangle route topology on the network. See the appendix
for more on
triangle route topology.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top