Zyxel P-2602HWT-F3 Router Manual PDF (Setup & Configuration Guide)

Page 31 / 46 Scroll up to view Page 26 - 30

Prestige 2602HW Series Quick Start Guide

31

Table 4 Wireless LAN: MAC Address Filter

LABEL

DESCRIPTION

Action

Define the filter action for the list of MAC addresses in the

MAC Address

table.

Select

Deny Association

to block access to the router, MAC addresses not

listed will be allowed to access the router

Select

Allow Association

to permit access to the router, MAC addresses

not listed will be denied access to the router.

MAC

Address

Enter the MAC addresses (in XX:XX:XX:XX:XX:XX format) of the wireless

station that are allowed or denied access to the Prestige in these address

fields.

6.3 802.1x and WPA Overview

Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification

draft. Key differences between WPA and WEP are user authentication and improved

data encryption. WPA applies IEEE 802.1x and Extensible Authentication Protocol

(EAP) to authenticate wireless clients using an external RADIUS database. You can’t

use the Prestige’s local user database for WPA authentication purposes since the local

user database uses MD5 EAP, which cannot be used to generate keys.

WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP),

Message Integrity Check (MIC) and IEEE 802.1x. Temporal Key Integrity Protocol

(TKIP) uses 128-bit keys that are dynamically generated and distributed by the

authentication server. It includes a per-packet key mixing function, a Message Integrity

Check (MIC) named Michael, an extended initialization vector (IV) with sequencing

rules, and a re-keying mechanism.

To change your Prestige’s authentication settings, click the

Wireless LAN

link under

Advanced Setup

and then the

802.1x/WPA

tab.

The screen varies by the wireless

port control and key management protocol

you select

.

6.4 Network Address Translation Overview

NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP

address of a host in a packet. For example, the source address of an outgoing packet,

used within one network is changed to a different IP address known within another

network.

Page 32 / 46

Prestige 2602HW Series Quick Start Guide

32

If you have a single public IP address then select

SUA Only

in the

NAT-Mode

screen

(see

Figure 18

). If you have multiple public IP addresses then you may use full feature

mapping types (see the

User’s Guide

for more details).

NAT supports five types of IP/port mapping. They are:

1.

One-to-One

: One-to-one mode maps one local IP address to one global IP

address. Note that port numbers do not change for One-to-one NAT mapping

type.

2.

Many-to-One

: Many-to-One mode maps multiple local IP addresses to one

global IP address.

3.

Many-to-Many Overload

: Many-to-Many Overload mode maps multiple

local IP addresses to shared global IP addresses.

4.

Many-to-Many No Overload

: Many-to-Many No Overload mode maps each

local IP address to unique global IP addresses.

5.

Server

: This type allows you to specify inside servers of different services

behind the NAT to be accessible to the outside world.

6.5 Configuring SUA Server

An SUA server set is a list of inside (behind NAT on the LAN) servers, for example,

web or FTP, that you can make visible to the outside world even though SUA makes

your whole inside network appear as a single computer to the outside world.

1.

From the main screen click

Advanced Setup

and then

NAT

to open the

NAT-Mode

screen. Select

SUA Only

.

Figure 18 NAT: Mode

2.

Click

Edit Details

.

Page 33 / 46

Prestige 2602HW Series Quick Start Guide

33

Figure 19 SUA/NAT Server

The following table describes the labels in this screen.

Table 5 SUA/NAT Server

LABEL

DESCRIPTION

Start Port

No.

Type a port number in this field. To forward only one port, type the port

number again in the

End Port

field. To forward a series of ports, type the

start port number here and the end port number in the

End Port

field.

End Port

No.

Type a port number in this field. To forward only one port, type the port

number in the

Start

Port

field above and then type it again in this field. To

forward a series of ports, type the last port number in a series that begins

with the port number in the

Start

Port

field above.

IP

Address

Enter the inside IP address of the server here.

Page 34 / 46

Prestige 2602HW Series Quick Start Guide

34

6.6 Firewall Overview

The Prestige firewall is a stateful inspection firewall and is designed to protect against

Denial of Service attacks when activated. The Prestige’s purpose is to allow a private

Local Area Network (LAN) to be securely connected to the Internet. The Prestige can be

used to prevent theft, destruction and modification of data, as well as log events, which

may be important to the security of your network. The Prestige also has packet-filtering

capabilities.

When activated, the firewall allows all traffic to the Internet that originates from the

LAN, and blocks all traffic to the LAN that originates from the Internet. In other words

the Prestige will:

¾

Allow all sessions originating from the LAN to the WAN

¾

Deny all sessions originating from the WAN to the LAN

Local Network to Internet Set

rules are local network to Internet firewall rules. The

default is to forward all traffic from your local network to the Internet.

The following figure illustrates a Prestige firewall application.

Figure 20 Prestige Firewall Application

Denial of Service Attacks

Page 35 / 46

Prestige 2602HW Series Quick Start Guide

35

6.7 Enabling the Firewall with Default Policy

From the main screen, click

Firewall

and then

Default Policy

to display the following

screen. Activate the firewall by selecting the

Firewall Enabled

check box as seen in the

following screen.

Figure 21 Default Policy

The following table describes the labels in this screen.

Table 6 Firewall: Default Policy

LABEL

DESCRIPTION

Firewall

Enabled

Select this check box to activate the firewall. The Prestige performs

access control and protects against Denial of Service (DoS) attacks

when the firewall is activated.

Allow

Asymmetrical

Route

Select this check box to have the Prestige firewall permit the use of

triangle route topology on the network. See the appendix

for more on

triangle route topology.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share