Home
/
ZyXEL Communications
/
AMG1302-T11C
/
User Manual

ZyXEL Communications AMG1302-T11C, User Manual, Page: 167 / 307

Share

Page: 167 / 307

ZyXEL Communications AMG1302-T11C User Manual Download Page 167

Chapter 15 Firewall

AMG1302-T11C User’s Guide

167

Anti-Probing

If an outside user attempts to probe an unsupported port on your AMG1302-T11C, an ICMP
response packet is automatically returned. This allows the outside user to know the AMG1302-T11C
exists. The AMG1302-T11C supports anti-probing, which prevents the ICMP response packet from
being sent. This keeps outsiders from discovering your AMG1302-T11C when unsupported ports are
probed.

ICMP

Internet Control Message Protocol (ICMP) is a message control and error-reporting protocol
between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams,
but the messages are processed by the TCP/IP software and directly apparent to the application
user.

DoS Thresholds

For DoS attacks, the AMG1302-T11C uses thresholds to determine when to drop sessions that do
not become fully established. These thresholds apply globally to all sessions. You can use the
default threshold values, or you can change them to values more suitable to your security
requirements.

15.2 The Firewall General Screen

Use this screen to select the firewall protection level on the AMG1302-T11C. Click

Security >

Firewall > General

to display the following screen.

Figure 82

Security > Firewall > General

«
...
165
166
167
168
169
...
»

Summary of Contents for AMG1302-T11C

Page 1: ...el com AMG1302 T11C Wireless N ADSL2 Gateway Version 3 00 ABCG 0 Edition 1 03 2016 Copyright 2016 ZyXEL Communications Corporation User s Guide Default Login Details LAN IP Address http 192 168 1 1 User Name admin Password 1234 ...

Page 2: ...uct firmware or your computer operating system Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the AMG1302 T11C and access the Web Configurator It contains information on setting up your wireless network More Information Go to support zyxel com to find other information on the AM...

Page 3: ...d 67 Wireless LAN 87 Home Networking 118 Static Route 132 Quality of Service QoS 137 Network Address Translation NAT 148 Port Binding 158 Dynamic DNS Setup 161 Filters 163 Firewall 165 Parental Control 181 Certificate 184 Logs 189 Traffic Status 191 User Account 194 TR 069 Client 195 System Settings 198 Time Setting 199 Log Setting 201 Firmware Upgrade 205 Backup Restore and Reboot 207 Remote Mana...

Page 4: ...14 1 4 2 Wireless Access 14 1 5 LED Lights 15 1 6 Using the WPS Button 16 1 7 The RESET Button 16 1 7 1 Using the Reset Button 17 1 8 Ways to Manage the AMG1302 T11C 17 Chapter 2 Introducing the Web Configurator 18 2 1 Overview 18 2 1 1 Accessing the Web Configurator 18 2 2 The Web Configurator Layout 21 2 2 1 Title Bar 21 2 2 2 Main Window 22 2 2 3 Navigation Panel 22 Chapter 3 Quick Start Wizard...

Page 5: ...ing Port Binding 54 4 10 Configuring QoS to Prioritize Traffic 55 4 11 Access the AMG1302 T11C from the Internet Using DDNS 58 4 11 1 Registering a DDNS Account on www dyndns org 58 4 11 2 Configuring DDNS on Your AMG1302 T11C 59 4 11 3 Testing the DDNS Setting 59 Part II Technical Reference 60 Chapter 5 Connection Status and System Info Screens 61 5 1 Overview 61 5 2 The Connection Status Screen ...

Page 6: ... 3 The More guest AP Screen 94 7 3 1 More guest AP Edit 95 7 4 The MAC Authentication Screen 96 7 4 1 MAC Address Add Edit 97 7 5 The WPS Screen 98 7 6 The WDS Screen 100 7 7 The WMM Screen 101 7 8 The Scheduling Screen 102 7 8 1 Scheduling Rule Add Edit 103 7 9 The Advanced Screen 103 7 10 Wireless LAN Technical Reference 105 7 10 1 Wireless Network Overview 105 7 10 2 Additional Wireless Terms 1...

Page 7: ... 1 What You Can Do in the Static Route Screens 133 9 2 The Static Route Screen 133 9 2 1 Static Route Add Edit 133 9 3 IPv6 Static Route 134 9 3 1 IPv6 Static Route Edit 135 Chapter 10 Quality of Service QoS 137 10 1 Overview 137 10 1 1 What You Can Do in the QoS Screens 137 10 1 2 What You Need to Know About QoS 138 10 2 The Quality of Service General Screen 138 10 3 The Queue Screen 139 10 3 1 A...

Page 8: ...156 Chapter 12 Port Binding 158 12 1 Overview 158 12 1 1 What You Can Do in the Port Binding Screens 159 12 2 The Port Binding Screen 159 12 2 1 Port Binding Summary Screen 160 Chapter 13 Dynamic DNS Setup 161 13 1 Overview 161 13 1 1 What You Can Do in the DDNS Screen 161 13 1 2 What You Need To Know About DDNS 161 13 2 The Dynamic DNS Screen 161 Chapter 14 Filters 163 14 1 Overview 163 14 1 1 Wh...

Page 9: ...tal Control 181 16 1 Overview 181 16 2 The Parental Control Screen 181 16 2 1 Add Edit Parental Control Rule 182 Chapter 17 Certificate 184 17 1 Overview 184 17 1 1 What You Can Do in this Chapter 184 17 2 What You Need to Know 184 17 3 Local Certificates 184 17 4 The Trusted CA Screen 186 17 5 Trusted CA Import 187 17 6 View Certificate 188 Chapter 18 Logs 189 18 1 Overview 189 18 1 1 What You Ca...

Page 10: ...er 23 Time Setting 199 23 1 Overview 199 23 2 The Time Setting Screen 199 Chapter 24 Log Setting 201 24 1 Overview 201 24 2 The Log Setting Screen 201 24 2 1 Example E mail Log 204 Chapter 25 Firmware Upgrade 205 25 1 Overview 205 25 2 The Firmware Screen 205 Chapter 26 Backup Restore and Reboot 207 26 1 Overview 207 26 2 The Backup Restore Screen 207 26 3 The Reboot Screen 209 Chapter 27 Remote M...

Page 11: ...28 2 The General Screen 217 28 3 The DSL Line Screen 218 Chapter 29 Troubleshooting 220 29 1 Power Hardware Connections and LEDs 220 29 2 AMG1302 T11C Access and Login 221 29 3 Internet Access 223 Appendix A Customer Support 225 Appendix B Setting up Your Computer s IP Address 231 Appendix C IP Addresses and Subnetting 251 Appendix D Pop up Windows JavaScripts and Java Permissions 259 Appendix E W...

Page 12: ...12 PART I User s Guide ...

Page 13: ...r used to remotely configure your device 1 3 Good Habits for Managing the AMG1302 T11C Do the following things regularly to make the AMG1302 T11C more secure and to manage the AMG1302 T11C more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it in a safe place Back...

Page 14: ...tering feature to block access to specific web sites or Internet applications such as MSN or Yahoo Messenger You can also configure IP MAC filtering rules for incoming or outgoing traffic Use QoS to efficiently manage traffic on your network by giving priority to certain types of traffic and or to particular computers For example you could make sure that the AMG1302 T11C gives voice over Internet ...

Page 15: ... WLAN Green On The wireless network is activated Blinking The AMG1302 T11C is communicating with other wireless clients Off The wireless network is not activated WPS Green Blinking The AMG1302 T11C is setting up a WPS connection On The WPS connection is successfully made The LED turns off after two minuters Off WPS is disabled DSL Green On The DSL line is up Blinking The AMG1302 T11C is initializi...

Page 16: ...on on another WPS enabled device within range of the AMG1302 T11C The WPS LED should flash while the AMG1302 T11C sets up a WPS connection with the other wireless device 4 Once the connection is successfully made the WPS LED becomes static green and turns off after two minutes 1 7 The RESET Button If you forget your password or cannot access the web configurator you will need to use the RESET butt...

Page 17: ...nds or until the POWER LED begins to blink and then release it When the POWER LED begins to blink the defaults have been restored and the device restarts 1 8 Ways to Manage the AMG1302 T11C Use any of the following methods to manage the AMG1302 T11C Web Configurator This is recommended for everyday management of the AMG1302 T11C using a supported web browser FTP for firmware upgrades and configura...

Page 18: ... up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default See Appendix D on page 259 if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Configurator 1 Make sure your AMG1302 T11C hardware is properly connected refer to the Quick Start Guide 2...

Page 19: ... screen displays if you have not yet changed your password It is strongly recommended you change the default password Enter a new password retype it to confirm and click Apply Figure 5 Change Password Screen 6 The Quick Start Wizard screen appears You can configure basic Internet access and wireless settings See Chapter 3 on page 25 for more information 7 After you finished or closed the Quick Sta...

Page 20: ...ntroducing the Web Configurator AMG1302 T11C User s Guide 20 Figure 6 Connection Status 8 Click System Info to display the System Info screen where you can view the AMG1302 T11C s interface and system information ...

Page 21: ... System Info to show the following screen Figure 7 Web Configurator Layout Screen As illustrated above the main screen is divided into these parts A title bar B main window C navigation panel 2 2 1 Title Bar The title bar shows the following icon in the upper right corner Click this icon to log out of the web configurator A B C ...

Page 22: ... this screen to configure ISP parameters WAN IP address assignment DNS servers and other advanced properties More Connections Use this screen to configure additional WAN connections This screen is not available when the Line Type is set to Ethernet ETH1 in the Internet Connection screen Wireless General Use this screen to turn the wireless connection on or off specify the SSID s and configure the ...

Page 23: ...tivate NAT Port Forwarding Use this screen to make your local servers visible to the outside world DMZ Use this screen to configure a default server which receives packets from ports that are not specified in the Port Forwarding screen ALG Use this screen to enable or disable SIP ALG Port Binding Port Binding Use this screen to activate deactivate port binding configure and view port binding group...

Page 24: ...m System Use this screen to configure management inactivity time out setting Time Setting Time Setting Use this screen to change your AMG1302 T11C s time and date Log Setting Log Setting Use this screen to select which logs and or immediate alerts your device is to record You can also set it to e mail the logs to you Firmware Upgrade Firmware Upgrade Use this screen to upload firmware to your devi...

Page 25: ...utomatically after login Or you can click the Wizard icon in the top right corner of the web configurator to open the quick start screens 2 Select the time zone of your location Click Next Figure 8 Wizard Welcome 3 Enter your Internet access information in the wizard screen exactly as your service provider gave it to you Leave the defaults in any fields for which you were not given information The...

Page 26: ...list box either VC based or LLC based VPI Enter the Virtual Path Identifier VPI assigned to you This field may already be configured VCI Enter the Virtual Channel Identifier VCI assigned to you This field may already be configured IP Address Enter the IP address of the AMG1302 T11C Default Gateway Enter the default gateway of the ZyXEL Device Primary DNS Server Enter the primary DNS server IP addr...

Page 27: ...ic IP information from your Internet service provider Enter your Internet access information exactly as your service provider gave it to you IP Address Enter the IP address of the AMG1302 T11C Subnet Mask Enter the subnet mask in dotted decimal notation Refer to the appendix to calculate a subnet mask if you are implementing subnetting Default Gateway You must specify a gateway IP address supplied...

Page 28: ...rom the Multiplex drop down list box either VC based or LLC based VPI Enter the Virtual Path Identifier VPI assigned to you This field may already be configured VCI Enter the Virtual Channel Identifier VCI assigned to you This field may already be configured IP Address Enter the IP address of the AMG1302 T11C Primary DNS Server Enter the primary DNS server IP address for the AMG1302 T11C Secondary...

Page 29: ...ethod used by your ISP from the Multiplex drop down list box either VC based or LLC based VPI Enter the Virtual Path Identifier VPI assigned to you This field may already be configured VCI Enter the Virtual Channel Identifier VCI assigned to you This field may already be configured Select Yes to enter specific IP information from your Internet service provider Enter your Internet access informatio...

Page 30: ... or disable the wireless service on the ZyXEL device Wireless Network Name SSID Enter a descriptive name up to 32 printable 7 bit ASCII characters for the wireless LAN If you change this field on the AMG1302 T11C make sure all wireless stations use the same SSID in order to access the network Channel Selection The range of radio frequencies used by IEEE 802 11b g wireless devices is called a chann...

Page 31: ...gate to www zyxel com Internet access is just the beginning Refer to the rest of this guide for more detailed information on the complete range of AMG1302 T11C features If you cannot access the Internet open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct ...

Page 32: ...ing DDNS see page 58 4 2 Setting Up Your DSL Connection This tutorial shows you how to set up your Internet connection using the web configurator If you connect to the Internet through a DSL connection use the information from your Internet Service Provider ISP to configure the AMG1302 T11C Do the following steps 1 Connect the AMG1302 T11C properly Refer to the Quick Start Guide for details on the...

Page 33: ... General Mode Router Encapsulation PPPoE User Name 1234 DSL Ex com Password ABCDEF Service Name My DSL Multiplex LLC IPv6 IPv4 Dual Stack Enabled PPP Authentication Auto VPI 0 VCI 33 Others IP Address Obtain IP Address Automatically DNS Server Obtained From ISP IPv6 Address Obtain IPv6 Address Automatically DHCP IPv6 DHCP DHCP PD Enable WAN Identifier Type EUI64 ...

Page 34: ...Chapter 4 Tutorials AMG1302 T11C User s Guide 34 Go to Network Setting Broadband enter or select these values and click Apply This completes your DSL WAN connection setting ...

Page 35: ...MG1302 T11C pass the WAN prefix to LAN hosts The LAN hosts can then use the prefix to generate their IPv6 addresses 4 4 Setting Up a Secure Wireless Network Thomas wants to set up a wireless network so that he can use his notebook to access the Internet In this wireless network the AMG1302 T11C serves as an access point AP and the notebook is the wireless client The wireless client can access the ...

Page 36: ...mpted for a key use the Pre Shared Key configured here 1 Click Network Setting Wireless to open the General screen Configure the screen using the provided parameters see page 36 Click Apply 2 Click Network Setting Wireless Advanced and make sure 802 11b g n is selected in the 802 11 Mode field Click Apply SSID SecureWirelessNetwork Security Mode WPA2 PSK Pre Shared Key DoNotStealMyWirelessNetwork ...

Page 37: ...eless client settings Push Button Configuration PBC simply press a button This is the easier of the two methods PIN Configuration configure a Personal Identification Number PIN on the AMG1302 T11C A wireless client must also use the same PIN in order to download the wireless network settings from the AMG1302 T11C Push Button Configuration PBC 1 Make sure that your AMG1302 T11C is turned on and you...

Page 38: ...minutes of pressing the first one The AMG1302 T11C sends the proper configuration settings to the wireless client This may take up to two minutes The wireless client is then able to communicate with the AMG1302 T11C securely The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both AMG1302 T11C and wireless client ...

Page 39: ...web config ur at or and the wireless client s utility 1 Launch your wireless client s configuration utility Go to the WPS settings and select the PIN method to get a PIN number 2 Enter the PIN number in the PIN section in the Network Setting Wireless WPS screen on the AMG1302 T11C Wireless Client The Device SECURITY INFO COMMUNICATION WITHIN 2 MINUTES Press and hold for 5 seconds ...

Page 40: ...screen within two minutes The AMG1302 T11C authenticates the wireless client and sends the proper configuration settings to the wireless client This may take up to two minutes The wireless client is then able to communicate with the AMG1302 T11C securely The following figure shows you how to set up a wireless network and its security on a AMG1302 T11C and a wireless client by using PIN method ...

Page 41: ...es how to connect wirelessly to your AMG1302 T11C The connection procedure is shown here using Windows XP as an example 1 Right click the wireless adapter icon which appears in the bottom right of your computer monitor Click View Available Wireless Networks Authentication by PIN SECURITY INFO WITHIN 2 MINUTES Wireless Client The Device COMMUNICATION ...

Page 42: ...ID SecureWirelessNetwork is given here as an example Tutorial Status 3 You are prompted to enter a password Enter it and click Connect Tutorial Status 4 You may have to wait several minutes while your computer connects to the wireless network 5 You should now be securely connected wirelessly to the AMG1302 T11C Tutorial Status A ...

Page 43: ...nfiguring the MAC Address Filter for Restricting Wireless Internet Access Thomas noticed that his daughter Josephine spends too much time surfing the web and downloading media files He decided to prevent Josephine from accessing the Internet so that she can concentrate on preparing for her final exams Josephine s computer connects wirelessly to the Internet through the AMG1302 T11C Thomas can deny...

Page 44: ... wirelessly through the AMG1302 T11C 4 6 Setting Up NAT Forwarding for a Game Server Thomas manages a Doom server on a computer behind the AMG1302 T11C In order for players on the Internet like A in the figure below coming through the default WAN connection PVC0 to communicate with the Doom server Thomas can use port forwarding C ipconfig all Ethernet adapter Wireless Network Connection Media Stat...

Page 45: ...ettings for the Doom server computer see Section 11 3 on page 150 for more information 1 Activate NAT in the Network Setting NAT General screen Click Apply 2 Click Network Setting NAT Port Forwarding Select PVC0 as the WAN interface and click Add new rule 3 Configure the screen with the following values The screen should look as follows Click Apply D 192 168 1 34 WAN LAN port 666 A Service Name Se...

Page 46: ...he Internet then can have access to Thomas Doom server 4 7 Configuring Firewall Rules to Allow a Specified Service By default the firewall will block traffic originating from the WAN 1 However if you are running a server or other service you may need to allow access from the WAN 2 The following tutorial will show how to allow traffic from WAN to LAN if it matches a specified port number E X A M P ...

Page 47: ...es tab In the Packet Direction field select WAN to LAN and click Add Tutorial Advanced QoS Queue Setup 3 The Add New Firewall Rule screen will appear Click the Edit Customized Services button to access the following screen Click Add and configure the following settings In this tutorial a hypothetical port 123 is allowed Click OK WAN LAN 1 2 A Service Name My_Service Service Type TCP Port Number 12...

Page 48: ...2 T11C User s Guide 48 Tutorial Advanced QoS Queue Setup 4 In the Add New Firewall Rule screen select Active In the Available Services field select the service you configured My_Service Click OK Tutorial Advanced QoS Queue Setup ...

Page 49: ...s how to configure a static routing rule for two network routings In the following figure router R is connected to the AMG1302 T11C s LAN R connects to two networks N1 192 168 1 x 24 and N2 192 168 10 x 24 If you want to send traffic from computer A in N1 network to computer B in N2 network the traffic is sent to the AMG1302 T11C s WAN default gateway by default In this case B will never receive t...

Page 50: ...ute screen 4 Configure the Static Route Setup screen using the following settings 4a Type 192 168 10 0 and subnet mask 255 255 255 0 for the destination N2 4b Select Enable and type 192 168 1 253 R s N1 address in the Gateway IP Address field 4c Enter 1 in the Metric field Table 8 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The AMG1302 T11C s WAN 172 16 1 1 The AMG1302 T11C s LAN 192 1...

Page 51: ...S settings are also configured for another WAN PVC for non time sensitive data traffic 4 9 1 Configuring ATM QoS for Multiple WAN Connections This example shows an application for multiple WAN connections with different ATM QoS Settings More than one WAN connection on the AMG1302 T11C may be configured to record traffic statistics or calculate service charges Three WAN connections are configured o...

Page 52: ...Chapter 4 Tutorials AMG1302 T11C User s Guide 52 To configure bandwidth for the data connection select UBR with PCR in the ATM QoS Type field Click Apply E X A M P L E ...

Page 53: ...943 divide the bandwidth 400000 bps by 424 Click Apply to save the settings To configure variable bandwidth of 2 Mbps for MOD data connection select Realtime VBR in the ATM QoS Type field Set the Peak Cell Rate as 4717 divide the bandwidth 2mbps by 424 and set both the Sustain Cell Rate and Maximum Burst Size as 4716 which is less than the peak cell rate Click Apply to save the settings ...

Page 54: ...so traffic from these ports is forwarded through specific WAN PVCs In the configuration shown below the WAN connections set up in the previous section are bound as follows 1 Access the port binding screen by clicking Network Setting Port Binding and select Activated Port Binding to turn on the port binding feature 2 Click the Port Binding tab specify the Group Index and select the ports to include...

Page 55: ... day Your colleagues use the Internet for research as well as chat applications for communicating with other branch offices In the following figure you want to configure QoS so that e mail traffic gets the highest priority You can do the following Configure a queue to assign the highest priority queue 1 to e mail traffic from the LAN interface so that e mail traffic would not get delayed when ther...

Page 56: ... Active and give it a name Queue1 in this example Select WAN in the Interface field and 1 in the Priority and Weight fields Then click OK Tutorial Advanced QoS Queue Setup 4 Go to Network Setting QoS Class Setup and click Add new Classifier 5 Select Active and follow the settings as shown in the screen below Then click OK Note that you have to select TCP in the IP Protocol field first then you can...

Page 57: ...Chapter 4 Tutorials AMG1302 T11C User s Guide 57 Tutorial Advanced QoS Class Setup ...

Page 58: ...This tutorial shows you how to Registering a DDNS Account on www dyndns org Configuring DDNS on Your AMG1302 T11C Testing the DDNS Setting Note If you have a private WAN IP address then you cannot use DDNS 4 11 1 Registering a DDNS Account on www dyndns org 1 Open a browser and type http www dyndns org 2 Apply for a user account This tutorial uses UserName1 and 12345 as the username and password I...

Page 59: ...1C later 4 11 2 Configuring DDNS on Your AMG1302 T11C Configure the following settings in the Network Setting Dynamic DNS screen Select Active Dynamic DNS Select www dyndns org in the Service Provider field Type zyxelrouter dyndns org in the Host Name field Enter the user name UserName1 and password 12345 Click Apply 4 11 3 Testing the DDNS Setting Now you should be able to access the AMG1302 T11C...

Page 60: ...60 PART II Technical Reference ...

Page 61: ...o look at the current status of the device system resources and interfaces LAN WAN WLAN 5 2 The Connection Status Screen Use this screen to view the network connection status of the device and its clients A warning message appears if there is a connection problem If you prefer to view the status in a list click List View in the Viewing mode selection box You can configure how often you want the AM...

Page 62: ...Figure 16 Connection Status List View In Icon View if you want to view information about a client click the client s name and then click on Info In List View you can also view the client s information 5 3 The System Info Screen Click Connection Status System Info to open this screen ...

Page 63: ...in the following table Table 10 System Info Screen LABEL DESCRIPTION Refresh Interval Select how often you want the AMG1302 T11C to update this screen from the drop down list box Device Information Host Name This field displays the AMG1302 T11C system name It is used for identification Model Name This is the model name of your device ...

Page 64: ...IPv6 Gateway This is the IPv6 address of the default gateway if applicable IPv6 WAN DNS1 2 This is the primary secondary DNS server IPv6 address assigned to the AMG1302 T11C Link Local Address This is the link local address assigned to the AMG1302 T11C within the LAN IPv4 IPv6 MTU This is the MTU Maximum Transmission Unit for IPv4 and IPv6 packets passing through the WAN interface VPI VCI This is ...

Page 65: ...rface the AMG1302 T11C has Status This field indicates whether or not the AMG1302 T11C is using the interface For the DSL interface this field displays Down line is down Up line is up or connected Initializing line is initializing Establishing Link line is establishing a link if you re using Ethernet encapsulation and Down line is down Up line is up or connected Idle line ppp idle Dial starting to...

Page 66: ...t percentage of the AMG1302 T11C s memory is currently used Usually this percentage should not increase much If memory usage does get close to 100 and remains like that for a high period of time the AMG1302 T11C may become unstable and you should restart it See Chapter 26 on page 209 or turn off the device unplug the power for a few seconds DSL Down Bandwidth Usage This field displays what percent...

Page 67: ...n the AMG1302 T11C for Internet access Use the More Connections screen Section 6 3 on page 76 to set up additional Internet access connections 6 1 2 What You Need to Know About WAN Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol To set up a WAN connection to the Internet you need to use the same encapsulation method used by your I...

Page 68: ...sed to establish membership in a Multicast group it is not used to carry user data There are three versions of IGMP IGMP version 2 and 3 are improvements over version 1 but IGMP version 1 is still in wide use IPv6 IPv6 Internet Protocol version 6 is designed to increase IP address space and enhance features The AMG1302 T11C supports IPv4 IPv6 dual stack and can connect to IPv4 and IPv6 networks Se...

Page 69: ...Chapter 6 Broadband AMG1302 T11C User s Guide 69 Figure 19 Network Setting Broadband Internet Connection Auto Sync Up ...

Page 70: ...Chapter 6 Broadband AMG1302 T11C User s Guide 70 Figure 20 Network Setting Broadband Internet Connection Ethernet ETH1 ...

Page 71: ...TU G 992 5 Annex M ADSL2 24 Mbit s downstream 3 5 Mbit s upstream This field is not available if you select Ethernet ETH1 in the Type field General Mode Select Router default from the drop down list box if your ISP gives you one IP address only and you want multiple computers to share an Internet account Select Bridge when your ISP provides you more than one IP address and you want the connected c...

Page 72: ...he DSL port Default while EtherWAN users must connect an RJ45 cable into LAN port 1 802 1Q VLAN ID The valid range for the VLAN ID as assinged by your provider is 5 to 4094 IP Address Obtain an IP Address Automatically Static IP Address This option is available if you select Router in the Mode field A static IP address is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP...

Page 73: ...se the WAN interface of this connection as the system default gateway DNS Server This section is not available when you select Bridge in the Mode field Primary DNS Server Secondary DNS Server Select Obtained From ISP to have the AMG1302 T11C get the DNS server addresses from the ISP automatically Select UserDefined if you have the IP address of a DNS server Enter the DNS server s IP address in the...

Page 74: ...entify the WAN interface The WAN Identifier is appended to the IPv6 address prefix to create the routable global IPv6 address Select EUI64 to use the EUI 64 format to generate an interface ID from the MAC address of the WAN interface WAN Identifier If you selected Manual enter the WAN Identifier in this field The WAN identifier should be unique and 64 bits in hexadecimal form Every 16 bit block sh...

Page 75: ... group The AMG1302 T11C supports IGMP v1 IGMP v2 and IGMP v3 Select None to disable it MLD Proxy Select the version of MLD proxy v1 or v2 to have the AMG1302 T11C act as for this connection This allows the AMG1302 T11C to get subscription information and maintain a joined member list for each multicast group It can reduce multicast traffic significantly Select None to turn off MLD proxy ATM QoS AT...

Page 76: ...lls that can be sent at the peak rate Type the MBS which is less than 65535 PPPoE Passthrough If encapsulation type is PPPoE select this to enable PPPoE Passthrough In addition to the Device s built in PPPoE client you can select this to allow hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the device Each host can have a separate account and a public WAN...

Page 77: ... Identifier VCI numbers configured for this WAN connection Encapsulation This field indicates the encapsulation method of the Internet connection Default Route Enable This field displays whether the AMG1302 T11C use the WAN interface of this connection as the system default gateway Modify The first ISP connection is read only in this screen Use the Broadband Internet Connection screen to edit it C...

Page 78: ...eral Active Select the check box to activate or clear the check box to deactivate this connection Node Name Enter a unique descriptive name of up to 13 ASCII characters for this connection Mode Select Router from the drop down list box if your ISP allows multiple computers to share an Internet account If you select Bridge the AMG1302 T11C will forward any packet that it does not route to this remo...

Page 79: ...lect IPv6 if you want the AMG1302 T11C to run IPv6 only This field is not available when you select IPoA in the Encapsulation field PPP Authentication The AMG1302 T11C supports PAP Password Authentication Protocol and CHAP Challenge Handshake Authentication Protocol CHAP is more secure than PAP however PAP is readily available on more platforms Use the drop down list box to select an authenticatio...

Page 80: ...s 1 the AMG1302 T11C will indicate to hosts to obtain DNS information and LAN prefix through DHCPv6 If O flag is 0 the AMG1302 T11C will not get information through DHCPv6 DHCP PD Select Enable to use DHCP PD Prefix Delegation to allow the AMG1302 T11C to pass the IPv6 prefix information to its LAN hosts The hosts can then use the prefix to generate their IPv6 addresses Connection PPPoA and PPPoE ...

Page 81: ...nd RIP2 M Multicast Internet Group Multicast Protocol IGMP is a network layer protocol used to establish membership in a multicast group The AMG1302 T11C supports IGMP v1 IGMP v2 and IGMP v3 Select None to disable it ATM QoS ATM QoS Type Select CBR Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select UBR with PCR Unspecified Bit Rate for applications that are n...

Page 82: ... For the service provider PPPoE offers an access and authentication method that works with existing access control systems for example RADIUS One of the benefits of PPPoE is the ability to let you access one of multiple network services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Maximum Burst Size Maxim...

Page 83: ...ate ATM virtual circuit VC based multiplexing Please refer to RFC 1483 for more detailed information 6 4 2 Multiplexing There are two conventions to identify what protocols the virtual circuit VC is carrying Be sure to use the multiplexing method required by your ISP VC based Multiplexing In this case by prior mutual agreement each protocol is assigned to a specific virtual circuit for example VC1...

Page 84: ... does two things when you specify a nailed up connection The first is that idle timeout is disabled The second is that the AMG1302 T11C will try to bring up the connection when turned on and whenever the connection is down A nailed up connection can be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a const...

Page 85: ... Constant Bit Rate CBR provides fixed bandwidth that is always available even if no data is being sent CBR traffic is generally time sensitive doesn t tolerate delay CBR is used for connections that continuously require a specific amount of bandwidth A PCR is specified and if traffic exceeds this rate cells may be dropped Examples of connections that need CBR would be high resolution video and voi...

Page 86: ...affic typical on LANs PCR and MBS define the burst levels SCR defines the minimum level An example of an VBR nRT connection would be non time sensitive data file transfers Unspecified Bit Rate UBR The Unspecified Bit Rate UBR ATM traffic class is for bursty data transfers However UBR doesn t guarantee any bandwidth and only delivers traffic when the network has spare bandwidth An example applicati...

Page 87: ...4 to set up multiple wireless networks on your AMG1302 T11C Use the MAC Authentication screen to allow or deny wireless clients based on their MAC addresses from connecting to the AMG1302 T11C Section 7 4 on page 96 Use the WPS screen see Section 7 5 on page 98 to enable or disable WPS generate a security PIN Personal Identification Number and see information about the AMG1302 T11C s WPS status Us...

Page 88: ...network support IEEE 802 11g for example What is the most appropriate standard to use What security options do the other wireless devices in your network support WPA PSK for example What is the strongest security option supported by all the devices in your network Do the other wireless devices in your network support WPS Wi Fi Protected Setup If so you can set up a well secured network very easily...

Page 89: ... have the same SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool Client Isolation Select this to keep the wireless clients in this SSID from communicating with each other through the AMG1302 T11C MBSSID LAN...

Page 90: ...rrently using Enhanced Multicast Forwarding Select Enable to allow the AMG1302 T11C to convert wireless multicast traffic into wireless unicast traffic Max Upstream Bandwidth Specify the maximum rate for upstream wireless traffic to the WAN from this WLAN in kilobits per second Kbps Max Downstream Bandwidth Specify the maximum rate for downstream wireless traffic to this WLAN from the WAN in kilob...

Page 91: ...select Basic as the security level Figure 28 Wireless General Basic WEP The following table describes the wireless LAN security labels in this screen Table 17 Wireless General Basic WEP LABEL DESCRIPTION Security Level Select Basic to enable WEP data encryption Security Mode This shows WEP when you set Security Level to Basic Generate password automatically Select this option to have the AMG1302 T...

Page 92: ... 29 Wireless General More Secure WPA 2 PSK The following table describes the wireless LAN security labels in this screen Table 18 Wireless General More Secure WPA 2 PSK LABEL DESCRIPTION Security Level Select More Secure to enable WPA 2 PSK data encryption Security Mode Select WPA PSK or WPA2 PSK from the drop down list box Pre Shared Key The encryption mechanisms used for WPA 2 and WPA 2 PSK are ...

Page 93: ...le with older devices Click Network Setting Wireless to display the General screen Select More Secure as the security level Then select WPA or WPA2 from the Security Mode list Figure 30 Wireless General More Secure WPA 2 Group Key Update Timer The Group Key Update Timer is the rate at which the RADIUS server sends a new group key out to all clients Encryption This field displays the encryption typ...

Page 94: ...ers as the key to be shared between the external authentication server and the AMG1302 T11C The key must be the same on the external authentication server and your AMG1302 T11C The key is not sent over the network More hide Click More to show more fields in this section Click hide to hide them ReAuthentication Timer Enter how often the external authentication server requires a connected wireless c...

Page 95: ...hat this SSID is active A gray bulb signifies that this SSID is not active SSID An SSID profile is the set of parameters relating to one of the AMG1302 T11C s BSSs The SSID Service Set IDentifier identifies the Service Set with which a wireless device is associated This field displays the name of the wireless profile on the network When a wireless client scans for an AP to associate with this is t...

Page 96: ...r home and external clients Select the WLAN type in the Access Scenario field Access Scenario If you select Home Guest clients connecting to the same SSID can communicate with each other directly If you select External Guest clients are blocked from connecting to each other directly Max Upstream Bandwidth Specify the maximum rate for upstream wireless traffic to the WAN from this WLAN in kilobits ...

Page 97: ... want to configure MAC filter settings MAC Restrict Mode Define the filter action for the list of MAC addresses in the MAC address table Select Disable to turn off MAC filtering Select Allow to permit access to the AMG1302 T11C MAC addresses not listed will be denied access to the AMG1302 T11C Select Deny to block access to the AMG1302 T11C MAC addresses not listed will be allowed to access the AM...

Page 98: ...ngs configured in the General screen see Section 7 2 on page 88 If you want to use the WPS feature make sure you have set the security mode to WPA PSK WPA2 PSK or No Security Click Network Setting Wireless WPS The following screen displays Select Enable and click Apply to activate the WPS function Then you can configure the WPS settings in this screen Table 23 Network Setting Wireless MAC Authenti...

Page 99: ...ss network This button may either be a physical button on the outside of device or a menu button similar to the WPS button on this screen Note You must press the other wireless device s WPS button within two minutes of pressing this button Method 2 PIN Use this section to set up a WPS wireless network by entering the PIN of the client into the AMG1302 T11C Register Enter the PIN of the device that...

Page 100: ...button method Click the Generate New PIN button to have the AMG1302 T11C create a new PIN Status This displays Configured when the AMG1302 T11C has connected to a wireless network using WPS or Enable WPS is selected and wireless or wireless security settings have been changed The current wireless and wireless security settings also appear in the screen This displays Unconfigured if WPS is disabled...

Page 101: ...tion is available only when you set the security mode to WPA 2 or WPA 2 PSK in the Wireless General screen TKIP Select this to use TKIP Temporal Key Integrity Protocol encryption AES Select this to use AES Advanced Encryption Standard encryption This is the index number of the individual WDS link Active Select this to activate the link between the AMG1302 T11C and the peer device to which this ent...

Page 102: ...es high priority to voice and video which makes them run more smoothly Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 27 Network Setting Wireless Scheduling LABEL DESCRIPTION WLAN Power Off Scheduling Select Enable or Disable to activate or deactivate wireless LAN scheduling on your AMG1302 T11C Add New Rule Click this button to create a ...

Page 103: ...ify Click Edit to configure the rule Clcik Delete to remove the rule Apply Click this to save your changes Cancel Click this to restore your previously saved settings Table 27 Network Setting Wireless Scheduling LABEL DESCRIPTION Table 28 Network Setting Wireless Scheduling Add New Rule Edit LABEL DESCRIPTION Rule Name Enter a descriptive name for identification purposes You can enter up to 15 alp...

Page 104: ... the AMG1302 T11C Select 802 11g to allow only IEEE 802 11g compliant WLAN devices to associate with the AMG1302 T11C Select 802 11b g to allow either IEEE 802 11b or IEEE 802 11g compliant WLAN devices to associate with the AMG1302 T11C The transmission rate of your AMG1302 T11C might be reduced Select 802 11n to allow only IEEE 802 11n compliant WLAN devices to associate with the AMG1302 T11C Se...

Page 105: ...borhood or the wireless clients do not support channel bonding This field is available only when you set the 802 11 Mode to 802 11n 802 11g n or 802 11b g n E mail notification when the wireless guest visit Enable E mail notification Select this to have the AMG1302 T11C e mail you a notification when a wireless client is connected to the wireless network SMTP Authentication Select this check box i...

Page 106: ...ork devices A and B use the access point AP to interact with the other devices such as the printer or with the Internet Your AMG1302 T11C is the AP Every wireless network must follow these basic guidelines Every device in the same wireless network must use the same SSID The SSID is the name of the wireless network It stands for Service Set IDentifier If two wireless networks overlap they should us...

Page 107: ...network Second they encrypt This means that the information sent over the air is encoded Only people with the code key can understand the information and only people who have been authenticated are given the code key These security standards vary in effectiveness Some can be broken such as the old Wired Equivalent Protocol WEP Using WEP is better than using no security at all but it will not keep ...

Page 108: ...er to tell the AMG1302 T11C which devices are allowed or not allowed to use the wireless network If a device is allowed to use the wireless network it still has to have the correct information SSID channel and security If a device is not allowed to use the wireless network it does not matter if it has the correct information This type of security does not protect the information that is sent in th...

Page 109: ...le for unauthorized wireless devices to figure out the original information pretty quickly When you select WPA2 or WPA2 PSK in your AMG1302 T11C you can also select an option WPA compatible to support WPA as well In this case if some of the devices support WPA and some support WPA2 you should set up WPA2 PSK or WPA2 depending on the type of wireless network login and select the WPA compatible opti...

Page 110: ...MBSSID Traditionally you need to use different APs to configure different Basic Service Sets BSSs As well as the cost of buying extra APs there is also the possibility of channel interference The AMG1302 T11C s MBSSID Multiple Basic Service Set IDentifier function allows you to use one access point to provide several BSSs simultaneously You can then assign varying QoS priorities and or security mo...

Page 111: ... secure wireless network WPS is an industry standard specification defined by the WiFi Alliance WPS allows you to quickly set up a wireless network with strong security without having to configure security settings manually Each WPS connection works between two devices Both devices must support WPS check each device s documentation to make sure Depending on the devices you have you can either pres...

Page 112: ...you must enter the PIN from one device usually the wireless client into the second device usually the Access Point or wireless router Then when WPS is activated on the first device it presents its PIN to the second device If the PIN matches one device sends the network and security information to the other allowing it to join the network Take the following steps to set up a WPS connection between ...

Page 113: ...and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the registrar is already part of a network it sends the existing information If not it generates the SSID and WPA 2 PSK r...

Page 114: ... security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has connected to another device using WPS it becomes configured A configured wireless client can still act as enrollee or registrar in subsequent WPS connections but a configured access point can no longer act as enrollee It will be the registrar in all subsequent WPS connections in which it is involve...

Page 115: ... registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 Figure 47 WPS Example Network Step 2 In step 3 you add another access point AP2 to your network AP2 is out of range of AP1 so you cannot use AP1 for the WPS handshake with the new access point However you know that Client 2 supports the registrar function...

Page 116: ...A PSK or WPA2 PSK depends on the device You can check the configuration interface of the registrar device to discover the key the network is using if the device supports this feature Then you can enter the key into the non WPS device and join the network as normal the non WPS device must also support WPA PSK or WPA2 PSK When you use the PBC method there is a short period from the moment you press ...

Page 117: ...or was not involved in the WPS handshake a rogue device must still associate with the access point to gain access to the network Check the MAC addresses of your wireless clients usually printed on a label on the bottom of the device If there is an unknown MAC address you can remove it or reset the AP ...

Page 118: ...en to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Section 8 3 on page 122 Use the IP Alias screen Section 8 4 on page 123 to change your AMG1302 T11C s IP alias settings Use the UPnP screen to enable UPnP and UPnP NAT traversal on the AMG1302 T11C Section 8 5 on page 124 Use the IPv6 LAN Setup screen Section 8 6 on page 124 to configure the IPv6 set...

Page 119: ...AT Traversal UPnP NAT traversal automates the process of allowing an application to operate through NAT UPnP network devices can automatically configure network addressing announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions NAT traversal allows the following Dynamic port mapping Learning public IP addresses Assigning lease tim...

Page 120: ...7 on page 128 for technical background information on LANs 8 1 3 Before You Begin Find out the MAC addresses of your network devices if you intend to add them to the DHCP Client List screen 8 2 The LAN Setup Screen Use this screen to set the Local Area Network IP address subnet mask and advanced networking settings such as RIP multicast of your AMG1302 T11C Click Network Setting Home Networking to...

Page 121: ...P2 B RIP2 M Direction Use this field to control how much routing information the AMG1302 T11C sends and receives on the subnet Select the RIP Direction from None Both IN Only and OUT Only Multicast IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a multicast group The AMG1302 T11C supports IGMP v1 IGMP v2 IGMP v3 Select None to disable it IGMP Snoo...

Page 122: ...NS queries to a DNS server for resolving domain names Select None if you do not want to configure DNS servers Apply Click this to save your changes Cancel Click this to restore your previously saved settings Table 32 Network Setting Home Networking LAN Setup LABEL DESCRIPTION Table 33 Network Setting Home Networking Static DHCP LABEL DESCRIPTION Add new static lease Click this to add a new static ...

Page 123: ...1302 T11C itself as the gateway for the LAN network When you use IP alias you can also configure firewall rules to control access to the LAN s logical network subnet 8 4 1 Configuring the LAN IP Alias Screen Use this screen to change your AMG1302 T11C s IP alias settings Click Network Setting Home Networking IP Alias to open the following screen Figure 52 Network Setting Home Networking IP Alias T...

Page 124: ...en Use this screen to configure the IPv6 settings for your AMG1302 T11C s LAN interface See Appendix F on page 279 for background information about IPv6 Table 35 Network Setting Home Networking IP Alias LABEL DESCRIPTION IP Alias Select Enable to configure a LAN network for the AMG1302 T11C IP Address Enter the IP address of your AMG1302 T11C in dotted decimal notation IP Subnet Mask Type the subn...

Page 125: ...Type Select Manual to manually enter a link local address Select EUI64 to use the EUI 64 format to generate a link local address from the Ethernet MAC address IPv6 Address If you selected Manual in the Link Local Address Type field enter the LAN IPv6 address you want to assign to your AMG1302 T11C in hexadecimal notation for example fe80 1 factory default Prefix Enter the address prefix to specify...

Page 126: ...or the LAN IPv6 address Prefix length If you select static IPv6 address enter the IPv6 prefix length that the AMG1302 T11C uses to generate the LAN IPv6 address An IPv6 prefix length specifies how many most significant bits starting from the left in the address compose the network address This field displays the bit number of the IPv6 subnet mask Preferred Lifetime Enter the preferred lifetime for...

Page 127: ...ttings through DHCPv6 Clear this to have the AMG1302 T11C indicate to hosts that DHCPv6 is not available and they should use the prefix in the router advertisement message Other config flag on Select this to have the AMG1302 T11C indicate to hosts to obtain DNS information through DHCPv6 Clear this to have the AMG1302 T11C indicate to hosts that DNS information is not available in this network Adv...

Page 128: ...seconds between router advertisement messages Possible values for this field are 4 1800 Delegate MTU from WAN Select this to have the AMG1302 T11C obtain the MTU setting from the service provider or uplink router Manual Select this to specify the MTU manually MTU The Maximum Transmission Unit Type the maximum size of each IPv6 data packet in bytes that can move through this interface If a larger p...

Page 129: ...feature Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances If your ISP gives you explicit DNS servers make sure that you enter their IP addresses in the DHCP Setup screen 8 7 4 LAN TCP IP The AMG1302 T11C has built in DHCP server capability that assigns IP addresses and ...

Page 130: ... Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Note Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on addr...

Page 131: ...FC 1112 but IGMP version 1 is still in wide use IGMP version 3 supports source filtering reporting or ignoring traffic from specific source address to a particular host on the network If you would like to read more detailed information about interoperability between IGMP version 2 and version 1 please see sections 4 and 5 of RFC 2236 The class D IP address is used to identify host groups and can b...

Page 132: ... static routes For example the next figure shows a computer A connected to the AMG1302 T11C s LAN interface The AMG1302 T11C routes most traffic from A to the Internet through the AMG1302 T11C s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connecte...

Page 133: ...rs Table 38 Network Setting Static Route LABEL DESCRIPTION Add New Static Route Click this to configure a new static route This is the number of an individual static route Destination IP This parameter specifies the IP network address of the final destination Routing is always based on network number Interface This is the WAN interface used for this static route Gateway This is the IP address of t...

Page 134: ...5 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Use Gateway IP Address The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations If you want to use the gateway IP address select Enable Gateway IP Address Enter the IP ...

Page 135: ...the address compose the network address This field displays the bit number of the IPv6 subnet mask Gateway This is the IPv6 address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations Device This specifies the LAN or WAN PVC Modify Click the Edit icon to go to the screen where you can s...

Page 136: ...he IPv6 address of the gateway PVC IPv6 Address Select the interface through which the traffic is routed OK Click this to save your changes Cancel Click this to restore your previously saved settings Table 41 Network Setting Static Route IPv6 Static Route Add Edit LABEL DESCRIPTION ...

Page 137: ...owing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Voice over IP VoIP or Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video In the following figure your Internet connection has an upstream transmissi...

Page 138: ...milar types of traffic together and treating each type as a class You can use 802 1p to give different priorities to different packet types Tagging and Marking In a QoS class you can configure whether to add or change the DiffServ Code Point DSCP value and IEEE 802 1p priority level in a matched packet When the packet passes through a compatible network the networking device such as a backbone swi...

Page 139: ... lowest priority Ethernet Priority Automatically assign priority based on the IEEE 802 1p priority level IP Precedence Automatically assign priority based on the first three bits of the TOS field in the IP header Packet Length Automatically assign priority based on the packet size Smaller packets get higher priority since control signaling VoIP internet gaming or other real time packets are usuall...

Page 140: ...r the descriptive name of this queue Interface Select the interface to which this queue is applied This field is read only if you are editing the queue Priority Select the priority level from 1 to 3 of this queue The smaller the number the higher the priority level Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if the network is con...

Page 141: ...ew Classifier in the Network Setting QoS Class Setup screen or click the Edit icon next to a class the screen appears as shown next Table 45 Network Setting QoS Class Setup LABEL DESCRIPTION Add new Classifier Click this to create a new classifier Index This is the index number of the entry Status This field displays whether the classifier is active or not A yellow bulb signifies that this classif...

Page 142: ...Chapter 10 Quality of Service QoS AMG1302 T11C User s Guide 142 Figure 66 QoS Class Setup Add Edit ...

Page 143: ...ess means any source IP address Subnet Netmask Source Prefix Length Enter the source subnet mask if you select IPv4 as the Ether Type Enter the source prefix length if you select IPv6 as the Ether Type Port Range If you select TCP UDP TCP or UDP in the IP protocol field select the check box and enter the port number s of the source MAC Address Select the check box and enter the source MAC address ...

Page 144: ...S to specify an IP precedence range and type of services Select DSCP to specify a DiffServ Code Point DSCP range IP Precedence Range Enter a range from 0 to 7 for IP precedence 0 is the lowest priority and 7 is the highest Type of Service Select a type of service from the drop down list box Available options are Normal service Minimize delay Maximize throughput Maximize reliability and Minimize mo...

Page 145: ...the Ethernet Priority field and enter a VLAN ID number in the VLAN ID field with which the AMG1302 T11C replaces the IEEE 802 1p priority field and VLAN ID of the frames If you select Remove the AMG1302 T11C deletes the VLAN ID of the frames before forwarding them out If you select Add the AMG1302 T11C treat all matched traffic untagged and add a second priority level and VLAN ID that you specify ...

Page 146: ...s to have QoS give the highest priority to traffic for the games you specify This priority is higher than the other QoS queues Select the games below Apply Click this to save your changes Cancel Click this to restore previously saved settings Table 48 IEEE 802 1p Priority Level and Traffic Type PRIORITY LEVEL TRAFFIC TYPE Level 7 Typically used for network control traffic such as router configurat...

Page 147: ...oS mapping on the AMG1302 T11C On the AMG1302 T11C traffic assigned to higher priority queues gets through faster while traffic in lower index queues is dropped if the network is congested Table 49 Internal Layer2 and Layer3 QoS Mapping PRIORITY QUEUE LAYER 2 LAYER 3 IEEE 802 1P USER PRIORITY ETHERNET PRIORITY TOS IP PRECEDENCE DSCP IP PACKET LENGTH BYTE 0 1 0 000000 1 2 2 0 0 000000 1100 3 3 1 00...

Page 148: ...P ALG in the AMG1302 T11C Section 11 5 on page 153 11 1 2 What You Need To Know About NAT Inside Outside Inside outside denotes where a host is located relative to the AMG1302 T11C for example the computers of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global Local Global local denotes the IP address of a host in a packet as the packet travers...

Page 149: ...check box to enable NAT Max NAT Firewall Session Per User When computers use peer to peer applications such as file sharing applications they need to establish NAT sessions If you do not limit the number of NAT sessions a single client can establish this can result in all of the available NAT sessions being used In this case no additional NAT sessions can be established and users may not be able t...

Page 150: ...may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP Default Server IP Address In addition to the servers for specified services NAT supports a default server IP address A default server receives packets from ports that are not specified in this screen Note If you do not assign a Default Server IP a...

Page 151: ...forwarding rule Add new rule Click this button to add a rule to the table below This is the rule index number read only Active This field indicates whether the rule is active or not Clear the check box to disable the rule Select the check box to enable it Service Name This is a service s name External Start Port This is the first port number of a port range that incoming service requests may use t...

Page 152: ... in this field To forward a series of ports enter the last port number in a series that begins with the port number in the Start Port field above Server IP Address Enter the IP address of the server in your local network Protocol Select the protocol of the service TCP UDP or ALL TCP UDP Open Start Port Enter the first port number here to which you want the device to translate the incoming port For...

Page 153: ...AMG1302 T11C s private IP address inside the SIP data stream to a public IP address You do not need to use STUN or an outbound proxy if your AMG1302 T11C is behind a SIP ALG Use this screen to enable and disable the SIP VoIP ALG in the AMG1302 T11C Click Network Setting NAT ALG to open the following screen Figure 73 Network Setting NAT ALG Table 53 Network Setting NAT DMZ LABEL DESCRIPTION WAN Int...

Page 154: ... IP address of the same inside host when the packet is on the WAN side The following table summarizes this information NAT never changes the IP address either local or global of an outside host 11 6 2 What NAT Does In the simplest form NAT changes the source IP address in a packet received from a subscriber the inside local address to another the inside global address before forwarding the packet ...

Page 155: ...ess is the source address on the WAN For incoming packets the ILA is the destination address on the LAN and the IGA is the destination address on the WAN NAT maps private local IP addresses to globally unique ones required for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mappin...

Page 156: ...nce PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers Many to Many Overload In Many to Many Overload mode the AMG1302 T11C maps the multiple local IP addresses to shared global IP addresses Many to Many No Overload In Many to Many No Overload mode the AMG1302 T11C maps each local IP address to a unique glob...

Page 157: ...marizes these types Table 56 NAT Mapping Types TYPE IP MAPPING One to One ILA1 IGA1 Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 Many to Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 Many to Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 ...

Page 158: ...erent ATM QoS settings can be specified for each WAN PVC to meet bandwidth requirements for the type of traffic to be transferred For example three port binding groups could be created on the device R1 for three different WAN PVC connections The first PVC PVC0 is for non time sensitive data traffic The second and third PVCs PVC1 and PVC2 are for time sensitive Media On Demand MOD video traffic and...

Page 159: ...ng to display the following screen Figure 77 Network Setting Port Binding Port Binding The following table describes the labels in this screen Table 57 Network Setting Port Binding Port Binding LABEL DESCRIPTION Select to activate or deactivate the port binding feature Port Binding Active Activate or deactivate port binding for the port binding group Group Index Select the index number for the por...

Page 160: ...ls in this screen Group Summary Port Binding Summary Click this to view a summary of configured port binding groups Apply Add the selected port binding group configuration Delete Delete the selected port binding group configuration Cancel Click this to restore your previously saved settings Table 57 Network Setting Port Binding Port Binding continued LABEL DESCRIPTION Table 58 Network Setting Port...

Page 161: ... org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 13 1 1 What You Can Do in the DDNS Screen Use the Dynamic DNS screen Section 13 2 on page 161 to enable DDNS and configure the DDNS settings on the AMG1302 T11C 13 1 2 What You Need To Know About DDNS DYNDNS Wildcard En...

Page 162: ...der You can specify up to two host names in the field separated by a comma Username Type your user name Password Type the password assigned to you Dynamic DNS Status User Authentication Result This shows Success if the account is correctly set up with the Dynamic DNS provider account Last Updated Time This shows the last time the IP address the Dynamic DNS provider has associated with the hostname...

Page 163: ... T11C You can configure rules to restrict traffic by MAC addresses 14 1 1 What You Can Do in the Filter Screens Use the Filter screen Section 14 2 on page 163 to create MAC filter rules 14 2 The Filter Screen Use this screen to create and apply MAC filters Click Security Filter The screen appears as shown Figure 80 Security Filter ...

Page 164: ...ss Enter the MAC addresses of the clients that are allowed access to the AMG1302 T11C Enter the MAC addresses in a valid MAC address format that is six hexadecimal character pairs for example 12 34 56 78 9a bc MAC Filter Listing MAC Filter Rule Index Select the index number of the filter set from the drop down list box This is the index number of the rule in a filter set Active This field shows wh...

Page 165: ...Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 81 Default Firewall Action 15 1 1 What You Can Do in the Firewall Screens Use the General screen Section 15 2 on page 167 to select the firewall protection level on the AMG1302 T11C Use the Default Action screen Section 15 3 on...

Page 166: ...by causing denial of service for users of the targeted system LAND Attack In a Local Area Network Denial LAND attack hackers flood SYN packets into the network with a spoofed source IP address of the target system This makes it appear as if the host computer sent the packets to itself making the system unavailable while the target system tries to respond to itself Ping of Death Ping of Death uses ...

Page 167: ...rting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol IP datagrams but the messages are processed by the TCP IP software and directly apparent to the application user DoS Thresholds For DoS attacks the AMG1302 T11C uses thresholds to determine when to drop sessions that do not become fully established These thresholds apply globally to all sessions You can ...

Page 168: ...reen Section 15 3 on page 168 and Rules screen Section 15 4 on page 169 Off This setting is not recommended It disables firewall protection for your network and could potentially expose your network to significant security risks This option should only be used for troubleshooting or if you intend using another firewall in conjunction with your ZyXEL router Apply Click this to save your changes Can...

Page 169: ...ecomes number 7 and the previous rule 7 if there is one becomes rule 8 The following read only fields summarize the rules you have created that apply to traffic traveling in the selected packet direction The firewall rules that you configure summarized below take priority over the general firewall action settings in the General screen This is your firewall rule number The ordering of your rules is...

Page 170: ...e applies This is the interface through which the traffic is destined to leave the AMG1302 T11C Please note that a blank source interface is equivalent to Any Modify Click the Edit icon to go to the screen where you can edit the rule Click the Delete icon to remove an existing firewall rule A window displays asking you to confirm that you want to delete the firewall rule Note that subsequent firew...

Page 171: ...eny and send an ICMP destination unreachable message to the sender of Reject or allow the passage of Permit packets that match this rule IP Version Type Select the IP version IPv4 or IPv6 to apply this firewall rule to Rate Limit Set a maximum number of packets per second minute or hour to limit the throughput of traffic that matches this rule Maximum Burst Number Set the maximum number of packets...

Page 172: ... to apply this firewall rule applies Please note that a blank source MAC address is equivalent to any Source Interface Specify a source interface to which this firewall rule applies This is the interface through which the traffic entered the AMG1302 T11C Please note that a blank source interface is equivalent to any Destination Interface Specify a destination interface to which this firewall rule ...

Page 173: ...RIPTION This is the number of your customized port Name This is the name of your customized service Protocol This shows the IP protocol TCP or UDP that defines your customized service Port Type This is the port number or range that defines your customized service Start Port This is a single port number or the starting port number of a range that defines your customized service End Port This is a s...

Page 174: ... Rules Edit Edit Customized Services Add Edit LABEL DESCRIPTION Config Service Name Type a unique name for your custom port Service Type Choose the IP port TCP or UDP that defines your customized port from the drop down list box Port Configuration Type Click Single to specify one port only or Port Range to specify a span of ports that define your customized service Port Number Type a single port n...

Page 175: ...eiving DoS attacks that are not recorded in the logs or the logs show that the AMG1302 T11C is classifying normal traffic as DoS attacks Factors influencing choices for threshold values are 1 The maximum number of opened sessions 2 The minimum capacity of server backlog in your LAN network 3 The CPU power of servers in your LAN network 4 Network bandwidth 5 Type of traffic for certain servers Redu...

Page 176: ...ns per second that causes the firewall to start deleting half open sessions When the rate of new connection attempts rises above this number the AMG1302 T11C deletes half open sessions as required to accommodate new connection attempts ICMP Echo Request Count This is the rate of new ICMP Echo Request half open sessions per second that causes the firewall to start deleting half open sessions When t...

Page 177: ... rules specify which computers on the WAN can access which computers or services on the LAN Note You also need to configure NAT port forwarding or full featured NAT address mapping rules to allow computers on the WAN to access devices on the LAN WAN to Router By default the AMG1302 T11C stops computers on the WAN from managing the AMG1302 T11C You could configure one of these rules to allow a WAN ...

Page 178: ...ons Note Incorrectly configuring the firewall may block valid access or introduce security risks to the AMG1302 T11C and your protected network Use caution when creating or deleting firewall rules and test your rules after you configure them Consider these security ramifications before creating a rule 1 Does this rule stop LAN users from accessing critical resources on the Internet For example if ...

Page 179: ...AMG1302 T11C reroutes the SYN packet through Gateway A on the LAN to the WAN 3 The reply from the WAN goes directly to the computer on the LAN without going through the AMG1302 T11C As a result the AMG1302 T11C resets the connection as the connection has not been acknowledged Figure 92 Triangle Route Problem 15 6 4 2 Solving the Triangle Route Problem If you have the AMG1302 T11C allow triangle ro...

Page 180: ...ugh the AMG1302 T11C to your LAN The following steps describe such a scenario 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN 2 The AMG1302 T11C reroutes the packet to Gateway A which is in Subnet 2 3 The reply from the WAN goes to the AMG1302 T11C 4 The AMG1302 T11C then sends it to the computer on the LAN in Subnet 1 Figure 93 IP Alias 1 2 ...

Page 181: ... this screen Table 69 Security Parental Control LABEL DESCRIPTION Parental Control Use this field to activate or deactivate parental control Add new PCP Click this to create a new parental control rule This is the index number of the rule Status This indicates whether the rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active PCP N...

Page 182: ...d Edit Parental Control Rule The following table describes the fields in this screen Website Blocked This shows whether the website block is configured If not None will be shown Modify Click the Edit icon to go to the screen where you can edit the rule Click the Delete icon to remove an existing rule Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settin...

Page 183: ...m viewing the Web sites with the URLs listed below If you select Access the AMG1302 T11C blocks access to all URLs except ones listed below Add new service Click this to show a screen in which you can add a new service rule You can configure the Service Name Protocol and Name of the new rule Active This shows whether a configured service is activated or not Service Name This shows the name of the ...

Page 184: ...ertificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities The certification authority uses its private key to sign certificates Anyone can then use the certification authority s public key to verify the certificates You can use the AMG1302 T11C to generate certification reque...

Page 185: ...r such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization or company and country Valid From This field displ...

Page 186: ...ect this option and enter the private key into the text box to store it on the AMG1302 T11C The private key should not exceed 63 ASCII characters not including spaces Current File This field displays the name used to identify this certificate Subject This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or depa...

Page 187: ...ys the name used to identify this certificate Subject This field displays information that identifies the owner of the certificate such as Common Name CN OU Organizational Unit or department Organization O State ST and Country C It is recommended that each certificate have unique subject information Type This field displays general information about the certificate ca means that a Certification Au...

Page 188: ...n this screen Table 74 Trusted CA View LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate If you want to change the name type up to 31 characters to identify this key certificate You may use any character not including spaces Certificate Detail This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format ...

Page 189: ...in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages A syslog enabled device can generate a syslog message and send it to a syslog server Syslog is defined in RFC 3164 The RFC defines the packet format content and system log...

Page 190: ...BEL DESCRIPTION Level Select a severity level from the drop down list box This filters search results according to the severity level you have selected When you select a severity the AMG1302 T11C searches through all logs of that severity or higher Refresh Click this to renew the log screen Clear Logs Click this to delete all the logs Export Click this to download logs to a file on your computer E...

Page 191: ...se the NAT screen to view the NAT status of the AMG1302 T11C s client s Section 19 4 on page 193 19 2 The WAN Status Screen Click System Monitor Traffic Status to open the WAN screen You can view the WAN traffic statistics in this screen Figure 101 System Monitor Traffic Status WAN The following table describes the fields in this screen Table 77 System Monitor Traffic Status WAN LABEL DESCRIPTION ...

Page 192: ...s interface Error This indicates the number of frames with errors transmitted on this interface TX Bytes This indicates the number of bytes transmitted on this interface Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface RX Bytes This indicates the number of bytes received on this in...

Page 193: ...indicates the number of outgoing packets dropped on this interface Received Packet Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 78 System Monitor Traffic Status LAN continued LABEL DESCRIPTION Table 79 System Mon...

Page 194: ...Maintenance User Account LABEL DESCRIPTION User Name You can configure the password for the Admin account Old Password Type the default password or the existing password you use to access the system in this field New Password Type your new system password up to 30 characters Note that as you type a password the screen displays a for each character you type After you change the password use the new...

Page 195: ... Figure 105 LAN and WAN An administrator can use a management server to remotely set up the AMG1302 T11C modify settings perform firmware upgrades as well as monitor and diagnose the AMG1302 T11C In order to use CWMP you need to configure the following steps 1 Activate CWMP 2 Specify the URL username and password 3 Activate periodic inform and specify an interval value 21 2 The TR 069 Client Scree...

Page 196: ...1C when making a connection to the management server This password on the management server and the AMG1302 T11C must be the same Type a password of up to 255 printable characters found on an English language keyboard Display SOAP messages on serial console Select Enable to show the SOAP messages on the console Connection Request Path Type the IP address or domain name of the AMG1302 T11C The mana...

Page 197: ...duration in seconds for which the AMG1302 T11C must attempt to connect with the management server to send information and check for configuration updates Enter a value between 1 and 86400 seconds Client Certificate You can choose a local certificate used by TR 069 client The local certificate should be imported in the Security Certificates Local Certificates screen Apply Click this to save your ch...

Page 198: ...inistrator Inactivity Timer Type how many seconds a management session either via the web configurator can be left idle before the session times out and you have to log in again Very long idle timeouts may have security risks A value of 0 means a management session never times out no matter how long it has been left idle not recommended Schedule Reboot Select Enable to let the AMG1302 T11C automat...

Page 199: ...as shown Use this screen to configure the AMG1302 T11C s time based on your local time zone Figure 108 Maintenance Time Setting The following table describes the fields in this screen Table 83 Maintenance Time Setting LABEL DESCRIPTION Current Date Time Current Time This field displays the time and date of your AMG1302 T11C Each time you reload this page the AMG1302 T11C synchronizes the time and ...

Page 200: ...t Saving The o clock field uses the 24 hour format Here are a couple of examples Daylight Saving Time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and type 2 in the o clock field Daylight Saving Time starts in the European...

Page 201: ...ou can configure where the AMG1302 T11C sends logs and which logs and or immediate alerts the AMG1302 T11C records in the Log Setting screen 24 2 The Log Setting Screen To change your AMG1302 T11C s log settings click Maintenance Log Setting The screen appears as shown ...

Page 202: ...Maintenance Log Setting The following table describes the fields in this screen Table 84 Maintenance Logs Setting LABEL DESCRIPTION Syslog Settings Syslog Logging The AMG1302 T11C sends a log to an external syslog server Select the check box to enable syslog logging ...

Page 203: ... Password This box is effective when you select the SMTP Authentication check box Type the password to provide to the SMTP server when the log is e mailed Log Schedule Set the frequency of log messages being sent as E mail Daily Weekly Hourly When Log is Full None If you select Weekly or Daily specify a time of day when the E mail should be sent If you select Weekly then also specify which day of ...

Page 204: ...TION Subject Firewall Alert From Date Fri 10 Apr 2015 10 05 42 From user zyxel com To user zyxel com 1 Apr 10 15 From 192 168 1 1 To 192 168 1 255 default policy forward 09 54 03 UDP src port 00520 dest port 00520 1 00 2 Apr 10 15 From 192 168 1 131 To 192 168 1 255 default policy forward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 10 15 From 192 168 1 6 To 10 10 10 10 match forward 09 ...

Page 205: ...er a successful upload the system will reboot Do NOT turn off the AMG1302 T11C while firmware upload is in progress Figure 111 Maintenance Firmware Upgrade The following table describes the labels in this screen After you see the firmware updating screen wait two minutes before logging into the AMG1302 T11C again Table 85 Maintenance Firmware Upgrade LABEL DESCRIPTION Current Firmware Version This...

Page 206: ... network disconnect In some operating systems you may see the following icon on your desktop Figure 113 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful an error screen will appear Click OK to go back to the Firmware Upgrade screen Figure 114 Error Message ...

Page 207: ...ctory defaults backup configuration and restoring configuration appears in this screen as shown next Figure 115 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the AMG1302 T11C s current configuration to a file on your computer Once your AMG1302 T11C is configured and functioning properly it is highly recommended that you back up your configuration f...

Page 208: ...age 231 for details on how to set up your computer s IP address If the upload was not successful an error screen will appear Click OK to go back to the Configuration screen Reset to Factory Defaults Click the Reset button to clear all user entered configuration information and return the AMG1302 T11C to its factory defaults The following warning screen appears Figure 117 Reset Warning Message Wait...

Page 209: ...t allows you to reboot the AMG1302 T11C remotely without turning the power off You may need to do this if the AMG1302 T11C hangs for example Click Maintenance Reboot Click the Reboot button to have the AMG1302 T11C reboot This does not affect the AMG1302 T11C s configuration Figure 118 Maintenance Reboot ...

Page 210: ...er rule to allow access You may manage your AMG1302 T11C from a remote location via Internet WAN only LAN only LAN and WAN None Disable To disable remote management of a service select Disable in the corresponding Service Access field 27 1 1 What You Can Do in the Remote Management Screens Use the Remote MGMT screen Section 27 2 on page 211 to configure through which interface s which services can...

Page 211: ... of the remote management screens The IP address in the Trust Domain screen does not match the client IP address If it does not match the AMG1302 T11C will disconnect the session immediately There is a firewall rule that blocks it Remote Management and NAT When NAT is enabled Use the AMG1302 T11C s WAN IP address when configuring from the WAN Use the AMG1302 T11C s LAN IP address when configuring ...

Page 212: ...ions to have the AMG1302 T11C activate the remote management service when the selected WAN connections are up Services This is the service you may use to access the AMG1302 T11C LAN WLAN Select the Enable check box for the corresponding services that you want to allow access to the AMG1302 T11C from the LAN WLAN WAN Select the Enable check box for the corresponding services that you want to allow ...

Page 213: ...s contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects 27 3 1 Configuring SNMP To change your AMG...

Page 214: ...ailable only when you enable SNMPv3 on the AMG1302 T11C User Name Enter the username to be sent to the SNMP manager along with the SNMP v3 trap Access Permissions Select RW to allow SNMP managers to have read and write rights meaning that the user can create and edit the settings on the AMG1302 T11C Select RO to allow SNMP managers to have read rights only meaning the user can collect information ...

Page 215: ... from the WAN Click the Add Trust Domain button in the Maintenance Remote MGMT Turst Domain screen to open the following screen Figure 124 Maintenance Remote MGMT Trust Domain Add Trust Domain IPv4 Table 89 Maintenance Remote MGMT Trust Domain LABEL DESCRIPTION Add Trust Domain Click this to add a trusted host IP address This is the index number of the trusted host IP address IP Address This field...

Page 216: ...cludes Single Address Range Address and Subnet Address Start IP Address Specify the public IP address es which is allowed to access the service on the AMG1302 T11C from the WAN Enter the single IP address or the starting IP address in a range here End IP Address Enter the ending IP address in a range here Subnet Mask Enter the subnet mask here if you sent IP Version Type to IPv4 Prefix Length Ente...

Page 217: ...view the DSL line statistics and reset the ADSL line 28 2 The General Screen Use this screen to ping an IP address Click Maintenance Diagnostic Ping to open the screen shown next Figure 126 Maintenance Diagnostic Ping The following table describes the fields in this screen Table 91 Maintenance Diagnostic Ping LABEL DESCRIPTION Type the IP address of a computer that you want to ping in order to tes...

Page 218: ...atistics ATM is a networking technology that provides high speed data transfer ATM uses fixed size packets of information called cells With ATM a high QoS Quality of Service can be guaranteed The Segmentation and Reassembly SAR driver translates packets into ATM cells It also receives ATM cells and reassembles them into packets These counters are set back to zero whenever the device starts up inPk...

Page 219: ...rete Multi Tone DMT modulation divides up a line s bandwidth into sub carriers sub channels of 4 3125 KHz each called tones The rest of the display is the line s bit allocation This is displayed as the number in hexadecimal format of bits transmitted for each tone This can be used to determine the quality of the connection whether a given sub carrier loop has sufficient margins to support certain ...

Page 220: ...ower adaptor or cord included with the AMG1302 T11C 3 Make sure the power adaptor or cord is connected to the AMG1302 T11C and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the AMG1302 T11C off and on 5 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED Section ...

Page 221: ...rk you have to reset the device to its factory defaults See Section 1 7 on page 16 I forgot the password 1 The default admin user name and password can be found on the cover of this User s Guide 2 If this does not work you have to reset the device to its factory defaults See Section 1 7 on page 16 I cannot see or access the Login screen for the web configurator 1 Make sure you are using the correc...

Page 222: ... entered the password correctly The default user and default admin password can be found on the cover page of this User s Guide The field is case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the AMG1302 T11C Log out of the AMG1302 T11C in the other session or ask the person who is logged in to log out 3 Turn the AMG1...

Page 223: ...Guide again 6 If the problem continues contact your ISP I cannot access the Internet anymore I had access to the Internet with the AMG1302 T11C but my Internet connection is not available anymore 1 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 27 1 on page 225 2 Turn the AMG1302 T11C off and on 3 If the problem continues contac...

Page 224: ...tinues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Check the settings for QoS If it is disabled you might consider activating it If it is enabled you might consider raising or lowering the priority for some applications ...

Page 225: ...nformation Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan ZyXEL Communications Corporation http www zyxel com Asia China ZyXEL Communications Shanghai Corp ZyX...

Page 226: ...om pk Philippines ZyXEL Philippines http www zyxel com ph Singapore ZyXEL Singapore Pte Ltd http www zyxel com sg Taiwan ZyXEL Communications Corporation http www zyxel com tw zh Thailand ZyXEL Thailand Co Ltd http www zyxel co th Vietnam ZyXEL Communications Corporation Vietnam Office http www zyxel com vn vi Europe Austria ZyXEL Deutschland GmbH http www zyxel de Belarus ZyXEL BY http www zyxel ...

Page 227: ...Czech Republic ZyXEL Communications Czech s r o http www zyxel cz Denmark ZyXEL Communications A S http www zyxel dk Estonia ZyXEL Estonia http www zyxel com ee et Finland ZyXEL Communications http www zyxel fi France ZyXEL France http www zyxel fr Germany ZyXEL Deutschland GmbH http www zyxel de Hungary ZyXEL Hungary SEE http www zyxel hu Italy ZyXEL Communications Italy http www zyxel it ...

Page 228: ...elux http www zyxel nl Norway ZyXEL Communications http www zyxel no Poland ZyXEL Communications Poland http www zyxel pl Romania ZyXEL Romania http www zyxel com ro ro Russia ZyXEL Russia http www zyxel ru Slovakia ZyXEL Communications Czech s r o organizacna zlozka http www zyxel sk Spain ZyXEL Communications ES Ltd http www zyxel es Sweden ZyXEL Communications http www zyxel se Switzerland Stud...

Page 229: ...raine http www ua zyxel com Latin America Argentina ZyXEL Communication Corporation http www zyxel com ec es Brazil ZyXEL Communications Brasil Ltda https www zyxel com br pt Ecuador ZyXEL Communication Corporation http www zyxel com ec es Middle East Israel ZyXEL Communication Corporation http il zyxel com homepage shtml Middle East ZyXEL Communication Corporation http www zyxel com me en ...

Page 230: ...User s Guide 230 North America USA ZyXEL Communications Inc North America Headquarters http www zyxel com us en Oceania Australia ZyXEL Communications Corporation http www zyxel com au en Africa South Africa Nology Pty Ltd http www zyxel co za ...

Page 231: ...lication package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP addresses that place them in ...

Page 232: ...ft from the list of manufacturers 4 Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks 1 Click Add 2 Select Client and then click Add 3 Select Microsoft from the list of manufacturers 4 Select Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer so the changes you made take effect Configur...

Page 233: ... IP Address 3 Click the DNS Configuration tab If you do not know your DNS information select Disable DNS If you know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in Figure 130 Windows 95 98 Me TCP IP Properties DNS Configuration 4 Click the Gateway tab ...

Page 234: ...your AMG1302 T11C and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default gateway Windows 2000 NT XP The following example figures use the default Windows XP GUI theme 1 Click start Star...

Page 235: ...s Guide 235 Figure 132 Windows XP Control Panel 3 Right click Local Area Connection and then click Properties Figure 133 Windows XP Control Panel Network Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties ...

Page 236: ... Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields Click Advanced Figure 135 Windows XP Internet Protocol TCP IP Properties ...

Page 237: ...TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Automatic metric check box and type a metric in Metric Click Add Repeat the previous three steps for each default gateway you want to add Click OK when finished Figure 136 Windows XP Advanced TCP IP Properties 7 In the Internet Protocol TCP I...

Page 238: ...nnections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your AMG1302 T11C and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Wi...

Page 239: ...8 Windows Vista Start Menu 2 In the Control Panel double click Network and Internet Figure 139 Windows Vista Control Panel 3 Click Network and Sharing Center Figure 140 Windows Vista Network And Internet 4 Click Manage network connections Figure 141 Windows Vista Network and Sharing Center ...

Page 240: ... displays a screen saying that it needs your permission to continue Figure 142 Windows Vista Network and Sharing Center 6 Select Internet Protocol Version 4 TCP IPv4 and click Properties Figure 143 Windows Vista Local Area Connection Properties 7 The Internet Protocol Version 4 TCP IPv4 Properties window opens the General tab If you have a dynamic IP address click Obtain an IP address automaticall...

Page 241: ...to configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of th...

Page 242: ...perties window the General tab Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them ...

Page 243: ...ies window 12 Close the Network Connections window 13 Turn on your AMG1302 T11C and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Macintosh OS 8 9 1 ...

Page 244: ...uide 244 Figure 147 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 148 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server from the Configure list 4 For statically assigned settings do the following ...

Page 245: ...ve changes to your configuration 7 Turn on your AMG1302 T11C and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu and click System Preferences to open the System Preferences window Figure 149 Macintosh OS X Apple Menu 2 Click Network in the icon bar Select Automatic from the Location list Sele...

Page 246: ... the IP address of your AMG1302 T11C in the Router address box 5 Click Apply Now and close the window 6 Turn on your AMG1302 T11C and restart your computer if prompted Verifying Settings Check your TCP IP properties in the Network window Linux This section shows you how to configure your computer s TCP IP settings in Red Hat Linux 9 0 Procedure screens and file location may vary depending on your ...

Page 247: ...iguration Devices 2 Double click on the profile of the network card you wish to configure The Ethernet Device General screen displays as shown Figure 152 Red Hat 9 0 KDE Ethernet Device General If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list If you have a static IP address click Statically set IP Addresses and fill in the...

Page 248: ... all screens Figure 154 Red Hat 9 0 KDE Network Configuration Activate 7 After the network card restart process is complete make sure the Status is Active in the Network Configuration screen Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address 1 Assuming that you have only one network card on the computer locate the ifconfig eth0...

Page 249: ...ws an example where two DNS server IP addresses are specified Figure 157 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configuration files you must restart the network card Enter network restart in the etc rc d init d directory The following figure shows an example Figure 158 Red Hat 9 0 Restart Ethernet Card Verifying Settings Enter ifconfig in a terminal screen to check y...

Page 250: ...hernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717 errors 0 dropped 0 overruns 0 frame 0 TX packets 13 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 100 RX bytes 730412 713 2 Kb TX bytes 1570 1 5 Kb Interrupt 10 Base address 0x1000 root localhost ...

Page 251: ... share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered Structure An IP address is made up of fou...

Page 252: ...n the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Subnet masks can be referred t...

Page 253: ...us number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks using both not...

Page 254: ...following figure shows the company network before subnetting Figure 161 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following figu...

Page 255: ...168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits givin...

Page 256: ... LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 100 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 192 IP Address Binary 11000000 10...

Page 257: ...d Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the AMG1302 T11C Table 102 24 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 ...

Page 258: ...ign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small o...

Page 259: ...ing to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 163 Pop up Blocker You can also check if pop up blocking is disabled in the Pop up Blocker...

Page 260: ... Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab 2 Select Settings to open the Pop up Blocker Settings screen ...

Page 261: ...uide 261 Figure 165 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to move the IP address to the list of Allowed sites Figure 166 Pop up Blocker Settings ...

Page 262: ...splay properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 167 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default 6 Cl...

Page 263: ...e 168 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected 5 Click OK to close the window ...

Page 264: ...302 T11C User s Guide 264 Figure 169 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Click OK to close the window Figure 170 Java Sun ...

Page 265: ...sed here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Click Tools then click Options in the screen that appears Figure 171 Mozilla Firefox Tools Options Click Content to show the screen below Select the check boxes as shown in the following screen Figure 172 Mozilla Firefox Content Security ...

Page 266: ...ependent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 173 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point AP Intra BSS traffic is t...

Page 267: ...wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless clients within the ...

Page 268: ...rtially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not with...

Page 269: ...Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead involved in the RTS Request To Send CTS Clear to Send handshake If the RTS CTS value is greater than the Fragmentation Threshold value see next then the RTS Request To Send CTS Clear to...

Page 270: ...ote The wireless devices MUST use the same preamble mode in order to communicate IEEE 802 11g Wireless LAN IEEE 802 11g is fully compatible with the IEEE 802 11b standard This means an IEEE 802 11b adapter can interface directly with an IEEE 802 11g access point and vice versa at 11 Mbps or lower depending on range IEEE 802 11g has several intermediate rate steps between the maximum and minimum da...

Page 271: ... user profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server ...

Page 272: ...network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauthorized access Types of EAP Authentication This section discusses some popular authentication types EAP MD5 EAP TLS EAP TTLS PEAP and LE...

Page 273: ... makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the serv...

Page 274: ...ires a single identical password entered into each access point wireless gateway and wireless client As long as the passwords match a wireless client will be granted access to a WLAN If the AP or the wireless clients do not support WPA2 just use WPA or WPA PSK depending on whether you have an external RADIUS server or not Select WEP only when the AP and or wireless clients do not support WPA or WP...

Page 275: ...common password approach makes WPA 2 PSK susceptible to brute force password guessing attacks but it s still an improvement over WEP as it employs a consistent single alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys This prevent all wireless devices sharing the same encryption keys a weakness of WEP User Authentication WPA and WPA2 apply IEEE 802 1x a...

Page 276: ...RADIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients Figure 177 WPA 2 with RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as f...

Page 277: ...a couples RF signals onto air A transmitter within a wireless device sends an RF signal to the antenna which propagates the signal through the air The antenna also operates in reverse by capturing RF signals from the air Positioning the antennas properly increases the range and coverage area of a wireless LAN Table 107 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOC...

Page 278: ...are two types of antennas used for wireless LAN applications Omni directional antennas send the RF signal out in all directions on a horizontal plane The coverage area is torus shaped like a donut which makes these antennas ideal for a room environment With a wide coverage area it is possible to make circular overlapping coverage areas with multiple access points Directional antennas concentrate t...

Page 279: ... 0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length ...

Page 280: ...sts in a multicast group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 109 Predefined Multicast Address MULTICAST ADDRESS D...

Page 281: ...first byte of the MAC address See the following example Stateless Autoconfiguration With stateless autoconfiguration in IPv6 addresses can be uniquely and automatically generated Unlike DHCPv6 Dynamic Host Configuration Protocol version six which is used in IPv6 stateful autoconfiguration the owner and status of addresses don t need to be maintained by a DHCP server Every IPv6 device is able to ge...

Page 282: ...he IA Each IA holds one type of address IA_NA means an identity association for non temporary addresses and IA_TA is an identity association for temporary addresses An IA_NA option contains the T1 and T2 fields but an IA_TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_NA before t...

Page 283: ...hbor solicitation A request from a host to determine a neighbor s link layer address MAC address and detect if the neighbor is still reachable A neighbor being reachable means it responds to a neighbor solicitation message from the host with a neighbor advertisement message Neighbor advertisement A response from a node to announce its link layer address Router solicitation A request from a host to...

Page 284: ... IGMP snooping and IGMP proxy in IPv4 MLD filtering controls which multicast groups a port can join MLD Messages A multicast router or switch periodically sends general queries to MLD hosts to update the multicast forwarding table When an MLD host wants to join a multicast group it sends an MLD Report message for that address An MLD Done message is equivalent to an IGMP Leave message When an MLD h...

Page 285: ...etwork forward these packets between IPv6 networks 1 and 2 over the IPv4 Internet A 6to4 relay router C connects to both an IPv6 and IPv4 network A 6to4 relay router is used to forward packets between 6to4 routers in an IPv4 Internet and an IPv6 device Z on the IPv6 Internet To transmit packets a 6to4 address is used with a special IPv6 prefix of 2002 to encode a given IPv4 address A 6to4 address ...

Page 286: ...HCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on your computer 2 After ...

Page 287: ... Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 checkbox to enable it 3 Click OK to save the change ...

Page 288: ...r dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 16 100...

Page 289: ...pe of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation ...

Page 290: ...l a program to enable fast transfer of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used in e commerce ICMP User Defined 1 Internet Control Message Protocol is often used for diagnostic purposes I...

Page 291: ...GRE User Defined 47 PPTP Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the data channel RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login ROADRUNNER TCP UDP 1026 This is an ISP that provides services mainly for ...

Page 292: ...1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host s...

Page 293: ...es or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the device This product has been tested and complies with the specifications for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This device g...

Page 294: ...la fonction sans fil 5G fonctionnant en 5150 5250 MHz and 5725 5850 MHz est activée pour ce produit il est nécessaire de porter une attention particulière aux choses suivantes Les dispositifs fonctionnant dans la bande 5150 5250 MHz sont réservés uniquement pour une utilisation à l intérieur afin de réduire les risques de brouillage préjudiciable aux systèmes de satellites mobiles utilisant les mê...

Page 295: ...st conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 EC Hrvatski Croatian ZyXEL ovime izjavljuje da je radijska oprema tipa u skladu s Direktivom 1999 5 EC Íslenska Icelandic Hér með lýsir ZyXEL því yfir að þessi búnaður er í samræmi við grunnkröfur og önnur viðeigandi ákvæði tilskipunar 1999 5 EC Italiano Italian Con la presente ZyXEL dichiara che q...

Page 296: ...http www esd lv Notes 1 Although Norway Switzerland and Liechtenstein are not EU member states the EU Directive 1999 5 EC has also been implemented in those countries 2 The regulatory limits for maximum output power are specified in EIRP The EIRP level in dBm of a device can be calculated by adding the gain of the antenna used specified in dBi to the output power available at the connector specifi...

Page 297: ... below means that according to local regulations your product and or its battery shall be disposed of separately from domestic waste If this product is end of life take it to a recycling station designated by local authorities At the time of disposal the separate collection of your product and or its battery will help save natural resources and ensure that the environment is sustainable developmen...

Page 298: ...Appendix H Legal Information AMG1302 T11C User s Guide 298 Environmental Product Declaration ...

Page 299: ...he date of purchase The Warranty Period varies by region Check with your vendor and or the authorized ZyXEL local distributor for details about the Warranty Period of this product During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its discretion repair or replace the defective products or com...

Page 300: ... in part some free software distributed under GPL license terms and or GPL like licenses Open source licenses are provided with the firmware package You can download the latest firmware at www zyxel com To obtain the source code covered under those Licenses please contact support zyxel com tw to get it ...

Page 301: ...QoS 75 81 85 SCR 75 81 status 218 authentication 107 108 RADIUS server 108 automatic logout 19 B backup configuration 207 Basic Service Set See BSS 266 Basic Service Set see BSS broadcast 68 BSS 110 266 example 110 C CA 184 273 CBR 75 81 85 certificate factory default 185 Certificate Authority See CA certificates 184 authentication 184 CA public key 184 replacing 185 storage space 185 trusted CAs ...

Page 302: ... 153 DNS 119 129 documentation related 2 Domain Name System see DNS DoS 166 three way handshake 174 thresholds 167 174 175 DSCP 144 DSL connections status 219 dynamic DNS 161 activation 162 wildcard 161 Dynamic Host Configuration Protocol see DHCP dynamic WEP key exchange 273 DYNDNS wildcard 161 E EAP Authentication 272 e mail log example 204 encapsulation 67 71 79 ENET ENCAP 82 PPPoA 83 PPPoE 82 ...

Page 303: ...Local Address see ILA Internet Control Message Protocol see ICMP Internet Protocol version 6 see IPv6 IP address 64 67 72 79 83 118 129 default 18 default server 150 ping 217 private 130 IP alias 123 configuration 123 NAT applications 156 IP precedence 144 146 configuration 144 IP MAC filter 163 IPv6 279 addressing 279 EUI 64 281 global address 280 interface ID 281 link local address 279 Neighbor ...

Page 304: ...nailed up connection 74 80 84 NAT 80 148 154 257 activation 149 address mapping types 156 applications 155 IP alias 156 default server IP address 150 example 155 global 154 IGA 154 ILA 154 inside 154 local 154 outside 154 P2P 149 port forwarding 149 150 activation 152 configuration 150 example 150 rules 151 remote management 211 Network Address Translation see NAT Network Address Translation see N...

Page 305: ...130 Routing Information Protocol see RIP RTS Request To Send 269 threshold 268 269 rules port forwarding 151 S schedules wireless LAN 102 SCR 75 81 85 security network 178 wireless LAN 107 Security Parameter Index see SPI service access control 211 214 215 Service Set 89 96 setup DHCP 121 IP alias 123 IP precedenceQoS IP precedence 144 port forwarding 150 static route 133 135 WAN 68 wizard 25 shap...

Page 306: ... VCI 72 79 83 version firmware version 64 Virtual Channel Identifier see VCI Virtual Path Identifier see VPI VPI 72 79 83 W WAN 67 ATM QoS 75 81 85 encapsulation 67 71 79 IGMP 68 IP address 67 72 79 83 mode 71 78 MTU 76 82 multicast 68 75 multiplexing 71 79 83 nailed up connection 74 80 84 NAT 80 RIP 75 setup 68 traffic shaping 84 example 85 VCI 72 79 83 VPI 72 79 83 warranty 299 note 299 WDS 100 ...

Page 307: ...12 push button 16 111 status 100 wireless security 270 Wireless tutorial 37 wizard 25 configuration 25 wireless LAN 30 WLAN interference 268 security parameters 277 WPA 109 274 key caching 275 pre authentication 275 user authentication 275 vs WPA PSK 275 wireless client supplicant 275 with RADIUS application example 276 WPA2 274 user authentication 275 vs WPA2 PSK 275 wireless client supplicant 27...

Reviews:

No comments