Home
/
ZyXEL Communications
/
P-3202HN-Ba
/
User Manual

ZyXEL Communications P-3202HN-Ba, User Manual

Share

Page: 151 / 250

ZyXEL Communications P-3202HN-Ba User Manual Download Page 151

Chapter 12 Firewalls

IAD User’s Guide

151

12.4 The Firewall Threshold Screen

For DoS

attacks, the IAD uses thresholds to determine when to start dropping

sessions that do not become fully established (half-open sessions). These
thresholds apply globally to all sessions.

For TCP, half-open means that the session has not reached the established state-
the TCP three-way handshake has not yet been completed. Under normal
circumstances, the application that initiates a session sends a SYN (synchronize)
packet to the receiving server. The receiver sends back an ACK (acknowledgment)
packet and its own SYN, and then the initiator responds with an ACK
(acknowledgment). After this handshake, a connection is established.

Figure 69

Three-Way Handshake

For UDP, half-open means that the firewall has detected no return traffic. An
unusually high number (or arrival rate) of half-open sessions could indicate a DOS
attack.

12.4.1 Threshold Values

If everything is working properly, you probably do not need to change the
threshold settings as the default threshold values should work for most small
offices. Tune these parameters when you believe the IAD has been receiving DoS
attacks that are not recorded in the logs or the logs show that the IAD is
classifying normal traffic as DoS attacks. Factors influencing choices for threshold
values are:

1

The maximum number of opened sessions.

2

The minimum capacity of server backlog in your LAN network.

3

The CPU power of servers in your LAN network.

4

Network bandwidth.

«
...
149
150
151
152
153
...
»

Summary of Contents for P-3202HN-Ba

Page 1: ...el com www zyxel com P 3202HN Ba 802 11N GPON VoIP IAD Copyright 2009 ZyXEL Communications Corporation Version 1 0 Edition 1 12 2009 Default Login Details IP Address 192 168 1 1 User Name admin Passwo...

Page 2: ......

Page 3: ...setting up your network and configuring for Internet access Web Configurator Online Help The embedded Web Help contains descriptions of individual screens and supplementary information Support Disc Re...

Page 4: ...This contains discussions on ZyXEL products Learn from others who use ZyXEL products and share your experiences as well Customer Support Should problems arise that cannot be solved by the methods lis...

Page 5: ...s denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select...

Page 6: ...Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The IAD icon is not an exact representation of your device IAD Computer Notebook computer Server DSLAM F...

Page 7: ...ope Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is dam...

Page 8: ...Safety Warnings IAD User s Guide 8...

Page 9: ...reens 41 Device Mode Screen 51 WAN 55 LAN Setup 59 Wireless LAN 69 Network Address Translation NAT 101 Voice 117 Phone Usage 129 Firewalls 137 Static Route 159 Quality of Service QoS 163 Dynamic DNS S...

Page 10: ...Contents Overview IAD User s Guide 10...

Page 11: ...ging the IAD 21 1 4 Applications for the IAD 22 1 4 1 Internet Access and Device Mode 22 1 4 2 Internet Calls VoIP 23 1 4 3 Wireless Connection 23 1 4 4 Triple Play 24 1 5 The Reset Button 25 1 5 1 Us...

Page 12: ...verview 51 5 1 1 Hybrid Mode Router Mode 51 5 1 2 Bridge Mode 51 5 2 Device Mode Screen 52 Chapter 6 WAN 55 6 1 Overview 55 6 1 1 What You Need to Know 55 6 2 Internet Access Setup 56 Chapter 7 LAN Se...

Page 13: ...reless Network Overview 90 8 10 2 Additional Wireless Terms 91 8 10 3 Wireless Security Overview 91 8 10 4 WiFi Protected Setup 93 Chapter 9 Network Address Translation NAT 101 9 1 Overview 101 9 1 1...

Page 14: ...The Flash Key 131 11 7 2 Europe Type Supplementary Phone Services 131 11 7 3 USA Type Supplementary Services 133 11 8 Phone Functions Summary 135 Chapter 12 Firewalls 137 12 1 Overview 137 12 1 1 What...

Page 15: ...QoS Monitor Screen 175 14 5 Technical Reference 175 14 5 1 IEEE 802 1Q Tag 176 14 5 2 IP Precedence 176 14 5 3 DiffServ 176 14 5 4 Automatic Priority Queue Assignment 177 Chapter 15 Dynamic DNS Setup...

Page 16: ...198 17 3 Installing UPnP in Windows Example 199 17 4 Using UPnP in Windows XP Example 203 Chapter 18 System 211 18 1 Overview 211 18 1 1 What You Need to Know 211 18 2 General Setup 212 18 3 Time Sett...

Page 17: ...ernet Access 227 22 5 Phone Calls and VoIP 228 Chapter 23 Product Specifications 231 Appendix A Passive Optical Networks 239 Appendix B Setting Up Your Computer s IP Address 245 Appendix C Pop up Wind...

Page 18: ...Table of Contents IAD User s Guide 18...

Page 19: ...19 PART I User s Guide...

Page 20: ...20...

Page 21: ...PCI module for IEEE 802 11b g n wireless LAN connectivity Only use firmware for your IAD s specific model Refer to the label on the bottom of your IAD 1 2 Managing the IAD Use the IAD s built in Web C...

Page 22: ...s and Device Mode Your IAD provides shared Internet access by connecting a fiber optic line provided by your ISP to the PON port In hybrid mode the IAD works as a router You can enable NAT firewall an...

Page 23: ...proxy server Calls via a VoIP service provider A The IAD sends your call to a VoIP service provider s SIP server which forwards your calls to either VoIP or PSTN phones 1 4 3 Wireless Connection By d...

Page 24: ...off or vice versa Activate WPS 1 Make sure the POWER LED is on not blinking 2 Press the WPS WLAN button for more than five seconds and release it Press the WPS button on another WPS enabled device wit...

Page 25: ...k of the device to reload the factory default configuration file This means that you will lose all configurations that you had previously and the password will be reset to 1234 1 5 1 Using the Reset B...

Page 26: ...has not established a PON connection with the ISP or the fiber optic line is down Blinking The IAD is in the process of downloading firmware Red On The IAD PON link has failed or has generated errors...

Page 27: ...ation failed Off The IAD does not have an IP connection or the IAD is in bridge mode PHONE 1 2 Green On A SIP account is registered for the phone port Blinking A telephone connected to the phone port...

Page 28: ...Chapter 1 Introduction IAD User s Guide 28...

Page 29: ...o use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java pe...

Page 30: ...not yet changed your password It is strongly recommended you change the default password Enter a new password of up to 30 characters retype it to confirm and click Apply alternatively click Ignore to...

Page 31: ...tion panel C main window D status bar 2 2 1 Title Bar The title bar allows you to change the language and provides some icons in the upper right corner The icons provide the following functions A B C...

Page 32: ...s screen to use WPS to set up your wireless network MAC Filter Use this screen to configure MAC filtering rules QoS Use this screen to enable WMM QoS Wi Fi MultiMedia Quality of Service WMM QoS allows...

Page 33: ...the IAD SSH Use this screen to configure Secure SHell SSH connections to and from the IAD ICMP Use this screen to set whether or not your device will respond to pings and probes for services that you...

Page 34: ...nd configuration fields It is discussed in the rest of this document Right after you log in the Status screen is displayed See Chapter 4 on page 41 for more information about the Status screen 2 2 4 S...

Page 35: ...o the Web Configurator at its default IP address as described in Section 2 2 on page 31 This is where you configure all available settings related to your device and its network connections You will m...

Page 36: ...with a third party SIP provider To configure your SIP settings 1 Connect to the Web Configurator see the Quick Start Guide for details 2 Open the VoIP SIP screen enter the following information then...

Page 37: ...unt Select this to make the current SIP account active If you do not select this option then you cannot use the settings configured here for the selected SIP account Number Enter your SIP number If yo...

Page 38: ...your IAD For Incoming Calls you can assign multiple SIP accounts to a single phone This means any call sent to the selected SIP account is forwarded to the phone chosen in Phone Port Settings Click A...

Page 39: ...39 PART II Technical Reference...

Page 40: ...40...

Page 41: ...41 CHAPTER 4 Status Screens 4 1 Overview Use the Status screens to look at the current status of the device system resources interfaces LAN and WAN and SIP accounts You can also register and unregist...

Page 42: ...reens IAD User s Guide 42 4 2 Status Screen Click Status to open this screen The screen varies slightly depending on the IAD s device mode See Chapter 5 on page 51 for more information Figure 9 Status...

Page 43: ...IPTION Refresh Interval Enter how often you want the IAD to update this screen Apply Click this to update this screen immediately Device Information Host Name This field displays the IAD system name I...

Page 44: ...ays the current subnet mask in the LAN DHCP This field displays what DHCP services the IAD is providing to the LAN Choices are Server The IAD is a DHCP server in the LAN It assigns IP addresses to oth...

Page 45: ...terface This column displays each interface the IAD has Status This field indicates whether or not the IAD is using the interface For the WAN interface this field displays Up when the IAD is using the...

Page 46: ...unt s registration in the SIP server This does not cancel your SIP account but it deletes the mapping between your SIP identity and your IP address or domain name If the SIP account is not registered...

Page 47: ...ovider Name This field displays the VoIP service provider s name that you specified in the VoIP SIP SIP Service Provider screen URI This field displays the account number and service domain of the SIP...

Page 48: ...ys the last number that called the SIP account The field is blank if no number has ever dialed the SIP account Last Outgoing Number This field displays the last number the SIP account called The field...

Page 49: ...use to receive calls on this phone port Poll Interval s Enter how often you want the IAD to update this screen and click Set Interval Set Interval Click this to make the IAD update the screen based o...

Page 50: ...Chapter 4 Status Screens IAD User s Guide 50...

Page 51: ...d the WAN IP address The router can use NAT to translate the packet s source IP address before forwarding it from the LAN to the WAN or from the LAN to the WAN Figure 13 LAN and WAN IP Addresses in Hy...

Page 52: ...reen The IAD restarts automatically after you select a different device mode and click Apply Figure 15 Device Mode Screen The following table lists the features available for each device mode WAN LAN...

Page 53: ...The information in this table was correct at the time of writing although it may be subject to change Phone Book Y Y VoIP Status Y Y Firewall Y Static Route Y Bandwidth MGMT Y Dynamic DNS Y Remote MGM...

Page 54: ...Chapter 5 Device Mode Screen IAD User s Guide 54...

Page 55: ...wireless etc connection The PPPoE option is for a dial up connection using PPPoE For the service provider PPPoE offers an access and authentication method that works with existing access control syst...

Page 56: ...disabled if you have either a dynamic or static IP However the encapsulation method assigned influences your choices for IP address and ENET ENCAP gateway 6 2 Internet Access Setup Use this screen to...

Page 57: ...Service Name Type the name of your PPPoE service here IP Address A static IP address is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP assigns you a different one each ti...

Page 58: ...r DNS server on your LAN or else the computers must have their DNS server addresses manually configured If you do not configure a DNS server you must know the IP address of a computer in order to acce...

Page 59: ...e a LAN DHCP server and manage IP addresses See Section 7 4 on page 63 to configure the LAN screens 7 1 1 LANs WANs and the ZyXEL Device The actual physical connection determines whether the IAD ports...

Page 60: ...of an information sheet when you sign up If your ISP gives you DNS server addresses enter them in the DNS Server fields in the DHCP Setup screen Some ISPs choose to disseminate the DNS server addresse...

Page 61: ...re reserved In other words the first three numbers specify the network number while the last number identifies an individual computer on that network Once you have decided on the network number pick a...

Page 62: ...eived The Version field controls the format and the broadcasting method of the RIP packets that the IAD sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries...

Page 63: ...ll directly connected networks to gather group membership After that the IAD periodically updates this information IP multicasting can be enabled disabled on the IAD LAN and or WAN interfaces in the W...

Page 64: ...stablish membership in a multicast group The IAD supports both IGMP version 1 IGMP v1 and IGMP v2 Select None to disable it DHCP Setup DHCP If set to Server your IAD can assign IP addresses an IP defa...

Page 65: ...e after you click Apply If you set a second choice to UserDefined and enter the same IP address the second UserDefined changes to None after you click Apply Select DNS Relay to have the IAD act as a D...

Page 66: ...re firewall rules to control access between the LAN s logical networks subnets Note Make sure that the subnets of the logical networks do not overlap Table 10 LAN Client List LABEL DESCRIPTION This is...

Page 67: ...he check box to configure another LAN network for the IAD IP Address Enter the IP address of your IAD in dotted decimal notation Alternatively click the right mouse button to copy and or paste the IP...

Page 68: ...Chapter 7 LAN Setup IAD User s Guide 68...

Page 69: ...etwork Wireless LAN screens Use these screens to set up your IAD s wireless connection The General screen lets you turn the wireless connection on or off set up wireless security and make other basic...

Page 70: ...not require a license to use However wireless networking is different from that of most traditional radio communications in that there a number of wireless networking standards available with differen...

Page 71: ...can use a wireless data network or understand the data carried on it These security standards do two things First they authenticate This means that only people presenting the right credentials often...

Page 72: ...ch as electric motors or microwaves Problems with absorption occur when physical objects such as thick walls are between the two radios muffling the signal 8 3 Before You Begin Before you start using...

Page 73: ...s LAN General The following table describes the labels in this screen Table 12 Network Wireless LAN General LABEL DESCRIPTION Active Wireless LAN Click the check box to activate wireless LAN Channel S...

Page 74: ...IDentity identifies the service set with which a wireless device is associated Wireless devices associating to the access point AP must have the same SSID Enter a descriptive name up to 32 printable 7...

Page 75: ...uthentication Note If you do not enable any wireless security on your IAD your network is accessible to any wireless networking device that is within range Figure 24 Wireless LAN General No Security T...

Page 76: ...LAN to display the General screen Select WEP from the Security Mode list Figure 25 Wireless LAN General Static WEP Encryption The following table describes the wireless LAN security labels in this scr...

Page 77: ...ncryption Key 1 to Key 4 The WEP key is used to secure your data from eavesdropping by unauthorized wireless users Both the IAD and the wireless stations must use the same WEP key for data transmissio...

Page 78: ...e when you select this option Security Mode Choose WPA PSK or WPA2 PSK from the drop down list box Active Compatible This field is only available for WPA2 PSK Select this if you want the IAD to suppor...

Page 79: ...ireless LAN General WPA 2 LABEL DESCRIPTION Security Mode Choose WPA or WPA2 from the drop down list box Active Compatible This field is only available for WPA2 Select this if you want the IAD to supp...

Page 80: ...ect WPA2 Specify how often wireless clients have to resend usernames and passwords in order to stay connected Enter a time interval between 10 and 2147483647 seconds Note If wireless client authentica...

Page 81: ...SCRIPTION MAC Restrict Mode Define the filter action for the list of MAC addresses in the table below Select Disabled to turn off MAC address filtering Select Allow to permit access to the IAD MAC add...

Page 82: ...rs for example 12 34 56 78 9a bc Back Click this to return to the previous screen without saving changes Apply Click this to save your changes and go back to the previous screen Table 19 Network Wirel...

Page 83: ...lds in this screen 8 6 The WPS Screen Use this screen to configure WiFi Protected Setup WPS on your IAD WPS allows you to quickly set up a wireless network with strong security without having to confi...

Page 84: ...D create a new PIN WPS Status This displays Configured when the IAD has connected to a wireless network using WPS or Enable WPS is selected and wireless or wireless security settings have been changed...

Page 85: ...ss LAN WPS Station LABEL DESCRIPTION Push Button Click this button to add another WPS enabled wireless device within wireless range of the IAD to your wireless network This button may either be a phys...

Page 86: ...vices is made Note You cannot use WDS when WPS is enabled or wireless security is set to WPA or WPA2 The wireless security settings apply to both WDS links and the connections between the ZyXEL Device...

Page 87: ...dress manually in the table below Select Enabled Scan to turn on WDS search and display the available APs within range in the table below Remote Bridges MAC Address Enter the MAC address of the peer d...

Page 88: ...is is the maximum data fragment size that can be sent Enter a value between 256 and 2432 Number of Wireless Stations Allowed Specify the maximum number from 1 to 64 of the wireless stations that may c...

Page 89: ...ces Select 802 11 b g n mixed mode to allow both IEEE802 11b IEEE802 11g and IEEE802 11n compliant WLAN devices to associate with the IAD The transmission rate of your IAD might be reduced 802 11 Prot...

Page 90: ...must follow these basic guidelines Every device in the same wireless network must use the same SSID The SSID is the name of the wireless network It stands for Service Set IDentity If two wireless netw...

Page 91: ...n using twelve hexadecimal Table 24 Additional Wireless Terms TERM DESCRIPTION RTS CTS Threshold In a wireless network which covers a large area wireless devices are sometimes not aware of each other...

Page 92: ...u can make every user log in to the wireless network before they can use it However every device in the wireless network has to support IEEE 802 1x to do this For wireless networks you can store the u...

Page 93: ...still possible for unauthorized wireless devices to figure out the original information pretty quickly When you select WPA2 or WPA2 PSK in your IAD you can also select an option WPA compatible to sup...

Page 94: ...n to the physical button Take the following steps to set up WPS using the button 1 Ensure that the two devices you want to set up are within wireless range of one another 2 Look for a WPS button on ea...

Page 95: ...he PIN method 1 Ensure WPS is enabled on both devices 2 Access the WPS section of the AP s configuration interface See the device s User s Guide for how to do this 3 Look for the client s WPS PIN it w...

Page 96: ...acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PS...

Page 97: ...All WPS certified APs can be a registrar and so can some WPS enabled wireless clients By default a WPS devices is unconfigured This means that it is not part of an existing network and can act as eith...

Page 98: ...k Step 1 In step 2 you add another wireless client to the network You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must co...

Page 99: ...e WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devices Ho...

Page 100: ...his has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open t...

Page 101: ...gs Use the Port Forwarding screen Section 9 3 on page 104 to configure forward incoming service requests to the server s on your local network Use the Address Mapping screen Section 9 4 on page 108 to...

Page 102: ...NAT on the LAN servers for example web or FTP that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world SUA Single...

Page 103: ...T sessions a single client can establish this can result in all of the available NAT sessions being used In this case no additional NAT sessions can be established and users may not be able to access...

Page 104: ...ppendix F on page 313 Please refer to RFC 1700 for further information about port numbers Note Many residential broadband ISP accounts do not allow you to run any server processes such as a Web or FTP...

Page 105: ...re 44 Network NAT Port Forwarding The following table describes the fields in this screen A 192 168 1 33 D 192 168 1 36 C 192 168 1 35 B 192 168 1 34 WAN LAN 192 168 1 1 IP Address assigned by ISP Tab...

Page 106: ...This is the first external port number that identifies a service End Port This is the last external port number that identifies a service Port Translation Start Port This is the first internal port nu...

Page 107: ...o identify this port forwarding rule Protocol Select the transport layer protocol supported by this virtual server Choices are TCP UDP or ALL Start Port Enter the original destination port for the pac...

Page 108: ...dress mapping settings click Network NAT Address Mapping to open the following screen Figure 46 Network NAT Address Mapping Port Translation Enter the port number here to which you want the IAD to tra...

Page 109: ...lobal IP Address IGA This field is for One to one Many to One and Server mapping types Type 1 1 One to one mode maps one local IP address to one global IP address Note that port numbers do not change...

Page 110: ...ZyXEL routers supported only Many to Many Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addresses Many to Many No Overload Many to Many No Overload mode map...

Page 111: ...h field is described in the following table Server Mapping Set Only available when Type is set to Server Select a number from the drop down menu to choose a port forwarding set Edit Details Click this...

Page 112: ...st when the packet is on the WAN side The following table summarizes this information NAT never changes the IP address either local or global of an outside host 9 6 2 What NAT Does In the simplest for...

Page 113: ...ess on the WAN For incoming packets the ILA is the destination address on the LAN and the IGA is the destination address on the WAN NAT maps private local IP addresses to globally unique ones required...

Page 114: ...mode the IAD maps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL rout...

Page 115: ...tination port number or a range of port numbers of packets coming from the WAN to another destination port number or range of port numbers on the local network When you use port forwarding without por...

Page 116: ...port 80 and sends it to server A IP address 192 168 1 33 The IAD also translates port 8100 of traffic received on the WAN port also IP address a b c d to port 80 but sends it to server B IP address 1...

Page 117: ...vanced voice coding techniques with compression to reduce the required bandwidth 10 1 1 What You Need to Know The following terms and concepts may help as you read through this chapter SIP The Session...

Page 118: ...der com for example SIP Service Domain The SIP service domain of the VoIP service provider is the domain name in a SIP URI For example if the SIP address is 1122334455 VoIP provider com then VoIP prov...

Page 119: ...r the SIP server s listening port number if your VoIP service pro vider gave you one Otherwise keep the default value REGISTER Server Address Enter the IP address or domain name of the SIP register se...

Page 120: ...ions for the account are blocked The IAD automatically tries to re register your SIP account when one half of this time has passed The SIP register server might have a different expiration which takes...

Page 121: ...t number enter the port number in the Start Port and End Port fields To enter a range of ports enter the port number at the beginning of the range in the Start Port field enter the port number at the...

Page 122: ...you do not want the IAD to use this account Number Enter your SIP number In the full SIP URI this is the part before the symbol You can use up to 50 printable English keyboard characters Authenticatio...

Page 123: ...D User s Guide 123 10 3 1 Advanced Account Settings Use this screen to maintain advanced settings for each SIP account Click Advanced in VoIP SIP SIP Account The following screen displays Figure 55 SI...

Page 124: ...Active VAD Select this if the IAD should transmit smaller packets when you are not speaking This reduces the bandwidth used Call Feature Call features are described in detail in Chapter 11 on page 12...

Page 125: ...Account Association Select a SIP account for all outgoing calls on this port to use SIP Number Indicates the SIP number associated with this account Click it to open the SIP Account screen where you...

Page 126: ...screen click VoIP Phone Book Speed Dial Figure 57 Phone Book Speed Dial Each field is described in the following table Table 39 Phone Book Speed Dial LABEL DESCRIPTION Speed Dial Use this section to c...

Page 127: ...domain name of the SIP server or other party This field corresponds with the Type field in the Speed Dial section Modify Use this field to edit or erase the speed dial entry Click the Edit icon to cop...

Page 128: ...Chapter 10 Voice IAD User s Guide 128...

Page 129: ...the speed dial entry on your telephone s keypad Use your VoIP service provider s dialing plan to call regular telephone numbers 11 3 Using Speed Dial After configuring the speed dial entry and adding...

Page 130: ...iver 11 6 Auto Provisioning and Auto Firmware Upgrade If your service provider uses an auto provisioning server to set up your device you must first authenticate your IAD with the auto provisioning se...

Page 131: ...y Flashing means to press the hook for a short period of time a few hundred milliseconds before releasing it On newer telephones there should be a flash key button that generates the signal electronic...

Page 132: ...allows you to place a call on hold while you answer another incoming call on the same telephone directory number If there is a second call to a telephone number you will hear a call waiting tone Take...

Page 133: ...e second party answers it hang up the phone 11 7 2 4 European Three Way Conference Use the following steps to make three way conference calls 1 When you are on the phone talking to someone press the f...

Page 134: ...directory number If there is a second call to your telephone number you will hear a call waiting tone Press the flash key to put the first call on hold and answer the second call 11 7 3 3 USA Call Tr...

Page 135: ...flash key This time the party B is on line and party A is on hold 11 8 Phone Functions Summary The following table shows the key combinations you can enter on your phone s keypad to use certain featur...

Page 136: ...ge 133 USA type 41 Disable call waiting 21 Enable call forward Use these to allow you to use the call forwarding tables you set in the IAD or to turn this function off 21 Disable call forward 22 Uncon...

Page 137: ...your LAN computers to go to all of the networks blocks traffic that originates on the other networks from going to the LAN The following figure illustrates the default firewall action User A can initi...

Page 138: ...rom an untrusted network The IAD firewall is a stateful inspection firewall and restricts access by screening data packets against defined access rules The IAD physically separates the LAN and the WAN...

Page 139: ...uters on the WAN from managing the IAD or using the IAD as a gateway to communicate with other computers on the WAN You could configure one of these rules to allow a WAN computer to manage the IAD Not...

Page 140: ...o LAN in the Packet Direction field 3 Select the index number after that you want to add the rule For example if you select 6 your new rule becomes number 7 and the previous rule 7 if there is one bec...

Page 141: ...60 Edit Custom Port Example 7 Select Any in the Destination Address List box and then click Delete 8 Configure the destination address screen as follows and click Add Figure 61 Firewall Example Edit R...

Page 142: ...w up with an before their names in the Services list box and the Rules list box Figure 62 Firewall Example Edit Rule Select Customized Services On completing the configuration procedure for this Inter...

Page 143: ...10 1 1 10 through 10 1 1 15 on the LAN Figure 63 Firewall Example Rules MyService 12 2 The Firewall General Screen Click Security Firewall to display the following screen Activate the firewall by sele...

Page 144: ...packets LAN to LAN Router LAN to WAN WAN to WAN Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they apply For example LAN to LAN Router means packet...

Page 145: ...unt of space used is over 80 the bar is red Packet Direction Use the drop down list box to select a direction of travel of packets for which you want to configure firewall rules Create a new rule afte...

Page 146: ...an ICMP destination unreachable message to the sender Reject or allows the passage of packets Permit Schedule This field tells you whether a schedule is specified Yes or not No Log This field shows y...

Page 147: ...ser s Guide 147 In the Rules screen select an index number and click Add or click a rule s Edit icon to display this screen and refer to the following table for information on the labels Figure 66 Sec...

Page 148: ...nges of addresses and or subnets Edit To edit an existing source or destination address select it from the box and click Edit Delete Highlight an existing source or destination address from the Source...

Page 149: ...ble describes the labels in this screen Send Alert Message to Administrator When Matched Select the check box to have the IAD generate an alert when the rule is matched Back Click Back to return to th...

Page 150: ...46 Security Firewall Rules Edit Edit Customized Services LABEL DESCRIPTION Table 47 Security Firewall Rules Edit Edit Customized Services Config LABEL DESCRIPTION Service Name Type a unique name for...

Page 151: ...ledgment After this handshake a connection is established Figure 69 Three Way Handshake For UDP half open means that the firewall has detected no return traffic An unusually high number or arrival rat...

Page 152: ...The global values specified for the threshold and timeout apply to all TCP connections Click Firewall Threshold to bring up the next screen Figure 70 Security Firewall Threshold The following table de...

Page 153: ...than the current Maximum Incomplete Low number For example if you set the maximum incomplete high to 100 the IAD starts deleting half open sessions when the number of existing half open sessions rises...

Page 154: ...he services at specific interfaces 6 Protect against IP spoofing by making sure the firewall is active 7 Keep the firewall in a secured locked room 12 5 2 Security Considerations Note Incorrectly conf...

Page 155: ...2 5 3 1 The Triangle Route Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices You may have more than one connection to the Internet through one or mor...

Page 156: ...logical sections over the same Ethernet interface Your IAD supports up to three logical LAN interfaces with the IAD being the gateway for each logical network It s like having multiple LAN networks t...

Page 157: ...Chapter 12 Firewalls IAD User s Guide 157 4 The IAD then sends it to the computer on the LAN in Subnet 1 Figure 73 IP Alias 1 2 3 LAN A ISP 1 ISP 2 4 WAN Subnet 1 Subnet 2...

Page 158: ...Chapter 12 Firewalls IAD User s Guide 158...

Page 159: ...to the IAD s LAN interface The IAD routes most traffic from A to the Internet through the IAD s default gateway R1 You create one static route to connect to services offered by your ISP behind router...

Page 160: ...specifies the IP network address of the final destination Routing is always based on network number Netmask This parameter specifies the IP network subnet mask of the final destination Gateway This i...

Page 161: ...tion IP Address This parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of...

Page 162: ...Chapter 13 Static Route IAD User s Guide 162...

Page 163: ...formed for a classified traffic flow The IAD assigns each packet a priority and then queues the packet accordingly Packets assigned a high priority are processed more quickly than those with low prior...

Page 164: ...hnologies include IEEE 802 1p layer 2 tagging and DiffServ Differentiated Services or DS IEEE 802 1p tagging makes use of three bits in the packet header while DiffServ is a new protocol and defines a...

Page 165: ...them run more smoothly Similarly give low priority to many large file downloads so that they do not reduce the quality of other applications WAN Managed Bandwidth Enter the amount of bandwidth for the...

Page 166: ...Traffic priority will be automatical ly assigned by These fields are ignored if traffic matches a class you configured in the Class Setup screen If you select ON and traffic does not match a class con...

Page 167: ...lassifiers are applied in turn Active Select the check box to enable this classifier Name This is the name of the classifier Interface This shows the interface from which traffic of this classifier sh...

Page 168: ...Chapter 14 Quality of Service QoS IAD User s Guide 168 14 3 1 Class Configuration Click the Add button or the Edit icon in the Modify field to configure a classifier Figure 79 QoS Class Configuration...

Page 169: ...e Gateway Address field WAN Index This field in not configurable at the time of writing Gateway Address Enter the IP address of the gateway which should be a router or switch on the same segment as th...

Page 170: ...3 49 00 00 00 and the mask to ff ff ff 00 00 00 a packet with a MAC address of 00 13 49 12 34 56 matches this criteria Exclude Select this option to exclude the packets that match the specified criter...

Page 171: ...unning an FTP client The service allows users to send commands to the server for uploading and downloading files Select the check box and select FTP from the drop down list box to configure this class...

Page 172: ...uality of Service QoS IAD User s Guide 172 two classes are assigned priority queue based on the internal QoS mapping table on the IAD Figure 80 QoS Example 50 Mbps Ethernet VoIP Queue 6 Boss Queue 5 I...

Page 173: ...Chapter 14 Quality of Service QoS IAD User s Guide 173 Figure 81 QoS Class Example VoIP...

Page 174: ...Chapter 14 Quality of Service QoS IAD User s Guide 174 Figure 82 QoS Class Example Boss...

Page 175: ...onitor LABEL DESCRIPTION Priority Queue This shows the priority queue number Traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network i...

Page 176: ...priority level and seven is the highest 14 5 3 DiffServ QoS is used to prioritize source to destination traffic flows All packets in the flow are given the same priority You can use CoS class of servi...

Page 177: ...llustrates the DS field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping Th...

Page 178: ...0 4 4 2 010110 010100 010010 010000 5 5 3 011110 011100 011010 011000 250 6 6 4 100110 100100 100010 100000 5 101110 101000 7 7 6 110000 111000 7 Table 56 Internal Layer2 and Layer3 QoS Mapping PRIORI...

Page 179: ...irst of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dyn...

Page 180: ...p Active Dynamic DNS Select this check box to use dynamic DNS Service Provider Select the name of your Dynamic DNS service provider Dynamic DNS Type Select the type of service that you are registered...

Page 181: ...date the IP address of the host name to the WAN IP address Dynamic DNS server auto detect IP Address Select this option only when there are one or more NAT routers between the IAD and the DDNS server...

Page 182: ...Chapter 15 Dynamic DNS Setup IAD User s Guide 182...

Page 183: ...anagement From the WAN Note When you configure remote management to allow management from the WAN you still need to configure a firewall rule to allow access You may manage your IAD from a remote loca...

Page 184: ...address es users can use FTP to access the IAD Use the SNMP screen Section 16 5 3 on page 190 to configure your IAD s settings for Simple Network Management Protocol management Use the DNS screen Sec...

Page 185: ...n configuring from the WAN Use the IAD s LAN IP address when configuring from the LAN System Timeout There is a default system management idle timeout of five minutes three hundred seconds The IAD aut...

Page 186: ...rver port number for a service if needed however you must use the same port number in order to use that service for remote management Access Status Select the interface s through which a computer may...

Page 187: ...Figure 88 Remote Management FTP Table 59 Remote Management Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number in ord...

Page 188: ...emote Management FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management A...

Page 189: ...t a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents t...

Page 190: ...5 2 SNMP Traps The IAD will send traps to the SNMP manager when any one of the following events occurs 16 5 3 The SNMP Screen To change your IAD s SNMP settings click Advanced Remote MGMT SNMP The scr...

Page 191: ...service Select All to allow any computer to access the IAD using this service Choose Selected to just allow the computer with the IP address that you specify to access the IAD using this service SNMP...

Page 192: ...to know the IAD exists Your IAD supports anti probing which prevents the ICMP response packet from being sent This keeps outsiders from discovering your IAD when unsupported ports are probed Table 63...

Page 193: ...LAN Ping requests Select WAN to reply to incoming WAN Ping requests Otherwise select LAN WAN to reply to both incoming LAN and WAN Ping requests Do not respond to requests for unauthorized services S...

Page 194: ...een two remote hosts Figure 93 How SSH Works 1 Host Identification The SSH client sends a connection request to the SSH server The server identifies itself with a host key The client encrypts a random...

Page 195: ...uthentication and three encryption methods DES 3DES and Blowfish The SSH server is implemented on the IAD for remote SMT management and file transfer on port 22 Only one SSH connection is allowed at a...

Page 196: ...mber for a service if needed however you must use the same port number in order to use that service for remote management Access Status Select the interface s through which a computer may access the I...

Page 197: ...ions to automatically configure the IAD 17 1 2 What You Need to Know How do I know if I m using UPnP UPnP hardware is identified as an icon in the Network Connections folder Windows XP Each UPnP compa...

Page 198: ...e network environments When a UPnP device joins a network it announces its presence with a multicast message For security reasons the IAD allows multicast messages on the LAN only All UPnP enabled dev...

Page 199: ...ctivate UPnP Be aware that anyone could use a UPnP application to open the web configurator s login screen without entering the IAD s IP address although you must still enter the password to access th...

Page 200: ...lect Communication in the Components selection box Click Details Figure 96 Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box i...

Page 201: ...Next 5 Restart the computer when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 I...

Page 202: ...Play UPnP IAD User s Guide 202 4 The Windows Optional Networking Components Wizard window displays Select Networking Service in the Components selection box and click Details Figure 99 Windows Optiona...

Page 203: ...dow and click Next 17 4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the I...

Page 204: ...Chapter 17 Universal Plug and Play UPnP IAD User s Guide 204 2 Right click the icon and select Properties Figure 101 Network Connections...

Page 205: ...Universal Plug and Play UPnP IAD User s Guide 205 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Figure 102 Internet Connection...

Page 206: ...rt mappings or click Add to manually add port mappings Figure 103 Internet Connection Properties Advanced Settings Figure 104 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabl...

Page 207: ...n to display your current Internet connection status Figure 106 Internet Connection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the IAD without finding o...

Page 208: ...iversal Plug and Play UPnP IAD User s Guide 208 3 Select My Network Places under Other Places Figure 107 Network Connections 4 An icon with the description for each UPnP enabled device displays under...

Page 209: ...d select Invoke The web configurator login screen displays Figure 108 Network Connections My Network Places 6 Right click on the icon for your IAD and select Properties A properties window displays wi...

Page 210: ...Chapter 17 Universal Plug and Play UPnP IAD User s Guide 210...

Page 211: ...me is for identification purposes However because some ISPs check this name you should enter your computer s Computer Name In Windows 2000 click Start Settings Control Panel and then double click Syst...

Page 212: ...t session either via the web configurator or telnet can be left idle before the session times out The default is 5 minutes After it times out you have to log in with your password again Very long idle...

Page 213: ...his field displays the date of your IAD Each time you reload this page the IAD synchronizes the date with the time server Time and Date Setup Get from Time Server Select this radio button to have the...

Page 214: ...Chapter 18 System IAD User s Guide 214...

Page 215: ...have the IAD send them to an administrator as e mail or to a syslog server 19 2 View Log Click Maintenance Logs to open the View Log screen Use this screen to see the logs for the categories that you...

Page 216: ...ent login This indicates a message from the login server udhcpc This indicates a log message from the device s DHCP server dnsmasq This indicates a log message from the device s DNS forwarder PPPD Thi...

Page 217: ...ance Logs Log Settings Figure 113 Log Settings The following table describes the fields in this screen Table 70 Log Settings LABEL DESCRIPTION Active Log Log Type Select the type of log you want to be...

Page 218: ...Chapter 19 Logs IAD User s Guide 218...

Page 219: ...r misconfigure the device you can upload the backed up configuration file to return to your previous settings You can alternately upload the factory default configuration file if you want to return th...

Page 220: ...ally restarts in this time causing a temporary network disconnect After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful the following...

Page 221: ...file before making configuration changes The backup configuration file will be useful in case you need to return to your previous settings Click Backup to save the IAD s current configuration to your...

Page 222: ...for details on how to set up your computer s IP address If the upload was not successful the following screen will appear Click Return to go back to the Configuration screen 20 3 3 Reset to Factory De...

Page 223: ...neral Click Maintenance Diagnostic to open the screen shown next Figure 117 Diagnostic General The following table describes the fields in this screen Table 73 General LABEL DESCRIPTION TCP IP Address...

Page 224: ...Chapter 21 Diagnostic IAD User s Guide 224...

Page 225: ...n Internet Access Phone Calls and VoIP 22 2 Power Hardware Connections and LEDs The IAD does not turn on None of the LEDs turn on 1 Make sure the IAD is turned on 2 Make sure you are using the power a...

Page 226: ...changed the IP address and have forgotten it you might get the IP address of the IAD by looking up the IP address of the default gateway for your computer To do this in most Windows computers click S...

Page 227: ...see the Login screen but I cannot log in to the IAD 1 Make sure you have entered the user name and password correctly The default user name is admin These fields are case sensitive so make sure Caps...

Page 228: ...on page 26 2 Turn the IAD off and on 3 If the problem continues contact your ISP The Internet connection is slow or intermittent 1 There might be a lot of traffic on the network Look at the LEDs and c...

Page 229: ...ome on Make sure that your telephone is connected to the PHONE port 2 You can also check the VoIP status in the Status screen 3 If the VoIP settings are correct use speed dial to make peer to peer cal...

Page 230: ...Chapter 22 Troubleshooting IAD User s Guide 230...

Page 231: ...rnet ports PHONE Port 2 RJ 11 FXS POTS ports CATV Port 1 F type coaxial connector Antennas 2 attached external dipole antennas 2dBi WPS Button 1 second turn on or off WLAN 5 seconds enable WPS Wi Fi P...

Page 232: ...Phone standards and settings differ from one country to another so the settings on your IAD must be configured to match those of the country you are in The country code feature allows you to do this b...

Page 233: ...orts caller ID which allows you to see the originating number of an incoming call on a phone with a suitable display REN A Ringer Equivalence Number REN is used to determine the number of devices like...

Page 234: ...estination URL Flexible Dial Plan RFC3525 section 7 1 14 Table 76 Standards Supported STANDARD DESCRIPTION RFC 867 Daytime Protocol RFC 868 Time Protocol RFC 1058 RIP 1 Routing Information Protocol RF...

Page 235: ...ptor Specifications North American PLUG standards LEI LEADER ELECTRONICS INC AC Power Adapter Model MU18 2180100 A1 Input Power AC 100 240Volts 50 60Hz 0 6A Output Power DC 18Volts 1A Power Consumptio...

Page 236: ...o avoid damaging pipes or cables located inside the wall when drilling holes for the screws 3 Do not screw the screws all the way into the wall Leave a small gap of about 0 5 cm between the heads of t...

Page 237: ...the back of the IAD with the screws on the wall Hang the IAD on the screws Figure 118 Wall mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall mounting All...

Page 238: ...Chapter 23 Product Specifications IAD User s Guide 238...

Page 239: ...n the development of fiber cables capable of minimizing this light attenuation for as long as physically possible Despite this optical fiber technology remains on the cutting edge of network communica...

Page 240: ...ber ends at an end user s house or somewhere nearby or at a curb side unit Gigabit Ethernet Gigabit Ethernet IEEE 802 3z standard uses Ethernet over copper wire technology to increase network data rat...

Page 241: ...more Optical Network Units ONUs at the subscriber end to receive the data C PON Development As a technology PON has been around for quite some time although it was initially unusable for network commu...

Page 242: ...ion Multiplexing TDM It can utilize both the ATM and Ethernet transport layers but only by emulating them with the Generic Encapsulation Protocol GEM The following table outlines the major differences...

Page 243: ...turn can be split again and again until a certain number of customers have been served However each time a light signal is split each subsequent subsidiary beam is at a markedly lower intensity than...

Page 244: ...administrator Table 80 Applications and Required Bit Rates APPLICATION MINIMUM BIT RATE Voice over Internet Protocol VoIP 16 kbps Full screen Video Conferenceing H 263 384 kbps Basic Web Browsing 1 M...

Page 245: ...l versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sure that your network s compu...

Page 246: ...etting Up Your Computer s IP Address IAD User s Guide 246 1 Click Start Control Panel Figure 121 Windows XP Start Menu 2 In the Control Panel click the Network Connections icon Figure 122 Windows XP C...

Page 247: ...47 3 Right click Local Area Connection and then select Properties Figure 123 Windows XP Control Panel Network Connections Properties 4 On the General tab select Internet Protocol TCP IP and then click...

Page 248: ...t Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP You may a...

Page 249: ...ork Connections right click a network connection click Status and then click the Support tab to view your IP address and connection information Windows Vista This section shows screens from Windows Vi...

Page 250: ...rk And Internet 4 Click Manage network connections Figure 129 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then select Properties Figure 130 Windows Vista Network a...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands