Home
/
ZyXEL Communications
/
P-660HN-F1
/
User Manual

ZyXEL Communications P-660HN-F1, User Manual

Share

Page: 217 / 366

ZyXEL Communications P-660HN-F1 User Manual Download Page 217

Chapter 16 VPN

ADSL Series User’s Guide

217

16.6.6 Negotiation Mode

The phase 1 Negotiation Mode you select determines how the Security Association (SA) will be
established for each connection through IKE negotiations.

• Main Mode ensures the highest level of security when the communicating parties are

negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation,
Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number). This mode
features identity protection (your identity is not revealed in the negotiation).

16.6.7 Remote DNS Server

In cases where you want to use domain names to access Intranet servers on a remote network that
has a DNS server, you must identify that DNS server. You cannot use DNS servers on the LAN or
from the ISP since these DNS servers cannot resolve domain names to private IP addresses on the
remote network

The following figure depicts an example where three VPN tunnels are created from ZyXEL Device A;
one to branch office 2, one to branch office 3 and another to headquarters. In order to access
computers that use private domain names on the headquarters (HQ) network, the ZyXEL Device at
branch office 1 uses the Intranet DNS server in headquarters. The DNS server feature for VPN does
not work with Windows 2000 or Windows XP.

Figure 114

VPN Host using Intranet DNS Server Example

If you do not specify an Intranet DNS server on the remote network, then the VPN host must use IP
addresses to access the computers on the remote network.

Remote

IPSec Router

HQ

10.1.1.1/200

Intranet DNS

10.1.1.10

ISP DNS Servers

212.54.64.170

212.54.54.171

LAN

DNS:212.54.64.170

212.54.64.171

A

VPN DNS: 10.1.1.10

= VPN Tunnel

2

192.168.1.1/50

3

172.16.1.1/50

1

«
...
215
216
217
218
219
...
»

Summary of Contents for P-660HN-F1

Page 1: ...Fx P 660HN Fx P 661HNU Fx x stands for 1 or 3 Copyright 2011 ZyXEL Communications Corporation Firmware Version 3 10 Edition 1 12 2011 Default Login Details IP Address https 192 168 1 1 Admin User Nam...

Page 2: ...Videos ADSL Series User s Guide 2 Videos File Sharing Video Example 55 QoS Video Example 76...

Page 3: ...way It contains information on setting up your network and configuring for Internet access Support Disc Refer to the included CD for support documents Documentation Feedback Send your comments questio...

Page 4: ...ences as well Customer Support Should problems arise that cannot be solved by the methods listed above you should contact your vendor If you cannot contact your vendor then contact a ZyXEL office for...

Page 5: ...ter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bra...

Page 6: ...Document Conventions ADSL Series User s Guide 6 Server Firewall Router Switch...

Page 7: ...n the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocutio...

Page 8: ...Safety Warnings ADSL Series User s Guide 8...

Page 9: ...s 83 Broadband 87 Wireless 105 Home Networking 131 Routing 157 DNS Route 161 Quality of Service QoS 165 Network Address Translation NAT 175 Dynamic DNS 183 Firewall 185 MAC Filter 191 Certificates 193...

Page 10: ...Contents Overview ADSL Series User s Guide 10...

Page 11: ...yXEL Device s USB and Print Server Support 22 1 3 The WPS WLAN Button 23 1 4 Ways to Manage the ZyXEL Device 24 1 5 Good Habits for Managing the ZyXEL Device 25 1 6 The RESET Button 25 Chapter 2 Intro...

Page 12: ...ure 50 3 5 1 Set Up File Sharing 51 3 5 2 Access Your Shared Files From a Computer 54 3 6 Using the Print Server Feature 56 3 7 Configuring the MAC Address Filter for Restricting Wireless Internet Acc...

Page 13: ...e More AP Screen 113 6 3 1 Edit More AP 114 6 4 The WPS Screen 115 6 5 The WMM Screen 117 6 6 Scheduling Screen 118 6 7 Technical Reference 119 6 7 1 Additional Wireless Terms 119 6 7 2 Wireless Secur...

Page 14: ...it DNS Route Edit 162 Chapter 10 Quality of Service QoS 165 10 1 Overview 165 10 1 1 What You Can Do in this Chapter 165 10 1 2 What You Need to Know 165 10 2 The QoS General Screen 166 10 3 The Queue...

Page 15: ...185 13 2 The General Screen 186 13 3 The Services Screen 187 13 4 Firewall Technical Reference 188 13 4 1 Guidelines For Enhancing Security With Your Firewall 188 13 4 2 Security Considerations 188 C...

Page 16: ...d NAT Traversal 214 16 6 4 Encapsulation 215 16 6 5 IKE Phases 216 16 6 6 Negotiation Mode 217 16 6 7 Remote DNS Server 217 16 6 8 ID Type and Content 218 16 6 9 Pre Shared Key 219 16 6 10 Diffie Hell...

Page 17: ...23 1 Overview 237 23 2 The Firmware Screen 237 Chapter 24 Backup Restore 239 24 1 Overview 239 24 2 The Backup Restore Screen 239 24 3 The Reboot Screen 241 Chapter 25 Diagnostic 243 25 1 Overview 243...

Page 18: ...IP Addresses and Subnetting 263 Appendix B Setting Up Your Computer s IP Address 273 Appendix C Pop up Windows Java Script and Java Permissions 303 Appendix D Wireless LANs 311 Appendix E Common Serv...

Page 19: ...19 PART I User s Guide...

Page 20: ...20...

Page 21: ...ctivity U denotes a USB port used to share files via a USB memory stick or a USB hard drive The ZyXEL Device can function as a print server with a USB printer connected Models ending in 1 for example...

Page 22: ...computers For example you could make sure that the ZyXEL Device gives email high priority and or limit bandwidth devoted to the boss s excessive file downloading 1 2 2 Wireless Connection By default t...

Page 23: ...S 1 Make sure the POWER LED is on not blinking 2 Place the devices you want to connect near one another 3 Press the WPS button on top of the ZyXEL Device for more than five seconds and release it to t...

Page 24: ...s to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device Web Configurator This is recommended for everyday management of the ZyXEL Device using a supported web browser...

Page 25: ...ry default settings If you backed up an earlier configuration file you would not have to totally re configure the ZyXEL Device You could simply restore your last configuration Refer to the Quick Start...

Page 26: ...Chapter 1 Introduction ADSL Series User s Guide 26...

Page 27: ...p windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default See Appendix C on page 303 if you...

Page 28: ...ault password Enter a new password retype it to confirm and click Apply alternatively click Skip to proceed to the Connection Status screen if you do not want to change the password now Figure 5 Chang...

Page 29: ...ystem Info to show the following screen Figure 7 Web Configurator Layout Screen As illustrated above the main screen is divided into these parts A title bar B main window C navigation panel 2 2 1 Titl...

Page 30: ...work Setting Broadband Broadband Use this screen to view remove or add a WAN interface You can also configure ISP parameters WAN IP address assignment DNS servers and other advanced properties Wireles...

Page 31: ...certificates to the ZyXEL Device VPN Certificates Use this screen to import certificates and privates keys for VPN Up to 4 certificates can be stored VPN Setup Use this screen to manage VPN settings...

Page 32: ...When you log in to the Web Configurator the following screen opens Figure 8 User Mode Network Map 2 3 2 What You Can Do You can do the following in this mode Use this Navigation Panel to opt out of t...

Page 33: ...network devices connected to the ZyXEL Device by downloading the LLTD Link Layer Topology Discovery patch from the Microsoft Website Note Don t worry if the Network Map does not display in your web b...

Page 34: ...n your wireless LAN is turned on and off Wireless LAN scheduling is disabled by default Table 3 Control Panel ITEM DESCRIPTION Power Saving Click this to schedule the wireless feature of the ZyXEL Dev...

Page 35: ...s Day Select Everyday or the specific days to turn the Wireless LAN on or off If you select Everyday you can not select any specific days This field works in conjunction with the For the following tim...

Page 36: ...Click OK to close this screen Table 5 Content Filter LABEL DESCRIPTION Add Click Add after you have typed a keyword Repeat this procedure to add other keywords Up to 64 keywords are allowed Note The...

Page 37: ...ptive name up to 32 keyboard characters for the wireless LAN Security Mode Select Basic or More Secure to add security on this wireless network The wireless clients which want to associate to this net...

Page 38: ...gital Media Adapters Xboxes or PS3s The media server and the clients must have IP addresses in the same subnet See Section 7 6 on page 142 for more information on the Media Server feature If you would...

Page 39: ...Chapter 2 Introducing the Web Configurator ADSL Series User s Guide 39 Figure 17 Media Server Click OK to close this screen...

Page 40: ...Chapter 2 Introducing the Web Configurator ADSL Series User s Guide 40...

Page 41: ...ng QoS Queue and Class Setup Access the ADSL Device Using DDNS 3 2 Setting Up Your DSL Connection This tutorial shows you how to set up your ADSL settings for Internet connection using the Web Configu...

Page 42: ...e interface type is ADSL and the connection has the following information General Name MyDSLConnection Type ADSL Mode Routing WAN Service Type PPP over Ethernet PPPoE ATM PVC Configuration VPI VCI 36...

Page 43: ...se values and click Apply This completes your DSL WAN connection setting 4 You should see a summary of your new DSL connection setup in the Broadband screen as follows The ADSL WAN interface you just...

Page 44: ...SL Device is labeled A Wireless LAN Setup Note This section shows how to set up the wireless client using two methods using the Microsoft Windows utility and the WPS PIN method Refer to the Quick Star...

Page 45: ...ure as your security level and set security mode to WPA PSK and enter ThisismyWPA PSKpre sharedkey in the Pre Shared Key field Click Apply 6 Click Connection Status System Info Verify your wireless an...

Page 46: ...omputer monitor Click View Available Wireless Networks Tutorial Network Wireless LAN SecuritOpen the Status screen Verify your wireless and wireless security settings under Device Information and chec...

Page 47: ...You should now be securely connected wirelessly to the ADSL Device Tutorial Network Wireless LAN SecuritOpen the Status screen Verify your wireless and wireless security settings under Device Informa...

Page 48: ...panel click Network Setting Wireless WPS 4 Select the Enable check box and click Apply to enable the WPS function 5 Enter the PIN of the other WPS enabled device into the Enter PIN here text box and...

Page 49: ...IP address of 192 168 1 34 Tutorial NAT Port Forwarding Setup You may set up the port settings by configuring the port settings for the Doom server computer see Chapter 11 on page 176 for more inform...

Page 50: ...n can have access to your Doom server 3 5 Using the File Sharing Feature In this section you can Set up file sharing to allow a USB storage device connected to the ADSL Device to be used by all users...

Page 51: ...o certain users enable file sharing and set up your share s 3 5 1 1 Activate File Sharing 1 Connect your USB device to the USB port at the back panel of the ADSL Device 2 In Expert mode click Network...

Page 52: ...the field below for confirmation A password can be any combination of letters and numbers It is case sensitive and it must be between 5 and 15 characters long 3 5 1 3 Set up File Sharing on Your ADSL...

Page 53: ...hare again in the File Sharing screen This time you select the Bob_private folder which contains important files You want to restrict access to the share to certain users Bob77 in this example So sele...

Page 54: ...Explorer to access the file storage devices connected to the ADSL Device Note The examples in this User s Guide show you how to use Microsoft s Windows XP to browse your shared files Refer to your op...

Page 55: ...er name and password Once you access Bob_private via your ADSL Device you do not have to relogin unless you restart your computer 3 5 3 File Sharing Video Example Use Adobe Reader 9 or later to play t...

Page 56: ...ters Add a New Printer Using Windows Add a New Printer Using Macintosh OS X Configure a TCP IP Printer Port This example shows how you can configure a TCP IP printer port This example is done using th...

Page 57: ...1 Click Start Settings then right click on Printers and select Open Tutorial Open Printers Window The Printers folder opens up First you need to open up the properties windows for the printer you want...

Page 58: ...d TCP IP Printer Port Wizard window opens up Click Next to start configuring the printer port Tutorial Add a Port Wizard 7 Enter the IP address of the ADSL Device to which the printer is connected in...

Page 59: ...ct Custom under Device Type and click Settings Tutorial Custom Port Settings 9 Confirm the IP address of the ADSL Device in the IP Address field 10 Select LPR under Protocol 11 Type the LPR queue name...

Page 60: ...ettings and close the wizard window 13 Repeat steps 1 to 12 to add this printer to other computers on your network Add a New Printer Using Windows This example shows how to connect a printer to your A...

Page 61: ...trol Panel Printers and Faxes to open the Printers and Faxes screen Click Add a Printer Tutorial Printers Folder 2 The Add Printer Wizard screen displays Click Next Tutorial Add Printer Wizard Welcome...

Page 62: ...Local or Network Printer 4 Select Create a new port and Standard TCP IP Port Click Next Tutorial Add Printer Wizard Select the Printer Port 5 Add Standard TCP IP Printer Port Wizard window opens up C...

Page 63: ...ss of the port Click Next Note The computer from which you are configuring the TCP IP printer port must be on the same LAN in order to use the printer sharing function Tutorial Enter IP Address of the...

Page 64: ...he printer that you want to connect to the print server in the Manufacturer list of printers 13 Select the printer model from the list of Printers 14 If your printer is not displayed in the list of Pr...

Page 65: ...utton and click Next if you already have a printer driver installed on your computer and you do not want to change it Otherwise select Replace existing driver to replace it with the new driver you sel...

Page 66: ...server by sharing the printer with other users in the same network just select Do not share this printer and click Next to proceed to the following screen Tutorial Add Printer Wizard Printer Sharing 1...

Page 67: ...Complete the following steps to set up a print server driver on your Macintosh computer 1 Click the Print Center icon located in the Macintosh Dock a place holding a series of icons shortcuts at the b...

Page 68: ...ial Utilities Folder 6 Click the Add icon at the top of the screen Tutorial Printer List Folder 7 Set up your printer in the Printer List configuration screen Select IP Printing from the drop down lis...

Page 69: ...n 12 Click Add to select a printer model save and close the Printer List configuration screen Tutorial Printer Model 13 The Name LP1 on 192 168 1 1 displays in the Printer List field The default print...

Page 70: ...he Security MAC Filter screen to grant wireless network access to his computer but not to Josephine s computer 1 Thomas should check the wireless card s MAC address on his computer first For example o...

Page 71: ...fic flowing directions you may connect a router to the ADSL Device s LAN The router may be used to separate two department networks This tutorial shows how to configure a static routing rule for two n...

Page 72: ...from N1 to N2 1 Click Network Setting Static Route Click Add New Static Route 2 Configure the Static Route Setup screen using the following settings Select Active Specify a descriptive name for this r...

Page 73: ...want to prioritize e mail traffic because you have to send important mails and urgent updates to clients very often In the following figure your Internet connection has an upstream transmission bandwi...

Page 74: ...riority queue based on the internal QoS mapping table on the ADSL Device 1 Click Network Setting QoS General and check Active Set your WAN Managed Upstream Bandwidth to 1000 kbps or leave this blank t...

Page 75: ...ueue created in the QoS Queue Setup screen which is the Email queue created in this example From Interface This is the interface from which the traffic will be coming from Select Lan Ether Type Select...

Page 76: ...SL Series User s Guide 76 Tutorial Advanced QoS Monitor 3 9 1 QoS Video Example Use Adobe Reader 9 or later to play this example video You may need to allow playback in Adobe reader and click play aga...

Page 77: ...DDNS If you connect your ADSL Device to the Internet and it uses a dynamic WAN IP address it is inconvenient for you to manage the device from the Internet The ADSL Device s WAN IP address changes dyn...

Page 78: ...org using your account 4 Add a new DDNS host name This tutorial uses the following settings as an example Host name zyxelrouter dyndns org Service Type Host with IP address IP Address Enter the WAN IP...

Page 79: ...able to access the ADSL Device from the Internet To test this 1 Open a web browser on the computer using the IP address a b c d that is connected to the Internet 2 Type http zyxelrouter dyndns org and...

Page 80: ...Chapter 3 Tutorials ADSL Series User s Guide 80...

Page 81: ...81 PART II Technical Reference...

Page 82: ...82...

Page 83: ...look at the current status of the device system resources and interfaces LAN WAN WLAN 4 2 The Connection Status Screen Use this screen to view the network connection status of the device and its clien...

Page 84: ...t click the client s name and then click on Info If you want to change the name or icon of the client click the client s name and then click on Change name icon In List View you can also view the clie...

Page 85: ...ubnet mask in the WAN LAN Information IP Address This field displays the current IP address of the ZyXEL Device in the LAN IP Subnet Mask This field displays the current subnet mask in the LAN DHCP Se...

Page 86: ...active System Up Time This field displays how long the ZyXEL Device has been running since it last started up The ZyXEL Device starts up when you plug it in when you restart it Maintenance Reboot or...

Page 87: ...n this Chapter Use the Broadband screen to view remove or add a WAN interface You can also configure the WAN settings on the ZyXEL Device for Internet access Section 5 2 on page 88 5 1 2 What You Need...

Page 88: ...uses fixed size packets of information called cells With ATM a high QoS Quality of Service can be guaranteed ATM uses a connection oriented model and establishes a virtual circuit VC between two endp...

Page 89: ...y this connection VPI This is the Virtual Path Identifier VPI VCI This is the Virtual Channel Identifier VCI Vlan8021p This indicates the 802 1P priority level assigned to traffic sent through this co...

Page 90: ...1 Broadband Add Edit Routing PPPoE Label DESCRIPTION General Name Enter a service name of the connection Type ADSL The ZyXEL Device uses the ADSL technology for data transmission over the DSL port Mod...

Page 91: ...ment of ATM traffic Enter the VCI assigned to you DSL Link Type The DSL link type is set to EoA Ethernet over ATM to have an Ethernet header in the packet so that you can have multiple services connec...

Page 92: ...on up all the time and specify an idle time out in the Inactivity Timeout field Inactivity Timeout Specify an idle time out in the Inactivity Timeout field when you select Dial on Demand MTU The Maxim...

Page 93: ...en or the Edit icon next to the connection you want to configure Select Routing as the encapsulation mode and IPoE as the WAN service type Figure 24 Broadband Add Edit Routing IPoE Apply Click Apply t...

Page 94: ...igned to you VCI The valid range for the VCI is 32 to 65535 0 to 31 is reserved for local management of ATM traffic Enter the VCI assigned to you DSL Link Type The DSL link type is set to EoA Ethernet...

Page 95: ...ership in a Multicast group it is not used to carry user data Select this option to have the ZyXEL Device act as an IGMP proxy on this connection This allows the ZyXEL Device to get subscribing inform...

Page 96: ...the Edit icon next to the connection you want to configure Select Routing as the encapsulation mode and PPPoA as the WAN service type Figure 25 Broadband Add Edit Routing PPPoA The following table des...

Page 97: ...nnection to have its own MAC address or all connections share one MAC address but use different VLAN IDs for different services EoA supports IPoE PPPoE and RFC1483 2684 bridging encapsulation methods...

Page 98: ...ess MTU The Maximum Transmission Unit MTU defines the size of the largest packet allowed on an interface or connection Enter the MTU in this field For PPPoA and the default MTU is 1492 Routing Feature...

Page 99: ...AT on traffic from the selected LAN port s Bridge Group Select the LAN WLAN port s from which traffic will be forwarded to the WAN interface directly Select a port from the Available LAN WLAN Port s l...

Page 100: ...of multiplexing used by your is LLC SNAP BRIDGING In LCC encapsulation bridged PDUs are encapsulated by identifying the type of the bridged media in the SNAP header Service Category Select UBR Withou...

Page 101: ...er to RFC 1661 for more information on PPP RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 AAL5 The first method allows multiplexing of multiple pro...

Page 102: ...up to the MBS can be sent at the PCR again If the PCR SCR or MBS is set to the default of 0 the system will assign a maximum value that correlates to your upstream line rate The following figure illu...

Page 103: ...allows a physical network to be partitioned into multiple logical networks Devices on a logical network belong to one group A device can belong to more than one group With VLAN a device cannot directl...

Page 104: ...signment Use Domain Name System DNS to map a domain name to its corresponding IP address and vice versa for instance the IP address of www zyxel com is 204 217 0 2 The DNS server is extremely importan...

Page 105: ...6 on page 118 You don t necessarily need to use all these screens to set up your wireless connection For example you may just want to set up a network name a wireless radio channel and some security...

Page 106: ...elevision channels each wireless network uses a specific channel or frequency to send and receive information Every device in the same wireless network must use security compatible with the AP Securit...

Page 107: ...p your network and then add the non WPS devices manually although this is somewhat more complicated to do What advanced options do you want to configure if any If you want to configure advanced option...

Page 108: ...pliant WLAN devices to associate with the ZyXEL Device Select 802 11n only in 2 4G band to allow only IEEE 802 11n compliant WLAN devices with the same frequency range 2 4 GHz to associate with the Zy...

Page 109: ...of WEP authentication namely Open System Static WEP and Shared Key Shared WEP Open system is implemented for ease of use and when security is not an issue The wireless station and the AP or peer comp...

Page 110: ...pted as long as the wireless client has the correct WEP key for encryption The ZyXEL Device authenticates wireless clients using Shared Key mode that have the correct WEP key Select Shared WEP to have...

Page 111: ...the General screen Select More Secure as the security level Then select WPA PSK or WPA2 PSK from the Security Mode list Figure 32 Wireless General More Secure WPA 2 PSK The following table describes t...

Page 112: ...Then select WPA or WPA2 from the Security Mode list Figure 33 Wireless General More Secure WPA 2 WPA PSK Compatible This field appears when you choose WPA PSK2 as the Security Mode Check this field t...

Page 113: ...rt Number Enter the port number of the external authentication server The default port number is 1812 You need not change this value unless your network administrator instructs you to do so with addit...

Page 114: ...A gray bulb signifies that this SSID is not active SSID An SSID profile is the set of parameters relating to one of the ZyXEL Device s BSSs The SSID Service Set IDentifier identifies the Service Set w...

Page 115: ...ich a wireless device is associated Wireless devices associating to the access point AP must have the same SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Hide...

Page 116: ...hysical button on the outside of device or a menu button similar to the WPS button on this screen Note You must press the other wireless device s WPS button within two minutes of pressing this button...

Page 117: ...less client can connect to the ZyXEL Device through WPS It displays Unconfigured if the ZyXEL Device has not been configured for WPS and wireless clients will not be able to establish a link with the...

Page 118: ...o which makes them run more smoothly Enable WMM Automatic Power Save Deliver APSD Click this to increase battery life for battery powered wireless clients APSD uses a longer beacon interval when trans...

Page 119: ...the information and only people who have been authenticated are given the code key Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 24 Network...

Page 120: ...XEL Device acts like a beacon and regularly broadcasts the SSID in the area You can hide the SSID instead in which case the ZyXEL Device does not broadcast the SSID In addition you should change the d...

Page 121: ...ion 6 7 2 3 on page 121 for information about this For example if the wireless network has a RADIUS server you can choose WPA or WPA2 If users do not log in to the wireless network you can choose no e...

Page 122: ...al 6 7 4 BSS A Basic Service Set BSS exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point AP Intra BSS traffic...

Page 123: ...k by themselves 6 7 6 1 Push Button Configuration WPS Push Button Configuration PBC is initiated by pressing a button on each WPS enabled device and allowing them to connect automatically You do not n...

Page 124: ...section of the AP s configuration interface See the device s User s Guide for how to do this 3 Look for the client s WPS PIN it will be displayed either on the device or in the WPS section of the cli...

Page 125: ...ication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices...

Page 126: ...curity settings it transmits to the enrollee are randomly generated Once a WPS enabled device has connected to another device using WPS it becomes configured A configured wireless client can still act...

Page 127: ...hake with the new client since you must connect to the access point anyway in order to use the network In this case AP1 must be the registrar since it is configured it already has security information...

Page 128: ...enrollees and one registrar you must set up the first enrollee by pressing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the s...

Page 129: ...this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open...

Page 130: ...Chapter 6 Wireless ADSL Series User s Guide 130...

Page 131: ...e DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN Section 7 3 on page 136 Use the UPnP screen to enable UPnP Section 7 4 on page 137 Use the File Sharing scree...

Page 132: ...k 7 1 2 2 About UPnP How do I know if I m using UPnP UPnP hardware is identified as an icon in the Network Connections folder Windows XP Each UPnP compatible device installed on your network will appe...

Page 133: ...ows or Linux have different file systems The file sharing feature on your ZyXEL Device supports File Allocation Table FAT FAT32 and New Technology File System NTFS Common Internet File System The ZyXE...

Page 134: ...d on your computer the port number is used to identify which process running on your computer it is intended for Line Printer Remote Protocol The Line Printer Remote LPR Protocol is software that prov...

Page 135: ...ur ZyXEL Device automatically computes the subnet mask based on the IP address you enter so do not change this field unless you are instructed to do so DHCP Server State DHCP Select Enable to have you...

Page 136: ...if you have the IP address of a DNS server Enter the DNS server s IP address in the field to the right If you chose User Defined but leave the IP address set to 0 0 0 0 User Defined changes to None af...

Page 137: ...al notation A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory This address follows an industry standard that ensures no other adapter has a s...

Page 138: ...hich is connected to the ZyXEL Device Figure 49 File Sharing Overview The ZyXEL Device will not be able to join the workgroup if your local area network has restrictions set up that do not allow devic...

Page 139: ...ing Each field is described in the following table Table 31 Network Setting Home Networking File Sharing LABEL DESCRIPTION Server Configuration File Sharing Services SMB Select Enable to activate file...

Page 140: ...hows whether or not the user is able to access shares on your network User Name This field displays the users that have been added to the ZyXEL Device s Account Management screen Modify Click the Edit...

Page 141: ...users If you select this option two lists will appear below and you must select from those lists which users can access the share Available Users This list shows all the users that you have created on...

Page 142: ...media clients like the DMA 2500 to play the files Note Anyone on your network can play the media files in the published shares No user name and password or other form of security is used The media ser...

Page 143: ...er already installed on your computer The computers on your network must have the printer software already installed before they can create a TCP IP port for printing via the network Follow your print...

Page 144: ...igure 57 LAN and WAN IP Addresses DHCP Setup DHCP Dynamic Host Configuration Protocol RFC 2131 and RFC 2132 allows individual clients to obtain TCP IP configuration at start up from a server You can c...

Page 145: ...he Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select 192 168 1...

Page 146: ...low the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of IP Address Space ZyXEL D...

Page 147: ...HP Laserjet 1200 HP Laserjet 2200D HP Laserjet 2420 HP Color Laserjet 1500L HP Laserjet 3015 HP Officejet 4255 HP Officejet 5510 HP Officejet 5610 HP Officejet 7210 HP Officejet Pro L7380 HP Photosmar...

Page 148: ...indows Me 1 Click Start and Control Panel Double click Add Remove Programs 2 Click the Windows Setup tab and select Communication in the Components selection box Click Details Figure 58 Add Remove Pro...

Page 149: ...ed Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click A...

Page 150: ...re 61 Windows Optional Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play check box Figure 62 Networking Services 6 Click OK to go back to the Windows...

Page 151: ...ure the computer is connected to a LAN port of the ZyXEL Device Turn on your computer and the ZyXEL Device Auto discover Your UPnP enabled Network Device 1 Click Start and Control Panel Double click N...

Page 152: ...Chapter 7 Home Networking ADSL Series User s Guide 152 Figure 64 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings...

Page 153: ...ced Settings Figure 66 Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6 Select S...

Page 154: ...onfigurator Easy Access With UPnP you can access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the I...

Page 155: ...r s Guide 155 Figure 69 Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and select Invoke T...

Page 156: ...gure 70 Network Connections My Network Places 6 Right click on the icon for your ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Figure 71...

Page 157: ...Device s LAN interface The ZyXEL Device routes most traffic from A to the Internet through the ZyXEL Device s default gateway R1 You create one static route to connect to services offered by your ISP...

Page 158: ...is not active Status This shows whether the static route is currently in use or not A yellow bulb signifies that this static route is in use A gray bulb signifies that this static route is not in use...

Page 159: ...ost ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address You can decide if you want to forward packets to a gateway IP address or a bound interface If you want to configure Gateway IP Ad...

Page 160: ...Chapter 8 Routing ADSL Series User s Guide 160...

Page 161: ...ain names that do not match any DNS routing entry After the ZyXEL Device receives a DNS reply from a DNS server it creates a new entry for the resolved IP address in the routing table In the following...

Page 162: ...nformation for a DNS route Figure 77 DNS Route Add Edit Table 39 Network Setting DNS Route LABEL DESCRIPTION Add new DNS route Click this to create a new entry This is the number of an individual DNS...

Page 163: ...e wildcard character an asterisk as the left most part of a domain name such as example com The ZyXEL Device forwards DNS queries for any domain name ending in example com to the WAN interface specifi...

Page 164: ...Chapter 9 DNS Route ADSL Series User s Guide 164...

Page 165: ...ow level of jitter variations in delay such as Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video 10 1 1 What You Can Do in this Chapter Use the Ge...

Page 166: ...dd or change the DSCP DiffServ Code Point value IEEE 802 1p priority level and VLAN ID number in a matched packet When the packet passes through a compatible network the networking device such as a ba...

Page 167: ...transmission speed For example set the WAN interface speed to 1200 kbps if your Internet connection has an upstream transmission speed of 100 Mbps Setting this number higher than the interface s actua...

Page 168: ...yXEL Device s interface through which traffic in this queue passes Priority This shows the priority of this queue Weight This shows the weight of this queue Buffer Management This shows the queue mana...

Page 169: ...eues gets through faster while traffic in lower priority queues is dropped if the network is congested Weight Select the weight from 1 to 15 of this queue If two queues have the same priority level th...

Page 170: ...Edit To Queue This is the name of the queue in which traffic of this classifier is put Modify Click the Edit icon to edit the classifier Click the Delete icon to delete an existing classifier Note tha...

Page 171: ...e the criteria for traffic classification Basic From Interface Select whether the traffic class comes from the LAN or a wireless interface Ether Type Select a predefined application to configure a cla...

Page 172: ...s option and enter the minimum and maximum packet length from 46 to 1504 in the fields provided DSCP This field is available only when you select IP in the Ether Type field Select this option and spec...

Page 173: ...ON Monitor Refresh Interval Select how often you want the ZyXEL Device to update this screen Select No Refresh to stop refreshing statistics Status This is the index number of the entry Name This show...

Page 174: ...f service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state i...

Page 175: ...and concepts may help as you read this chapter Inside Outside and Global Local Inside outside denotes where a host is located relative to the ZyXEL Device for example the computers of your subscribers...

Page 176: ...better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports The most often used port numbers and services are shown in Appendix E on p...

Page 177: ...the check box to enable it Service Name This is the service s name This shows User Defined if you manually added a service You can change this by clicking the edit icon WAN Interface This shows the W...

Page 178: ...ies of ports enter the start port number here and the end port number in the External End Port field End Port Enter the last port of the original destination port range To forward only one port enter...

Page 179: ...e SIP VoIP ALG in the ZyXEL Device To access this screen click Network Setting NAT ALG Figure 88 Network NAT ALG The following table describes the fields in this screen Table 49 Network Setting NAT Se...

Page 180: ...n a packet received from a subscriber the inside local address to another the inside global address before forwarding the packet to the WAN side When the response comes back NAT translates the destina...

Page 181: ...UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and then forwards it to the Internet The ZyXEL Device keeps track of the original addresses and port number...

Page 182: ...Chapter 11 Network Address Translation NAT ADSL Series User s Guide 182...

Page 183: ...ur IP address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a doma...

Page 184: ...t the name of your Dynamic DNS service provider Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider Host Name Type the domain name assigned t...

Page 185: ...ion User A can initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figu...

Page 186: ...is not allowed by default unless the remote host is authorized to use a specific service ICMP Internet Control Message Protocol ICMP is a message control and error reporting protocol between a host s...

Page 187: ...block and click Add to add the port to the Blocked Services field A custom port is a service that is not available in the pre defined Available Services list You must define it using the Type and Port...

Page 188: ...nfiguring the firewall may block valid access or introduce security risks to the ZyXEL Device and your protected network Use caution when creating or deleting firewall rules and test your rules after...

Page 189: ...ries User s Guide 189 4 Does this rule conflict with any existing rules Once these questions have been answered adding rules is simply a matter of entering the information into the correct fields in t...

Page 190: ...Chapter 13 Firewall ADSL Series User s Guide 190...

Page 191: ...very Ethernet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need...

Page 192: ...s to the ZyXEL Device MAC addresses not listed will be denied access to the ZyXEL Device If you clear this the MAC Address field for this set clears MAC Address Enter the MAC addresses of the wireless...

Page 193: ...ication Authorities A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign an...

Page 194: ...ware procedures and policies that handles keys is called PKI public key infrastructure Advantages of Certificates Certificates offer the following benefits The ZyXEL Device only has to store the certi...

Page 195: ...llowing procedure describes how to check a certificate s fingerprint to verify that you have the actual certificate 1 Browse to where you have the certificate saved on your computer 2 Make sure that t...

Page 196: ...e Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommende...

Page 197: ...his to replace the certificate s and save your changes back to the ZyXEL Device Reset Click this to clear your settings Table 56 Security Certificates Local Certificates continued LABEL DESCRIPTION Ta...

Page 198: ...authority s certificate change the certificate s name and set whether or not you want the ZyXEL Device to check a certification authority s list of revoked certificates before trusting a certificate...

Page 199: ...to change the name type up to 31 characters to identify this key certificate You may use any character not including spaces Certificate Detail This read only text box displays the certificate or cert...

Page 200: ...the owner of the certificate such as Common Name CN OU Organizational Unit or department Organization O State ST and Country C It is recommended that each certificate have unique subject information...

Page 201: ...ificate Public Key The value provided by a designated authority which combined with a private key can be used to encrypt messages Write the key between BEGIN CERTIFICATE and END CERTIFICATE Private Ke...

Page 202: ...Chapter 15 Certificates ADSL Series User s Guide 202...

Page 203: ...an example of an IPSec VPN tunnel Figure 103 VPN Example 16 1 1 What You Can Do in the VPN Screens Use the Setup screen Section 16 2 on page 205 to view the configured VPN policies and add edit or rem...

Page 204: ...r secure gateway If the remote secure gateway has a static WAN IP address enter it in the Secure Gateway Address field You may alternatively enter the remote secure gateway s domain name if it has one...

Page 205: ...ing figure helps explain the main fields in the web configurator Figure 105 IPSec Summary Fields Local and remote IP addresses must be static Click Security VPN to open the VPN Setup screen This is a...

Page 206: ...at this VPN policy is not active Tunnel Name This field displays the identification name for this VPN policy Local Address This field will display the IP address used by the ZyXEL Device Remote Addres...

Page 207: ...box if you want to set up a VPN tunnel when there are NAT routers between the ZyXEL Device and remote IPSec router The remote IPSec router must also enable NAT traversal and the NAT routers have to fo...

Page 208: ...annot have the local and remote IP address es both the same Two active SAs can have the same local or remote IP address but not both You can configure multiple SAs between the same local and remote IP...

Page 209: ...r to the Secure Gateway Address field description For DNS or E mail type a domain name or e mail address by which to identify the remote IPSec router Use up to 31 ASCII characters including spaces alt...

Page 210: ...N Setup Edit Advanced Setup LABEL DESCRIPTION Advanced Setup Phase 1 Encryption Algorithm Select 3DES AES128 or AES256 from the drop down list box When you use one of these encryption algorithms for d...

Page 211: ...nd a 256 bit key AES is faster than 3DES Authentication Algorithm Select MD5 SHA1 SHA2 256 or SHA2 512 from the drop down list box MD5 Message Digest 5 and SHA1 Secure Hash Algorithm and SHA2 are hash...

Page 212: ...have the ZyXEL Device renegotiate an IPSec SA when the SA lifetime expires even if there is no traffic Figure 109 Security VPN Monitor The following table describes the fields in this screen 16 6 IPS...

Page 213: ...in order to set up a VPN 16 6 2 IPSec and NAT Read this section if you are running IPSec on a host computer behind the ZyXEL Device NAT is incompatible with the AH protocol in both Transport and Tunn...

Page 214: ...AT device between the IPSec endpoints rewrites the source or destination address As a result the VPN device at the receiving end finds a mismatch between the hash value and the data and assumes that t...

Page 215: ...on Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services to provide access to internal systems Tunnel mode is fundamentally a...

Page 216: ...If an IKE SA times out when an IPSec SA is already established the IPSec SA stays connected In phase 2 you must Choose which protocol to use ESP or AH for the IKE key exchange Choose an encryption alg...

Page 217: ...n the LAN or from the ISP since these DNS servers cannot resolve domain names to private IP addresses on the remote network The following figure depicts an example where three VPN tunnels are created...

Page 218: ...ge 210 The ID type and content act as an extra level of identification for incoming SAs The type of ID can be a domain name an IP address or an e mail address The content is the IP address domain name...

Page 219: ...Upon completion of the Diffie Hellman exchange the two peers have a shared secret but the IKE SA is not authenticated For authentication use pre shared keys 16 6 11 Telecommuter VPN IPSec Examples The...

Page 220: ...sses of the rules configured on the telecommuters IPSec routers should not overlap See the following table and figure for an example where three telecommuters each use a different VPN rule for a VPN c...

Page 221: ...Local ID Content 192 168 2 12 Peer ID Content 192 168 2 12 Local IP Address 192 168 2 12 Secure Gateway Address telecommuter1 com Remote Address 192 168 2 12 Telecommuter B telecommuterb dydns org Hea...

Page 222: ...Chapter 16 VPN ADSL Series User s Guide 222...

Page 223: ...s client s Section 17 4 on page 225 17 2 The WAN Status Screen Click System Monitor Traffic Status to open the WAN screen You can view the WAN traffic statistics in this screen Figure 117 System Moni...

Page 224: ...the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 74 System Monitor Traffic Status WAN LABEL DESCRIPTION Ta...

Page 225: ...ror This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 75 System Monitor Traffic Status LAN L...

Page 226: ...Chapter 17 System Monitor ADSL Series User s Guide 226...

Page 227: ...BEL DESCRIPTION User Name You can configure the password for the admin or user account Select admin or user from the drop down list box Old Password Type the default password or the existing password...

Page 228: ...Chapter 18 User Account ADSL Series User s Guide 228...

Page 229: ...ers from the LAN to discover the CPE and configure user specific parameters such as the username and password SSH SCP SFTP Secure Shell SSH is a secure communication protocol that combines authenticat...

Page 230: ...box for the corresponding services that you want to allow access to the ZyXEL Device from the LAN and WLAN WAN Select the Enable check box for the corresponding services that you want to allow access...

Page 231: ...port files the domain name is www zyxel com 20 2 The System Screen Use the System screen to configure the system s host name domain name and inactivity time out interval The Host Name is for identific...

Page 232: ...ave this field blank the ISP may assign a domain name via DHCP The domain name entered by you is given priority over the ISP assigned domain name Administrator Inactivity Timer Type how many minutes a...

Page 233: ...local time zone Figure 123 Maintenance Time Setting The following table describes the fields in this screen Table 80 Maintenance Time Setting LABEL DESCRIPTION Current Date Time Current Time This fiel...

Page 234: ...of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sunday March The time you type in the o cloc...

Page 235: ...ere the ZyXEL Device sends logs and which logs and or immediate alerts the ZyXEL Device records in the Log Setting screen 22 2 The Log Setting Screen To change your ZyXEL Device s log settings click M...

Page 236: ...ng Syslog Server Enter the server name or IP address of the syslog server that will log the selected categories of logs UDP Port Enter the port number used by the syslog server Active Log and Select L...

Page 237: ...r a successful upload the system will reboot Do NOT turn off the ZyXEL Device while firmware upload is in progress Figure 125 Maintenance Firmware Upgrade The following table describes the labels in t...

Page 238: ...network disconnect In some operating systems you may see the following icon on your desktop Figure 127 Network Temporarily Disconnected After two minutes log in again and check your new firmware versi...

Page 239: ...guration appears in this screen as shown next Figure 129 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the ZyXEL Device s current configuration to a f...

Page 240: ...for details on how to set up your computer s IP address If the upload was not successful an error screen will appear Click OK to go back to the Configuration screen Reset to Factory Defaults Click th...

Page 241: ...m restart allows you to reboot the ZyXEL Device remotely without turning the power off You may need to do this if the ZyXEL Device hangs for example Click Maintenance Reboot Click the Reboot button to...

Page 242: ...Chapter 24 Backup Restore ADSL Series User s Guide 242...

Page 243: ...g statistics Section 25 2 on page 243 Use the DSL Line screen to check or reset your DSL connection Section 25 3 on page 244 25 2 The Ping Screen Use this screen to ping an IP address Click Maintenanc...

Page 244: ...d Reassembly SAR driver translates packets into ATM cells It also receives ATM cells and reassembles them into packets These counters are set back to zero whenever the device starts up inPkts is the n...

Page 245: ...This is displayed as the number in hexadecimal format of bits transmitted for each tone This can be used to determine the quality of the connection whether a given sub carrier loop has sufficient mar...

Page 246: ...Chapter 25 Diagnostic ADSL Series User s Guide 246...

Page 247: ...LEDs turn on 1 Make sure the ZyXEL Device is turned on 2 Make sure you are using the power adaptor or cord included with the ZyXEL Device 3 Make sure the power adaptor or cord is connected to the ZyXE...

Page 248: ...owser 3 If this does not work you have to reset the device to its factory defaults See Section 1 6 on page 25 I forgot the password 1 The default admin and user password is 1234 2 If this does not wor...

Page 249: ...u have entered the user name and password correctly The default user name is admin These fields are case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while so...

Page 250: ...Quick Start Guide again 6 If the problem continues contact your ISP I cannot access the Internet through a DSL connection 1 Make sure you configured a proper DSL WAN connection with the Internet acco...

Page 251: ...nt or unstabled wireless connection How can I solve this problem The following factors may cause interference Obstacles walls ceilings furniture and so on Building Materials metal doors aluminum studs...

Page 252: ...curity standard that defines stronger encryption authentication and key management than WPA It requires the use of a RADIUS server and is mostly used in business networks WPA Wi Fi Protected Access WP...

Page 253: ...o Private you may not have permission to see the share s content Open the Web Configurator and make sure you add your user to the list Allow Users in the Add Edit Share screen see Section 3 5 1 3 on p...

Page 254: ...Chapter 26 Troubleshooting ADSL Series User s Guide 254...

Page 255: ...es not have an Ethernet connection with the LAN WLAN WPS Green On The wireless network is activated and is operating in IEEE 802 11b g n mode Blinking The ZyXEL Device is communicating with other wire...

