ZyXEL Communications P-2601HN(L)-F1 Series, User Manual

Share

Page: 172 / 344

ZyXEL Communications P-2601HN(L)-F1 Series User Manual Download Page 172

Chapter 15 Certificates

P-2601HN(L)-F1 Series User’s Guide

172

15.3 Trusted CA

Use this screen to view a summary list of certificates of the certification authorities
that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device
accepts any valid certificate signed by a certification authority on this list as being
trustworthy; thus you do not need to import any certificate that is signed by one
of these certification authorities.

Click Security > Certificates > Trusted CA to open the Trusted CA screen.

Figure 78

Security > Certificates > Trusted CA

The following table describes the labels in this screen.

Key Type

This field applies to the SSH/SCP/SFTP certificate.

This shows the

file format of the current certificate.

Replace

Click this to replace the certificate(s) and save your changes back to the
ZyXEL Device.

Reset

Click this to clear your settings.

Table 43

Security > Certificates > Local Certificates (continued)

LABEL

DESCRIPTION

Table 44

Security > Certificates > Trusted CA

LABEL

DESCRIPTION

Import
Certificate

Click this button to open a screen where you can save the certificate of
a certification authority that you trust to the ZyXEL Device.

Name

This field displays the name used to identify this certificate.

Subject

This field displays information that identifies the owner of the
certificate, such as Common Name (CN), OU (Organizational Unit or
department), Organization (O), State (ST) and Country (C). It is
recommended that each certificate have unique subject information.

Type

This field displays general information about the certificate. ca means
that a Certification Authority signed the certificate.

Action

Click the View icon to open a screen with an in-depth list of information
about the certificate (or certification request).

Click the Delete icon to delete the certificate (or certification request).
You cannot delete a certificate that one or more features is configured
to use.

«
...
170
171
172
173
174
...
»

Summary of Contents for P-2601HN(L)-F1 Series

Page 1: ... com P 2601HN L F1 Series ADSL2 IAD with 802 11n Wireless Copyright 2010 ZyXEL Communications Corporation Default Login Details IP Address http 192 168 1 1 User Name admin Password 1234 Firmware Version 3 10 Edition 1 10 2010 ...

Page 2: ......

Page 3: ...ed to help you get up and running right away It contains information on setting up your network and configuring for Internet access Support Disc Refer to the included CD for support documents Documentation Feedback Send your comments questions or suggestions to techwriters zyxel com tw Thank you The Technical Writing Team ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial Park...

Page 4: ...ed questions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use ZyXEL products and share your experiences as well Customer Support Should problems arise that cannot be solved by the methods listed above you should contact your vendor If you cannot contact your vendor then contact a ZyXEL office for the region in which you bought the device See http www...

Page 5: ...n bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Log Log Setting means yo...

Page 6: ...r s Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook computer Server Telephone Firewall Switch Router ...

Page 7: ...h America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution If the power adaptor or cord is damaged remove it from the device and the power source Do NOT attempt to repair the power adaptor or cor...

Page 8: ...Safety Warnings P 2601HN L F1 Series User s Guide 8 ...

Page 9: ...creens 61 Broadband 67 Wireless 81 Home Networking 111 Routing 127 DNS Route 131 Quality of Service QoS 135 Network Address Translation NAT 149 Dynamic DNS 157 Firewall 159 MAC Filter 165 Certificates 167 VoIP 175 Logs 203 System Monitor 207 User Account 213 Remote MGMT 215 SNMP 217 System 221 Time Setting 223 Log Setting 225 Firmware Upgrade 227 Backup Restore 229 Diagnostic 233 Troubleshooting 2...

Page 10: ...Contents Overview P 2601HN L F1 Series User s Guide 10 ...

Page 11: ...2 1 Internet Access 22 1 2 2 Internet Calls VoIP 22 1 2 3 Wireless Connection 23 1 3 Ways to Manage the ZyXEL Device 23 1 4 Good Habits for Managing the ZyXEL Device 24 1 5 LEDs Lights 24 1 6 The RESET Button 25 1 7 The WIRELESS ON OFF Button 26 Chapter 2 Introducing the Web Configurator 27 2 1 Overview 27 2 1 1 Accessing the Web Configurator 27 2 2 The Web Configurator Layout 30 2 2 1 Title Bar 3...

Page 12: ... Access the ZyXEL Device Using DDNS 56 3 9 1 Registering a DDNS Account on www dyndns org 57 3 9 2 Configuring DDNS on Your ZyXEL Device 57 3 9 3 Testing the DDNS Setting 58 Part II Technical Reference 59 Chapter 4 Connection Status and System Info Screens 61 4 1 Overview 61 4 2 The Connection Status Screen 61 4 3 The System Info Screen 63 Chapter 5 Broadband 67 5 1 Overview 67 5 1 1 What You Need...

Page 13: ...7 Technical Reference 97 6 7 1 Additional Wireless Terms 98 6 7 2 Wireless Security Overview 98 6 7 3 Signal Problems 101 6 7 4 BSS 101 6 7 5 MBSSID 102 6 7 6 WiFi Protected Setup WPS 103 Chapter 7 Home Networking 111 7 1 Overview 111 7 1 1 What You Can Do in this Chapter 111 7 1 2 What You Need To Know 111 7 2 The LAN Setup Screen 113 7 3 The Static DHCP Screen 114 7 3 1 Before You Begin 115 7 4 ...

Page 14: ... 145 10 6 QoS Technical Reference 146 10 6 1 IEEE 802 1Q Tag 146 10 6 2 IP Precedence 147 10 6 3 DiffServ 147 Chapter 11 Network Address Translation NAT 149 11 1 Overview 149 11 1 1 What You Can Do in this Chapter 149 11 1 2 What You Need To Know 149 11 2 The Port Forwarding Screen 150 11 2 1 The Port Forwarding Screen 151 11 2 2 The Port Forwarding Edit Screen 152 11 3 The Sessions Screen 153 11 ...

Page 15: ...ou Can Do in this Chapter 167 15 1 2 What You Need to Know 167 15 1 3 Verifying a Certificate 169 15 2 Local Certificates 170 15 3 Trusted CA 172 15 4 Trusted CA Import 173 15 5 View Certificate 173 Chapter 16 VoIP 175 16 1 Overview 175 16 1 1 What You Can Do in this Chapter 175 16 1 2 What You Need to Know 176 16 1 3 Before You Begin 177 16 2 The SIP Service Provider Screen 177 16 3 The SIP Accou...

Page 16: ...You Can Do in this Chapter 207 18 2 The WAN Status Screen 207 18 3 The LAN Status Screen 208 18 4 The NAT Status Screen 209 18 5 The VoIP Status Screen 210 Chapter 19 User Account 213 19 1 Overview 213 19 2 The User Account Screen 213 Chapter 20 Remote MGMT 215 20 1 Overview 215 20 1 1 What You Need to Know 215 20 2 The Remote MGMT Screen 216 Chapter 21 SNMP 217 21 1 Overview 217 21 2 The SNMP Scr...

Page 17: ...er 27 Diagnostic 233 27 1 Overview 233 27 1 1 What You Can Do in this Chapter 233 27 2 The Ping Screen 233 27 3 The DSL Line Screen 234 Chapter 28 Troubleshooting 237 28 1 Overview 237 28 2 Power Hardware Connections and LEDs 237 28 3 ZyXEL Device Access and Login 238 28 4 Internet Access 240 28 5 Phone Calls and VoIP 241 28 6 Wireless LAN Troubleshooting 242 Chapter 29 Product Specifications 243 ...

Page 18: ...Table of Contents P 2601HN L F1 Series User s Guide 18 Appendix E Common Services 323 Appendix F Open Software Announcements 327 Appendix G Legal Information 333 Index 337 ...

Page 19: ...19 PART I User s Guide ...

Page 20: ...20 ...

Page 21: ... the following description of the product name format H denotes an integrated 4 port hub switch N denotes wireless functionality including 802 11n mode There is an embedded USB module for IEEE 802 11b g n wireless LAN connectivity Only use firmware for your ZyXEL Device s specific model Refer to the label on the bottom of your ZyXEL Device L denotes the PSTN Public Switched Telephone Network line ...

Page 22: ...sly Figure 1 ZyXEL Device s Internet Access Application You can also configure firewall on the ZyXEL Device for secure Internet access When the firewall is on all incoming traffic from the Internet to your network is blocked unless it is initiated from your network This means that probes from the outside to your network are not allowed but you can safely browse the Internet and download files 1 2 ...

Page 23: ...which forwards your calls to either VoIP or PSTN phones 1 2 3 Wireless Connection By default the wireless LAN WLAN is enabled on the ZyXEL Device IEEE 802 11b g n compliant clients can wirelessly connect to the ZyXEL Device to access network resources You can set up a wireless network with WPS WiFi Protected Setup or manually add a client to your wireless network Figure 3 Wireless Connection Appli...

Page 24: ...ck up the configuration and make sure you know how to restore it Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes If you forget your password you will have to reset the ZyXEL Device to its factory default settings If you backed up an earlier configuration file you would not have to totally re configure the ZyXEL Device You could simply restore...

Page 25: ...is initializing the DSL line Off The DSL line is down INTERNET Green On The ZyXEL Device has an IP connection but no traffic Your device has a WAN IP address either static or assigned by a DHCP server PPP negotiation was successfully completed if used and the DSL connection is up Blinking The ZyXEL Device is sending or receiving IP traffic Red On The ZyXEL Device attempted to make an IP connection...

Page 26: ...defaults have been restored and the device restarts 1 7 The WIRELESS ON OFF Button Use the WIRELESS ON OFF button on the top of the device to turn the wireless LAN off or on You can also use it to activate WPS in order to quickly set up a wireless network with strong security Make sure the POWER LED is on not blinking before using the WIRELESS ON OFF button Press the WIRELESS ON OFF button for one...

Page 27: ...resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default See Appendix C on page 291 if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Con...

Page 28: ...te For security reasons the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes default If this happens log in again 5 The following screen displays if you have not yet changed your password It is strongly recommended you change the default password Enter a new password retype it to confirm and click Apply alternatively click Skip to proceed to the main ...

Page 29: ...igurator P 2601HN L F1 Series User s Guide 29 6 The Connection Status screen appears Figure 7 Connection Status 7 Click System Info to display the System Info screen where you can view the ZyXEL Device s interface and system information ...

Page 30: ...s User s Guide 30 2 2 The Web Configurator Layout Click Connection Status System Info to show the following screen Figure 8 Web Configurator Layout As illustrated above the main screen is divided into these parts A title bar B main window C navigation panel B C A ...

Page 31: ...creen appears See Chapter 4 on page 61 for more information about the Connection Status screen If you click Virtual Device on the System Info screen a visual graphic appears showing the connection status of the ZyXEL Device s ports The connected ports are in color and disconnected ports are gray 2 2 3 Navigation Panel Use the menu items on the navigation panel to open screens to configure ZyXEL De...

Page 32: ...o enable QoS and decide allowable bandwidth using QoS Queue Setup Use this screen to configure QoS queue assignment Class Setup Use this screen to set up classifiers to sort traffic into different flows and assign priority and define actions to be performed for a classified traffic flow Monitor Use this screen to view each queue s statistics NAT Port Forwarding Use this screen to make your local s...

Page 33: ...the status of all network traffic going through the WAN port of the ZyXEL Device LAN Use this screen to view the status of all network traffic going through the LAN ports of the ZyXEL Device NAT Use this screen to view the status of NAT sessions on the ZyXEL Device VoIP Status VoIP Status Use this screen to view the SIP phone and call status of the ZyXEL Device Maintenance Users Account Users Acco...

Page 34: ...kup Restore Use this screen to backup and restore your device s configuration settings or reset the factory default settings Reboot Reboot Use this screen to reboot the ZyXEL Device without turning the power off Diagnostic Ping Use this screen to test the connections to other devices DSL Line Use this screen to identify problems with the DSL connection Table 2 Navigation Panel Summary continued LI...

Page 35: ...ow to set up your Internet connection using the web configurator If you connect to the Internet through a DSL connection use the information from your Internet Service Provider ISP to configure the ZyXEL Device Do the following steps 1 Connect the ZyXEL Device properly Refer to the Quick Start Guide for details on the ZyXEL Device s hardware connection 2 Check the back panel of your device where t...

Page 36: ...ded by your ISP as well as the computer Account Configuration 1 Click Network Setting Broadband to open the following screen Click Add new WAN Interface 2 For this example the interface type is ADSL and the connection has the following information General Name MyDSLConnection Type ADSL Mode Routing WAN Service Type PPPoE ATM PVC Configuration VPI VCI 36 48 Encapsulation Mode LLC SNAP Bridging Serv...

Page 37: ...ues and click Apply This completes your DSL WAN connection setting Static IP Address 192 168 1 32 Others PPPoE Passthrough Disabled NAT Enabled IGMP Multicast Proxy Enabled Apply as Default Gateway Enable DNS Server Static DNS IP Address Primary 192 168 1 254 Secondary 192 168 1 253 ...

Page 38: ...reless client for wireless communication using the following parameters The wireless clients can access the Internet through the ZyXEL Device wirelessly 3 3 1 Example Parameters An access point AP or wireless router is referred to as the AP and a computer with a wireless network card or USB adapter is referred to as the wireless client here We use the Model web screens and M 302 utility screens as...

Page 39: ... 2 Make sure Enable Wireless LAN is selected 3 Enter SSID_Example3 as the SSID and select Auto in the Channel Selection field to have the device search for an available channel 4 Select 802 11b g in the Mode Select field 5 Select More Secure as your security level and set security mode to WPA PSK and enter ThisismyWPA PSKpre sharedkey in the Pre Shared Key field Click Apply ...

Page 40: ...AP 3 3 3 Configuring the Wireless Client This section describes how to connect the wireless client to a network 3 3 3 1 Connecting to a Wireless LAN The following sections show you how to join a wireless network using the ZyXEL utility as in the following diagram The wireless client is labeled C and the access point is labeled AP There are three ways to connect the client to an access point Config...

Page 41: ...Site Survey tab to open the screen shown next Tutorial Site Survey 2 The wireless client automatically searches for available wireless networks Click Scan if you want to search again If no entry displays in the Available Network List that means there is no wireless network available within range Make sure the AP or peer computer is turned on or move the wireless client closer to the AP or peer com...

Page 42: ...remain blank Tutorial Link Info 6 Open your Internet browser and enter http www zyxel com or the URL of any other web site in the address bar If you are able to access the web site your wireless connection is successfully configured If you cannot access the web site try changing the encryption type in the Security Settings screen check the Troubleshooting section of this User s Guide or contact yo...

Page 43: ... The wireless client automatically searches for available wireless networks and displays them in the Scan Info box Click Scan if you want to search again You can also configure your profile for a wireless network that is not in the list Tutorial Add New Profile 3 Give the profile a descriptive name of up to 32 printable ASCII characters Select Infrastructure and either manually enter or select the...

Page 44: ...ile Encryption 6 In the next screen leave both boxes selected Tutorial Wireless Protocol Settings 7 Verify the profile settings in the read only screen Click Save to save and go to the next screen Tutorial Confirm Save 8 Click Activate Now to use the new profile immediately Otherwise click the Activate Later button If you clicked Activate Later you can select the profile from the list in the Profi...

Page 45: ... the Internet go back to the Profile screen select the profile you are using and click Edit Check the details you entered previously Also refer to the Troubleshooting section of this User s Guide or contact your network administrator if necessary 3 4 Setting Up NAT Port Forwarding In this tutorial you manage the Doom server on a computer behind the ZyXEL Device In order for players on the Internet...

Page 46: ...ng port 666 traffic to the computer with IP address 192 168 1 34 Players on the Internet then can have access to your Doom server Service Name Select User Defined WAN Interface Select the WAN interface through which the Doom service is forwarded This is the default interface for this example which is MyDSLConnection Start End Ports 666 Translation Start End Ports 666 Server IP Address Enter the IP...

Page 47: ...e provider and applied for a SIP account 3 5 1 1 SIP Service Provider Configuration Follow the steps below to configure your SIP service provider 1 Make sure your ZyXEL Device is connected to the Internet 2 Open the web configurator 3 Click VoIP SIP to open the SIP Service Provider screen Select Add New from the Service Provider Selection drop down list box 4 Select the Enable check box of SIP Ser...

Page 48: ...sword Leave other settings as default 7 Click Apply to save your settings 3 5 1 2 SIP Account Registration Follow the steps below to register and activate your SIP account 1 Click Connection Status System Info to check if your SIP account has been registered successfully If the status is Not Registered check your Internet connection and click Register to register your SIP account Tutorial Registra...

Page 49: ... phone port use the registered SIP 3 account to make outgoing calls 3 Select the SIP 3 check box in the SIP Account s to Receive Incoming Call section to have the phone connected to the first phone port receive phone calls for the SIP 3 account 4 Click Apply to save your changes Tutorial VoIP Phone 3 5 1 4 Making a VoIP Call 1 Make sure you connect a telephone to the first phone port on the ZyXEL ...

Page 50: ...ough the ZyXEL Device Thomas decides to use the Security MAC Filter screen to grant wireless network access to his computer but not to Josephine s computer 1 Click Security MAC Filter to open the MAC Filter screen Select the Enable check box to activate MAC filter function 2 Find the MAC address of Thomas computer in this screen Select Allow Click Apply Thomas can also grant access to the computer...

Page 51: ...g rule for two network routings In the following figure router R is connected to the ZyXEL Device s LAN R connects to two networks N1 192 168 1 x 24 and N2 192 168 10 x 24 If you want to send traffic from computer A in N1 network to computer B in N2 network the traffic is sent to the ZyXEL Device s WAN default gateway by default In this case B will never receive the traffic You need to specify a s...

Page 52: ...ting Click Add New Static Route 2 Configure the Static Route Setup screen using the following settings Select Active Specify a descriptive name for this routing rule Type 192 168 10 0 and subnet mask 255 255 255 0 for the destination N2 Table 3 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The ZyXEL Device s WAN 172 16 1 1 The ZyXEL Device s LAN 192 168 1 1 A 192 168 1 34 R s N1 192 168 ...

Page 53: ...e e mail traffic because your task includes sending urgent updates to clients at least twice every hour You also upload data files such as logs and e mail archives to the FTP server throughout the day Your colleagues use the Internet for research as well as chat applications for communicating with other branch offices In the following figure your Internet connection has an upstream transmission ba...

Page 54: ...eam Bandwidth to 10 000 kbps or leave this blank to have the ZyXEL Device automatically determine this figure Click Apply to save your settings Tutorial Advanced QoS 2 Go to Network Setting QoS Queue Setup Click Add new Queue to create a new queue In the screen that opens check Active and enter or select the following values then click Apply Name Email Priority 7 High Weight 15 10 000 kbps DSL E m...

Page 55: ...Click Add new Classifier to create a new class Check Active and follow the settings as shown in the screen below Then click Apply Tutorial Advanced QoS Class Setup Class Name Give a class name to this traffic such as Email in this example To Queue Link this to a queue created in the QoS Queue Setup screen which is the Email queue created in this example ...

Page 56: ...d it uses a dynamic WAN IP address it is inconvenient for you to manage the device from the Internet The ZyXEL Device s WAN IP address changes dynamically Dynamic DNS DDNS allows you to access the ZyXEL Device using a domain name To use this feature you have to apply for DDNS service at www dyndns org From Interface This is the interface from which the traffic will be coming from Select Lan Ether ...

Page 57: ...g into www dyndns org using your account 4 Add a new DDNS host name This tutorial uses the following settings as an example Hostname zyxelrouter dyndns org Service Type Host with IP address IP Address Enter the WAN IP address that your ZyXEL Device is currently using You can find the IP address on the ZyXEL Device s web configurator Status page Then you will need to configure the same account and ...

Page 58: ...S Setting Now you should be able to access the ZyXEL Device from the Internet To test this 1 Open a web browser on the computer using the IP address a b c d that is connected to the Internet 2 Type http zyxelrouter dyndns org and press Enter 3 The ZyXEL Device s login page should appear You can then log into the ZyXEL Device and manage it ...

Page 59: ...59 PART II Technical Reference ...

Page 60: ...60 ...

Page 61: ... status of the ZyXEL Device and clients connected to it Use the System Info screen to look at the current status of the device system resources interfaces LAN WAN and WLAN and SIP accounts You can also register and unregister SIP accounts 4 2 The Connection Status Screen Use this screen to view the network connection status of the device and its clients A warning message appears if there is a conn...

Page 62: ...ou want the ZyXEL Device to update this screen in Refresh Interval Figure 9 Connection Status Icon View Figure 10 Connection Status List View In Icon View if you want to view information about a client click the client s name and Info Click the IP address if you want to change it If you want to change the name or icon of the client click Change name icon In List View you can also view the client s...

Page 63: ...le 4 System Info Screen LABEL DESCRIPTION Language Select the web configurator language from the drop down list box Refresh Interval Select how often you want the ZyXEL Device to update this screen from the drop down list box Device Information Host Name This field displays the ZyXEL Device system name It is used for identification You can change this in the Maintenance System screen s Host Name f...

Page 64: ...ice is providing to the LAN Choices are Server The ZyXEL Device is a DHCP server in the LAN It assigns IP addresses to other computers in the LAN Relay The ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients None The ZyXEL Device is not providing any DHCP services to the LAN WLAN Information Channel This is the channel numbe...

Page 65: ...plays the maximum transmission rate when WLAN is enabled or N A when WLAN is disabled System Status System Up Time This field displays how long the ZyXEL Device has been running since it last started up The ZyXEL Device starts up when you plug it in when you restart it Maintenance Reboot or when you reset it see Chapter 1 on page 25 Current Date Time This field displays the current date and time i...

Page 66: ...rver Click Register to have the ZyXEL Device attempt to register the SIP account with the SIP server The second field displays the reason the account is not registered Inactive The SIP account is not active You can activate it in VoIP SIP SIP Settings Register Fail The last time the ZyXEL Device tried to register the SIP account with the SIP server the attempt failed The ZyXEL Device automatically...

Page 67: ...other networks so that a computer in one location can communicate with computers in other locations Figure 12 LAN and WAN 5 1 1 What You Need to Know Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol To set up a WAN connection to the Internet you need to use the same encapsulation method used by your ISP Internet Service Provider If...

Page 68: ...d Multicast Traditionally IP packets are transmitted in one of either two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just one IGMP IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast group it is not used to carry use...

Page 69: ...uting mode or bridge mode Encapsulation This is the method of encapsulation used by this connection VPI VCI This is the Virtual Path Identifier VPI VCI This is the Virtual Channel Identifier VCI Vlan8021p This indicates the 802 1P priority level assigned to traffic sent through this connection This displays N A when there is no priority level assigned VlanMuxId This indicates the VLAN ID number as...

Page 70: ...it icon next to an existing WAN interface to configure a WAN connection The screen differs according to the mode and encapsulation you choose This screen displays when you select the Routing mode and PPPoE encapsulation The fields in the screen may differ depending on the type of encapsulation you use Figure 14 Broadband Add Edit Routing Mode ...

Page 71: ...TM traffic Enter the VCI assigned to you DSL Link Type If your WAN Service Type is PPPoE or IPoE the DSL link type is set to EoA Ethernet over ATM to have an Ethernet header in the packet so that you can have multiple services connections over one PVC You can set each connection to have its own MAC address or all connections share one MAC address but use different VLAN IDs for different services E...

Page 72: ...ells that can be sent at the peak rate Type the MBS which is less than 65535 This field is available only when you select Non Realtime VBR or Realtime VBR PPP Information This section is available only when you select Routing in the Mode field and PPPoE or PPPoA in the WAN Service Type field PPP User Name Enter the user name exactly as your ISP assigned If assigned a name in the form user domain w...

