Page 1 HS-100 / HS-100W Parental Control Gateway User’s Guide Version 3.62 10/2005...
Page 3 HomeSafe User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: This device may not cause harmful interference. This device must accept any interference received, including interference that may cause undesired operations.
Page 4 HomeSafe User’s Guide Information for Canadian Users The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Industry Canada does not guarantee that the equipment will operate to a user's satisfaction.
Page 5: Zyxel Limited Warranty
ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition.
Page 6: Customer Support
+47 22 80 61 81 +46 31 744 7700 www.zyxel.se +46 31 744 7701 +358-9-4780-8411 www.zyxel.fi +358-9-4780 8448 REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Communications Inc. 1130 N. Miller St. Anaheim CA 92806-2001 U.S.A.
Page 7: Table Of Contents
Getting Started...I Chapter 1 Getting to Know Your HomeSafe ... 1-1 HomeSafe Parental Control Gateway Overview ... 1-1 HomeSafe Features ... 1-1 Applications for the HomeSafe ... 1-5 Chapter 2 Introducing the Web Configurator ... 2-1 Web Configurator Overview ... 2-1 Accessing the HomeSafe Web Configurator ...
Page 8 HomeSafe User’s Guide Wireless LAN Overview ... 6-1 Wireless LAN Basics ... 6-3 Configuring Wireless ... 6-4 Configuring Roaming ... 6-5 Chapter 7 Wireless Security ... 7-1 Wireless Security Overview... 7-1 Security Parameters Summary ... 7-3 WEP Overview ... 7-3 Configuring WEP Encryption...
Page 9 UPnP, Parental Control and Firewall ...IV Chapter 11 UPnP ... 11-1 11.1 Universal Plug and Play Overview... 11-1 11.2 UPnP and ZyXEL... 11-1 11.3 Configuring UPnP ... 11-2 11.4 Installing UPnP in Windows Example ... 11-2 11.5 Using UPnP in Windows XP Example ... 11-4 Chapter 12 Parental Control ...
Page 10 HomeSafe User’s Guide SMT General Configuration... VII Chapter 17 Introducing the SMT... 17-1 17.1 SMT Introduction... 17-1 17.2 Navigating the SMT Interface ... 17-2 17.3 Changing the System Password... 17-4 Chapter 18 Menu 1 General Setup... 18-1 18.1 General Setup ... 18-1 18.2 Procedure To Configure Menu 1 ...
Page 11 27.1 Introduction to Filters... 27-1 27.2 Configuring a Filter Set ... 27-3 27.3 Example Filter ... 27-9 27.4 Filter Types and NAT ... 27-11 27.5 Firewall Versus Filters ... 27-12 27.6 Applying a Filter... 27-12 Chapter 28 SNMP Configuration... 28-1 28.1 About SNMP ...
Page 13 HomeSafe User’s Guide List of Figures Figure 1-1 Secure Internet Access via Cable, DSL or Wireless Modem ... 1-5 Figure 1-2 HomeSafe Parental Control Gateway Application... 1-5 Figure 1-3 Wireless LAN Application Example... 1-6 Figure 2-1 Welcome Menu ... 2-1 Figure 2-2 Wizard Step 1 : Administrator Password ...
Page 14 HomeSafe User’s Guide Figure 4-2 SYSTEM : DDNS... 4-3 Figure 4-3 SYSTEM : Password ... 4-4 Figure 4-4 SYSTEM : Time Setting ... 4-5 Figure 5-1 Any IP Example Application... 5-3 Figure 5-2 LAN : IP ... 5-4 Figure 5-3 LAN : Static DHCP ... 5-6 Figure 5-4 LAN : IP Alias ...
Page 15 HomeSafe User’s Guide Figure 9-7 Trigger Port Forwarding Process: Example ... 9-10 Figure 9-8 Trigger Port... 9-11 Figure 10-1 Example of Static Routing Topology ... 10-1 Figure 10-2 Static Route... 10-1 Figure 10-3 Static Route: Edit ... 10-2 Figure 11-1 Configuring UPnP... 11-2 Figure 12-1 HomeSafe Network User Login...
Page 16 HomeSafe User’s Guide Figure 17-3 SMT Main Menu ... 17-3 Figure 17-4 Menu 23 System Password ... 17-4 Figure 18-1 Menu 1 General Setup ... 18-1 Figure 18-2 Menu 1.1 Configure Dynamic DNS ... 18-3 Figure 19-1 Menu 2 WAN Setup ... 19-1 Figure 20-1 Menu 3 LAN Setup...
Page 17 HomeSafe User’s Guide Figure 25-16 Example 3: Menu 15.1.1.1... 25-10 Figure 25-17 Example 3: Final Menu 15.1.1... 25-10 Figure 25-18 NAT Example 4 ... 25-11 Figure 25-19 Example 4: Menu 15.1.1.1 Address Mapping Rule ... 25-11 Figure 25-20 Example 4: Menu 15.1.1 Address Mapping Rules... 25-12 Figure 25-21 Menu 15.3 Trigger Port Setup...
Page 18 HomeSafe User’s Guide Figure 32-2 Valid Commands... 32-2 Figure 32-3 Menu 24.9 System Maintenance : Call Control ... 32-2 Figure 32-4 Budget Management ... 32-2 Figure 32-5 Call History... 32-3 Figure 32-6 Menu 24: System Maintenance... 32-4 Figure 32-7 Menu 24.10 System Maintenance: Time and Date Setting ... 32-4 Figure 33-1 Menu 24.11 –...
Page 19 HomeSafe User’s Guide List of Tables Table 1-1 IEEE 802.11b ... 1-2 Table 1-2 IEEE 802.11g ... 1-3 Table 2-1 Wizard Step 1 : Administrator Password ... 2-2 Table 2-2 Wizard Step 2 : Wireless LAN Setup ... 2-3 Table 2-3 Wizard Step 2 : Wireless LAN Setup Basic Security ... 2-4 Table 2-4 Wizard Step 2 : Wireless LAN Setup Extend Security ...
Page 20 HomeSafe User’s Guide Table 7-6 WLAN : Wireless : 802.1x and Dynamic WEP... 7-13 Table 7-7 WLAN : Wireless : 802.1x and Static WEP ... 7-14 Table 7-8 WLAN : Wireless: 802.1x ... 7-16 Table 7-9 WLAN : MAC Address Filter ... 7-18 Table 7-10 WLAN : Local User Database...
Page 21 HomeSafe User’s Guide Table 16-6 Maintenance : Firmware Upload ... 16-5 Table 16-7 Maintenance : Restore Configuration... 16-7 Table 17-1 Main Menu Commands ... 17-2 Table 17-2 Main Menu Summary... 17-3 Table 18-1 Menu 1 General Setup ... 18-1 Table 18-2 Menu 1.1 Configure Dynamic DNS ... 18-3 Table 19-1 Menu 2 WAN Setup...
Page 22 HomeSafe User’s Guide Table 32-1 Budget Management... 32-3 Table 32-2 Call History Fields... 32-3 Table 32-3 Time and Date Setting Fields ... 32-4 Table 33-1 Menu 24.11 – Remote Management Control... 33-1 Table 34-1 Menu 26.1 Schedule Set Setup ... 34-2 xxii List of Tables...
Page 23: Related Documentation
Help us help you. E-mail all User’s Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 24: Syntax Conventions
HomeSafe User’s Guide Syntax Conventions • The version number on the title page is the latest firmware version that is documented in this User’s Guide. Earlier versions may also be included. • “Enter” means for you to type one or more characters and press the carriage return. “Select” or “Choose”...
Page 25 HomeSafe User’s Guide Preface...
Page 26: Getting Started
Getting Started Getting Started This part helps you get to know your HomeSafe, introduces the web configurator and covers how to configure the Connection and Parental Control Wizard Setup screens.
Page 28: Chapter 1 Getting To Know Your Homesafe
Getting to Know Your HomeSafe This chapter introduces the main features and applications of the HomeSafe. HomeSafe Parental Control Gateway Overview HomeSafe is a parental control security gateway that can give a parent control over a child’s Internet access privileges. It is the ideal secure gateway for all data passing between the Internet and LAN’s.
Page 29: Table 1-1 Ieee 802.11B
HomeSafe User’s Guide Content Filtering The HomeSafe can block access to Internet services according to how you configure parental control application blocking. You can define time periods and days during which content filtering is enabled and include or exclude categories on the LAN. Firewall The HomeSafe is a stateful inspection firewall with DoS (Denial of Service) protection.
Page 30: Table 1-2 Ieee 802.11G
HomeSafe User’s Guide Table 1-2 IEEE 802.11g DATA RATE (MBPS) MODULATION 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing) Packet Filtering The packet filtering mechanism blocks unwanted traffic from entering/leaving your network. Universal Plug and Play (UPnP) Using the standard TCP/IP protocol, the HomeSafe and other UPnP enabled devices can dynamically join a network, obtain an IP address and convey its capabilities to other devices on the network.
Page 31 HomeSafe User’s Guide Network Address Translation (NAT) Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet). Traffic Redirect Traffic Redirect forwards WAN traffic to a backup gateway on the LAN when the HomeSafe cannot connect to the Internet, thus acting as an auxiliary backup when your regular WAN...
Page 32: Applications For The Homesafe
HomeSafe User’s Guide Wireless Association List (HS-100W only) With the wireless association list, you can see the list of the wireless stations that are currently using the HomeSafe to access your wired network. Applications for the HomeSafe Here are some examples of HomeSafe applications. 1.3.1 Secure Broadband Internet Access via Cable or DSL Modem You can connect a cable modem, DSL or wireless modem to the HomeSafe for broadband Internet access via an Ethernet or a wireless port on the modem.
Page 33: Figure 1-3 Wireless Lan Application Example
HomeSafe User’s Guide 1.3.3 Wireless LAN Application Add a wireless LAN to your existing network without expensive network cables. Wireless stations can move freely anywhere in the coverage area and use resources on the wired network. Figure 1-3 Wireless LAN Application Example Getting to Know Your HomeSafe...
Page 34: Chapter 2 Introducing The Web Configurator
Introducing the Web Configurator This chapter describes how to access the HomeSafe web configurator and provides an Web Configurator Overview The embedded web configurator allows you to manage the HomeSafe from anywhere through a browser such as Microsoft Internet Explorer or Netscape Navigator. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions with JavaScript enabled.
Page 35: Step 1 : System Administrator Password Setup
HomeSafe User’s Guide The Welcome screen only appears when you first enter the HomeSafe web browser. After you fully configure the wizard you automatically proceed to the Password screen for all future logins, see Figure 2-25. You may go to the Welcome screen after initial configuration, only by resetting your HomeSafe to factory defaults.
Page 36: Figure 2-3 Wizard Step 2 : Wireless Lan Setup
Figure 2-3 Wizard Step 2 : Wireless LAN Setup The following table describes the fields in this screen. Table 2-2 Wizard Step 2 : Wireless LAN Setup LABEL ESSID Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the HomeSafe, make sure all wireless stations use the same ESSID in order to access the network.
Page 37: Figure 2-4 Wizard Step 2 : Wireless Lan Setup Basic Security
HomeSafe User’s Guide Figure 2-4 Wizard Step 2 : Wireless LAN Setup Basic Security The following table describes the labels in this screen. Table 2-3 Wizard Step 2 : Wireless LAN Setup Basic Security LABEL Select 64-bit WEP or 128-bit WEP data encryption. Encryption ASCII Select this option in order to enter ASCII characters as the WEP keys.
Page 38: Step 3 : Internet Configuration Setup
The wireless stations and HomeSafe must use the same ESSID, channel ID and Pre-Shared Key for wireless communication. Figure 2-5 Wizard Step 2 : Wireless LAN Setup Extend Security The following table describes the labels in this screen. Table 2-4 Wizard Step 2 : Wireless LAN Setup Extend Security LABEL Pre-Shared Type from 8 to 63 case-sensitive ASCII characters.
Page 39: Figure 2-7 Wizard Step 3 : Isp Parameters
HomeSafe User’s Guide Table 2-5 Wizard Step 3 : Internet Access Setup LABEL Are you using Select Yes from the drop-down list box if you are using a DSL service provider that requires a DSL service PPPoE login information. provider that requires a Select No from the drop-down list box if your service provider does not require you to enter PPPoE login...
Page 40: Figure 2-8 Wizard Step 3 : Internet Access Setup
Figure 2-8 Wizard Step 3 : Internet Access Setup The following table describes the labels in this screen. Table 2-7 Wizard Step 3 : Internet Access Setup LABEL DHCP Select DHCP to have your Internet connection configured for dynamic WAN IP address assignment.
Page 41: Step 4 : Parental Control Wizard
HomeSafe User’s Guide Table 2-8 Wizard Step 3 : Internet Access Static IP Address Setup LABEL Internet Access Setup My WAN IP Address Enter your WAN IP address in this field. My WAN IP Subnet Type your network's IP subnet Mask. Mask Gateway IP Address Enter the gateway IP address (if your ISP gave you one) in this field.
Page 42: Figure 2-11 Wizard Step 4 : Parental Control Wizard
Figure 2-11 Wizard Step 4 : Parental Control Wizard The following table describes the labels in this screen. Table 2-9 Wizard Step 4 : Parental Control Wizard LABEL Enable the Parental Select the check box to allow the parent (LAN administrator) to have access Control System control over a child’s (LAN user) Internet access.
Page 43: Figure 2-12 Wizard Step 4 : Parental Control Time Setup
HomeSafe User’s Guide Figure 2-12 Wizard Step 4 : Parental Control Time Setup The following table describes the labels in this screen. Table 2-10 Wizard Step 4 : Parental Control Time Setup LABEL Time Zone Choose the Time Zone of your location. This will set the time difference between your time zone and Greenwich Mean Time (GMT).
Page 44: Figure 2-13 Wizard Step 4 : Create Or Edit A Profile
Figure 2-13 Wizard Step 4 : Create or Edit a Profile The following table describes the labels in this screen. Table 2-11 Wizard Step 4 : Create or Edit a Profile LABEL Click a radio button to select a users profile. Username This field displays the username (up to 30 characters) for this user profile.
Page 45: Figure 2-14 Wizard Step 4 : Parental Control Profile Information
HomeSafe User’s Guide Figure 2-14 Wizard Step 4 : Parental Control Profile Information The following table describes the labels in this screen. Table 2-12 Wizard Step 4 : Parental Control Profile Information LABEL User Name Type the profile user name. Password Type the password associated with the user name above.
Page 46: Figure 2-16 Wizard Step 4 : Parental Control Time Allowance
Table 2-13 Wizard Step 4 : Parental Control User Group Select a radio button to configure a user for one of the following categories: Category Kids Young Teen Mature Teen Adult For example, if you do not want a child to access a chat room or instant messenger, you can select the category as Kids or Young Teen and block those services, see Figure 2-17.
Page 47: Table 2-14 Wizard Step 4 : Parental Control Time Allowance
HomeSafe User’s Guide The following table describes the labels in this screen. Table 2-14 Wizard Step 4 : Parental Control Time Allowance LABEL Unrestricted Select the check box for the day(s) that you do not want any time restrictions for user Internet access.
Page 48: Figure 2-17 Wizard Step 4 : Parental Control Application Blocking
Figure 2-17 Wizard Step 4 : Parental Control Application Blocking The following table describes the labels in this screen. Table 2-15 Wizard Step 4 : Parental Control Application Blocking LABEL Available Select a service from the list and click the >> button to have the service blocked on a services weekday (Monday to Friday), on a day in the weekend (Saturday or Sunday) or both.
Page 49: Figure 2-18 Wizard Step 4 : Parental Control Summary
HomeSafe User’s Guide Figure 2-18 Wizard Step 4 : Parental Control Summary The following table describes the labels in this screen. Table 2-16 Wizard Step 4 : Parental Control Summary LABEL Click Back to display the previous screen. Back Add/Edit Another Click this button to proceed to the Create/Edit a Profile screen, see Figure 2-13.
Page 50: Figure 2-19 Content Filtering Lookup Procedure
The web site displays a registration successful web page. It may take up to another ten minutes for content filtering to be activated. See Checking Content Filtering Activation for how to know if the content filtering has been activated. Content Filtering with an External Server Your HomeSafe uses a content filter lookup process as described below.
Page 51: Step 5 : Content Filter Service Activation
HomeSafe User’s Guide Figure 2-20 Wizard Step 4 : Content Filter Registration If you click Register Later you will proceed to Figure 2-24. Step 5 : Content Filter Service Activation Once you have completed the registration process you can click Activate to begin the content filtering service now or click Activate Later to activate the service at a later date.
Page 52: Accessing The Internet Via The Homesafe Gateway
Figure 2-23 Content Filter Activation Failure 2.7.1 Content Filter Setup Complete Well done! You have finished configuration of Content Filter Service Activation. You may now click Close to finish using the setup wizard and close your browser. Figure 2-24 Content Filter Setup Complete To use the HomeSafe content filtering you must enable and configure Pre-defined Web Content Categories in the ADVANCED Parental Control group edit configuration screen.
Page 53: Accessing The Homesafe Web Configurator
HomeSafe User’s Guide If you want to configure more of your HomeSafe features, proceed with the rest of this User’s Guide. Accessing the HomeSafe Web Configurator You have to open a new browser and enter the device IP address to log in again. Launch your web browser.
Page 54: Resetting The Homesafe
You should now see the MAIN MENU screen (see Figure 2-27). The management session automatically times out when the time period set in the Administrator Inactivity Timer field expires (default five minutes). Simply log back into the HomeSafe if this happens to you. 2.10 Resetting the HomeSafe If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the HomeSafe to reload the factory-default configuration file.
Page 55: Table 2-17 Screens Summary
HomeSafe User’s Guide LINK WIZARD SETUP CONNECTION PARENTAL CONTROL ADVANCED SYSTEM General DDNS Password Time Zone Static DHCP IP Alias WIRELESS Wireless MAC Filter Roaming 802.1x/WPA Local User Database RADIUS Route WAN ISP WAN IP WAN MAC Traffic Redirect SUA/NAT SUA Server Address Mapping...
Page 56 LINK PARENTAL General CONTROL Bypass List FIREWALL Settings Filter Services REMOTE MGMT TELNET SNMP Security UPnP UPnP LOGS View Log Log Settings MAINTENANCE Status DHCP Table Any IP F/W Upload Configuration Restart LOGOUT Introducing the Web Configurator Table 2-17 Screens Summary FUNCTION Use this screen to enable/disable parental control, configure idle timeout and group categories, register for content filtering service...
Page 58: Chapter 3 Connection Wizard
This chapter provides information on the Connection Wizard screens in the main menu Connection Wizard Overview The web configurator’s setup wizard helps you configure your device to access the Internet. The second screen has three variations depending on what encapsulation type you use. Refer to your ISP for details on what to enter in each field.
Page 59: Connection Wizard: Screen 2
HomeSafe User’s Guide Figure 3-1 Connection Wizard : General Setup Connection Wizard: Screen 2 Set up your wireless LAN using the second wizard screen. Figure 3-2 Connection Wizard : Wireless LAN Setup The following table describes the fields in this screen. Table 3-1 Connection Wizard : Wireless LAN Setup LABEL ESSID...
Page 60: Connection Wizard : Screen 4
Table 3-1 Connection Wizard : Wireless LAN Setup LABEL The level of Security can be selected as none, basic or extended. Choose No security to have no wireless LAN security configured and proceed to the ISP Parameters for Internet Access screen. Choose Basic security if you want to configure WEP Encryption parameters.
Page 61: Figure 3-4 Connection Wizard: Wireless Lan Setup: Extend Security
HomeSafe User’s Guide Key 1 to Key 4 The WEP keys are used to encrypt data. Both the HomeSafe and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
Page 62: Figure 3-5 Connection Wizard : Ethernet Encapsulation
Figure 3-5 Connection Wizard : Ethernet Encapsulation The following table describes the fields in this screen. Table 3-4 Connection Wizard : Ethernet Encapsulation LABEL ISP Parameters for Internet Access Encapsulation You must choose the Ethernet option when the WAN port is used as a regular Ethernet.
Page 63: Figure 3-6 Connection Wizard : Pppoe Encapsulation
HomeSafe User’s Guide For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for instance, Radius). For the user, PPPoE provides a login and authentication method that the existing Microsoft Dial-Up Networking software can activate, and therefore requires no new learning or procedures for Windows users.
Page 64: Figure 3-7 Connection Wizard : Pptp Encapsulation
Table 3-5 Connection Wizard : PPPoE Encapsulation LABEL Idle Timeout Type the time in seconds that elapses before the router automatically disconnects from the PPPoE server. The default time is 100 seconds. Next Click Next to continue. Back Click Back to return to the previous screen. 3.5.3 PPTP Encapsulation Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables transfers of data from a remote client to a private server, creating a Virtual Private Network (VPN) using TCP/IP-...
Page 65: Table 3-7 Private Ip Address Ranges
HomeSafe User’s Guide Table 3-6 Connection Wizard : PPTP Encapsulation LABEL User Name Type the user name given to you by your ISP. Password Type the password associated with the User Name above. Select Nailed-Up Connection if you do not want the connection to time out. Nailed-Up Connection Idle Timeout...
Page 66 Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. 3.6.2 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.
Page 67: Figure 3-8 Connection Wizard : Wan Setup
HomeSafe User’s Guide Table 3-8 Example of Network Properties for LAN Servers with Fixed IP Addresses Choose an IP address Subnet mask Gateway (or default route) The fifth wizard screen varies according to the type of encapsulation that you select in the third wizard screen.
Page 68: Basic Setup Complete
Table 3-9 Connection Wizard : WAN Setup LABEL First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the HomeSafe's WAN IP address). The field to the right displays the (read- only) DNS server IP address that the ISP assigns. Second DNS Server Select User-Defined if you have the IP address of a DNS server.
Page 69: Figure 3-10 Connection Wizard Problems
HomeSafe User’s Guide Figure 3-10 Connection Wizard Problems Well done! You have successfully set up your HomeSafe to operate on your network and access the Internet. 3-12 Connection Wizard...
Page 70 HomeSafe User’s Guide Connection Wizard 3-13...
Page 71: System, Lan, Wlan And Wan
System, LAN, and Wireless LAN System, LAN, WLAN and WAN This part covers configuration of the system, LAN, WLAN and WAN screens.
Page 72: Chapter 4 System Screens
System Overview See the Wizard Setup chapter for more information on the next few screens. Configuring General Setup Click SYSTEM to open the General screen. Figure 4-1 SYSTEM : General Setup The following table describes the labels in this screen. Table 4-1 SYSTEM : General Setup LABEL System Name...
Page 73: Dynamic Dns
HomeSafe User’s Guide Table 4-1 SYSTEM : General Setup LABEL First DNS Select From ISP if your ISP dynamically assigns DNS server information (and the Server HomeSafe's WAN IP address). The field below displays the (read-only) DNS server IP address that the ISP assigns. Second DNS Select User-Defined if you have the IP address of a DNS server.
Page 74: Figure 4-2 System : Ddns
The following table describes the labels in this screen. LABEL Enable DDNS Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider. DDNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.
Page 75: Configuring Password
HomeSafe User’s Guide LABEL Apply Click Apply to save your changes back to the HomeSafe. Reset Click Reset to begin configuring this screen afresh. Configuring Password To change your HomeSafe’s password (recommended), click SYSTEM, then the Password tab. The screen appears as shown. This screen allows you to change the HomeSafe’s password. The following table describes the labels in this screen.
Page 76: Figure 4-4 System : Time Setting
Figure 4-4 SYSTEM : Time Setting The following table describes the labels in this screen. Table 4-4 SYSTEM : Time Setting LABEL Time Protocol Select the time service protocol that your time server sends when you turn on the HomeSafe. Not all time servers support all protocols, so you may have to check with your ISP/network administrator or use trial and error to find a protocol that works.
Page 77 HomeSafe User’s Guide Table 4-4 SYSTEM : Time Setting LABEL Daylight Savings Select this option if you use daylight savings time. Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.
Page 78: Chapter 5 Lan Screens
LAN Overview Local Area Network (LAN) is a shared communication system to which many computers are attached. The LAN screens can help you configure a LAN DHCP server, manage IP addresses, and partition your physical network into logical networks. DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server.
Page 79: Any Ip
HomeSafe User’s Guide packets. When set to Both or Out Only, the HomeSafe will broadcast its routing table periodically. When set to Both or In Only, it will incorporate the RIP information that it receives; when set to None, it will not send any RIP packets and will ignore any RIP packets received. RIP Version controls the format and the broadcasting method of the RIP packets that the HomeSafe sends (it recognizes both formats when receiving).
Page 80: Figure 5-1 Any Ip Example Application
use the computer to access the Internet without changing the network settings, even when the IP addresses of the computer and the HomeSafe are not in the same subnet. Figure 5-1 Any IP Example Application The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the HomeSafe’s IP address.
Page 81: Configuring Ip
HomeSafe User’s Guide Configuring IP Click LAN to open the IP screen. The following table describes the fields in this screen. LABEL DHCP Server DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients (computers) to obtain TCP/IP configuration at startup from a server.
Page 82 LABEL First DNS Server Select From ISP if your ISP dynamically assigns DNS server information (and the Second DNS HomeSafe's WAN IP address). The field to the right displays the (read-only) DNS Server server IP address that the ISP assigns. Third DNS Server Select User-Defined if you have the IP address of a DNS server.
Page 83: Configuring Static Dhcp
HomeSafe User’s Guide LABEL Active Select this option to activate the Any-IP feature. This allows a computer to access the Internet without changing the network settings (such as IP address and subnet mask) of the computer, even when the IP addresses of the computer and the HomeSafe are not in the same subnet.
Page 84: Configuring Ip Alias
LABEL This is the index number of the Static IP table entry (row). MAC Address Type the MAC address (with colons) of a computer on your LAN. IP Address This field specifies the size, or count of the IP address pool. Apply Click Apply to save your changes back to the HomeSafe.
Page 85 HomeSafe User’s Guide LABEL RIP Direction RIP (Routing Information Protocol, RFC1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None.
Page 86: Chapter 6 Wireless Configuration And Roaming
HomeSafe User’s Guide Chapter 6 Wireless Configuration and Roaming This chapter discusses how to configure the Wireless and Roaming screens on the HomeSafe. Wireless LAN Overview This section introduces the wireless LAN(WLAN) and some basic scenarios. 6.1.1 IBSS An Independent Basic Service Set (IBSS), also called an Ad-hoc network, is the simplest WLAN configuration.
Page 87: Figure 6-2 Basic Service Set
HomeSafe User’s Guide Figure 6-2 Basic Service set 6.1.3 ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). An ESSID (ESS IDentification) uniquely identifies each ESS.
Page 88: Wireless Lan Basics
Wireless LAN Basics Refer also to the Wizard Setup chapter for more background information on Wireless LAN features, such as channels. 6.2.1 RTS/CTS A hidden node occurs when two stations are within range of the same access point, but are not within range of each other.
Page 89: Configuring Wireless
HomeSafe User’s Guide Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. 6.2.2 Fragmentation Threshold A Fragmentation Threshold is the maximum data fragment size (between 256 and 2432 bytes) that can be sent in the wireless network before the HomeSafe will fragment the packet into smaller data frames.
Page 90: Configuring Roaming
LABEL Enable Click the check box to activate wireless LAN. Wireless LAN ESSID (Extended Service Set IDentity) The ESSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same ESSID. Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN.
Page 91: Figure 6-6 Roaming Example
HomeSafe User’s Guide station may not be able to communicate with other wireless stations on the network and vice versa. The steps below describe the roaming process. As wireless station Y moves from the coverage area of access point P1 to that of access point P2, it scans and uses the signal of access point P2.
Page 92: Figure 6-7 Wlan : Roaming
The following table describes the labels in this screen. LABEL Active Select Yes from the drop-down list box to enable roaming on the HomeSafe if you have two or more HomeSafes on the same subnet. Port Enter the port number to communicate roaming information between APs. The port number must be the same on all APs.
Page 94: Chapter 7 Wireless Security
HomeSafe User’s Guide Chapter 7 Wireless Security This Chapter describes how to use the MAC Filter, 802.1x, Local User Database and RADIUS to configure wireless security on your HomeSafe. Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless stations, access points and the wired network.
Page 95: Figure 7-2 Wlan : Wireless : No Security
HomeSafe User’s Guide Figure 7-2 WLAN : Wireless : No Security The following table describes the labels in this screen. Table 7-1 WLAN : Wireless : No Security LABEL Security Choose from one of the security features listed in the drop-down box. No Security Static WEP WPA-PSK...
Page 96: Security Parameters Summary
Table 7-1 WLAN : Wireless : No Security LABEL Reset Click Reset to reload the previous configuration for this screen. Security Parameters Summary Refer to this table to see what other security parameters you should configure for each Authentication Method/ key management protocol type. You enter manual keys by first selecting 64-bit WEP or 128-bit WEP from the WEP Encryption field and then typing the keys (in ASCII or hexadecimal format) in the key text boxes.
Page 97: Figure 7-3 Wep Authentication Steps
HomeSafe User’s Guide Figure 7-3 WEP Authentication Steps Open system authentication involves an unencrypted two-message procedure. A wireless station sends an open system authentication request to the AP, which will then automatically accept and connect the wireless station to the network. In effect, open system is not authentication at all as any station can gain access to the network.
Page 98: Configuring Wep Encryption
Select Dynamic to have the HomeSafe automatically use short preamble when all wireless clients support it, otherwise the HomeSafe uses long preamble. The HomeSafe and the wireless stations MUST use the same preamble mode in order to communicate. Configuring WEP Encryption In order to configure and enable WEP encryption;...
Page 99: Introduction To Wpa
HomeSafe User’s Guide Table 7-3 WLAN : Wireless : Static WEP Encryption LABEL Key 1 to Key The WEP keys are used to encrypt data. Both the HomeSafe and the wireless stations must use the same WEP key for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
Page 100: Figure 7-5 Wpa - Psk Authentication
Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. TKIP regularly changes and rotates the encryption keys so that the same encryption key is never used twice.
Page 101: Configuring Wpa-Psk Authentication
HomeSafe User’s Guide Configuring WPA-PSK Authentication In order to configure and enable WPA-PSK Authentication; click the WIRELESS link under ADVANCED to display the Wireless screen. Select WPA-PSK from the Security list. Figure 7-6 WLAN : Wireless : WPA-PSK The following table describes the labels in this screen. Table 7-4 WLAN : Wireless : WPA-PSK LABEL Pre-Shared Key...
Page 102: Wireless Client Wpa Supplicants
Table 7-4 WLAN : Wireless : WPA-PSK LABEL WPA Group Key The WPA Group Key Update Timer is the rate at which the AP (if using WPA-PSK Update Timer key management) or RADIUS server (if using WPA key management) sends a new group key out to all clients.
Page 103: Configuring Wpa Authentication
HomeSafe User’s Guide generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients Figure 7-7 WPA with RADIUS Application Example Configuring WPA Authentication In order to configure and enable WPA Authentication; click the WIRELESS link under ADVANCED to display the Wireless screen.
Page 104: Overview
Table 7-5 WLAN : Wireless : WPA LABEL ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer (in order to stay connected. Enter a time interval between 10 and 9999 seconds. The seconds) default time interval is 1800 seconds (30 minutes). Idle Timeout The HomeSafe automatically disconnects a wireless station from the wired network after a period of inactivity.
Page 105: Dynamic Wep Key Exchange
HomeSafe User’s Guide 7.10 Dynamic WEP Key Exchange The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed.
Page 106: Configuring 802.1X And Static Wep Key Exchange
Table 7-6 WLAN : Wireless : 802.1x and Dynamic WEP LABEL ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer (in order to stay connected. Enter a time interval between 10 and 9999 seconds. The seconds) default time interval is 1800 seconds (30 minutes).
Page 107: Figure 7-10 Wlan : Wireless : 802.1X And Static Wep
HomeSafe User’s Guide Figure 7-10 WLAN : Wireless : 802.1x and Static WEP The following table describes the labels in this screen. Table 7-7 WLAN : Wireless : 802.1x and Static WEP LABEL Select 64-bit WEP or 128-bit WEP to enable data encryption. WEP Encryption Authentication This field is activated when you select 64-bit WEP or 128-bit WEP in the WEP...
Page 108 Table 7-7 WLAN : Wireless : 802.1x and Static WEP LABEL ReAuthentication Specify how often wireless stations have to reenter usernames and passwords in Timer (in order to stay connected. Enter a time interval between 10 and 9999 seconds. The seconds) default time interval is 1800 seconds (30 minutes).
Page 109: Configuring 802.1X
HomeSafe User’s Guide Table 7-7 WLAN : Wireless : 802.1x and Static WEP LABEL Reset Click Reset to reload the previous configuration for this screen. 7.13 Configuring 802.1x In order to configure and enable 802.1x; click the WIRELESS link under ADVANCED to display the Wireless screen.
Page 110: Mac Filter
Table 7-8 WLAN : Wireless: 802.1x LABEL Authentication The authentication database contains wireless station login information. The local Databases user database is the built-in database on the HomeSafe. The RADIUS is an external server. Use this drop-down list box to select which database the HomeSafe should use (first) to authenticate a wireless station.
Page 111: Figure 7-12 Wlan : Mac Address Filter
HomeSafe User’s Guide Figure 7-12 WLAN : MAC Address Filter The following table describes the labels in this menu. Table 7-9 WLAN : MAC Address Filter LABEL Active Select Yes from the drop down list box to enable MAC address filtering. Define the filter action for the list of MAC addresses in the MAC Address table.
Page 112: Introduction To Local User Database
HomeSafe User’s Guide 7.15 Introduction to Local User Database By storing user profiles locally on the HomeSafe, your HomeSafe is able to authenticate wireless users without interacting with a network RADIUS server. However, there is a limit on the number of users you may authenticate in this way.
Page 113: Introduction To Radius
HomeSafe User’s Guide Table 7-10 WLAN : Local User Database LABEL User Name Enter the username (up to 31 characters) for this user profile. Password Type a password (up to 31 characters) for this user profile. Note that as you type a password, the screen displays a (*) for each character you type.
Page 114: Configuring Radius
7.17.1 EAP Authentication Overview EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform authentication.
Page 115: Figure 7-15 Wlan : Radius
HomeSafe User’s Guide The following table describes the labels in this screen. LABEL Authentication Server Select Yes from the drop down list box to enable user authentication through an Active external authentication server. Server IP Address Enter the IP address of the external authentication server in dotted decimal notation.
Page 116 HomeSafe User’s Guide Table 7-11 WLAN : RADIUS LABEL DESCRIPTION Reset Click Reset to reload the previous configuration for this screen. Wireless Security 7-23...
Page 118: Chapter 8 Wan Screens
WAN Overview See the Wizard Setup chapter for more information on the fields in the WAN screens. TCP/IP Priority (Metric) The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1"...
Page 119: Configuring Wan Isp
HomeSafe User’s Guide LABEL The default WAN connection is "1' as your broadband connection via the WAN port should always be your preferred method of accessing the WAN. The default priority of Traffic the routes is WAN and then Traffic Redirect. Redirect Apply Click Apply to save your changes back to the HomeSafe.
Page 120 Table 8-2 WAN ISP : Ethernet Encapsulation LABEL Login Server This field only applies when you select Telia Login in the Service Type field. Type the domain name of the Telia login server, for example “login1.telia.com”. Relogin This field only applies when you select Telia Login in the Service Type field. The Every(min) Telia server logs the HomeSafe out if the HomeSafe does not log in periodically.
Page 121: Figure 8-3 Wan Isp : Pppoe Encapsulation
HomeSafe User’s Guide Figure 8-3 WAN ISP : PPPoE Encapsulation The following table describes the labels in this screen. Table 8-3 WAN ISP : PPPoE Encapsulation LABEL ISP Parameters for Internet Access Encapsulation The PPP over Ethernet choice is for a dial-up connection using PPPoE. The HomeSafe supports PPPoE (Point-to-Point Protocol over Ethernet).
Page 122: Figure 8-4 Wan Isp : Pptp Encapsulation
PPTP supports on-demand, multi-protocol and virtual private networking over public networks, such as the Internet. The screen shown next is for PPTP encapsulation. Figure 8-4 WAN ISP : PPTP Encapsulation The following table describes the labels in this screen. Table 8-4 WAN ISP : PPTP Encapsulation LABEL ISP Parameters for Internet Access Encapsulation...
Page 123: Configuring Wan Ip
HomeSafe User’s Guide Table 8-4 WAN ISP : PPTP Encapsulation LABEL My IP Subnet Mask Your HomeSafe will automatically calculate the subnet mask based on the IP address that you assign. Unless you are implementing subnetting, use the subnet mask computed by the HomeSafe. Server IP Address Type the IP address of the PPTP server.
Page 124 LABEL My WAN IP Enter your WAN IP address in this field if you selected Use Fixed IP Address. Address My WAN IP Subnet Type your network's IP subnet Mask. Mask (Ethernet only) Remote IP Address Enter the Remote IP Address (if your ISP gave you one) in this field. Gateway/Remote Enter the gateway IP address (if your ISP gave you one) in this field if you IP Address...
Page 125: Configuring Wan Mac
HomeSafe User’s Guide LABEL RIP Version The RIP Version field controls the format and the broadcasting method of the RIP packets that the HomeSafe sends (it recognizes both formats when receiving). Choose RIP-1, RIP-2B or RIP-2M. RIP-1 is universally supported; but RIP-2 carries more information. RIP-1 is probably adequate for most networks, unless you have an unusual network topology.
Page 126: Traffic Redirect
HomeSafe User’s Guide The MAC address screen allows users to configure the WAN port's MAC address by either using the factory default or cloning the MAC address from a computer on your LAN. Choose Factory Default to select the factory assigned default MAC Address. Otherwise, click Spoof this computer's MAC address - IP Address and enter the IP address of the computer on the LAN whose MAC you are cloning.
Page 127: Configuring Traffic Redirect
HomeSafe User’s Guide Configuring Traffic Redirect To change your HomeSafe’s Traffic Redirect settings, click WAN, then the Traffic Redirect tab. The screen appears as shown. The following table describes the labels in this screen. LABEL Active Select this check box to have the HomeSafe use traffic redirect if the normal WAN connection goes down.
Page 128 LABEL Apply Click Apply to save your changes back to the HomeSafe. Reset Click Reset to begin configuring this screen afresh. Table 8-6 WAN : Traffic Redirect DESCRIPTION HomeSafe User’s Guide 8-11...
Page 129: Sua/Nat And Static Route
SUA/NAT and Static Route SUA/NAT and Static Route This part covers Network Address Translation and setting up static routes.
Page 131: Chapter 9 Network Address Translation (Nat) Screens
Network Address Translation (NAT) This chapter discusses how to configure NAT on the HomeSafe. NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet. For example, the source address of an outgoing packet, used within one network is changed to a different IP address known within another network.
Page 132: Figure 9-1 How Nat Works
HomeSafe User’s Guide (for Many-to-One and Many-to-Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your HomeSafe filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
Page 133: Figure 9-2 Nat Application With Ip Alias
Figure 9-2 NAT Application With IP Alias 9.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: One to One: In One-to-One mode, the HomeSafe maps one local IP address to one global IP address. Many to One: In Many-to-One mode, the HomeSafe maps multiple local IP addresses to one global IP address.
Page 134: Using Nat
HomeSafe User’s Guide TYPE One-to-One Many-to-One (SUA/PAT) Many-to-Many Overload Many One-to-One Server Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the HomeSafe. 9.2.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 135: Table 9-3 Services And Port Numbers
Default Server IP Address In addition to the servers for specified services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP Address, the HomeSafe discards all packets received for ports that are not specified in this screen or remote management.
Page 136: Configuring Sua Server
HomeSafe User’s Guide 9.3.2 Configuring Servers Behind SUA (Example) Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Page 137: Configuring Address Mapping
The following table describes the labels in this screen. LABEL Default Server In addition to the servers for specified services, NAT supports a default server. A default server receives packets from ports that are not specified in this screen. If you do not assign a Default Server IP Address, the HomeSafe discards all packets received for ports that are not specified in this screen or remote management.
Page 138: Figure 9-5 Address Mapping
HomeSafe User’s Guide set summary screen, the new rule will be rule 7, not 9. Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so old rules 5, 6 and 7 become new rules 4, 5 and 6. To change your HomeSafe’s Address Mapping settings, click SUA/NAT, then the Address Mapping tab.
Page 139: Trigger Port Forwarding
Configuring Address Mapping To edit an address mapping rule, select the radio button of a rule and click the Edit button to display the screen shown next. Figure 9-6 Address Mapping Edit The following table describes the labels in this screen. Table 9-6 Address Mapping Edit LABEL Type...
Page 140: Configuring Trigger Port Forwarding
HomeSafe User’s Guide service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address, Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically...
Page 141: Figure 9-8 Trigger Port
Only one LAN computer can use a trigger port (range) at a time. The following table describes the labels in this screen. LABEL This is the rule index number (read-only). Name Type a unique name (up to 15 characters) for identification purposes. All characters are permitted - including spaces.
Page 143: Chapter 10 Static Route Screens
HomeSafe User’s Guide Chapter 10 Static Route Screens This chapter shows you how to configure static routes for your HomeSafe. 10.1 Static Route Overview Each remote node specifies only the network to which the gateway is directly connected, and the HomeSafe has no knowledge of the networks beyond.
Page 144: Figure 10-3 Static Route: Edit
HomeSafe User’s Guide LABEL Number of an individual static route. Name Name that describes or identifies this route. This field shows whether this static route is active (Yes) or not (No). Active Destination This parameter specifies the IP network address of the final destination. Routing is always based on network number.
Page 145 LABEL Metric Metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15.
Page 146: Upnp, Parental Control And Firewall
UPnP, Parental Control and Firewall UPnP, Parental Control and Firewall This part provides information and configuration instructions for configuration of Universal Plug and Play, parental control, firewall and content filtering.
Page 147: Chapter 11 Upnp
11.1 Universal Plug and Play Overview Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 148: Configuring Upnp
HomeSafe User’s Guide Gateway Device). At the time of writing ZyXEL's UPnP implementation supports Windows Messenger 4.6 and 4.7 while Windows Messenger 5.0 and Xbox are still being tested. UPnP broadcasts are only allowed on the LAN. Please see later in this User’s Guide for examples of installing UPnP in Windows XP and Windows Me as well as an example of using UPnP in Windows.
Page 149: Installing Upnp In Windows Me
11.4.1 Installing UPnP in Windows Me Follow the steps below to install UPnP in Windows Me. Step 1. Click Start and Control Panel. Double-click Add/Remove Programs. Step 2. Click on the Windows Setup tab and select Communication in the Components selection box. Click Details.
Page 150: Using Upnp In Windows Xp Example
HomeSafe User’s Guide Step 4. Select Networking Service in the Components selection box and click Details. Step 5. In the Networking Services window, select the Universal Plug and Play check box. Step 6. Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Page 151 Step 3. In the Internet Connection Properties window, click Settings to see the port mappings that were automatically created. When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Step 5. Select the Show icon in notification area when connected check box and click OK.
Page 152: Web Configurator Easy Access
HomeSafe User’s Guide Step 6. Double-click the icon to display your current Internet connection status. 11.5.2 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL device without finding out the IP address of the ZyXEL device first. This is helpful if you do not know the IP address of the ZyXEL device.
Page 153 Step 6. Right-click the icon for your ZyXEL device and select Properties. A properties window displays with basic information about the ZyXEL device. UPnP HomeSafe User’s Guide 11-7...
Page 155: Chapter 12 Parental Control
This chapter gives some background information on parental control and explains how to 12.1 Parental Control Overview Parental Control lets a parent (LAN administrator) control a child’s (LAN user) Internet access privileges by blocking services that you specify. The parent can create a login name and password for each person (user) on the network.
Page 156: Parental Control Application
HomeSafe User’s Guide Figure 12-2 User Status Window You can start browsing the web from the current window, or use the link on the top of the box to open a new web browser. If you close or navigate away from the status screen, you can redisplay the status screen by typing status into the address bar on your web browser and hitting enter.
Page 157: Configuring Parental Control
HomeSafe User’s Guide Internet Figure 12-3 HomeSafe Parental Control Wireless Gateway Application 12.4 Configuring Parental Control From the MAIN MENU, click PARENTAL CONTROL to open the configuration screen. Parental Control 12-3...
Page 158: Table 12-1 Parental Control
HomeSafe User’s Guide The following table describes the labels in this screen. LABEL Enable Select the check box to allow the parent (LAN administrator) to have control over a child’s Parental (LAN user’s) Internet access. Control Idle Timeout Type the time in minutes that elapses before the connection automatically terminates the Internet session.
Page 159 LABEL Select from the drop-down list box a category of web pages that you want to have access Group control over Kids Young Teen Mature Teen Adult These groups are used in conjunction with content filtering to decide which web pages cannot be accessed by the user.
Page 160: Parental Control Group Edit Filter
HomeSafe User’s Guide LABEL Reset Click Reset to start configuring this screen again. 12.5 Parental Control Group Edit Filter The HomeSafe content filtering allows you to block services and block web sites by URL keywords that you specify, for example, you can block access to all web sites with the word “bad”...
Page 161: Parental Control Group Edit Configuration
The HomeSafe either blocks or forwards the request based on the services you select in the Available Services field in the Parental Control Activation Blocking screen. Checking Content Filtering Activation After you register for content filtering, the browser displays a registration successful web page. This does not mean the content filtering is active yet.
Page 162: Table 12-3 Parental Control : Filter
HomeSafe User’s Guide Figure 12-6 Parental Control : Filter The following table describes the labels in this screen. Table 12-3 Parental Control : Filter LABEL Pre-defined Web Content Enable Pre-defined Web Content Categories to have the HomeSafe Categories check an external database to find to which category a requested web page belongs.
Page 163 HomeSafe User’s Guide Table 12-3 Parental Control : Filter LABEL DESCRIPTION Sex Education Selecting this category excludes pages that provide graphic information (sometimes graphic) on reproduction, sexual development, safe sex practices, sexuality, birth control, and sexual development. It also includes pages that offer tips for better sex as well as products used for sexual enhancement.
Page 164 HomeSafe User’s Guide Table 12-3 Parental Control : Filter LABEL Business/Economy Selecting this category excludes pages devoted to business firms, business information, economics, marketing, business management and entrepreneurship. This does not include pages that perform services that are defined in another category (such as Information Technology companies, or companies that sell travel services).
Page 165 Table 12-3 Parental Control : Filter LABEL Computers/Internet Selecting this category excludes pages that sponsor or provide information on computers, technology, the Internet and technology-related organizations and companies. Hacking/Proxy Avoidance Pages providing information on illegal or questionable access to or the use of communications equipment/software, or provide information on how to bypass proxy server features or gain access to URLs in any way that bypasses the proxy server.
Page 166 HomeSafe User’s Guide Table 12-3 Parental Control : Filter LABEL Gay/Lesbian Selecting this category excludes pages that provide information, promote, or cater to gay and lesbian lifestyles. This does not include pages that are sexually oriented. Restaurants/Dining/Food Selecting this category excludes pages that list, review, discuss, advertise and promote food, catering, dining services, cooking and recipes.
Page 167: Customizing Keyword Blocking Url Checking
Table 12-3 Parental Control : Filter LABEL Clear All Click Clear All to empty the keyword list. Keyword Type a keyword in the Keyword field and click then Add Keyword to add a keyword to the list of keywords. The list of keywords that will be inaccessible to computers on your LAN once you enable URL keyword blocking.
Page 168: Table 12-4 Services
HomeSafe User’s Guide type (TCP, UDP, or ICMP). The second field indicates the IP port number that defines the service. (Note that there may be more than one IP protocol type. For example, look at the default configuration labeled “(DNS)”. (UDP/TCP:53) SERVICE AIM/New-ICQ(TCP:5190)
Page 169 SERVICE POP3(TCP:110) Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other). PPTP(TCP:1723) Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel. PPTP_TUNNEL(GRE:0) Point-to-Point Tunneling Protocol enables secure transfer of data over public networks.
Page 170: Table 12-5 Parental Control : Edit
HomeSafe User’s Guide Figure 12-7 Parental Control : Edit The following table describes the labels in this screen. Table 12-5 Parental Control : Edit LABEL Username Type a name to identify this user. Password Type a password. This password is used each time you log in to access the Internet. 12-16 DESCRIPTION Parental Control...
Page 171 Table 12-5 Parental Control : Edit LABEL Select a group from the drop down list box. The category of web pages to block are Groups grouped as one of the following Kids Young Teen Mature Teen Adult These groups are used in conjunction with content filtering to decide which web pages, cannot be accessed by the user.
Page 172: Parental Control Bypass List
HomeSafe User’s Guide Table 12-5 Parental Control : Edit LABEL Edit Customized A Customized Service is a service that is not available in the pre-defined Available Services Services list and you must define using the next two fields. Type Services are either TCP and/or UDP. Select from either TCP or UDP. Port Number Enter a port number or a range of port numbers to define the service.
Page 173 Table 12-6 Parental Control : Bypass List LABEL Name Type a name to identify a device on your LAN. MAC Address Type the MAC address (with colons) of a device on your LAN. Apply Click Apply to save your changes back to the HomeSafe. Reset Click Reset to begin configuring this screen afresh.
Page 175: Chapter 13 Firewall
This chapter gives some background information on firewalls and explains how to get 13.1 Introduction What is a Firewall? Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term "firewall" is a system or group of systems that enforces an access-control policy between two networks.
Page 176: Firewall Settings Screen
HomeSafe User’s Guide 4. Don't enable any local service (such as SNMP or NTP) that you don't use. Any enabled service could present a potential security risk. A determined hacker might be able to find creative ways to misuse the enabled services to access the firewall or the network.
Page 177: The Firewall, Nat And Remote Management
LABEL Packets to Log Choose what LAN to WAN packets to log. Choose from: No Log Log Blocked (blocked LAN to WAN services appear in the Blocked Services textbox in the Services screen (with Enable Services Blocking selected)) Log All (log all LAN to WAN packets) WAN to LAN To log packets related to firewall rules, make sure that Access Control under Log is selected in the Logs, Log Settings screen.
Page 178: Services
HomeSafe User’s Guide LAN-to-LAN/HomeSafe means the LAN to the HomeSafe LAN interface. This is always allowed, as this is how you manage the HomeSafe from your local computer. 13.3.2 WAN-to-LAN rules WAN-to-LAN rules are Internet to your local network firewall rules. The default is to block all traffic from the Internet to your local network.
Page 179: Figure 13-3 Firewall: Service
The following table describes the labels in this screen. LABEL Enable Services Select this check box to enable this feature. Blocking Available Service This is a list of pre-defined services (ports) you may prohibit your LAN computers from using. Select the port you want to block using the drop-down list and click Add to add the port to the Blocked Service field.
Page 180 HomeSafe User’s Guide LABEL Clear All Click Clear All to empty the Blocked Service. Day to Block: Select a check box to configure which days of the week (or everyday) you want the content filtering to be active. Time of Day to Select the time of day you want service blocking to take effect.
Page 181: Remote Management
Remote Management Remote Management This part provides information and configuration instructions for configuration of remote management.
Page 183: Chapter 14 Remote Management Screens
Remote Management Screens This chapter provides information on the Remote Management screens. 14.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which HomeSafe interface (if any) from which computers. When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 184: Configuring Www
HomeSafe User’s Guide 3. The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the HomeSafe will disconnect the session immediately. 4. There is already another remote management session with an equal or higher priority running.
Page 185: Configuring Telnet
Table 14-1 Remote Management : WWW LABEL Server Access Select the interface(s) through which a computer may access the HomeSafe using this service. Secured Client A secured client is a “trusted” computer that is allowed to communicate with the IP Address HomeSafe using this service.
Page 186: Configuring Ftp
HomeSafe User’s Guide Figure 14-3 Remote Management : Telnet The following table describes the labels in this screen. Table 14-2 Remote Management : Telnet LABEL Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 187: Snmp
Figure 14-4 Remote Management : FTP The following table describes the labels in this screen. Table 14-3 Remote Management : FTP LABEL Server Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Server Access Select the interface(s) through which a computer may access the HomeSafe using this service.
Page 188: Figure 14-5 Snmp Management Model
HomeSafe User’s Guide SNMP is only available if TCP/IP is configured. Figure 14-5 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the HomeSafe). An agent translates the local management information from the managed device into a form compatible with SNMP.
Page 189: Table 14-4 Snmp Traps
14.6.1 Supported MIBs The HomeSafe supports MIB II that is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. 14.6.2 SNMP Traps The HomeSafe will send traps to the SNMP manager when any one of the following events occurs: TRAP # TRAP NAME...
Page 190: Figure 14-6 Remote Management : Snmp
HomeSafe User’s Guide Figure 14-6 Remote Management : SNMP The following table describes the labels in this screen. Table 14-5 Remote Management : SNMP LABEL SNMP Configuration Get Community Enter the Get Community, which is the password for the incoming Get and GetNext requests from the management station.
Page 191: Configuring Dns
Table 14-5 Remote Management : SNMP LABEL Service Access Select the interface(s) through which a computer may access the HomeSafe using this service. Secured Client A secured client is a “trusted” computer that is allowed to communicate with the IP Address HomeSafe using this service.
Page 192: Configuring Security
HomeSafe User’s Guide 14.8 Configuring Security To change your HomeSafe’s security settings, click REMOTE MGMT, then the Security tab. The screen appears as shown. If an outside user attempts to probe an unsupported port on your HomeSafe, an ICMP response packet is automatically returned.
Page 193 Table 14-7 Remote Management : Security LABEL Apply Click Apply to save your customized settings and exit this screen. Reset Click Reset to begin configuring this screen afresh. Remote Management Screens HomeSafe User’s Guide DESCRIPTION 14-11...
Page 195 HomeSafe User’s Guide VPN Screens 14-1...
Page 196: Logs And Maintenance
Logs and Maintenance Logs and Maintenance This part covers the centralized logs and maintenance screens.
Page 197: Chapter 15 Centralized Logs
This chapter contains information about configuring general log settings and viewing the HomeSafe’s logs. Refer to the appendices for example log message explanations. 15.1 View Log The web configurator allows you to look at all of the HomeSafe’s logs in one location. Click the LOGS in the navigation panel to open the View Log screen.
Page 198: Log Settings
HomeSafe User’s Guide LABEL Destination This field lists the destination IP address and the port number of the incoming packet. Note This field displays additional information about the log entry. Email Log Now Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page (make sure that you have first filled in the Address Info fields in Log Settings, see section 15.2).
Page 199: Figure 15-2 Log Settings
The following table describes the labels in this screen. LABEL Address Info Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via e- mail.
Page 200 HomeSafe User’s Guide LABEL Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the HomeSafe sends. Not all HomeSafe models have this field. Send Log To The HomeSafe sends logs to the e-mail address specified in this field. If this field is left blank, the HomeSafe does not send logs via e-mail.
Page 201: Chapter 16 Maintenance
This chapter displays system information such as ZyNOS firmware, port IP addresses 16.1 Maintenance Overview The maintenance screens can help you view system information, upload new firmware, manage configuration and restart your HomeSafe. 16.2 Status Screen Click MAINTENANCE to open the Status screen, which you can use to monitor your HomeSafe.
Page 202: Figure 16-2 Maintenance : System Statistics
HomeSafe User’s Guide Table 16-1 Maintenance : Status LABEL IP Subnet Mask This is the WAN port subnet mask. DHCP This is the WAN port DHCP role - Client or None. LAN Port IP Address This is the LAN port IP address. IP Subnet Mask This is the LAN port subnet mask.
Page 203: Dhcp Table Screen
Table 16-2 Maintenance : System Statistics LABEL Poll Interval(s) Enter the time interval for refreshing statistics in this field. Set Interval Click this button to apply the new poll interval you entered in the Poll Interval(s) field. Stop Click Stop to stop refreshing statistics, click Stop. 16.3 DHCP Table Screen DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server.
Page 204: Any Ip Table
HomeSafe User’s Guide 16.4 Any IP Table Click MAINTENANCE, Any IP Table. The Any IP table shows current read-only information (including the IP address and the MAC address) of all network devices that use the Any IP feature to communicate with the HomeSafe. Figure 16-4 Maintenance : Any IP The following table describes the labels in this screen.
Page 205: F/W Upload Screen
Table 16-5 Maintenance : Association List LABEL Association Time This field displays the time a wireless station first associated with the HomeSafe. Refresh Click Refresh to redisplay the current screen. 16.6 F/W Upload Screen Find firmware at www.zyxel.com "*.bin" extension, e.g., "HomeSafe.bin". The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes.
Page 206: Configuration Screen
HomeSafe User’s Guide Figure 16-7 Upload Warning The HomeSafe automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 16-8 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the System Status screen.
Page 207: Figure 16-10 Maintenance : Configuration
Figure 16-10 Maintenance : Configuration 16.7.1 Backup Configuration Backup configuration allows you to back up (save) the HomeSafe’s current configuration to a file on your computer. Once your HomeSafe is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Page 208: Figure 16-11 Configuration : Restore Successful
HomeSafe User’s Guide Figure 16-11 Configuration : Restore Successful The HomeSafe automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 16-12 Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default HomeSafe IP address (192.168.1.1).
Page 209: Restart Screen
HomeSafe User’s Guide Figure 16-14 Factory Defaults You can also press the RESET button on the rear panel to reset the factory defaults of your HomeSafe. Refer to the Hardware Installation chapter for more information on the RESET button. 16.8 Restart Screen System restart allows you to reboot the HomeSafe without turning the power off.
Page 210: Smt General Configuration
SMT General Configuration SMT General Configuration This part covers System Management Terminal configuration for general setup, WAN setup, LAN setup, WLAN setup, Internet access, remote node, static route, NAT and enabling the firewall. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
Page 212: Chapter 17 Introducing The Smt
This chapter explains how to access and navigate the System Management Terminal 17.1 SMT Introduction The HomeSafe’s SMT (System Management Terminal) is a menu-driven interface that you can access from a terminal emulator through the console port or over a telnet connection. This chapter shows you how to access the SMT (System Management Terminal) menus via console port, how to navigate the SMT and how to configure SMT menus.
Page 213: Navigating The Smt Interface
HomeSafe User’s Guide Figure 17-2 SMT Menu Overview 17.2 Navigating the SMT Interface The SMT (System Management Terminal) is the interface that you use to configure your HomeSafe. Several operations that you should be familiar with before you attempt to modify the configuration are listed in the table below.
Page 214: Figure 17-3 Smt Main Menu
Exit the SMT Type 99, then press [ENTER]. After you enter the password, the SMT displays the main menu, as shown next. Copyright (c) 1994 - 2004 ZyXEL Communications Corp. Getting Started 1. General Setup 2. WAN Setup 3. LAN Setup 4.
Page 215: Changing The System Password
HomeSafe User’s Guide MENU TITLE Dial-in User Setup NAT Setup Filter and Firewall Setup SNMP Configuration System Security System Maintenance Schedule Setup Exit 17.3 Changing the System Password Change the HomeSafe default password by following the steps shown next. Step 1. Enter 23 in the main menu to display Menu 23 - System Security as shown next.
Page 216: Chapter 18 Menu 1 General Setup
Menu 1 - General Setup contains administrative and system-related information. 18.1 General Setup Menu 1 — General Setup contains administrative and system-related information (shown next). The System Name field is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". •...
Page 217: Procedure To Configure Dynamic Dns
HomeSafe User’s Guide Table 18-1 Menu 1 General Setup FIELD Domain Name Enter the domain name (if you know it) here. If you leave this field blank, the ISP may assign a domain name via DHCP. You can go to menu 24.8 and type "sys domain name"...
Page 218: Figure 18-2 Menu 1.1 Configure Dynamic Dns
Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No DDNS Type= DynamicDNS Host Name 1= Host Name 2= Host Name 3= Username= Password= ******** Enable Wildcard Option= No Enable Off Line Option= N/A IP Address Update Policy: DDNS Server Auto Detect IP Address= No Use Specified IP Address= No Use IP Address= N/A Press Space Bar to Toggle.
Page 219 HomeSafe User’s Guide Table 18-2 Menu 1.1 Configure Dynamic DNS FIELD IP Address Update Policy: You can select Yes in either the Use Server Detected IP field (recommended) or the User Specified IP Addr field, but not both. With the Use Server Detected IP and User Specified IP Addr fields both set to No, the DDNS server automatically updates the IP address of the host name(s) with the HomeSafe’s WAN IP address.
Page 220: Chapter 19 Menu 2 Wan Setup
19.1 Introduction to WAN This chapter explains how to configure settings for your WAN port. 19.2 WAN Setup From the main menu, enter 2 to open menu 2. The following table describes the fields in this menu. FIELD MAC Address Assigned By Press [SPACE BAR] and then [ENTER] to choose one of two methods to assign a MAC Address.
Page 222: Chapter 20 Menu 3 Lan Setup
This chapter covers how to configure your wired Local Area Network (LAN) settings. 20.1 LAN Setup This section describes how to configure the Ethernet using Menu 3 — LAN Setup. From the main menu, enter 3 to display menu 3. 20.1.1 General Ethernet Setup This menu allows you to specify filter set(s) that you wish to apply to the Ethernet traffic.
Page 223: Figure 20-3 Menu 3.2 Tcp/Ip And Dhcp Ethernet Setup
HomeSafe User’s Guide First address in the IP pool DHCP= Server Client IP Pool: Starting Address= 192.168.1.33 Size of Client IP Pool= 32 First DNS Server= From ISP IP Address= N/A Second DNS Server= From ISP IP Address= N/A Third DNS Server= DNS Relay IP Address= N/A DHCP Server Address= N/A Figure 20-3 Menu 3.2 TCP/IP and DHCP Ethernet Setup...
Page 224: Table 20-2 Menu 3.2: Lan Tcp/Ip Setup Fields
Table 20-1 Menu 3.2: DHCP Ethernet Setup Fields FIELD First DNS Server The HomeSafe passes a DNS (Domain Name System) server IP address (in the order you specify here) to the DHCP clients. Second DNS Select From ISP if your ISP dynamically assigns DNS server Server information (and the HomeSafe's WAN IP address).
Page 225: Figure 20-4 Physical Network & Partitioned Logical Networks
HomeSafe User’s Guide Table 20-2 Menu 3.2: LAN TCP/IP Setup Fields FIELD Edit IP Alias The HomeSafe supports three logical LAN interfaces via its single physical Ethernet interface with the HomeSafe itself as the gateway for each LAN network. Press [SPACE BAR] to select Yes and then press [ENTER] to display menu 3.2.1 When you have completed this menu, press [ENTER] at the prompt [Press ENTER to Confirm…] to save your configuration, or press [ESC] at any time to cancel.
Page 226: Wireless Lan Setup
Table 20-3 Menu 3.2.1: IP Alias Setup FIELD IP Alias 1, 2 Choose Yes to configure the LAN network for the HomeSafe. IP Address Enter the IP address of your HomeSafe in dotted decimal notation. IP Subnet Mask Your HomeSafe will automatically calculate the subnet mask based on the IP address that you assign.
Page 227 HomeSafe User’s Guide Table 20-4 Menu 3.5 Wireless LAN Setup FIELD AP must have the same ESSID. Enter a descriptive name of up to 32 printable 7-bit ASCII characters. Press [SPACE BAR] and select Yes to hide the ESSID in the Hide ESSID outgoing data frame so an intruder cannot obtain the ESSID through passive scanning.
Page 228: Figure 20-7 Menu 3.5 Wireless Lan Setup
Table 20-4 Menu 3.5 Wireless LAN Setup FIELD 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the HomeSafe. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the HomeSafe. Select Mixed to allow either IEEE802.11b or IEEE802.11g compliant WLAN devices to associate with the HomeSafe.
Page 229: Figure 20-8 Menu 3.5.1 Wlan Mac Address Filter
HomeSafe User’s Guide Menu 3.5.1 - WLAN MAC Address Filter Figure 20-8 Menu 3.5.1 WLAN MAC Address Filter The following table describes the fields in this menu. Table 20-5 Menu 3.5.1 WLAN MAC Address Filter FIELD Active To enable MAC address filtering, press [SPACE BAR] to select Yes and press [ENTER]. Filter Action Define the filter action for the list of MAC addresses in the MAC address filter table.
Page 230: Figure 20-9 Menu 3.5 Wireless Lan Setup
Menu 3.5 - Wireless LAN Setup ESSID= ZyXEL Hide ESSID= No Channel ID= CH06 2437MHz RTS Threshold= 2432 Frag. Threshold= 2432 WEP Encryption= Disable Default Key= N/A Key1= N/A Key2= N/A Key3= N/A Key4= N/A Authen. Method= N/A Press ENTER to Confirm or ESC to Cancel: Figure 20-9 Menu 3.5 Wireless LAN Setup Step 3.
Page 232: Chapter 21 Internet Access
This chapter shows you how to configure your HomeSafe for Internet access 21.1 Introduction to Internet Access Setup Use information from your ISP along with the instructions in this chapter to set up your HomeSafe to access the Internet. There are three different menu 4 screens depending on whether you chose Ethernet, PPTP or PPPoE Encapsulation.
Page 233: Configuring The Pptp Client
HomeSafe User’s Guide Table 21-1 Menu 4: Internet Access Setup (Ethernet) FIELD Retype to Confirm Enter your password again to make sure that you have entered is correctly. Login Server The HomeSafe will find the RoadRunner Server IP if this field is left blank. If it does not, then you must enter the authentication server IP address.
Page 234: Configuring The Pppoe Client
ISP's Name= MyISP Encapsulation= PPTP IP Address Assignment= Dynamic Network Address Translation= SUA Only Figure 21-2 Internet Access Setup (PPTP) The following table contains instructions about the new fields when you choose PPTP in the Encapsulation field in menu 4. Table 21-2 New Fields in Menu 4 (PPTP) Screen FIELD Press [SPACE BAR] and then press [ENTER] to choose PPTP.
Page 235: Basic Setup Complete
HomeSafe User’s Guide Table 21-3 New Fields in Menu 4 (PPPoE) screen FIELD Idle Timeout This value specifies the time in seconds that elapses before the HomeSafe automatically disconnects from the PPPoE server. If you need a PPPoE service name to identify and reach the PPPoE server, please go to menu 11 and enter the PPPoE service name provided to you in the Service Name field.
Page 236: Chapter 22 Remote Node Configuration
Remote Node Configuration 22.1 Introduction to Remote Node Setup A remote node is required for placing calls to a remote gateway. A remote node represents both the remote gateway and the network behind it across a WAN connection. Note that when you use menu 4 to set up Internet access, you are actually configuring a remote node.
Page 237: Table 22-1 Menu 11.1 Remote Node Profile For Ethernet Encapsulation
HomeSafe User’s Guide Table 22-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation FIELD Rem Node Name Enter a descriptive name for the remote node. This field can be up to eight characters. Active Press [SPACE BAR] and then [ENTER] to select Yes (activate remote node) or No (deactivate remote node).
Page 238: Figure 22-2 Menu 11.1 Remote Node Profile For Pppoe Encapsulation
Table 22-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation FIELD Once you have configured this menu, press [ENTER] at the message “Press ENTER to Confirm...” to save your configuration, or press [ESC] at any time to cancel. 22.2.2 PPPoE Encapsulation The HomeSafe supports PPPoE (Point-to-Point Protocol over Ethernet).
Page 239: Figure 22-3 Menu 11.1 Remote Node Profile For Pptp Encapsulation
HomeSafe User’s Guide Table 22-2 Fields in Menu 11.1 (PPPoE Encapsulation Specific) FIELD Service Name If you are using PPPoE encapsulation, then type the name of your PPPoE service here. Only valid with PPPoE encapsulation. Authen This field sets the authentication protocol used for outgoing calls. Options for this field are: CHAP/PAP - Your HomeSafe will accept either CHAP or PAP when requested by this remote node.
Page 240: Edit Ip
Table 22-3 Menu 11.1 Remote Node Profile for PPTP Encapsulation FIELD Encapsulation Press [SPACE BAR] and then [ENTER] to select PPTP. You must also go to menu 11.3 to check the IP Address setting once you have selected the encapsulation method. My IP Addr Enter the IP address of the WAN Ethernet port.
Page 241: Remote Node Filter
HomeSafe User’s Guide Table 22-4 Remote Node Network Layer Options FIELD My WAN Addr This field is applicable to PPPoE and PPTP encapsulations only. Some implementations, especially the UNIX derivatives, require the WAN link to have a separate IP network number from the LAN and each end must have a unique address within the WAN network number.
Page 242: Figure 22-5 Menu 11.5: Remote Node Filter (Ethernet Encapsulation)
Use menu 11.5 to specify the filter set(s) to apply to the incoming and outgoing traffic between this remote node and the HomeSafe to prevent certain packets from triggering calls. You can specify up to 4 filter sets separated by commas, for example, 1, 5, 9, 12, in each filter field. Note that spaces are accepted in this field.
Page 243: Table 22-5 Menu 11.6: Traffic Redirect Setup
HomeSafe User’s Guide Table 22-5 Menu 11.6: Traffic Redirect Setup FIELD Active Press [SPACE BAR] and select Yes (to enable) or No (to disable) traffic redirect setup. The default is No. Configuration: Backup Enter the IP address of your backup gateway in dotted decimal notation. Gateway IP The HomeSafe automatically forwards traffic to this IP address if the Address...
Page 244: Chapter 23 Static Route Setup
23.1 IP Static Route Setup Step 1. To configure an IP static route, use Menu 12 – Static Routing Setup (shown next). Menu 12 - IP Static Route Setup Enter selection number: Figure 23-1 Menu 12 IP Static Route Setup Step 2.
Page 245 HomeSafe User’s Guide Table 23-1 Menu12.1 Edit IP Static Route FIELD IP Subnet Mask Type the subnet mask for this destination. Follow the discussion on IP Subnet Mask in this manual. Gateway IP Address Type the IP address of the gateway. The gateway is an immediate neighbor of your HomeSafe that will forward the packet to the destination.
Page 246: Chapter 24 Dial-In User Setup
This chapter shows you how to create user accounts on the HomeSafe. 24.1 Dial-in User Setup By storing user profiles locally, your HomeSafe is able to authenticate wireless users without interacting with a network RADIUS server. Follow the steps below to set up user profiles on your HomeSafe. Step 1.
Page 248: Chapter 25 Network Address Translation (Nat)
Network Address Translation (NAT) This chapter discusses how to configure NAT on the HomeSafe. 25.1 Using NAT You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the HomeSafe. 25.1.1 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 249: Nat Setup
HomeSafe User’s Guide Move the cursor to the Edit IP field, press [SPACE BAR] to select Yes and then press Step 3. [ENTER] to bring up Menu 11.3 - Remote Node Network Layer Options. Menu 11.3 - Remote Node Network Layer Options IP Address Assignment= Dynamic IP Address= N/A IP Subnet Mask= N/A...
Page 250: Figure 25-4 Menu 15.1 Address Mapping Sets
25.3.1 Address Mapping Sets Enter 1 to bring up Menu 15.1 — Address Mapping Sets. 1. NAT_SET 255. SUA (read only) Figure 25-4 Menu 15.1 Address Mapping Sets SUA Address Mapping Set Enter 255 to display the next screen (see also section 25.1.1). The fields in this menu cannot be changed.
Page 251: Figure 25-6 Menu 15.1.1 First Set
HomeSafe User’s Guide Table 25-2 SUA Address Mapping Rules FIELD Type These are the mapping types. Server allows us to specify multiple servers of different types behind NAT to this machine. See later for some examples. When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel”...
Page 252: Figure 25-7 Menu 15.1.1.1 Editing/Configuring An Individual Rule In A Set
Table 25-3 Menu 15.1.1 First Set FIELD Set Name Enter a name for this set of rules. This is a required field. If this field is left blank, the entire set will be deleted. The default is Edit. Edit means you want to edit a selected rule (see Action following field).
Page 253: Configuring A Server Behind Nat
HomeSafe User’s Guide Table 25-4 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set FIELD Server. Start This is the starting local IP address (ILA). This is the ending local IP address (ILA). If the rule is for all local IPs, then put the Start IP as 0.0.0.0 and the End IP as 255.255.255.255.
Page 254: General Nat Examples
Figure 25-9 Multiple Servers Behind NAT Example 25.5 General NAT Examples The following are some examples of NAT configuration. 25.5.1 Example 1: Internet Access Only In the following Internet access example, you only need one rule where the ILAs (Inside Local Addresses) of computers A through D map to one dynamic IGA (Inside Global Address) assigned by your ISP.
Page 255: Figure 25-13 Menu 15.2.1 Specifying An Inside Server
HomeSafe User’s Guide 25.5.2 Example 2: Internet Access with an Inside Server The dynamic Inside Global Address is assigned by the ISP. In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure. Rule Start Port No.
Page 256 In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Step 1. Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) in Figure 25-15.
Page 257 HomeSafe User’s Guide Menu 15.1.1.1 Address Mapping Rule Type= One-to-One Local IP: Start= 192.168.1.10 Global IP: Start= 10.132.50.1 Press ENTER to Confirm or ESC to Cancel: Press Space Bar to Toggle. Figure 25-16 Example 3: Menu 15.1.1.1 Menu 15.1.1 - Address Mapping Rules Set Name= NAT_SET Local Start IP Local End IP...
Page 258: Figure 25-18 Nat Example 4
25.5.4 Example 4: NAT Unfriendly Application Programs Some applications do not support NAT Mapping using TCP or UDP port address translation. In this case it is better to use Many-to-Many No Overload mapping as port numbers do not change for Many-to-Many No Overload (and One-to-One) NAT mapping types. The following figure illustrates this.
Page 259: Configuring Trigger Port Forwarding
HomeSafe User’s Guide Menu 15.1.1 - Address Mapping Rules Set Name= Example4 Local Start IP Local End IP --------------- --------------- 192.168.1.10 192.168.1.12 Action= Edit Press ENTER to Confirm or ESC to Cancel: Figure 25-20 Example 4: Menu 15.1.1 Address Mapping Rules 25.6 Configuring Trigger Port Forwarding Only one LAN computer can use a trigger port (range) at a time.
Page 260: Table 25-5 Menu 15.3 Trigger Port Setup
Table 25-5 Menu 15.3 Trigger Port Setup FIELD Rule This is the rule index number. Name Enter a unique name for identification purposes. You may enter up to 15 characters in this field. All characters are permitted - including spaces. Incoming Incoming is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service.
Page 262: Chapter 26 Enabling The Firewall
This chapter shows you how to get started with the HomeSafe firewall. 26.1 Remote Management and the Firewall When SMT menu 24.11 is configured to allow management (see the Remote Management chapter) and the firewall is enabled: • The firewall blocks remote management from the WAN unless you configure a firewall rule to allow it.
Page 263: Smt Advanced Management
SMT Advanced Management SMT Advanced Management This part discusses filtering setup, SNMP, system security, system information and diagnosis, firmware and configuration file maintenance, system maintenance, remote management and call scheduling. See the web configurator parts of this guide for background information on features configurable by web configurator and SMT.
Page 264: Chapter 27 Filter Configuration
27.1 Introduction to Filters Your HomeSafe uses filters to decide whether to allow passage of a data packet and/or to make a call. There are two types of filter applications: data filtering and call filtering. Filters are subdivided into device and protocol filters, which are discussed later. Data filtering screens the data to determine if the packet should be allowed to pass.
Page 265: Figure 27-2 Filter Rule Process
HomeSafe User’s Guide apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for a single port. Sets of factory default filter rules have been configured in menu 21 to prevent NetBIOS traffic from triggering calls and to prevent incoming telnet sessions.
Page 266: Configuring A Filter Set
27.2 Configuring a Filter Set The HomeSafe includes filtering for NetBIOS over TCP/IP packets by default. To configure another filter set, follow the procedure below. Enter 21 in the main menu to open menu 21. Step 1. Menu 21 - Filter and Firewall Setup 1.
Page 267: Table 27-2 Rule Abbreviations Used
HomeSafe User’s Guide Table 27-1 Abbreviations Used in the Filter Rules Summary Menu FIELD More. “Y” means there are more rules to check which form a rule chain with the present rule. An action cannot be taken until the rule chain is complete. “N”...
Page 268: Figure 27-6 Menu 21.1.1.1 Tcp/Ip Filter Rule
To configure TCP/IP rules, select TCP/IP Filter Rule from the Filter Type field and press [ENTER] to open Menu 21.1.1.1 - TCP/IP Filter Rule, as shown next. Menu 21.1.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 0 Destination: IP Addr= 0.0.0.0...
Page 269 HomeSafe User’s Guide FIELD Port # Enter the source port of the packets that you wish to filter. The range of this field is 0 to 65535. This field is ignored if it is 0. Port # Comp Press [SPACE BAR] and then [ENTER] to select the comparison to apply to the source port in the packet against the value given in Source: Port #.
Page 270: Figure 27-7 Executing An Ip Filter
Packet into IP Filter Filter Active? Apply SrcAddrMask to Src Addr Check Src IP Addr Matched Apply DestAddrMask to Dest Addr Check Dest IP Addr Matched Check IP Protocol Matched Check Src & Dest Port Matched More? Action Matched Drop Forward Drop Packet Figure 27-7 Executing an IP Filter...
Page 271: Figure 27-8 Menu 21.1.4.1 Generic Filter Rule
HomeSafe User’s Guide To configure a generic rule, select Generic Filter Rule in the Filter Type field in menu 21.1.4.1 and press [ENTER] to open Generic Filter Rule, as shown below. Filter #: 4,1 Filter Type= Generic Filter Rule Active= No Offset= 0 Length= 0 Mask= N/A...
Page 272: Example Filter
Table 27-4 Generic Filter Rule Menu Fields FIELD Action Select the action for a packet not matching the rule. Matched Once you have completed filling in Menu 21.4.1.1 - Generic Filter Rule, press [ENTER] at the message “Press ENTER to Confirm” to save your configuration, or press [ESC] to cancel. This data will now be displayed on Menu 21.1.1 - Filter Rules Summary.
Page 273: Figure 27-10 Example Filter: Menu 21.1.3.1
HomeSafe User’s Guide Enter 1 to configure the first filter rule (the only filter rule of this set). Make the entries Step 6. in this menu as shown in the following figure. Menu 21.1.3.1 - TCP/IP Filter Rule Filter #: 3,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6...
Page 274: Filter Types And Nat
# A Type - - ---- --------------------------------------------------------------- - - - 1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=23 Enter Filter Rule Number (1-6) to Configure: This shows you that you have configured and activated (A = Y) a TCP/IP filter rule (Type = IP, Pr = 6) for destination telnet ports (DP = 23).
Page 275: Firewall Versus Filters
HomeSafe User’s Guide Figure 27-12 Protocol and Device Filter Sets 27.5 Firewall Versus Filters Firewall configuration is discussed in the firewall chapters of this manual. Further comparisons are also made between filtering, NAT and the firewall. 27.6 Applying a Filter This section shows you where to apply the filter(s) after you design it (them).
Page 276: Figure 27-14 Filtering Remote Node Traffic
four filter sets by entering their numbers separated by commas. The HomeSafe already has filters to prevent NetBIOS traffic from triggering calls, and block incoming telnet, FTP and HTTP connections. Input Filter Sets: Output Filter Sets: Figure 27-14 Filtering Remote Node Traffic Filter Configuration Menu 11.5 - Remote Node Filter protocol filters=...
Page 278: Chapter 28 Snmp Configuration
HomeSafe User’s Guide Chapter 28 SNMP Configuration This chapter explains SNMP Configuration menu 22. 28.1 About SNMP Simple Network Management Protocol is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your HomeSafe supports SNMP agent functionality, which allows a manager station to manage and monitor the HomeSafe through the network.
Page 279: Supported Mibs
HomeSafe User’s Guide • GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. •...
Page 280: Snmp Traps
28.4 SNMP Traps The HomeSafe will send traps to the SNMP manager when any one of the following events occurs: TRAP # TRAP NAME coldStart (defined in RFC-1215) warmStart (defined in RFC-1215) linkDown (defined in RFC-1215) linkUp (defined in RFC-1215) authenticationFailure (defined in RFC-1215) whyReboot (defined in ZYXEL-...
Page 282: Chapter 29 System Security
This chapter describes how to configure the system security on the HomeSafe. 29.1 System Security You can configure the system password, an external RADIUS server and 802.1x in this menu. 29.1.1 System Password Figure 29-1 Menu 23 System Security You should change the default password. If you forget your password you have to restore the default configuration file.
Page 283: Figure 29-4 Menu 23 System Security
HomeSafe User’s Guide Table 29-1 Menu 23.2 System Security : RADIUS Server FIELD Authentication Server Active Press [SPACE BAR] to select Yes and press [ENTER] to enable user authentication through an external authentication server. Server Address Enter the IP address of the external authentication server in dotted decimal notation.
Page 284: Figure 29-5 Menu 23.4 System Security : Ieee802.1X
Menu 23.4 - System Security - IEEE802.1x Wireless Port Control= No Authentication Required ReAuthentication Timer (in second)= N/A Idle Timeout (in second)= N/A Key Management Protocol= N/A Dynamic WEP Key Exchange= N/A PSK = N/A WPA Mixed Mode= N/A Data Privacy = N/A WPA Broadcast/Multicast Key Update Timer= N/A Authentication Databases= N/A Press Space Bar to Toggle.
Page 285 HomeSafe User’s Guide Table 29-2 Menu 23.4 System Security : IEEE802.1x FIELD Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols) when you select WPA-PSK in the Key Management Protocol field. WPA Mixed Select Enable to activate WPA mixed mode. Otherwise, select Disable and configure Mode Group Data Privacy field.
Page 286: Chapter 30 System Information And Diagnosis
System Information and Diagnosis This chapter covers the information and diagnostic tools in SMT menus 24.1 to 24.4. These tools include updates on system status, port status, log and trace capabilities and upgrades for the system software. This chapter describes how to use these tools in detail. Type 24 in the main menu to open Menu 24 figure.
Page 287: Figure 30-2 Menu 24.1 System Maintenance : Status
HomeSafe User’s Guide Menu 24.1 - System Maintenance - Status Port Status TxPkts Down 100M/Full WLAN Port Ethernet Address 00:50:8D:48:59:1F 00:A0:C5:01:20:05 WLAN 00:A0:C5:01:20:05 System up Time: Name: HS-100W.zyxel.com.tw Routing: IP ZyNOS F/W Version: V3.60(JM.0)b1 | 05/17/2004 COMMANDS: 1-Drop WAN 9-Reset Counters Figure 30-2 Menu 24.1 System Maintenance : Status The following table describes the fields present in Menu 24.1 —...
Page 288: System Information
Refers to the routing protocol used. ZyNOS F/W Version Refers to the ZyNOS (ZyXEL Network Operating System) system firmware version. ZyNOS is a registered trademark of ZyXEL Communications Corporation. Ethernet Address Refers to the Ethernet MAC (Media Access Control) of your HomeSafe.
Page 289: Log And Trace
HomeSafe User’s Guide 30.2.2 Console Port Speed You can set up different port speeds for the console port through Menu 24.2.2 – System Maintenance – Console Port Speed. Your HomeSafe supports 9600 (default), 19200, 38400, 57600 and 115200 bps. Press [SPACE BAR] and then [ENTER] to select the desired speed in menu 24.2.2, as shown in the following figure.
Page 290: Packet Triggered
Your HomeSafe sends five types of syslog messages. Some examples (not all HomeSafe specific) of these syslog messages with their message formats are shown next: 1. CDR CDR Message Format SdcmdSyslogSend( SYSLOG_CDR, SYSLOG_INFO, String ); String = board xx line xx channel xx, call xx, str board = the hardware board ID line = the WAN ID in a board Channel = channel ID within the WAN...
Page 291: Diagnostic
HomeSafe User’s Guide 5. Firewall log Firewall Log Message Format SdcmdSyslogSend(SYSLOG_FIREWALL, SYSLOG_NOTICE, buf); buf = IP[Src=xx.xx.xx.xx : spo=xxxx Dst=xx.xx.xx.xx : dpo=xxxx | prot | rule | action] Src: Source Address spo: Source port (empty means no source port information) Dst: Destination Address dpo: Destination port (empty means no destination port information) prot: Protocol (“TCP”,”UDP”,”ICMP”, ”IGMP”, ”GRE”, ”ESP”) rule: <a,b>...
Page 292: Figure 30-8 Menu 24.4 System Maintenance : Diagnostic
Menu 24.4 - System Maintenance - Diagnostic TCP/IP 1. Ping Host 2. WAN DHCP Release 3. WAN DHCP Renewal 4. Internet Setup Test System 11. Reboot System Enter Menu Selection Number: Figure 30-8 Menu 24.4 System Maintenance : Diagnostic 30.4.1 WAN DHCP DHCP functionality can be enabled on the LAN or WAN as shown in Figure 30-9.
Page 293 HomeSafe User’s Guide Table 30-4 System Maintenance Menu Diagnostic Reboot System Enter 11 to reboot the HomeSafe. Host IP Address= If you entered 1 in Ping Host, then enter the IP address of the computer you want to ping in this field. Enter the number of the selection you would like to perform or press [ESC] to cancel.
Page 294: Chapter 31 Firmware And Configuration File Maintenance
Firmware and Configuration File This chapter tells you how to backup and restore your configuration file as well as upload 31.1 Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom”...
Page 295: Backup Configuration
HomeSafe User’s Guide 31.2 Backup Configuration Option 5 from Menu 24 – System Maintenance allows you to backup the current HomeSafe configuration to your computer. Backup is highly recommended once your HomeSafe is functioning properly. FTP is the preferred methods for backing up your current configuration to your computer since they are faster.
Page 296: Table 31-2 General Commands For Gui-Based Ftp Clients
31.2.4 GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 31-2 General Commands for GUI-based FTP Clients COMMAND Host Address Enter the address of the host server. Login Type Anonymous.
Page 297: Restore Configuration
HomeSafe User’s Guide 31.2.7 TFTP Command Example The following is an example TFTP command: tftp [-i] host get rom-0 config.rom where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the HomeSafe IP address, “get” transfers the file source on the HomeSafe (rom-0, name of the configuration file on the HomeSafe) to the file destination on the computer and renames it config.rom.
Page 298: Uploading Firmware And Configuration Files
Menu 24.6 -- System Maintenance - Restore Configuration To transfer the firmware and configuration file to your workstation, follow the procedure below: 1. Launch the FTP client on your workstation. 2. Type "open" and the IP address of your HomeSafe. Then type "root" and SMT password as requested.
Page 299: Figure 31-5 Telnet Into Menu 24.7.1 Upload System Firmware
HomeSafe User’s Guide WARNING! DO NOT INTERRUPT THE FILE TRANSFER PROCESS AS THIS MAY PERMANENTLY DAMAGE YOUR HOMESAFE. 31.4.1 Firmware File Upload FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. When you telnet into the HomeSafe, you will see the following screens for uploading firmware and the configuration file using FTP.
Page 300: Ftp File Upload Command From The Dos Prompt Example
31.4.3 FTP File Upload Command from the DOS Prompt Example Step 1. Launch the FTP client on your computer. Enter “open”, followed by a space and the IP address of your HomeSafe. Step 2. Press [ENTER] when prompted for a username. Step 3.
Page 301: Tftp Upload Command Example
HomeSafe User’s Guide Use the TFTP client (see the example below) to transfer files between the HomeSafe Step 5. and the computer. The file name for the firmware is “ras”. Note that the telnet connection must be active and the HomeSafe in CI mode before and during the TFTP transfer.
Page 302: Chapter 32 System Maintenance
32.1 Command Interpreter Mode The Command Interpreter (CI) is a part of the main system firmware. The CI provides much of the same functionality as the SMT, while adding some low-level setup and diagnostic functions. Enter the CI from the SMT by selecting menu 24.8. See the included disk or the zyxel.com web site for more detailed information on CI commands.
Page 303: Call Control Support
HomeSafe User’s Guide HS-100W> com Valid commands are: radius HS-100W> 32.2 Call Control Support The HomeSafe provides two call control functions: budget management and call history. Please note that this menu is only applicable when Encapsulation is set to PPPoE in menu 4 or menu 11.1.
Page 304: Figure 32-5 Call History
FIELD Remote Node Enter the index number of the remote node you want to reset (just one in this case) Connection This is the total connection time that has gone by Time/Total Budget (within the allocated budget that you set in menu 11.1).
Page 305: Time And Date Setting
HomeSafe User’s Guide 32.3 Time and Date Setting The Real Time Chip (RTC) keeps track of the time and date (not available on all models). There is also a software mechanism to set the time manually or get the current time and date from an external server when you turn on your HomeSafe.
Page 306: Resetting The Time
Table 32-3 Time and Date Setting Fields FIELD Time Zone Press [SPACE BAR] and then [ENTER] to set the time difference between your time zone and Greenwich Mean Time (GMT). Daylight Saving Daylight Saving Time is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daylight time in the evenings.
Page 308: Remote Management
This chapter covers remote management (SMT menu 24.11). 33.1 Remote Management Remote management allows you to determine which services/protocols can access which HomeSafe interface (if any) from which computers. You may manage your HomeSafe from a remote location via: Internet (WAN only) LAN only When you Choose WAN only or ALL (LAN &...
Page 309: Remote Management Limitations
HomeSafe User’s Guide Table 33-1 Menu 24.11 – Remote Management Control FIELD Port This field shows the port number for the service or protocol. You may change the port number if needed, but you must use the same port number to access the HomeSafe. Access Select the access interface (if any) by pressing [SPACE BAR], then [ENTER] to choose from: LAN only, WAN only, ALL or Disable.
Page 310: Chapter 34 Call Scheduling
Call scheduling (applicable for PPPoA or PPPoE encapsulation only) allows you to dictate when a remote node should be called and for how long. 34.1 Introduction to Call Scheduling The call scheduling feature allows the HomeSafe to manage a remote node and dictate when a remote node should be called and for how long.
Page 311: Figure 34-2 Menu 26.1 Schedule Set Setup
HomeSafe User’s Guide Active= Yes Start Date(yyyy/mm/dd) = 2000 – 01 - 01 How Often= Once Once: Weekdays: Start Time (hh:mm)= 00 : 00 Duration (hh:mm)= 00 : 00 Action= Forced On Press Space Bar to Toggle Figure 34-2 Menu 26.1 Schedule Set Setup If a connection has been already established, your HomeSafe will not drop it.
Page 312: Figure 34-3 Applying Schedule Set(S) To A Remote Node (Pppoe)
Table 34-1 Menu 26.1 Schedule Set Setup FIELD Action Forced On means that the connection is maintained whether or not there is a demand call on the line and will persist for the time period specified in the Duration field. Forced Down means that the connection is blocked whether or not there is a demand call on the line.
Page 313: Appendices And Index
Appendices and Index Appendices and Index This section provides some Appendices and an Index.
Page 315: Appendix A Troubleshooting
PROBLEM None of the LEDs Make sure that you have the correct power adapter connected to the HomeSafe turn on when you turn and plugged in to an appropriate power source. Check all cable connections. on the HomeSafe. If the LEDs still do not turn on, you may have a hardware problem. In this case, you should contact your local vendor.
Page 316 HomeSafe User’s Guide PROBLEM Make sure that the Time Scheduling configured in the Parental Control Edit screen restricts access at the scheduled time. Access to a web Make sure that you select the Keyword Blocking check box in the Parental page with a URL Control Group Edit screen.
Page 317: Appendix Bpppoe
PPPoE in Action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit) that connects to an xDSL Access Concentrator where the PPP session terminates (see the next figure). One PVC can support any number of PPP sessions from your LAN.
Page 318 HomeSafe User’s Guide With PPPoE, the VC (Virtual Circuit) is equivalent to the dial-up connection and is between the modem and the AC, as opposed to all the way to the ISP. However, the PPP negotiation is between the PC and the ISP. The HomeSafeas a PPPoE Client When using the HomeSafeas a PPPoE client, the PCs on the LAN see only Ethernet and are not aware of PPPoE.
Page 319: Appendix Cpptp
HomeSafe User’s Guide Appendix C PPTP What is PPTP? PPTP (Point-to-Point Tunneling Protocol) is a Microsoft proprietary protocol (RFC 2637 for PPTP is informational only) to tunnel PPP frames. How can we transport PPP frames from a PC to a broadband modem over Ethernet? A solution is to build PPTP into the ANT (ADSL Network Termination) where PPTP is used only over the short haul between the PC and the modem over Ethernet.
Page 320: Pptp Protocol Overview
HomeSafe User’s Guide PPTP Protocol Overview PPTP is very similar to L2TP, since L2TP is based on both PPTP and L2F (Cisco’s Layer 2 Forwarding). Conceptually, there are three parties in PPTP, namely the PNS (PPTP Network Server), the PAC (PPTP Access Concentrator) and the PPTP user. The PNS is the box that hosts both the PPP and the PPTP stacks and forms one end of the PPTP tunnel.
Page 321 HomeSafe User’s Guide The PPP frames are tunneled between the PNS and PAC over GRE (General Routing Encapsulation, RFC 1701, 1702). The individual calls within a tunnel are distinguished using the Call ID field in the GRE header. PPTP...
Page 323: Appendix D Log Descriptions
Configure centralized logs using the embedded web configurator; see the online help for details. This appendix describes some of the log messages. LOG MESSAGE %s exceeds the max. number of session per host! Chart 2 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration...
Page 324 HomeSafe User’s Guide Chart 2 System Maintenance Logs LOG MESSAGE mismatch !! No known phase 1 ID type found LOG MESSAGE UPnP pass through Firewall LOG MESSAGE URLFOR URLBLK JAVBLK %s: Keyword blocking %s: Not in trusted web list %s: Forbidden Web site %s: Contains ActiveX %s: Contains Java applet %s: Contains cookie...
Page 325 LOG MESSAGE Waiting content filter server timeout DNS resolving failed Creating socket failed Connecting to content filter server fail License key is invalid Chart 5 ICMP Type and Code Explanations TYPE CODE Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable...
Page 326: Log Commands
1. Use the sys logs load command to load the log setting buffer that allows you to configure which logs the HomeSafe is to record. 2. Use sys logs category to view a list of the log categories. Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. HS-100W> ? Valid commands are: exit...
Page 327: Displaying Logs
Use the sys logs clear command to erase all of the HomeSafe’s logs. This example shows how to set the HomeSafe to record the access logs and alerts and then view the results. Copyright (c) 1994 - 2004 ZyXEL Communications Corp. HS-100W> sys logs load HS-100W> sys logs category access 3 HS-100W>...
Page 329: Appendix E Setting Up Your Computer's Ip Address
Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
Page 330 HomeSafe User’s Guide Select Protocol and then click Add. Select Microsoft from the list of manufacturers. Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: Click Add. Select Client and then click Add. Select Microsoft from the list of manufacturers.
Page 331 -If you do not know your gateway’s IP address, remove previously installed gateways. -If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window.
Page 332 HomeSafe User’s Guide Windows 2000/NT/XP In Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. In Windows XP, click Network Connections. In Windows 2000/NT, click Network and Dial-up Connections. Right-click Local Area Connection and then click Properties. Setting up Your Computer’s IP Address...
Page 333 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). - To have your computer assigned a dynamic IP address, click Obtain an IP address automatically.
Page 334 HomeSafe User’s Guide -If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: -In the IP Settings tab, in IP addresses, click Add.
Page 335 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): -Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). -If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 336 HomeSafe User’s Guide Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Select Ethernet built-in from the Connect via list. For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: -From the Configure box, select Manually.
Page 337: Macintosh Os X
Verifying Your Computer’s IP Address Check your TCP/IP properties in the TCP/IP Control Panel window. Macintosh OS X Click the Apple menu, and click System Preferences to open the System Preferences window. Click Network in the icon bar. - Select Automatic from the Location list. - Select Built-in Ethernet from the Show list.
Page 339: Benefits Of A Wireless Lan
Wireless LAN and IEEE 802.11 A wireless LAN (WLAN) provides a flexible data communications system that you can use to access various services (navigating the Internet, email, printer services, etc.) without the use of a cabled connection. In effect a wireless LAN environment provides you the freedom to stay connected to the network while roaming around in the coverage area.
Page 340: Infrastructure Wireless Lan Configuration
HomeSafe User’s Guide time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS). See the following diagram of an example of an Ad-hoc wireless LAN. Diagram F-1 Peer-to-Peer Communication in an Ad-hoc Network Infrastructure Wireless LAN Configuration For infrastructure WLANs, multiple access points (APs) link the WLAN to the wired network...
Page 341 HomeSafe User’s Guide Diagram F-2 ESS Provides Campus-Wide Coverage Wireless LAN and IEEE 802.11...
Page 343: Appendix G Wireless Lan With Ieee 802.1X
Wireless LAN With IEEE 802.1x As wireless networks become popular for both portable computing and corporate networks, security is now a priority. Security Flaws with IEEE 802.11 Wireless networks based on the original IEEE 802.11 have a poor reputation for safety. The IEEE 802.11b wireless access standard, first published in 1999, was based on the MAC address.
Page 344 HomeSafe User’s Guide Diagram G-1 Sequences for EAP MD5–Challenge Authentication Client computer access authorized. Client computer access not authorized. Wireless LAN with IEEE 802.1x...
Page 345: Appendix H Types Of Eap Authentication
Types of EAP Authentication This appendix discusses the four popular EAP authentication types: EAP-MD5, EAP-TLS, EAP-TTLS and PEAP. The type of authentication you use depends on the RADIUS server or the AP. Consult your network administrator for more information. EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method.
Page 346 HomeSafe User’s Guide Comparison of EAP Authentication Types EAP-MD5 Certificate – Client Certificate – Server Dynamic Key Exchange Credential Security None Deployment Easy Difficulty Wireless Security Poor Client Identity Protection EAP-TLS EAP-TTLS Strong Hard Best PEAP Optional Optional Strong Strong Moderate Moderate Good...
Page 347: Appendix I Antenna Selection And Positioning Recommendation
Antenna Selection and Positioning An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Choosing the right antennas and positioning them properly increases the range and coverage area of a wireless LAN.
Page 348: Positioning Antennas
HomeSafe User’s Guide • Directional antennas concentrate the RF signal in a beam, like a flashlight. The angle of the beam width determines the direction of the coverage pattern; typically ranges from 20 degrees (less directional) to 90 degrees (very directional). The directional antennas are ideal for hallways and outdoor point-to-point applications.
Page 349: Appendix J Brute-Force Password Guessing Protection
Brute-Force Password Guessing The following describes the commands for enabling, disabling and configuring the brute-force password guessing protection mechanism for the password. See other appendices for information on the command structure. Chart 6 Brute-Force Password Guessing Protection Commands COMMAND sys pwderrtm This command displays the brute-force guessing password protection settings.
Page 351: Appendix K Triangle Route
The Ideal Setup When the firewall is on, your HomeSafeacts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the HomeSafeto protect your LAN against attacks. The “Triangle Route”...
Page 352: Gateways On The Wan Side
HomeSafe User’s Guide Step 1. A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. Step 2. The HomeSafereroutes the packet to Gateway B which is in Subnet 2. Step 3. The reply from WAN goes through the HomeSafeto the computer on the LAN in Subnet 1.
Page 353: Appendix L Index
802.1x... 7-11 Active ... 22-2 Address Assignment... 3-8, 3-9 Address Resolution Protocol (ARP)... 5-3 Ad-hoc Configuration... F-1 Allocated Budget... 22-4 Antenna Directional... I-2 Omni-directional ... I-1 Types... I-1 Antenna gain... I-1 Applications... 1-5 AT command... 31-1 Authen ... 22-4 Authentication ...7-3, 22-3, 22-4 Authentication Protocol...
Page 354 HomeSafe User’s Guide Ethernet Encapsulation...9-5, 21-1, 22-1, 22-7 Extended Service Set...F-2, 6-2 Extended Service Set IDentification... 6-5 Factory Default... 19-1 Factory LAN Defaults ... 5-1 Fail Tolerance... 22-8 FCC ... iii FHSS . See Frequency-Hopping Spread Spectrum Filename Conventions ... 31-1 Filter ...
Page 355 Management Information Base (MIB) 14-6, 28-1 Many to Many No Overload... See NAT Many to Many Overload ... See NAT Many to One... See NAT MD5 ... H-1 Message Digest Algorithm 5 ...See MD5 Message Logging ... 30-4 Metric ...8-1, 10-3, 22-6, 23-2 Multicast...5-2, 5-5, 20-3, 22-6 My IP Addr...
Page 356 HomeSafe User’s Guide Roaming ... 6-5 Enable on ZyAIR ... 20-8 Example ... 6-6 Requirements ... 6-6 Route ... 22-2 RTC ...See Real Time Chip RTS Threshold ... 6-3, 20-6 Rules Predefined Services... 12-13 Schedule Sets Duration ... 34-2 Schedules... 22-4 Security Parameters ...
Page 357 VPN... 8-4 WAN DHCP... 30-7 WAN Setup ... 3-9, 19-1 Warranty...v Web ... 14-2 Web Configurator...2-1, 2-20, 26-1 WEP ... 7-3 WEP Encryption...7-5, 7-8, 20-6 What is PPTP?...C-1 Wireless Client WPA Supplicants... 7-9 Wireless LAN...F-1, 20-5 Index HomeSafe User’s Guide Benefits ...

This manual is also suitable for:

Hs100 Hs100w

ZyXEL Communications Parental Control Gateway HS100/HS100W User Manual

Chapter 1 Getting to Know Your Homesafe

Chapter 2 Introducing the Web Configurator

Chapter 3 Connection Wizard

Chapter 4 System Screens

Chapter 5 LAN Screens

Chapter 6 Wireless Configuration and Roaming

Chapter 7 Wireless Security

Chapter 8 WAN Screens

Chapter 9 Network Address Translation (NAT) Screens

Chapter 10 Static Route Screens

Chapter 11 Upnp

Chapter 12 Parental Control

Chapter 13 Firewall

Chapter 14 Remote Management Screens

Quick Links

Related Manuals for ZyXEL Communications Parental Control Gateway HS100/HS100W

Summary of Contents for ZyXEL Communications Parental Control Gateway HS100/HS100W