ZyXEL Communications MAX-306 User Manual Download

Page: 1 / 405

www.zyxel.com

MAX-306HW2 Series

Models: MAX-306 ODU (2.5 GHz), MAX-316 ODU (3.5 GHz), MAX-306HW2 IDU

Firmware Version 3.6

Edition 2, 05/2009

Default Login Details

IP Address:

http://192.168.100.1

User Name:

admin

Password:

1234

WiMAX MIMO Indoor/Outdoor

CPE (2.5GHz & 3.5GHz)

Summary of Contents for MAX-306

Page 1: ...ODU 2 5 GHz MAX 316 ODU 3 5 GHz MAX 306HW2 IDU Copyright 2009 ZyXEL Communications Corporation Firmware Version 3 6 Edition 2 05 2009 Default Login Details IP Address http 192 168 100 1 User Name adm...

Page 2: ......

Page 3: ...r descriptions of individual screens and supplementary information Command Reference Guide The Command Reference Guide explains how to use the Command Line Interface CLI and CLI commands to configure...

Page 4: ...bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then pre...

Page 5: ...in this User s Guide may use the following generic icons The WiMAX Device icon is not an exact representation of your WiMAX Device Table 1 Common Icons Wireless Signal Internet Cloud Computer Noteboo...

Page 6: ...ce Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT remove the plug and connect it to a power outlet by itself always attach the plug to the powe...

Page 7: ...User s Guide Do not use any PoE device other than the Indoor Unit model specified in this User s Guide to supply power to the Outdoor Unit Your product is marked with this symbol which is known as the...

Page 8: ...Safety Warnings User s Guide 8...

Page 9: ...ration Screens 103 The VPN Transport Screens 113 The NAT Configuration Screens 125 The System Configuration Screens 135 Voice Screens 145 The Service Configuration Screens 147 The Phone Screens 165 Th...

Page 10: ...Contents Overview User s Guide 10...

Page 11: ...s Point 32 1 1 2 WiMAX Internet Access 32 1 1 3 Make Calls via Internet Telephony Service Provider 33 1 2 WiMAX Device Hardware 34 1 2 1 LEDs 34 1 3 Good Habits for Managing the WiMAX Device 35 Chapte...

Page 12: ...in This Chapter 67 5 1 2 What You Need to Know 67 5 1 3 Before You Begin 68 5 2 Set IP Address 68 5 3 DHCP Client 69 5 4 Time Setting 70 5 4 1 Pre Defined NTP Time Servers List 71 5 4 2 Resetting the...

Page 13: ...ect 99 7 5 Advanced 101 Chapter 8 The Wi Fi Configuration Screens 103 8 1 Overview 103 8 1 1 What You Can Do in This Chapter 103 8 1 2 What You Need to Know 103 8 2 General 104 8 3 MAC Filter 109 8 4...

Page 14: ...pter 135 11 1 2 What You Need to Know 135 11 2 General 137 11 3 Dynamic DNS 138 11 4 Firmware 140 11 4 1 The Firmware Upload Process 141 11 5 Configuration 142 11 5 1 The Restore Configuration Process...

Page 15: ...he Flash Key 170 13 5 2 Europe Type Supplementary Phone Services 171 13 5 3 USA Type Supplementary Services 173 Chapter 14 The Phone Book Screens 175 14 1 Overview 175 14 1 1 What You Can Do in This C...

Page 16: ...Service Setting 207 16 4 Technical Reference 208 16 4 1 Stateful Inspection Firewall 208 16 4 2 Guidelines For Enhancing Security With Your Firewall 209 16 4 3 The Triangle Route Problem 209 Chapter...

Page 17: ...2 Web Configurator Easy Access 249 Chapter 21 The Status Screen 253 21 1 Overview 253 21 2 Status Screen 253 21 2 1 Packet Statistics 258 21 2 2 WiMAX Site Information 259 21 2 3 DHCP Table 260 21 2...

Page 18: ...ter s IP Address 283 Appendix C Wireless LANs 311 Appendix D Pop up Windows JavaScripts and Java Permissions 327 Appendix E IP Addresses and Subnetting 337 Appendix F Importing Certificates 349 Append...

Page 19: ...Mode 59 Figure 17 VoIP Connection First Voice Account Settings 60 Figure 18 VoIP Connection SIP Registration Test 61 Figure 19 VoIP Connection SIP Registration Fail 62 Figure 20 VoIP Connection Finish...

Page 20: ...VANCED NAT Configuration General 125 Figure 58 Multiple Servers Behind NAT Example 127 Figure 59 ADVANCED NAT Configuration Port Forwarding 127 Figure 60 ADVANCED NAT Configuration Port Forwarding Rul...

Page 21: ...gement WWW 219 Figure 101 TOOLS Remote Management Telnet 220 Figure 102 TOOLS Remote Management FTP 220 Figure 103 SNMP Management Model 221 Figure 104 TOOLS Remote Management SNMP 223 Figure 105 TOOL...

Page 22: ...OS X 10 4 Network Preferences Ethernet 293 Figure 145 Mac OS X 10 4 Network Utility 294 Figure 146 Mac OS X 10 5 Apple Menu 295 Figure 147 Mac OS X 10 5 Systems Preferences 295 Figure 148 Mac OS X 10...

Page 23: ...Internet Explorer 7 Certification Error 350 Figure 190 Internet Explorer 7 Certificate Error 351 Figure 191 Internet Explorer 7 Certificate 351 Figure 192 Internet Explorer 7 Certificate Import Wizar...

Page 24: ...ertificate manager 370 Figure 222 Opera 9 Import certificate 370 Figure 223 Opera 9 Install authority certificate 371 Figure 224 Opera 9 Install authority certificate 371 Figure 225 Opera 9 Tools Menu...

Page 25: ...Configuration DHCP Setup 77 Table 20 ADVANCED LAN Configuration Static DHCP 78 Table 21 ADVANCED LAN Configuration IP Alias 79 Table 22 Advanced LAN Configuration IP Static Route 81 Table 23 Advanced...

Page 26: ...stem Configuration Firmware 143 Table 56 VOICE Service Configuration SIP Setting 150 Table 57 VOICE Service Configuration SIP Settings Advanced 153 Table 58 Custom Tones Details 156 Table 59 VOICE Ser...

Page 27: ...Access Control Logs 234 Table 98 TCP Reset Logs 234 Table 99 Packet Filter Logs 235 Table 100 ICMP Logs 235 Table 101 PPP Logs 236 Table 102 UPnP Logs 236 Table 103 Content Filtering Logs 236 Table 10...

Page 28: ...Number and Host ID Example 338 Table 128 Subnet Masks 339 Table 129 Maximum Host Numbers 339 Table 130 Alternative Subnet Mask Notation 340 Table 131 Subnet 1 343 Table 132 Subnet 2 343 Table 133 Sub...

Page 29: ...29 PART I Introduction and Wizards Getting Started 31 Introducing the Web Configurator 37 Internet Connection Wizard 47 VoIP Connection Wizard 59...

Page 30: ...30...

Page 31: ...e WiMAX Device In the following figures both the IDU and ODU may be shown but all configuration options are for the IDU alone Figure 1 The IDU ODU Setup With this product you can Connecting wirelessly...

Page 32: ...Fi Access Point 1 1 2 WiMAX Internet Access Connect your computer or network directly to the WiMAX Device for WiMAX Internet access In a wireless metropolitan area network MAN the WiMAX Device connect...

Page 33: ...vider In a home or small office environment you can use the WiMAX Device to make and receive the following types of VoIP telephone calls Peer to Peer calls Use the WiMAX Device to make a call directly...

Page 34: ...tion Solid Green The WiMAX Device is receiving power and functioning correctly Blinking Green The WiMAX Device is performing a self test LAN 1 4 Off The LAN is not connected Green The WiMAX Device has...

Page 35: ...store your last configuration PoE Off The Power over Ethernet PoE link is not functioning Green The PoE link is functioning correctly Blinking Green The WiMAX Device is trasmitting and receiving data...

Page 36: ...Chapter 1 Getting Started User s Guide 36...

Page 37: ...der to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in many operating systems and web browsers JavaScript enabled by...

Page 38: ...Cancel to revert to the default password in the password field If you have changed the password enter your password and click Login 5 The following screen displays if you have not yet changed your pas...

Page 39: ...to Wizard setup if you are logging in for the first time or if you want to make basic changes The wizard selection screen appears after you click Apply See Chapter 3 on page 47 for more information Cl...

Page 40: ...have been restored and the device restarts 3 Reconfigure the WiMAX Device following the steps in your Quick Start Guide 2 2 The Main Screen When you first log into the web configurator the Main screen...

Page 41: ...r firewall QoS and content filter among other things STATUS Click to go to the Status screen where you can view status and statistical information for all connections and interfaces Strength Indicator...

Page 42: ...isconnected Indicates that the WiMAX Device is not connected to the WiMAX network DL_SYN Indicates a download synchronization is in progress This means the firmware is checking with the server for any...

Page 43: ...Click to go the Setup screen where you can configure LAN and DHCP settings ADVANCED Click to go to the Advanced screen where you can configure features like Port Forwarding and Triggering SNTP and so...

Page 44: ...MAX Connection Status This field indicates the current status of your WiMAX connection Status messages are as follows Connected Indicates that the WiMAX Device is connected to the WiMAX network Use th...

Page 45: ...ed to the WiMAX network This resets every time you disconnect from the WiMAX network shut the device down or restart it Voice 1 This field indicates the number and receiver status of the first voice a...

Page 46: ...Chapter 2 Introducing the Web Configurator User s Guide 46...

Page 47: ...settings Note Screens are presented here in order of appearance as you work through the Internet Connection Wizard To get to any particular screen you must first navigate through the ones that came be...

Page 48: ...on Wizard System Information LABEL DESCRIPTION System Name System Name is a unique name to identify the WiMAX Device in an Ethernet network Enter a descriptive name This name can be up to 30 alphanume...

Page 49: ...e 10 Internet Connection Wizard Wireless LAN Screen The following table describes the labels in this screen Table 8 Internet Connection Wizard Wireless LAN Screen LABEL DESCRIPTION Name SSID This is t...

Page 50: ...ustomized key This provides both improved data encryption and user authentication Using PSK both the WiMAX Device and the connecting client share a common password in order to validate the connection...

Page 51: ...c WEP as your Security option in the previous screen It allows you to configure WEP encryption for your wireless network The settings here correspond to the Advanced WiFi Configuration General screen...

Page 52: ...ant issue 128 Bit WEP This represents a higher standard of security for WEP encryption Keys are larger require slightly more computational resources and are more difficult to crack If backwards compat...

Page 53: ...describes the labels in this screen Table 10 Internet Connection Wizard Extended WPA PSK Screen LABEL DESCRIPTION Pre shared Key This is a secret password that both the WiMAX Device and the wireless c...

Page 54: ...ication User Enter the username associated with your Internet access account You can enter up to 61 printable ASCII characters Password Enter the password associated with your Internet access account...

Page 55: ...provider for details TTLS Inner EAP This field displays the type of secondary authentication method Once a secure EAP TTLS connection is established the inner EAP is the protocol used to exchange secu...

Page 56: ...nect to the Internet On the other hand an automatic dynamic IP address is variable in that the ISP assigns you a different one each time you connect to the Internet Figure 14 Internet Connection Wizar...

Page 57: ...ction screen Section 7 2 on page 93 The settings for DNS Server Address Assignment correspond to the Advanced LAN Configuration DHCP Setup screen DNS Server sub section Figure 15 Internet Connection W...

Page 58: ...n the wizard setup are correct Table 13 Internet Connection Wizard IP Address LABEL DESCRIPTION WAN IP Address Assignment My WAN IP Address Enter your ISP assigned IP Address here My WAN IP Subnet Mas...

Page 59: ...e WiMAX Device to use up to two SIP based VoIP accounts Note Screens are presented here in order of appearance as you work through either the VoIP Connection Wizard To get to any particular screen you...

Page 60: ...P account like 1234 VoIP provider com You can use up to 127 ASCII characters SIP Server Address Type the IP address or domain name of the SIP server in this field It doesn t matter whether the SIP ser...

Page 61: ...LEDs on the front of the WiMAX Device then wait a few seconds and click Register Again If your Configure the second voice account Select this check box if you have a second SIP account that you want t...

Page 62: ...hapter 4 VoIP Connection Wizard User s Guide 62 Internet connection was already working you can click Back and try re entering your SIP account settings Figure 19 VoIP Connection SIP Registration Fail...

Page 63: ...nnection Wizard User s Guide 63 4 2 2 Setup Complete Click Close to complete and save the VoIP Connection settings Figure 20 VoIP Connection Finish This screen displays if your SIP account registratio...

Page 64: ...Chapter 4 VoIP Connection Wizard User s Guide 64...

Page 65: ...65 PART II Basic Screens The Main Screen 40 The Setup Screens 67...

Page 66: ...66...

Page 67: ...and concepts may help as you read through this chapter LAN A Local Area Network or a shared communication system to which many computers are attached A LAN as its name implies is limited to a local a...

Page 68: ...there has been any temporal drift NTP NTP stands for Network Time Protocol It is employed by devices connected to the Internet in order to obtain a precise time setting from an official time server T...

Page 69: ...he LAN If the web configurator is running on a computer on the LAN you lose access to it as soon as you change this field and click Apply You can access the web configurator again by typing the new IP...

Page 70: ...Date Current Time Displays the current time according to the WiMAX Device Current Date Displays the current time according to the WiMAX Device Time and Date Setup Manual Select this if you want to spe...

Page 71: ...total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 This format is similar to Time RFC 868 Time Server Address Enter the IP address or URL of your time server Check with your ISP or network a...

Page 72: ...e in the following circumstances When the device starts up such as when you press the Power button When you click Apply in the SETUP Time Setting screen Once every 24 hours after starting up time1 stu...

Page 73: ...73 PART III Advanced Screens The LAN Configuration Screens 75 The WAN Configuration Screens 89 The VPN Transport Screens 113 The NAT Configuration Screens 125 The System Configuration Screens 135...

Page 74: ...74...

Page 75: ...iMAX Device The Static DHCP screen Section 6 3 on page 78 lets you assign specific IP addresses to specific computers on the LAN The IP Alias screen Section 6 4 on page 79 lets you add subnets on the...

Page 76: ...mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a networking device before you can access...

Page 77: ...of IP addresses to allocate This number must be at least one and is limited by a subnet mask of 255 255 255 0 regardless of the subnet the WiMAX Device is in For example if the IP Pool Start Address i...

Page 78: ...Setup Figure 25 ADVANCED LAN Configuration Static DHCP The following table describes the labels in this screen Table 20 ADVANCED LAN Configuration Static DHCP LABEL DESCRIPTION The number of the item...

Page 79: ...s 1 Select this to add the specified subnet to the LAN port IP Address Enter the IP address of the WiMAX Device on the subnet IP Subnet Mask Enter the subnet mask of the subnet RIP Direction Use this...

Page 80: ...the WiMAX Device sends and receives on the subnet None The WiMAX Device does not send or receive routing information on the subnet Both The WiMAX Device sends and receives routing information on the s...

Page 81: ...Click to delete this item Table 23 Advanced LAN Configuration IP Static Route LABEL DESCRIPTION The number of the item in this list Name This field displays the name that describes the static route Ac...

Page 82: ...ation IP Address Enter one of the destination IP addresses that this static route affects IP Subnet Mask Enter the subnet mask that defines the range of destination IP addresses that this static route...

Page 83: ...P Direction Use this field to control how much routing information the WiMAX Device sends and receives on the subnet None The WiMAX Device does not send or receive routing information on the subnet Bo...

Page 84: ...specifically for private use please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the network number which covers 254 individual addresses from 192 168...

Page 85: ...figuration for the clients If DHCP service is disabled you must have another DHCP server on your LAN or else each computer must be manually configured The WiMAX Device is pre configured with a pool of...

Page 86: ...and Secondary DNS Server fields in the LAN Setup screen are not specified for instance left as 0 0 0 0 the WiMAX Device tells the DHCP clients that it itself is the DNS server When a computer sends a...

Page 87: ...group it is not used to carry user data IGMP version 2 RFC 2236 is an improvement over version 1 RFC 1112 but IGMP version 1 is still in wide use If you would like to read more detailed information ab...

Page 88: ...Chapter 6 The LAN Configuration Screens User s Guide 88...

Page 89: ...Section 7 4 on page 99 lets change your WiMAX Device s traffic redirect settings The Advanced screen Section 7 5 on page 101 lets configure your DNS server RIP Multicast and Windows Networking setting...

Page 90: ...t subscriber stations and mobile stations to local base stations Numerous subscriber stations and mobile stations connect to the network through a single base station BS as in the following figure Fig...

Page 91: ...anagement secured connection between the mobile station and the base station and the solid arrow shows the EAP secured connection between the mobile station the base station and the AAA server See the...

Page 92: ...gateway for each LAN network Put the protected LAN in one subnet Subnet 1 in the following figure and the backup gateway in another subnet Subnet 2 Configure a LAN to LAN WiMAX Device firewall rule t...

Page 93: ...n The following table describes the labels in this screen Table 26 ADVANCED WAN Configuration Internet Connection ISP Parameters for Internet Access LABEL DESCRIPTION ISP Parameters for Internet Acces...

Page 94: ...of a mobile station by means of a username and password for example Check with your service provider if you are unsure of the correct setting for your account Choose from the following user authentic...

Page 95: ...security certificate the WiMAX Device uses to authenticate the AAA server Use the TOOLS Trusted CAs screen to import certificates to the WiMAX Device WAN IP Address Assignment Get automatically from I...

Page 96: ...AX Configuration LABEL DESCRIPTION DL Frequency Bandwidth 1 19 These fields show the downlink frequency settings in kilohertz kHz Enter values in these fields to have the WiMAX Device scan these frequ...

Page 97: ...the WiMAX Device searching for a connection Have the WiMAX Device search only certain frequencies by configuring the downlink frequencies Your operator can give you information on the supported freque...

Page 98: ...her frequencies enter them in the DL Frequency fields The following table describes some examples of DL Frequency settings 7 3 3 Using the WiMAX Frequency Screen In this example your Internet service...

Page 99: ...WiMAX Device stores your settings When the WiMAX Device searches for available frequencies it scans all frequencies from DL Frequency 1 to DL Frequency 4 When it finds an available connection the fiel...

Page 100: ...using a WAN backup connection the WiMAX Device periodically pings the addresses configured here and uses the other WAN backup connection if configured if there is no response Fail Tolerance Type the...

Page 101: ...box to select a DNS server IP address that the ISP assigns in the field to the right Select UserDefined if you have the IP address of a DNS server Enter the DNS server s IP address in the field to th...

Page 102: ...over TCP IP Allow between LAN and WAN Select this check box to forward NetBIOS packets from the LAN to the WAN and from the WAN to the LAN If your firewall is enabled with the default policy set to bl...

Page 103: ...Wi Fi network settings 8 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter MAC Address On a local area network LAN or other network the MAC address i...

Page 104: ...ce or collisions then artificially fragmenting the data moving across it can reduce this risk 8 2 General Click ADVANCED Wi Fi Configuration This screen allows you to set up your WiMAX Device s basic...

Page 105: ...provides both improved data encryption and user authentication Using PSK both the WiMAX Device and the connecting client share a common password in order to validate the connection This type of encry...

Page 106: ...Chapter 8 The Wi Fi Configuration Screens User s Guide 106 The subsequent screens describe the individual Security Mode options Figure 42 ADVANCED Wi Fi Configuration WPA WPA2 Optionsl...

Page 107: ...ecting an idle client If a client becomes active before the idle count is up the count resets Group Key Update Timer Set the time in seconds that WiMAX Device updates the encryption key used for all c...

Page 108: ...aneously Note This option does not appear in WPA PSK mode It only appears in WPA2 PSK mode Pre Shared Key Enter the password that wireless clients will have to match in order to make a secure Wi Fi ne...

Page 109: ...on WiMAX Configuration LABEL DESCRIPTION Active Select this option to enable MAC address filtering on your WiMAX Device When active only clients whose MAC addresses match those you enter on this list...

Page 110: ...echanism to reduce potential packet collisions If you notice that your Wi Fi clients are suffering from data loss or slow data packet transmission reception use this feature Note Setting the value to...

Page 111: ...it too tends to overlap frequencies with other kinds of devices 2 4 GHz and is similarly prone to interference from them However differences in how it operates give it much higher bandwidth capabilit...

Page 112: ...Chapter 8 The Wi Fi Configuration Screens User s Guide 112...

Page 113: ...tify which user traffic comes from VPN stands for Virtual Private Network There are many types of VPN the type used by the WiMAX Device is known as Virtual Private LAN Service or VPLS Note Unlike some...

Page 114: ...information about the VPN transport connections 9 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter Identifying Users For the WiMAX Device s VPN Tra...

Page 115: ...you start configuring your WiMAX Device to use VPN transport ensure that you have the following from the service provider The IP address or domain name of the service provider s edge router Virtual ci...

Page 116: ...fic that has no tag this is the default interface rule 0 which cannot be deleted in the GUI All other customer interfaces are identified by their VLAN ID Once the WiMAX Device has examined a frame s V...

Page 117: ...rent VLAN tags to be transported on different paths known as LSPs or Label Switched Paths Each packet is identified by its VLAN tag and sent to a specific LSP for transport over the WiMAX network Each...

Page 118: ...e following figure shows the VPLS connection between your WiMAX Device A and your service provider s router B consisting of GRE encapsulated Ethernet pseudowire traffic Figure 50 VPLS Tunneling 9 3 3...

Page 119: ...ve a VLAN tag There can be only one untagged interface VLAN ID For a tagged interface this displays the IEEE 802 1Q VLAN ID number For the untagged interface 1 displays Mode This displays either B bri...

Page 120: ...s customer interface active Deselect it to make the customer interface inactive Customer Interface Type A customer interface can be tagged controlling traffic that has a specific VLAN ID or untagged c...

Page 121: ...outer Figure 53 Ethernet Pseudowire Settings Example Click ADVANCED VPN Transport Ethernet Pseudowire to configure the WiMAX Device s Ethernet pseudowires Figure 54 Advance VPN Transport Ethernet Pseu...

Page 122: ...associated pseudowire is enabled The icon is grey if the associated pseudowire is disabled Enable or disable a pseudowire by clicking its Edit icon MPLS VC Label Ingress This is the MPLS virtual circu...

Page 123: ...t it to disable the pseudowire MPLS VC Label Ingress Enter the VC ingress label number for this pseudowire This must be the egress label number of the peer device This should not be the ingress label...

Page 124: ...the associated interface is enabled The icon is grey if the associated interface is disabled Enable or disable an interface by clicking its Edit icon Total Packets This displays the number of packets...

Page 125: ...screen Section 10 2 on page 125 lets you enable or disable NAT and to allocate memory for NAT and firewall rules The Port Forwarding screen Section 10 3 on page 126 lets you look at the current port...

Page 126: ...default is not defined the service request is simply discarded Table 45 ADVANCED NAT Configuration General LABEL DESCRIPTION Enable Network Address Translation Select this if you want to use port forw...

Page 127: ...the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 58 Multiple Servers Behind NAT Example 10 3 1 Port Forwarding Options Click...

Page 128: ...s instead Port Forwarding The number of the item in this list Active Select this to enable this rule Clear this to disable this rule Name This field displays the name of the rule It does not have to b...

Page 129: ...le You can use 1 31 printable ASCII characters or you can leave this field blank It does not have to be a unique name Start Port End Port Enter the port number or range of port numbers you want to for...

Page 130: ...ffic to the WAN to request a service with a specific port number and protocol a trigger port When the WiMAX Device s WAN port receives a response with a specific port number and protocol incoming port...

Page 131: ...the range in the End Port field If you want to delete this rule enter zero in the Start Port and End Port fields Trigger Start Port End Port Enter the outgoing port number or range of port numbers tha...

Page 132: ...rotocol or two hours with TCP IP Transfer Control Protocol Internet Protocol Two points to remember about trigger ports 1 Trigger events only happen on data that is coming from inside the WiMAX Device...

Page 133: ...tion ALG LABEL DESCRIPTION Enable SIP ALG Select this to make sure SIP VoIP works correctly with port forwarding and port triggering rules Enable FTP ALG Select this to make sure FTP file transfer wor...

Page 134: ...Chapter 10 The NAT Configuration Screens User s Guide 134...

Page 135: ...11 4 on page 140 lets you upload new firmware to the WiMAX Device The Configuration screen Section 11 5 on page 142 lets you back up or restore the configuration of the WiMAX Device The Restart screen...

Page 136: ...ress Assignment Use DNS Domain Name System to map a domain name to its corresponding IP address and vice versa for instance the IP address of www zyxel com is 204 217 0 2 The DNS server is extremely i...

Page 137: ...ter the domain name entry that is propagated to DHCP clients on the LAN If you leave this blank the domain name obtained from the ISP is used Use up to 38 alphanumeric characters Spaces are not allowe...

Page 138: ...t of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynami...

Page 139: ...mic DNS LABEL DESCRIPTION Dynamic DNS Setup Enable Dynamic DNS Select this to use dynamic DNS Service Provider Select the name of your Dynamic DNS service provider Dynamic DNS Type Select the type of...

Page 140: ...you can specify while you are off line Check with your Dynamic DNS service provider IP Address Update Policy Use WAN IP Address Select this if you want the WiMAX Device to update the domain name with...

Page 141: ...ew firmware version in the Status screen You might have to open a new browser window to log in If the upload is not successful you will be notified by error message Click Return to go back to the Firm...

Page 142: ...o a file on your computer Once your device is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup confi...

Page 143: ...r computer s IP address You might have to open a new browser to log in again If the upload was not successful you are notified by Configuration Upload Error message Click Return to go back to the Conf...

Page 144: ...ter 11 The System Configuration Screens User s Guide 144 11 6 1 The Restart Process When you click Restart the the process usually takes about two minutes Once the restart is complete you can log in a...

Page 145: ...145 PART IV Voice Screens The Service Configuration Screens 147 The Phone Screens 165 The Phone Book Screens 175...

Page 146: ...146...

Page 147: ...Circuit switched telephone networks require 64 kilobits per second kbps in each direction to handle a telephone call VoIP can use advanced voice coding techniques with compression to reduce the requir...

Page 148: ...ohndoe your ITSP com for example or numbers like a telephone number 1122334455 VoIP provider com for example SIP Service Domain The SIP service domain of the VoIP service provider the company that let...

Page 149: ...with the WiMAX Device Connect your WiMAX Device to the Internet as described in the Quick Start Guide If you have not already done so then you will not be able to test your VoIP settings 12 2 SIP Sett...

Page 150: ...ep the default value REGISTER Server Address Enter the IP address or domain name of the SIP register server if your VoIP service provider gave you one Otherwise enter the same address you entered in t...

Page 151: ...he following figure shows how STUN works 1 The WiMAX Device A sends SIP packets to the STUN server B 2 The STUN server B finds the public IP address and port number that the NAT router used on the WiM...

Page 152: ...ctual signal is very different from what was predicted but a poor quality signal low SNR for low difference signals where the actual signal is very similar to what was predicted This is because the le...

Page 153: ...ount Figure 71 VOICE Service Configuration SIP Settings Advanced The following table describes the labels in this screen Table 57 VOICE Service Configuration SIP Settings Advanced LABEL DESCRIPTION SI...

Page 154: ...enter one port number enter the port number in the Start Port and End Port fields To enter a range of ports Type the port number at the beginning of the range in the Start Port field Type the port num...

Page 155: ...any type of NAT router and eliminates the need for STUN or a SIP ALG Turn off any SIP ALG on a NAT router in front of the WiMAX Device to keep it from re translating the IP address since this is alre...

Page 156: ...quality but it may have inter operability problems The peer devices must also use T 38 Call Forward Call Forward Table Select which call forwarding table you want the WiMAX Device to use for incoming...

Page 157: ...you are in the configuration menu 2 Press a number from 1201 1208 followed by the key to listen to the tone 3 You can continue to add listen to or delete tones or you can hang up the receiver when you...

Page 158: ...tag to identify voice traffic and give it priority over other traffic Click VOICE Service Configuration QoS to set up and maintain ToS and VLAN settings for the WiMAX Device QoS Quality of Service ref...

Page 159: ...response after the call is answered 4 A then sends an ACK message to acknowledge that B has answered the call 5 Now A and B exchange voice media talk Voice VLAN ID Select this if the WiMAX Device has...

Page 160: ...evice can act as both a SIP client and a SIP server 12 4 3 SIP User Agent A SIP user agent can make and receive VoIP telephone calls This means that SIP can be used for peer to peer communications eve...

Page 161: ...ack to the device that sent the request Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server Redirect servers do n...

Page 162: ...ssage the SIP server cannot map it to your SIP identity See Chapter 10 The NAT Configuration Screens for more information Use a SIP ALG Application Layer Gateway Use NAT STUN or outbound proxy to allo...

Page 163: ...gure 76 DiffServ Differentiated Service Field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict wi...

Page 164: ...Chapter 12 The Service Configuration Screens User s Guide 164...

Page 165: ...region of the world in which the WiMAX Device is located 13 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter Voice Activity Detection Silence Suppr...

Page 166: ...Second Call Call Transfer Call Forwarding Three Way Conference Internal Calls Caller ID CLIP Calling Line Identification Presentation CLIR Calling Line Identification Restriction Note To take full adv...

Page 167: ...calls If you select both SIP accounts the WiMAX Device tries to use SIP2 first Incoming Call apply to SIP1 Select this if you want to receive phone calls for the SIP1 account on this phone port If you...

Page 168: ...peer device 1 is the quietest and 1 is the loudest Echo Cancellation G 168 Active Select this if you want to eliminate the echo caused by the sound of your voice reverberating in the telephone receive...

Page 169: ...gs Table 62 VOICE Phone Analog Phone Advanced LABEL DESCRIPTION Table 63 VOICE Phone Common LABEL DESCRIPTION Active Immediate Dial Select this if you want to use the pound key to tell the WiMAX Devic...

Page 170: ...lable you can tap press and immediately release the hook by hand to achieve the same effect However using the flash key is preferred since the timing is much more precise The WiMAX Device may interpre...

Page 171: ...ect the current call and resume the call on hold If you hang up the phone but a caller is still on hold there will be a remind ring European Call Waiting allows you to place a call on hold while you a...

Page 172: ...one dial 98 followed by the number to which you want to transfer the call to operate the Intercom 3 After you hear the ring signal or the second party answers it hang up the phone European Three Way C...

Page 173: ...ou to place a call on hold while you answer another incoming call on the same telephone directory number If there is a second call to your telephone number you will hear a call waiting tone Press the...

Page 174: ...cond call is answered press the flash key to create a three way conversation 4 If you want to separate the three way conference into two individual calls one call is online the other is on hold press...

Page 175: ...nd concepts may help as you read through this chapter Speed Dial and Peer to Peer Calling Speed dial provides shortcuts for dialing frequently used VoIP phone numbers It is also required if you want t...

Page 176: ...ou change this field the screen automatically refreshes Forward to Number Setup Unconditional Forward to Number Select this if you want the WiMAX Device to forward all incoming calls to the specified...

Page 177: ...ich you want to forward incoming calls from the Incoming Call Number You may leave this field blank depending on the Condition Condition Select the situations in which you want to forward incoming cal...

Page 178: ...d dial entries if you want to make peer to peer calls or call SIP numbers that use letters You can also create speed dial entries for frequently used SIP phone numbers Figure 82 VOICE Phone Book Speed...

Page 179: ...P server or if you want to make a peer to peer call In this case enter the IP address or domain name of the SIP server or the other party in the field below Add Click to add the new number to the list...

Page 180: ...Chapter 14 The Phone Book Screens User s Guide 180...

Page 181: ...81 PART V Tools Status Screens The Certificates Screens 183 The Firewall Screens 203 Content Filter 213 The Remote Management Screens 217 The Logs Screens 227 The UPnP Screen 243 The Status Screen 253...

Page 182: ...182...

Page 183: ...ecord with a domain name registrar If they match then the certificate is issued to the website operator who then places it on his site to be issued to all visiting web browsers to let them know that t...

Page 184: ...es My Certificates The following table describes the icons in this screen The following table describes the labels in this screen Table 70 TOOLS Certificates My Certificates ICON DESCRIPTION Edit Clic...

Page 185: ...ny and country With self signed certificates this is the same information as in the Subject field Valid From This field displays the date that the certificate becomes applicable Valid To This field di...

Page 186: ...cates My Certificates and then the Create icon to open the My Certificates Create screen Use this screen to have the WiMAX Device create a self signed certificate enroll a certificate with a certifica...

Page 187: ...te owner belongs You can use up to 63 characters You can use alphanumeric characters the hyphen and the underscore Organization Identify the company or group to which the certificate owner belongs You...

Page 188: ...Internet Engineering Task Force IETF and is specified in RFC 2510 CA Server Address This field applies when you select Create a certification request and enroll for a certificate immediately online En...

Page 189: ...ake sure that the certification authority information is correct and that your Internet connection is working properly if you want the WiMAX Device to enroll a certificate online 15 2 2 My Certificate...

Page 190: ...field displays general information about the certificate CA signed means that a Certification Authority signed the certificate Self signed means that the certificate s owner signed the certificate no...

Page 191: ...ification authority in the certificate s path This field does not display for a certification request MD5 Fingerprint This is the certificate s message digest that the WiMAX Device calculated using th...

Page 192: ...OLS Certificates My Certificates Import The following table describes the labels in this screen Table 74 TOOLS Certificates My Certificates Import LABEL DESCRIPTION File Path Type in the location of t...

Page 193: ...75 TOOLS Certificates Trusted CAs ICON DESCRIPTION Edit Click to edit this item Export Click to export an item Delete Click to delete this item Table 76 TOOLS Certificates Trusted CAs LABEL DESCRIPTIO...

Page 194: ...ave selected the Check incoming certificates issued by this CA against a CRL check box in the certificate s details screen to have the WiMAX Device check the CRL before trusting any certificates issue...

Page 195: ...ates Trusted CAs Edit The following table describes the labels in this screen Table 77 TOOLS Certificates Trusted CAs Edit LABEL DESCRIPTION Name This field displays the identifying name of this certi...

Page 196: ...ertification authority or generated by the WiMAX Device Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization...

Page 197: ...ion request MD5 Fingerprint This is the certificate s message digest that the WiMAX Device calculated using the MD5 algorithm SHA1 Fingerprint This is the certificate s message digest that the WiMAX D...

Page 198: ...ther key is private and must be kept secure These keys work like a handwritten signature in fact certificates are often referred to as digital signatures Only you can write your signature exactly as i...

Page 199: ...uses certificates based on public key cryptology to authenticate users attempting to establish a connection not to encrypt the data that you send after establishing a connection The method used to se...

Page 200: ...X 509 This Privacy Enhanced Mail format uses lowercase letters uppercase letters and numerals to convert a binary X 509 certificate into a printable form Binary PKCS 7 This is a standard that defines...

Page 201: ...e sure that the certificate has a cer or crt file name extension On some Linux distributions the file extension may be der Figure 90 Remote Host Certificates 3 Double click the certificate s icon to o...

Page 202: ...Chapter 15 The Certificates Screens User s Guide 202...

Page 203: ...wall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be implemented...

Page 204: ...llowed by default unless the remote host is authorized to use a specific service 16 2 Firewall Setting This section describes firewalls and the built in WiMAX Device s firewall features 16 2 1 Firewal...

Page 205: ...e Remote MGMT screens or SMT menus When you allow remote management from the WAN you are actually configuring WAN to WAN WiMAX Device firewall rules WAN to WAN WiMAX Device firewall rules are Internet...

Page 206: ...er in the LAN without passing through the WiMAX Device Max NAT Firewall Session Per User Select the maximum number of NAT rules and firewall rules the WiMAX Device enforces at one time The WiMAX Devic...

Page 207: ...ng LABEL DESCRIPTION Service Setup Enable Services Blocking Select this to activate service blocking The Schedule to Block section controls what days and what times service blocking is actually effect...

Page 208: ...omputers on your LAN when service blocking is effective To remove a service from this list select the service and click Delete Type Select TCP or UDP based on which one the custom port uses Port Numbe...

Page 209: ...ock packets for the services at specific interfaces 6 Protect against IP spoofing by making sure the firewall is active 7 Keep the firewall in a secured locked room 16 4 3 The Triangle Route Problem A...

Page 210: ...ork into logical sections over the same Ethernet interface Your WiMAX Device supports up to three logical LAN interfaces with the WiMAX Device being the gateway for each logical network It s like havi...

Page 211: ...Chapter 16 The Firewall Screens User s Guide 211 4 The WiMAX Device then sends it to the computer on the LAN in Subnet 1 Figure 97 IP Alias...

Page 212: ...Chapter 16 The Firewall Screens User s Guide 212...

Page 213: ...specific URL keywords The WiMAX Device can block web features such as ActiveX controls Java applets cookies and disable web proxies The WiMAX Device also allows you to define time periods and days dur...

Page 214: ...r s Guide 214 17 2 Filter Click TOOLS Content Filter Filter to set up a trusted IP address which web features are restricted and which keywords are blocked when content filtering is effective Figure 9...

Page 215: ...er and the Internet to provide security administrative control and caching service When a proxy server is located on the WAN it is possible for LAN users to avoid content filtering restrictions Keywor...

Page 216: ...this screen Table 82 TOOLS Content Filter Schedule LABEL DESCRIPTION Day to Block Select which days of the week you want content filtering to be effective Time of Day to Block Select what time each da...

Page 217: ...g at a time The WiMAX Device automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts The priorities for the different t...

Page 218: ...of the remote management screens 3 The IP address in the Secured Client IP field does not match the client IP address If it does not match the WiMAX Device will disconnect the session immediately 4 Th...

Page 219: ...OLS Remote Management WWW to control HTTP access to your WiMAX Device Figure 100 TOOLS Remote Management WWW The following table describes the labels in this screen Table 84 TOOLS Remote Management WW...

Page 220: ...mote Management Telnet LABEL DESCRIPTION Server Port Enter the port number this service can use to access the WiMAX Device The computer must use the same port number Server Access Select the interface...

Page 221: ...erform network management functions It executes applications that control and monitor managed devices Table 86 TOOLS Remote Management FTP LABEL DESCRIPTION Server Port Enter the port number this serv...

Page 222: ...In SNMPv1 when a manager wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations Set Allows the manager to set values for objec...

Page 223: ...allows all requests Set Community Enter the Set community which is the password for incoming Set requests from the management station The default is public and allows all requests Trap Community Ente...

Page 224: ...to save your changes Reset Click to restore your previously saved settings Table 88 TOOLS Remote Management SNMP continued LABEL DESCRIPTION Table 89 TOOLS Remote Management DNS LABEL DESCRIPTION Ser...

Page 225: ...evice responds to ping requests received from the LAN or the WAN Do not respond to requests for unauthorized services Select this to prevent outsiders from discovering your WiMAX Device by sending req...

Page 226: ...Chapter 18 The Remote Management Screens User s Guide 226...

Page 227: ...and which logs and alerts are sent or recorded 19 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter Alerts An alert is a type of log that warrants mo...

Page 228: ...ID is the MAC address of the router s LAN port The cat is the same as the category in the router s logs Traffic Log Facility 8 Severity Mon dd hr mm ss hostname src srcIP srcPort dst dstIP dstPort msg...

Page 229: ...ointing downward is descending pointing upward is ascending The following table describes the labels in this screen Table 93 TOOLS Logs View Logs LABEL DESCRIPTION Display Select a category whose log...

Page 230: ...field displays the source IP address and the port number of the incoming packet In many cases some or all of this information may not be available Destination This field lists the destination IP addr...

Page 231: ...08 TOOLS Logs Log Settings The following table describes the labels in this screen Table 94 TOOLS Logs Log Settings LABEL DESCRIPTION E mail Log Settings Mail Server Enter the server name or the IP ad...

Page 232: ...Log Schedule field Select which day of the week to send the logs Time for Sending Log This field is only available when you select Daily or Weekly in the Log Schedule field Enter the time of day in 2...

Page 233: ...P client s IP address has expired DHCP server assigns s The DHCP server assigned an IP address to a client Successful WEB login Someone has logged on to the device s web configurator interface WEB log...

Page 234: ...e router blocked a packet that didn t have a corresponding NAT table entry Router sent blocked web site message TCP The router sent a message to notify a user that the router blocked access to a web s...

Page 235: ...nections and destroys TOS firewall dynamic sessions until incomplete connections Maximum Incomplete Low Access block sent TCP RST The router sends a TCP RST packet and generates this log if you turn o...

Page 236: ...ening The PPP connection s Internet Protocol Control Protocol stage is opening ppp LCP Closing The PPP connection s Link Control Protocol stage is closing ppp IPCP Closing The PPP connection s Interne...

Page 237: ...detected a TCP UDP IGMP ESP GRE OSPF attack attack ICMP type d code d The firewall detected an ICMP attack land TCP UDP IGMP ESP GRE OSPF The firewall detected a TCP UDP IGMP ESP GRE OSPF land attack...

Page 238: ...ll detected an ICMP ping of death attack smurf ICMP The firewall detected an ICMP smurf attack Table 105 Remote Management Logs LOG MESSAGE DESCRIPTION Remote Management FTP denied Attempted use of FT...

Page 239: ...ed to queue the datagrams for output to the next network on the route to the destination network 5 Redirect 0 Redirect datagrams for the Network 1 Redirect datagrams for the Host 2 Redirect datagrams...

Page 240: ...The initialization of an RTP session failed Error Call fail RTP connect fail A VoIP phone call failed because the RTP session could not be established Error RTP connection cannot close The terminatio...

Page 241: ...he WiMAX Device VoIP Call End Phone Phone Port A VoIP phone call that came into the WiMAX Device has terminated Table 111 Lifeline Logs LOG MESSAGE DESCRIPTION PSTN Call Start A PSTN call has been ini...

Page 242: ...Chapter 19 The Logs Screens User s Guide 242...

Page 243: ...e UPnP feature in your WiMAX Device 20 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter How do I know if I m using UPnP UPnP hardware is identified...

Page 244: ...present network security issues Network information and configuration may also be obtained and modified by users in some network environments All UPnP enabled devices may communicate freely with each...

Page 245: ...aware that anyone could use a UPnP application to open the web configurator s login screen without entering the WiMAX Device s IP address You still have to enter the password however Allow users to m...

Page 246: ...izard 5 In the Networking Services window select the Universal Plug and Play check box Figure 112 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window a...

Page 247: ...Device 1 Click Start and Control Panel Double click Network Connections An icon displays under Internet Gateway 2 Right click the icon and select Properties Figure 113 Network Connections 3 In the Int...

Page 248: ...nection Properties Advanced Settings Figure 116 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted...

Page 249: ...2 Web Configurator Easy Access With UPnP you can access the web based configurator on the WiMAX Device without finding out the IP address of the WiMAX Device first This becomes helpful if you do not k...

Page 250: ...laces Figure 119 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your WiMAX Device and select Invoke The web...

Page 251: ...ser s Guide 251 6 Right click on the icon for your WiMAX Device and select Properties A properties window displays with basic information about the WiMAX Device Figure 121 Network Connections My Netwo...

Page 252: ...Chapter 20 The UPnP Screen User s Guide 252...

Page 253: ...een Click the STATUS icon in the navigation bar to go to this screen where you can view the current status of the device system resources interfaces LAN and WAN and SIP accounts You can also register...

Page 254: ...client in the WAN Its IP address comes from a DHCP server on the WAN None The WiMAX Device is not using any DHCP services in the WAN It has a static IP address LAN Information IP Address This field di...

Page 255: ...n the WiMAX Device and the base station IDLE the WiMAX Device is in power saving mode but can connect when a base station alerts it that there is traffic waiting Bandwidth This field shows the size of...

Page 256: ...NAT rules or firewall rules to do so or by deleting rules in functions such as incoming call policies speed dial entries and static routes IVR Usage This field displays what percentage of the WiMAX De...

Page 257: ...s does not cancel your SIP account but it deletes the mapping between your SIP identity and your IP address or domain name The second field displays Registered If the SIP account is not registered wit...

Page 258: ...rt speed and duplex setting when the WiMAX Device is using the interface and Down when the WiMAX Device is not using the interface For the WLAN interface it displays the transmission rate when WLAN is...

Page 259: ...hese settings can be configured in the ADVANCED WAN Configuration WiMAX Configuration screen Figure 124 WiMAX Site Information The following table describes the labels in this screen Table 115 WiMAX S...

Page 260: ...Figure 125 DHCP Table Each field is described in the following table Table 116 DHCP Table LABEL DESCRIPTION The number of the item in this list IP Address This field displays the IP address the WiMAX...

Page 261: ...ied to register the SIP account with the SIP server the attempt failed The WiMAX Device automatically tries to register the SIP account when you turn on the WiMAX Device or when you activate it Inacti...

Page 262: ...hrough a phone port Peer Number This field displays the SIP number of the party that is currently engaged in a VoIP call through a phone port Duration This field displays how long the current call has...

Page 263: ...ys as a row of asterisks for security purposes Anonymous Identity This is the anonymous identity provided by your Internet Service Provider Anonymous identity also known as outer identity is used with...

Page 264: ...for more details The WiMAX Device supports the following inner authentication types CHAP Challenge Handshake Authentication Protocol MSCHAP Microsoft CHAP MSCHAPV2 Microsoft CHAP version 2 PAP Passwor...

Page 265: ...265 PART VI Troubleshooting and Specifications Troubleshooting 267 Product Specifications 275...

Page 266: ...266...

Page 267: ...s The WiMAX Device does not turn on None of the LEDs turn on 1 Make sure you are using the power adapter or cord included with the WiMAX Device 2 Make sure the power adapter or cord is connected to th...

Page 268: ...up the IP address of the default gateway for your computer To do this in most Windows computers click Start Run enter cmd and then enter ipconfig The IP address of the Default Gateway might be the IP...

Page 269: ...ess See Section 11 6 on page 143 6 If the problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Try to access the WiMAX Device using...

Page 270: ...ettings for your Internet account 4 Check your WiMAX settings The WiMAX Device may have been set to search the wrong frequencies for a wireless connection In the web configurator go to the Status scre...

Page 271: ...or the MAX 210HW2 is equipped with an internal directional antenna If you know the location of the base station orient the front of the WiMAX Device the side with the LEDs towards the base station If...

Page 272: ...e ports 3 You can also check the VoIP status in the Status screen 4 If the VoIP settings are correct use speed dial to make peer to peer calls If you cannot make a call using speed dial there may be s...

Page 273: ...1 Make sure the Power LED is on and not blinking 2 Press and hold the Reset button for five to ten seconds Release the Reset button when the Power LED begins to blink The default settings have been re...

Page 274: ...Chapter 22 Troubleshooting User s Guide 274...

Page 275: ...r Ethernet via PoE port Wireless LAN Antenna External dipole 2dBi gain Wireless LAN Antenna Connector 1 R SMA connector for external wireless LAN antenna Operation Environmental Temperature 0o C 45o C...

Page 276: ...Environmental Temperature 40o C 65o C Humidity 10 95 RH Certification Safety EN60950 1 CE LVD CB by TUV EMI EMS FCC certification WiMAX Forum Wave II Compliance CE certification WiMAX Forum Wave II Co...

Page 277: ...rity 279 Setting Up Your Computer s IP Address 283 Pop up Windows JavaScripts and Java Permissions 327 IP Addresses and Subnetting 337 Importing Certificates 349 SIP Passthrough 381 Common Services 38...

Page 278: ...278...

Page 279: ...ports EAP Extensible Authentication Protocol RFC 2486 which allows additional authentication methods to be deployed with no changes to the base station or the mobile or subscriber stations PKMv2 PKMv2...

Page 280: ...changed between the base station and the RADIUS server for user authentication Access Request Sent by an base station requesting authentication Access Reject Sent by a RADIUS server rejecting access A...

Page 281: ...ncrypts using the authentication key Encrypted traffic The MS SS decrypts the TEK using the authentication key Both stations can now securely encrypt and decrypt the data flow CCMP All traffic in a Wi...

Page 282: ...server side authentications to establish a secure connection with EAP TLS digital certifications are needed by both the server and the wireless clients for mutual authentication Client authentication...

Page 283: ...te with the other devices on your network Windows Vista XP 2000 Mac OS 9 OS X and all versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually ass...

Page 284: ...NT 2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT 1 Click Start Control Panel Figure 128 Windows XP Start Menu 2 In the Control...

Page 285: ...3 Right click Local Area Connection and then select Properties Figure 130 Windows XP Control Panel Network Connections Properties 4 On the General tab select Internet Protocol TCP IP and then click P...

Page 286: ...that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided 7 Click OK to close the In...

Page 287: ...ows screens from Windows Vista Professional 1 Click Start Control Panel Figure 133 Windows Vista Start Menu 2 In the Control Panel click the Network and Internet icon Figure 134 Windows Vista Control...

Page 288: ...ons Figure 136 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then select Properties Figure 137 Windows Vista Network and Sharing Center Note During this procedure cl...

Page 289: ...Appendix B Setting Up Your Computer s IP Address User s Guide 289 6 Select Internet Protocol Version 4 TCP IPv4 and then select Properties Figure 138 Windows Vista Local Area Connection Properties...

Page 290: ...ddress that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced 9 Cli...

Page 291: ...OS X 10 3 and 10 4 The screens in this section are from Mac OS X 10 4 but can also apply to 10 3 1 Click Apple System Preferences Figure 140 Mac OS X 10 4 Apple Menu 2 In the System Preferences windo...

Page 292: ...ne opens select Built in Ethernet from the network connection type list and then click Configure Figure 142 Mac OS X 10 4 Network Preferences 4 For dynamically assigned settings select Using DHCP from...

Page 293: ...assigned settings do the following From the Configure IPv4 list select Manually In the IP Address field type your IP address In the Subnet Mask field type your subnet mask In the Router field type th...

Page 294: ...ide 294 Click Apply Now and close the window Verifying Settings Check your TCP IP properties by clicking Applications Utilities Network Utilities and then selecting the appropriate Network Interface f...

Page 295: ...ss User s Guide 295 Mac OS X 10 5 The screens in this section are from Mac OS X 10 5 1 Click Apple System Preferences Figure 146 Mac OS X 10 5 Apple Menu 2 In System Preferences click the Network icon...

Page 296: ...ailable connection types Figure 148 Mac OS X 10 5 Network Preferences Ethernet 4 From the Configure list select Using DHCP for dynamically assigned settings 5 For statically assigned settings do the f...

Page 297: ...B Setting Up Your Computer s IP Address User s Guide 297 In the Router field enter the IP address of your WiMAX Device Figure 149 Mac OS X 10 5 Network Preferences Ethernet 6 Click Apply and close th...

Page 298: ...ntu 8 GNOME This section shows you how to configure your computer s TCP IP settings in the GNU Object Model Environment GNOME using the Ubuntu 8 Linux distribution The procedure screens and file locat...

Page 299: ...buntu 8 System Administration Menu 2 When the Network Settings window opens click Unlock to open the Authenticate window By default the Unlock button is greyed out until clicked You cannot make change...

Page 300: ...dow enter your admin account name and password then click the Authenticate button Figure 153 Ubuntu 8 Administrator Account Authentication 4 In the Network Settings window select the connection that y...

Page 301: ...In the Configuration list select Automatic Configuration DHCP if you have a dynamic IP address In the Configuration list select Static IP address if you have a static IP address Fill in the IP address...

Page 302: ...twork Settings window and then enter the DNS server information in the fields provided Figure 156 Ubuntu 8 Network Settings DNS 8 Click the Close button to apply the changes Verifying Settings Check y...

Page 303: ...Appendix B Setting Up Your Computer s IP Address User s Guide 303 tab The Interface Statistics column shows data if your connection is working properly Figure 157 Ubuntu 8 Network Tools...

Page 304: ...tion The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default openSUSE 10 3 installa...

Page 305: ...n the Run as Root KDE su dialog opens enter the admin password and click OK Figure 159 openSUSE 10 3 K Menu Computer Menu 3 When the YaST Control Center window opens select Network Devices and then cl...

Page 306: ...puter s IP Address User s Guide 306 4 When the Network Settings window opens click the Overview tab select the appropriate connection Name from the list and then click the Configure button Figure 161...

Page 307: ...Address tab Figure 162 openSUSE 10 3 Network Card Setup 6 Select Dynamic Address DHCP if you have a dynamic IP address Select Statically assigned IP Address if you have a static IP address Fill in th...

Page 308: ...308 8 If you know your DNS server IP address es click the Hostname DNS tab in Network Settings and then enter the DNS server information in the fields provided Figure 163 openSUSE 10 3 Network Settin...

Page 309: ...ask bar to check your TCP IP properties From the Options sub menu select Show Connection Information Figure 164 openSUSE 10 3 KNetwork Manager When the Connection Status KNetwork Manager window opens...

Page 310: ...Appendix B Setting Up Your Computer s IP Address User s Guide 310...

Page 311: ...twork which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wi...

Page 312: ...ervice Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distr...

Page 313: ...P access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap how...

Page 314: ...t send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer their tra...

Page 315: ...n field in a packet Short preamble increases performance as less time sending preamble means more time for sending data All IEEE 802 11 compliant wireless adapters support long preamble but not all su...

Page 316: ...s the relative effectiveness of these wireless security methods available on your WiMAX Device Note You must enable the same wireless security settings on the WiMAX Device and on all wireless clients...

Page 317: ...less clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADIUS ser...

Page 318: ...Your wireless LAN device may not support all authentication types EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism in order...

Page 319: ...acks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a man...

Page 320: ...2 Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WPA Key...

Page 321: ...ributes a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys to encrypt every data packet t...

Page 322: ...ecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating sys...

Page 323: ...S Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as follows 1 First enter identical passwords into the AP and all wireless clients The Pre Shared Key PSK must consist...

Page 324: ...thentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 126 Wireless Security Relational Matrix AUTHENTICATION METH...

Page 325: ...s you to visualize the shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range...

Page 326: ...tern Angles typically range from 20 degrees very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoor point to point applications Positioning Antennas In...

Page 327: ...orer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack...

Page 328: ...Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 173 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Excep...

Page 329: ...ns User s Guide 329 2 Select Settings to open the Pop up Blocker Settings screen Figure 174 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have bloc...

Page 330: ...move the IP address to the list of Allowed sites Figure 175 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the web co...

Page 331: ...lick Tools Internet Options and then the Security tab Figure 176 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is...

Page 332: ...o close the window Figure 177 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll...

Page 333: ...ermissions User s Guide 333 5 Click OK to close the window Figure 178 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that U...

Page 334: ...close the window Figure 179 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Click Tool...

Page 335: ...x D Pop up Windows JavaScripts and Java Permissions User s Guide 335 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 181 Mozilla Firefox Content S...

Page 336: ...Appendix D Pop up Windows JavaScripts and Java Permissions User s Guide 336...

Page 337: ...he other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number ea...

Page 338: ...AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit...

Page 339: ...its the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address with host...

Page 340: ...use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the company net...

Page 341: ...igure 183 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or...

Page 342: ...subnet A itself and 192 168 100 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 100 1 and the hig...

Page 343: ...ET BIT VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host ID 192 168 1 6...

Page 344: ...8 1 255 Highest Host ID 192 168 1 254 Table 134 Subnet 4 continued IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE Table 135 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST...

Page 345: ...o not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the WiMAX Device Once you have decided on the network number pick an IP address for you...

Page 346: ...Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of...

Page 347: ...if a router is set between a LAN and the Internet WAN the router s LAN and WAN addresses must be on different subnets In the following example the LAN and WAN are on the same subnet The LAN computers...

Page 348: ...etting User s Guide 348 The computer cannot access the Internet This problem can be solved by assigning a different IP address to the computer or the router s LAN port Figure 187 Conflicting Computer...

Page 349: ...Many ZyXEL products such as the NSA 2401 issue their own public key certificates These can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device a...

Page 350: ...they can also apply to Internet Explorer on Windows Vista 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certificati...

Page 351: ...s User s Guide 351 3 In the Address Bar click Certificate Error View certificates Figure 190 Internet Explorer 7 Certificate Error 4 In the Certificate dialog box click Install Certificate Figure 191...

Page 352: ...Wizard click Next Figure 192 Internet Explorer 7 Certificate Import Wizard 6 If you want Internet Explorer to Automatically select certificate store based on the type of certificate click Next again...

Page 353: ...rtificates in the following store and then click Browse Figure 194 Internet Explorer 7 Certificate Import Wizard 8 In the Select Certificate Store dialog box choose a location in which to save the cer...

Page 354: ...e 354 9 In the Completing the Certificate Import Wizard screen click Finish Figure 196 Internet Explorer 7 Certificate Import Wizard 10 If you are presented with another Security Warning click Yes Fig...

Page 355: ...llation message Figure 198 Internet Explorer 7 Certificate Import Wizard 12 The next time you start Internet Explorer and go to a ZyXEL web configurator page a sealed padlock icon appears in the addre...

Page 356: ...mpted you can install a stand alone certificate file if one has been issued to you 1 Double click the public key certificate file Figure 200 Internet Explorer 7 Public Key Certificate File 2 In the se...

Page 357: ...his section shows you how to remove a public key certificate in Internet Explorer 7 1 Open Internet Explorer and click TOOLS Internet Options Figure 202 Internet Explorer 7 Tools Menu 2 In the Interne...

Page 358: ...thorities tab select the certificate that you want to delete and then click Remove Figure 204 Internet Explorer 7 Certificates 4 In the Certificates confirmation click Yes Figure 205 Internet Explorer...

Page 359: ...Appendix F Importing Certificates User s Guide 359 6 The next time you go to the web site that issued the public key certificate you just removed a certification error appears...

Page 360: ...wever the screens can also apply to Firefox 2 on all platforms 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certifi...

Page 361: ...certificate is stored and you can now connect securely to the web configurator A sealed padlock appears in the address bar which you can click to open the Page Info Security window to view the web pa...

Page 362: ...a ZyXEL web configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1 Open Firefox and click TOOLS Options Figur...

Page 363: ...t Figure 211 Firefox 2 Certificate Manager 4 Use the Select File dialog box to locate the certificate and then click Open Figure 212 Firefox 2 Select File 5 The next time you visit the web site click...

Page 364: ...ificate in Firefox This section shows you how to remove a public key certificate in Firefox 2 1 Open Firefox and click TOOLS Options Figure 213 Firefox 2 Tools Menu 2 In the Options dialog box click A...

Page 365: ...rtificate that you want to remove and then click Delete Figure 215 Firefox 2 Certificate Manager 4 In the Delete Web Site Certificates dialog box click OK Figure 216 Firefox 2 Delete Web Site Certific...

Page 366: ...ofessional however the screens can apply to Opera 9 on all platforms 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a c...

Page 367: ...rtificates User s Guide 367 3 The next time you visit the web site click the padlock in the address bar to open the Security information window to view the web page s security details Figure 218 Opera...

Page 368: ...Certificate File in Opera Rather than browsing to a ZyXEL web configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued t...

Page 369: ...Appendix F Importing Certificates User s Guide 369 2 In Preferences click ADVANCED Security Manage certificates Figure 220 Opera 9 Preferences...

Page 370: ...User s Guide 370 3 In the Certificates Manager click Authorities Import Figure 221 Opera 9 Certificate manager 4 Use the Import certificate dialog box to locate the certificate and then click Open Fig...

Page 371: ...alog box click Install Figure 223 Opera 9 Install authority certificate 6 Next click OK Figure 224 Opera 9 Install authority certificate 7 The next time you visit the web site click the padlock in the...

Page 372: ...ing a Certificate in Opera This section shows you how to remove a public key certificate in Opera 9 1 Open Opera and click TOOLS Preferences Figure 225 Opera 9 Tools Menu 2 In Preferences ADVANCED Sec...

Page 373: ...emove and then click Delete Figure 227 Opera 9 Certificate manager 4 The next time you go to the web site that issued the public key certificate you just removed a certification error appears Note The...

Page 374: ...or 3 5 on all Linux KDE distributions 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Click Cont...

Page 375: ...x F Importing Certificates User s Guide 375 4 Click the padlock in the address bar to open the KDE SSL Information window and view the web page s security details Figure 230 Konqueror 3 5 KDE SSL Info...

Page 376: ...ed you can install a stand alone certificate file if one has been issued to you 1 Double click the public key certificate file Figure 231 Konqueror 3 5 Public Key Certificate File 2 In the Certificate...

Page 377: ...endix F Importing Certificates User s Guide 377 3 The next time you visit the web site click the padlock in the address bar to open the KDE SSL Information window to view the web page s security detai...

Page 378: ...and click Settings Configure Konqueror Figure 234 Konqueror 3 5 Settings Menu 2 In the Configure dialog box select Crypto 3 On the Peer SSL Certificates tab select the certificate you want to delete...

Page 379: ...pendix F Importing Certificates User s Guide 379 Note There is no confirmation when you remove a certificate authority so be absolutely certain you want to go through with it before clicking the butto...

Page 380: ...Appendix F Importing Certificates User s Guide 380...

Page 381: ...The SIP UA sends registration packets to the SIP server periodically and keeps the session alive in the WiMAX Device If the SIP client does not have this mechanism and makes no call during the WiMAX...

Page 382: ...Appendix G SIP Passthrough User s Guide 382...

Page 383: ...rmation about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of the applic...

Page 384: ...Group Management Protocol is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management IRC TCP UDP 6667 This i...

Page 385: ...ssage exchange standard for the Internet SMTP enables you to move messages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for use wit...

Page 386: ...Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP 7000 Another videoconferencing solution...

Page 387: ...ither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publicati...

Page 388: ...use harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this device does cause harmful interference to radio tel...

Page 389: ...o years from the date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials ZyXEL will at its disc...

Page 390: ...or indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact your vendor You may also refer to the warranty policy for the region in which you boug...

Page 391: ...n Date that you received your device Brief description of the problem and the steps you took to solve it is the prefix number you dial to make an international telephone call Corporate Headquarters Wo...

Page 392: ...www zyxel co cr Regular Mail ZyXEL Costa Rica Plaza Roble Escaz Etapa El Patio Tercer Piso San Jos Costa Rica Czech Republic E mail info cz zyxel com Telephone 420 241 091 350 Fax 420 241 091 359 Web...

Page 393: ...phone 49 2405 6909 69 Fax 49 2405 6909 99 Web www zyxel de Regular Mail ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germany Hungary Support E mail support zyxel hu Sales E mail info zyx...

Page 394: ...Ave Office 414 Dostyk Business Centre 050010 Almaty Republic of Kazakhstan Malaysia Support E mail support zyxel com my Sales E mail sales zyxel com my Telephone 603 8076 9933 Fax 603 8076 9833 Web ht...

Page 395: ...rt Sales E mail sales zyxel ru Telephone 7 095 542 89 29 Fax 7 095 542 89 25 Web www zyxel ru Regular Mail ZyXEL Russia Ostrovityanova 37a Str Moscow 117279 Russia Singapore Support E mail support zyx...

Page 396: ...333 Sec 2 Dunhua S Rd Da an District Taipei Thailand Support E mail support zyxel co th Sales E mail sales zyxel co th Telephone 662 831 5315 Fax 662 831 5395 Web http www zyxel co th Regular Mail ZyX...

Page 397: ...Pimonenko Str Kiev 04050 Ukraine United Kingdom Support E mail support zyxel co uk Sales E mail sales zyxel co uk Telephone 44 1344 303044 0845 122 0301 UK only Fax 44 1344 303034 Web www zyxel co uk...

Page 398: ...Appendix J Customer Support User s Guide 398...

Page 399: ...e BSS 311 BS 89 90 links 90 BSS 311 BYE request 160 C CA 183 199 319 and certificates 199 call Europe type service mode 171 hold 171 173 service mode 171 173 transfer 172 173 waiting 171 173 CBC MAC 2...

Page 400: ...t 136 server 76 diameter 91 Differentiated Services see DiffServ DiffServ 162 DiffServ Code Point DSCP 162 marking rule 163 digital ID 279 DL frequency 98 99 domain name 136 download frequency see DL...

Page 401: ...A 346 Internet Telephony Service Provider see ITSP interoperability 89 IP PBX 147 ITSP 147 ITU T 165 K key 55 94 279 request and reply 281 L listening port 155 M MAC 281 MAN 89 Management Information...

Page 402: ...e types 317 Messages 280 messages 317 Shared Secret Key 280 shared secret key 318 Real time Transport Protocol see RTP redirect server SIP 161 register server SIP 148 registration product 390 related...

Page 403: ...timeout 218 T tampering TCP IP configuration 76 TEK 281 Temporal Key Integrity Protocol TKIP 321 TFTP restrictions 218 three way conference 172 174 TLS 55 94 279 transport encryption key see TEK trans...

Page 404: ...work see MAN wireless network access 89 standard 89 wireless security 279 316 wizard setup 47 WLAN interference 313 security parameters 324 WPA 320 key caching 322 pre authentication 322 user authenti...

Page 405: ...Index User s Guide 405...

Search results

Summary of Contents for MAX-306

Reviews:

Related manuals for MAX-306

Brands by name

Popular brands

ZyXEL Communications MAX-306, User Manual

Search results

Summary of Contents for MAX-306

Reviews:

Related manuals for MAX-306

Brands by name

Popular brands