Page 73: ...different one each time you connect to the Internet Select this if you have a dynamic IP address Enable DHCP Option 60 Select this to identify the vendor and functionality of the ZyXEL Device in DHCP requests that the ZyXEL Device sends to a DHCP server when getting a WAN IP address Vendor Class Identifier Enter the Vendor Class Identifier Option 60 such as the type of the hardware or firmware Sta...

Page 74: ...erver addresses you configure manually Primary DNS Server Enter the first DNS server address assigned by the ISP Secondary DNS Server Enter the second DNS server address assigned by the ISP Apply Click Apply to save your changes Back Click Back to return to the previous screen Table 6 Broadband Add Edit Routing Mode continued LABEL DESCRIPTION Table 7 Broadband Add Edit Bridge Mode LABEL DESCRIPTI...

Page 75: ...e drop down list box Choices are LLC SNAP BRIDGING In LCC encapsulation bridged PDUs are encapsulated by identifying the type of the bridged media in the SNAP header VC MUX In VC multiplexing each protocol is carried on a single ATM virtual circuit VC To transport multiple protocols the ZyXEL Device needs separate VCs There is a binding between a VC and the type of the network protocol carried on ...

Page 76: ...tion This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE saves significant effort for both you and the ISP or carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the ZyXEL Device rather than individual computers the computers on the LAN do not need PPPoE software ...

Page 77: ... virtual circuit for example VC1 carries IP etc VC based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical LLC based Multiplexing In this case one VC carries multiple protocols with protocol identifying information being contained in each packet header Despite the extra bandwidth and processing overhead this method may be advanta...

Page 78: ...n which is important for transmission of real time data such as audio and video connections Peak Cell Rate PCR is the maximum rate at which the sender can send cells This parameter may be lower but not higher than the maximum line speed 1 ATM cell is 53 bytes 424 bits so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells sec This rate is not guaranteed because it is dependent on the line...

Page 79: ...fic class is used with bursty connections Connections that use the Variable Bit Rate VBR traffic class can be grouped into real time VBR RT or non real time VBR nRT connections The VBR RT real time Variable Bit Rate type is used with bursty connections that require closely controlled delay and delay variation It also provides a fixed amount of bandwidth a PCR is specified but is only available whe...

Page 80: ...Unspecified Bit Rate UBR The Unspecified Bit Rate UBR ATM traffic class is for bursty data transfers However UBR doesn t guarantee any bandwidth and only delivers traffic when the network has spare bandwidth An example application is background file transfer ...

Page 81: ...ice in wireless networks for multimedia applications Section 6 5 on page 95 Use the Scheduling screen to schedule a time period for the wireless LAN to operate each day Section 6 6 on page 97 You don t necessarily need to use all these screens to set up your wireless connection For example you may just want to set up a network name a wireless radio channel and some security in the General screen 6...

Page 82: ...ccess point AP to interact with the other devices such as the printer or with the Internet Your ZyXEL Device is the AP Every wireless network must follow these basic guidelines Every device in the same wireless network must use the same SSID The SSID is the name of the wireless network It stands for Service Set IDentifier If two wireless networks overlap they should use a different channel Like ra...

Page 83: ...ons do the other wireless devices support WPA PSK for example What is the best one to use Do the other wireless devices support WPS Wi Fi Protected Setup If so you can set up a well secured network very easily Even if some of your devices support WPS and some do not you can use WPS to set up your network and then add the non WPS devices manually although this is somewhat more complicated to do Wha...

Page 84: ...reless Network Settings Wireless Network Name SSID The SSID Service Set IDentity identifies the service set with which a wireless device is associated Wireless devices associating to the access point AP must have the same SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station...

Page 85: ...ce changing the channel may help Try to use a channel that is as many channels away from any channels used by neighboring APs as possible The channel number which the ZyXEL Device is currently using then displays in the Operating Channel field Scan Click this button to have the ZyXEL Device immediately scan for and select a channel which is not used by another device whenever the device reboots or...

Page 86: ... the same WEP key There are two types of WEP authentication namely Open System Static WEP and Shared Key Shared WEP Open system is implemented for ease of use and when security is not an issue The wireless station and the AP or peer computer do not share a secret key Thus the wireless stations can associate with any AP or peer computer and listen to any transmitted data that is not encrypted Share...

Page 87: ...have the ZyXEL Device allow association with wireless clients that use Open System mode Data transfer is encrypted as long as the wireless client has the correct WEP key for encryption The ZyXEL Device authenticates wireless clients using Shared Key mode that have the correct WEP key Select Shared WEP to have the ZyXEL Device authenticate only those wireless clients that use Shared Key mode and ha...

Page 88: ...play the General screen Select More Secure as the security level Then select WPA PSK or WPA2 PSK from the Security Mode list Figure 21 Wireless General More Secure WPA 2 PSK The following table describes the labels in this screen Table 11 Wireless General WPA 2 PSK LABEL DESCRIPTION Security Level Select More Secure to enable WPA 2 PSK data encryption Security Mode Select WPA PSK or WPA2 PSK from ...

Page 89: ...es WPA PSK Compatible This field appears when you choose WPA PSK2 as the Security Mode Check this field to allow wireless devices using WPA PSK security mode to connect to your ZyXEL Device The ZyXEL Device supports WPA PSK and WPA2 PSK simultaneously Encryption If the security mode is WPA PSK the encryption mode is set to TKIP to enable Temporal Key Integrity Protocol TKIP security on your wirele...

Page 90: ...rnal authentication server in dotted decimal notation Port Number Enter the port number of the external authentication server The default port number is 1812 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication se...

Page 91: ... the rate at which the RADIUS server sends a new group key out to all clients Encryption If the security mode is WPA the encryption mode is set to TKIP to enable Temporal Key Integrity Protocol TKIP security on your wireless network If the security mode is WPA2 and WPA Compatible is disabled the encryption mode is set to AES to enable Advanced Encryption System AES security on your wireless networ...

Page 92: ... Service Set with which a wireless device is associated This field displays the name of the wireless profile on the network When a wireless client scans for an AP to associate with this is the name that is broadcast and seen in the wireless client utility Security This field indicates the security mode of the SSID profile Modify Click the Edit icon to configure the SSID profile Table 13 Network Se...

Page 93: ...st have the same SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool BSSID This shows the MAC address of the wireless interface on the ZyXEL Device when wireless LAN is enabled Security Level Security Mode Se...

Page 94: ... Add a new device with WPS Method Method 1PBC Use this section to set up a WPS wireless network using Push Button Configuration PBC WPS Click this button to add another WPS enabled wireless device within wireless range of the ZyXEL Device to your wireless network This button may either be a physical button on the outside of device or a menu button similar to the WPS button on this screen Note You ...

Page 95: ... ZyXEL Device create a new PIN Status This displays Configured when the ZyXEL Device has connected to a wireless network using WPS or Enable WPS is selected and wireless or wireless security settings have been changed The current wireless and wireless security settings also appear in the screen This displays Not Configured when there is no wireless or wireless security changes on the ZyXEL Device ...

Page 96: ...ve a service a priority level according to the ToS value in the IP header of packets it sends WMM QoS Wifi MultiMedia Quality of Service gives high priority to voice and video which makes them run more smoothly Enable WMM Automatic Power Save Deliver APSD Click this to increase battery life for battery powered wireless clients APSD uses a longer beacon interval when transmitting traffic that does ...

Page 97: ... the appendix Table 17 Network Setting Wireless Scheduling LABEL DESCRIPTION Wireless LAN Scheduling Select Enable to activate wireless LAN scheduling on your ZyXEL Device WLAN status Select On or Off to enable or disable the wireless LAN Day Select the day s you want to turn the wireless LAN on or off Except for the following times Specify the time period during which to apply the schedule For ex...

Page 98: ...with the code key can understand the information and only people who have been authenticated are given the code key Table 18 Additional Wireless Terms TERM DESCRIPTION RTS CTS Threshold In a wireless network which covers a large area wireless devices are sometimes not aware of each other s presence This may cause them to send information to the AP at the same time and result in information collidi...

Page 99: ...example if your mother owns a 1970 Dodge Challenger and her favorite movie is Vanishing Point which you know was made in 1971 you could use 70dodchal71vanpoi as your security key The following sections introduce different types of wireless security you can set up in the wireless network 6 7 2 1 SSID Normally the ZyXEL Device acts like a beacon and regularly broadcasts the SSID in the area You can ...

Page 100: ...s network has to support IEEE 802 1x to do this For wireless networks you can store the user names and passwords for each user in a RADIUS server This is a server used in businesses more than in homes If you do not have a RADIUS server you cannot set up user names and passwords for your users Unauthorized wireless devices can still see the information that is sent in the wireless network even if t...

Page 101: ...upport WPA2 you should set up WPA2 PSK or WPA2 depending on the type of wireless network login and select the WPA compatible option in the ZyXEL Device Many types of encryption use a key to protect the information in the wireless network The longer the key the stronger the encryption Every device in the wireless network must have the same key 6 7 3 Signal Problems Because wireless networks are rad...

Page 102: ...MBSSID Multiple Basic Service Set IDentifier function allows you to use one access point to provide several BSSs simultaneously You can then assign varying QoS priorities and or security modes to different SSIDs Wireless devices can use different BSSIDs to associate with the same AP 6 7 5 1 Notes on Multiple BSSs A maximum of eight BSSs are allowed on one AP simultaneously You must use different k...

Page 103: ...n Configuration PBC is initiated by pressing a button on each WPS enabled device and allowing them to connect automatically You do not need to enter any information Not every WPS enabled device has a physical WPS button Some may have a WPS PBC button in their configuration utilities instead of or in addition to the physical button Take the following steps to set up WPS using the button 1 Ensure th...

Page 104: ...ng steps to set up a WPS connection between an access point or wireless router referred to here as the AP and a client device using the PIN method 1 Ensure WPS is enabled on both devices 2 Access the WPS section of the AP s configuration interface See the device s User s Guide for how to do this 3 Look for the client s WPS PIN it will be displayed either on the device or in the WPS section of the ...

Page 105: ... device acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the registrar is already part of a network it sends the exi...

Page 106: ...nrollee All WPS certified APs can be a registrar and so can some WPS enabled wireless clients By default a WPS devices is unconfigured This means that it is not part of an existing network and can act as either enrollee or registrar if it supports both functions If the registrar is unconfigured the security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has ...

Page 107: ...nce it is unconfigured and has no existing information Figure 31 WPS Example Network Step 1 In step 2 you add another wireless client to the network You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network In this case AP1 must be the registrar since it is confi...

Page 108: ... two enrollees and one registrar you must set up the first enrollee by pressing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devices However you can still add non WPS devices to a network you already set up using WPS WPS works by automatically issuing a...

Page 109: ...ee if this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open the access point s configuration interface and look at the list of associated clients usually displayed by MAC address It does not matter if the access point is the WPS registrar the enrollee or...

Page 110: ...Chapter 6 Wireless P 2601HN L F1 Series User s Guide 110 ...

Page 111: ... a LAN DHCP server and manage IP addresses 7 1 1 What You Can Do in this Chapter Use the LAN IP screen to set the LAN IP address subnet mask and DHCP settings Section 7 2 on page 113 Use the DHCP Server screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN Section 7 3 on page 114 Use the UPnP screen to enable UPnP Section 7 4 on page 116 7...

Page 112: ...support DHCP client capability DNS DNS Domain Name System maps a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a computer before you can access it The DNS server addresses you enter when you set up DHCP are passed to the client machines along with the assigned IP address and subnet mask 7 1 2 2 Ab...

Page 113: ...ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP Implementers Corp UIC ZyXEL s UPnP implementation supports Internet Gateway Device IGD 1 0 See Section 7 6 on page 119 for examples of installing and using UPnP 7 2 The LAN Setup Screen Click Network Setting Home Networking to open the LAN Setup screen Use this screen to set the Local Area Network IP address and subn...

Page 114: ... addresses of the computers and other devices on your LAN When DHCP is used the following fields need to be set IP Addressing Values IP Pool Starting Address This field specifies the first of the contiguous addresses in the IP address pool Pool Size This field specifies the size or count of the IP address pool DNS Values DNS Server 1 3 Select From ISP if your ISP dynamically assigns DNS server inf...

Page 115: ...atus This field displays whether the client is connected to the ZyXEL Device Host Name This field displays the client host name MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal notation A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory This address ...

Page 116: ... about other devices on the network In turn a device can leave a network smoothly and automatically when it is no longer in use See page 119 for more information on UPnP Use the following screen to configure the UPnP settings on your ZyXEL Device Click Network Setting Home Networking Static DHCP UPnP to display the screen shown next Figure 37 Network Setting Home Networking UPnP Table 22 Static DH...

Page 117: ... Protocol RFC 2131 and RFC 2132 allows individual clients to obtain TCP IP configuration at start up from a server You can configure the ZyXEL Device as a DHCP server or disable it When configured as a server the ZyXEL Device provides the TCP IP configuration for the clients If you turn DHCP service off you must have another DHCP server on your LAN or else the computer must be manually configured ...

Page 118: ... 0 to 192 168 255 0 and you must enable the Network Address Translation NAT feature of the ZyXEL Device The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select 192 168 1 0 as the network number which covers 254 individual addresses from 192 168 1 1 to 192 168 1 25...

Page 119: ...our local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Note Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 146...

Page 120: ...etails Figure 39 Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Figure 40 Add Remove Programs Windows Setup Communication Components 4 Click OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted ...

Page 121: ...3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Figure 41 Network Connections 4 The Windows Optional Networking Components Wizard window displays Select Networking Service in the Components selection box and click Details Figure 42 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plu...

Page 122: ...mple This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device Make sure the computer is connected to a LAN port of the ZyXEL Device Turn on your computer and the ZyXEL Device Auto discover Your UPnP enabled Network Device 1 Click Start and Control Panel Double click Network Connections An icon display...

Page 123: ...elect Properties Figure 44 Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Figure 45 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings ...

Page 124: ...ings Figure 47 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6 Select Show icon in notification area when connected option and click OK An icon displays in the system tray Figure 48 System Tray Icon ...

Page 125: ... With UPnP you can access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the IP address of the ZyXEL Device Follow the steps below to access the web configurator 1 Click Start and then Control Panel 2 Double click Network Connections 3 Select My Network Places under Other Places Figure 50 Network Con...

Page 126: ... click on the icon for your ZyXEL Device and select Invoke The web configurator login screen displays Figure 51 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Figure 52 Network Connections My Network Places Properties Example ...

Page 127: ...se static routes For example the next figure shows a computer A connected to the ZyXEL Device s LAN interface The ZyXEL Device routes most traffic from A to the Internet through the ZyXEL Device s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connec...

Page 128: ...ther the static route is currently in use or not A yellow bulb signifies that this static route is in use A gray bulb signifies that this static route is not in use Name This is the name that describes or identifies this route Destination IP This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gatew...

Page 129: ...a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address You can decide if you want to forward packets to a gateway IP address or a bound interface If you want to configure Gateway IP Address enter the IP address of the next hop gateway The gateway is a rout...

Page 130: ...Chapter 8 Routing P 2601HN L F1 Series User s Guide 130 ...

Page 131: ...em DNS server in the order you specify in the Broadband screen to resolve domain names that do not match any DNS routing entry After the ZyXEL Device receives a DNS reply from a DNS server it creates a new entry for the resolved IP address in the routing table In the following example the DNS server 168 92 5 1 obtained from the WAN interface ptm0 100 is set to be the system DNS server The DNS serv...

Page 132: ...red information for a DNS route Figure 58 DNS Route Add Edit Table 26 Network Setting DNS Route LABEL DESCRIPTION Add new DNS route Click this to create a new entry This is the number of an individual DNS route Status This shows whether the DNS route is currently in use or not A yellow bulb signifies that this DNS route is in use A gray bulb signifies that this DNS route is not in use Domain Name ...

Page 133: ...use the wildcard character an asterisk as the left most part of a domain name such as example com The ZyXEL Device forwards DNS queries for any domain name ending in example com to the WAN interface specified in this route WAN Interface Select a WAN interface through which the matched DNS query is sent You must have the WAN interface s already configured in the Broadband screen Apply Click Apply t...

Page 134: ...Chapter 9 DNS Route P 2601HN L F1 Series User s Guide 134 ...

Page 135: ...rdingly Packets assigned a high priority are processed more quickly than those with low priority if there is congestion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Internet gaming and those for which jitter alone is a problem such as Internet...

Page 136: ...n use CoS to give different priorities to different packet types CoS technologies include IEEE 802 1p layer 2 tagging and DiffServ Differentiated Services or DS IEEE 802 1p tagging makes use of three bits in the packet header while DiffServ is a new protocol and defines a new DS field which replaces the eight bit ToS Type of Service field in the IP header Tagging and Marking In a QoS class you can...

Page 137: ...al transmission speed For example set the WAN interface speed to 100000 kbps if your Internet connection has an upstream transmission speed of 100 Mbps Setting this number higher than the interface s actual transmission speed will stop lower priority traffic from being sent if higher priority traffic uses all of the actual bandwidth If you set this number lower than the interface s actual transmis...

Page 138: ...ng QoS Queue Setup LABEL DESCRIPTION Add new Queue Click this to create a new entry This is the index number of this entry Status This shows whether the queue is activated or not A yellow bulb signifies that this queue is activated A gray bulb signifies that this queue is not activated Name This shows the descriptive name of this queue Interface This shows the name of the ZyXEL Device s interface ...

Page 139: ...LABEL DESCRIPTION Active Select to enable or disable this queue Name Enter the descriptive name of this queue Interface Select the interface to which this queue is applied Priority Select the priority level from 1 to 7 of this queue The larger the number the higher the priority level Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if...

Page 140: ...o many large file downloads so that they do not reduce the quality of other applications Click Network Setting QoS Class Setup to open the following screen Figure 62 Network Setting QoS Class Setup The following table describes the labels in this screen Table 31 Network Setting QoS Class Setup LABEL DESCRIPTION Add new Classifier Click this to create a new classifier Order This field displays the ...

Page 141: ...lassifier To Queue This is the name of the queue in which traffic of this classifier is put Modify Click the Edit icon to edit the classifier Click the Delete icon to delete an existing classifier Note that subsequent rules move up by one when you take this action Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 31 Network Setting QoS Class...

Page 142: ...e Edit icon next to an existing classifier to configure it Figure 63 Class Setup Add Edit The following table describes the labels in this screen Table 32 Class Setup Add Edit LABEL DESCRIPTION Class Configuration Active Select to enable this classifier Class Name Enter a descriptive name of up to 32 printable English keyboard characters including spaces ...

Page 143: ...m the LAN or a wireless interface Ether Type Select a predefined application to configure a class for the matched traffic If you select IP you also need to configure source or destination MAC address IP address DHCP options DSCP value or the protocol type If you select 8021Q you can configure an 802 1p priority level and VLAN ID in the Others section Source MAC Address Select the check box and ent...

Page 144: ...IP Subnet Mask Enter the destination subnet mask Port Range If you select TCP or UDP in the IP Protocol field select the check box and enter the port number s of the source Exclude Select this option to exclude the packets that match the specified criteria from this classifier Others IP Protocol This field is available only when you select IP in the Ether Type field Select this option and select t...

Page 145: ...entID DHCP Option 61 enter the Type of the matched traffic and Client ID of the DHCP client If you select User Class ID DHCP Option 77 enter the User Class Data which is a string that identifies the user s category or application type in the matched DHCP packets If you select VendorSpecificIntro DHCP Option 125 enter the Enterprise Number of the software of the matched traffic and Vendor Class Dat...

Page 146: ...evices need to process the frame across the network Table 33 Network Setting QoS Monitor LABEL DESCRIPTION Monitor Refresh Interval Select how often you want the ZyXEL Device to update this screen Select No Refresh to stop refreshing statistics Status This is the index number of the entry Name This shows the name of the WAN interface on the ZyXEL Device Pass Rate bps This shows how many packets fo...

Page 147: ...ets are marked with DiffServ Code Points DSCPs indicating the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the...

Page 148: ... illustrates the DS field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet gets across the DiffServ network Based on the marking rule different kinds of traffic can be marked for diff...

Page 149: ... 3 on page 153 11 1 2 What You Need To Know The following terms and concepts may help as you read this chapter Inside Outside and Global Local Inside outside denotes where a host is located relative to the ZyXEL Device for example the computers of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global local denotes the IP address of a host in a pac...

Page 150: ...erver The port number identifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports The most often used port num...

Page 151: ...C 192 168 1 35 B 192 168 1 34 WAN LAN 192 168 1 1 IP Address assigned by ISP Table 35 Network Setting NAT Port Forwarding LABEL DESCRIPTION Add new rule Click this to add a new port forwarding rule This is the index number of the entry Status This field indicates whether the rule is active or not Clear the check box to disable the rule Select the check box to enable it Service Name This is the ser...

Page 152: ...s IP address Protocol This shows the IP protocol supported by this virtual server whether it is TCP UDP or TCP UDP Modify Click the Edit icon to edit the port forwarding rule Click the Delete icon to delete an existing port forwarding rule Note that subsequent address mapping rules move up by one when you take this action Apply Click Apply to save your changes Cancel Click Cancel to restore your p...

Page 153: ...ort of the original destination port range To forward only one port enter the port number in the External Start Port field above and then enter it again in this field To forward a series of ports enter the last port number in a series that begins with the port number in the External Start Port field above Translation Start Port This shows the port number to which you want the ZyXEL Device to trans...

Page 154: ...et Thus an inside local address ILA is the IP address of an inside host in a packet when the packet is still in the local network while an inside global address IGA is the IP address of the same inside host when the packet is on the WAN side The following table summarizes this information Table 37 Network Setting NAT Sessions LABEL DESCRIPTION MAX NAT Session Use this field to set a common limit t...

Page 155: ...sible to the outside world If you do not define any servers NAT offers the additional benefit of firewall protection With no servers defined your ZyXEL Device filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 11 4 3 How NAT Works Each packet has two addresses ...

Page 156: ... values restored The following figure illustrates this Figure 69 How NAT Works 192 168 1 13 192 168 1 10 192 168 1 11 192 168 1 12 SA 192 168 1 10 SA IGA1 Inside Local IP Address 192 168 1 10 192 168 1 11 192 168 1 12 192 168 1 13 Inside Global IP Address IGA 1 IGA 2 IGA 3 IGA 4 NAT Table WAN LAN Inside Local Address ILA Inside Global Address IGA ...

Page 157: ...hanges each time you reconnect Your friends or relatives will always be able to call you even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 12 1 1 What ...

Page 158: ...ON Dynamic DNS Configuration Active Dynamic DNS Select this check box to use dynamic DNS Service Provider Select the name of your Dynamic DNS service provider Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider Host Name Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in ...

Page 159: ...s on other networks from going to the LAN and WLAN The following figure illustrates the default firewall action User A can initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 71 Default Firewall Action 13 1 1 What You Can Do in this Chapter Use the General screen ...

Page 160: ...ng between the Internet and the LAN The ZyXEL Device has one Ethernet WAN port and four Ethernet LAN ports which are used to physically separate the network into two areas The WAN Wide Area Network port attaches to the broadband cable or DSL modem to the Internet The LAN Local Area Network port attaches to a network of computers which needs security from the outside world These computers will have...

Page 161: ...The Services Screen Use this screen to enable service blocking and to maintain the list of services you want to block To access this screen click Security Firewall Services Table 40 Security Firewall General LABEL DESCRIPTION Firewall Select Enable to activate the firewall The ZyXEL Device performs access control and protects against Denial of Service DoS attacks when the firewall is activated App...

Page 162: ...a service that is not available in the pre defined Available Services list You must define it using the Type and Port Number fields See Appendix E on page 323 for some examples of services Blocked Services This is a list of services ports that are inaccessible to computers on your LAN when service blocking is effective To remove a service from this list select the service and click Delete Type Sel...

Page 163: ...ate only with specific peers and protect by configuring rules to block packets for the services at specific interfaces 6 Keep the firewall in a secured locked room 13 4 2 Security Considerations Note Incorrectly configuring the firewall may block valid access or introduce security risks to the ZyXEL Device and your protected network Use caution when creating or deleting firewall rules and test you...

Page 164: ...llows Internet users access to resources on the LAN create a security vulnerability For example if FTP ports TCP 20 21 are allowed from the Internet to the LAN Internet users may be able to connect to computers with running FTP servers 4 Does this rule conflict with any existing rules Once these questions have been answered adding rules is simply a matter of entering the information into the corre...

Page 165: ... wired clients Allow based on the MAC address of the wireless wired clients Note The MAC filter applies to wired and wireless connections 14 1 1 What You Need to Know Every Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC address of the ...

Page 166: ...t Enable to activate MAC address filtering Set This is the index number of the MAC address Allow Select Allow to permit access to the ZyXEL Device MAC addresses not listed will be denied access to the ZyXEL Device If you clear this the MAC Address field for this set clears MAC Address Enter the MAC addresses of the wireless station that are allowed access to the ZyXEL Device in these address field...

Page 167: ...computer Section 15 3 on page 172 15 1 2 What You Need to Know The following terms and concepts may help as you read this chapter Certification Authorities A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities Public and Private Keys W...

Page 168: ... validate a certificate The ZyXEL Device does not trust a certificate if any certificate on its path has expired or been revoked Certificate Directory Servers Certification authorities maintain directory servers with databases of valid and revoked certificates A directory of certificates that have been revoked before the scheduled expiration is called a CRL Certificate Revocation List The ZyXEL De...

Page 169: ...rt a binary file to text during the transfer process It is easy for this to occur since many programs use text files by default 15 1 3 Verifying a Certificate Before you import a trusted CA or trusted remote host certificate into the ZyXEL Device you should verify that you have the actual certificate This is especially true of trusted CA certificates since the ZyXEL Device also trusts any valid ce...

Page 170: ...ation in the Thumbprint Algorithm and Thumbprint fields The secure method may very based on your situation Possible examples would be over the telephone or through an HTTPS connection 15 2 Local Certificates Use this screen to view the ZyXEL Device s summary list of certificates and certification requests You can import the following certificates to your ZyXEL Device Web Server This certificate se...

Page 171: ...formation Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or department organization or company and country Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applicable ...

Page 172: ...lear your settings Table 43 Security Certificates Local Certificates continued LABEL DESCRIPTION Table 44 Security Certificates Trusted CA LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority that you trust to the ZyXEL Device Name This field displays the name used to identify this certificate Subject This field dis...

Page 173: ...se this screen to view in depth information about the certification authority s certificate change the certificate s name and set whether or not you want the ZyXEL Device to check a certification authority s list of revoked certificates before trusting a certificate issued by the certification authority Table 45 Security Certificates Trusted CA Import LABEL DESCRIPTION Certificate File Path Type i...

Page 174: ...e name type up to 31 characters to identify this key certificate You may use any character not including spaces Certificate Detail This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII characters to convert the binary certificate into a printable form You can copy and paste the certificate into an e mail to send to friends o...

Page 175: ...e phones connected to the ZyXEL Device use and configure audio settings such as volume levels for the phones connected to the ZyXEL Device Section 16 3 on page 181 Use the Common screen to configure RFC3262 support on the ZyXEL Device Section 16 4 on page 186 Use the Phone Device screen to control which SIP accounts the phones connected to the ZyXEL Device use Section 16 5 on page 187 Use the Regi...

Page 176: ...the call SIP Accounts A SIP account is a type of VoIP account It is an arrangement with a service provider that lets you make phone calls over the Internet When you set the ZyXEL Device to use your SIP account to make calls the ZyXEL Device is able to send all the information about the phone call to your service provider on the Internet Voice Activity Detection Silence Suppression Voice Activity D...

Page 177: ...e one yet you can sign up with a VoIP service provider over the Internet You should have the information your VoIP service provider gave you ready before you start to configure the ZyXEL Device 16 2 The SIP Service Provider Screen Use this screen to configure the SIP server information and QoS for VoIP calls Click VoIP SIP to open the SIP Service Provider screen Note Click more to see all the fiel...

Page 178: ...Chapter 16 VoIP P 2601HN L F1 Series User s Guide 178 Figure 81 VoIP SIP SIP Service Provider ...

Page 179: ...r is a proxy redirect or register server SIP Server Port Enter the SIP server s listening port number if your VoIP service provider gave you one Otherwise keep the default value REGISTER Server Address Enter the IP address or domain name of the SIP register server if your VoIP service provider gave you one Otherwise enter the same address you entered in the SIP Server Address field You can use up ...

Page 180: ... router in front of the ZyXEL Device to keep it from re translating the IP address since this is already handled by the outbound proxy server Server Address Enter the IP address or domain name of the SIP outbound proxy server Server Port Enter the SIP outbound proxy server s listening port if your VoIP service provider gave you one Otherwise keep the default value QoS Tag SIP TOS Priority Setting ...

Page 181: ...se Generation When using VAD the ZyXEL Device generates comfort noise when the other party is not speaking The comfort noise lets you know that the line is still connected as total silence could easily be mistaken for a lost connection Min SE Enter the minimum number of seconds the ZyXEL Device lets a SIP session remain idle without traffic before it automatically disconnects the session When two ...

Page 182: ...s screen Table 48 VoIP SIP SIP Account LABEL DESCRIPTION Add new SIP Account Click this to configure a new SIP account This is the index number of the entry Active This shows whether the SIP account is activated or not A yellow bulb signifies that this SIP account is activated A gray bulb signifies that this SIP account is deactivated SIP Account This shows the name of the SIP account Account No T...

Page 183: ...er s Guide 183 16 3 1 Add Edit SIP Account You can configure a new SIP account or edit one To access this screen click Add new SIP Account in the SIP Account screen or the Edit icon next to an existing account Figure 83 SIP Account Add Edit ...

Page 184: ... when the ZyXEL Device sends the SIP number SIP include the SIP service domain name TEL do not include the SIP service domain name Voice Features Primary Compression Type Secondary Compression Type Third Compression Type Select the type of voice coder decoder codec that you want the ZyXEL Device to use G 711 provides higher voice quality but requires more bandwidth 64 kbps G 711MuLaw is typically ...

Page 185: ...r Call Waiting Reject Timer Specify a time of seconds that the ZyXEL Device waits before rejecting the second call if you do not answer it Active Unconditional Forward Select this if you want the ZyXEL Device to forward all incoming calls to the specified phone number Specify the phone number in the To Number field on the right Active Busy Forward Select this if you want the ZyXEL Device to forwar...

Page 186: ...ism to provide reliable transmission of SIP provisional response messages which convey information on the processing progress of the request This uses the option tag 100rel and the Provisional Response ACKnowledgement PRACK method Select Supported or Required to have the ZyXEL Device include a SIP Require Supported header field with the option tag 100rel in all INVITE requests When the ZyXEL Devic...

Page 187: ...You can edit the SIP account by clicking the Edit icon next it You cannot edit the account if it is not activated Go to VoIP SIP SIP Account Edit to activate an SIP account see Section 16 3 1 on page 183 for more information Figure 86 Phone Device Edit Table 51 VoIP Phone Phone Device LABEL DESCRIPTION This is the index number of the entry Phone ID This is the phone device number Outgoing SIP Numb...

Page 188: ...t Select a SIP account if you want to receive phone calls for the selected SIP account on this phone port If you select more than one SIP account for incoming calls there is no way to distinguish between them when you receive phone calls If you do not select a source for incoming calls you cannot receive any calls on this phone port SIP Number This shows the SIP account number FXO Interface to Rec...

Page 189: ...ll Rule Each field is described in the following table Table 54 VoIP Phone Call Rule LABEL DESCRIPTION Speed Dial Use this section to create or edit speed dial entries Select the speed dial number you want to use for this phone number Number Enter the SIP number you want the ZyXEL Device to call when you dial the speed dial number Description Enter a short description to identify the party you cal...

Page 190: ...isplays the SIP number the ZyXEL Device calls when you dial the speed dial number Description This field displays a short description of the party you call when you dial the speed dial number Modify Use this field to edit or erase the speed dial entry Click the Edit icon to copy the information for this speed dial entry into the Speed Dial section where you can change it Click Add when you finish ...

Page 191: ...Pre Fix For FXO Outgoing Call Pre Fix Number Enter 1 7 numbers you dial before you dial the phone number if you want to make a regular phone call while one of your SIP accounts is registered These numbers tell the ZyXEL Device that you want to make a regular phone call Voice Features Active G 168 Select this if you want to eliminate the echo caused by the sound of your voice reverberating in the t...

Page 192: ...vice Domain SIP Number The SIP number is the part of the SIP URI that comes before the symbol A SIP number can use letters like in an e mail address johndoe your ITSP com for example or numbers like a telephone number 1122334455 VoIP provider com for example SIP Service Domain The SIP service domain of the VoIP service provider is the domain name in a SIP URI For example if the SIP address is 1122...

Page 193: ...ents SIP registrations and subsequent SIP requests require a username and password for authorization These credentials are validated via a challenge response system using the HTTP digest mechanism as detailed in RFC3261 SIP Session Initiation Protocol SIP Servers SIP is a client server protocol A SIP client is an application program or device that sends SIP requests A SIP server responds to the SI...

Page 194: ...Server A SIP redirect server accepts SIP requests translates the destination address to an IP address and sends the translated IP address back to the device that sent the request Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server Redirect servers do not initiate SIP requests In the following example you want to...

Page 195: ...e and password when you register RTP When you make a VoIP call using SIP the RTP Real time Transport Protocol is used to handle voice data transfer See RFC 3550 for details on RTP Pulse Code Modulation Pulse Code Modulation PCM measures analog signal amplitudes at regular time intervals and converts them into bits SIP Call Progression The following figure displays the basic steps in the setup and ...

Page 196: ... codecs G 711 is a Pulse Code Modulation PCM waveform codec PCM measures analog signal amplitudes at regular time intervals and converts them into digital samples G 711 provides very good sound quality but requires 64 kbps of bandwidth G 726 is an Adaptive Differential PCM ADPCM waveform codec that uses a lower bitrate than standard PCM conversion ADPCM converts analog audio into digital signals b...

Page 197: ...bandwidth for real time multimedia applications Type of Service ToS Network traffic can be classified by setting the ToS Type of Service values at the data source for example at the ZyXEL Device so a server can decide the best method of delivery that is the least cost fastest route and so on DiffServ DiffServ is a class of service CoS model that marks packets so that they receive specific per hop ...

Page 198: ... traffic can be marked for different priorities of forwarding Resources can then be allocated according to the DSCP values and the configured policies VLAN Tagging Virtual Local Area Network VLAN allows a physical network to be partitioned into multiple logical networks Only stations within the same group can communicate with each other Your ZyXEL Device can add IEEE 802 1Q VLAN ID tags to voice f...

Page 199: ...mentary Phone Services This section describes how to use supplementary phone services with the Europe Type Call Service Mode Commands for supplementary services are listed in the table below After pressing the flash key if you do not issue the sub command before the default sub command time out 2 seconds expires or issue an invalid sub command the current operation will be aborted Table 57 Europea...

Page 200: ...rectory number If there is a second call to a telephone number you will hear a call waiting tone Take one of the following actions Reject the second call Press the flash key and then press 0 Disconnect the first call and answer the second call Either press the flash key and press 1 or just hang up the phone and then answer the phone after it rings Put the first call on hold and answer the second c...

Page 201: ...tone 2 Dial a phone number directly to make another call 3 When the second call is answered press the flash key and press 3 to create a three way conversation 4 Hang up the phone to drop the connection 5 If you want to separate the activated three way conference into two individual connections one is on line the other is on hold press the flash key and press 2 ...

Page 202: ...Chapter 16 VoIP P 2601HN L F1 Series User s Guide 202 ...

Page 203: ...1 What You Can Do in this Chapter Use the Phone Log screen to view phone logs and alert messages Section 17 2 on page 203 Use The VoIP Call History screen to view the details of the calls performed on the ZyXEL Device Section 17 3 on page 204 17 2 The Phone Log Screen Click System Monitor Log to open the Phone Log screen Use this screen to view phone logs and alert messages You can select the type...

Page 204: ...ll the logs This field is a sequential value and is not associated with a specific entry Time This field displays the time the log was recorded Level This field displays the severity level of the logs that the device is to send to this syslog server Message This field states the reason for the log Table 59 System Monitor Log Call History LABEL DESCRIPTION Select a category of call records to view ...

Page 205: ...17 Logs P 2601HN L F1 Series User s Guide 205 Interface This field displays the type of the call Duration This field displays how long the call lasted Table 59 System Monitor Log Call History LABEL DESCRIPTION ...

Page 206: ...Chapter 17 Logs P 2601HN L F1 Series User s Guide 206 ...

Page 207: ...affic statistics Section 18 2 on page 207 Use the LAN screen to view the LAN traffic statistics Section 18 3 on page 208 Use the NAT screen to view the NAT status of the ZyXEL Device s client s Section 18 4 on page 209 Use the VoIP Status screen to view the VoIP traffic statistics Section 18 5 on page 210 18 2 The WAN Status Screen Click System Monitor Traffic Status to open the WAN screen You can...

Page 208: ...m the drop down list box Connected Interface This shows the name of the WAN interface that is currently connected Packets Sent Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Packets Received Data This indicates the...

Page 209: ... packets dropped on this interface Received Packet Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 61 System Monitor Traffic Status LAN continued LABEL DESCRIPTION Table 62 System Monitor Traffic Status NAT LABEL DE...

Page 210: ...count You can change this in the System Info screen Registered The SIP account is registered with a SIP server Disabled The last time the ZyXEL Device tried to register the SIP account with the SIP server the attempt failed The ZyXEL Device automatically tries to register the SIP account when you turn on the ZyXEL Device or when you activate it Inactive The SIP account is not active You can activa...

Page 211: ...calls or outgoing calls being made Dial The callee s phone is ringing Ring The phone is ringing for an incoming VoIP call InCall There is a VoIP call in progress DISC The callee s line is busy the callee hung up or your phone was left off the hook Codec This field displays what voice codec is being used for a current VoIP call through a phone port Peer Number This field displays the SIP number of ...

Page 212: ...Chapter 18 System Monitor P 2601HN L F1 Series User s Guide 212 ...

Page 213: ...bels in this screen Table 64 Maintenance User Account LABEL DESCRIPTION User Name You can configure the password for the admin or user account Select admin or user from the drop down list box Old Password Type the default password or the existing password you use to access the system in this field New Password Type your new system password up to 30 characters Note that as you type a password the s...

Page 214: ...User Account P 2601HN L F1 Series User s Guide 214 Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 64 Maintenance User Account continued LABEL DESCRIPTION ...

Page 215: ...f UPnP It allows the users to use a TR 064 compliant CPE management application on their computers from the LAN to discover the CPE and configure user specific parameters such as the username and password SSH SCP SFTP Secure Shell SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured net...

Page 216: ...es This is the service you may use to access the ZyXEL Device LAN WLAN Select the Enable check box for the corresponding services that you want to allow access to the ZyXEL Device from the LAN and WLAN WAN Select the Enable check box for the corresponding services that you want to allow access to the ZyXEL Device from the WAN Port You may change the server port number for a service if needed howev...

Page 217: ...management information between network devices Your ZyXEL Device supports SNMP agent functionality which allows a manager station to manage and monitor the ZyXEL Device through the network The ZyXEL Device supports SNMP version one SNMPv1 and version two SNMPv2c The next figure illustrates an SNMP management operation Figure 102 SNMP Management Model An SNMP managed network consists of two main ty...

Page 218: ...s Get Allows the manager to retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations Set Allows the manager to set values for object variables within an agent T...

Page 219: ...rap Destination Type the IP address of the station to send your SNMP traps to Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel to restore your previously saved settings Table 66 Maintenance SNMP continued LABEL DESCRIPTION ...

Page 220: ...Chapter 21 SNMP P 2601HN L F1 Series User s Guide 220 ...

Page 221: ...example in the network address www zyxel com support files the domain name is www zyxel com 22 2 The System Screen Use the System screen to configure the system s host name domain name and inactivity time out interval The Host Name is for identification purposes However because some ISPs check this name you should enter your computer s Computer Name Find the system name of your Windows computer In...

Page 222: ...er the domain name if you know it here If you leave this field blank the ISP may assign a domain name via DHCP The domain name entered by you is given priority over the ISP assigned domain name Administrator Inactivity Timer Type how many minutes a management session either via the web configurator can be left idle before the session times out The default is 5 minutes After it times out you have t...

Page 223: ... Time Setting The screen appears as shown Use this screen to configure the ZyXEL Device s time based on your local time zone Figure 105 Maintenance Time Setting The following table describes the fields in this screen Table 68 Maintenance System Time Setting LABEL DESCRIPTION Current Date Time Current Time This field displays the time of your ZyXEL Device Current Date This field displays the date o...

Page 224: ...e starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sunday March The time you type in the o clock field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GMT or UTC GM...

Page 225: ...ure where the ZyXEL Device sends logs and which logs and or immediate alerts the ZyXEL Device records in the Log Setting screen 24 2 The Log Setting Screen To change your ZyXEL Device s log settings click Maintenance Log Setting The screen appears as shown Figure 106 Maintenance Log Setting ...

Page 226: ...logging Syslog Server Enter the server name or IP address of the syslog server that will log the selected categories of logs UDP Port Enter the port number used by the syslog server Active Log and Select Level Log Category Select the categories of logs that you want to record Log Level Select the severity level of logs that you want to record If you want to record all logs select ALL Apply Click A...

Page 227: ...re Upgrade Screen Click Maintenance Firmware Upgrade to open the following screen The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minutes After a successful upload the system will reboot Do NOT turn off the ZyXEL Device while firmware upload is in progress Figure 107 Maintenance Firmware Upgrade The following table describes the labels in this screen Table 70 Mainte...

Page 228: ...op Figure 109 Network Temporarily Disconnected After five minutes log in again and check your new firmware version in the Status screen If the upload was not successful an error screen will appear Click OK to go back to the Firmware Upgrade screen Figure 110 Error Message Browse Click this to find the bin file you want to upload Remember that you must decompress compressed zip files before you can...

Page 229: ... configuration appears in this screen as shown next Figure 111 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the ZyXEL Device s current configuration to a file on your computer Once your ZyXEL Device is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backu...

Page 230: ...etwork Temporarily Disconnected If you restore the default configuration you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 See Appendix B on page 265 for details on how to set up your computer s IP address If the upload was not successful an error screen will appear Click OK to go back to the Configuration screen Ta...

Page 231: ...n Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device Refer to Section 1 6 on page 25 for more information on the RESET button 26 3 The Reboot Screen System restart allows you to reboot the ZyXEL Device remotely without turning the power off You may need to do this if the ZyXEL Device hangs for example Click Maintenance Reboot Cl...

Page 232: ...Chapter 26 Backup Restore P 2601HN L F1 Series User s Guide 232 ...

Page 233: ...u identify problems with the ZyXEL Device 27 1 1 What You Can Do in this Chapter Use the Ping screen to ping an IP address and see the ping statistics Section 27 2 on page 233 Use the DSL Line screen to check or reset your DSL connection Section 27 3 on page 234 27 2 The Ping Screen Use this screen to ping an IP address Click Maintenance Diagnostic to open the Ping screen shown next Figure 115 Mai...

Page 234: ...Line Screen Click Maintenance Diagnostic DSL Line to open the screen shown next Figure 116 Maintenance Diagnostic DSL Line Table 72 Maintenance Diagnostic Ping LABEL DESCRIPTION Ping Type the IP address of a computer that you want to ping in order to test a connection Click Ping and the ping statistics will show in the diagnostic ...

Page 235: ...so receives ATM cells and reassembles them into packets These counters are set back to zero whenever the device starts up inPkts is the number of good ATM cells that have been received inDiscards is the number of received ATM cells that were rejected outPkts is the number of ATM cells that have been sent outDiscards is the number of ATM cells sent that were rejected ATM Loopback Test Click this bu...

Page 236: ...n This is displayed as the number in hexadecimal format of bits transmitted for each tone This can be used to determine the quality of the connection whether a given sub carrier loop has sufficient margins to support certain ADSL transmission rates and possibly to determine whether particular specific types of interference or line attenuation exist Refer to the ITU T G 992 1 recommendation for mor...

Page 237: ... Calls and VoIP Wireless LAN Troubleshooting 28 2 Power Hardware Connections and LEDs The ZyXEL Device does not turn on None of the LEDs turn on 1 Make sure the ZyXEL Device is turned on 2 Make sure you are using the power adaptor or cord included with the ZyXEL Device 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure the...

Page 238: ... you changed the IP address and have forgotten it you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer To do this in most Windows computers click Start Run enter cmd and then enter ipconfig The IP address of the Default Gateway might be the IP address of the ZyXEL Device it depends on the network so enter this IP address in your Int...

Page 239: ...can access the ZyXEL Device check the remote management settings and firewall rules to find out why the ZyXEL Device does not respond to HTTP If your computer is connected wirelessly use a computer that is connected to a LAN port I can see the Login screen but I cannot log in to the ZyXEL Device 1 Make sure you have entered the user name and password correctly The default user name is admin These ...

Page 240: ...t information correctly These fields are case sensitive so make sure Caps Lock is not on 3 If you are trying to access the Internet wirelessly make sure the wireless settings in the wireless client are the same as the settings in the AP 4 Disconnect all the cables from your device and follow the directions in the Quick Start Guide again 5 If the problem continues contact your ISP I cannot access t...

Page 241: ...AP if possible and look around to see if there are any devices that might be interfering with the wireless network for example microwaves other wireless networks and so on 3 Turn the ZyXEL Device off and on 4 If the problem continues contact the network administrator or vendor or try one of the advanced suggestions 28 5 Phone Calls and VoIP The telephone port won t work or the telephone lacks a di...

Page 242: ... the wireless adapter installed on your computer is IEEE 802 11 compatible and supports the same wireless standard as the ZyXEL Device 4 Make sure your computer with a wireless adapter installed is within the transmission range of the ZyXEL Device 5 Check that both the ZyXEL Device and your wireless station are using the same wireless and wireless security settings 6 Check if MAC Filter is configu...

Page 243: ...ts DSL Port P 2601HN L F1 One RJ 11 DSL port P 2601HN L F3 One RJ 45 DSL port PHONE Ports 1 RJ 11 FXS POTS port Line Port L models only One FXO Foreign Exchange Office lifeline port RESET Button Restores the ZyXEL Device s factory default settings if pressed for more than 5 seconds Restarts reboots the ZyXEL Device if pressed for more than 2 second WIRELESS ON OFF button Press for 1 to 5 second s ...

Page 244: ...ote Only upload firmware for your specific model Configuration Backup Restoration Make a copy of the ZyXEL Device s configuration You can put it back on the ZyXEL Device later if you decide to revert back to an earlier configuration Pass through Traffic Type SIP RTP PPTP L2TP IPSec VPN Network Address Translation NAT Each computer on your network must have its own unique IP address Use NAT to conv...

Page 245: ...rvices DiffServ Time and Date Get the current time and date from an external server when you turn on your ZyXEL Device You can also set the time manually These dates and times are then used in logs Logs Use logs for troubleshooting You can send logs from the ZyXEL Device to an external syslog server Universal Plug and Play UPnP A UPnP enabled device can dynamically join a network obtain an IP addr...

Page 246: ...69 HTTPS response slowly due to software encryption Download bins with custom default settings Configuration download using HTTP s PPPoE Support RFC2516 PPPoE Point to Point Protocol over Ethernet emulates a dial up connection It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL The PPPoE driver on your device is transparent to the computers...

Page 247: ...2516 RE ADSL Reach Extended ADSL SRA Seamless Rate Adaption Auto negotiating rate adaption EOC specified in ITU T G 992 1 ADSL physical connection AAL5 ATM Adaptation Layer type 5 Other Protocol Support PPP Point to Point Protocol link layer protocol Transparent bridging for unsupported network layer protocols ICMP SNTP IPTV ATM QoS IGMP v1 v2 v3 Management Embedded Web Configurator CLI Command Li...

Page 248: ...llows you to hear an alert when you are already using the phone and another person calls you You can then either reject the new incoming call put your current call on hold and receive the new incoming call or end the current call and receive the new incoming call Call forwarding With this feature you can set the forward calls to a specified number either unconditionally always when your number is ...

Page 249: ... SIP version 2 Session Initiatiion Protocol RFC 3261 SDP Session Description Protocol RFC 2327 RTP RFC 1889 RTCP RFC 1890 Voice codecs coder decoders G 711 mu law G 711 a law G 729 726 32 722 Fax and data modem discrimination DTMF Detection and Generation DTMF In band and Out band traffic RFC 2833 PCM SIP INFO Quick dialing through predefined phone book which maps the phone dialing number Table 76...

Page 250: ...0 135 and 150Mbps 802 11g 6 9 12 18 24 36 48 54 Mbps 802 11b 1 2 5 5 11Mbps Auto Fallback Modulation Technique IEEEE 802 11n OFDMDSSS BPSK QPSK 16 QAM 64 QAM IEEEE 802 11g OFDMDSSS BPSK QPSK 16 QAM 64 QAM 802 11b DSSS CCK 11Mbps 5 5Mbps DQPSK 2Mbps DBPSK 1Mbps Turn on off WLAN by WLAN button press the WLAN button for one second to turn the WLAN on or turn off five seconds to turn on WPS IEEE 802 1...

Page 251: ... Asymmetrical Digital Subscriber Line ADSL Transceivers ITU G 992 1 G DMT ITU standard for ADSL using discrete multitone modulation ITU G 992 3 G dmt bis ITU standard also referred to as ADSL2 that extends the capability of basic ADSL in data rates ITU G 992 5 ADSL2 ITU standard also referred to as ADSL2 that extends the capability of basic ADSL by doubling the number of downstream bits RFC 2383 S...

Page 252: ...ostatic Discharge EN61000 4 2 Radio Frequency Electromagnetic Field EN61000 4 3 EFT Burst EN61000 4 4 Surge EN61000 4 5 Conducted Susceptibility EN61000 4 6 Voltage Dips Interruption EN61000 4 11 Overvoltage K 21 Enhanced Level 6 kV EN 60950 1 with National amendments SE Others EN 301 489 1 17 FUNCTION REGION AND CERTIFICATION ...

Page 253: ...umber and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on ...

Page 254: ...g a logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host I...

Page 255: ...work number bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address with host IDs of all ones is the broadcast address for that network 192 168 1 255 with a 24 bit subnet mask for example As these two IP addresses cannot be used for individual hosts calculate the ...

Page 256: ...etting You can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the company network for security reasons In this example the company network address is 192 168 1 0 The first three octets of the address 192 168 1 are the network number and the remaining octet is th...

Page 257: ... subnetting Figure 118 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 ...

Page 258: ...5 255 255 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide ...

Page 259: ...ess Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host ID 192 168 1 65 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Table 85 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 1111...

Page 260: ...7 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Table 88 24 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 3...

Page 261: ...work Address Translation NAT on the ZyXEL Device Once you have decided on the network number pick an IP address for your ZyXEL Device that is easy to remember for instance 192 168 1 1 but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your ZyXEL Device will compute the subnet mask automatically based on ...

Page 262: ...and if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Addr...

Page 263: ...s For example if a router is set between a LAN and the Internet WAN the router s LAN and WAN addresses must be on different subnets In the following example the LAN and WAN are on the same subnet The LAN computers cannot access the Internet because the router cannot route between networks Figure 121 Conflicting Computer IP Addresses Example Conflicting Computer and Router IP Addresses Example More...

Page 264: ...2601HN L F1 Series User s Guide 264 The computer cannot access the Internet This problem can be solved by assigning a different IP address to the computer or the router s LAN port Figure 122 Conflicting Computer and Router IP Addresses Example ...

Page 265: ...c OS 9 OS X and all versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sure that your network s computers have IP addresses that place them in the same subnet In this appendix you can set up an IP address for Windows XP NT 2000 on page 265 Windows Vista on page 268 Windows 7 on page...

Page 266: ...6 1 Click Start Control Panel Figure 123 Windows XP Start Menu 2 In the Control Panel click the Network Connections icon Figure 124 Windows XP Control Panel 3 Right click Local Area Connection and then select Properties Figure 125 Windows XP Control Panel Network Connections Properties ...

Page 267: ...ies User s Guide 267 4 On the General tab select Internet Protocol TCP IP and then click Properties Figure 126 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens Figure 127 Windows XP Internet Protocol TCP IP Properties ...

Page 268: ...nd an Alternate DNS server if that information was provided 7 Click OK to close the Internet Protocol TCP IP Properties window 8 Click OK to close the Local Area Connection Properties window Verifying Settings 1 Click Start All Programs Accessories Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also go to Start Control Panel Network Connections right click...

Page 269: ...de 269 2 In the Control Panel click the Network and Internet icon Figure 129 Windows Vista Control Panel 3 Click the Network and Sharing Center icon Figure 130 Windows Vista Network And Internet 4 Click Manage network connections Figure 131 Windows Vista Network and Sharing Center ...

Page 270: ...hen select Properties Figure 132 Windows Vista Network and Sharing Center Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue 6 Select Internet Protocol Version 4 TCP IPv4 and then select Properties Figure 133 Windows Vista Local Area Connection Properties ...

Page 271: ...namically Select Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced 9 Click OK to close the Internet Protocol TCP IP Properties window 1...

Page 272: ...rk Connections right click a network connection click Status and then click the Support tab to view your IP address and connection information Windows 7 This section shows screens from Windows 7 Enterprise 1 Click Start Control Panel Figure 135 Windows 7 Start Menu 2 In the Control Panel click View network status and tasks under the Network and Internet category Figure 136 Windows 7 Control Panel ...

Page 273: ...adapter settings Figure 137 Windows 7 Network And Sharing Center 4 Double click Local Area Connection and then select Properties Figure 138 Windows 7 Local Area Connection Status Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue ...

Page 274: ... s Guide 274 5 Select Internet Protocol Version 4 TCP IPv4 and then select Properties Figure 139 Windows 7 Local Area Connection Properties 6 The Internet Protocol Version 4 TCP IPv4 Properties window opens Figure 140 Windows 7 Internet Protocol Version 4 TCP IPv4 Properties ...

Page 275: ...red DNS server and an Alternate DNS server if that information was provided Click Advanced if you want to configure advanced settings for IP DNS and WINS 8 Click OK to close the Internet Protocol TCP IP Properties window 9 Click OK to close the Local Area Connection Properties window Verifying Settings 1 Click Start All Programs Accessories Command Prompt 2 In the Command Prompt window type ipconf...

Page 276: ...omputer s IP Address P 2601HN L F1 Series User s Guide 276 1 Click Apple System Preferences Figure 142 Mac OS X 10 4 Apple Menu 2 In the System Preferences window click the Network icon Figure 143 Mac OS X 10 4 System Preferences ...

Page 277: ...eferences pane opens select Built in Ethernet from the network connection type list and then click Configure Figure 144 Mac OS X 10 4 Network Preferences 4 For dynamically assigned settings select Using DHCP from the Configure IPv4 list in the TCP IP tab Figure 145 Mac OS X 10 4 Network Preferences TCP IP Tab ...

Page 278: ...d settings do the following From the Configure IPv4 list select Manually In the IP Address field type your IP address In the Subnet Mask field type your subnet mask In the Router field type the IP address of your device Figure 146 Mac OS X 10 4 Network Preferences Ethernet 6 Click Apply Now and close the window ...

Page 279: ... TCP IP properties by clicking Applications Utilities Network Utilities and then selecting the appropriate Network Interface from the Info tab Figure 147 Mac OS X 10 4 Network Utility Mac OS X 10 5 The screens in this section are from Mac OS X 10 5 1 Click Apple System Preferences Figure 148 Mac OS X 10 5 Apple Menu ...

Page 280: ...ences click the Network icon Figure 149 Mac OS X 10 5 Systems Preferences 3 When the Network preferences pane opens select Ethernet from the list of available connection types Figure 150 Mac OS X 10 5 Network Preferences Ethernet 4 From the Configure list select Using DHCP for dynamically assigned settings ...

Page 281: ...address In the Subnet Mask field enter your subnet mask In the Router field enter the IP address of your ZyXEL Device Figure 151 Mac OS X 10 5 Network Preferences Ethernet 6 Click Apply and close the window Verifying Settings Check your TCP IP properties by clicking Applications Utilities Network Utilities and then selecting the appropriate Network interface from the Info tab Figure 152 Mac OS X 1...

Page 282: ...vidual configuration The following screens use the default Ubuntu 8 installation Note Make sure you are logged in as the root administrator Follow the steps below to configure your computer IP address in GNOME 1 Click System Administration Network Figure 153 Ubuntu 8 System Administration Menu 2 When the Network Settings window opens click Unlock to open the Authenticate window By default the Unlo...

Page 283: ...nticate window enter your admin account name and password then click the Authenticate button Figure 155 Ubuntu 8 Administrator Account Authentication 4 In the Network Settings window select the connection that you want to configure then click Properties Figure 156 Ubuntu 8 Network Settings Connections ...

Page 284: ...tion list select Static IP address if you have a static IP address Fill in the IP address Subnet mask and Gateway address fields 6 Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen 7 If you know your DNS server IP address es click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided Figu...

Page 285: ... Figure 159 Ubuntu 8 Network Tools Linux openSUSE 10 3 KDE This section shows you how to configure your computer s TCP IP settings in the K Desktop Environment KDE using the openSUSE 10 3 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default openSUSE 10 3 instal...

Page 286: ...ings YaST Figure 160 openSUSE 10 3 K Menu Computer Menu 2 When the Run as Root KDE su dialog opens enter the admin password and click OK Figure 161 openSUSE 10 3 K Menu Computer Menu 3 When the YaST Control Center window opens select Network Devices and then click the Network Card icon Figure 162 openSUSE 10 3 YaST Control Center ...

Page 287: ...the Network Settings window opens click the Overview tab select the appropriate connection Name from the list and then click the Configure button Figure 163 openSUSE 10 3 Network Settings 5 When the Network Card Setup window opens click the Address tab Figure 164 openSUSE 10 3 Network Card Setup ...

Page 288: ...anges and close the Network Card Setup window 8 If you know your DNS server IP address es click the Hostname DNS tab in Network Settings and then enter the DNS server information in the fields provided Figure 165 openSUSE 10 3 Network Settings 9 Click Finish to save your settings and close the window Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP IP properties...

Page 289: ...r s IP Address P 2601HN L F1 Series User s Guide 289 When the Connection Status KNetwork Manager window opens click the Statistics tab to see if your connection is working properly Figure 167 openSUSE Connection Status KNetwork Manager ...

Page 290: ...Appendix B Setting Up Your Computer s IP Address P 2601HN L F1 Series User s Guide 290 ...

Page 291: ...ernet Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Bl...

Page 292: ...box in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 169 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab ...

Page 293: ...to open the Pop up Blocker Settings screen Figure 170 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to move the IP address to the list of Allowed sites Figure 171 Pop up Blocker Settings ...

Page 294: ...figurator do not display properly in Internet Explorer check that JavaScript are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 172 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selecte...

Page 295: ... Click OK to close the window Figure 173 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected ...

Page 296: ...r s Guide 296 5 Click OK to close the window Figure 174 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Click OK to close the window Figure 175 Java Sun ...

Page 297: ...re used here Screens for other versions may vary You can enable Java Javascript and pop ups in one screen Click Tools then click Options in the screen that appears Figure 176 Mozilla Firefox Tools Options Click Content to show the screen below Select the check boxes as shown in the following screen Figure 177 Mozilla Firefox Content Security ...

Page 298: ...Appendix C Pop up Windows JavaScript and Java Permissions P 2601HN L F1 Series User s Guide 298 ...

Page 299: ...ependent network which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 178 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a ...

Page 300: ... Extended Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless netwo...

Page 301: ...n adjacent AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels ...

Page 302: ...e must first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer their transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the...

Page 303: ...nchronization field in a packet Short preamble increases performance as less time sending preamble means more time for sending data All IEEE 802 11 compliant wireless adapters support long preamble but not all support short preamble Use long preamble if you are unsure what preamble mode other wireless devices on the network support and to provide more reliable communications in busy wireless netwo...

Page 304: ... figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device Note You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it Table 90 IEEE 802 11g DATA RATE MBPS MODULATION 1 DBPSK Differential Binary Phase Shift Keyed 2 DQPSK Differential Quadrature Phase Shift Keying 5 5 11 C...

Page 305: ...or the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RADIUS server handles the following tasks Authentication Determines the identity of the users Authorization Determines the network services available to authenticated users once they are connected to...

Page 306: ...AP and LEAP Your wireless LAN device may not support all authentication types EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism in order to support multiple types of user authentication By using EAP to interact with an EAP compatible RADIUS server an access point helps a wireless station and a RADIUS server perform authenti...

Page 307: ... passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the server side authentications to establi...

Page 308: ... WPA and WPA2 Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WPA Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication If both an AP and the wireless clients support WPA2 and you have an external RADIUS server use ...

Page 309: ... a Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients This all happens in the background automatically The Message Integrity Check MIC is designed to prevent an attacker from capturing data ...

Page 310: ...lready connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA At the time of writing the most widely available supplicant is the WPA patch for Windows XP Funk Software s Odyssey client The Windows XP ...

Page 311: ... with RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as follows 1 First enter identical passwords into the AP and all wireless clients The Pre Shared Key PSK must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters including spaces and symbols 2 The AP checks each wireless client s password and allows it to join the network only if the ...

Page 312: ... for each authentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 93 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL ENCRYPTIO N METHOD ENTER MANUAL KEY IEEE 802 1X Open None No Disable Enable without Dynamic WEP Key Open WEP No Enable with Dynamic WEP Key Yes Enable without Dyn...

Page 313: ...antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an indoor site each 1 dB increase in antenna gain results in a range increase of approximately 2 5 For an unobstructed outdoor site each 1dB increase in gain results in a range increase of ap...

Page 314: ...nted on a table desk and so on point the antenna up For omni directional antennas mounted on a wall or ceiling point the antenna down For a single AP application place omni directional antennas as close to the center of the coverage area as possible For directional antennas point the antenna in the direction of the desired coverage area WiFi Protected Setup Your ZyXEL Device supports WiFi Protecte...

Page 315: ...ends the network name SSID and security key through an secure connection to the enrollee If you need to make sure that WPS worked check the list of associated wireless clients in the AP s configuration utility If you see the wireless client in the list WPS was successful PIN Configuration Each WPS enabled device has its own PIN Personal Identification Number This may either be static it cannot be ...

Page 316: ... 3 Log into the configuration utility of the registrar Select the PIN connection mode not the PBC connection mode Locate the place where you can enter the enrollee s PIN if you are using the ZyXEL Device see Section 6 4 on page 93 Enter the PIN from the enrollee device 4 Activate WPS on both devices within two minutes Note Use the configuration utility to activate WPS not the push button on the de...

Page 317: ...hat supplies network and security settings and the other device acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the...

Page 318: ...ed devices and the new device Note that the access point AP is not always the registrar and the wireless client is not always the enrollee All WPS certified APs can be a registrar and so can some WPS enabled wireless clients By default a WPS devices is unconfigured This means that it is not part of an existing network and can act as either enrollee or registrar if it supports both functions If the...

Page 319: ... randomly generates the security information to set up the network since it is unconfigured and has no existing information Figure 186 WPS Example Network Step 1 In step 2 you add another wireless client to the network You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to us...

Page 320: ... two enrollees and one registrar you must set up the first enrollee by pressing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devices However you can still add non WPS devices to a network you already set up using WPS WPS works by automatically issuing a...

Page 321: ...o see if this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open the access point s configuration interface and look at the list of associated clients usually displayed by MAC address It does not matter if the access point is the WPS registrar the enrollee...

Page 322: ...Appendix D Wireless LANs P 2601HN L F1 Series User s Guide 322 ...

Page 323: ...further information about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of the applications that use this service or the situations in which this service is used Table 94 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH A...

Page 324: ...d 2 Internet Group Management Protocol is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management IRC TCP UDP 6667 This is another popular Internet chat program MSN Messenger TCP 1863 Microsoft Networks messenger service uses this protocol NEW ICQ TCP 5190 An Internet chat program NEWS TCP 144 A protocol for...

Page 325: ...ol is the message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for use with the SNMP RFC 1215 SQL NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems including mainframes midrange systems UNIX systems...

Page 326: ...ile Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP 7000 Another videoconferencing solution Table 94 Commonly Used Services continued NAME PROTOCOL PORT S DESCRIPTION ...

Page 327: ...tion files accompanying the Software Documentation for internal business use only for up to the number of users specified in sales order and invoice You have the right to make one backup copy of the Software and Documentation solely for archival back up or disaster recovery purposes You shall not exceed the scope of the license granted hereunder Any rights not expressly granted by ZyXEL to you are...

Page 328: ...ced Components or by applicable law you may not market co brand private label or otherwise permit third parties to link to the Software or any part thereof You may not use the Software or any part thereof in the operation of a service bureau or for the benefit of any other person or entity You may not cause assist or permit any third party to do any of the foregoing Portions of the Software utiliz...

Page 329: ... Limitation of Liability IN NO EVENT WILL ZyXEL BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES INCLUDING WITHOUT LIMITATION INDIRECT SPECIAL PUNITIVE OR EXEMPLARY DAMAGES FOR LOSS OF BUSINESS LOSS OF PROFITS BUSINESS INTERRUPTION OR LOSS OF BUSINESS INFORMATION ARISING OUT OF THE USE OF OR INABILITY TO USE THE PROGRAM OR FOR ANY CLAIM BY ANY OTHER PARTY EVEN IF ZyX...

Page 330: ...oprietary rights and non disclosure shall survive the termination of this Software License Agreement 11 General This License Agreement shall be construed interpreted and governed by the laws of Republic of China without regard to conflicts of laws provisions thereof The exclusive forum for any disputes arising out of or relating to this License Agreement shall be an appropriate court or Commercial...

Page 331: ...g software gnulib libedit 20080712 2 11 http libedit sourceforge net libupnp 1 4 2 http www libupnp org libpcap 1 0 0 http www tcpdump org linuxigd 1 http linux igd sourceforge net logrotate 3 7 1 http logrotate darwinports com mini_httpd http www acme com software mini_httpd mtd utils 1 0 0 http www linux mtd infradead org ncurses 5 7 http www gnu org software ncurses openssh 5 2p1 http www opens...

Page 332: ...Appendix F Open Software Announcements P 2601HN L F1 Series User s Guide 332 ...

Page 333: ... patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Certifications Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the following two conditions This device may not cause ha...

Page 334: ...e dealer or an experienced radio TV technician for help FCC Radiation Exposure Statement This transmitter must not be co located or operating in conjunction with any other antenna or transmitter IEEE 802 11b or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 To comply with FCC RF exposure compliance requirements a separation distance of at least 20 cm mu...

Page 335: ...in material or workmanship for a specific period the Warranty Period from the date of purchase The Warranty Period varies by region Check with your vendor and or the authorized ZyXEL local distributor for details about the Warranty Period of this product During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials Z...

Page 336: ...s of any kind to the purchaser To obtain the services of this warranty contact your vendor You may also refer to the warranty policy for the region in which you bought the device at http www zyxel com web support_warranty_info php Registration Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com ...

Page 337: ...up configuration 229 bandwidth management 135 Basic Service Set see BSS blinking LEDs 24 broadcast 68 BSS 101 299 example 102 BYE request 196 C CA 167 307 call forwarding 248 call hold 200 call return 248 call rule 189 190 call service mode 199 call transfer 200 call waiting 200 248 caller ID 248 CBR 79 CBR Constant Bit Rate 72 certificate factory default 171 Certificate Authority see CA certifica...

Page 338: ... disclaimer 333 DNS 112 131 domain name system see DNS DS Differentiated Services 148 DS field 148 198 DSCP 147 197 DSL line reinitialize 236 DTMF 197 detection and generation 249 Dual Tone MultiFrequency see DTMF dynamic DNS 157 Dynamic Host Configuration Protocol see DHCP dynamic jitter buffer 248 dynamic WEP key exchange 308 DYNDNS wildcard 157 E EAP Authentication 306 echo cancellation 176 249...

Page 339: ...t 27 ping 233 IP pool 114 IP pool setup 118 ITU T 176 ITU T G 992 1 236 J jitter buffer 248 L LAN 111 client list 114 MAC address 115 LAN TCP IP 118 limitations wireless LAN 101 WPS 108 listening port 180 Local Area Network see LAN login passwords 28 logout 28 automatic 28 logs 203 207 225 M MAC 64 MAC address 115 filter 99 Management Information Base MIB 218 managing the device command interface ...

Page 340: ... Protocol Link Layer Protocol 247 PPPoA 77 PPPoE 76 246 preamble 98 preamble mode 303 product registration 336 profile 42 PSK 309 PSTN call setup signaling 197 Public Switched Telephone Network 21 pulse dialing 197 Push Button Configuration see PBC push button WPS 103 PVC 247 Q QoS 135 136 147 197 249 Quality of Service 249 Quality of Service see QoS quick dialing 249 Quick Start Guide 27 R RADIUS...

Page 341: ...server 194 redirect server 194 register server 195 servers 193 service domain 192 URI 192 user agent 193 version 2 249 SNMP 217 218 agents 218 Get 218 GetNext 218 Manager 218 managers 218 MIB 218 network components 217 Set 218 Trap 218 versions 217 speed dial 189 SSID 99 activation 91 MBSSID 102 stateful inspection 245 static route 127 status 61 status bar 34 status indicators 24 storage humidity ...

Page 342: ...91 features 22 peer to peer calls 189 tutorial 47 VoIP features 22 23 VoIP status 210 VPI 77 W WAN 67 ATM QoS 79 encapsulation 67 IGMP 68 IP address 68 77 multicast 68 multiplexing 77 traffic shaping 78 example 79 VCI 77 VPI 77 warnings 7 warranty 335 note 335 Web Configurator 27 web configurator passwords 28 WEP 87 101 WEP Encryption 88 Wide Area Network see WAN Wi Fi Protected Access see WPA wir...

Page 343: ...ity parameters 312 see also wireless WEP 87 WPA 101 249 308 key caching 310 pre authentication 310 user authentication 310 vs WPA PSK 309 wireless client supplicant 310 with RADIUS application example 310 WPA2 308 user authentication 310 vs WPA2 PSK 309 wireless client supplicant 310 with RADIUS application example 310 WPA2 Pre Shared Key see WPA2 PSK WPA2 PSK 308 309 application example 311 WPA P...

Page 344: ...Index P 2601HN L F1 Series User s Guide 344 ...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands