Home
/
ZyXEL Communications
/
P-2612HW-F1 -
/
User Manual

ZyXEL Communications P-2612HW-F1 -, User Manual

Share

Page: 286 / 547

ZyXEL Communications P-2612HW-F1 - User Manual Download Page 286

Chapter 14 VPN

P-2612HW Series User’s Guide

286

The two ZyXEL Devices in this example can complete negotiation and establish a
VPN tunnel.

The two ZyXEL Devices in this example cannot complete their negotiation because
ZyXEL Device B’s Local ID type is IP, but ZyXEL Device A’s Peer ID type is set
to E-mail. An “ID mismatched” message displays in the IPSEC LOG.

14.9.10 Pre-Shared Key

A pre-shared key identifies a communicating party during a phase 1 IKE
negotiation (see

Section 14.9.5 on page 282

for more on IKE phases). It is called

“pre-shared” because you have to share it with another party before you can
communicate with them over a secure connection.

14.9.11 Diffie-Hellman (DH) Key Groups

Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties
to establish a shared secret over an unsecured communications channel. Diffie-
Hellman is used within IKE SA setup to establish session keys. 768-bit (Group 1 -
DH1) and 1024-bit (Group 2 – DH2) Diffie-Hellman groups are supported. Upon
completion of the Diffie-Hellman exchange, the two peers have a shared secret,
but the IKE SA is not authenticated. For authentication, use pre-shared keys.

14.9.12 Telecommuter VPN/IPSec Examples

The following examples show how multiple telecommuters can make VPN
connections to a single ZyXEL Device at headquarters. The telecommuters use
IPSec routers with dynamic WAN IP addresses. The ZyXEL Device at headquarters
has a static public IP address.

Table 91

Matching ID Type and Content Configuration Example

ZYXEL DEVICE A

ZYXEL DEVICE B

Local ID type: E-mail

Local ID type: IP

Local ID content:
[email protected]

Local ID content: 1.1.1.2

Peer ID type: IP

Peer ID type: E-mail

Peer ID content: 1.1.1.2

Peer ID content: [email protected]

Table 92

Mismatching ID Type and Content Configuration Example

ZYXEL DEVICE A

ZYXEL DEVICE B

Local ID type: IP

Local ID type: IP

Local ID content: 1.1.1.10

Local ID content: 1.1.1.10

Peer ID type: E-mail

Peer ID type: IP

Peer ID content: [email protected]

Peer ID content: N/A

«
...
284
285
286
287
288
...
»

Summary of Contents for P-2612HW-F1 -

Page 1: ...Wireless ADSL VoIP IAD Copyright 2009 ZyXEL Communications Corporation Firmware Version 3 70 Edition 2 5 2009 Default Login Details IP Address http 192 168 1 1 User Login User Name user Password user...

Page 2: ......

Page 3: ...support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications User Guide Feedback Help us help you Send all User Guide related comments...

Page 4: ...This User s Guide P 2612HW Series User s Guide 4 Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to sol...

Page 5: ...font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press t...

Page 6: ...ide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook computer...

Page 7: ...e for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord D...

Page 8: ...Safety Warnings P 2612HW Series User s Guide 8...

Page 9: ...ork Address Translation NAT 169 Voice 185 Phone Usage 221 Firewall 229 Content Filtering 251 VPN 257 Certificates 291 Static Route 321 802 1Q 1P 325 Quality of Service QoS 337 Dynamic DNS Setup 353 Re...

Page 10: ...Contents Overview P 2612HW Series User s Guide 10...

Page 11: ...27 1 2 Ways to Manage the ZyXEL Device 27 1 3 Good Habits for Managing the ZyXEL Device 28 1 4 LEDs Lights 28 1 5 The RESET Button 29 1 6 The WLAN Button 30 Chapter 2 Introducing the Web Configurator...

Page 12: ...d Scenario 66 4 3 2 Configuring the WAN Connection with a Static IP Address 67 4 3 3 Public IP Address Mapping 70 4 3 4 Forwarding Traffic from the WAN to a Local Computer 74 4 3 5 Allow WAN to LAN Tr...

Page 13: ...c Redirect 119 Chapter 7 LAN Setup 121 7 1 Overview 121 7 1 1 What You Can Do in the LAN Screens 121 7 1 2 What You Need To Know About LAN 122 7 1 3 Before You Begin 122 7 2 The LAN IP Screen 122 7 2...

Page 14: ...8 9 4 Wireless Distribution System WDS 160 8 9 5 WiFi Protected Setup 161 Chapter 9 Network Address Translation NAT 169 9 1 Overview 169 9 1 1 What You Can Do in the NAT Screens 169 9 1 2 What You Ne...

Page 15: ...13 2 SIP 206 10 13 3 Quality of Service QoS 215 10 13 4 Phone Services Overview 216 Chapter 11 Phone Usage 221 11 1 Overview 221 11 2 Dialing a Telephone Number 221 11 3 Using Speed Dial to Dial a Te...

Page 16: ...ring 251 13 1 3 Before You Begin 251 13 1 4 Content Filtering Example 252 13 2 The Keyword Screen 254 13 3 The Schedule Screen 255 13 4 The Trusted Screen 256 Chapter 14 VPN 257 14 1 Overview 257 14 1...

Page 17: ...rtificate Create 301 15 5 Trusted CAs 304 15 6 Trusted CA Import 306 15 7 Trusted CA Details 307 15 8 Trusted Remote Hosts 311 15 9 Trusted Remote Host Certificate Details 312 15 10 Trusted Remote Hos...

Page 18: ...c DNS Setup 353 19 1 Overview 353 19 1 1 What You Can Do in the DDNS Screen 353 19 1 2 What You Need To Know About DDNS 353 19 2 Configuring Dynamic DNS 354 Chapter 20 Remote Management Configuration...

Page 19: ...o Know About Logs 391 23 2 The View Log Screen 391 23 3 The Log Settings Screen 392 23 4 SMTP Error Messages 395 23 4 1 Example E mail Log 395 23 5 Log Descriptions 396 Chapter 24 Call History 407 24...

Page 20: ...FTP File Upload Command from the DOS Prompt Example 430 25 7 2 FTP Session Example of Firmware File Upload 431 25 7 3 TFTP File Upload 431 25 7 4 TFTP Upload Command Example 432 Chapter 26 Diagnostic...

Page 21: ...Table of Contents P 2612HW Series User s Guide 21 Appendix C IP Addresses and Subnetting 495 Appendix D Wireless LANs 507 Appendix E Common Services 531 Appendix F Legal Information 535 Index 537...

Page 22: ...Table of Contents P 2612HW Series User s Guide 22...

Page 23: ...23 PART I Introduction Introducing the ZyXEL Device 25 Introducing the Web Configurator 31 Wizards 39 Tutorial 57...

Page 24: ...24...

Page 25: ...embedded mini PCI module for IEEE 802 11g wireless LAN connectivity All wireless features documented in this user s guide refer to the W models only Only use firmware for your ZyXEL Device s specific...

Page 26: ...ely browse the Internet and download files Use content filtering to block access to specific web sites with URLs containing keywords that you specify You can define time periods and days during which...

Page 27: ...ur calls to either VoIP or PSTN phones 1 2 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device Web Configurator This is recommended for everyday management of t...

Page 28: ...ttings If you backed up an earlier configuration file you would not have to totally re configure the ZyXEL Device You could simply restore your last configuration 1 4 LEDs Lights The following graphic...

Page 29: ...s up Blinking The ZyXEL Device is sending or receiving IP traffic Red On The ZyXEL Device attempted to make an IP connection but failed Possible causes are no response from a DHCP server no PPPoE resp...

Page 30: ...he POWER LED begins to blink and then release it When the POWER LED begins to blink the defaults have been restored and the device restarts 1 6 The WLAN Button Use the WLAN button on the top of the de...

Page 31: ...se the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScripts enabled by default Java perm...

Page 32: ...e password and click Login Click Cancel to revert to the default password in the password field If you have changed the password enter your password and click Login Figure 4 Password Screen Note For s...

Page 33: ...igurator Main Screen Figure 5 Main Screen As illustrated above the main screen is divided into these parts A title bar B navigation panel C main window D status bar 2 2 1 Title Bar The title bar allow...

Page 34: ...s screen to configure LAN TCP IP settings DHCP settings enable Any IP and configure other advanced properties Client List Use this screen to view current DHCP client information and to always assign s...

Page 35: ...and call service mode Phone Book Speed Dial Use this screen to configure speed dial for SIP phone numbers that you call often Incoming Call Policy Use this screen to configure call forwarding SIP Pre...

Page 36: ...esses of directory servers that contain lists of valid and revoked certificates Advanced Static Route Static Route Use this screen to configure IP static routes to tell your device about networks beyo...

Page 37: ...eral Use this screen to configure your device s name domain name management inactivity timeout and password Time Setting Use this screen to change your ZyXEL Device s time and date Logs View Log Use t...

Page 38: ...nformation and configuration fields It is discussed in the rest of this document Right after you log in the Status screen is displayed See Chapter 5 on page 89 for more information about the Status sc...

Page 39: ...n these fields 3 2 Internet Access Wizard Setup 1 Click the wizard icon in the top right corner of the web configurator to go to the wizards The Internet access wizard is not available when you set th...

Page 40: ...Internet setup information as provided to you by your ISP See Section 3 2 1 on page 42 for more details If you would like to skip your Internet setup and configure the wireless LAN settings leave Yes...

Page 41: ...1 3c The following screen appears if the ZyXEL device detects a connection but not the connection type Click Next and refer to Section 3 2 1 on page 42 on how to manually configure the ZyXEL Device fo...

Page 42: ...to detect your DSL connection type but the physical line is connected enter your Internet access information in the wizard screen exactly as your service provider gave it to you Leave the defaults in...

Page 43: ...you select Bridge in the Mode field the ZyXEL Device uses RFC 1483 If you select Routing in the Mode field select DHCP ENET ENCAP or PPPoE Multiplexing Select the multiplexing method used by your ISP...

Page 44: ...le describes the fields in this screen Table 5 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned If assigned a name in the form user domain wh...

Page 45: ...namic IP address Static IP Address Select Static IP Address if your ISP gave you an IP address to use IP Address Enter your ISP assigned IP address Subnet Mask Enter a subnet mask in dotted decimal no...

Page 46: ...the Internet Wireless Setup Wizard to verify your Internet access settings Figure 14 Connection Test Failed 2 3 3 Wireless Connection Wizard Setup See the back panel for the ZyXEL Device s unique wir...

Page 47: ...activate the wireless LAN Click Next to continue Figure 16 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen Table 7 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Ac...

Page 48: ...e ZyXEL Device make sure all wireless stations use the same SSID in order to access the network Channel Selection The range of radio frequencies used by IEEE 802 11b g wireless devices is called a cha...

Page 49: ...s the labels in this screen Table 9 Manually Assign a WPA key LABEL DESCRIPTION Pre Shared Key Type from 8 to 63 case sensitive ASCII characters You can set up the most secure wireless connection by c...

Page 50: ...Wireless LAN Setup 3 Table 10 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data Both the ZyXEL Device and the wireless stations must use the same WEP key for data...

Page 51: ...Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features If you cannot access the Internet open the web configurator again to confirm that the Inte...

Page 52: ...use up to 127 printable ASCII characters SIP Server Address Enter the IP address or domain name of the SIP server provided by your VoIP service provider You can use up to 95 printable ASCII characters...

Page 53: ...the user name for registering this SIP account exactly as it was given to you You can use up to 95 printable ASCII Extended set characters Check here to set up SIP settings Select this if you want to...

Page 54: ...table describes the labels in this screen Table 12 VoIP Setup Wizard Registration Complete Success LABEL DESCRIPTION Return to Wizard Main Page Click this to open the main wizard screen See Section 3...

Page 55: ...this if you want the ZyXEL Device to try to register your SIP account s again Exit Click this to close this screen and return to the main screen The ZyXEL Device saves the information you provided Ta...

Page 56: ...Chapter 3 Wizards P 2612HW Series User s Guide 56...

Page 57: ...ient for wireless communication using the following parameters The wireless clients can access the Internet through the ZyXEL Device wirelessly 4 2 1 Example Parameters An access point AP or wireless...

Page 58: ...P 1 Open the Network Wireless LAN AP screen in the AP s web configurator Figure 25 AP Wireless LAN AP 2 Make sure Active Wireless LAN is selected 3 Enter SSID_Example3 as the SSID and select a channel...

Page 59: ...n and select Mixed in the 802 11 Mode field Click Apply Figure 26 AP Wireless LAN AP Advanced Setup 6 Open the Status screen Verify your wireless and wireless security settings under Device Informatio...

Page 60: ...othing and leave the wireless client to automatically scan for and connect to any available network that has no wireless security configured Manually connect to a network Configure a profile to have t...

Page 61: ...ss network available within range Make sure the AP or peer computer is turned on or move the wireless client closer to the AP or peer computer 3 When you try to connect to an AP with security configur...

Page 62: ...heck the network information in the Link Info screen to verify that you have successfully connected to the selected network If the wireless client is not connected to a network the fields in this scre...

Page 63: ...ey is ThisismyWPA PSKpre sharedkey You have chosen the profile name PN_Example3 1 Open the ZyXEL utility and click the Profile tab to open the screen shown next Click Add to configure a new profile Fi...

Page 64: ...K Figure 35 ZyXEL Utility Profile Security 5 This screen varies depending on the encryption method you selected in the previous screen Enter the pre shared key and leave the encryption type at the def...

Page 65: ...the ZyXEL utility returns to the Link Info screen while it connects to the AP using your settings When the wireless link is established the ZyXEL utility icon in the system tray turns green and the L...

Page 66: ...3 respectively for traffic in both directions Map the first public address 1 2 3 4 to outgoing traffic from other local computers Map the first public address 1 2 3 4 to incoming traffic from the WAN...

Page 67: ...WAN Connection with a Static IP Address The following table shows the information your ISP gave you for Internet connection Follow the steps below to configure your ZyXEL Device for Internet access us...

Page 68: ...t box 4 Enter the information such as the user name password and VPI VCI value provided by your ISP If your ISP didn t give you the service name leave the field blank 5 In the IP Address section selec...

Page 69: ...Chapter 4 Tutorial P 2612HW Series User s Guide 69 7 Click Apply to save your changes Figure 42 Tutorial Example WAN Screen...

Page 70: ...s The ZyXEL Device forwards traffic that is initiated from either the LAN or the WAN to the destination IP address Note The many to one or many to many NAT address mapping rules are for outgoing conne...

Page 71: ...specify You should put any one to one rules before a many to one rule 1 Click Network NAT General 2 Enable NAT and select Full Feature as you have multiple public IP addresses to map to private IP add...

Page 72: ...g Rule screen Figure 46 Tutorial Example NAT Address Mapping 5 Map a public IP address to the web server Select the One to One type and enter 192 168 1 12 as the local start IP address and 1 2 3 5 as...

Page 73: ...ress Click Apply Figure 48 Tutorial Example NAT Address Mapping Edit One to One 2 8 Click the third rule s Edit icon 9 Map a public IP address to other outgoing LAN traffic Select the Many to One type...

Page 74: ...rwarding Traffic from the WAN to a Local Computer A server NAT address mapping rule allows computers behind the NAT be accessible to the outside world To have the ZyXEL Device forward incoming traffic...

Page 75: ...ress Click Add to add the rule to the table 5 Click Apply to go back to the Edit Address Mapping Rule screen Click Apply again Figure 53 Tutorial Example NAT Port Forwarding 4 3 5 Allow WAN to LAN Tra...

Page 76: ...ample Allow WAN to LAN Traffic 1 Click Security Firewall 2 Make sure the firewall is enabled and traffic from the WAN to the LAN is dropped Figure 55 Tutorial Example Firewall General 3 Go to the Rule...

Page 77: ...56 Tutorial Example Firewall Rules WAN to LAN 5 Configure a firewall rule to allow traffic from the WAN to the web server Select Any in the Destination Address List box and click Delete Select Single...

Page 78: ...User s Guide 78 6 Select Any All in the Available Services box on the left and click Add to add it to the Selected Services box on the right Click Apply Figure 58 Tutorial Example Firewall Rule WAN t...

Page 79: ...ewall rule to allow traffic from the WAN to the mail server Select Any in the Destination Address List box and click Delete Select Single Address as the destination address type Enter 192 168 1 13 and...

Page 80: ...User s Guide 80 8 Select Any All in the Available Services box on the left and click Add to add it to the Selected Services box on the right Click Apply Figure 60 Tutorial Example Firewall Rule WAN t...

Page 81: ...wall rule to allow FTP traffic from the WAN to the FTP server Select Any in the Destination Address List box and click Delete Select Single Address as the destination address type Enter 192 168 1 39 a...

Page 82: ...able Services box on the left and click Add to add it to the Selected Services box on the right Click Apply Figure 62 Tutorial Example Firewall Rule WAN to LAN Service Edit for FTP Server 11 When you...

Page 83: ...ssing the FTP server 1 2 3 4 from the outside network to send or retrieve a file If you cannot access the FTP server make sure the NAT port forwarding rule is active and there is a firewall rule to al...

Page 84: ...n page 75 for more information 4 5 How to Make a VoIP Call You can register a SIP account with the SIP server and make voice calls over the Internet to another VoIP device 4 5 1 VoIP Calls With a Regi...

Page 85: ...1 2 Analog Phone Configuration 1 Click VoIP Phone to open the Analog Phone screen 2 Select Phone1 to configure the first phone port 3 Select SIP1 from the SIP Account drop down list box in the Outgoin...

Page 86: ...Figure 66 Tutorial Example Analog Phone 4 5 1 3 Making a VoIP Call 1 Make sure you connect a telephone to the first phone port on the ZyXEL Device 2 Make sure the ZyXEL Device is on and connected to t...

Page 87: ...N 137 Network Address Translation NAT 169 Voice 185 Phone Usage 221 Firewall 229 Content Filtering 251 VPN 257 Certificates 291 Static Route 321 802 1Q 1P 325 Quality of Service QoS 337 Dynamic DNS Se...

Page 88: ...88...

Page 89: ...nd WLAN and SIP accounts You can also register and unregister SIP accounts The Status screen also provides detailed information from Any IP and DHCP and statistics from VoIP and traffic 5 1 Status Scr...

Page 90: ...ification You can change this in the Maintenance System General screen s System Name field Model Number This is the model name of your device MAC Address This is the MAC Media Access Control or Ethern...

Page 91: ...LAN Choices are Server The ZyXEL Device is a DHCP server in the LAN It assigns IP addresses to other computers in the LAN Relay The ZyXEL Device acts as a surrogate DHCP server and relays DHCP request...

Page 92: ...ce unplug the power for a few seconds Interface Status Interface This column displays each interface the ZyXEL Device has Status This field indicates whether or not the ZyXEL Device is using the inter...

Page 93: ...have to register SIP accounts with a SIP server to use VoIP If the SIP account is already registered with the SIP server Click Unregister to delete the SIP account s registration in the SIP server Th...

Page 94: ...o access this screen Use this screen to view the wireless stations that are currently associated to the ZyXEL Device Figure 70 WLAN Status Table 15 Any IP Table LABEL DESCRIPTION This field is a seque...

Page 95: ...erval s The Poll Interval s field is configurable The screen varies slightly depending on the WAN mode you set using the DSL WAN switch Figure 71 Packet Statistics Table 16 WLAN Status LABEL DESCRIPTI...

Page 96: ...ing Ethernet encapsulation and Down line is down Up line is up or connected Idle line ppp idle Dial starting to trigger a call and Drop dropping a call if you re using PPPoE encapsulation TxPkts This...

Page 97: ...evice automatically tries to register the SIP account when you turn on the ZyXEL Device or when you activate it Inactive The SIP account is not active You can activate it in VoIP SIP SIP Settings Last...

Page 98: ...all through a phone port Peer Number This field displays the SIP number of the party that is currently engaged in a VoIP call through a phone port Duration This field displays how long the current cal...

Page 99: ...so that a computer in one location can communicate with computers in other locations Figure 73 LAN and WAN 6 1 1 What You Can Do in the WAN Screens Use the Internet Access Setup screen Section 6 2 on...

Page 100: ...P address for the ZyXEL Device which makes it accessible from an outside network It is used by the ZyXEL Device to communicate with other devices in other networks It can be static fixed or dynamicall...

Page 101: ...1 6 2 The Internet Access Setup Screen Use this screen to change your ZyXEL Device s WAN settings Click Network WAN Internet Access Setup The screen differs by the WAN mode and encapsulation you selec...

Page 102: ...he ZyXEL Device Encapsulation Select the method of encapsulation used by your ISP from the drop down list box Choices vary depending on the mode you select in the Mode field If you select Bridge in th...

Page 103: ...he IP address set to 0 0 0 0 UserDefined changes to None after you click Apply If you set a second choice to User Defined and enter the same IP address the second UserDefined changes to None after you...

Page 104: ...Protocol allows a router to exchange routing information with other routers Use this field to control how much routing information the ZyXEL Device sends and receives on the subnet Select the RIP dire...

Page 105: ...o not require closely controlled delay and delay variation Peak Cell Rate Divide the DSL line rate bps by 424 the size of an ATM cell to find the Peak Cell Rate PCR This is the maximum rate at which t...

Page 106: ...Select the check box to enable it Name This is the name you gave to the Internet connection VPI VCI This field displays the Virtual Path Identifier VPI and Virtual Channel Identifier VCI numbers confi...

Page 107: ...nnection Figure 77 Network WAN More Connections Edit The following table describes the labels in this screen Table 22 Network WAN More Connections Edit LABEL DESCRIPTION Active Select the check box to...

Page 108: ...is assigned a specific virtual circuit for example VC1 will carry IP If you select VC specify separate VPI and VCI numbers for each protocol For LLC based multiplexing or PPP encapsulation one VC carr...

Page 109: ...nnect on Demand The default setting is 0 which means the Internet session will not timeout NAT SUA only is available only when you select Routing in the Mode field Select SUA Only if you have one publ...

Page 110: ...Both In Only and Out Only RIP Version Select the RIP version from RIP 1 RIP 2B and RIP 2M Multicast IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in...

Page 111: ...mum Burst Size Maximum Burst Size MBS refers to the maximum number of cells that can be sent at the peak rate Type the MBS which is less than 65535 MTU The Maximum Transmission Unit MTU defines the si...

Page 112: ...L Device periodically ping the IP addresses configured in the Check WAN IP Address fields Check WAN IP Address1 3 Configure this field to test your ZyXEL Device s WAN accessibility Type the IP address...

Page 113: ...is field if your network is busy or congested Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet Active Traffic Redirect Select...

Page 114: ...work services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE saves significant effort fo...

Page 115: ...advantageous if it is not practical to have a separate VC for each carried protocol for example if charging heavily depends on the number of simultaneous VCs 6 5 3 VPI and VCI Be sure to use the corr...

Page 116: ...be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connection and the cost is of no concern 6 5 6...

Page 117: ...t is dependent on the line speed Sustained Cell Rate SCR is the mean cell rate of each bursty traffic source It specifies the maximum average rate at which cells can be sent over the virtual connectio...

Page 118: ...that require closely controlled delay and delay variation It also provides a fixed amount of bandwidth a PCR is specified but is only available when data is being sent An example of an VBR RT connect...

Page 119: ...gateway is connected to the LAN Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network Put the protected LAN in one subne...

Page 120: ...Chapter 6 WAN Setup P 2612HW Series User s Guide 120...

Page 121: ...endix C on page 495 for more information on IP addresses and subnetting 7 1 1 What You Can Do in the LAN Screens Use the LAN IP screen Section 7 2 on page 122 to set the LAN IP address and subnet mask...

Page 122: ...configuration at start up from a server This ZyXEL Device has a built in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability DNS DNS Domain...

Page 123: ...actory default Your ZyXEL Device automatically computes the subnet mask based on the IP address you enter so do not change this field unless you are instructed to do so DHCP Setup DHCP If set to Serve...

Page 124: ...e same IP address the second User Defined changes to None after you click Apply Select DNS Relay to have the ZyXEL Device act as a DNS proxy only when the ISP uses IPCP DNS server extensions The ZyXEL...

Page 125: ...n wide use 7 2 2 Configuring the Advanced LAN Setup Screen Use this screen to edit your ZyXEL Device s RIP multicast Any IP and Windows Networking settings Click the Advanced Setup button in the LAN I...

Page 126: ...t through the ZyXEL Device Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP packets that enable a computer to connect to and communicate with a LAN For s...

Page 127: ...splays the IP address relative to the field listed above MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal no...

Page 128: ...h IP alias you can also configure firewall rules to control access between the LAN s logical networks subnets The following figure shows a LAN divided into subnets A B and C Figure 86 Physical Network...

Page 129: ...When set to Both or Out Only the ZyXEL Device will broadcast its routing table periodically When set to Both or In Only it will incorporate the RIP information that it receives when set to None it wil...

Page 130: ...ion for the clients If you turn DHCP service off you must have another DHCP server on your LAN or else the computer must be manually configured IP Pool The ZyXEL Device is pre configured with a pool o...

Page 131: ...n the DHCP Setup screen 7 5 4 TCP IP The ZyXEL Device has built in DHCP server capability that assigns IP addresses and DNS servers to systems on the LAN that support DHCP client capability IP Address...

Page 132: ...You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can prov...

Page 133: ...e to read more detailed information about interoperability between IGMP version 2 and version 1 please see sections 4 and 5 of RFC 2236 The class D IP address is used to identify host groups and can b...

Page 134: ...ential house where a ZyXEL Device is installed you can still use the computer to access the Internet without changing the network settings even when the IP addresses of the computer and the ZyXEL Devi...

Page 135: ...way an ARP request is broadcast on the LAN 3 The ZyXEL Device receives the ARP request and replies to the computer with its own MAC address 4 The computer updates the MAC address for the default gatew...

Page 136: ...Chapter 7 LAN Setup P 2612HW Series User s Guide 136...

Page 137: ...AP to access other devices such as the printer or the Internet Your ZyXEL Device works as an AP when you install a compatible WLAN card Figure 90 Example of a Wireless Network 8 1 1 What You Can Do i...

Page 138: ...rmation about the ZyXEL Device s WPS status Use the WPS Station see Section 8 6 on page 153 screen to set up WPS by pressing a button or using a PIN Use the WDS screen see Section 8 7 on page 154 to s...

Page 139: ...ork It can also protect the information that is sent in the wireless network Use the strongest security that every wireless client in the wireless network supports Note WPA2 or WPA2 PSK security is re...

Page 140: ...o the other wireless devices support WPA PSK for example What is the best one to use Do the other wireless devices support WPS Wi Fi Protected Setup If so you can set up a well secured network very ea...

Page 141: ...u must then change the wireless settings of your computer to match the ZyXEL Device s new settings Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obt...

Page 142: ...less security on your ZyXEL Device your network is accessible to any wireless networking device that is within range Figure 92 Network Wireless LAN AP No Security Cancel Click Cancel to reload the pre...

Page 143: ...Network Wireless LAN AP Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop down list box Passphrase Enter a passphrase up to 32 printable characters and clicking Gen...

Page 144: ...Network Wireless LAN AP WPA 2 PSK LABEL DESCRIPTION Security Mode Choose WPA PSK or WPA2 PSK from the drop down list box WPA Compatible This field is only available for WPA2 PSK Select this if you wa...

Page 145: ...fter a period of inactivity The wireless station needs to enter the username and password again before access to the wired network is allowed The default time interval is 3600 seconds or 1 hour Group...

Page 146: ...ect WPA or WPA2 from the Security Mode list Figure 95 Network Wireless LAN AP WPA 2 The following table describes the wireless LAN security labels in this screen Table 33 Network Wireless LAN AP WPA 2...

Page 147: ...mode The ZyXEL Device default is 1800 seconds 30 minutes Authentication Server IP Address Enter the IP address of the external authentication server in dotted decimal notation Port Number Enter the po...

Page 148: ...in the area decrease the output power of the ZyXEL Device to reduce interference with other APs See the product specifications for more information on your ZyXEL Device s output power Preamble Select...

Page 149: ...rofile is the set of parameters relating to one of the ZyXEL Device s BSSs The SSID Service Set IDentifier identifies the Service Set with which a wireless device is associated This field displays the...

Page 150: ...d you change the ZyXEL Device s SSID or security settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match th...

Page 151: ...ble 37 Network Wireless LAN MAC Filter LABEL DESCRIPTION Active MAC Filter Select the check box to enable MAC address filtering Filter Action Define the filter action for the list of MAC addresses in...

Page 152: ...es of the wireless devices that are allowed or denied access to the ZyXEL Device in these address fields Enter the MAC addresses in a valid MAC address format that is six hexadecimal character pairs f...

Page 153: ...rity settings have been changed The current wireless and wireless security settings also appear in the screen This displays Unconfigured if WPS is disabled and there is no wireless or wireless securit...

Page 154: ...ocumentation Table 39 Network Wireless LAN WPS Station LABEL DESCRIPTION Push Button Click this button to add another WPS enabled wireless device within wireless range of the ZyXEL Device to your wire...

Page 155: ...P Select this to use TKIP Temporal Key Integrity Protocol encryption AES Select this to use AES Advanced Encryption Standard encryption This is the index number of the individual WDS link Active Selec...

Page 156: ...ESCRIPTION Enable Wireless LAN Scheduling Select this to activate wireless LAN scheduling on your ZyXEL Device WLAN status Select On or Off to enable or disable the wireless LAN Day Select the day s y...

Page 157: ...reless devices are sometimes not aware of each other s presence This may cause them to send information to the AP at the same time and result in information colliding and not getting through By settin...

Page 158: ...he wireless network Furthermore there are ways for unauthorized wireless devices to get the MAC address of an authorized device Then they can use that MAC address to use the wireless network 8 9 2 3 U...

Page 159: ...s two devices Device A only supports WEP and device B supports WEP and WPA Therefore you should set up Static WEP in the wireless network Note It is recommended that wireless networks use WPA PSK WPA...

Page 160: ...ar each other s communications but not communicate with each other MBSSID should not replace but rather be used in conjunction with 802 1x security 8 9 4 Wireless Distribution System WDS The ZyXEL Dev...

Page 161: ...nfiguration PBC is initiated by pressing a button on each WPS enabled device and allowing them to connect automatically You do not need to enter any information Not every WPS enabled device has a phys...

Page 162: ...eps to set up a WPS connection between an access point or wireless router referred to here as the AP and a client device using the PIN method 1 Ensure WPS is enabled on both devices 2 Access the WPS s...

Page 163: ...device acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the...

Page 164: ...rollee All WPS certified APs can be a registrar and so can some WPS enabled wireless clients By default a WPS devices is unconfigured This means that it is not part of an existing network and can act...

Page 165: ...Network Step 1 In step 2 you add another wireless client to the network You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you m...

Page 166: ...ing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devi...

Page 167: ...e if this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens...

Page 168: ...Chapter 8 Wireless LAN P 2612HW Series User s Guide 168...

Page 169: ...Use the Address Mapping screen Section 9 4 on page 176 to change your ZyXEL Device s address mapping settings Use the SIP ALG screen Section 9 4 2 on page 178 to enable and disable the SIP VoIP ALG in...

Page 170: ...e inside network appear as a single computer to the outside world SUA Single User Account Versus NAT SUA Single User Account is a ZyNOS implementation of a subset of NAT that supports two types of map...

Page 171: ...r of NAT sessions a single client can establish this can result in all of the available NAT sessions being used In this case no additional NAT sessions can be established and users may not be able to...

Page 172: ...dix E on page 531 Please refer to RFC 1700 for further information about port numbers Note Many residential broadband ISP accounts do not allow you to run any server processes such as a Web or FTP ser...

Page 173: ...e 111 Multiple Servers Behind NAT Example 9 3 1 Configuring the Port Forwarding Screen Click Network NAT Port Forwarding to open the following screen See Appendix E on page 531 for port numbers common...

Page 174: ...dress of the server for the specified service Add Click this button to add a rule to the table below This is the rule index number read only Active This field indicates whether the rule is active or n...

Page 175: ...is port forwarding rule Start Port Enter a port number in this field To forward only one port enter the port number again in the End Port field To forward a series of ports enter the start port number...

Page 176: ...5 to 7 will be pushed up by 1 rule so old rules 5 6 and 7 become new rules 4 5 and 6 To change your ZyXEL Device s address mapping settings click Network NAT Address Mapping to open the following scr...

Page 177: ...to one global IP address This is equivalent to SUA i e PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported only M M Ov Overload Many to Many Overload...

Page 178: ...shared global IP addresses Many to Many No Overload Many to Many No Overload mode maps each local IP address to unique global IP addresses Server This type allows you to specify inside servers of dif...

Page 179: ...cket as the packet traverses a router for example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the...

Page 180: ...onal benefit of firewall protection With no servers defined your ZyXEL Device filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address...

Page 181: ...estored The following figure illustrates this Figure 117 How NAT Works 192 168 1 13 192 168 1 10 192 168 1 11 192 168 1 12 SA 192 168 1 10 SA IGA1 Inside Local IP Address 192 168 1 10 192 168 1 11 192...

Page 182: ...to One mode the ZyXEL Device maps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address translation ZyXEL s Single User Account feature that pre...

Page 183: ...s Server This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world Port numbers do NOT change for One to One and Many to Many No Overloa...

Page 184: ...Chapter 9 Network Address Translation NAT P 2612HW Series User s Guide 184...

Page 185: ...Quality of Service for VoIP calls QoS can give VoIP traffic higher priority on the network so it gets dealt with more quickly Use the Analog Phone screen Section 10 5 on page 194 to control which SIP...

Page 186: ...another In VoIP these messages are about phone calls over the network For example when you dial a number on your ZyXEL Device it sends a SIP message over the network asking the other device the numbe...

Page 187: ...order to make or receive a VoIP call you need to enable and configure a SIP account and map it to a phone port The SIP account contains information that allows your ZyXEL Device to connect to your VoI...

Page 188: ...evice to use this account Clear it if you do not want the ZyXEL Device to use this account Number Enter your SIP number In the full SIP URI this is the part before the symbol You can use up to 127 pri...

Page 189: ...p to 127 printable ASCII Extended set characters Send Caller ID Select this if you want to send identification when you make VoIP phone calls Clear this if you do not want to send identification Authe...

Page 190: ...SIP Setup Screen Click VoIP SIP SIP Settings to open the SIP Settings screen Select a SIP account and click Advanced Setup to open the Advanced SIP Setup screen Use this screen to maintain advanced s...

Page 191: ...ly disconnects the session Min SE Enter the minimum number of seconds the ZyXEL Device lets a SIP session remain idle without traffic before it automatically disconnects the session When two SIP devic...

Page 192: ...of NAT router and eliminates the need for STUN or a SIP ALG Turn off any SIP ALG on a NAT router in front of the ZyXEL Device to keep it from re translating the IP address since this is already handl...

Page 193: ...ons The ZyXEL Device creates Type of Service priority tags with this priority to voice traffic that it transmits RTP TOS Priority Setting Enter the priority for RTP voice transmissions The ZyXEL Devic...

Page 194: ...rt Settings This is the phone port in the ZyXEL Device SIP Account Select the SIP account you want to use when making outgoing calls with the analog phone connected to this phone port Incoming Call ap...

Page 195: ...the ZyXEL Device generates comfort noise when the other party is not speaking The comfort noise lets you know that the line is still connected as total silence could easily be mistaken for a lost conn...

Page 196: ...Interval Selection Enter the number of seconds the ZyXEL Device should wait after you stop dialing numbers before it makes the phone call The value depends on how quickly you dial phone numbers If yo...

Page 197: ...ones When you dial a group number all of the phones with the same group number ring The phone that picks up first gets the line and the other phones stop ringing Click VoIP Phone Ext Table to access t...

Page 198: ...hone 1 picks up the line first it gets the line and Phone 2 stops ringing Sub Number Enter a sub number for this phone The maximum length of a sub number is two digits When the check box of Enable Gro...

Page 199: ...e Immediate Dial Select this if you want to use the pound key to tell the ZyXEL Device to make the phone call immediately instead of waiting the number of seconds you selected in the Dialing Interval...

Page 200: ...going through a VoIP service provider s SIP server Select Non Proxy Use IP or URL in the Type column and enter the callee s IP address or domain name The ZyXEL Device Table 60 VoIP Phone Region LABEL...

Page 201: ...the speed dial number Name Enter a name to identify the party you call when you dial the speed dial number You can use up to 127 printable ASCII characters Type Select Use Proxy if you want to use one...

Page 202: ...our SIP accounts Otherwise this field shows the IP address or domain name of the SIP server or other party This field corresponds with the Type field in the Speed Dial section Modify Use this field to...

Page 203: ...the following table Table 62 Phone Book Incoming Call Policy LABEL DESCRIPTION Table Number Select the call forwarding table you want to see in this screen If you change this field the screen automati...

Page 204: ...plies Activate Select this to enable this rule Clear this to disable this rule Incoming Call Number Enter the phone number to which this rule applies Forward to Number Enter the phone number to which...

Page 205: ...field is described in the following table Table 63 Phone Book SIP Prefix LABEL DESCRIPTION SIP Selection by Prefix Select the index number of the rule you want to edit Prefix Enter the prefix number...

Page 206: ...f voice and multimedia sessions over the Internet SIP signaling is separate from the media for which it handles sessions The media that is exchanged during the session can use a different path from th...

Page 207: ...hen VoIP provider com is the SIP service domain SIP Registration Each ZyXEL Device is an individual SIP User Agent UA To provide voice service it has a public IP address for SIP and RTP protocols to c...

Page 208: ...s to the SIP requests When you use SIP to make a VoIP call it originates at a client and terminates at a server A SIP client could be a computer or a SIP phone One device can act as both a SIP client...

Page 209: ...to the device that sent the request Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server Redirect servers do not i...

Page 210: ...user name and password when you register RTP When you make a VoIP call using SIP the RTP Real time Transport Protocol is used to handle voice data transfer See RFC 1889 for details on RTP Pulse Code...

Page 211: ...est and the call is terminated SIP Call Progression Through Proxy Servers Usually the SIP UAC sets up a phone call by sending a request to the SIP proxy server Then the proxy server looks up the desti...

Page 212: ...ng table shows the SIP call progression 1 User Agent 1 sends a SIP INVITE request to Proxy 1 This message is an invitation to User Agent 2 to participate in a SIP telephone call Proxy 1 sends a respon...

Page 213: ...upports the following codecs G 711 is a Pulse Code Modulation PCM waveform codec PCM measures analog signal amplitudes at regular time intervals and converts them into digital samples G 711 provides v...

Page 214: ...and on hold tones Recording Custom Tones Use the following steps if you would like to create new tones or change your tones 1 Pick up the phone and press on your phone s keypad and wait for the messa...

Page 215: ...to deliver data with minimum delay and the networking methods used to provide bandwidth for real time multimedia applications Type of Service ToS Network traffic can be classified by setting the ToS T...

Page 216: ...marked for different priorities of forwarding Resources can then be allocated according to the DSCP values and the configured policies VLAN Tagging Virtual Local Area Network VLAN allows a physical ne...

Page 217: ...supplementary services by using the flash key Europe Type Supplementary Phone Services This section describes how to use supplementary phone services with the Europe Type Call Service Mode Commands fo...

Page 218: ...irectory number If there is a second call to a telephone number you will hear a call waiting tone Take one of the following actions Reject the second call Press the flash key and then press 0 Disconne...

Page 219: ...es how to use supplementary phone services with the USA Type Call Service Mode Commands for supplementary services are listed in the table below After pressing the flash key if you do not issue the su...

Page 220: ...he second party answers it hang up the phone USA Three Way Conference Use the following steps to make three way conference calls 1 When you are on the phone talking to someone party A press the flash...

Page 221: ...10 10 on page 200 for peer to peer calls or SIP numbers that use letters Dial the speed dial entry on your telephone s keypad Use your VoIP service provider s dialing plan to call regular telephone nu...

Page 222: ...receiver 11 6 Auto Provisioning and Auto Firmware Upgrade If your service provider uses an auto provisioning server to set up your device you must first enter the HTTP pincode supplied by your service...

Page 223: ...vider 11 7 1 The Flash Key Flashing means to press the hook for a short period of time a few hundred milliseconds before releasing it On newer telephones there should be a flash key button that genera...

Page 224: ...This allows you to place a call on hold while you answer another incoming call on the same telephone directory number If there is a second call to a telephone number you will hear a call waiting tone...

Page 225: ...or the second party answers it hang up the phone 11 7 2 4 European Three Way Conference Use the following steps to make three way conference calls 1 When you are on the phone talking to someone press...

Page 226: ...ll to your telephone number you will hear a call waiting tone Press the flash key to put the first call on hold and answer the second call 11 7 3 3 USA Call Transfer Do the following to transfer an in...

Page 227: ...FUNCTION DESCRIPTION 99 HTTP pincode Use this if your service provider gave you a personal identification number to enter in order to start using the service See Section 11 6 on page 222 99 Enable fi...

Page 228: ...calls See Section 10 11 on page 203 23 No answer forward Forward incoming calls if you do not answer See Section 10 11 on page 203 24 Busy forward Forward calls if you are already making a call See Se...

Page 229: ...s the default firewall action User A can initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the W...

Page 230: ...i probing which prevents the ICMP response packet from being sent This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed ICMP Internet Control Message Protocol ICMP...

Page 231: ...ur new rule becomes number 7 and the previous rule 7 if there is one becomes rule 8 4 Click Add to display the firewall rule configuration screen 5 In the Edit Rule screen click the Edit Customized Se...

Page 232: ...the destination address screen as follows and click Add Figure 138 Firewall Example Edit Rule Destination Address 9 Use the Add and Remove buttons between Available Services and Selected Services lis...

Page 233: ...s show up with an before their names in the Services list box and the Rules list box Figure 139 Firewall Example Edit Rule Select Customized Services On completing the configuration procedure for this...

Page 234: ...from the WAN to IP addresses 10 0 0 10 through 10 0 0 15 on the LAN Figure 140 Firewall Example Rules MyService 12 2 The Firewall General Screen Use this screen to configure the firewall settings Cli...

Page 235: ...Direction This is the direction of travel of packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they appl...

Page 236: ...en the amount of space used is over 80 the bar is red Packet Direction Use the drop down list box to select a direction of travel of packets for which you want to configure firewall rules Create a new...

Page 237: ...eset packet or an ICMP destination unreachable message to the sender Reject or allows the passage of packets Permit Schedule This field tells you whether a schedule is specified Yes or not No Log This...

Page 238: ...se this screen to configure firewall rules In the Rules screen select an index number and click Add or click a rule s Edit icon to display this screen and refer to the following table for information...

Page 239: ...can add multiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select it from the box and click Edit Delete Highlight an existing source or destin...

Page 240: ...check box to have the ZyXEL Device generate an alert when the rule is matched Back Click this to return to the previous screen without saving Apply Click this to save your changes Cancel Click this to...

Page 241: ...ssions These thresholds apply globally to all sessions Table 76 Security Firewall Rules Edit Edit Customized Services Config LABEL DESCRIPTION Config Service Name Type a unique name for your custom po...

Page 242: ...could indicate a DOS attack 12 4 1 Threshold Values If everything is working properly you probably do not need to change the threshold settings as the default threshold values should work for most sm...

Page 243: ...Threshold to bring up the next screen Figure 147 Security Firewall Threshold The following table describes the labels in this screen Table 77 Security Firewall Threshold LABEL DESCRIPTION Denial of Se...

Page 244: ...High to lower than the current Maximum Incomplete Low number For example if you set the maximum incomplete high to 100 the ZyXEL Device starts deleting half open sessions when the number of existing h...

Page 245: ...stateful packet inspection allows packets traveling in the following directions LAN to LAN Router These rules specify which computers on the LAN can manage the ZyXEL Device remote management and commu...

Page 246: ...protocols such as Telnet to authorized users on the LAN These custom rules work by comparing the source IP address destination IP address and IP protocol type of network traffic to rules set by the ad...

Page 247: ...example if FTP ports TCP 20 21 are allowed from the Internet to the LAN Internet users may be able to connect to computers with running FTP servers 4 Does this rule conflict with any existing rules On...

Page 248: ...e ZyXEL Device allow triangle route sessions traffic from the WAN can go directly to a LAN computer without passing through the ZyXEL Device and its firewall protection Another solution is to use IP a...

Page 249: ...EL Device reroutes the packet to Gateway A which is in Subnet 2 3 The reply from the WAN goes to the ZyXEL Device 4 The ZyXEL Device then sends it to the computer on the LAN in Subnet 1 Figure 150 IP...

Page 250: ...Chapter 12 Firewall P 2612HW Series User s Guide 250...

Page 251: ...tion 13 4 on page 256 to exclude computers and other devices on your LAN from the keyword blocking filter 13 1 2 What You Need to Know About Content Filtering URL The URL Uniform Resource Locator iden...

Page 252: ...ocking 3 In the Keyword field type keywords to identify websites to be blocked 4 Click Add Keyword for each keyword to be entered 5 Click Apply Figure 151 Security Content Filter Keyword Example Bob s...

Page 253: ...cluded from keyword blocking Bob s home network is on the domain 192 168 1 xxx Bob gave his home computer a static IP address of 192 168 1 2 and the study computer a static IP address of 192 168 1 3 T...

Page 254: ...Filtering Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature Block Websites that contain these keywords in the URL This box contains the list of all the key...

Page 255: ...Table 78 Security Content Filtering Keyword continued LABEL DESCRIPTION Table 79 Security Content Filter Schedule LABEL DESCRIPTION Schedule Select Block Everyday to make the content filtering active...

Page 256: ...reviously saved settings Table 79 Security Content Filter Schedule continued LABEL DESCRIPTION Table 80 Security Content Filter Trusted LABEL DESCRIPTION Start IP Address Type the IP address of a comp...

Page 257: ...communications across a public network like the Internet IPSec is built around a number of standardized cryptographic techniques to provide confidentiality data integrity and authentication at the IP...

Page 258: ...ple a computer in network A is exchanging data with a computer in network B Inside networks A and B the data is transmitted the same way data is normally transmitted in the networks Between routers X...

Page 259: ...s are updated with the remote gateway s new WAN IP address Dynamic Secure Gateway Address If the remote secure gateway has a dynamic WAN IP address and does not use DDNS enter 0 0 0 0 as the secure ga...

Page 260: ...dresses must be static Click Security VPN to open the VPN Setup screen This is a menu of your IPSec rules tunnels The IPSec summary menu is read only Edit a VPN by selecting an index number and then c...

Page 261: ...displays N A when the Secure Gateway Address field displays 0 0 0 0 In this case only the remote IPSec router can initiate the VPN The same static IP address is displayed twice when the Remote Addres...

Page 262: ...edit VPN policies Figure 161 Security VPN Setup Edit The following table describes the fields in this screen Table 82 Security VPN Setup Edit LABEL DESCRIPTION IPSec Setup Active Select this check bo...

Page 263: ...If there is a private DNS server that services the VPN type its IP address here The ZyXEL Device assigns this additional DNS server to the ZyXEL Device s DHCP clients that have IP addresses in this IP...

Page 264: ...ange for a specific range of IP addresses Select Subnet to specify IP addresses on a network by their subnet mask IP Address Start When the Remote Address Type field is configured to Single enter a st...

Page 265: ...The following applies if this field is configured as 0 0 0 0 The ZyXEL Device uses the current ZyXEL Device WAN IP address static or dynamic to set up the VPN tunnel Peer ID Type Select IP to identif...

Page 266: ...k the button to use a pre shared key for authentication and type in your pre shared key A pre shared key identifies a communicating party during a phase 1 IKE negotiation It is called pre shared becau...

Page 267: ...oughput This implementation of AES uses a 128 bit key AES is faster than 3DES Select NULL to set up a tunnel without encryption When you select NULL you do not enter an encryption key Authentication A...

Page 268: ...etection As a VPN setup is processing intensive the system is vulnerable to Denial of Service DoS attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay at...

Page 269: ...3DES or AES from the drop down list box When you use one of these encryption algorithms for data communications both the sending device and the receiving device must use the same secret key which can...

Page 270: ...henticate packet data The SHA1 algorithm is generally considered stronger than MD5 but is slower Select MD5 for minimal security and SHA 1 for maximum security SA Life Time Seconds Define the length o...

Page 271: ...protocol This data allows for the multiplexing of SAs to a single gateway The SPI Security Parameter Index along with a destination IP address uniquely identify a particular Security Association SA Th...

Page 272: ...Setup Manual Key screen as shown next Figure 163 Security VPN Setup Manual Key The following table describes the fields in this screen Table 84 Security VPN Setup Manual Key LABEL DESCRIPTION IPSec S...

Page 273: ...fy IP addresses on a network by their subnet mask IP Address Start When the Local Address Type field is configured to Single enter a static IP address on the LAN behind your ZyXEL Device When the Loca...

Page 274: ...ty Protocol IPSec Protocol Select ESP if you want to use ESP Encapsulation Security Payload The ESP protocol RFC 2406 provides encryption as well as some of the services offered by AH If you select ES...

Page 275: ...t no inbound traffic the SA times out automatically after two minutes A tunnel with no outbound or inbound traffic is idle and does not timeout until the SA lifetime period expires See Section Authent...

Page 276: ...ABEL DESCRIPTION No This is the security association index number Name This field displays the identification name for this VPN policy Encapsulation This field displays Tunnel or Transport mode IPSec...

Page 277: ...ble 86 Security VPN Global Setting LABEL DESCRIPTION Windows Networking NetBIOS over TCP IP NetBIOS Network Basic Input Output System are TCP or UDP packets that enable a computer to find other comput...

Page 278: ...use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provide an authentication mechanism...

Page 279: ...ontents in this case the entire original packet are encrypted The encrypted contents but not the new headers are signed with a hash value appended to the packet Tunnel mode ESP with authentication is...

Page 280: ...B checks the UDP port 500 header and IPSec routers A and B build the IKE SA For NAT traversal to work you must Use ESP security protocol in either transport or tunnel mode Use IKE keying mode Enable N...

Page 281: ...integrity against the data With the use of AH as the security protocol protection is extended forward into the IP header to verify the integrity of the entire packet by use of portions of the original...

Page 282: ...rithm Choose a Diffie Hellman public key cryptography key group DH1 or DH2 Set the IKE SA lifetime This field allows you to determine how long an IKE SA should stay up before it times out An IKE SA ti...

Page 283: ...icating parties are negotiating authentication phase 1 However the trade off is that faster speed limits its negotiating power and it also does not provide identity protection It is useful in remote a...

Page 284: ...cess the computers on the remote network 14 9 9 ID Type and Content With aggressive negotiation mode seeSection 14 9 6 on page 283 the ZyXEL Device identifies incoming SAs by ID type and content since...

Page 285: ...the IP address of your computer or leave the field blank to have the ZyXEL Device automatically use its own IP address DNS Type a domain name up to 31 characters by which to identify this ZyXEL Devic...

Page 286: ...session keys 768 bit Group 1 DH1 and 1024 bit Group 2 DH2 Diffie Hellman groups are supported Upon completion of the Diffie Hellman exchange the two peers have a shared secret but the IKE SA is not a...

Page 287: ...ic WAN IP addresses use Dynamic DNS to do this With aggressive negotiation mode see Section 14 9 6 on page 283 the ZyXEL Device can use the ID types and contents to distinguish between VPN rules Telec...

Page 288: ...ters by resolving their domain names Figure 172 Telecommuters Using Unique VPN Rules Example Table 94 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules All...

Page 289: ...68 3 2 Secure Gateway Address telecommuterb com Remote Address 192 168 3 2 Telecommuter C telecommuterc dydns org Headquarters ZyXEL Device Rule 3 Local ID Type E mail Peer ID Type E mail Local ID Con...

Page 290: ...Chapter 14 VPN P 2612HW Series User s Guide 290...

Page 291: ...ates of trusted CAs to the ZyXEL Device You can also export the certificates to a computer Use the Trusted Remote Hosts screens see Section 15 8 on page 311 to import self signed certificates from tru...

Page 292: ...method used to secure the data that you send through an established connection depends on the type of connection For example a VPN tunnel might use the triple DES encryption algorithm The certificati...

Page 293: ...ed CA or trusted remote host certificate into the ZyXEL Device you should verify that you have the actual certificate This is especially true of trusted CA certificates since the ZyXEL Device also tru...

Page 294: ...croll down to the Thumbprint Algorithm and Thumbprint fields Figure 174 Certificate Details 4 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algori...

Page 295: ...yXEL Device has the factory default certificate The factory default certificate is common to all devices of this model ZyXEL recommends that you use this button to replace the factory default certific...

Page 296: ...con to remove the certificate A window displays asking you to confirm that you want to delete the certificate You cannot delete a certificate that one or more features is configured to use Do the foll...

Page 297: ...e 175 on page 295 Click the edit icon to open the My Certificate Details screen Use this screen to view in depth certificate information and change the certificate s name If it is a self signed certif...

Page 298: ...self is the only one in the list The ZyXEL Device does not trust the certificate and displays Not trusted in this field if any certificate on the path has expired or been revoked Refresh Click Refresh...

Page 299: ...th Constraint 1 means that there can only be one certification authority in the certificate s path MD5 Fingerprint This is the certificate s message digest that the ZyXEL Device calculated using the M...

Page 300: ...ard that defines the general syntax for data including digital signatures that may be encrypted The ZyXEL Device currently allows the importation of a PKS 7 file that contains a single certificate PEM...

Page 301: ...abels in this screen 15 4 My Certificate Create Click Security Certificates My Certificates Create to open the My Certificate Create screen Use this screen to have the ZyXEL Device create a Table 97 S...

Page 302: ...mon Name is mandatory The certification authority may add fields such as a serial number to the subject information when it issues a certificate It is recommended that each certificate have unique sub...

Page 303: ...it to send to the certification authority Copy the certification request from the My Certificate Details screen see Section 15 3 on page 297 and then send it to the certification authority Create a ce...

Page 304: ...at you have set the ZyXEL Device to accept as trusted The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being CA Certificate Select the certification a...

Page 305: ...the name used to identify this certificate Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization...

Page 306: ...Issues certificate revocation lists CRL check box in the certificate s details screen to have the ZyXEL Device check the CRL before trusting any certificates issued by the certification authority Othe...

Page 307: ...tion authority s certificate change the certificate s name and set whether or not you want the ZyXEL Device to check a Table 100 Security Certificates Trusted CA Import LABEL DESCRIPTION File Path Typ...

Page 308: ...ficates P 2612HW Series User s Guide 308 certification authority s list of revoked certificates before trusting a certificate issued by the certification authority Figure 181 Security Certificates Tru...

Page 309: ...the certification path Certificate Information These read only fields display detailed information about the certificate Type This field displays general information about the certificate CA signed m...

Page 310: ...s the certificate s message digest that the ZyXEL Device calculated using the MD5 algorithm You can use this value to verify with the certification authority over the phone for example that this is ac...

Page 311: ...te Hosts The following table describes the labels in this screen Table 102 Security Certificates Trusted Remote Hosts LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the...

Page 312: ...tificate has not yet become applicable Valid To This field displays the date that the certificate expires The text displays in red and includes an Expiring or Expired message if the certificate is abo...

Page 313: ...this certificate If you want to change the name type up to 31 characters to identify this key certificate You may use any character not including spaces Certificate Path Click the Refresh button to ha...

Page 314: ...if the certificate has not yet become applicable Valid To This field displays the date that the certificate expires The text displays in red and includes an Expiring or Expired message if the certific...

Page 315: ...cate in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII characters to convert the binary cert...

Page 316: ...certificates that have been saved into the ZyXEL Device If you decide to have the ZyXEL Device check incoming certificates against the issuing certification authority s list of revoked certificates t...

Page 317: ...ding more certificates The index number of the directory server The servers are listed in alphabetical order Name This field displays the name used to identify this directory server Address This field...

Page 318: ...own list box to select the access protocol used by the directory server LDAP Lightweight Directory Access Protocol is a protocol over TCP that specifies how clients access directories of certificates...

Page 319: ...ually a certification authority Back Click Back to return to the Directory Servers screen Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel to quit configuring this s...

Page 320: ...Chapter 15 Certificates P 2612HW Series User s Guide 320...

Page 321: ...Device s LAN interface The ZyXEL Device routes most traffic from A to the Internet through the ZyXEL Device s default gateway R1 You create one static route to connect to services offered by your ISP...

Page 322: ...ter specifies the IP network address of the final destination Routing is always based on network number Netmask This parameter specifies the IP network subnet mask of the final destination Gateway Thi...

Page 323: ...oute Destination IP Address This parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a sub...

Page 324: ...Chapter 16 Static Route P 2612HW Series User s Guide 324...

Page 325: ...the ports Figure 190 802 1Q 1P 17 1 1 What You Can Do in the 802 1Q 1P Screens Use the Group Setting screen Section 17 2 on page 332 to activate 802 1Q 1P specify the management VLAN group display the...

Page 326: ...tagged Frames Each port on the device is capable of passing tagged or untagged frames To forward a frame from an 802 1Q VLAN aware device to an 802 1Q VLAN unaware device the ZyXEL Device first decide...

Page 327: ...into one VLAN VLAN2 and then set them to use a PVC PVC1 with a high priority service level You would start with the following steps 1 Click Advanced 802 1Q 1P Group Setting Edit to display the follow...

Page 328: ...P Group Setting Edit Example To set a high priority for VoIP traffic follow these steps 1 Click Advanced 802 1Q 1P Port Setting to display the following screen 2 Type 2 in the 802 1Q PVID column for L...

Page 329: ...rnet traffic You want to set a lower priority for this type of traffic so you want to group these ports and PVC2 into one VLAN VLAN3 PVC2 priority is set to low level of service SSID1 and SSID2 are tw...

Page 330: ...1Q 1P P 2612HW Series User s Guide 330 Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4 The summary screen should display as follows Figure 194 Advanced 802 1Q 1P Group...

Page 331: ...Chapter 17 802 1Q 1P P 2612HW Series User s Guide 331 The port screen should look like this Figure 195 Advanced 802 1Q 1P Port Setting Example This completes the 802 1Q 1P setup...

Page 332: ...anced 802 1Q 1P Group Setting The following table describes the labels in this screen Table 109 Advanced 802 1Q 1P Group Setting LABEL DESCRIPTION 802 1P 1Q Active Select this check box to activate th...

Page 333: ...ID number of the VLAN group Port Number These columns display the VLAN s settings for each port A tagged port is marked as T an untagged port is marked as U and ports not participating in a VLAN are...

Page 334: ...ls in this screen Table 110 Advanced 802 1Q 1P Group Setting Edit LABEL DESCRIPTION Name Enter a descriptive name for the VLAN group for identification purposes The text may consist of up to 8 letters...

Page 335: ...ber of the VLAN group Select Forbidden if you want to prohibit the port from joining the VLAN group Tx Tag Select Tx Tagging if you want the port to tag all outgoing traffic transmitted through this V...

Page 336: ...valid VID range is between 1 and 4094 The ZyXEL Device assigns the PVID to untagged frames or priority tagged frames received on this port SSID or PVC 802 1P Priority Assign a priority for the traffic...

Page 337: ...ZyXEL Device assigns each packet a priority and then queues the packet accordingly Packets assigned a high priority are processed more quickly than those with low priority if there is congestion allow...

Page 338: ...cket header while DiffServ is a new protocol and defines a new DS field which replaces the eight bit ToS Type of Service field in the IP header Tagging and Marking In a QoS class you can configure whe...

Page 339: ...es User s Guide 339 these two classes are assigned priority queue based on the internal QoS mapping table on the ZyXEL Device Figure 199 QoS Example Figure 200 QoS Class Example VoIP 1 Internet 50 Mbp...

Page 340: ...Chapter 18 Quality of Service QoS P 2612HW Series User s Guide 340 Figure 201 QoS Class Example VoIP 2 Figure 202 QoS Class Example Boss 1...

Page 341: ...HW Series User s Guide 341 Figure 203 QoS Class Example Boss 2 18 2 The QoS General Screen Click Advanced QoS to open the screen as shown next Use this screen to enable or disable QoS and select to ha...

Page 342: ...peed to match the interface s actual transmission speed For example set the WAN interface speed to 100000 kbps if your Internet connection has an upstream transmission speed of 100 Mbps Setting this n...

Page 343: ...llowing screen Figure 205 Advanced QoS Class Setup The following table describes the labels in this screen Apply Click Apply to save your settings back to the ZyXEL Device Cancel Click Cancel to begin...

Page 344: ...criteria specified in this classifier Modify Click the Edit icon to go to the screen where you can edit the classifier Click the Remove icon to delete an existing classifier Apply Click Apply to save...

Page 345: ...lity of Service QoS P 2612HW Series User s Guide 345 18 3 1 The Class Configuration Screen Click the Add button or the Edit icon in the Modify field to configure a classifier Figure 206 Advanced QoS C...

Page 346: ...Routing Table to have the ZyXEL Device use the routing table to find a next hop and forward the matched packets automatically Select To Gateway Address to route the matched packets to the router or s...

Page 347: ...ort number See Appendix E on page 531 for some common services and port numbers MAC Select the check box and enter the source MAC address of the packet MAC Mask Type the mask for the specified MAC add...

Page 348: ...rnet and over TCP IP networks A system running the FTP server accepts commands from a system running an FTP client The service allows users to send commands to the server for uploading and downloading...

Page 349: ...15 Advanced QoS Monitor LABEL DESCRIPTION Priority Queue This shows the priority queue number Traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped...

Page 350: ...owest priority level and seven is the highest 18 5 3 DiffServ QoS is used to prioritize source to destination traffic flows All packets in the flow are given the same priority You can use CoS class of...

Page 351: ...field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward compatible with the three precedence...

Page 352: ...rnal Layer2 and Layer3 QoS Mapping PRIORITY QUEUE LAYER 2 LAYER 3 IEEE 802 1P USER PRIORITY ETHERNET PRIORITY TOS IP PRECEDENCE DSCP IP PACKET LENGTH BYTE 0 1 0 000000 1 2 2 0 0 000000 1100 3 3 1 0011...

Page 353: ...u even if they don t know your IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that wou...

Page 354: ...vanced Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS Service Provider This is the name of your Dynamic DNS service provider Dynamic DNS Ty...

Page 355: ...server auto detect IP Address Select this option only when there are one or more NAT routers between the ZyXEL Device and the DDNS server This feature has the DDNS server automatically detect and use...

Page 356: ...Chapter 19 Dynamic DNS Setup P 2612HW Series User s Guide 356...

Page 357: ...e 209 Remote Management From the WAN Note When you configure remote management to allow management from the WAN you still need to configure a firewall rule to allow access You may manage your ZyXEL De...

Page 358: ...XEL Device Use the SNMP screen Section 20 5 on page 362 to configure your ZyXEL Device s settings for Simple Network Management Protocol management Use the DNS screen Section 20 6 on page 365 to confi...

Page 359: ...than this timeout period The management session does not time out when a statistics screen is polling 20 2 The WWW Screen To change your ZyXEL Device s World Wide Web settings click Advanced Remote MG...

Page 360: ...using this service Select All to allow any computer to access the ZyXEL Device using this service Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL D...

Page 361: ...screen Secured Client IP A secured client is a trusted computer that is allowed to communicate with the ZyXEL Device using this service Select All to allow any computer to access the ZyXEL Device usin...

Page 362: ...management operation Note SNMP is only available if TCP IP is configured Figure 213 SNMP Management Model An SNMP managed network consists of two main types of component agents and a manager Secured C...

Page 363: ...o retrieve an object variable from the agent GetNext Allows the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all element...

Page 364: ...if reboot is done intentionally for example download new files CI command sys reboot 6b For fatal error A trap is sent with the message of the fatal code if the system reboots because of fatal errors...

Page 365: ...Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service SNMP Configuration Get Community Enter the Get Community which is the password f...

Page 366: ...g which prevents the ICMP response packet from being sent This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed Table 124 Remote Management DNS LABEL DESCRIPTION Po...

Page 367: ...and WAN Ping requests Select WLAN WAN to reply to both incoming WLAN and WAN Ping requests Select WLAN LAN to reply to both incoming WLAN and LAN Ping requests Select WLAN to reply to incoming WLAN P...

Page 368: ...guration P 2612HW Series User s Guide 368 Apply Click Apply to save your customized settings and exit this screen Cancel Click Cancel to begin configuring this screen afresh Table 125 Advanced Remote...

Page 369: ...ations to automatically configure the ZyXEL Device 21 1 2 What You Need to Know About UPnP How do I know if I m using UPnP UPnP hardware is identified as an icon in the Network Connections folder Wind...

Page 370: ...e obtained and modified by users in some network environments When a UPnP device joins a network it announces its presence with a multicast message For security reasons the ZyXEL Device allows multica...

Page 371: ...UPnP application to open the web configurator s login screen without entering the ZyXEL Device s IP address although you must still enter the password to access the web configurator Allow users to ma...

Page 372: ...Windows Me Follow the steps below to install the UPnP in Windows Me 1 Click Start and Control Panel Double click Add Remove Programs 2 Click the Windows Setup tab and select Communication in the Compo...

Page 373: ...ication Components 4 Click OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted Installing UPnP in Windows XP Follow the steps below to instal...

Page 374: ...nP P 2612HW Series User s Guide 374 4 The Windows Optional Networking Components Wizard window displays Select Networking Service in the Components selection box and click Details Figure 221 Windows O...

Page 375: ...click Next 21 4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL De...

Page 376: ...Chapter 21 Universal Plug and Play UPnP P 2612HW Series User s Guide 376 2 Right click the icon and select Properties Figure 223 Network Connections...

Page 377: ...sal Plug and Play UPnP P 2612HW Series User s Guide 377 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Figure 224 Internet Conn...

Page 378: ...the port mappings or click Add to manually add port mappings Figure 225 Internet Connection Properties Advanced Settings Figure 226 Internet Connection Properties Advanced Settings Add 5 When the UPnP...

Page 379: ...splay your current Internet connection status Figure 228 Internet Connection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the ZyXEL Device without finding...

Page 380: ...l Plug and Play UPnP P 2612HW Series User s Guide 380 3 Select My Network Places under Other Places Figure 229 Network Connections 4 An icon with the description for each UPnP enabled device displays...

Page 381: ...nd select Invoke The web configurator login screen displays Figure 230 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window d...

Page 382: ...Chapter 21 Universal Plug and Play UPnP P 2612HW Series User s Guide 382...

Page 383: ...383 PART III Maintenance Troubleshooting and Specifications System 385 Logs 391 Tools 413 Diagnostic 433 Troubleshooting 437 Product Specifications 445...

Page 384: ...384...

Page 385: ...tem time 22 1 2 What You Need to Know About System Settings Domain Name This is a network address that identifies the owner of a network connection For example in the network address www zyxel com sup...

Page 386: ...ull computer name field and enter it as the ZyXEL Device System Name Click Maintenance System to open the General screen Figure 232 Maintenance System General The following table describes the labels...

Page 387: ...g it has been left idle not recommended Password Old Password Type the default password or the existing password you use to access the system in this field New Password Type your new system password u...

Page 388: ...SCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device Each time you reload this page the ZyXEL Device synchronizes the time with the time server Current Date T...

Page 389: ...th of your time server Check with your ISP network administrator if you are unsure of this information Time Zone Setup Time Zone Choose the time zone of your location This will set the time difference...

Page 390: ...r and type 2 in the o clock field Daylight Saving Time ends in the European Union on the last Sunday of October All of the time zones in the European Union stop using Daylight Saving Time at the same...

Page 391: ...e is to send logs the schedule for when the ZyXEL Device is to send the logs and which logs and or immediate alerts the ZyXEL Device is to record 23 1 2 What You Need To Know About Logs Alerts and Log...

Page 392: ...box Select a category of logs to view select All Logs to view logs from all of the log categories that you selected in the Log Settings page Email Log Now Click Email Log Now to send the log screen t...

Page 393: ...ion To change your ZyXEL Device s log settings click Maintenance Logs Log Settings The screen appears as shown Alerts are e mailed as soon as they happen Logs may be e mailed as soon as the log is ful...

Page 394: ...fer Protocol is the message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another Select the check box to activate SMTP authentication If mail server a...

Page 395: ...ted categories of logs Log Facility Select a location from the drop down list box The log facility allows you to log the messages to different files in the syslog server Refer to the syslog server man...

Page 396: ...05 17 UDP src port 00520 dest port 00520 1 02 128 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 30 UDP src port 00520 dest port 00520 1 02 End of Firewall Log Table 132 System Mainte...

Page 397: ...MP packet that was too large Configuration Change PC 0x x Task ID 0x x The router is saving configuration changes Successful SSH login Someone has logged on to the router s SSH server SSH login failed...

Page 398: ...nt a message to notify a user that the router blocked access to a web site that the user requested Table 135 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack sent TCP RST The router sent...

Page 399: ...t d rule d Attempted access matched a configured filter rule denoted by its set and rule number and was blocked or forwarded according to the rule Table 137 ICMP Logs LOG MESSAGE DESCRIPTION Firewall...

Page 400: ...gs LOG MESSAGE DESCRIPTION ppp LCP Starting The PPP connection s Link Control Protocol stage has started ppp LCP Opening The PPP connection s Link Control Protocol stage is opening ppp CHAP Opening Th...

Page 401: ...all detected a TCP teardrop attack teardrop UDP The firewall detected an UDP teardrop attack teardrop ICMP type d code d The firewall detected an ICMP teardrop attack illegal command TCP The firewall...

Page 402: ...to authenticate user There is no authentication server to authenticate a user Table 144 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION L to W LAN to WAN ACL set for packets traveling from th...

Page 403: ...ly 0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message Table 146 Syslog Logs LOG MESSAGE DESCRIPTION Facility 8 Severity Mon...

Page 404: ...register server failed Table 148 RTP Logs LOG MESSAGE DESCRIPTION Error RTP init fail The initialization of an RTP session failed Error Call fail RTP connect fail A VoIP phone call failed because the...

Page 405: ...om the listed SIP number VoIP Call Established Ph Phone Port Outgoing Call Number A VoIP phone call was set up from the listed SIP number to the ZyXEL Device VoIP Call End Phone Phone Port A VoIP phon...

Page 406: ...Chapter 23 Logs P 2612HW Series User s Guide 406...

Page 407: ...ry screen Section 24 3 on page 408 to see the details of the calls performed on the ZyXEL Device Use the Call History Settings screen Section 24 4 on page 409 to configure to where the ZyXEL Device is...

Page 408: ...es A triangle indicates ascending or descending sort order Figure 238 Maintenance Call History Call History Table 152 Maintenance Call History Summary LABEL DESCRIPTION Type of Summary This shows the...

Page 409: ...ess specified in the Call History Settings page make sure that you have first filled in the E mail Log Settings fields in Call History Settings Refresh Click Refresh to renew the call history screen C...

Page 410: ...BEL DESCRIPTION E mail Call History Settings Mail Server Enter the server name or the IP address of the mail server for the e mail addresses specified below If this field is left blank logs and alert...

Page 411: ...the week the E mail should be sent If you select When Log is Full an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Call History Use the drop down lis...

Page 412: ...ch day of a month from 1 to 28 on which the Last Month summary of call history displays in the Summary screen starts Apply Click Apply to save your customized settings and exit this screen Cancel Clic...

Page 413: ...ures and functionality You can download new firmware releases from your nearest ZyXEL FTP site or www zyxel com to use to upgrade your device s performance Only use firmware for your device s specific...

Page 414: ...u will need to rename them as the ZyXEL Device only recognizes rom 0 and ras Be sure you keep unaltered copies of both files for later use The following table is a summary Please note that the interna...

Page 415: ...this function erases the current configuration before restoring a previous back up configuration please do not attempt to restore unless you have a backup configuration file stored on disk FTP is the...

Page 416: ...ault is 1234 5 Enter bin to set transfer mode to binary 6 Use put to transfer files from the computer to the device for example put firmware bin ras transfers the firmware on your computer firmware bi...

Page 417: ...t idle timeout default when the file transfer is complete 3 Launch the TFTP client on your computer and connect to the device Set the transfer mode to binary before starting data transfer 4 Use the TF...

Page 418: ...m transfers the configuration file on the ZyXEL Device to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp...

Page 419: ...er will not be interrupted Enter command sys stdio 5 to restore the five minute management idle timeout default when the file transfer is complete 3 Launch the TFTP client on your computer and connect...

Page 420: ...TP clients Refer to Section 25 1 2 on page 413 to read about configurations that disallow TFTP and FTP over WAN 25 2 Firmware Upgrade Screen Click Maintenance Tools to open the Firmware screen Follow...

Page 421: ...Firmware Upgrade LABEL DESCRIPTION Current Firmware Version This is the present Firmware version and the date created File Path Type in the location of the file you want to upload in this field or cli...

Page 422: ...automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 245 Network Temporarily Disconnected After t...

Page 423: ...reen as shown next Figure 247 Maintenance Tools Configuration Backup Configuration Backup Configuration allows you to back up save the ZyXEL Device s current configuration to a file on your computer O...

Page 424: ...k disconnect In some operating systems you may see the following icon on your desktop Figure 249 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change...

Page 425: ...tory Defaults Click the Reset button to clear all user entered configuration information and return the ZyXEL Device to its factory defaults The following warning screen appears Figure 251 Reset Warni...

Page 426: ...ation file to your computer 25 5 1 Using the FTP Commands to Back Up Configuration 1 Launch the FTP client on your computer 2 Enter open followed by a space and the IP address of your ZyXEL Device 3 E...

Page 427: ...d 331 Enter PASS command Password 230 Logged in ftp bin 200 Type I OK ftp get rom 0 zyxel rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp 16384 bytes sent i...

Page 428: ...to binary before starting data transfer 4 Use the TFTP client see the example below to transfer files between the ZyXEL Device and the computer The file name for the configuration file is rom 0 rom ze...

Page 429: ...FTP is faster Please note that you must wait for the system to automatically restart after the file transfer is complete Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE your...

Page 430: ...irmware and configuration To use this feature your computer must have an FTP client The following sections give examples of how to upload the firmware and the configuration files 25 7 1 FTP File Uploa...

Page 431: ...are listed earlier in this chapter Refer to Section on page 414 to read about configurations that disallow TFTP and FTP over WAN 25 7 3 TFTP File Upload The device also supports the uploading of firm...

Page 432: ...e and the device in CI mode before and during the TFTP transfer For details on TFTP commands see following example please consult the documentation of your TFTP client program For UNIX use get to tran...

Page 433: ...hat You Can Do in the Diagnostic Screens Use the General Diagnostic screen Section 26 2 on page 433 to ping an IP address Use the DSL Line Diagnostic screen Section 26 3 on page 434 to view the DSL li...

Page 434: ...n next This screen is not available when you set the WAN mode to Ethernet WAN in the WAN Internet Access Setup screen using the DSL WAN switch Figure 258 Maintenance Diagnostic DSL Line Table 162 Main...

Page 435: ...s the number of ATM cells sent that were rejected inF4Pkts is the number of ATM Operations Administration and Management OAM F4 cells that have been received See ITU recommendation I 610 for more on O...

Page 436: ...the quality of the connection whether a given sub carrier loop has sufficient margins to support certain ADSL transmission rates and possibly to determine whether particular specific types of interfer...

Page 437: ...VoIP 27 2 Power Hardware Connections and LEDs The ZyXEL Device does not turn on None of the LEDs turn on 1 Make sure the ZyXEL Device is turned on 2 Make sure you are using the power adaptor or cord i...

Page 438: ...way for your computer To do this in most Windows computers click Start Run enter cmd and then enter ipconfig The IP address of the Default Gateway might be the IP address of the ZyXEL Device it depend...

Page 439: ...e 29 6 If the problem continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Try to access the ZyXEL Device using another service such as Tel...

Page 440: ...Ds are behaving as expected See the Quick Start Guide and Section 1 4 on page 28 2 Make sure you entered your ISP account information correctly in the wizard These fields are case sensitive so make su...

Page 441: ...that might be interfering with the wireless network for example microwaves other wireless networks and so on 3 Turn the ZyXEL Device off and on 4 If the problem continues contact the network administ...

Page 442: ...1 with both phone ports for outgoing calls and it uses SIP accounts 1 and 2 for incoming calls With this setting you always use SIP account 1 for your outgoing calls and you cannot distinguish which S...

Page 443: ...your SIP account 2 To apply these configuration changes you need to configure the Analog Phone screen See Section 10 5 on page 194 Figure 260 Outgoing Calls Individual Configuration 27 6 2 Incoming C...

Page 444: ...ount 1 and phone port 2 is configured to use SIP account 2 for incoming calls In this case every time you receive a call from your SIP account 1 the phone connected to phone port 1 rings Similarly eve...

Page 445: ...Mbps RJ 45 Ethernet ports DSL Port P 2612HW F1 1 RJ45 DSL Port P 2612HW F3 1 RJ11 DSL Port WAN Port 1 RJ45 WAN Port PHONE Ports 2 RJ 11 FXS POTS ports RESET Button Restores factory defaults WLAN Butt...

Page 446: ...f you decide to revert back to an earlier configuration Network Address Translation NAT Each computer on your network must have its own unique IP address Use NAT to convert your public IP address es t...

Page 447: ...Service You can efficiently manage traffic on your network by reserving bandwidth and giving priority to certain types of traffic and or to particular computers Remote Management This allows you to de...

Page 448: ...for each LAN network Packet Filters Your device s packet filtering function allows added network security and management ADSL Standards Support ITU G 992 1 G dmt EOC specified in ITU T G 992 1 ADSL2 G...

Page 449: ...on Other Protocol Support PPP Point to Point Protocol link layer protocol Transparent bridging for unsupported network layer protocols RIP I RIP II ICMP ATM QoS SNMP v1 and v2c with MIB II support RFC...

Page 450: ...using the command line interpreter Auto Dial You can set the ZyXEL Device to automatically dial a specified number immediately whenever you lift a phone off the hook Use the Web Configurator to set t...

Page 451: ...and assign them to the telephone port Multiple Voice Channels Your device can simultaneously handle multiple voice channels telephone calls Additionally you can answer an incoming phone call on a VoIP...

Page 452: ...he ZyXEL Device is equipped with an attached antenna to provide a clear radio signal between the wireless stations and the access points Multiple SSID Multiple SSID allows the ZyXEL Device to operate...

Page 453: ...32 MAC Address filters IEEE 802 1x External RADIUS server using EAP MD5 TLS TTLS Scheduling lets you set when the WLAN is on Table 168 Standards Supported STANDARD DESCRIPTION RFC 867 Daytime Protocol...

Page 454: ...andard G dmt G 992 1 G 992 1 Asymmetrical Digital Subscriber Line ADSL Transceivers ITU G 992 1 G DMT ITU standard for ADSL using discrete multitone modulation ITU G 992 2 G Lite ITU standard for ADSL...

Page 455: ...cables located inside the wall when drilling holes for the screws 3 Do not screw the screws all the way into the wall Leave a small gap of about 0 5 cm between the heads of the screws and the wall 4...

Page 456: ...t Specifications P 2612HW Series User s Guide 456 The following are dimensions of an M4 tap screw and masonry plug used for wall mounting All measurements are in millimeters mm Figure 264 Masonry Plug...

Page 457: ...pendices and Index Setting Up Your Computer s IP Address 459 Pop up Windows JavaScripts and Java Permissions 485 IP Addresses and Subnetting 495 Wireless LANs 507 Common Services 531 Legal Information...

Page 458: ...458...

Page 459: ...2000 Mac OS 9 OS X and all versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sure...

Page 460: ...Up Your Computer s IP Address P 2612HW Series User s Guide 460 1 Click Start Control Panel Figure 265 Windows XP Start Menu 2 In the Control Panel click the Network Connections icon Figure 266 Window...

Page 461: ...uide 461 3 Right click Local Area Connection and then select Properties Figure 267 Windows XP Control Panel Network Connections Properties 4 On the General tab select Internet Protocol TCP IP and then...

Page 462: ...Select Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP You...

Page 463: ...l Network Connections right click a network connection click Status and then click the Support tab to view your IP address and connection information Windows Vista This section shows screens from Wind...

Page 464: ...Network And Internet 4 Click Manage network connections Figure 273 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then select Properties Figure 274 Windows Vista Net...

Page 465: ...ix A Setting Up Your Computer s IP Address P 2612HW Series User s Guide 465 6 Select Internet Protocol Version 4 TCP IPv4 and then select Properties Figure 275 Windows Vista Local Area Connection Prop...

Page 466: ...cally Select Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or IS...

Page 467: ...can also go to Start Control Panel Network Connections right click a network connection click Status and then click the Support tab to view your IP address and connection information Mac OS X 10 3 and...

Page 468: ...68 2 In the System Preferences window click the Network icon Figure 278 Mac OS X 10 4 System Preferences 3 When the Network preferences pane opens select Built in Ethernet from the network connection...

Page 469: ...ngs select Using DHCP from the Configure IPv4 list in the TCP IP tab Figure 280 Mac OS X 10 4 Network Preferences TCP IP Tab 5 For statically assigned settings do the following From the Configure IPv4...

Page 470: ...of your device Figure 281 Mac OS X 10 4 Network Preferences Ethernet 6 Click Apply Now and close the window Verifying Settings Check your TCP IP properties by clicking Applications Utilities Network...

Page 471: ...2HW Series User s Guide 471 Mac OS X 10 5 The screens in this section are from Mac OS X 10 5 1 Click Apple System Preferences Figure 283 Mac OS X 10 5 Apple Menu 2 In System Preferences click the Netw...

Page 472: ...st of available connection types Figure 285 Mac OS X 10 5 Network Preferences Ethernet 4 From the Configure list select Using DHCP for dynamically assigned settings 5 For statically assigned settings...

Page 473: ...ng Up Your Computer s IP Address P 2612HW Series User s Guide 473 In the Router field enter the IP address of your ZyXEL Device Figure 286 Mac OS X 10 5 Network Preferences Ethernet 6 Click Apply and...

Page 474: ...inux Ubuntu 8 GNOME This section shows you how to configure your computer s TCP IP settings in the GNU Object Model Environment GNOME using the Ubuntu 8 Linux distribution The procedure screens and fi...

Page 475: ...re 288 Ubuntu 8 System Administration Menu 2 When the Network Settings window opens click Unlock to open the Authenticate window By default the Unlock button is greyed out until clicked You cannot mak...

Page 476: ...cate window enter your admin account name and password then click the Authenticate button Figure 290 Ubuntu 8 Administrator Account Authentication 4 In the Network Settings window select the connectio...

Page 477: ...perties In the Configuration list select Automatic Configuration DHCP if you have a dynamic IP address In the Configuration list select Static IP address if you have a static IP address Fill in the IP...

Page 478: ...n the Network Settings window and then enter the DNS server information in the fields provided Figure 293 Ubuntu 8 Network Settings DNS 8 Click the Close button to apply the changes Verifying Settings...

Page 479: ...to configure your computer s TCP IP settings in the K Desktop Environment KDE using the openSUSE 10 3 Linux distribution The procedure screens and file locations may vary depending on your specific d...

Page 480: ...12HW Series User s Guide 480 1 Click K Menu Computer Administrator Settings YaST Figure 295 openSUSE 10 3 K Menu Computer Menu 2 When the Run as Root KDE su dialog opens enter the admin password and c...

Page 481: ...window opens select Network Devices and then click the Network Card icon Figure 297 openSUSE 10 3 YaST Control Center 4 When the Network Settings window opens click the Overview tab select the appropr...

Page 482: ...lick the Address tab Figure 299 openSUSE 10 3 Network Card Setup 6 Select Dynamic Address DHCP if you have a dynamic IP address Select Statically assigned IP Address if you have a static IP address Fi...

Page 483: ...s Guide 483 8 If you know your DNS server IP address es click the Hostname DNS tab in Network Settings and then enter the DNS server information in the fields provided Figure 300 openSUSE 10 3 Networ...

Page 484: ...on the Task bar to check your TCP IP properties From the Options sub menu select Show Connection Information Figure 301 openSUSE 10 3 KNetwork Manager When the Connection Status KNetwork Manager windo...

Page 485: ...net Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Serv...

Page 486: ...in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 304 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers wi...

Page 487: ...2HW Series User s Guide 487 2 Select Settings to open the Pop up Blocker Settings screen Figure 305 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to h...

Page 488: ...k Add to move the IP address to the list of Allowed sites Figure 306 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of th...

Page 489: ...plorer click Tools Internet Options and then the Security tab Figure 307 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that En...

Page 490: ...ick OK to close the window Figure 308 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button...

Page 491: ...ns P 2612HW Series User s Guide 491 5 Click OK to close the window Figure 309 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sur...

Page 492: ...ck OK to close the window Figure 310 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Cl...

Page 493: ...up Windows JavaScripts and Java Permissions P 2612HW Series User s Guide 493 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 312 Mozilla Firefox C...

Page 494: ...Appendix B Pop up Windows JavaScripts and Java Permissions P 2612HW Series User s Guide 494...

Page 495: ...er and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house n...

Page 496: ...logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number I...

Page 497: ...number bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address...

Page 498: ...ng You can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the...

Page 499: ...netting Figure 314 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 2...

Page 500: ...5 255 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 1 1 and...

Page 501: ...Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host ID 192 168 1 65 Broadcast Address 192 168 1 127 Highest Host...

Page 502: ...ght Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 2...

Page 503: ...Address Translation NAT on the ZyXEL Device Once you have decided on the network number pick an IP address for your ZyXEL Device that is easy to remember for instance 192 168 1 1 but make sure that n...

Page 504: ...if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP addre...

Page 505: ...r example if a router is set between a LAN and the Internet WAN the router s LAN and WAN addresses must be on different subnets In the following example the LAN and WAN are on the same subnet The LAN...

Page 506: ...2612HW Series User s Guide 506 The computer cannot access the Internet This problem can be solved by assigning a different IP address to the computer or the router s LAN port Figure 318 Conflicting C...

Page 507: ...ndent network which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an a...

Page 508: ...tended Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called...

Page 509: ...jacent AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially ove...

Page 510: ...ust first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer t...

Page 511: ...onization field in a packet Short preamble increases performance as less time sending preamble means more time for sending data All IEEE 802 11 compliant wireless adapters support long preamble but no...

Page 512: ...ure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device Note You must enable the same wireless security settings on the ZyXEL Device and on all wireless...

Page 513: ...the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is the RADIUS server The RA...

Page 514: ...nd LEAP Your wireless LAN device may not support all authentication types EAP Extensible Authentication Protocol is an authentication protocol that runs on top of the IEEE 802 1x transport mechanism i...

Page 515: ...sive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which impos...

Page 516: ...and WPA2 Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than...

Page 517: ...Pairwise Master Key PMK key to the AP that then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys to encrypt every data packet that is wir...

Page 518: ...ady connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an opera...

Page 519: ...th RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as follows 1 First enter identical passwords into the AP and all wireless clients The Pre Shared Key PSK must...

Page 520: ...each authentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 184 Wireless Security Relational Matrix AUTHENTICAT...

Page 521: ...enna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communication...

Page 522: ...d on a table desk and so on point the antenna up For omni directional antennas mounted on a wall or ceiling point the antenna down For a single AP application place omni directional antennas as close...

Page 523: ...s the network name SSID and security key through an secure connection to the enrollee If you need to make sure that WPS worked check the list of associated wireless clients in the AP s configuration u...

Page 524: ...Log into the configuration utility of the registrar Select the PIN connection mode not the PBC connection mode Locate the place where you can enter the enrollee s PIN if you are using the ZyXEL Device...

Page 525: ...supplies network and security settings and the other device acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Pro...

Page 526: ...evices and the new device Note that the access point AP is not always the registrar and the wireless client is not always the enrollee All WPS certified APs can be a registrar and so can some WPS enab...

Page 527: ...ndomly generates the security information to set up the network since it is unconfigured and has no existing information Figure 327 WPS Example Network Step 1 In step 2 you add another wireless client...

Page 528: ...enrollees and one registrar you must set up the first enrollee by pressing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the...

Page 529: ...ee if this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens...

Page 530: ...Appendix D Wireless LANs P 2612HW Series User s Guide 530...

Page 531: ...her information about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of th...

Page 532: ...Internet Group Management Protocol is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management IRC TCP UDP 666...

Page 533: ...s the message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for...

Page 534: ...Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP 7000 Another videoconferencing...

Page 535: ...of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products...

Page 536: ...onsist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified...

Page 537: ...firewalls 240 ALG 178 452 algorithms 278 alternative subnet mask notation 498 antenna 445 directional 522 gain 521 omni directional 522 anti probing 230 any IP 126 133 447 how it works 134 note 134 AP...

Page 538: ...of Service 215 Class of Service see CoS client server protocol 208 codecs 452 comfort noise generation 195 451 command interface 27 configuration file 413 content filtering 251 447 activation 254 exa...

Page 539: ...thernet 114 PPPoA 114 RFC 1483 114 encryption 517 ESP 278 ESS 508 Europe type call service mode 217 223 Extended Service Set see ESS external accounting server 147 external antenna 452 external authen...

Page 540: ...9 IGMP v2 449 IKE phases 282 importing certificates 301 importing trusted CAs 306 importing trusted remote hosts 315 Independent Basic Service Set see IBSS initialization vector IV 517 inside header 2...

Page 541: ...Size see MBS maximum incomplete 244 Maximum Transmission Unit see MTU MBS 105 111 117 Media Access Control see MAC Media Access Control see MAC Address Message Integrity Check see MIC metric 116 MIB 3...

Page 542: ...daptor 453 power specifications 445 PPP Point to Point Protocol Link Layer Protocol 449 PPP over ATM AAL5 448 PPP over Ethernet 448 PPP over Ethernet see PPPoE PPPoE 100 114 447 benefits 114 preamble...

Page 543: ...rate adaptation 448 secure gateway address 258 security associations see VPN Security Parameter Index 271 security network 246 server 183 389 service set 141 150 Service Set IDentification see SSID S...

Page 544: ...36 traffic redirect 113 119 traffic shaping 117 transparent bridging 449 transport mode 281 triangle route 235 247 solutions 248 trusted CAs and certificates 304 TTLS 453 tunnel mode 281 tutorial NAT...

Page 545: ...g 126 Wired Equivalent Privacy see WEP wireless client configuration 60 profile 63 security 49 512 tutorial 57 wireless client 137 wireless client WPA supplicants 518 Wireless Distribution System see...

Page 546: ...RADIUS application example 518 WPA2 516 user authentication 518 vs WPA2 PSK 517 wireless client supplicant 518 with RADIUS application example 518 WPA2 Pre Shared Key see WPA2 PSK WPA2 PSK 516 517 app...

Page 547: ...Index P 2612HW Series User s Guide 547...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands