manualshive.com logo in svg

Zte ZXV10 H11X, User Manual

The ZTE ZXV10 H11X is a feature-packed and user-friendly device that enhances your home entertainment experience. With its extensive capabilities, it is important to have a comprehensive User Manual to fully utilize its potential. Download the free manual from manualshive.com to unlock all the possibilities this product has to offer.

Share
Download
background image

 

Chapter 6 - Security Configuration 

Confidential and Proprietary Information of ZTE CORPORATION

 97

 

SA only restricts the unidirectional data security policy 

and has its own independent SPI security index 
number. Here, the SPI number from the local to the 

peer is filled in.

 

 

Security Parameter Index: remote

 

SPI number from the local to the peer; Fill it in with 
reference to 

Security Parameter Index: Local

.

 

 

IPSec Protocol

 

Security protocol; IPSec allows two security protocol 

types: ESP (perform encryption and authenticate data 
completeness at the same time) and AH (only 
authenticating data completeness). ESP is 

recommended.

 

 

Encryption Algorithm (ESP only)

 

Data encryption algorithm; This product supports the 
following algorithms, encryption types and key lengths: 

3DES-CBC, AES-CBC (128), AES-CBC (192) and 
AES256-CBC (256). AES-CBC (192) algorithm is 

recommended.

 

 

Local Encryption Key (ESP only)

 

Encryption algorithm key of outgoing data; Make a 

selection based on the algorithm type and key length 
selected in 

Encryption Algorithm

. For example, if 

AES-CBC (192) is selected, it is necessary to submit a 
48-length hexadecimal string as encryption key 

(48=192/4).

 

 

Remote Encryption Key (ESP only)

 

Encryption algorithm key of incoming data; Fill it in 
with reference to 

Local Encryption Key

.

 

 

Authentication Algorithm

 

Authentication algorithm of data completeness; This 
product supports the following algorithms, hash types 

Summary of Contents for ZXV10 H11X

Page 1: ... Manual Version 1 0 ZTE CORPORATION ZTE Plaza Keji Road South Hi Tech Industrial Park Nanshan District Shenzhen P R China 518057 Tel 86 755 26771900 800 9830 9830 Fax 86 755 26772236 URL http support zte com cn E mail doc zte com cn ...

Page 2: ...s are disclaimed including without limitation any implied warranty of merchantability fitness for a particular purpose title or non infringement ZTE CORPORATION and its licensors shall not be liable for damages resulting from the use of or reliance on the information contained herein ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications covering ...

Page 3: ...ity of our product documentation and offer better services to our customers Please fill out the following questionnaire and fax to 86 755 26772236 Or mail to Publications R D Department ZTE CORPORATION ZTE Plaza A Wing Keji Road South Hi Tech Industrial Park Shenzhen P R China 518057 Thank you for your cooperation ...

Page 4: ...an improve this documentation Improve the overview introduction Make it more concise brief Improve the Contents Add more step by step procedures Improve the organization Add more troubleshooting information Include more figures Make it less technical Add more examples Add more better quick reference aids Add more detail Improve the index Other suggestions __________________________________________...

Page 5: ...mer Support xiv Documentation Support xiv Chapter 1 15 Product Profile 15 Product Overview 15 Packing List 15 Product Features 16 Product Appearance 17 System Requirements 20 Chapter 2 21 System Connections 21 System Application Environment 21 Hardware Connection 21 Connecting LAN Network Interface 21 Connecting WAN Ethernet Network Interface 23 ...

Page 6: ... Chapter 4 35 Basic Configuration 35 LAN Interface Configuration 35 LanGroup Configuration 36 DHCP Client List 38 DHCP Binding Configuration 39 WLAN Interface Configuration 40 Wireless Network Configuration 40 Basic Configuration of Wireless Network 40 Wireless Network Sub interface Configuration 41 WAN Connection Configuration 47 Configuring Bridge Connection 49 Configuring PPPoE Connection 51 Co...

Page 7: ...on 60 DDNS Configuration 61 DNS Server Configuration 64 IGMP Configuration 64 Setting IGMP Proxy 65 Setting IGMP Snooping 65 Bluetooth Configuration 66 IPQoS Configuration 67 Ingress Rate Limit Configuration 70 SNMP Configuration 71 TR069 Configuration 73 Chapter 6 75 Security Configuration 75 Firewall By level Control and SPI 75 Port Forwarding 77 Port Trigger 78 Remote Access Control 81 DMZ 83 F...

Page 8: ...figuration 101 Voice Configuration 103 SIP Configuration 105 Protocol Configuration 105 Media Configuration 107 MGCP Configuration 109 Protocol Configuration 109 Authentication Configuration 111 Route Select Configuration 112 Service Configuration 114 Service Configuration Display 115 Bluetooth MAC Address Configuration 116 Chapter 8 117 Other Operation Tools 117 System Commands 117 Network Contin...

Page 9: ...t Interface Statistics 125 WLAN Interface Statistics 126 Bluetooth Interface Statistics 126 USB Interface Statistics 127 Chapter 10 129 Voice Typical Configurations 129 SIP Typical Configuration 129 Step1 Select Protocol Type 129 Step2 SIP Protocol Configuration 130 Step 3 Check Port Status 131 Step 4 Save Configuration 131 MGCP Typical Configuration 132 Step1 Select Protocol Type 132 Step 2 Confi...

Page 10: ...10 Confidential and Proprietary Information of ZTE CORPORATION Appendix A 135 Solutions to Common Problems 135 Appendix B 139 Terms 139 Tables 147 ...

Page 11: ...ds radio button names check boxes drop down lists dialog box names window names CAPS Keys on the keyboard and buttons on screens and company name Constant width Text that you type program code files and directory names and function names Optional parameters Mandatory parameters Select one of the parameters that are delimited by it Note Provides additional information about a certain topic Checkpoi...

Page 12: ...N T I O N S Typeface Meaning Click Refers to clicking the primary mouse button usually the left mouse button once Double click Refers to quickly clicking the primary mouse button usually the left mouse button twice Right click Refers to clicking the secondary mouse button usually the right mouse button once Drag Refers to pressing and holding a mouse button and moving the mouse ...

Page 13: ...on which if not avoided could result in death or serious injury Caution Indicates a potentially hazardous situation which if not avoided could result in minor or moderate injury It may also be used to alert against unsafe practices Erosion Beware of erosion Electric shock There is a risk of electric shock Electrostatic The device may be sensitive to static electricity Microwave Beware of strong el...

Page 14: ...pport zte com cn You can also call our customer support center at 86 755 26771900 and 86 800 9830 9830 Documentation Support ZTE welcomes your comments and suggestions on the quality and usefulness of this document For further questions comments or suggestions on the documentation you can contact us by e mail at doc zte com cn or you can fax your comments and suggestions to 86 755 26772236 You can...

Page 15: ...with safe communication entertainment and storage functions Note H11X are series products of the Home Gateway that include H110 and H111 This guide provides the description of the H110 according to it configurations The difference between H111 and H110 is that it doesn t provide correlation function of Bluetooth and Cardbus which should be identified in the installation and operation Packing List ...

Page 16: ...face for the access to the PSTN network Users can receive calls coming from the FXO interface and make calls via the interface Telephone sets connected to the PHONE interface can access the PSTN network directly when the power is down ii LAN interfaces Fast Ethernet interfaces 4 RJ 45 10 100Mbps compliant with standards IEEE802 3 and IEEE802 3u WLAN interface Compliant with IEEE 802 11g b with bui...

Page 17: ...o security QoS and network management such as multi level authentication based on devices users and services encryption of data channels implementation of QoS requirements matching the local devices and network according to services with different requirements network management based on multiple management modes Product Appearance Front panel The front panel contains five indicators whose meaning...

Page 18: ...hed on with the WLAN button Off Not working switched off with the WLAN button WLAN indicator Green flashing Flashing according to the network traffic Green indicator always on Working switched on with the Bluetooth button Bluetooth indicator Off Not working switched off with the Bluetooth button Back panel The back panel provides two RJ 45 LAN network interfaces one RJ 45 WAN network interfaces tw...

Page 19: ...etails Button Function Description WLAN button Press this button for more than 1 s to start or close Wi Fi Bluetooth button Press this button for more than 1 s to start or close Bluetooth RST Resetting button Holding on the key for more than five seconds allows you to reset the current configuration to the factory default settings and the system will then restart automatically all the four indicat...

Page 20: ...or have a built in 802 11g b wireless network adapter Each PC to access the network should operate in at least one operating system out of Windows 98 ME 2000 NT XP or Linux be correctly equipped with the network adapter driver and TCP IP protocol and have correct network settings This product is set to use the fixed IP address Static IP or the IP address allocated in PPPoE DCHP dial up You also ne...

Page 21: ...ystem Application Environment The main application scenario of the ZXV10 H11X home gateway is shown below ZXV10 H11X WAN Hardware Connection Connecting LAN Network Interface Connect the LAN network interface of the H110 to the network adapter of the PC or another network device through a crossover or ...

Page 22: ...e local network through WLAN Install a wireless network adapter on your PC and then connect the local network through the IEEE 802 11g b based WLAN Try to place the H110 in the center of the wireless center to achieve the optimal coverage Make sure that you have placed the H110 in the idealist location in the whole office or house When connecting the local network via WLAN make sure that the WLAN ...

Page 23: ... end connect to the carrier network Connecting Telephone Connect a telephone to the telephone interface of the H110 through the twisted pair with an RJ 11 connector Connection Power Adapter Use the power adapter to connect the power supply to the H110 and ensure that the running indicator on the front panel of the H110 is on Warning Please use the power adapter provided by ZTE Using of the wrong p...

Page 24: ......

Page 25: ...ct a PC directly to the Ethernet port of the H110 Confirm that the TCP IP settings of the PC are correct Disable any running firewall or security software Disable the proxy server setting of the explorer Get some data from your service provider You can consult your service provider for details Installing TCP IP If your PC has not yet been installed with TCP IP just install it in the following step...

Page 26: ... ZTE CORPORATION Double click the Local Connections icon and then click the Properties button in the Local Area Connection Properties window Click the Install button and then double click the Protocol icon Select Internet protocol TCP IP and then click OK to finish the protocol installation ...

Page 27: ...ame as that of the H110 The default network setting for H110 IP address 192 168 1 1 subnet mask 255 255 255 0 default gateway 192 168 1 1 If your PC is not configured with TCP IP previously use Use the following IP address option to configure it Follow the steps below Double click the Local Connections icon and then select Internet protocol TCP IP from the Local Area Connection Properties window T...

Page 28: ... in the same network segment with the LAN interface address of the H110 that is 192 168 1 x x is in the range of 2 254 For example IP address is 192 168 1 2 subnet mask is 255 255 255 0 and the default gateway setting is 192 168 1 1 Click the OK button to save the setting Note The settings are subject to your network requirements Be sure to perform the above configurations for the first access to ...

Page 29: ...will be always on In addition you can use the Ping command to check the network connection between the PC and the H110 by taking the following steps Click the Start button and select Run Key in cmd in the pop up Run dialog box and then press Enter Key in ping 192 168 1 1 at the cursor position in the pop up interface and then press Enter If the following information appears Pinging 192 168 1 1 wit...

Page 30: ... correctly configured If the default IP address of the H110 is 192 168 1 1 the IP address of your PC must be within the range from 192 168 1 2 to 192 168 1 254 the subnet mask should be 255 255 255 0 the default gateway should be 192 168 1 1 and the DNS server address should be 192 168 1 1 Login The H110 provides configuration tools based on the WEB interface to facilitate configuration and manage...

Page 31: ...irm whether the certificate provided by the WEB server is correct If yes you will enter the WEB configuration page If you cannot open the device configuration web page check the proxy server setting of the browser Select to disable the proxy server or do not use proxy server for device IP address General Functions The general function interface displays description of all the configuration content...

Page 32: ... V1 0 Home Gateway User s Manual 32 Confidential and Proprietary Information of ZTE CORPORATION Click the Log Out button at the right upper corner on the interface to exit user login and return to the login page ...

Page 33: ...Chapter 3 Preparations for Configuration Confidential and Proprietary Information of ZTE CORPORATION 33 This page is intentionally blank ...

Page 34: ......

Page 35: ... of the H110 The basic configuration covers LAN interface configuration Wireless IEEE 802 11g b configuration and WAN connection configuration LAN Interface Configuration Click the LAN Configuration link on the left part of the page to enter the LAN interface configuration page where you can configure the related information of four LAN interfaces of the H110 ...

Page 36: ...on information will not be lost after powering off it must be saved Click Log Out button at the right upper corner on the interface to exit user login and return to the login page LanGroup Configuration Click the LanGroup1 link in the LAN Configuration table to enter the LanGroup1 Configuration page where you can set the protocol and network layer related information in the basic LAN Group IP Addr...

Page 37: ...d to ensure one effective path in two terminals Enable DHCP Enabling disabling DHCP Using DHCP Server Enabling the device as DHCP server function IP address can be allocated to the client Start IP Start IP address allocated by the DHCP Server End IP End IP address allocated by the DHCP Server NetMask IP subnet mask allocated by the DHCP Server Gateway Gateway IP address used by the DHCP client Dom...

Page 38: ...e IP address Using DHCP Relay Enabling disabling the DHCP relay service Server IP IP address of the DHCP Server WAN Uplink interface connection DHCP Client List Click the DHCP Clients link to enter the page for listing DHCP clients that is showing the related information of the IP addresses leased MAC Address MAC address of DHCP client IP Address IP address allocated to DHCP client ...

Page 39: ... binding set up a DHCP binding table and map the client MAC address and IP address The DHCP Server will allocate an IP address to your PC according to the configured binding relation between MAC and IP addresses and it will never expire For example you can configure the MAC address as 00 11 85 04 25 e4 and the IP address as 192 168 1 100 indicating that the DHCP Server will allocate the IP address...

Page 40: ...ork Wireless Network Configuration Basic Configuration of Wireless Network Click the Wireless link on the left part of the interface to enter the basic WLAN configuration interface where you can configure the following parameters Enable Wireless RF Enabling or disable WLAN sub interface Mode Selecting the wireless communication mode You can select 802 11b or 802 11g Channel Wireless channel number...

Page 41: ...e area ID consisting of up to 32 characters with case sensitivity and used to control wireless network access This value must match SSID of any access point for communication Otherwise the system cannot be accessed the system supports enabling of four wireless network sub interfaces at most Wireless Network Sub interface Configuration Click the LAN Configuration link on the left side of the page t...

Page 42: ...sub interface which displays the ESSID and status information of the corresponding wireless network sub interface 2 Security setting for wireless network sub interface After entering the configuration page of wireless network sub interface click the Security link at the upper part of the page to enter the security configuration page of wireless network sub interface ...

Page 43: ...ey lengths 64 128 152 bit In the majority of applications the 64 bit WEP key is sufficient To strengthen security you can select the 128 bit or 152 bit key length Select the format Hexadecimal or alphanumeric corresponding to the key and configure key values Key1 Key4 for WEP encryption and select one for configuration Select the authentication mode between wireless devices Shared Key or Open Syst...

Page 44: ...Interval Select the PSK mode encryption without authentications or 802 1x authentication encryption For the PSK mode just add the corresponding password For 802 1x authentication encryption add the IP address and keyword of the authentication server Jump Start You can also select the encryption mode JumpStart that can be used simply Just simply submit this function to connect our home gateway with...

Page 45: ...ace click the Management link at the upper part of the page to enter the user management page of wireless network sub interface where you can configure the WLAN Station MAC address filtering rule and check the information of all the WLAN Stations associated with this wireless network sub interface Configuring MAC address filtering rule You can set the MAC address based access mode to control the c...

Page 46: ...an Banning the following MAC address associations Disable Access List Not enabling this function MAC Address MAC address to be controlled Note It only functions for the unassociated Station but not the associated Station Checking the currently associated Stations Check the information of all the WLAN Stations associated with this wireless network sub interface ...

Page 47: ...ct provides the support for multiple WAN connections in one physical link besides the support for a single WAN connection When the support for multiple WAN connections is enabled the uplink message will contain VLAN label and priority field to identify different services and priorities The following examples of PPPoE connection describe the WAN connection configuration pages when the support for s...

Page 48: ...RPORATION A B C A B C The WAN Connection page includes areas A B and C Area A is used to configure the global parameters for the WAN connection Area B configures the compulsory parameters for any type of WAN connection Area C configures specific parameters for different types of WANs The following ...

Page 49: ... of the WAN Ethernet interface Current Link Status Current link status on the WAN Ethernet interface Caution You d use the Enable multiple WAN connections option in Area A with caution If you change the option setting change between enable and disable and click the Apply button all the WAN connections you configured will be cleared directly and an alert will appear on the page Configuring Bridge C...

Page 50: ...eway User s Manual 50 Confidential and Proprietary Information of ZTE CORPORATION Name Connection name Type Connection type VLAN ID VLAN label in the Ethernet packets on the WAN interface used only for multiple WAN connections ...

Page 51: ...ly for multiple WAN connections LAN group Associated LAN group Configuring PPPoE Connection Click the WAN Connection link on the left part of the WEB page and select PPPoE in the Type box to configure the PPPoE connection The configuration window when the multiple WAN connections or single connection is enabled is as shown below ...

Page 52: ...Type Connection type NAT Enabling disabling NAT VLAN ID VLAN label in the Ethernet packets on the WAN interface used only for multiple WAN connections Range 1 4094 Priority Priority of processing used only for multiple WAN connections Range 0 7 Username Authenticated user name Password Authenticated password Authentication type ...

Page 53: ...Manual Idle Timeout Idle time Default Gateway Whether to add the peer IP of PPP dialing as default gateway Configuring Static Connection Click the WAN Connection link on the left part of the WEB page and select Static in the Type box to configure the Static connection The configuration window when the multiple WAN connections or single connection is enabled is as shown below ...

Page 54: ...Name Connection name Type Connection type NAT Enabling disabling NAT VLAN ID VLAN label in the Ethernet packets on the WAN interface used only for multiple WAN connections Priority Priority of processing used only for multiple WAN connections IP Address Interface IP address Mask Subnet mask Default Gateway ...

Page 55: ...dress of gateway DNS DNS server IP address Configuring DHCP Connection Click the WAN Connection link on the left part of the WEB page and select DHCP in the Type box to configure the DHCP connection The configuration window when the multiple WAN connections or single connection is enabled is as shown below ...

Page 56: ...y Information of ZTE CORPORATION Name Connection name Type Connection type NAT Enabling disabling NAT VLAN ID VLAN label in the Ethernet packets on the WAN interface used only for multiple WAN connections Priority Priority of processing used only for multiple WAN connections ...

Page 57: ...it configuration SNMP configuration and TR069 configuration UPnP Configuration Click the UPnP link on the left part of the WEB page to enter the UPnP page where you can select whether to enable the UPnP function of the H110 and designate the user side interface LAN Connection and the network side interface WAN Connection of the UPnP function The UPnP function is used to support zero configurations...

Page 58: ... LAN side interface Static Route and Dynamic Route Configuration Click the Route link at the left side of the page to enter the route configuration page of the H110 which is used to configure static route and RIP dynamic route Static Route Click the Static Route link to enter the Static Route page which displays the static route information list of the H110 You can configure a new route entry or m...

Page 59: ...on network ID subnet mask and next hop IP and then click the Add button Once a route is added the route list will be refreshed If you need to modify an existing route select its check box from the route list Its configuration is shown in the setting box You can modify the next hop IP address and click the Modify button To delete an existing route entry select it from the displayed route list and t...

Page 60: ...unction of the H110 select Enable RIP Then you can configure the Version and Interface parameters Version RIP protocol version Interface The network interface for RIP enabling for the WAN side interface RIP only configured at the interface without NAT enabled SNTP Client Configuration Click the SNTP link on the left part of the page to enter the SNTP function configuration page where you can confi...

Page 61: ...n name of the SNTP server Secondary SNTP Server IP address or domain name of the SNTP standby server Poll Time Poll time interval in seconds indicating the interval of server time synchronization with the setting range from 3600 s 1 hour to 86400 s 24 hours DDNS Configuration Click the DDNS link on the left part of the WEB page to enter the DDNS Setup page where the user can select whether to enab...

Page 62: ...e domain name service After the DDNS is applied to this host the IP address change of this host will not affect users access to the domain name and users will not feel such IP address change of this host This product supports two types of DDNS domain name protocols GNUDIP http gnudip2 sourceforge net DDNS3 http www ddns nu The two protocols can be used at the same time and selected from the drop d...

Page 63: ...protocol is used WAN Connection Selecting the WAN side connection interface Note Username and password are obtained through the registered DDNS server and different protocols use different modes The DDNS3 protocol configures a Handle in the DDNS server through them and it is bound with an IP address and also corresponds to a domain name can be set To configure this item you should log in to http w...

Page 64: ...t part of the WEB page to enter the DNS Configuration page where you can configure static DNS record Domain Name Domain name Host Name Host name IP Address IP address of the host IGMP Configuration Click the IGMP link on the left part of the WEB page to enter the IGMP Proxy configuration page where you can select whether to enable IGMP Proxy and IGMP Snooping services ...

Page 65: ... can select whether to enable the IGMP Proxy service and specify the network side interface WAN Connection of the IGMP Proxy function Enable IGMP Proxy Enabling the IGMP Proxy function WAN Connection Selecting the WAN side connection interface Setting IGMP Snooping The IGMP Snooping function monitors and filters to control multicast data forwarding at L2 of the network Enable IGMP Snooping Enablin...

Page 66: ...n configure the Identity of the H110 Bluetooth interface and decide whether to enable the Personal Area Network PAN service of the Bluetooth interface Identity Indicating the identity of the Bluetooth interface PIN Personal Identification Number verification code of Bluetooth module Authentication Whether to enable authentication function of PIN code Service PAN Indicating the switch of the Person...

Page 67: ... IPQoS rule and relevant parameters of the queue dispatching algorithm based on priority and weight You can define different priorities for the data flows of different applications to send the data at a higher priority first and limit bandwidth for the specified data flow to ensure the bandwidth of other data flows WAN Connection Selecting a WAN connection as the egress interface bound with the IP...

Page 68: ...ctly allocated to VOIP not allowing the user to configure it For the other seven queues the drop down list boxes behind specify the weight proportion corresponding to each priority and the sum of seven weight values should be 100 Note When there is VOIP voice flow at a moment then the available maximum bandwidth for the seven queues Default Premium total bandwidth the bandwidth occupied by VOIP IP...

Page 69: ...CP UDP and ICMP Source IP Address Source IP address of the data flow Destination IP Address Destination IP address of the data flow Source Port Source port of data flow the configuration format of this item can be xx or xx xx Destination Port Destination port of data flow the configuration format of this item can be xx or xx xx Interface In interface of the data flow ...

Page 70: ...low Ingress Rate Limit Configuration Click the Ingress Rate Limit link on the left part of the page to enter the Ingress Rate Limit configuration page Ingress rate limit can limit the incoming data flow rates of all the interfaces You can enable ingress rate limit at an interface configure the incoming data flow protocol source address port and destination address port and control the rate of this...

Page 71: ... of the incoming data flow Source Port Destination port of the incoming data flow Destination Port Destination port of the incoming data flow Rate Controlling rate of this data flow in the unit of kbps kbit s Note As configuring the ingress rate limit rule if you select ICMP for Protocol then Source Port and Destination Port cannot be configured SNMP Configuration As the Simple Network Management ...

Page 72: ...NMP Configuration page where you can set the SNMP read write community string enable or disable the SNMP Agent of the H110 and set the information such as Trap address Enable SNMP Agent Enabling SNMP agent function Enable SNMP Trap Enabling SNMP alarm sending function Name Device name Location Name of the device administrator the default address is Nanjing P R China Contact ...

Page 73: ...y string name of SNMP Access Right Access right of the SNMP read write community string Destination IP Destination IP address for receiving the SNMP alarm Trap Community Community string name of SNMP alarm Version Version number of SNMP TR069 Configuration Click the TR069 link on the left part of the Web page to enter the TR069 Configurations page where you can configure URL and account for connec...

Page 74: ...anual 74 Confidential and Proprietary Information of ZTE CORPORATION ACS URL ACS URL address Username ACS username Password ASC password CPE URL CPE URL address Username CPE username Password CPE password Default WAN Default WAN connection ...

Page 75: ... control of firewall port forwarding port trigger service control DMZ IP bridge filter WEB and URL filter and IPSec connection Firewall By level Control and SPI Click the General link on the left part of the interface to enter the firewall by level control and SPI setting page where the user can configure the firewall security level and whether to enable the status packet check accelerating functi...

Page 76: ...ter network and the anti attack function is also enabled Medium The firewall level is medium In this case bilateral access of the inner network and outer network is allowed but the set IP filtering rule that takes effect will restrict the corresponding access Low The firewall level is low In this case all the access of the inner network and outer network is allowed Note that all the filtering rule...

Page 77: ...he page to enter the Port Forwarding page where you can configure a port access redirection policy with the WAN side IP address as the source and the LAN side IP address as the destination You can configure at most 16 port forwarding entries Port forwarding is used for the host of the WAN to access the server of the LAN as the client Enable Port Forwarding Enabling the port forwarding function Nam...

Page 78: ...rt number ranges from 2030 to 2050 On the Port Forwarding page you can enable the default configuration set the host IP address of the LAN and specify the network side interface so as to redirect access requests of the ports at the WAN side to a specified LAN host Click Edit to edit the default number enable Port Forwarding specify the WAN connection to pppoe and set the IP address to of LAN host ...

Page 79: ...col of trigger connection Trigger Start Displaying the port where trigger connection starts Trigger End Displaying the port where trigger connection ends Open Protocol Displaying the protocol of forwarding connection Open Start Displaying the port where forwarding connection starts Open End Displaying the port where forwarding connection ends Status Displaying the status of the current trigger app...

Page 80: ... of trigger application configurations Modify Modifying the current trigger application configuration Delete Deleting the current trigger application configuration Reset Restoring the current trigger connection to the ex factory status The user can click the Add or Modify button to enter the property setting interface for port trigger Name Configuring the name of the current trigger application Tr...

Page 81: ...tting to validate the current configuration Back Canceling the current configuration Remote Access Control Click the Service Control link on the left part of the WEB page to enter the Service Control page where you can configure a policy to control use of the specified IP address to access the specific service of the H110 Services of the H110 refer to TELNET FTP SNMP HTTPS and HTTP The control doe...

Page 82: ...hosts at the LAN side to access services of the H110 If Enable WAN Access is set then hosts of the WAN side can also access the services The parameter Mode is only effective for the configured IP address If it is set to white list only the configured IP address will be allowed to access services of the H110 If it is set to black list the configured IP address will not be allowed to access services...

Page 83: ... network but the hosts in the DMZ zone can act as servers for the other zones It is recommended that the host in the DMZ zone can be set to the FTP or WEB server to ensure security of the LAN side hosts not in the DMZ zone Then the specific policy can be set in the Port Forwarding interface to redirect the request of the WAN side host for the FTP service of the H110 to the FTP or WEB server in the...

Page 84: ...e For example you can set host 192 168 1 5 as a host of the DMZ zone Filter Setting Bridge Filter Click the Bridge Filter link on the left part of the WEB page to enter the Bridge Filter page where you can configure an access filter rule based on the source MAC address and the destination MAC address You can set up to 12 bridge filter entries Enable Bridge Filter Enabling the bridge filter functio...

Page 85: ...s 00 2d 30 51 11 23 and protocol as ANY and then click Add to add an entry You can also select an entry to be edited or deleted and then click Submit to edit or delete it On the Bridge Filter page you may choose to only configure the source MAC address for the filter Setting IP Filter Click the IP Filter link on the left part of the WEB page to enter the IP Filter page where you can define a port ...

Page 86: ... the IP filter function Name Name of the IP filter Protocol Selecting name of the protocol The options are ANY which indicates any protocol TCP UDP and ICMP Source IP Address Source IP address Source Netmask Source address subnet mask Destination IP Address Destination IP address Destination Netmask Destination address subnet mask ...

Page 87: ...3 on langroup2 as the destination Then set Source IP Address as 192 168 1 2 and Destination IP Address as 192 168 2 13 select TCP for Protocol fill in 21 for both the start port and end port select langroup1 for Interface In and langroup2 for Interface Out name this rule select the Enable IP Filter option and then click the Add button Setting URL and WEB Filter Click the Web Filter link on the lef...

Page 88: ...cide policy validation condition Filtering Rule Used to configure rule so the user can set Web filter condition Add Adding policy or project Modify Modifying the current selected policy or project Delete Deleting the current selected policy or project Policy Name Name of the current project LAN Content Displaying the LAN side terminal affected by the current project ...

Page 89: ...us Showing the running status of the current project Action Button for running and stopping the project 1 The user can click the Add or Modify button of Filtering Rule to enter the policy property interface Rule Name Name of the current policy Description Description of the current policy URL Key Specifying a list of URL keywords separated by spaces For example EDU MOVIE ...

Page 90: ...Canceling the current modifying operation 2 After configuring the policy the user can return to the main interface and click the Add or Modify button of Filtering Policy to enter the project property interface Policy Name Name of the current project Client The type of the client where the project takes effect three options are available langroup indicating the filter unit is langroup IP filtering ...

Page 91: ...enabled only when Advanced SNTP is validated for the SNTP client configuration refer to SNTP Client Configuration 3 After the user s configured Advanced SNTP function takes effect contents of the Schedule option will appear automatically Please select a date Setting the validating time for the current project for example Mon Tue or Wed Start Selecting the project start time End Selecting the proje...

Page 92: ...ared secret and RSA digit signature as the negotiation authentication mode If you select the RSA digit signature authentication mode correctly fill in the RSA authentication key of the peer party The user can update the RSA key as required and send it to other users to set up IPSec security connections with him Note The default condition for updating RSA key is that the system has no security conn...

Page 93: ... the system security Adding New Connection Click the New IPSec Connection link on the left part of the WEB page to enter the Configure VPN IPSec page where you can configure and add a new IPSec security connection IPSec security connection parameters fall into three categories general configuration General security property configuration IPSec and negotiation property configuration IPSec Automatic...

Page 94: ...ted endpoint address of the peer party Security Association Mode IPSec security protection mode The Tunneling and Transport modes are optional Tunneling is used to protect security of external sent data of the inner network host of the H110 or the H110 and Transport is only used to protect security of external sent data of the H110 Therefore when Transport is selected the following four items will...

Page 95: ...on IPSec Automatic negotiation connection configuration IKE Mode Negotiation mode Main Mode recommended mode and Aggressive Mode are optional Life Time in Seconds 1 28800 Life time of security negotiation parameter to ensure data transmission security such key parameters generated by negotiation as key will be automatically stopped in a period and parameters are also renegotiated automatically The...

Page 96: ...uthentication both parties should fill in the peer RSA key For specific configuration refer to the relevant introduction in Setting RSA Key Fill in it as actually required Use Perfect Forward Secrecy PFS Whether to select Use Perfect Forward Secrecy and select whether to adopt Perfect Forward Secrecy at the second sub phase of key negotiation or future key update to ensure there is no statistic la...

Page 97: ...ness ESP is recommended Encryption Algorithm ESP only Data encryption algorithm This product supports the following algorithms encryption types and key lengths 3DES CBC AES CBC 128 AES CBC 192 and AES256 CBC 256 AES CBC 192 algorithm is recommended Local Encryption Key ESP only Encryption algorithm key of outgoing data Make a selection based on the algorithm type and key length selected in Encrypt...

Page 98: ...ubmitting the new connection Cancel Canceling all the configurations of this connection Examples 1 User A can create a connection with Connection Name as Myserv Remote Endpoint address as 10 40 40 151 B public network address Interface as Wizard Conn Security Association Mode as Tunnel Local subnet IP Address as 192 168 13 0 Localsubnet Mask as 255 255 255 0 Remote subnet IP Address as 192 168 12 ...

Page 99: ...234567 3 After both parties submit their own connections the upper part of this page will display the Connected prompt Modifying Deleting Connection After an IPSec security connection is correctly created an option will be automatically added under the New IPSec Connection submenu named as the new connection name Select it to enter the modifying page for this connection Except the connection name ...

Page 100: ...Confidential and Proprietary Information of ZTE CORPORATION 100 This page is intentionally blank ...

Page 101: ...tion voice related configuration routing related configuration service related configuration and number related configuration General Configuration Click the General link on the left part of the page to enter the General configuration page where you can select the signaling protocol used for VOIP display the registration status of each subscriber line and set the length and prefix of the internal ...

Page 102: ...isplayed it indicates it is not registered successfully when VOIP phone number cannot be dialed Ext number setup Configuring length and prefix of the internal line phone number Length is the internal line number length Cannot be changed by the user and Prefix is the internal line number prefix Changeable The default internal line number prefix is so the extension number connected to PHONE1 is 00 a...

Page 103: ...Voice page where you can configure each parameter related with VOIP voice Voice Activity Detector VAD Disable VAD No detection Enable using default scheme Using the default scheme Enable using PT13 scheme Using PT 13 scheme not supported temporarily Enable VAD but no silence information sent Able to make silence detection but not send silence packet not supported temporarily ...

Page 104: ... to PCM with the range 14db 6db PCM to Packet Digital Gain Digital gain from PCM to packet with the range 14db 6db Master Echo Enabling disabling the master echo canceller Silence Handling PCM Whether to generate the comfortable nose for the PCM direction during the silence period not supported temporarily Fax Configuration T 38 not supported temporarily Pass Through transparent transmission mode ...

Page 105: ... the WEB page to enter the VOIP configuration page 2 Click the General link on the left part of the page to enter the General configuration page for VOIP 3 Select SIP from the Signaling protocol box 4 Click the Apply button to finish the SIP protocol selection 5 Click the SIP Protocol link on the left side of the page to enter the Protocol configuration page Protocol Configuration Click the Protoc...

Page 106: ...ess IP address or domain name of the second Proxy server Port Port of the second Proxy server Test Link Flag Test link flag Peer Call Flag Peer to peer call flag Phone Number User phone number Password User registration password Enable Enabling VOIP account if the corresponding account is not ticked it will be suspended Note The password entry box does not display the set password During password ...

Page 107: ... Media Configuration Click the Media link to enter the Media Setting page which is used to declare one s media capability in network communication Currently talk media and fax media can be configured 1 Talk media Enable Enabling flag whether to enable disable this media configuration item Type ...

Page 108: ... that of rfc2833 is 97 Packet_time Packet assembly interval indicating the media information in how long a period will be assembled in one UDP to be transmitted Clockrate Sampling rate indicating the sampling rate when this media is generated 2 Fax media Enable Enabling flag whether to enable disable this media configuration item Type Media type indicating the basic type of this media is voice or ...

Page 109: ... is an interface protocol used in the next generation network for the control interface generated after separation of media processing from signaling control that is the interface between the MG Media Gateway and the CA Call Agent 1 Click the VOIP button on the WEB page to enter the VOIP configuration page 2 Click the General link on the left part of the page to enter the General configuration pag...

Page 110: ...Port of local interface used by MGCP protocol First CA Domain Name Domain name of the first CA Call Agent IP Address IP address of the first CA Call Agent Port Port of IP address of the first CA Call Agent Second CA Domain Name Domain name of the second CA Call Agent IP Address IP address of the second CA Call Agent Port Port of IP address of the second CA Call Agent End Point ...

Page 111: ... subscriber line name defaulted as aaln VOIP VOIP account Index of the MG subscriber Sequence Number Serial number of the MG subscriber line name Enable Enabling VOIP account if the corresponding account is not ticked it will be suspended Click the Apply button to submit the service type change Authentication Configuration Click the MGCP Auth link on the left side of the page to enter the Authenti...

Page 112: ...y defaulted as 0123456789ABCDEF P DH algorithm index 1 96 bytes or 2 128 bytes defaulted as 1 G DH algorithm base number defaulted as 2 Click the Apply button to submit the service type change Route Select Configuration Click the Route Select link on the left side of the page to enter the Route select configuration page where you can define routes of two office directions VOIP PSTN PSTN internet t...

Page 113: ...te Select Office Selecting office direction including VOIP PSTN Office prefix Office direction prefix Office dial plan Office direction dial plan PSTN setup IP Code Internet telephony access code Prefix Dial Plan PSTN dial plan Default office Setting the default office or route for each inner line ...

Page 114: ... enter the Service Setup page where you can configure the forwarding service hotline ring at all Ext call waiting CID CID restriction and polarity reversal billing services Phone line to assign service Selecting the number for the assigned service Forwarding Forwarding services including Unconditional Forwarding Forwarding when busy Forwarding when unreachable and Forwarding when no reply ...

Page 115: ...ce type change Note The service setup column contains some disabled items indicating the current signaling protocol version does not support these services temporarily Some services are disabled in gray when the user selects a different line indicating these services cannot be configured at the current line Service Configuration Display Click the Service Show link on the left side of the page to e...

Page 116: ... and Proprietary Information of ZTE CORPORATION Bluetooth MAC Address Configuration Click the Bluetooth MAC Setup link on the left side of the page to enter the Bluetooth MAC Setup page In this page you can set the MAC address of the Bluetooth extension number ...

Page 117: ...including operation tools for configuration saving device restart default value restoring PING user management version upgrade configuration export system log check and configuration System Commands Click the System Commands link on the left part of the page to enter the System Commands page where you can save the current setting restart the H110 and restore the default configuration ...

Page 118: ...t wait for the process to be completed Click the Restore Defaults button The system will replace the your current configuration with the default configuration Network Continuity Test Tool PING Click the Ping link on the left part of the page to enter the Ping page where you can use the Ping command to test the network continuity IP Address IP address For example To make Ping test for the host with...

Page 119: ...istrator s password and ordinary user s password User Right Selecting the user right Administrator or User Username User name which is admin for super user and public for ordinary user not modifiable New Password New password Repeat New Password Confirming the new password Note The user with the Administrator rights can completely configure the H110 while the user with the User rights can only per...

Page 120: ...iguration button to download the configuration file of the H110 to a local location System Log Click the System Log link on the left part of the WEB page to enter the Syslog Configurations page which provides the system log configuring displaying clearing saving and downloading functions System Log Parameter Configuration Click the System Log Settings link to enter the system log parameter configu...

Page 121: ... record this level of logs and logs above this level Enable Server Whether to enable the log server Server IP Configuring its IP address if the log server is enabled Auto Save Timed saving after this function is enabled the current log will be saved to flash every two hours After the system is powered down the log record before powering down can be still obtained Showing System Logs Click the Logs...

Page 122: ...page provides four buttons You can click them to implement the following functions Refresh Showing the current latest 20 log records Save Saving the current log record to flash Clear Clearing the current log record that is there is 0 log now Download Downloading the current log records to the specified local path ...

Page 123: ...10 where you can check PPP connection status system running time system CPU memory usage IPQoS statistics and statistics of each network interface PPPoE Status Information Click the PPPoE Status link on the left part of the WEB page to enter the PPP Connections Status page where you can view the PPP connection status information the IP address and online time of the PPP connection ...

Page 124: ... the System Information page where you can view the basic status when the system runs uptime memory and CPU usage IPQoS Statistics Click the IPQoS Statistics link on the left part of the page to enter the List of IPQoS Statistics page where you can view the numbers of sent packets bytes and the numbers of dropped data packets bytes of different queues under TC dispatching at each interface ...

Page 125: ...tatistics Click the Network Statistics link on the left part of the page to enter the network statistics page where you can see the network statistics of four interface types Ethernet Interface Statistics Click the Ethernet link to display the statistics of received sent packets on the Ethernet interface ...

Page 126: ...ZTE CORPORATION WLAN Interface Statistics Click the WLAN link on the page to display the statistics of received sent packets on the WLAN interface Bluetooth Interface Statistics Click the Bluetooth link on the page to display the statistics of received sent packets on the Bluetooth interface ...

Page 127: ...Device Status Check Confidential and Proprietary Information of ZTE CORPORATION 127 USB Interface Statistics Click the USB link on the page to display the statistics of received sent packets on the USB interface ...

Page 128: ......

Page 129: ...on on the WEB page to enter the VOIP configuration page 2 Click the General link on the left part of the page to enter the General configuration page for VOIP 3 Select SIP from the Signaling protocol box 4 Set the Length and Prefix of the internal phone number from Ext number setup 5 Whether enabling Two stage dialing flag 6 Click the Apply button to finish the SIP protocol selection ...

Page 130: ...s or domain name and port for the first proxy server in the First Proxy field The IP address or domain name and port are provided by the service provider 4 For the IP address and port in the Second Proxy field you can use the default values unless the service provider has special requirements 5 For the phone numbers passwords and enabling flags configured for the two phone interfaces the service p...

Page 131: ... of the page to query the port status If the both ports are displayed In Service you can make a call Step 4 Save Configuration 1 After successful configuration click the Tool button on the WEB page 2 Click the System Commands link on the left part of the WEB page to enter the System Commands page 3 Click the Save All button to save all the configuration modifications ...

Page 132: ... on the WEB page to enter the VOIP configuration page 2 Click the General link on the left part of the page to enter the General configuration page for VOIP 3 Select MGCP from the Signaling protocol box 4 Set the Length and Prefix of the internal phone number from Ext number setup 5 Whether enabling Two stage dialing flag 6 Click the Apply button to finish the MGCP protocol selection ...

Page 133: ...provider in the First CA filed If the service provider does not provide the domain name use the default value 4 Fill in the Domain Name IP address and port in the Second CA field you can use the default values unless the service provider has special requirements 5 Configure the domain name which is provided by the service provider for the end port End Point 6 Configure the register mode and the na...

Page 134: ...rt of the page to query the port status If the both ports are displayed In Service you can make a call Step 4 Save Configuration 1 After successful configuration click the Tool button on the WEB page 2 Click the System Commands link on the left part of the WEB page to enter the System Commands page 3 Click the Save All button to save all the configuration modifications ...

Page 135: ... is connected properly to the H110 and a power source outlet on the wall WAN indicator is not lit when the Ethernet cable is connected on the WAN side Make sure you are using standard Ethernet twist pair cable and check if the Ethernet cable connector is connected properly The Home Gateway WAN interface should be connected to the host using cross cable and to the router switch or hub using straigh...

Page 136: ...he PC or set the computer to obtain IP address automatically Confirm with the carrier that the DNS server allocated to your computer is valid and confirm if the DNS server address is configured properly or the computer is set to obtain DNS server address automatically Confirm that you have enabled the NAT option in the current WAN connection Disable the proxy server setting in the web browser A pr...

Page 137: ...s registered that is it is in service If it is not registered please check the SIP or MGCP configuration by referring to VOIP configuration in Chapter 7 If the port status is in service it means the connection is proper Contact the service provider if you still cannot make a call Configuration made at Web page is lost after restart Make sure you click the Submit button for confirmation after every...

Page 138: ...ZXV10 H11X V1 0 Home Gateway User s Manual 138 Confidential and Proprietary Information of ZTE CORPORATION This page is intentionally blank ...

Page 139: ...similar to it but it uses two high quality twisted pairs with the highest data transmission rate as 100Mbps Adapter The device connected to a network segment such as Ethernet modem card or adapter Bandwidth The quantity of data can be transmitted in a fixed length of time Broadband Broadcast technology supporting voice image and data transmission via multiple channels DDNS Network server providing...

Page 140: ...he domain name in http www zte com cn index jsp is www zte com cn DoS DoS Denial of Service will be triggered when the PC or network fails to work normally For example a hacker may use a false IP address to accumulate quantities of connections and attack the target server Ethernet As one of the most common LAN protocols it supports bus technology with the transmission rate range as 10Mbps 1000Mbs ...

Page 141: ...Hub is a shared network connection device providing multiple network interfaces It connects multiple computers in a network and allows data exchange between computers Sharing means all the ports of a hub share the fixed bandwidth so the average data transmission rate and efficiency per user port is restricted by the number of users IEEE IEEE Institute of Electrical and Electronic Engineers is the ...

Page 142: ...Sec VPN to strengthen security and reliability in data transmission ISP ISP Internet Service Provider provides Internet access services for the individual and company LAN LAN is a networking environment connecting some communication devices computers terminals and printers in such limited areas as the room and campus MAC Address MAC Media Access Control address is the L2 address parameter of netwo...

Page 143: ...f rules defining the data formats observed between network devices so they can communicate with each other transmits sends and receives data between them Router Router implements connection of different types of networks through the remote WAN Generally the ISP line and the peer router of WAN or other network devices are interconnected to realize long haul data transmission During data transmissio...

Page 144: ...hich packets are exchanged in interconnected networks This protocol regards the network protocol IP as a lower protocol by default It provides the simplest protocol mechanism for sending information to another user program This protocol is operation oriented and does not provide submission and duplication protections URL URL Uniform Resource Locator means a web address in general URL indicates a s...

Page 145: ...on of ZTE CORPORATION 145 WAN Although some WANs are private they are usually deemed as a network for public access WEP WEP Wired Equivalent Privacy is a data encryption mode based on 64bit shared key coding and it is described in the IEEE 802 11b standard ...

Page 146: ......

Page 147: ...Confidential and Proprietary Information of ZTE CORPORATION 147 Tables Table 1 Typographical Conventions xi Table 2 Mouse Operation Conventions xii Table 3 Safety Signs xiii ...

Reviews:

No comments

Related manuals for ZXV10 H11X

Safeline GL1 Quick Manual preview
GL1
Brand: Safeline Pages: 76
Etross ETROSS-8888 User Manual preview
ETROSS-8888
Brand: Etross Pages: 8
RTA 460PSBM-N2EW Product User Manual preview
460PSBM-N2EW
Brand: RTA Pages: 81
Juniper VGW VIRTUAL GATEWAY Datasheet preview
VGW VIRTUAL GATEWAY
Brand: Juniper Pages: 6
Epygi QUADRO E1 Administrator'S Manual preview
QUADRO E1
Brand: Epygi Pages: 87
ADTRAN 834-v6 Quick Start Manual preview
834-v6
Brand: ADTRAN Pages: 8
Logic IO RTCU NX-910 Technical Manual preview
RTCU NX-910
Brand: Logic IO Pages: 45
Acer SX2830 Service Manual preview
SX2830
Brand: Acer Pages: 113
Cisco WIP310 - iPhone Wireless VoIP Phone Quick Installation Manual preview
WIP310 - iPhone Wireless VoIP Phone
Brand: Cisco Pages: 8
Cisco WIP310 - iPhone Wireless VoIP Phone Administration Manual preview
WIP310 - iPhone Wireless VoIP Phone
Brand: Cisco Pages: 276
D-Link DFL-M510 User Manual preview
DFL-M510
Brand: D-Link Pages: 153
D-Link DCH-G020 User Manual preview
DCH-G020
Brand: D-Link Pages: 14
Innoband 6000-B1 User Manual preview
6000-B1
Brand: Innoband Pages: 87
hilscher NIOT-E-TIB100-GB-RE User Manual preview
NIOT-E-TIB100-GB-RE
Brand: hilscher Pages: 263
ActionTec DSL Gateway Quick Start Manual preview
DSL Gateway
Brand: ActionTec Pages: 2
ActiGraph CentrePoint Data Hub User Manual preview
CentrePoint Data Hub
Brand: ActiGraph Pages: 14
2Wire 2000 Series Installation Manual preview
2000 Series
Brand: 2Wire Pages: 30
Fanvil PA3 Quick Installation Manual preview
PA3
Brand: Fanvil Pages: 6

Brands by name

Popular brands

Load more brands