Page 256: ...lt IP Address 192 168 1 1 Default Subnet Mask 255 255 255 0 24 bits Default User Name admin Default Password 1234 DHCP Server IP Pool Starting Address 192 168 1 33 Size 32 Static DHCP Addresses 10 Sta...

Page 257: ...bled device can dynamically join a network obtain an IP address and convey its capabilities to other devices on the network Firewall Your device has a stateful inspection firewall with DoS Denial of S...

Page 258: ...via HTTP Configuration file extraction using CLI SFTP SCP and TR 069 Factory reset vis CLI TR 069 and physical button Telnet for remote management Remote Firmware Upgrade Syslog TR 069 TR 064 TR 068v2...

Page 259: ...802 11g 6 9 12 18 24 36 48 54Mbps 802 11b 1 2 5 5 11Mbps Modulation Technique 802 11n MIMO OFDM BPSK QPSK 16 QAM 64 QAM 802 11g OFDM BPSK QPSK 16 QAM 64 QAM 802 11b CCK DQPSK DBPSK Turn on off WLAN by...

Page 260: ...EE 802 11g Uses the 2 4 gigahertz GHz band IEEE 802 11n Uses the 2 4 gigahertz GHz band IEEE 802 11d Standard for Local and Metropolitan Area Networks Media Access Control MAC Bridges 802 1x Port Base...

Page 261: ...ack of the ZyXEL Device with the screws on the wall Hang the ZyXEL Device on the screws Figure 134 Wall mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall...

Page 262: ...Chapter 27 Product Specifications ADSL Series User s Guide 262...

Page 263: ...are a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host I...

Page 264: ...s part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consis...

Page 265: ...s for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the...

Page 266: ...ible hosts The following figure shows the company network before subnetting Figure 137 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 int...

Page 267: ...8 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to...

Page 268: ...ASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 1...

Page 269: ...1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 101 16 b...

Page 270: ...the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from...

Page 271: ...ple Since a router connects different networks it must have interfaces using different network numbers For example if a router is set between a LAN and the Internet WAN the router s LAN and WAN addres...

Page 272: ...Appendix A IP Addresses and Subnetting ADSL Series User s Guide 272 Figure 141 Conflicting Computer and Router IP Addresses Example...

Page 273: ...versions of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sure that your network s comput...

Page 274: ...Guide 274 Figure 142 Windows XP Start Menu 2 In the Control Panel click the Network Connections icon Figure 143 Windows XP Control Panel 3 Right click Local Area Connection and then select Properties...

Page 275: ...er s IP Address ADSL Series User s Guide 275 4 On the General tab select Internet Protocol TCP IP and then click Properties Figure 145 Windows XP Local Area Connection Properties 5 The Internet Protoc...

Page 276: ...you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided 7 Click OK to close the Internet Protocol TCP IP...

Page 277: ...from Windows Vista Professional 1 Click Start Control Panel Figure 147 Windows Vista Start Menu 2 In the Control Panel click the Network and Internet icon Figure 148 Windows Vista Control Panel 3 Clic...

Page 278: ...Center 5 Right click Local Area Connection and then select Properties Figure 151 Windows Vista Network and Sharing Center Note During this procedure click Continue whenever Windows displays a screen...

Page 279: ...ppendix B Setting Up Your Computer s IP Address ADSL Series User s Guide 279 Figure 152 Windows Vista Local Area Connection Properties 7 The Internet Protocol Version 4 TCP IPv4 Properties window open...

Page 280: ...ou by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced 9 Click OK to close the Internet P...

Page 281: ...e 1 Click Start Control Panel Figure 154 Windows 7 Start Menu 2 In the Control Panel click View network status and tasks under the Network and Internet category Figure 155 Windows 7 Control Panel 3 Cl...

Page 282: ...er s Guide 282 Figure 157 Windows 7 Local Area Connection Status Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue 5 Select...

Page 283: ...Appendix B Setting Up Your Computer s IP Address ADSL Series User s Guide 283 Figure 158 Windows 7 Local Area Connection Properties 6 The Internet Protocol Version 4 TCP IPv4 Properties window opens...

Page 284: ...tatic IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Adva...

Page 285: ...0 Windows 7 Internet Protocol Version 4 TCP IPv4 Properties Mac OS X 10 3 and 10 4 The screens in this section are from Mac OS X 10 4 but can also apply to 10 3 1 Click Apple System Preferences Figure...

Page 286: ...0 4 System Preferences 3 When the Network preferences pane opens select Built in Ethernet from the network connection type list and then click Configure Figure 163 Mac OS X 10 4 Network Preferences 4...

Page 287: ...Mac OS X 10 4 Network Preferences TCP IP Tab 5 For statically assigned settings do the following From the Configure IPv4 list select Manually In the IP Address field type your IP address In the Subnet...

Page 288: ...thernet 6 Click Apply Now and close the window Verifying Settings Check your TCP IP properties by clicking Applications Utilities Network Utilities and then selecting the appropriate Network Interface...

Page 289: ...ide 289 1 Click Apple System Preferences Figure 167 Mac OS X 10 5 Apple Menu 2 In System Preferences click the Network icon Figure 168 Mac OS X 10 5 Systems Preferences 3 When the Network preferences...

Page 290: ...et 4 From the Configure list select Using DHCP for dynamically assigned settings 5 For statically assigned settings do the following From the Configure list select Manually In the IP Address field ent...

Page 291: ...uide 291 Figure 170 Mac OS X 10 5 Network Preferences Ethernet 6 Click Apply and close the window Verifying Settings Check your TCP IP properties by clicking Applications Utilities Network Utilities a...

Page 292: ...ic distribution release version and individual configuration The following screens use the default Ubuntu 8 installation Note Make sure you are logged in as the root administrator Follow the steps bel...

Page 293: ...Network Settings Connections 3 In the Authenticate window enter your admin account name and password then click the Authenticate button Figure 174 Ubuntu 8 Administrator Account Authentication 4 In t...

Page 294: ...uration DHCP if you have a dynamic IP address In the Configuration list select Static IP address if you have a static IP address Fill in the IP address Subnet mask and Gateway address fields 6 Click O...

Page 295: ...ettings DNS 8 Click the Close button to apply the changes Verifying Settings Check your TCP IP properties by clicking System Administration Network Tools and then selecting the appropriate Network dev...

Page 296: ...ent KDE using the openSUSE 10 3 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following...

Page 297: ...Figure 179 openSUSE 10 3 K Menu Computer Menu 2 When the Run as Root KDE su dialog opens enter the admin password and click OK Figure 180 openSUSE 10 3 K Menu Computer Menu 3 When the YaST Control Ce...

Page 298: ...enSUSE 10 3 YaST Control Center 4 When the Network Settings window opens click the Overview tab select the appropriate connection Name from the list and then click the Configure button Figure 182 open...

Page 299: ...amic IP address Select Statically assigned IP Address if you have a static IP address Fill in the IP address Subnet mask and Hostname fields 7 Click Next to save the changes and close the Network Card...

Page 300: ...gs and close the window Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP IP properties From the Options sub menu select Show Connection Information Figure 185 openS...

Page 301: ...Appendix B Setting Up Your Computer s IP Address ADSL Series User s Guide 301 Figure 186 openSUSE Connection Status KNetwork Manager...

Page 302: ...Appendix B Setting Up Your Computer s IP Address ADSL Series User s Guide 302...

Page 303: ...g to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up...

Page 304: ...Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer...

Page 305: ...de 305 Figure 189 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to mov...

Page 306: ...lay properly in Internet Explorer check that JavaScript are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 191 Internet Options Security 2 Click the Custo...

Page 307: ...192 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 U...

Page 308: ...Series User s Guide 308 Figure 193 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun...

Page 309: ...ed here Screens for other versions may vary You can enable Java JavaScript and pop ups in one screen Click Tools then click Options in the screen that appears Figure 195 Mozilla Firefox Tools Options...

Page 310: ...Appendix C Pop up Windows Java Script and Java Permissions ADSL Series User s Guide 310...

Page 311: ...endent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 197 Peer to Peer Communication in an Ad hoc Net...

Page 312: ...red connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired networ...

Page 313: ...ially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 chan...

Page 314: ...quest To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra netw...

Page 315: ...e The wireless devices MUST use the same preamble mode in order to communicate IEEE 802 11g Wireless LAN IEEE 802 11g is fully compatible with the IEEE 802 11b standard This means an IEEE 802 11b adap...

Page 316: ...user profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no chang...

Page 317: ...etwork security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password informatio...

Page 318: ...makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority...

Page 319: ...ey that only requires a single identical password entered into each access point wireless gateway and wireless client As long as the passwords match a wireless client will be granted access to a WLAN...

Page 320: ...ommon password approach makes WPA 2 PSK susceptible to brute force password guessing attacks but it s still an improvement over WEP as it employs a consistent single alphanumeric password to derive a...

Page 321: ...DIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys The keys are used to encrypt every...

Page 322: ...couples RF signals onto air A transmitter within a wireless device sends an RF signal to the antenna which propagates the signal through the air The antenna also operates in reverse by capturing RF si...

Page 323: ...e two types of antennas used for wireless LAN applications Omni directional antennas send the RF signal out in all directions on a horizontal plane The coverage area is torus shaped like a donut which...

Page 324: ...devices you want to set up are within wireless range of one another 2 Look for a WPS button on each device If the device does not have one log into its configuration utility and locate the button see...

Page 325: ...tion mode not the PBC connection mode Locate the place where you can enter the enrollee s PIN if you are using the ZyXEL Device see Section 6 4 on page 115 Enter the PIN from the enrollee device 4 Act...

Page 326: ...cation Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices...

Page 327: ...d the security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has connected to another device using WPS it becomes configured A configured wireless client can s...

Page 328: ...registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 Figure 206 WPS Example Network Step 2 In step 3 you add...

Page 329: ...or WPA2 PSK depends on the device You can check the configuration interface of the registrar device to discover the key the network is using if the device supports this feature Then you can enter the...

Page 330: ...or was not involved in the WPS handshake a rogue device must still associate with the access point to gain access to the network Check the MAC addresses of your wireless clients usually printed on a l...

Page 331: ...ations that use this service or the situations in which this service is used Table 106 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authenticati...

Page 332: ...k environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING User Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo...

Page 333: ...te Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller A...

Page 334: ...Appendix E Common Services ADSL Series User s Guide 334...

Page 335: ...BLE LICENSE TERMS OF SUCH THIRD PARTY NONE OF THE STATEMENTS OR DOCUMENTATION FROM ZYXEL INCLUDING ANY RESTRICTIONS OR CONDITIONS STATED IN THIS END USER LICENSE AGREEMENT SHALL RESTRICT ANY RIGHTS AN...

Page 336: ...certain third party software as a convenience To the extent that the Software contains third party software ZyXEL has no express or implied obligation to provide any technical or other support for suc...

Page 337: ...NG REASONABLE ATTORNEYS FEES TO THE EXTENT SUCH CLAIMS ARISE OUT OF ANY BREACH OF THIS SECTION 8 9 Audit Rights ZyXEL SHALL HAVE THE RIGHT AT ITS OWN EXPENSE UPON REASONABLE PRIOR NOTICE TO PERIODICAL...

Page 338: ...n herein is subject to change without notice Companies names and data used in examples herein are fictitious unless otherwise noted No part may be reproduced or transmitted in any form or by any means...

Page 339: ...software patents We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses in effect making the program proprietary To prevent this we have made it cl...

Page 340: ...dless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distrib...

Page 341: ...e conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribu...

Page 342: ...URPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 12 IN NO EVEN...

Page 343: ...stributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this lis...

Page 344: ...the following disclaimer in the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES...

Page 345: ...and that you are informed that you can do these things To protect your rights we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights The...

Page 346: ...other cases permission to use a particular library in non free programs enables a greater number of people to use a large body of free software For example permission to use the GNU C Library in non f...

Page 347: ...s and performs whatever part of its purpose remains meaningful For example a function in a library to compute square roots has a purpose that is entirely well defined independent of the application Th...

Page 348: ...the Library with the Library to produce a work containing portions of the Library and distribute that work under terms of your choice provided that the terms permit modification of the work for the c...

Page 349: ...the Library you indicate your acceptance of this License to do so and all its terms and conditions for copying distributing or modifying the Library or works based on it 10 Each time you redistribute...

Page 350: ...e which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free s...

Page 351: ...nditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display th...

Page 352: ...RTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMI...

Page 353: ...de not just the SSL code The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson tjh cryptsoft com Copyright remains Eric Youn...

Page 354: ...s product includes software written by Tim Hudson tjh cryptsoft com THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANT...

Page 355: ...Appendix F Open Software Announcements ADSL Series User s Guide 355...

Page 356: ...Appendix F Open Software Announcements ADSL Series User s Guide 356...

Page 357: ...he terms and conditions of any related service providers Certifications Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject...

Page 358: ...rom other transmitters to prevent simultaneous transmission with nearby devices Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user s au...

Page 359: ...ply if the product has been modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclus...

Page 360: ...Appendix G Legal Information ADSL Series User s Guide 360...

Page 361: ...ication 119 121 RADIUS server 121 automatic logout 28 B backup configuration 239 bandwidth management 165 Basic Service Set see BSS Broadband 87 broadcast 103 BSS 122 311 example 122 C CA 193 318 CBR...

Page 362: ...NS wildcard 183 E EAP Authentication 317 Encapsulation 100 MER 100 PPP over Ethernet 100 encapsulation 87 215 RFC 1483 101 encryption 121 319 ESP 213 ESS 312 Extended Service Set IDentification 108 11...

Page 363: ...gin passwords 27 logout 28 automatic 28 logs 223 235 M MAC 85 191 MAC address 137 filter 120 MAC address filtering 191 MAC filter 191 managing the device good habits 25 using FTP See FTP Maximum Burst...

Page 364: ...protocol 87 PSK 320 Push Button Configuration see PBC push button WPS 123 Q QoS 165 174 Quality of Service see QoS Quick Start Guide 27 R RADIUS 316 message types 317 messages 317 shared secret key 3...

Page 365: ...gment 119 RTS CTS 119 TKIP 319 traffic shaping 101 trusted CAs and certificates 197 tunnel mode 215 tutorial wireless 44 U unicast 103 Universal Plug and Play see UPnP upgrading firmware 237 UPnP 137...

Page 366: ...123 push button 123 wireless network example 105 wireless security 315 WLAN 105 auto scan channel 108 interference 313 passphrase 110 scheduling 118 security parameters 322 see also wireless WEP 110...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands