background image

VMG5313-B10A/-B30A Series User’s Guide

297

C

H A P T E R

      2 4

Log

24.1  Overview

The web configurator allows you to choose which categories of events and/or alerts to have the 
VMG log and then display the logs or have the VMG send them to an administrator (as e-mail) or to 
a syslog server. 

24.1.1  What You Can Do in this Chapter

• Use  the 

System Log 

screen to see the system logs (

Section 24.2 on page 298

).

• Use  the 

Security Log 

screen to see the security-related logs for the categories that you select 

(

Section 24.3 on page 299

).

24.1.2  What You Need To Know

The following terms and concepts may help as you read this chapter.

Alerts and Logs

An alert is a type of log that warrants more serious attention. They include system errors, attacks 
(access control) and attempted access to blocked web sites. Some categories such as 

System 

Errors

 consist of both logs and alerts. You may differentiate them by their color in the 

View Log 

screen. Alerts display in red and logs display in black.

Syslog Overview 

The syslog protocol allows devices to send event notification messages across an IP network to 
syslog servers that collect the event messages. A syslog-enabled device can generate a syslog 
message and send it to a syslog server.

Syslog is defined in RFC 3164. The RFC defines the packet format, content and system log related 
information of syslog messages. Each syslog message has a facility and severity level. The syslog 
facility identifies a file in the syslog server. Refer to the documentation of your syslog program for 
details. The following table describes the syslog severity levels. 

Table 123   

Syslog Severity Levels

CODE

SEVERITY

0

Emergency: The system is unusable.

1

Alert: Action must be taken immediately.

2

Critical: The system condition is critical.

3

Error: There is an error condition on the system.

4

Warning: There is a warning condition on the system.

Summary of Contents for VMG5313-B10A

Page 1: ... B30A Wireless N VDSL2 VoIP IAD with USB Version 1 00 Edition 3 09 2014 Copyright 2014 ZyXEL Communications Corporation User s Guide Default Login Details LAN IP Address http 192 168 1 1 Login admin zyuser Password 1234 1234 Default URL http 192 168 1 1 ...

Page 2: ... in this book may differ slightly from your product due to differences in your product firmware or your computer operating system Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the VMG and get up and running right away ...

Page 3: ...Routing 155 Quality of Service QoS 163 Network Address Translation NAT 181 Dynamic DNS Setup 199 Vlan Group 203 Interface Group 205 USB Service 211 Power Management 219 Firewall 223 MAC Filter 233 Parental Control 235 Scheduler Rule 241 Certificates 243 VPN 251 Voice 265 Log 297 Traffic Status 301 VoIP Status 305 xDSL Statistics 307 3G Statistics 311 User Account 313 Remote Management 315 TR 069 C...

Page 4: ...Contents Overview VMG5313 B10A B30A Series User s Guide 4 Log Setting 329 Firmware Upgrade 333 Configuration 337 Diagnostic 340 Troubleshooting 345 Appendices 353 ...

Page 5: ...18 1 5 VMG s USB Support 19 1 6 LEDs Lights 20 1 7 The RESET Button 21 1 8 Wireless Access 22 1 8 1 Using the Wi Fi and WPS Buttons 22 Chapter 2 The Web Configurator 23 2 1 Overview 23 2 1 1 Accessing the Web Configurator 23 2 2 Web Configurator Layout 25 2 2 1 Title Bar 25 2 2 2 Main Window 26 2 2 3 Navigation Panel 27 Chapter 3 Quick Start 33 3 1 Overview 33 3 2 Quick Start Setup 33 Chapter 4 Tu...

Page 6: ...7 4 10 Access Your Shared Files From a Computer 58 4 11 Using the Media Server Feature 60 4 11 1 Configuring the VMG 60 4 11 2 Using Windows Media Player 60 4 11 3 Using a Digital Media Adapter 63 4 12 Using the Print Server Feature 65 Part II Technical Reference 71 Chapter 5 Network Map and Status Screens 73 5 1 Overview 73 5 2 The Network Map Screen 73 5 3 The Status Screen 74 Chapter 6 Broadban...

Page 7: ... 7 10 Technical Reference 125 7 10 1 Wireless Network Overview 125 7 10 2 Additional Wireless Terms 127 7 10 3 Wireless Security Overview 127 7 10 4 Signal Problems 129 7 10 5 BSS 130 7 10 6 MBSSID 130 7 10 7 Preamble Type 131 7 10 8 Wireless Distribution System WDS 131 7 10 9 WiFi Protected Setup WPS 131 Chapter 8 Home Networking 139 8 1 Overview 139 8 1 1 What You Can Do in this Chapter 139 8 1 ...

Page 8: ...erview 163 10 1 1 What You Can Do in this Chapter 163 10 2 What You Need to Know 163 10 3 The Quality of Service General Screen 165 10 4 The Queue Setup Screen 166 10 4 1 Adding a QoS Queue 167 10 5 The Class Setup Screen 168 10 5 1 Add Edit QoS Class 169 10 6 The QoS Policer Setup Screen 173 10 6 1 Add Edit a QoS Policer 174 10 7 Technical Reference 175 Chapter 11 Network Address Translation NAT ...

Page 9: ...00 12 2 The DNS Entry Screen 200 12 2 1 Add Edit DNS Entry 200 12 3 The Dynamic DNS Screen 201 Chapter 13 Vlan Group 203 13 1 Overview 203 13 1 1 What You Can Do in this Chapter 203 13 2 The Vlan Group Screen 203 13 2 1 Add Edit a VLAN Group 204 Chapter 14 Interface Group 205 14 1 Overview 205 14 1 1 What You Can Do in this Chapter 205 14 2 The Interface Group Screen 205 14 2 1 Interface Group Con...

Page 10: ...d Edit Rule Screen 222 Chapter 17 Firewall 223 17 1 Overview 223 17 1 1 What You Can Do in this Chapter 223 17 1 2 What You Need to Know 224 17 2 The Firewall Screen 225 17 3 The Protocol Screen 225 17 3 1 Add Edit a Service 226 17 4 The Access Control Screen 228 17 4 1 Add Edit an ACL Rule 228 17 5 The DoS Screen 230 Chapter 18 MAC Filter 233 18 1 Overview 233 18 2 The MAC Filter Screen 233 Chapt...

Page 11: ...2 4 Technical Reference 258 22 4 1 IPSec Architecture 258 22 4 2 Encapsulation 259 22 4 3 IKE Phases 260 22 4 4 Negotiation Mode 261 22 4 5 IPSec and NAT 262 22 4 6 VPN NAT and NAT Traversal 262 22 4 7 ID Type and Content 263 22 4 8 Pre Shared Key 264 22 4 9 Diffie Hellman DH Key Groups 264 Chapter 23 Voice 265 23 1 Overview 265 23 1 1 What You Can Do in this Chapter 265 23 1 2 What You Need to Kn...

Page 12: ...Screen 299 Chapter 25 Traffic Status 301 25 1 Overview 301 25 1 1 What You Can Do in this Chapter 301 25 2 The WAN Status Screen 301 25 3 The LAN Status Screen 302 25 4 The NAT Status Screen 303 Chapter 26 VoIP Status 305 26 1 The VoIP Status Screen 305 Chapter 27 xDSL Statistics 307 27 1 The xDSL Statistics Screen 307 Chapter 28 3G Statistics 311 28 1 Overview 311 28 2 The 3G Statistics Screen 31...

Page 13: ...R 064 Screen 321 Chapter 33 SNMP 323 33 1 Overview 323 33 2 The SNMP Screen 323 Chapter 34 Time Settings 325 34 1 Overview 325 34 2 The Time Screen 325 Chapter 35 E mail Notification 327 35 1 Overview 327 35 2 The Email Notification Screen 327 35 2 1 Email Notification Edit 328 Chapter 36 Log Setting 329 36 1 Overview 329 36 2 The Log Settings Screen 329 36 2 1 Example E mail Log 330 Chapter 37 Fi...

Page 14: ...0 39 3 Ping TraceRoute NsLookup 341 39 4 802 1ag 341 39 5 OAM Ping 342 Chapter 40 Troubleshooting 345 40 1 Power Hardware Connections and LEDs 345 40 2 VMG Access and Login 346 40 3 Internet Access 348 40 4 Wireless Internet Access 349 40 5 USB Device Connection 350 40 6 UPnP 350 Part III Appendices 353 Appendix A Customer Support 355 Appendix B Wireless LANs 361 Appendix C IPv6 375 Appendix D Ser...

Page 15: ...15 PART I User s Guide ...

Page 16: ...16 ...

Page 17: ... 802 11b g n wireless standard The VMG5313 B10A works over the analog telephone system POTS Plain Old Telephone Service The VMG5313 B30A works over ISDN Integrated Services Digital Network or T ISDN UR 2 Only use firmware for your VMG s specific model Refer to the label on the bottom of your VMG 1 2 Ways to Manage the VMG Use any of the following methods to manage the VMG Web Configurator This is ...

Page 18: ...tore your last configuration 1 4 Applications for the VMG Here are some example uses for which the VMG is well suited 1 4 1 Internet Access Your VMG provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack You can have multiple WAN services over one ADSL VDSL or Ethernet connection at the same time However the VMG cannot work in ADSL ...

Page 19: ...on all incoming traffic from the Internet to your network is blocked by default unless it is initiated from your network This means that probes from the outside to your network are not allowed but you can safely browse the Internet and download files 1 5 VMG s USB Support The USB port of the VMG is used for file sharing ADSL VDSL WLAN PPPoE IPoA Bridging WAN ADSL IPoE WAN LAN LAN WLAN A A PPPoA IP...

Page 20: ...EDs None of the LEDs are on if the VMG is not receiving power B A PWR SYS DSL INTERNET LAN1 LAN2 LAN3 LAN4 Wi Fi PHONE1 PHONE2 USB Table 1 LED Descriptions LED COLOR STATUS DESCRIPTION PWR SYS Green On The VMG is receiving power and ready for use Blinking The VMG is self testing Red On The VMG detected an error while self testing or there is a device malfunction Off The VMG is not receiving power ...

Page 21: ...ternet connection or the gateway is in bridged mode Red On The VMG attempted to make an IP connection but failed Possible causes are no response from a DHCP server no PPPoE response PPPoE authentication failed LAN Green On The VMG has a successful 100 Mbps Ethernet connection with a device on the Local Area Network LAN Blinking The VMG is sending or receiving data to from the LAN at 100 Mbps Off T...

Page 22: ...or one second Once the WiFi LED turns green the wireless network is active You can also use the WPS button to quickly set up a secure wireless connection between the VMG and a WPS compatible client by adding one device at a time To activate WPS 1 Make sure the PWR SYS LED is on and not blinking 2 Press the WPS button for five seconds and release it 3 Press the WPS button on another WPS enabled dev...

Page 23: ... on page 399 if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Configurator 1 Make sure your VMG hardware is properly connected refer to the Quick Start Guide 2 Launch your web browser If the VMG does not automatically re direct you to the login screen go to http 192 168 1 1 3 A password screen displays To access the administrative web configurator a...

Page 24: ...to proceed to the main menu if you do not want to change the password now Figure 5 Change Password Screen 5 The Quick Start Wizard screen appears You can configure the VMG s time zone basic Internet access and wireless settings See Chapter 3 on page 33 for more information 6 After you finished or closed the Quick Start Wizard screen the Network Map page appears Figure 6 Network Map 7 Click Status ...

Page 25: ...User s Guide 25 2 2 Web Configurator Layout Figure 7 Screen Layout As illustrated above the main screen is divided into these parts A title bar B main window C navigation panel 2 2 1 Title Bar The title bar provides some icons in the upper right corner C A B ...

Page 26: ...for more information about the Status screen If you click Virtual Device on the System Info screen a visual graphic appears showing the connection status of the VMG s ports The connected ports are in color and disconnected ports are gray Figure 8 Virtual Device Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Language Select the language you prefer Quick Start Click this icon to op...

Page 27: ...ings Guest More AP Use this screen to configure multiple BSSs on the VMG MAC Authentication Use this screen to block or allow wireless traffic from wireless devices of certain SSIDs and MAC addresses to the VMG WPS Use this screen to configure and view your WPS Wi Fi Protected Setup settings WMM Use this screen to enable or disable Wi Fi MultiMedia WMM WDS Use this screen to set up Wireless Distri...

Page 28: ...g screen ALG Use this screen to enable or disable SIP ALG Address Mapping Use this screen to change your Device s address mapping settings Sessions Use this screen to configure the maximum number of NAT sessions each client host is allowed to have through the VMG DDNS DNS Entry Use this screen to view and configure DNS routes Dynamic DNS Use this screen to allow a static hostname alias for a dynam...

Page 29: ...tificates and manage certificates and certification requests Trusted CA Use this screen to view and manage the list of the trusted CAs IPSec VPN Setup Use this screen to add or edit VPN policies Monitor Use this screen to view the status of all IPSec VPN tunnels You can also manually initiate a tunnel in this screen VoIP SIP SIP Account Use this screen to set up information about your SIP account ...

Page 30: ...o view the ARP table It displays the IP and MAC address of each DHCP connection Routing Table Routing Table Use this screen to view the routing table on the VMG IGMP MLD Group Status IGMP MLD Group Status Use this screen to view the status of all IGMP settings on the VMG xDSL Statistics xDSL Statistics Use this screen to view the Device s xDSL traffic statistics 3G Statistics 3G Statistics Use thi...

Page 31: ...guration settings or reset the factory default settings Reboot Reboot Use this screen to reboot the VMG without turning the power off Diagnostic Ping Traceroute Nslookup Use this screen to identify problems with the DSL connection You can use Ping TraceRoute or Nslookup to help you identify problems 802 1ag Use this screen to configure CFM Connectivity Fault Management MD maintenance domain and MA...

Page 32: ...Chapter 2 The Web Configurator VMG5313 B10A B30A Series User s Guide 32 ...

Page 33: ...n on the features in this chapter 3 2 Quick Start Setup 1 The Quick Start Wizard appears automatically after login Or you can click the Click Start icon in the top right corner of the web configurator to open the quick start screens Select the time zone of the VMG s location and click Next Figure 9 Quick Start Welcome 2 Enter your Internet connection information in this screen The screen and field...

Page 34: ...art Internet Connection 3 Turn the wireless LAN on or off If you keep it on record the security settings so you can configure your wireless clients to connect to the VMG Click Save Figure 11 Quick Start Wireless 4 Your VMG saves your settings and attempts to connect to the Internet ...

Page 35: ...work see page 50 Configuring QoS Queue and Class Setup see page 53 Access the VMG Using DDNS see page 56 Configuring the MAC Address Filter see page 57 Access Your Shared Files From a Computer see page 58 Using the Media Server Feature see page 60 Using the Print Server Feature see page 65 4 2 Setting Up an Ethernet WAN Connection This tutorial shows you how to use LAN port 4 as an alternative or ...

Page 36: ...Chapter 4 Tutorials VMG5313 B10A B30A Series User s Guide 36 3 The Broadband summary screen then appears as follows ...

Page 37: ...ion cannot operate at the same time 4 3 Setting Up an ADSL PPPoE Connection This tutorial shows you how to set up an ADSL Internet connection using the Web Configurator If you connect to the Internet through an ADSL connection use the information from your Internet Service Provider ISP to configure the VMG Be sure to contact your service provider for any information you need to configure the Broad...

Page 38: ...onnection Therefore select PPPoE as the WAN encapsulation type Set the IPv6 IPv4 Mode to IPv4 Only 4 Enter the account information provided to you by your DSL service provider General Name MyDSLConnection Type ADSL Connection Mode Routing Encapsulation PPPoE IPv6 IPv4 Mode IPv4 ATM PVC Configuration VPI VCI 36 48 Encapsulation Mode LLC SNAP Bridging Service Category UBR without PCR Account Informa...

Page 39: ...lt Internet connection by selecting the Apply as Default Gateway check box Then select DNS as Static and enter the DNS server addresses provided to you such as 192 168 5 2 DNS server1 192 168 5 1 DNS server2 6 Leave the rest of the fields to the default settings 7 Click Apply to save your settings ...

Page 40: ...Chapter 4 Tutorials VMG5313 B10A B30A Series User s Guide 40 ...

Page 41: ...s point AP and the notebook is the wireless client The wireless client can access the Internet through the AP Thomas has to configure the wireless network settings on the VMG Then he can set up a wireless network using WPS Section 4 4 2 on page 42 or manual configuration Section 4 4 3 on page 46 4 4 1 Configuring the Wireless Network Settings This example uses the following parameters to set up a ...

Page 42: ...etween his notebook and the VMG see Section 4 4 2 on page 42 He can also use the notebook s wireless client to search for the VMG see Section 4 4 3 on page 46 4 4 2 Using WPS This section shows you how to set up a wireless network using WPS It uses the VMG as the AP and ZyXEL NWD210N as the wireless client which connects to the notebook Note The wireless client must be a WPS aware device for examp...

Page 43: ...ve installed the wireless client driver and utility in your notebook 3 In the wireless client utility go to the WPS setting page Enable WPS and press the WPS button Start or WPS button 4 Push and hold the WPS button located on the VMG s front panel for more than 5 seconds Alternatively you may log into VMG s web configurator and go to the Network Setting Wireless WPS screen Enable the WPS function...

Page 44: ...both VMG and wireless client Example WPS Process PBC Method PIN Configuration When you use the PIN configuration method you need to use both the VMG s web configurator and the wireless client s utility 1 Launch your wireless client s configuration utility Go to the WPS settings and select the PIN method to get a PIN number 2 Log into VMG s web configurator and go to the Network Setting Wireless WP...

Page 45: ...ent utility screen within two minutes The VMG authenticates the wireless client and sends the proper configuration settings to the wireless client This may take up to two minutes The wireless client is then able to communicate with the VMG securely The following figure shows you how to set up a wireless network and its security on a VMG and a wireless client by using PIN method ...

Page 46: ... for the Example SSID Then enter the DoNotStealMyWirelessNetwork pre shared key to establish an wireless Internet connection Note The VMG supports IEEE 802 11b and IEEE 802 11g wireless clients Make sure that your notebook or computer s wireless adapter supports one of these standards Authentication by PIN SECURITY INFO WITHIN 2 MINUTES Wireless Client ZyXEL Device COMMUNICATION ...

Page 47: ...ors will use the VIP group Visiting guests will use the Guest group which has a different SSID and password Company A will use the following parameters to set up the wireless network groups 1 Click Network Setting Wireless to open the General screen Use this screen to set up the company s general wireless network group Configure the screen using the provided parameters and click Apply COMPANY VIP ...

Page 48: ...0A Series User s Guide 48 2 Click Network Setting Wireless Guest More AP to open the following screen Click the Edit icon to configure the second wireless network group 3 Configure the screen using the provided parameters and click Apply ...

Page 49: ...utorials VMG5313 B10A B30A Series User s Guide 49 4 In the Guest More AP screen click the Edit icon to configure the third wireless network group Configure the screen using the provided parameters and click Apply ...

Page 50: ...SIDs are active and ready for wireless access 4 6 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions you may connect a router to the VMG s LAN The router may be used to separate two department networks This tutorial shows how to configure a static routing rule for two network routings ...

Page 51: ...efault gateway by default In this case B will never receive the traffic You need to specify a static routing rule on the VMG to specify R as the router in charge of forwarding traffic to N2 In this case the VMG routes traffic from A to R and then R routes the traffic to B This tutorial uses the following example IP settings Table 4 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The VMG s ...

Page 52: ...Enter the Route Name as R 4b Set IP Type to IPv4 4c Type 192 168 10 0 and subnet mask 255 255 255 0 for the destination N2 4d Select Enable in the Use Gateway IP Address field Type 192 168 1 253 R s N1 address in the Gateway IP Address field 4e Select VDSL ppp1 1 as the Use Interface 4a Click OK Now B should be able to receive traffic from A You may need to additionally configure B s firewall sett...

Page 53: ...l traffic gets the highest priority with at least 5 000 kbps You can do the following Configure a queue to assign the highest priority queue 1 to e mail traffic going to the WAN interface so that e mail traffic would not get delayed when there is network congestion Note the IP address 192 168 1 23 for example and or MAC address AA FF AA FF AA FF for example of your computer and map it to queue 7 N...

Page 54: ...ate a new queue In the screen that opens check Active and enter or select the following values Name E mail Interface WAN Priority 1 High Weight 8 Rate Limit 5 000 kbps Tutorial Advanced QoS Queue Setup 4 Click Class Setup Add new Classifier to create a new class Check Active and follow the settings as shown in the screen below ...

Page 55: ...om Select LAN1 for this example Ether Type Select IP to identify the traffic source by its IP address or MAC address IP Address Type the IP address of your computer 192 168 1 23 Type the IP Subnet Mask if you know it MAC Address Type the MAC address of your computer AA FF AA FF AA FF Type the MAC Mask if you know it To Queue Index Link this to an item in the Network Setting QoS Queue Setup screen ...

Page 56: ...using a domain name To use this feature you have to apply for DDNS service at www dyndns org This tutorial covers Registering a DDNS Account on www dyndns org Configuring DDNS on Your VMG Testing the DDNS Setting Note If you have a private WAN IP address then you cannot use DDNS 4 8 1 Registering a DDNS Account on www dyndns org 1 Open a browser and type http www dyndns org 2 Apply for a user acco...

Page 57: ...on the computer using the IP address a b c d that is connected to the Internet 2 Type http zyxelrouter dyndns org and press Enter 3 The VMG s login page should appear You can then log into the VMG and manage it 4 9 Configuring the MAC Address Filter Thomas noticed that his daughter Josephine spends too much time surfing the web and downloading media files He decided to prevent Josephine from acces...

Page 58: ... screen Click Apply Thomas can also grant access to the computers of other members of his family and friends However Josephine and others not listed in this screen will no longer be able to access the Internet through the VMG 4 10 Access Your Shared Files From a Computer Here is how to use an FTP program to access a file storage device connected to the VMG s USB port Note This example uses the Fil...

Page 59: ...enter the IP address of the VMG the default is 192 168 1 1 your account s user name and password and port 21 and click Quickconnect A screen asking for password authentication appears File Sharing via Windows Explorer 2 Once you log in the USB device displays in the mnt folder ...

Page 60: ...e for the correct hardware connections Before you begin connect the USB storage device containing the media files you want to play to the USB port of your VMG 4 11 1 Configuring the VMG Note The Media Server feature is enabled by default To use your VMG as a media server click Network Setting Home Networking Media Server Tutorial USB Services Media Server Check Enable Media Server and click Apply ...

Page 61: ... and click Library Media Sharing as follows Tutorial Media Sharing using Windows Vista 2 Check Find media that others are sharing in the following screen and click OK Tutorial Media Sharing using Windows Vista 2 3 In the Library screen check the left panel The Windows Media Player should detect the VMG ...

Page 62: ...ws you the media files in the USB storage device attached to your VMG Windows 7 1 Open Windows Media Player It should automatically detect the VMG Tutorial Media Sharing using Windows 7 1 If you cannot see the VMG in the left panel as shown above right click Other Libraries Refresh Other Libraries 2 Select a category in the left panel and wait for Windows Media Player to connect to the VMG ...

Page 63: ...ia Sharing using Windows 7 2 4 11 3 Using a Digital Media Adapter This section shows you how you can use the VMG with a ZyXEL DMA 2500 to play media files stored in the USB storage device in your TV screen Note For this tutorial your DMA 2500 should already be set up with the TV according to the instructions in the DMA 2500 Quick Start Guide 1 Connect the DMA 2500 to an available LAN port in your ...

Page 64: ...remote control go to MyMedia to open the following screen Select the VMG as your media server Tutorial Media Sharing using DMA 2500 3 The screen shows you the list of available media files in the USB storage device Select the file you want to open and push the Play button in the remote control Tutorial Media Sharing using DMA 2500 2 DMA 2500 ZyXEL Device USB Storage Device ...

Page 65: ...g the printer on the computers connected to your network In this section you can Add a New Printer Using Windows Add a New Printer Using Macintosh OS X Add a New Printer Using Windows This example shows how to connect a printer to your VMG using the Windows 7 operating system Some menu items may look different on your operating system 1 Click Start Control Panel Devices and Printers to open the De...

Page 66: ...B10A B30A Series User s Guide 66 Tutorial Printers Folder 2 The Add Printer wizard screen displays Click Add a network wireless or Bluetooth printer Tutorial Add Printer Wizard Welcome 3 Click The printer that I want isn t listed ...

Page 67: ...ter Wizard Welcome 4 Select the Select a shared printer by name option Enter the URL for your printer http 192 168 1 1 631 printers USB_PRINTER in this example This URL can be found in the VMG s Web Configurator on the Network Setting USB Service Printer Server screen Click Next ...

Page 68: ...lls successfully choose if you want to set this printer to be the default Add a New Printer Using Macintosh OS X Complete the following steps to set up a print server driver on your Macintosh computer 1 Click the Print Center icon located in the Macintosh Dock a place holding a series of icons shortcuts at the bottom of the desktop Proceed to step 6 to continue If the Print Center icon is not in t...

Page 69: ...ouble click the Print Center icon Tutorial Utilities Folder 6 Click the Add icon at the top of the screen Tutorial Printer List Folder 7 Set up your printer in the Printer List configuration screen Select IP Printing from the drop down list box 8 In the Printer s Address field type the IP address of your VMG 9 Deselect the Use default queue on server check box 10 Type LP1 in the Queue Name field ...

Page 70: ...onfiguration 12 Click Add to select a printer model save and close the Printer List configuration screen Tutorial Printer Model 13 The Name LP1 on 192 168 1 1 displays in the Printer List field The default printer Name displays in bold type Tutorial Print Server Your Macintosh print server driver setup is complete You can now use the VMG s print server to print from a Macintosh computer ...

Page 71: ...71 PART II Technical Reference ...

Page 72: ...72 ...

Page 73: ... connection status of the Device and clients connected to it You can use the Status screen to look at the current status of the Device system resources and interfaces LAN WAN and WLAN 5 2 The Network Map Screen Use this screen to view the network connection status of the device and its clients A warning message appears if there is a connection problem Figure 12 Network Map Icon View Mode ...

Page 74: ...u want to change the name or icon of the client click Change name icon If you prefer to view the status in a list click List View in the Viewing mode selection box You can configure how often you want the Device to update this screen in Refresh interval Figure 13 Network Map List View Mode 5 3 The Status Screen Use this screen to view the status of the VMG Click Status to open this screen Figure 1...

Page 75: ... primary DNS server IP address Secondary DNS server This shows the secondary DNS server IP address Encapsulation This field displays the current encapsulation method LAN Information IPv4 Address This is the current IP address of the VMG in the LAN IPv4 Subnet Mask This is the current subnet mask in the LAN DHCP This field displays what DHCP services the VMG is providing to the LAN Choices are Serv...

Page 76: ...ld displays Down line down Up line up or connected and Drop dropping a call if you re using PPPoE encapsulation For the Ethernet WAN and LAN interface this field displays Up when using the interface and NoLink when not using the interface For the WLAN interface this field displays the enabled Active or disabled InActive state of the interface For the 3G USB interface this field displays Up when us...

Page 77: ...ount with the SIP server the attempt failed Use the Register button to register the account again The VMG automatically tries to register the SIP account when you turn on the VMG or when you activate it Registered The SIP account is already registered with the SIP server You can use it to make a VoIP call Service Provider This column displays the service provider name and SIP number for each SIP a...

Page 78: ...Chapter 5 Network Map and Status Screens VMG5313 B10A B30A Series User s Guide 78 ...

Page 79: ... to view remove or add a WAN interface You can also configure the WAN settings on the VMG for Internet access Section 6 2 on page 83 Use the Advanced screen to enable or disable PTM over ADSL Annex M Annex J and DSL PhyR functions Section 6 4 on page 95 Use the Ethernet WAN screen to convert LAN port number four as a WAN port or restore the WAN to a LAN port This is for Ethernet connection WAN Tab...

Page 80: ...oriented and supported by the VDSL2 standard In PTM packets are encapsulated directly in the High level Data Link Control HDLC frames It is designed to provide a low overhead transparent way of transporting packets over DSL links as an alternative to ATM IPv6 Introduction IPv6 Internet Protocol version 6 is designed to enhance IP address size and features The increase in IPv6 address size to 128 b...

Page 81: ...s compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means that the first 32 bits 2001 db8 is the subnet prefix IPv6 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128 bit binary digits which are divided into eight 16 bit blocks and written in hexadecimal notation Hexadecimal uses four bits for each characte...

Page 82: ...o the ISP s Address Family Transition Router AFTR in the graphic to connect to the IPv4 Internet The local network can also use IPv6 services The VMG uses it s configured IPv6 WAN IP to route IPv6 traffic to the IPv6 Internet Figure 17 Dual Stack Lite 6 1 3 Before You Begin You need to know your Internet access settings such as encapsulation and WAN IP address Get this information from your ISP IS...

Page 83: ...uide 83 6 2 The Broadband Screen Use this screen to change your VMG s Internet access settings Click Network Setting Broadband from the menu The summary table shows you the configured WAN services connections on the VMG Figure 18 Network Setting Broadband ...

Page 84: ...e is no priority level assigned 802 1q This indicates the VLAN ID number assigned to traffic sent through this connection This displays N A when there is no VLAN ID number assigned IGMP Proxy This shows whether the VMG act as an IGMP proxy on this connection NAT This shows whether NAT is activated or not for this connection Default Gateway This shows whether the VMG use the WAN interface of this c...

Page 85: ...ode encapsulation and IPv6 IPv4 mode you select 6 2 1 1 Routing Mode Use Routing mode if your ISP give you one IP address only and you want multiple computers to share an Internet account The following example screen displays when you select the ADSL VDSL over ATM connection type Routing mode and PPPoE encapsulation The screen varies when you select other interface type encapsulation and IPv6 IPv4...

Page 86: ...et over ATM EoA is used for PPPoE and IPoE encapsulation EoA a protocol for data transfer between Ethernet LAN and WAN over the ATM protocol It creates a bridged connection between the VMG and the ISP It uses an Ethernet header in the packet so that you can have multiple services connections over one PVC You can set each connection to have its own MAC address or all connections share one MAC addre...

Page 87: ...apsulation In addition to the VMG s built in PPPoE client you can enable PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the VMG Each host can have a separate account and a public WAN IP address PPPoE pass through is an alternative to NAT for application where NAT is not appropriate Disable PPPoE pass through if you d...

Page 88: ...y as Default Gateway Select this option to have the VMG use the WAN interface of this connection as the system default gateway DNS Server This is available only when you select IPv4 Only or IPv6 IPv4 DualStack in the IPv6 IPv4 Mode field DNS Select Obtain DNS Info Automically if you want the VMG to use the DNS server addresses assigned by your ISP Select Use Following Static DNS Address if you wan...

Page 89: ...IP address of the next hop gateway The gateway is a router or switch on the same segment as your VMG s interface s The gateway helps forward packets to their destinations IPv6 Routing Feature This is available only when you select IPv6 IPv4 DualStack or IPv6 Only in the IPv6 IPv4 Mode field You can enable IPv6 routing features in the following section MLD Proxy Enable Select this checkbox to have ...

Page 90: ... Default Tag enter a DSCP DiffServ Code Point value to have the VMG add it in the packets sent by this WAN interface MTU MTU Size Enter the MTU Maximum Transfer Unit size for this traffic Bridging and Routing in the same WAN Use this feature to bridge a LAN port s with the WAN interface Traffic to from LAN ports not in the bridge is routed from the WAN interface ADSL use same VPI VCI in Bridge and...

Page 91: ...as the interface that you want to configure The VMG uses the VDSL technology for data transmission over the DSL port Mode Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP s DHCP server directly If you select Bridge you cannot use routing functions such as QoS Firewall DHCP server and NAT on traffic from the...

Page 92: ...e if you want the VMG to ping check the connection status of your WAN You can configure the frequency of the ping check and number of consecutive failures before triggering 3G backup Check Cycle Enter the frequency of the ping check in this field Consecutive PING Fail Enter how many consecutive failures are required before 3G backup is triggered Ping Default Gateway Select this to have the VMG pin...

Page 93: ...ou do not want the connection up all the time and specify an idle time out in the Max Idle Timeout field Max Idle Timeout This value specifies the time in minutes that elapses before the VMG automatically disconnects from the ISP Obtain an IP Address Automatically Select this option if your ISP did not assign you a fixed IP address Use the following static IP address Select this option if the ISP ...

Page 94: ...o set a limit on the downstream traffic from the ISP to the VMG Select Upload to set a limit on the upstream traffic from the VMG to the ISP If you change the value after you configure and enable budget control the VMG resets the statistics Reset all budget counters on Select the date on which the VMG resets the budget every month Select last if you want the VMG to reset the budget on the last day...

Page 95: ...fication screen Over Budget Email Title Type a title that you want to be in the subject line of the e mail notifications that the VMG sends Send Notification to Email Notifications are sent to the e mail address specified in this field If this field is left blank notifications cannot be sent via e mail Interval Enter the interval of how many minutes you want the VMG to e mail you Enable Log Select...

Page 96: ...enabled if data being transmitted downstream is sensitive to noise However enabling PhyR DS can decrease the DS line rate Enabling or disabling PhyR will require the CPE to retrain For PhyR to function the DSLAM must also support PhyR and have it enabled Bitswap SRA Enable or disable Seamless Rate Adaption SRA Select Enable to have the VMG automatically adjust the connection s data rate according ...

Page 97: ...or transmitting data is boosted up to increase the reach of this signal up to 7 kilometers 23 000 ft ADSL2 ADSL2 extends the capability of basic ADSL by doubling the number of downstream channels The data rates can be as high as 24 Mbit s downstream and up to 1 4 Mbit s upstream depending on the distance from the DSLAM to the customer s premises AnnexM Annex M is an optional specification in ITU T...

Page 98: ...rface This is the interface that uses the authentication This displays N A when there is no interface assigned EAP Identity This shows the EAP identity of the authentication This displays N A when there is no EAP identity assigned EAP method This shows the EAP method used in the authentication This displays N A when there is no EAP method assigned Bidirectional Authentication This shows whether bi...

Page 99: ...e authentication Select this to enable the authentication Clear this to disable this authentication without having to delete the entry Interface Select an interface to which the authentication applies EAP Identity Enter the EAP identity of the authentication EAP method This is the EAP method used for this authentication Enable Bidirectional Authentication Select this to allow bidirectional authent...

Page 100: ... Ethernet WAN to display the following screen Figure 26 Network Setting Broadband Ethernet WAN The following table describes the fields in the above screen 6 7 Technical Reference The following section contains additional technical information about the VMG features described in this chapter Encapsulation Be sure to use the encapsulation method required by your ISP The VMG can work in bridge mode ...

Page 101: ...s etc connection For the service provider PPPoE offers an access and authentication method that works with existing access control systems for example RADIUS One of the benefits of PPPoE is the ability to let you access one of multiple network services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operatio...

Page 102: ...ongestion which is important for transmission of real time data such as audio and video connections Peak Cell Rate PCR is the maximum rate at which the sender can send cells This parameter may be lower but not higher than the maximum line speed 1 ATM cell is 53 bytes 424 bits so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells sec This rate is not guaranteed because it is dependent on ...

Page 103: ...nections that do not require closely controlled delay and delay variation It is commonly used for bursty traffic typical on LANs PCR and MBS define the burst levels SCR defines the minimum level An example of an VBR nRT connection would be non time sensitive data file transfers Unspecified Bit Rate UBR The Unspecified Bit Rate UBR ATM traffic class is for bursty data transfers However UBR doesn t ...

Page 104: ...ignificant and the default VID of the ingress port is given as the VID of the frame Of the 4096 possible VIDs a VID of 0 is used to identify priority frames and value 4095 FFF is reserved so the maximum possible VLAN configurations are 4 094 Multicast IP packets are transmitted in either one of two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast delivers ...

Page 105: ...dress 2001 0db8 1a2b 0015 0000 0000 1a2f 0000 IPv6 addresses can be abbreviated in two ways Leading zeros in a block can be omitted So 2001 0db8 1a2b 0015 0000 0000 1a2f 0000 can be written as 2001 db8 1a2b 15 0 0 1a2f 0 Any number of consecutive blocks of zeros can be replaced by a double colon A double colon can only appear once in an IPv6 address So 2001 0db8 0000 0000 1a2f 0000 0000 0015 can b...

Page 106: ...Chapter 6 Broadband VMG5313 B10A B30A Series User s Guide 106 ...

Page 107: ...hentication screen to allow or deny wireless clients based on their MAC addresses from connecting to the VMG Section 7 4 on page 117 Use the WPS screen to enable or disable WPS view or generate a security PIN Personal Identification Number Section 7 5 on page 118 Use the WMM screen to enable Wi Fi MultiMedia WMM to ensure quality of service in wireless networks for multimedia applications Section ...

Page 108: ...use However wireless networking is different from that of most traditional radio communications in that there a number of wireless networking standards available with different methods of data encryption Finding Out More See Section 7 10 on page 125 for advanced technical information on wireless networks 7 2 The General Screen Use this screen to enable the Wireless LAN enter the SSID and select th...

Page 109: ...channel to use more less Click more to show more information Click less to hide them Bandwidth Select whether the VMG uses a wireless channel width of 20MHz or 40MHz A standard 20MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300 Mbps 40MHz channel bonding or dual channel bonds two adjacent radio channels to increas...

Page 110: ...access point AP must have the same SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Max clients Specify the maximum number of clients that can connect to this network at the same time Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool Enhanced Multicast Fo...

Page 111: ...d that you use a more effective security mechanism Use the strongest security mechanism that all the wireless devices in your network support For example use WPA PSK or WPA2 PSK if all your wireless devices support it or use WPA or WPA2 if your wireless devices support it and you have a RADIUS server If your wireless devices support nothing stronger than WEP use the highest encryption level availa...

Page 112: ... password WEP keys are used to encrypt data Both the VMG and the wireless stations must use the same password WEP key for data transmission If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You must configure at least one password only one password can be activa...

Page 113: ...his screen Table 19 Wireless General More Secure WPA 2 PSK LABEL DESCRIPTION Security Level Select More Secure to enable WPA 2 PSK data encryption Security Mode Select WPA PSK or WPA2 PSK from the drop down list box Generate password automatically Select this option to have the VMG automatically generate a password The password field will not be configurable when you select this option Password Th...

Page 114: ...0 Network Setting Wireless Guest More AP LABEL DESCRIPTION This is the index number of the entry Status This field indicates whether this SSID is active A yellow bulb signifies that this SSID is active A gray bulb signifies that this SSID is not active SSID An SSID profile is the set of parameters relating to one of the VMG s BSSs The SSID Service Set IDentifier identifies the Service Set with whi...

Page 115: ...e following screen displays Figure 33 Network Setting Wireless Guest More AP Edit The following table describes the fields in this screen Table 21 Network Setting Wireless Guest More AP Edit LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in this field Passphrase Type Passphrase type cannot be changed The default is None Wireless Network Settings ...

Page 116: ... per second Kbps BSSID This shows the MAC address of the wireless interface on the VMG when wireless LAN is enabled E mail notification when the wireless guest visit Enable Email Notification Select this to have the VMG e mail you a notification when a wireless client is connected to the wireless network Mail Server Select a mail server for the e mail address specified below If you do not select a...

Page 117: ...D Select the SSID for which you want to configure MAC filter settings MAC Restrict Mode Define the filter action for the list of MAC addresses in the MAC Address table Select Disable to turn off MAC filtering Select Deny to block access to the VMG MAC addresses not listed will be allowed to access the VMG Select Allow to permit access to the VMG MAC addresses not listed will be denied access to th...

Page 118: ...k Network Setting Wireless WPS The following screen displays Select Enable and click Apply to activate the WPS function Then you can configure the WPS settings in this screen Figure 35 Network Setting Wireless WPS The following table describes the labels in this screen Table 23 Network Setting Wireless WPS LABEL DESCRIPTION WPS Select Enable to activate WPS on the VMG Method 1 Use this section to ...

Page 119: ...ngs Note You must also activate WPS on that device within two minutes to have it present its PIN to the VMG Method 3 Use this section to set up a WPS wireless network by entering the PIN of the VMG into the client Release Configuratio n The default WPS status is configured Click this button to remove all configured wireless and wireless security settings for WPS connections on the VMG Generate New...

Page 120: ...ot all models support WDS links Check your other AP s documentation Click Network Setting Wireless WDS The following screen displays Table 24 Network Setting Wireless WMM LABEL DESCRIPTION WMM Select On to have the VMG automatically give a service a priority level according to the ToS value in the IP header of packets it sends WMM QoS Wifi MultiMedia Quality of Service gives high priority to voice...

Page 121: ...g mode to Access Point Select Enabled to turn on WDS and enter the peer device s MAC address manually in the table below Select Disable to turn off WDS Remote Bridge MAC Address You can enter the MAC address of the peer device by clicking the Edit icon under Modify This is the index number of the entry MAC Address This shows the MAC address of the peer device You can connect to up to 4 peer device...

Page 122: ...se this screen to configure advanced wireless settings Click Network Setting Wireless Others The screen appears as shown See Section 7 10 2 on page 127 for detailed definitions of the terms listed in this screen Table 26 WDS Scan LABEL DESCRIPTION Wireless Bridge Scan Setup Refresh Click Refresh to update the table This is the index number of the entry SSID This shows the SSID of the available wir...

Page 123: ...al scan Output Power Set the output power of the VMG If there is a high density of APs in an area decrease the output power to reduce interference with other APs Select one of the following 20 40 60 80 or 100 Beacon Interval When a wirelessly networked device sends a beacon it includes with it a beacon interval This specifies the time period before the device sends the beacon again The interval te...

Page 124: ...Select 802 11b g n Mixed to allow IEEE 802 11b IEEE 802 11g or IEEE802 11n compliant WLAN devices to associate with the VMG The transmission rate of your VMG might be reduced 802 11 Protection Enabling this feature can help prevent collisions in mixed mode networks networks with both IEEE 802 11b and IEEE 802 11g traffic Select Auto to have the wireless devices transmit data after a RTS CTS handsh...

Page 125: ...ss point is a radio with a wired connection to a network which can connect with numerous wireless clients and let them access the network A bridge is a radio that relays communications between access points and wireless clients extending a network s range Traditionally a wireless network operates in one of two ways An infrastructure type of network has one or more access points and one or more wir...

Page 126: ...nt channel Like radio stations or television channels each wireless network uses a specific channel or frequency to send and receive information Every device in the same wireless network must use security compatible with the AP Security stops unauthorized devices from using the wireless network It can also protect the information that is sent in the wireless network Radio Channels In the radio spe...

Page 127: ...for an attacker s software to guess for example a twenty letter long string of apparently random numbers and letters but it is not very secure if you use a short key which is very easy to guess for example a three letter word from the dictionary Because of the damage that can be done by a malicious attacker it s not just people who have sensitive information on their network who should use securit...

Page 128: ...evice is allowed to use the wireless network it still has to have the correct information SSID channel and security If a device is not allowed to use the wireless network it does not matter if it has the correct information This type of security does not protect the information that is sent in the wireless network Furthermore there are ways for unauthorized wireless devices to get the MAC address ...

Page 129: ...possible for unauthorized wireless devices to figure out the original information pretty quickly When you select WPA2 or WPA2 PSK in your VMG you can also select an option WPA compatible to support WPA as well In this case if some of the devices support WPA and some support WPA2 you should set up WPA2 PSK or WPA2 depending on the type of wireless network login and select the WPA compatible option ...

Page 130: ... 7 10 6 MBSSID Traditionally you need to use different APs to configure different Basic Service Sets BSSs As well as the cost of buying extra APs there is also the possibility of channel interference The VMG s MBSSID Multiple Basic Service Set IDentifier function allows you to use one access point to provide several BSSs simultaneously You can then assign varying QoS priorities and or security mod...

Page 131: ...VMG can act as a wireless network bridge and establish WDS Wireless Distribution System links with other APs You need to know the MAC addresses of the APs you want to link to Once the security settings of peer sides match one another the connection between devices is made At the time of writing WDS security is compatible with other ZyXEL access points only Refer to your other access point s docume...

Page 132: ... press the button on the other device The registrar sends the network name SSID and security key through an secure connection to the enrollee If you need to make sure that WPS worked check the list of associated wireless clients in the AP s configuration utility If you see the wireless client in the list WPS was successful 7 10 9 2 PIN Configuration Each WPS enabled device has its own PIN Personal...

Page 133: ...either enter the client s PIN in the AP or enter the AP s PIN in the client it does not matter which 6 Start WPS on both devices within two minutes 7 Use the configuration utility to activate WPS not the push button on the device itself 8 On a computer connected to the wireless client try to connect to the Internet If you can connect WPS was successful If you cannot connect check the list of assoc...

Page 134: ... Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the registrar is already part of a network it sends the existing information If not it generates the SSID and WPA 2 PSK randomly The following figure shows a WPS enabled client installed i...

Page 135: ... the security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has connected to another device using WPS it becomes configured A configured wireless client can still act as enrollee or registrar in subsequent WPS connections but a configured access point can no longer act as enrollee It will be the registrar in all subsequent WPS connections in which it is inv...

Page 136: ... the registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 Figure 47 WPS Example Network Step 2 In step 3 you add another access point AP2 to your network AP2 is out of range of AP1 so you cannot use AP1 for the WPS handshake with the new access point However you know that Client 2 supports the registrar func...

Page 137: ...s WPA PSK or WPA2 PSK depends on the device You can check the configuration interface of the registrar device to discover the key the network is using if the device supports this feature Then you can enter the key into the non WPS device and join the network as normal the non WPS device must also support WPA PSK or WPA2 PSK When you use the PBC method there is a short period from the moment you pr...

Page 138: ...lee or was not involved in the WPS handshake a rogue device must still associate with the access point to gain access to the network Check the MAC addresses of your wireless clients usually printed on a label on the bottom of the device If there is an unknown MAC address you can remove it or reset the AP ...

Page 139: ... DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Section 8 3 on page 144 Use the UPnP screen to enable UPnP and UPnP NAT traversal on the VMG Section 8 4 on page 146 Use the Additional Subnet screen to configure IP alias and public static IP Section 8 5 on page 148 Use the STB Vendor ID screen to have the VMG automatically create static D...

Page 140: ...ore you can access it RADVD Router Advertisement Daemon When an IPv6 host sends a Router Solicitation RS request to discover the available routers RADVD with Router Advertisement RA messages in response to the request It specifies the minimum and maximum intervals of RA broadcasts RA messages containing the address prefix IPv6 hosts can be generated with the IPv6 prefix an IPv6 address 8 1 2 2 Abo...

Page 141: ...EL has achieved UPnP certification from the Universal Plug and Play Forum UPnP Implementers Corp UIC ZyXEL s UPnP implementation supports Internet Gateway Device IGD 1 0 See Section 8 4 1 on page 147 for examples of installing and using UPnP Finding Out More See Section 8 9 on page 152 for technical background information on LANs 8 1 3 Before You Begin Find out the MAC addresses of your network de...

Page 142: ...lt Your VMG automatically computes the subnet mask based on the IP Address you enter so do not change this field unless you are instructed to do so IGMP Snooping Status Select the Enable IGMP Snooping checkbox to allows the VMG to passively learn multicast group IGMP Mode Select Standard Mode to have the VMG forward multicast packets to a port that joins the multicast group and broadcast unknown m...

Page 143: ...ystem server IP address the VMG passes to the DHCP clients LAN IPv6 Mode Setup IPv6 State Select Enable to activate the IPv6 mode and configure IPv6 settings on the VMG LAN IPv6 Address Setup Delegate prefix from WAN Select this option to automatically obtain an IPv6 network prefix from the service provider or an uplink router Static Select this option to configure a fixed IPv6 address for the VMG...

Page 144: ...VMG provides DNS information through DHCPv6 From RA DHCPv6 Server The VMG provides DNS information through both router advertisements and DHCPv6 DHCPv6 Configuration DHCPv6 State This shows the status of the DHCPv6 IPv6 Router Advertisement State RADVD State This shows whether RADVD is enabled or not IPv6 DNS Values IPv6 DNS Server 1 3 Select From ISP if your ISP dynamically assigns IPv6 DNS serve...

Page 145: ...1 Network Setting Home Networking Static DHCP LABEL DESCRIPTION Add new static lease Click this to add a new static DHCP entry This is the index number of the entry Status This field displays whether the client is connected to the VMG MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal notation A network inter...

Page 146: ...display the screen shown next Figure 52 Network Setting Home Networking UPnP Table 32 Static DHCP Add Edit LABEL DESCRIPTION Active Select this to activate the connection between the client and the VMG Group Name Select the interface group name for which you want to configure static DHCP settings See Chapter 14 on page 205 for how to create a new interface group Select Device Info Select a device ...

Page 147: ...ill enter the password to access the web configurator UPnP NAT T Select Enable to allow UPnP enabled applications to automatically configure the VMG so that they can communicate through the VMG by using NAT traversal UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device this eliminates the need to manually configure port forwarding f...

Page 148: ...twork and other computers on the network to find your computer This makes it easier to share files and printers 8 5 The Additional Subnet Screen Use the Additional Subnet screen to configure IP alias and public static IP IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface The VMG supports multiple logical LAN interfaces via its physi...

Page 149: ... name for which you want to configure the IP alias settings See Chapter 14 on page 205 for how to create a new interface group Active Select the checkbox to configure a LAN network for the VMG IP Address Enter the IP address of your VMG in dotted decimal notation IP Subnet Mask Your VMG will automatically calculate the subnet mask based on the IP address that you assign Unless you are implementing...

Page 150: ... Networking STB Vendor ID The following table describes the labels in this screen Note The VMG needs to restart to make the role change take effect 8 7 The Wake on LAN Screen Use this screen to turn on a device on the LAN network To use this feature the remote device must also support Wake On LAN You need to know the MAC address of the LAN device It may be on a label on the device or in its docume...

Page 151: ...orking TFTP Server Name to open this screen Figure 56 Network Setting Home Networking TFTP Server Name Table 36 Network Setting Home Networking Wake on Lan LABEL DESCRIPTION Wake by Address Select Manual and enter the IP address or MAC address of the device to turn it on remotely The drop down list also lists the IP addresses that can be found in the VMG s ARP table Select an IP address and it wil...

Page 152: ...ients to obtain TCP IP configuration at start up from a server You can configure the VMG as a DHCP server or disable it When configured as a server the VMG provides the TCP IP configuration for the clients If you turn DHCP service off you must have another DHCP server on your LAN or else the computer must be manually configured IP Pool Setup The VMG is pre configured with a pool of IP addresses fo...

Page 153: ...ability IP Address and Subnet Mask Similar to the way houses on a street share a common street name so too do computers on a LAN share one common network number Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask I...

Page 154: ...0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the app...

Page 155: ...ace The VMG routes most traffic from A to the Internet through the VMG s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the LAN Figure 58 Example of Routing Topology 9 2 The Routing Screen Use this screen to view and configure the static...

Page 156: ...work address of the final destination Routing is always based on network number Subnet Mask This parameter specifies the IP network subnet mask of the final destination Gateway This is the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations Interface This is the WAN interface...

Page 157: ...teway helps forward packets to their destinations If you want to use the gateway IP address select Enable Gateway IP Address Enter the IP address of the gateway Use Interface Select the WAN interface you want to use for this static route Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 39 Routing Add Edit Sheet 2 of 2 LABEL DESCRIPTION Table 40 Ne...

Page 158: ... default routing behavior and alter the packet forwarding based on the policy defined by the network administrator Policy based routing is applied to outgoing packets prior to the normal routing You can use source based policy forwarding to direct traffic from different users through different connections or distribute traffic among multiple paths for load sharing Table 41 DNS Route Add LABEL DESC...

Page 159: ...RIPTION Add new Policy Forward Rule Click this to create a new policy forwarding rule This is the index number of the entry Policy Name This is the name of the rule Source IP This is the source IP address Source Subnet Mask his is the source subnet mask address Protocol This is the transport layer protocol Source Port This is the source port number WAN This is the WAN interface through which the t...

Page 160: ...ting information with other routers Table 43 Policy Forwarding Add Edit LABEL DESCRIPTION Policy Name Enter a descriptive name of up to 8 printable English keyboard characters not including spaces Source IP Enter the source IP address Source Subnet Mask Enter the source subnet mask address Protocol Select the transport layer protocol TCP or UDP Source Port Enter the source port number Source MAC E...

Page 161: ...packets that the VMG sends it recognizes both formats when receiving RIP version 1 is universally supported but RIP version 2 carries more information RIP version 1 is probably adequate for most networks unless you have an unusual network topology Operation Select Passive to have the VMG update the routing table based on the RIP packets received from neighbors but not advertise its route informati...

Page 162: ...Chapter 9 Routing VMG5313 B10A B30A Series User s Guide 162 ...

Page 163: ...estion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Voice over IP VoIP or Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video This chapter contains information about configuring QoS and editi...

Page 164: ... or service based on the tag or marker Traffic Shaping Bursty traffic may cause network congestion Traffic shaping regulates packets to be transmitted with a pre configured data transmission rate using buffers or queues Your VMG uses the Token Bucket algorithm to allow a certain amount of large bursts while keeping a limit at the average rate Traffic Policing Traffic policing is the limiting of th...

Page 165: ...aged Upstream Bandwidth Enter the amount of upstream bandwidth for the WAN interfaces that you want to allocate using QoS The recommendation is to set this speed to match the interfaces actual transmission speed For example set the WAN interfaces speed to 100000 kbps if your Internet connection has an upstream transmission speed of 100 Mbps You can set this number higher than the interfaces actual...

Page 166: ...is to the LAN interfaces maximum supported connection speed Upstream traffic priority Assigned by Select how the VMG assigns priorities to various upstream traffic flows None Disables auto priority mapping and has the VMG put packets into the queues according to your classification rules Traffic which does not match any of the classification rules is mapped into the default queue with the lowest p...

Page 167: ...s queue Interface This shows the name of the VMG s interface through which traffic in this queue passes Priority This shows the priority of this queue Weight This shows the weight of this queue Buffer Management This shows the queue management algorithm used for this queue Queue management algorithms determine how the VMG should handle packets when it receives too many network congestion Rate Limi...

Page 168: ...e priority level from 1 to 7 of this queue The smaller the number the higher the priority level Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if the network is congested Weight Select the weight from 1 to 8 of this queue If two queues have the same priority level the VMG divides the bandwidth across the queues according to their we...

Page 169: ...y bulb signifies that this classifier is not active Class Name This is the name of the classifier Classification Criteria This shows criteria specified in this classifier for example the interface from which traffic of this class should come and the source MAC address of traffic that matches this classifier DSCP Mark This is the DSCP number added to traffic of this classifier 802 1P Mark This is t...

Page 170: ...re 70 Class Setup Add Edit The following table describes the labels in this screen Table 49 Class Setup Add Edit LABEL DESCRIPTION Active Select this to enable this classifier Class Name Enter a descriptive name of up to 15 printable English keyboard characters not including spaces ...

Page 171: ...exadecimal character s For example if you set the MAC address to 00 13 49 00 00 00 and the mask to ff ff ff 00 00 00 a packet with a MAC address of 00 13 49 12 34 56 matches this criteria Exclude Select this option to exclude the packets that match the specified criteria from this classifier Destination Address Select the check box and enter the source IP address in dotted decimal notation A blank...

Page 172: ...is available only when you select 802 1Q in the Ether Type field Select this option and specify a VLAN ID number TCP ACK This field is available only when you select IP in the Ether Type field If you select this option the matched TCP packets must contain the ACK Acknowledge flag Exclude Select this option to exclude the packets that match the specified criteria from this classifier DSCP Mark This...

Page 173: ...ew entry This is the index number of the entry Status This field displays whether the policer is active or not A yellow bulb signifies that this policer is active A gray bulb signifies that this policer is not active Name This field displays the descriptive name of this policer Regulated Classes This field displays the name of a QoS classifier Meter Type This field displays the type of QoS meterin...

Page 174: ...ch is also the bucket size The Single Rate Three Color Marker srTCM is based on the token bucket filter and identifies packets by comparing them to the Committed Information Rate CIR the Committed Burst Size CBS and the Excess Burst Size EBS The Two Rate Three Color Marker trTCM is based on the token bucket filter and identifies packets by comparing them to the Committed Information Rate CIR and t...

Page 175: ...ze red marked packets Drop Discard the packets DSCP Mark Change the DSCP mark value of the packets Enter the DSCP mark value to use The packets may be dropped if there is congestion on the network Available Class Selected Class Select a QoS classifier to apply this QoS policer to traffic that matches the QoS classifier Highlight a QoS classifier in the Available Class box and use the button to mov...

Page 176: ...llustrates the DS field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet gets across the DiffServ network Based on the marking rule different kinds of traffic can be marked for differ...

Page 177: ...t can hold up to b tokens Tokens are generated and added into the bucket at a constant rate The following shows how tokens work with packets A packet can be transmitted if the number of tokens in the bucket is equal to or greater than the size of the packet in bytes After a packet is transmitted a number of tokens corresponding to the packet size is removed from the bucket Table 53 Internal Layer2...

Page 178: ...level is referred to as red medium is referred to as yellow and low is referred to as green The srTCM is based on the token bucket filter and has two token buckets CBS and EBS Tokens are generated and added into the bucket at a constant rate called Committed Information Rate CIR When the first bucket CBS is full new tokens overflow into the second bucket EBS All packets are evaluated against the C...

Page 179: ...IR and PIR respectively All packets are evaluated against the PIR If a packet exceeds the PIR it is marked red Otherwise it is evaluated against the CIR If it exceeds the CIR then it is marked yellow Finally if it is below the CIR then it is marked green The following shows how tokens work with incoming packets in trTCM A packet arrives If the number of tokens in the PBS bucket is less than the si...

Page 180: ...Chapter 10 Quality of Service QoS VMG5313 B10A B30A Series User s Guide 180 ...

Page 181: ...settings Section 11 4 on page 187 Use the DMZ screen to configure a default server Section 11 5 on page 189 Use the ALG screen to enable and disable the NAT and SIP VoIP ALG in the VMG Section 11 6 on page 190 Use the Address Mapping screen to configure the VMG s address mapping settings Section 11 7 on page 191 Use the Sessions screen to configure the VMG s maximum number of NAT sessions Section ...

Page 182: ...l IP address of the desired server The port number identifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports...

Page 183: ...e Click this to add a new rule This is the index number of the entry Status This field displays whether the NAT rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active Service Name This shows the service s name WAN Interface This shows the WAN interface through which the service is forwarded WAN IP This field displays the incoming p...

Page 184: ... Port This is the last internal port number that identifies a service Protocol This shows the IP protocol supported by this virtual server whether it is TCP UDP or TCP UDP Modify Click the Edit icon to edit this rule Click the Delete icon to delete an existing rule Table 54 Network Setting NAT Port Forwarding continued LABEL DESCRIPTION Table 55 Port Forwarding Add Edit LABEL DESCRIPTION Active Cl...

Page 185: ...he start port number here and the end port number in the End Port field End Port Enter the last port of the original destination port range To forward only one port enter the port number in the Start Port field above and then enter it again in this field To forward a series of ports enter the last port number in a series that begins with the port number in the Start Port field above Translation St...

Page 186: ...he WAN interface through which the service is forwarded Server IP Address This field displays the destination IP address for the service Modify Click the Delete icon to delete the rule Table 57 Applications Add LABEL DESCRIPTION WAN Interface Select the WAN interface that you want to apply this NAT rule to Server IP Address Enter the inside IP address of the application here Application Category S...

Page 187: ... a response with a specific port number and protocol open port the VMG forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service closes another computer on the LAN can use the service in the same manner This way you do not need to configure a new IP address each time you want a different LAN computer to use the application Fo...

Page 188: ...AN Interface This field shows the WAN interface through which the service is forwarded Trigger Start Port The trigger port is a port or a range of ports that causes or triggers the VMG to record the IP address of the LAN computer that sent the traffic to a server on the WAN This is the first port number that identifies a service Trigger End Port This is the last port number that identifies a servi...

Page 189: ...ange of ports that causes or triggers the VMG to record the IP address of the LAN computer that sent the traffic to a server on the WAN Type a port number or the starting port number in a range of port numbers Trigger End Port Type a port number or the ending port number in a range of port numbers Trigger Protocol Select the transport layer protocol from TCP UDP or TCP UDP Open Start Port The open...

Page 190: ...ic IP address You do not need to use STUN or an outbound proxy if your VMG is behind a SIP ALG Use this screen to enable and disable the NAT and SIP VoIP ALG in the VMG To access this screen click Network Setting NAT ALG Figure 82 Network Setting NAT ALG Table 60 Network Setting NAT DMZ LABEL DESCRIPTION Default Server Address Enter the IP address of the default server which receives packets from ...

Page 191: ...his to have the VMG detect RTSP traffic and help build RTSP sessions through its NAT The Real Time Streaming media control Protocol RTSP is a remote control for multimedia on the Internet Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 62 Network Setting NAT Address Mapping LABEL DESCRIPTION Add new rule Click this to create a new rule Set...

Page 192: ...iple local IP addresses to shared global IP addresses Modify Click the Edit icon to go to the screen where you can edit the address mapping rule Click the Delete icon to delete an existing address mapping rule Note that subsequent address mapping rules move up by one when you take this action Table 62 Network Setting NAT Address Mapping continued LABEL DESCRIPTION Table 63 Address Mapping Add Edit...

Page 193: ...ou have a dynamic IP address from your ISP You can only do this for the Many to One mapping type Global End IP Enter the ending Inside Global IP Address IGA This field is blank for One to One and Many to One mapping types Set Select the number of the mapping set for which you want to configure OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving Table 63 Address ...

Page 194: ...e source IP address in a packet received from a subscriber the inside local address to another the inside global address before forwarding the packet to the WAN side When the response comes back NAT translates the destination address the inside global address back to the inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outs...

Page 195: ...ss and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and then forwards it to the Internet The VMG keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored The following figure illustrates this Figure 86 How NAT Works 11 9 4 NAT Application The following figure illustrates a possibl...

Page 196: ...Port Forwarding Example Let s say you want to assign ports 21 25 to one FTP Telnet and SMTP server A in the example port 80 to another B in the example and assign a default server IP address of 192 168 1 35 to a Table 66 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Finger 79 HTTP Hyper Text Trans...

Page 197: ...d C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 88 Multiple Servers Behind NAT Example D 192 168 1 36 192 168 1 1 IP address assigned by ISP A 192 168 1 33 B 192 168 1 34 C 192 168 1 35 ...

Page 198: ...Chapter 11 Network Address Translation NAT VMG5313 B10A B30A Series User s Guide 198 ...

Page 199: ...e routing table Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you in NetMeeting CU SeeMe etc You can also access your FTP server or Web site on your own computer using a domain name for instance myhost dhs org where myhost is a name of your choice that will never change instead of using an IP address th...

Page 200: ...twork Setting DNS to open the DNS Entry screen Figure 89 Network Setting DNS DNS Entry The following table describes the fields in this screen 12 2 1 Add Edit DNS Entry You can manually add or edit the VMG s DNS name and IP address entry Click Add new DNS entry in the DNS Entry screen or the Edit icon next to the entry you want to edit The screen shown next appears Table 67 Network Setting DNS DNS...

Page 201: ...n appears as shown Figure 91 Network Setting DNS Dynamic DNS The following table describes the fields in this screen Table 68 DNS Entry Add Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry IP Address Enter the IP address of the DNS entry Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 69 Network Setting DNS Dynamic DNS LABEL ...

Page 202: ...ord assigned to you Dynamic DNS Status User Authentication Result This shows Success if the account is correctly set up with the Dynamic DNS provider account Last Updated Time This shows the last time the IP address the Dynamic DNS provider has associated with the hostname was updated Current Dynamic IP This shows the IP address your Dynamic DNS provider has currently associated with the hostname ...

Page 203: ...o on Demand and IPTV traffic respectively coming from the two VoD and IPTV multicast servers The VMG DSL can also tag outgoing requests to these servers with these VLAN IDs Figure 92 VLAN Group Example 13 1 1 What You Can Do in this Chapter Use these screens to group separate VLAN groups together to be treated as one VLAN group 13 2 The Vlan Group Screen Click Network Setting Vlan Group to open th...

Page 204: ...AN group and if traffic leaving the port will be tagged with the VLAN ID Modify Click the Edit icon to change an existing VLAN group setting or click the Delete icon to remove the VLAN group Table 71 Interface Group Configuration LABEL DESCRIPTION VLAN Group Name Enter a name to identify this group You can enter up to 30 characters You can use letters numbers hyphens and underscores _ Spaces are n...

Page 205: ...lly add a LAN interface to a new group Alternatively you can have the VMG automatically add the incoming traffic and the LAN interface on which traffic is received to an interface group when its DHCP Vendor ID option information matches one listed for the interface group Use the LAN screen to configure the private IP addresses the DHCP server on the VMG assigns to the clients in the default and or...

Page 206: ... new interface group Note An interface can belong to only one group at a time Table 72 Network Setting Interface Group LABEL DESCRIPTION Add New Interface Group Click this button to create a new interface group Group Name This shows the descriptive name of the group WAN Interface This shows the WAN interfaces in the group LAN Interfaces This shows the LAN interfaces in the group Criteria This show...

Page 207: ...ess LAN in the Available LAN Interfaces list and use the left arrow to move them to the Grouped LAN Interfaces list to add the interfaces to this group To remove a LAN or wireless LAN interface from the Grouped LAN Interfaces use the right facing arrow Automatically Add Clients With the following DHCP Vendor IDs Click Add to identify LAN hosts to add to the interface group by criteria such as the ...

Page 208: ...o use wildcards in the Vendor Class Identifier configured for DHCP option 60 DHCP Option 61 Select this and enter the device identity of the matched traffic IAID Enter the Identity Association Identifier IAID of the device for example the WAN connection index number DUID type Select DUID LLT DUID Based on Link layer Address Plus Time to enter the hardware type a time value and the MAC address of t...

Page 209: ...vendor s OUI Organization Unique Identifier It is usually the first three bytes of the MAC address Product Class Enter the product class of the device Model Name Enter the model name of the device Serial Number Enter the serial number of the device Apply Click Apply to save your changes back to the VMG Cancel Click Cancel to exit this screen without saving Table 74 Interface Grouping Criteria cont...

Page 210: ...Chapter 14 Interface Group VMG5313 B10A B30A Series User s Guide 210 ...

Page 211: ...t be able to join the workgroup if your local area network has restrictions set up that do not allow devices to join a workgroup In this case contact your network administrator 15 1 1 What You Can Do in this Chapter Use the File Sharing screen to enable file sharing server Section 15 1 3 on page 213 Use the Media Server screen to enable or disable the sharing of media files Section 15 3 on page 21...

Page 212: ...rnet File System The VMG uses Common Internet File System CIFS protocol for its file sharing functions CIFS compatible computers can access the USB file storage devices connected to the VMG CIFS protocol is supported on Microsoft Windows Linux Samba and other operating systems refer to your systems specifications for CIFS compatibility 15 1 2 2 About Printer Server Print Server This is a computer ...

Page 213: ...e VMG s USB port Make sure the VMG is connected to your network 2 The VMG detects the USB device and makes its contents available for browsing If you are connecting a USB hard drive that comes with an external power supply make sure it is connected to an appropriate power source that is on Note If your USB device cannot be detected by the VMG see the troubleshooting for suggestions 15 2 The File S...

Page 214: ...shows the status of the share The share is not activated The share is activated and shared to all users The share is activated and only shared to the specified users listed in the Account Management section below Share Name This field shows the name of a folder that is shared through the VMG Share Path This field shows the location of the share in the VMG Share Description This field shows a short...

Page 215: ...he USB storage device connected to the VMG Use hardware based media clients like the DMA 2500 to play the files Note Anyone on your network can play the media files in the published shares No user name and password or other form of security is used The media server is enabled by default with the video photo and music shares published To change your VMG s media server settings click Network Setting...

Page 216: ... printer software already installed before they can create a TCP IP port for printing via the network Follow your printer manufacturers instructions on how to install the printer software on your computer Note Your printer s installation instructions may ask that you connect the printer to your computer Connect your printer to the VMG instead Table 77 Network Setting USB Service Media Server LABEL...

Page 217: ...een click Network Setting USB Service Print Server Figure 103 Network Setting USB Service Printer Server The following table describes the labels in this menu Table 78 Network Setting USB Service Print Server LABEL DESCRIPTION Print Server Select Enable to have the VMG share a USB printer Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings ...

Page 218: ...Chapter 15 USB Service VMG5313 B10A B30A Series User s Guide 218 ...

Page 219: ...interface s and or LEDs Section 16 2 on page 219 Use the Auto Switch Off screen to configure schedules for turning on off interface s and or LEDs automatically Section 16 3 on page 220 16 1 2 What You Need To Know These screens are only available for the supervisor user The Power Management and Auto Switch Off screens are dependant You can only configure the on off switches of the same interface a...

Page 220: ... specific interface s and or all LED lights on the VMG To access this screen click Network Setting Power Management Auto Switch Off Figure 105 Network Setting Power Managment Auto Switch Off Table 79 Network Setting Power Management LABEL DESCRIPTION Manually Switch On Off Select POWER ON or POWER OFF to turn on off the interface or LED lights Apply Click Apply to save your changes Cancel Click Ca...

Page 221: ...ime This field shows the time period the interface s and or LEDs are turned on Wireless This field shows whether this schedule applies to the wireless LAN interface DSL WAN This field shows whether this schedule applies to the DSL WAN interface Eth WAN This field shows whether this schedule applies to the Ethernet WAN interface LAN1 LAN4 This field shows whether this schedule applies to the corres...

Page 222: ...ules Add new rule Edit LABEL DESCRIPTION Rule Name Type up to 31 alphanumberic characters for the name of this rule Day Select the week day s of the schedule Time of Day Range Enter the From and To times in hh mm format to set a time period for the schedule You can only enter a time period between 00 00 and 23 59 To set a time period crossing over midnight you must split the time period into two s...

Page 223: ... initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 108 Default Firewall Action 17 1 1 What You Can Do in this Chapter Use the General screen to configure the security level of the firewall on the VMG Section 17 2 on page 225 Use the Protocol screen to add or rem...

Page 224: ...twork resources The ZyXEL Device is pre configured to automatically detect and thwart all known DoS attacks DDoS A DDoS attack is one in which multiple compromised systems attack a single target thereby causing denial of service for users of the targeted system LAND Attack In a LAND attack hackers flood SYN packets into the network with a spoofed source IP address of the target system This makes i...

Page 225: ...he Protocol screen For a comprehensive list of port numbers and services visit the IANA Internet Assigned Number Authority website See Appendix D on page 383 for some examples Click Security Firewall Protocol to display the following screen Table 83 Security Firewall General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the VMG Easy Select Easy to allow LAN to WAN an...

Page 226: ...vice screen to display the following screen Table 84 Security Firewall Protocol LABEL DESCRIPTION Add new service entry Click this to add a new service Name This is the name of your customized service Description This is the description of your customized service Ports Protocol Number This shows the IP protocol TCP UDP ICMP or TCP UDP and the port number or range of ports that defines your customi...

Page 227: ... of port numbers that define your customized service Protocol Number This field is displayed if you select Other as the protocol Enter the protocol number of your customized port Add Click this to add the protocol to the Rule List below Rule List Protocol This is the IP port TCP UDP ICMP or Other that defines your customized port Ports Protocol Number For TCP UDP ICMP or TCP UDP protocol rules thi...

Page 228: ...splays the name of the rule Src IP This displays the source IP addresses to which this rule applies Please note that a blank source address is equivalent to Any Dst IP This displays the destination IP addresses to which this rule applies Please note that a blank destination address is equivalent to Any Service This displays the transport layer protocol that defines the service and the direction of...

Page 229: ...destination device to which the ACL rule applies If you select Specific IP Address enter the destiniation IP address in the field below Destination IP Address Enter the destination IP address IP Type Select whether your IP type is IPv4 or IPv6 Select Protocol Select the transport layer protocol that defines your customized port from the drop down list box The specific protocol rule sets you add in...

Page 230: ...destination unreachable message to the sender of REJECT or allow the passage of ACCEPT packets that match this rule Direction Use the drop down list box to select the direction of traffic to which this rule applies Enable Rate Limit Select this check box to set a limit on the upstream downstream transmission rate for the specified protocol Specify how many packets per minute or second the transmis...

Page 231: ...r 17 Firewall VMG5313 B10A B30A Series User s Guide 231 Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 88 Security Firewall DoS continued LABEL DESCRIPTION ...

Page 232: ...Chapter 17 Firewall VMG5313 B10A B30A Series User s Guide 232 ...

Page 233: ...Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC addresses of the devices to configure this screen 18 2 The MAC Filter Screen Use this screen to allow wireless and LAN clients access to the VMG Click Security MAC Filter The screen appear...

Page 234: ...ses Set This is the index number of the MAC address Allow Select Allow to enable the MAC filter rule The rule will not be applied if Allow is not selected Host name Enter the host name of the wireless or LAN clients that are allowed access to the VMG MAC Address Enter the MAC addresses of the wireless or LAN clients that are allowed access to the VMG in these address fields Enter the MAC addresses...

Page 235: ...rules and schedules Click Security Parental Control to open the following screen Figure 116 Security Parental Control The following table describes the fields in this screen Table 90 Security Parental Control LABEL DESCRIPTION Parental Control Select Enable to activate parental control Add new PCP Click this if you want to configure a new Parental Control Profile PCP This shows the index number of...

Page 236: ...er MAC This shows the MAC address of the LAN user s computer to which this rule applies Internet Access Schedule This shows the day s and time on which parental control is enabled Network Service This shows whether the network service is configured If not None will be shown Website Block This shows whether the website block is configured If not None will be shown Modify Click the Edit icon to go t...

Page 237: ...Chapter 19 Parental Control VMG5313 B10A B30A Series User s Guide 237 Figure 117 Parental Control Rule Add Edit Rule Figure 118 Parental Control Rule Add Edit Rule Add Service ...

Page 238: ...hedule Day Select check boxes for the days that you want the VMG to perform parental control Time Drag the time bar to define the time that the LAN user is allowed access Authorized access or denied access No access Click the sign above the time bar to add a new time bar Up to three are allowed Authorized access Select this to allow access for the times defined above No access Select this to deny ...

Page 239: ...o delete an existing rule Blocked Site URL Keyword Click Add to show a screen to enter the URL of web site or URL keyword to which the VMG blocks access Click Delete to remove it Apply Click this button to save your settings back to the VMG Cancel Click Cancel to restore your previously saved settings Table 91 Parental Control Rule Add Edit continued LABEL DESCRIPTION ...

Page 240: ...Chapter 19 Parental Control VMG5313 B10A B30A Series User s Guide 240 ...

Page 241: ...Security Scheduler Rule The following table describes the fields in this screen Table 92 Security Scheduler Rule LABEL DESCRIPTION Add new rule Click this to create a new rule This is the index number of the entry Rule Name This shows the name of the rule Day This shows the day s on which this rule is enabled Time This shows the period of time on which this rule is enabled Description This shows t...

Page 242: ...ribes the fields in this screen Table 93 Scheduler Rule Add Edit LABEL DESCRIPTION Rule Name Enter a name up to 31 printable English keyboard characters not including spaces for this schedule Day Select check boxes for the days that you want the VMG to perform this scheduler rule Time if Day Range Enter the time period of each day in 24 hour format during which the rule will be enforced Descriptio...

Page 243: ...t You Need to Know The following terms and concepts may help as you read through this chapter Certification Authority A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities The certification authority uses its private key to sign certif...

Page 244: ...te It is recommended that you give each certificate a unique name Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Issuer This field displays identifying information about the certificate s issui...

Page 245: ...y Or select Customize to enter it manually Type the IP address in dotted decimal notation domain name or e mail address in the field provided The domain name or e mail address can be up to 63 ASCII characters The domain name or e mail address is for identification purposes only and can be any string Organization Name Type up to 63 characters to identify the company or group to which the certificat...

Page 246: ... After you create a certificate request and have it signed by a Certificate Authority in the Local Certificates screen click the certificate request s Load Signed icon to import the signed certificate into the VMG Note You must remove any spaces from the certificate s filename before you can import it Figure 125 Load Signed Certificate ...

Page 247: ...ly Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 97 Security Certificates Trusted CA LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority that you trust to the VMG This is the index number of the entry Name This field displays the name used to identify this certificate...

Page 248: ...ame This field displays the identifying name of this certificate Type This field displays general information about the certificate ca means that a Certification Authority signed the certificate Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C Certificate This read only text box displays ...

Page 249: ...the certificate you want to upload in this field or click Browse to find it Enable Trusted CA for 802 1x Authentication If you select this checkbox the trusted CA will be used for 802 1x authentication The selected trusted CA will be displayed in the Network Setting Broadband 802 1x Edit screen Certificate Copy and paste the certificate into the text box to store it on the VMG OK Click OK to save ...

Page 250: ...Chapter 21 Certificates VMG5313 B10A B30A Series User s Guide 250 ...

Page 251: ...entiality data integrity and authentication This chapter shows you how to configure the VMG s VPN settings Figure 129 IPSec Fields Summary 22 2 The IPSec VPN Setup Screen Use this screen to view and manage your VPN tunnel policies The following figure helps explain the main fields in the web configurator Click Security IPSec VPN to open this screen as shown next Figure 130 Security IPSec VPN Local...

Page 252: ...ck this button to add an item to the list This displays the index number of an entry Status This displays whether the VPN policy is enabled Enable or not Disable Connection Name The name of the VPN policy Remote Gateway This is the IP address of the remote IPSec router in the IKE SA Local Addresses This displays the IP address es on the LAN behind your VMG Remote Addresses This displays the IP add...

Page 253: ...CRIPTION Active Select this to activate this VPN policy IPSec Connection Name Enter the name of the VPN policy Remote IPSec Gateway Address Enter the IP address of the remote IPSec router in the IKE SA Tunnel access from local IP addresses Select Single Address to have only one local LAN IP address use the VPN tunnel Select Subnet to specify local LAN IP addresses by their subnet mask ...

Page 254: ...ncy delay The VMG and remote IPSec router must use the same active protocol Key Exchange Method Select the key exchange method Auto IKE Select this to use automatic IKE key management VPN connection policy Manual Select this option to configure a VPN connection policy that uses a manual key instead of IKE key management This may be useful if you have problems with IKE key management Note Only use ...

Page 255: ...ddress of the computer with which you will make the VPN connection If you configure this field to 0 0 0 0 or leave it blank the VMG will use the address in the Remote IPSec Gateway Address field refer to the Remote IPSec Gateway Address field description For DNS or E mail type a domain name or e mail address by which to identify the remote IPSec router Use up to 31 ASCII characters including space...

Page 256: ...mation Both routers must use the same DH key group Key Life Time Define the length of time before an IPSec SA automatically renegotiates in this field A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys However every time the VPN tunnel renegotiates all users accessing remote resources are temporarily disconnected Phase 2 Encrypt...

Page 257: ... are available if you select Manual in the Key Exchange Method field Encryption Algorithm Select which key size and encryption algorithm to use in the IKE SA Choices are DES a 56 bit key with the DES encryption algorithm 3DES a 168 bit key with the DES encryption algorithm EPS_NULL no encryption key or algorithm Encryption Key This field is applicable when you select an Encryption Algorithm Enter ...

Page 258: ...ecture is shown as follows Table 102 Security IPSec VPN Monitor LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen Select No Refresh to have the VMG stop updating the screen Status This displays a green line between two hosts if the VPN tunnel has been established successfully Otherwise it displays a red line in between Connection Name This displays the name...

Page 259: ...encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provide an authentication mechanism for the AH and ESP protocols Key Management Key management allows you to determine whether to use IKE ISAKMP or manual key configuration in order to set up a VPN 22 4 2 Encapsulation The two modes of operati...

Page 260: ...he original IP header in the hashing process Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to provide access to internal systems Tunnel mode is fundamentally an IP tunnel with authentication and encryption This is the most common mode of operation Tunnel mode is required for gateway to gateway and host to gateway co...

Page 261: ...Hellman public key cryptography key group Set the IPSec SA lifetime This field allows you to determine how long the IPSec SA should stay up before it times out The VMG automatically renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires If an IPSec SA times out then the IPSec router must renegotiate the SA the next time someone attempts to send traffic 22 4 4 Negot...

Page 262: ... encapsulates the entire original packet including headers in a new IP packet The new IP packet s source address is the outbound address of the sending VPN gateway and its destination address is the inbound address of the VPN device at the receiving end When using ESP protocol with authentication the packet contents in this case the entire original packet are encrypted The encrypted contents but n...

Page 263: ...llowing table Y This is supported in the VMG if you enable NAT traversal 22 4 7 ID Type and Content With aggressive negotiation mode see Section 22 4 4 on page 261 the VMG identifies incoming SAs by ID type and content since this identifying information is not encrypted This enables the VMG to distinguish between multiple rules for SAs that connect from remote IPSec routers that have dynamic WAN I...

Page 264: ...et over an unsecured communications channel Diffie Hellman is used within IKE SA setup to establish session keys Upon completion of the Diffie Hellman exchange the two peers have a shared secret but the IKE SA is not authenticated For authentication use pre shared keys Table 105 Local ID Type and Content Fields LOCAL ID TYPE CONTENT IP Type the IP address of your computer DNS Type a domain name up...

Page 265: ...vider screen Section 23 4 on page 271 to configure the SIP server information QoS for VoIP calls the numbers for certain phone functions and dialing plan Use the PhoneRegion screen Section 23 5 on page 279 to change settings that depend on the country you are in Use the Call Rule screen Section 23 6 on page 279 to set up shortcuts for dialing frequently used VoIP phone numbers Use the Call History...

Page 266: ...er on the Internet Strictly speaking you don t need a SIP account It is possible for one SIP device like the VMG to call another without involving a SIP service provider However the networking difficulties involved in doing this make it tremendously impractical under normal circumstances Your SIP account provider removes these difficulties by taking care of the call routing and setup figuring out ...

Page 267: ...ccount button or click the Edit icon of an entry in the VoIP SIP SIP Account screen Note Click more to see all the fields in the screen You don t necessarily need to use all these fields to set up your account Click less to see and configure only the fields needed for this feature Table 108 VoIP SIP SIP Account LABEL DESCRIPTION Add new account Click this to configure a SIP account This is the ind...

Page 268: ...ing in this screen This field is read only when you are modifying a SIP account General Enable SIP Account Select this if you want the VMG to use this account Clear it if you do not want the VMG to use this account SIP Account Number Enter your SIP number In the full SIP URI this is the part before the symbol You can use up to 127 printable ASCII characters Authentication Username Enter the user n...

Page 269: ...ica and Japan G 726 24 operates at 24 kbps G 726 32 operates at 32 kbps G 722 is a 7 KHz wideband voice codec that operates at 48 56 and 64 kbps By using a sample rate of 16 kHz G 722 can provide higher fidelity and better audio quality than narrowband codecs like G 711 in which the voice signal is sampled at 8 KHz The VMG must use the same codec as the peer When two SIP devices start a SIP sessio...

Page 270: ...rb Select this to set your phone to not ring when someone calls you Enable Anonymous Call Block Select this if you do not want the phone to ring when someone tries to call you with caller ID deactivated Enable Call Completion on Busy Subscriber CCBS When you make a phone call but hear a busy tone Call Completion on Busy Subscriber CCBS allows you to enable auto callback by pressing 5 and hanging u...

Page 271: ...s will not be sent via e mail You must have configured a mail server already in the Email Notification screen Send Notification to Email Notifications are sent to the e mail address specified in this field If this field is left blank notifications will not be sent via e mail Missed Call Email Title Type a title that you want to be in the subject line of the e mail notifications that the VMG sends ...

Page 272: ...n the dialed number matches any one of the rules in the dial plan Dial plan rules follow these conventions The collection of rules is in parentheses Rules are separated by the bar symbol x stands for a wildcard and can be any digit from 0 to 9 A subset of keys is in a square bracket Ranges are allowed For example 359 means a number matching this rule can be 3 5 or 9 26 8 means a number matching th...

Page 273: ...3 456 xxxx means the VMG automatically translates 123 to 456 in the number you dialed before making the call Calls with a number followed by the exclamation mark will be dropped Calls with a number followed by the termination character will be made immediately Any digit 0 9 after the character will be ignored In this example dial plan 0 49 11 1 2 9 xx xxxxxxx 1 947 xxxxxxx you can dial 0 to call t...

Page 274: ...use for the SIP account you configure in this screen If you change this field the screen automatically refreshes General SIP Service Provider Name Enter the name of your SIP service provider SIP Local Port Enter the VMG s listening port number if your VoIP service provider gave you one Otherwise keep the default value SIP Server Address Enter the IP address or domain name of the SIP server provide...

Page 275: ...umber for the protocol The VMG resolves the SIP server s IP address by a standard DNS address record lookup The SIP Server Port and REGISTER Server Port fields in the General section above are grayed out and not applicable and the Transport Type can also be set to AUTO if you select this option RFC 3262 Require 100rel PRACK RFC 3262 defines a mechanism to provide reliable transmission of SIP provi...

Page 276: ...ndle voice data transfer The Secure Real time Transport Protocol SRTP is a security profile of RTP It is designed to provide encryption and authentication for the RTP data in both unicast and multicast applications The VMG supports encryption using AES with a 128 bit key To protect data integrity SRTP uses a Hash based Message Authentication Code HMAC calculation with Secure Hash Algorithm SHA 1 t...

Page 277: ... a SIP session remain idle without traffic before it automatically disconnects the session Min SE Enter the minimum number of seconds the VMG lets a SIP session remain idle without traffic before it automatically disconnects the session When two SIP devices start a SIP session they must agree on an expiration time for idle sessions This field is the shortest expiration time that the VMG accepts Ph...

Page 278: ...you can enter to disable CCBS on a call Outgoing SIP Enter the key combinations that you can enter to select the SIP account that you use to make outgoing calls If you enter 12 by default SIP account index number the phone number you want to call 1201 12345678 for example the VMG uses the first SIP account to call 12345678 Dial Plan Dial Plan Enable Select this to activate the dial plan rules you ...

Page 279: ...ve configured a speed dial rule you can use a shortcut the speed dial number 01 for example on your phone s keypad to call the phone number Table 112 VoIP Phone LABEL DESCRIPTION Region Settings Select the place in which the VMG is located Call Service Mode Select the mode for supplementary phone services call hold call waiting call transfer and three way conference calls that your VoIP service pr...

Page 280: ...e 113 VoIP Call Rule LABEL DESCRIPTION Clear all speed dials Click this to erase all the speed dial entries on this screen Keys This field displays the speed dial number you should dial to use this entry Number Enter the SIP number you want the VMG to call when you dial the speed dial number Description Enter a name to identify the party you call when you dial the speed dial number You can use up ...

Page 281: ...s button to remove all entries from the call history list This is a read only index number Date This is the date when the calls were made Total Calls This displays the total number of calls from or to your SIP numbers that day Outgoing Calls This displays how many calls originated from you that day Incoming Calls This displays how many calls you received that day Missing Calls This displays how ma...

Page 282: ...network You can also use servers to run telephone service applications like PBX services and voice mail Internet Telephony Service Provider ITSP companies provide VoIP service phone port This is the phone port on which you made the call phone number This is the SIP number you called duration This displays how long the call lasted Table 115 VoIP Call History Call History Outgoing LABEL DESCRIPTION ...

Page 283: ... in an e mail address johndoe your ITSP com for example or numbers like a telephone number 1122334455 VoIP provider com for example SIP Service Domain The SIP service domain of the VoIP service provider is the domain name in a SIP URI For example if the SIP address is 1122334455 VoIP provider com then VoIP provider com is the SIP service domain SIP Registration Each VMG is an individual SIP User A...

Page 284: ...use SIP to make a VoIP call it originates at a client and terminates at a server A SIP client could be a computer or a SIP phone One device can act as both a SIP client and a SIP server SIP User Agent A SIP user agent can make and receive VoIP telephone calls This means that SIP can be used for peer to peer communications even though it is a client server protocol In the following figure either A ...

Page 285: ...e that originally sent the request can send requests to the IP address that it received back from the redirect server Redirect servers do not initiate SIP requests In the following example you want to use client device A to call someone who is using client device C 1 Client device A sends a call invitation for C to the SIP redirect server B 2 The SIP redirect server sends the invitation back to A ...

Page 286: ...hen you make a VoIP call using SIP the RTP Real time Transport Protocol is used to handle voice data transfer See RFC 1889 for details on RTP Pulse Code Modulation Pulse Code Modulation PCM measures analog signal amplitudes at regular time intervals and converts them into bits SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call A calls B Tabl...

Page 287: ... call by sending a request to the SIP proxy server Then the proxy server looks up the destination to which the call should be forwarded according to the URI requested by the SIP UAC The request may be forwarded to more than one proxy server before arriving at its destination The response to the request goes to all the proxy servers through which the request passed in reverse sequence Once the sess...

Page 288: ...d This is also relayed back to User Agent 1 via Proxy 1 6 User Agent 1 and User Agent 2 exchange RTP packets containing voice data directly without involving the proxies 7 When User Agent 2 hangs up he sends a BYE request 8 User Agent 1 replies with an OK response confirming receipt of the BYE request and the call is terminated Voice Coding A codec coder decoder codes analog voice signals into dig...

Page 289: ...you know that the line is still connected as total silence could easily be mistaken for a lost connection Echo Cancellation G 168 is an ITU T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk MWI Message Waiting Indication Enable Message Waiting Indication MWI enables your phone to give you a message waiting beeping dial tone...

Page 290: ...on your phone s keypad and wait for the message that says you are in the configuration menu 2 Press a number from 1301 1308 followed by the key to delete the tone of your choice Press 14 followed by the key if you wish to clear all your custom tones You can continue to add listen to or delete tones or you can hang up the receiver when you are done 23 10 1 Quality of Service QoS Quality of Service ...

Page 291: ...he ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping Figure 150 DiffServ Differentiated Service Field The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet gets across the DiffServ network Based on the marking rule different kinds of traffic can be marked for different priorities of forwarding Resources...

Page 292: ...the default sub command timeout 2 seconds expires or issue an invalid sub command the current operation will be aborted European Call Hold Call hold allows you to put a call A on hold by pressing the flash key If you have another call press the flash key and then 2 to switch back and forth between caller A and B by putting either one on hold Press the flash key and then 0 to disconnect the call pr...

Page 293: ...caller on hold 2 When you hear the dial tone dial 98 followed by the number to which you want to transfer the call 3 After you hear the ring signal or the second party answers it hang up the phone European Three Way Conference Use the following steps to make three way conference calls 1 When you are on the phone talking to someone press the flash key to put the caller on hold and get a dial tone 2...

Page 294: ...e second call USA Call Transfer Do the following to transfer an incoming call that you have answered to another phone 1 Press the flash key to put the caller on hold 2 When you hear the dial tone dial 98 followed by the number to which you want to transfer the call 3 After you hear the ring signal or the second party answers it hang up the phone USA Three Way Conference Use the following steps to ...

Page 295: ...RIPTION 98 Call transfer Transfer a call to another phone See Section 23 10 2 2 on page 292 Europe type and Section 23 10 2 3 on page 293 USA type 66 Call return Place a call to the last person who called you 95 Enable Do Not Disturb Use these to set your phone not to ring when someone calls you or to turn this function off 95 Disable Do Not Disturb 41 Enable Call Waiting Use these to allow you to...

Page 296: ...Chapter 23 Voice VMG5313 B10A B30A Series User s Guide 296 ...

Page 297: ...s consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages A syslog enabled device can generate a syslog message and send it to a syslog server Syslog is ...

Page 298: ...severity level you have selected When you select a severity the VMG searches through all logs of that severity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintena...

Page 299: ...hrough all logs of that severity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintenance Logs Setting screen This field is a sequential value and is not associated...

Page 300: ...Chapter 24 Log VMG5313 B10A B30A Series User s Guide 300 ...

Page 301: ... screen to view the WAN traffic statistics Section 25 2 on page 301 Use the LAN screen to view the LAN traffic statistics Section 25 3 on page 302 Use the NAT screen to view the NAT status of the VMG s client s Section 25 4 on page 303 25 2 The WAN Status Screen Click System Monitor Traffic Status to open the WAN screen The figure in this screen shows the number of bytes received and sent on the V...

Page 302: ...Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface more hide more Click more to show more information Click hide more to hide them Disabled Interface This shows the name of the WAN interface that is currentl...

Page 303: ... This indicates the number of bytes transmitted on this interface Bytes Received This indicates the number of bytes received on this interface more hide more Click more to show more information Click hide more to hide them Interface This shows the LAN or WLAN interface Sent Packets Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames wit...

Page 304: ...ct how often you want the VMG to update this screen Device Name This displays the name of the connected host IP Address This displays the IP address of the connected host MAC Address This displays the MAC address of the connected host No of Open Session This displays the number of NAT sessions currently opened for the connected host Total This displays what percentage of NAT sessions the VMG can s...

Page 305: ... before updating this screen and then click Set Interval Click Stop to have the VMG stop updating this screen SIP Status Account This column displays each SIP account in the VMG Registration This field displays the current registration status of the SIP account You can change this in the Status screen Registered The SIP account is registered with a SIP server Not Registered The last time the VMG t...

Page 306: ...h SIP account in the VMG Duration This field displays how long the current call has lasted Status This field displays the current state of the phone call Idle There are no current VoIP calls incoming calls or outgoing calls being made Dial The callee s phone is ringing Ring The phone is ringing for an incoming VoIP call Process There is a VoIP call in progress DISC The callee s line is busy the ca...

Page 307: ...er s Guide 307 CHAPTER 27 xDSL Statistics 27 1 The xDSL Statistics Screen Use this screen to view detailed DSL statistics Click System Monitor xDSL Statistics to open the following screen Figure 157 System Monitor xDSL Statistics ...

Page 308: ...Chapter 27 xDSL Statistics VMG5313 B10A B30A Series User s Guide 308 ...

Page 309: ...elay This is the upstream and downstream interleave delay It is the wait in milliseconds that determines the size of a single block of data to be interleaved assembled and then transmitted Interleave delay is used when transmission error correction Reed Solomon is necessary due to a less than ideal telephone line The bigger the delay the bigger the data block size allowing better error correction ...

Page 310: ...ic Redundancy Checks ES This is the number of Errored Seconds meaning the number of seconds containing at least one errored block or at least one defect SES This is the number of Severely Errored Seconds meaning the number of seconds containing 30 or more errored blocks or at least one defect This is a subset of ES UAS This is the number of UnAvailable Seconds LOS This is the number of Loss Of Sig...

Page 311: ...G Statistics LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen Select No Refresh to stop refreshing 3G Status This field displays the status of the 3G Internet connection This field can display GSM Global System for Mobile Communications 2G GPRS General Packet Radio Service 2 5G EDGE Enhanced Data rates for GSM Evolution 2 75G WCDMA Wideband Code Divisio...

Page 312: ...f the 3G card 3G Card Model This field displays the model name of the 3G card 3G Card F W Version This field displays the firmware version of the 3G card SIM Card IMSI The International Mobile Subscriber Identity or IMSI is a unique identification number associated with all cellular networks This number is provisioned in the SIM card Table 131 System Monitor 3G Statistics continued LABEL DESCRIPTI...

Page 313: ...the name of the account used to log into the VMG web configurator Retry Times This field displays the number of times consecutive wrong passwords can be entered for this account 0 means there is no limit Idle Timeout This field displays the the length of inactive time before the VMG will automatically log the user out of the web configurator Lock Period This field displays the length of time a use...

Page 314: ... to access the VMG web configurator New Password Type your new system password up to 256 characters Note that as you type a password the screen displays a for each character you type After you change the password use the new password to access the VMG Verify Password Type the new password again for confirmation Retry Times Enter the number of times consecutive wrong passwords can be entered for th...

Page 315: ...ss the Device Note The VMG is managed using the Web Configurator 30 2 The Remote MGMT Screen Use this screen to configure through which interface s which services can access the Device You can also specify the port numbers the services must use to connect to the Device Click Maintenance Remote MGMT to open the following screen Figure 161 Maintenance Remote MGMT ...

Page 316: ...nt service when the selected WAN connections are up HTTP This is the service you may use to access the VMG LAN WLAN Select the Enable check box for the corresponding services that you want to allow access to the VMG from the LAN WLAN WAN Select the Enable check box for the corresponding services that you want to allow access to the VMG from all WAN connections Trust Domain If you only want certain...

Page 317: ...ust Domain The following table describes the fields in this screen Table 135 Maintenance Remote MGMT Trust Domain LABEL DESCRIPTION Add Trust Domain Click this to add a trusted host IP address IPv4 Address This field shows a trusted host IP address Delete Click the Delete icon to remove the trust IP address Table 136 Maintenance Remote MGMT Trust Domain Add Trust Domain LABEL DESCRIPTION IPv4 Addr...

Page 318: ...Chapter 30 Remote Management VMG5313 B10A B30A Series User s Guide 318 ...

Page 319: ...ote Procedure Calls RPCs between an ACS and a client device RPCs are sent in Extensible Markup Language XML format over HTTP or HTTPS An administrator can use an ACS to remotely set up the VMG modify settings perform firmware upgrades as well as monitor and diagnose the VMG You have to enable the device to be managed by the ACS and specify the ACS IP address or domain name and username and passwor...

Page 320: ...ct two or more pre configured WAN interfaces The VMG automatically passes the TR 069 traffic when one of the selected WAN connections is up Display SOAP messages on serial console Select Enable to show the SOAP messages on the console Connection Request Authentication Select this option to enable authentication when there is a connection request from the ACS Connection Request User Name Enter the ...

Page 321: ... a TR 064 compliant CPE management application on their computers from the LAN to discover the CPE and configure user specific parameters such as the username and password Click Maintenance TR 064 to open the following screen Figure 165 Maintenance TR 064 The following table describes the fields in this screen Table 138 Maintenance TR 064 LABEL DESCRIPTION State Select Enable to activate managemen...

Page 322: ...Chapter 32 TR 064 VMG5313 B10A B30A Series User s Guide 322 ...

Page 323: ...s of two main types of component agents and a manager An agent is a management software module that resides in a managed device the VMG An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor man...

Page 324: ...ng screen Use this screen to configure the VMG SNMP settings Figure 167 Maintenance SNMP The following table describes the fields in this screen Table 139 Maintenance SNMP LABEL DESCRIPTION SNMP Agent Select Enable to let the VMG act as an SNMP agent which allows a manager station to manage and monitor the Device through the network Select Disable to turn this feature off Get Community Enter the G...

Page 325: ...creen To change your VMG s time and date click Maintenance Time The screen appears as shown Use this screen to configure the VMG s time based on your local time zone Figure 168 Maintenance Time The following table describes the fields in this screen Table 140 Maintenance Time LABEL DESCRIPTION Current Date Time Current Time This field displays the time of your VMG Each time you reload this page th...

Page 326: ...rch and the time to 2 in the Hour field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would set the day to Last Sunday and the month to March The time you select in the o clock field depends on your time zone In Germany for in...

Page 327: ...view remove and add mail server information on the VMG Figure 169 Maintenance Email Notification The following table describes the labels in this screen Table 141 Maintenance Email Notification LABEL DESCRIPTION Add New Email Click this button to create a new entry Mail Server Address This field displays the server name or the IP address of the mail server Username This field displays the user nam...

Page 328: ... field If this field is left blank reports logs or notifications will not be sent via e mail Authentication Username Enter the user name up to 32 characters This is usually the user name of a mail account you specified in the Account Email Address field Authentication Password Enter the password associated with the user name above Account Email Address Enter the e mail address that you want to be ...

Page 329: ...ou can configure where the VMG sends logs and which logs and or immediate alerts the VMG records in the Logs Setting screen 36 2 The Log Settings Screen To change your VMG s log settings click Maintenance Logs Setting The screen appears as shown Figure 171 Maintenance Logs Setting ...

Page 330: ... will not be sent via E mail System Log Mail Subject Type a title that you want to be in the subject line of the system log e mail message that the VMG sends Security Log Mail Subject Type a title that you want to be in the subject line of the security log e mail message that the VMG sends Send Log to The VMG sends logs to the e mail address specified in this field If this field is left blank the ...

Page 331: ...0 From 192 168 1 131 To 192 168 1 255 default policy forward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 7 00 From 192 168 1 6 To 10 10 10 10 match forward 09 54 19 UDP src port 03516 dest port 00053 1 01 snip snip 126 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 00 UDP src port 00520 dest port 00520 1 02 127 Apr 7 00 From 192 168 1 131 To 192 168 1 255 match forward 1...

Page 332: ...Chapter 36 Log Setting VMG5313 B10A B30A Series User s Guide 332 ...

Page 333: ...odel Refer to the label on the bottom of your VMG 37 2 The Firmware Screen Click Maintenance Firmware Upgrade to open the following screen The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minutes After a successful upload the system will reboot Do NOT turn off the VMG while firmware upload is in progress Figure 173 Maintenance Firmware Upgrade The following table des...

Page 334: ...the present Firmware version and the date created File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click this to find the bin file you want to upload Remember that you must decompress compressed zip files before you can upload them Upload Click this to begin the upload process This process may take up to two minutes Upgrade 3G Package Cu...

Page 335: ...Chapter 37 Firmware Upgrade VMG5313 B10A B30A Series User s Guide 335 Figure 176 Error Message ...

Page 336: ...Chapter 37 Firmware Upgrade VMG5313 B10A B30A Series User s Guide 336 ...

Page 337: ... and restoring configuration appears in this screen as shown next Figure 177 Maintenance Configuration Backup Configuration Backup Configuration allows you to back up save the VMG s current configuration to a file on your computer Once your VMG is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup con...

Page 338: ...ge the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 See Appendix B on page 371 for details on how to set up your computer s IP address If the upload was not successful the following screen will appear Click OK to go back to the Configuration screen Figure 179 Configuration Upload Error Reset to Factory Defaults Click the Reset button to ...

Page 339: ...the factory defaults of your VMG Refer to Section 1 7 on page 21 for more information on the RESET button 38 3 The Reboot Screen System restart allows you to reboot the VMG remotely without turning the power off You may need to do this if the VMG hangs for example Click Maintenance Reboot Click Reboot to have the VMG reboot This does not affect the VMG s configuration Figure 182 Maintenance Reboot...

Page 340: ...The OAM Ping screen lets you send an ATM OAM Operation Administration and Maintenance packet to verify the connectivity of a specific PVC Section 39 5 on page 342 39 2 What You Need to Know The following terms and concepts may help as you read through this chapter How CFM Works A Maintenance Association MA defines a VLAN and associated Maintenance End Point MEP ports on the device under a Maintena...

Page 341: ...ance Diagnostic 8 2 1ag to open the following screen Use this screen to perform CFM actions Table 146 Maintenance Diagnostic Ping TraceRoute NsLookup LABEL DESCRIPTION URL or IP Address Type the IP address of a computer that you want to perform ping traceroute or nslookup in order to test a connection Ping Click this to ping the IP address that you entered TraceRoute Click this button to perform t...

Page 342: ... under which you want to create an MA Destination MAC Address Enter the target device s MAC address to which the VMG performs a CFM loopback test 802 1Q VLAN ID Type a VLAN ID 0 4095 for this MA VDSL Traffic Type This shows whether the VDSL traffic is activated Loopback Message LBM This shows how many Loop Back Messages LBMs are sent and if there is any inorder or outorder Loop Back Response LBR r...

Page 343: ...ns and are distinguished from data cells by a predefinded Payload Type Identifier PTI in the cell header Both F4 flows and F5 flows are bidirectional and have two types segment F4 flows VCI 3 end to end F4 flows VCI 4 segment F5 flows PTI 100 end to end F5 flows PTI 101 OAM F4 or F5 tests are used to check virtual path or virtual channel availability between two DSL devices Segment flows are termi...

Page 344: ...Maintenance Diagnostic OAM Ping LABEL DESCRIPTION Select a PVC on which you want to perform the loopback test F4 segment Press this to perform an OAM F4 segment loopback test F4 end end Press this to perform an OAM F4 end to end loopback test F5 segment Press this to perform an OAM F5 segment loopback test F5 end end Press this to perform an OAM F5 end to end loopback test ...

Page 345: ...e LEDs turn on 1 Make sure the VMG is turned on 2 Make sure you are using the power adaptor or cord included with the VMG 3 Make sure the power adaptor or cord is connected to the VMG and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the VMG off and on 5 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure yo...

Page 346: ...21 I forgot the password 1 See the cover page for the default login names and associated passwords 2 If those do not work you have to reset the device to its factory defaults See Section 1 7 on page 21 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 8 2 on pa...

Page 347: ...g in to the VMG 1 Make sure you have entered the password correctly See the cover page for the default login names and associated passwords The field is case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the VMG Log out of the VMG in the other session or ask the person who is logged in to log out 3 Turn the VMG off an...

Page 348: ...connection 1 Make sure you have the DSL WAN port connected to a telephone jack or the DSL or modem jack on a splitter if you have one 2 Make sure you configured a proper DSL WAN interface Network Setting Broadband screen with the Internet account information provided by your ISP and that it is enabled 3 Check that the LAN interface you are connected to is in the same interface group as the DSL con...

Page 349: ...t to the Internet using a 3G connection 1 The DSL and Ethernet connections have priority in that order If the DSL or Ethernet connection is up then the 3G connection will be down 2 Make sure you have connected a compatible 3G dongle to the USB port 3 Make sure you have configured Network Setting Broadband 3G Backup correctly Check that the VMG is within range of a 3G base station I cannot access t...

Page 350: ...he same AP simultaneously or add additional APs if necessary Try closing some programs that use the Internet especially peer to peer applications If the wireless client is sending or receiving a lot of information it may have too many programs open that use the Internet What is a Server Set ID SSID An SSID is a name that uniquely identifies a wireless network The AP and all the clients within a wi...

Page 351: ...3 B10A B30A Series User s Guide 351 1 Disconnect the Ethernet cable from the VMG s LAN port or from your computer 2 Re connect the Ethernet cable The Local Area Connection icon for UPnP disappears in the screen Restart your computer 3 ...

Page 352: ...Chapter 40 Troubleshooting VMG5313 B10A B30A Series User s Guide 352 ...

Page 353: ...353 PART III Appendices Appendices contain general information Some information may not apply to your device ...

Page 354: ...354 ...

Page 355: ...wide shtml Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan ZyXEL Communications Corporation http www zyxel com Asia China ZyXEL Communications Shanghai Corp ZyX...

Page 356: ...EL Pakistan Pvt Ltd http www zyxel com pk Philipines ZyXEL Philippines http www zyxel com ph Singapore ZyXEL Singapore Pte Ltd http www zyxel com sg Taiwan ZyXEL Communications Corporation http www zyxel com Thailand ZyXEL Thailand Co Ltd http www zyxel co th Vietnam ZyXEL Communications Corporation Vietnam Office http www zyxel com vn vi Europe Austria ZyXEL Deutschland GmbH http www zyxel de ...

Page 357: ...гария http www zyxel com bg bg Czech ZyXEL Communications Czech s r o http www zyxel cz Denmark ZyXEL Communications A S http www zyxel dk Estonia ZyXEL Estonia http www zyxel com ee et Finland ZyXEL Communications http www zyxel fi France ZyXEL France http www zyxel fr Germany ZyXEL Deutschland GmbH http www zyxel de Hungary ZyXEL Hungary SEE http www zyxel hu Latvia ZyXEL Latvia ...

Page 358: ... Benelux http www zyxel nl Norway ZyXEL Communications http www zyxel no Poland ZyXEL Communications Poland http www zyxel pl Romania ZyXEL Romania http www zyxel com ro ro Russia ZyXEL Russia http www zyxel ru Slovakia ZyXEL Communications Czech s r o organizacna zlozka http www zyxel sk Spain ZyXEL Spain http www zyxel es Sweden ZyXEL Communications http www zyxel se Switzerland Studerus AG ...

Page 359: ...ww ua zyxel com Latin America Argentina ZyXEL Communication Corporation http www zyxel com ec es Ecuador ZyXEL Communication Corporation http www zyxel com ec es Middle East Egypt ZyXEL Communication Corporation http www zyxel com homepage shtml Middle East ZyXEL Communication Corporation http www zyxel com homepage shtml North America USA ZyXEL Communications Inc North America Headquarters http w...

Page 360: ...Appendix A Customer Support VMG5313 B10A B30A Series User s Guide 360 Oceania Australia ZyXEL Communications Corporation http www zyxel com au en Africa South Africa Nology Pty Ltd http www zyxel co za ...

Page 361: ...or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 187 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point AP Intra BSS traffi...

Page 362: ... This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless clients withi...

Page 363: ...els partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are no...

Page 364: ...e RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead involved in the RTS Request To Send CTS Clear to Send handshake If the RTS CTS value is greater than the Fragmentation Threshold value see next then the RTS Request To Send CTS Cl...

Page 365: ...ese wireless security methods available on your VMG Note You must enable the same wireless security settings on the VMG and on all wireless clients that you want to associate with it IEEE 802 1x In June 2001 the IEEE 802 1x standard was designed to extend the features of IEEE 802 11 to support extended authentication as well as providing additional accounting and control features It is supported b...

Page 366: ... which your AP acts as a message relay between the wireless client and the network RADIUS server Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication Access Request Sent by an access point requesting authentication Access Reject Sent by a RADIUS server rejecting access Access Accept Sent by a RADIUS ser...

Page 367: ...t in plain text However MD5 authentication has some weaknesses Since the authentication server needs to get the plaintext passwords the passwords must be stored Thus someone other than the authentication server may access the password file In addition it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication Finally MD5 authenticatio...

Page 368: ...D5 cannot be used with Dynamic WEP Key Exchange For added security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deployment a simple user name and password pair is more practical The following table is a comparison of the features of authentication types WPA and WPA2 Wi Fi Protected ...

Page 369: ... PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients This all happens in the background automatically The Message Integrity Check MIC is designed to prevent an attacker from capturing data packets altering them and resending them The MIC provides a strong mathematical function in which the rece...

Page 370: ... The Windows XP patch is a free download that adds WPA capability to Windows XP s built in Zero Configuration wireless client However you must run Windows XP to use it WPA 2 with RADIUS Application Example To set up WPA 2 you need the IP address of the RADIUS server its port number default is 1812 and the RADIUS shared secret A WPA 2 application example with an external RADIUS server looks as foll...

Page 371: ...aracters including spaces and symbols 2 The AP checks each wireless client s password and allows it to join the network only if the password matches 3 The AP and wireless clients generate a common PMK Pairwise Master Key The key itself is not sent over the network but is derived from the PSK and the SSID 4 The AP and wireless clients use the TKIP or AES encryption process the PMK and information e...

Page 372: ... 11g or 5GHz IEEE 802 11a is needed to communicate efficiently in a wireless LAN Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an indoor sit...

Page 373: ... possible to make circular overlapping coverage areas with multiple access points Directional antennas concentrate the RF signal in a beam like a flashlight does with the light from its bulb The angle of the beam determines the width of the coverage pattern Angles typically range from 20 degrees very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoo...

Page 374: ...Appendix B Wireless LANs VMG5313 B10A B30A Series User s Guide 374 ...

Page 375: ...0 1a2f 0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix l...

Page 376: ...all hosts in a multicast group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 154 Predefined Multicast Address MULTICAST ADD...

Page 377: ...wing example Identity Association An Identity Association IA is a collection of addresses assigned to a DHCP client through which the server and client can manage a set of related IP addresses Each IA must be associated with exactly one interface The DHCP client uses the IA assigned to an interface to obtain configuration from a DHCP server for that interface Each IA consists of a unique IAID and ...

Page 378: ... after the relay agent restarts Prefix Delegation Prefix delegation enables an IPv6 router to use the IPv6 prefix network address received from the ISP or a connected uplink router for its LAN The VMG uses the received IPv6 prefix for example 2001 db2 48 to generate its LAN IP address Through sending Router Advertisements RAs regularly by multicast the VMG passes the IPv6 prefix information to its...

Page 379: ...ectly without passing through a router If the address is unlink the address is considered as the next hop Otherwise the VMG determines the next hop from the default router list or routing table Once the next hop IP address is known the VMG looks into the neighbor cache to get the link layer address and sends the packet when the neighbor is reachable If the VMG cannot find an entry in the neighbor ...

Page 380: ...uses DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on your computer 2 ...

Page 381: ...server Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 checkbox to enable it 3 Click OK to save the change ...

Page 382: ...ck your dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 ...

Page 383: ...the type of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explan...

Page 384: ... of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used in e commerce ICMP User Defined 1 Internet Control Message Protocol is often used for diagnostic purposes ICQ UDP 4000 This is a popular Inter...

Page 385: ...hat enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login ROADRUNNER TCP UDP 1026 This is an ISP that provides services mainly for cable modems RTELNET TCP 107 Remote Telnet RTSP TCP UDP 554 The Real Time Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 The Simple File Transfer Protocol is an old ...

Page 386: ...ol System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems VDOLIVE TCP UDP 7000 user defined A videoconferencing solution The UDP port number is specified in the application Table 156 Examples of Services continued NAME PROTOCOL PO...

Page 387: ...da area Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This Class B digital apparatus complies with Canadian ICES 003 Cet appareil numérique de la classe B est conforme à la norme NMB 003 du Canada ZyXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this product is fr...

Page 388: ...www us zyxel com for North American products Open Source Licenses This product contains in part some free software distributed under GPL license terms and or GPL like licenses Open source licenses are provided with the firmware package You can download the latest firmware at www zyxel com If you cannot find it there contact your vendor or ZyXEL Technical Support at support zyxel com tw To obtain t...

Page 389: ... your local vendor to order a new one Do not use the device outside and make sure all the connections are indoors There is a remote risk of electric shock from lightning Do NOT obstruct the device ventilation slots as insufficient airflow may harm your device Use only No 26 AWG American Wire Gauge or larger telecommunication line cord Antenna Warning This device meets ETSI and FCC certification re...

Page 390: ...Appendix E Legal Information VMG5313 B10A B30A Series User s Guide 390 ...

Page 391: ...uration 337 Basic Service Set See BSS 361 Basic Service Set see BSS blinking LEDs 20 Broadband 79 broadcast 104 BSS 130 361 example 130 BYE request 287 C CA 243 367 call history 280 incoming calls 282 outgoing calls 281 call hold 292 294 call service mode 292 293 call transfer 293 294 call waiting 293 294 Canonical Format Indicator See CFI CCMs 340 certificate factory default 244 Certificate Autho...

Page 392: ...rvices see DiffServ 176 Diffie Hellman key groups 264 DiffServ 176 marking rule 176 DiffServ Differentiated Services 290 code points 290 marking rule 291 digital IDs 243 disclaimer 387 DLNA 215 DMZ 189 DNS 140 153 DNS server address assignment 104 Domain Name 196 Domain Name System see DNS Domain Name System See DNS DoS 224 DS field 176 291 DS dee differentiated services DSCP 176 290 dynamic DNS 1...

Page 393: ... IV 369 Inside Global Address see IGA inside header 260 Inside Local Address see ILA interface group 205 Internet wizard setup 33 Internet access 18 wizard setup 33 Internet Key Exchange 260 Internet Protocol version 6 80 Internet Protocol version 6 see IPv6 IP address 140 153 ping 341 private 154 WAN 80 IP Address Assignment 103 IP alias NAT applications 196 IPSec algorithms 259 architecture 258 ...

Page 394: ... Maintenance Domain see MD Maintenance End Point see MEP Management Information Base MIB 323 managing the device good habits 17 Maximum Burst Size MBS 102 MBSSID 130 MD 340 media server 215 activation 216 iTunes server 215 MEP 340 MTU Multi Tenant Unit 103 multicast 104 multimedia 283 Multiple BSS see MBSSID multiplexing 101 LLC based 102 VC based 101 multiprotocol encapsulation 101 N NAT 181 182 ...

Page 395: ...ation 388 PSK 369 push button 22 Push Button Configuration see PBC push button WPS 132 Q QoS 163 176 290 marking 164 setup 163 tagging 164 versus CoS 163 Quality of Service see QoS R RADIUS 366 message types 366 messages 366 shared secret key 366 RADIUS server 128 Real time Transport Protocol see RTP registration product 388 remote management TR 069 319 Remote Procedure Calls see RPCs 319 reset 21...

Page 396: ... components 323 Set 324 Trap 324 versions 323 SNMP trap 196 speed dial 279 SPI 224 srTCM 178 SSID 128 activation 114 MBSSID 130 static route 155 160 327 configuration 99 156 158 200 example 155 static VLAN status 73 firmware version 75 LAN 75 WAN 75 wireless LAN 75 status indicators 20 subnet mask 140 153 supplementary services 291 Sustained Cell Rate SCR 102 SYN attack 224 syslog protocol 297 sev...

Page 397: ...N status 75 Wide Area Network see WAN 79 warranty note 388 WDS 120 131 compatibility 120 example 131 web configurator 23 login 23 passwords 23 24 WEP 129 WEP Encryption 112 113 WEP encryption 111 WEP key 111 Wi Fi Protected Access 368 wireless client WPA supplicants 370 Wireless Distribution System see WDS wireless LAN 107 125 authentication 127 128 BSS 130 example 130 channel 126 encryption 129 e...

Page 398: ...WPA PSK 369 wireless client supplicant 370 with RADIUS application example 370 WPA2 368 user authentication 369 vs WPA2 PSK 369 wireless client supplicant 370 with RADIUS application example 370 WPA2 Pre Shared Key 369 WPA2 PSK 369 application example 371 WPA PSK 129 369 application example 371 WPS 131 134 example 135 limitations 137 PIN 132 example 134 push button 22 132 ...

Reviews: