background image

 Chapter 7 Wireless

VMG3925-B10C/B30C User’s Guide

121

7.10.6.1  Notes on Multiple BSSs

• A maximum of eight BSSs are allowed on one AP simultaneously.
• You must use different keys for different BSSs. If two wireless devices have different BSSIDs (they are in 

different BSSs), but have the same keys, they may hear each other’s communications (but not 
communicate with each other).

• MBSSID should not replace but rather be used in conjunction with 802.1x security.

7.10.7  Preamble Type

Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the 
synchronization field in a packet.

Short preamble increases performance as less time sending preamble means more time for sending 
data. All IEEE 802.11 compliant wireless adapters support long preamble, but not all support short 
preamble. 

Use long preamble if you are unsure what preamble mode other wireless devices on the network 
support, and to provide more reliable communications in busy wireless networks. 

Use short preamble if you are sure all wireless devices on the network support it, and to provide more 
efficient communications.

Use the dynamic setting to automatically use short preamble when all wireless devices on the network 
support it, otherwise the VMG uses long preamble.

Note: The wireless devices MUST

 

use the same preamble mode in order to communicate.

7.10.8  WiFi Protected Setup (WPS)

Your VMG supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless 
network. WPS is an industry standard specification, defined by the WiFi Alliance.

WPS allows you to quickly set up a wireless network with strong security, without having to configure 
security settings manually. Each WPS connection works between two devices. Both devices must 
support WPS (check each device’s documentation to make sure). 

Depending on the devices you have, you can either press a button (on the device itself, or in its 
configuration utility) or enter a PIN (a unique Personal Identification Number that allows one device to 
authenticate the other) in each of the two devices. When WPS is activated on a device, it has two 
minutes to find another device that also has WPS activated. Then, the two devices connect and set up 
a secure network by themselves.

7.10.8.1  Push Button Configuration

WPS Push Button Configuration (PBC) is initiated by pressing a button on each WPS-enabled device, and 
allowing them to connect automatically. You do not need to enter any information. 

Not every WPS-enabled device has a physical WPS button. Some may have a WPS PBC button in their 
configuration utilities instead of or in addition to the physical button.

Take the following steps to set up WPS using the button.

Summary of Contents for VMG3925-B10C

Page 1: ... Guide VMG3925 B10C B30C Dual Band Wireless AC N VDSL2 Combo WAN Gateway Copyright 2018 Zyxel Communications Corporation LAN IP Address http 192 168 1 1 User Name admin Password See the device label Version 5 13 Edition 1 03 2018 ...

Page 2: ...aphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the VMG and access the Web Configurator More Information Go to support zyxel com to find other i...

Page 3: ...red to as the VMG in this guide Product labels screen names field labels and field choices are all in bold font A right angle bracket within a screen name denotes a mouse click For example Network Setting Broadband means you first click Network Setting in the navigation panel then the Broadband sub menu to get to that screen Icons Used in Figures Figures in this user guide may use the following ge...

Page 4: ...lity of Service QoS 153 Network Address Translation NAT 171 Dynamic DNS Setup 188 IGMP MLD 192 Vlan Group 195 Interface Group 198 USB Service 203 Firewall 209 MAC Filter 217 Parental Control 219 Scheduler Rule 224 Certificates 226 Log 233 Traffic Status 236 ARP Table 240 Routing Table 242 Multicast Status 244 xDSL Statistics 246 WLAN Station Status 248 Cellular Statistics 250 System 252 User Accou...

Page 5: ...Contents Overview VMG3925 B10C B30C User s Guide 5 Log Setting 264 Firmware Upgrade 267 Backup Restore 270 Diagnostic 273 Troubleshooting 280 Appendices 287 ...

Page 6: ... Ways to Manage the VMG 20 1 3 Good Habits for Managing the VMG 21 1 4 Hardware 21 1 4 1 Front Panel 21 1 4 2 LEDs Lights 21 1 4 3 Side Panel 23 1 4 4 Using the WLAN and WPS Buttons 24 1 4 5 Rear Panel 24 1 4 6 The RESET Button 25 Chapter 2 The Web Configurator 26 2 1 Overview 26 2 1 1 Accessing the Web Configurator 26 2 2 Web Configurator Layout 28 2 2 1 Title Bar 28 2 2 2 Navigation Panel 29 Cha...

Page 7: ... VMG 56 4 6 2 Using Windows Media Player 56 4 6 3 Using a Digital Media Adapter 58 4 7 Configuring Static Route for Routing to Another Network 59 4 8 Configuring QoS Queue and Class Setup 62 4 9 Access the VMG Using DDNS 65 4 9 1 Registering a DDNS Account on www dyndns org 65 4 9 2 Configuring DDNS on Your VMG 66 4 9 3 Testing the DDNS Setting 66 4 10 Configuring the MAC Address Filter 66 4 11 Ac...

Page 8: ...7 8 The Channel Status Screen 112 7 9 The WLAN Scheduler Screen 113 7 9 1 Add a New Rule 114 7 10 Technical Reference 115 7 10 1 Wireless Network Overview 115 7 10 2 Additional Wireless Terms 117 7 10 3 Wireless Security Overview 117 7 10 4 Signal Problems 119 7 10 5 BSS 120 7 10 6 MBSSID 120 7 10 7 Preamble Type 121 7 10 8 WiFi Protected Setup WPS 121 Chapter 8 Home Networking 128 8 1 Overview 12...

Page 9: ...Screen 151 Chapter 10 Quality of Service QoS 153 10 1 Overview 153 10 1 1 What You Can Do in this Chapter 153 10 2 What You Need to Know 154 10 3 The Quality of Service General Screen 155 10 4 The Queue Setup Screen 156 10 4 1 Adding a QoS Queue 158 10 5 The Classification Setup Screen 159 10 5 1 Add Edit QoS Class 159 10 6 The QoS Shaper Setup Screen 163 10 6 1 Add Edit a QoS Shaper 164 10 7 The ...

Page 10: ...NAT Application 185 Chapter 12 Dynamic DNS Setup 188 12 1 Overview 188 12 1 1 What You Can Do in this Chapter 188 12 1 2 What You Need To Know 188 12 2 The DNS Entry Screen 189 12 2 1 Add Edit DNS Entry 189 12 3 The Dynamic DNS Screen 190 Chapter 13 IGMP MLD 192 13 1 Overview 192 13 1 1 What You Need To Know 192 13 2 The IGMP MLD Screen 192 Chapter 14 Vlan Group 195 14 1 Overview 195 14 1 1 What Y...

Page 11: ...iew 209 17 1 1 What You Can Do in this Chapter 209 17 1 2 What You Need to Know 210 17 2 The Firewall Screen 210 17 3 The Protocol Screen 211 17 3 1 Add Edit a Service 212 17 4 The Access Control Screen 213 17 4 1 Add Edit an ACL Rule 214 17 5 The DoS Screen 215 Chapter 18 MAC Filter 217 18 1 Overview 217 18 2 The MAC Filter Screen 217 Chapter 19 Parental Control 219 19 1 Overview 219 19 2 The Par...

Page 12: ... 1 1 What You Can Do in this Chapter 233 22 1 2 What You Need To Know 233 22 2 The System Log Screen 234 22 3 The Security Log Screen 235 Chapter 23 Traffic Status 236 23 1 Overview 236 23 1 1 What You Can Do in this Chapter 236 23 2 The WAN Status Screen 236 23 3 The LAN Status Screen 237 23 4 The NAT Status Screen 238 Chapter 24 ARP Table 240 24 1 Overview 240 24 1 1 How ARP Works 240 24 2 ARP T...

Page 13: ...0 1 Overview 252 30 2 The System Screen 252 Chapter 31 User Account 253 31 1 Overview 253 31 2 The User Account Screen 253 31 2 1 The User Account Add Edit Screen 254 Chapter 32 Remote Management 255 32 1 Overview 255 32 2 The Remote MGMT Screen 255 32 3 The Trust Domain Screen 256 32 4 The Add Trust Domain Screen 257 Chapter 33 SNMP 258 33 1 Overview 258 33 2 The SNMP Screen 258 Chapter 34 Time S...

Page 14: ... 38 Backup Restore 270 38 1 Overview 270 38 2 The Backup Restore Screen 270 38 3 The Reboot Screen 272 Chapter 39 Diagnostic 273 39 1 Overview 273 39 1 1 What You Can Do in this Chapter 273 39 2 What You Need to Know 273 39 3 Ping TraceRoute NsLookup 274 39 4 802 1ag 274 39 5 802 3ah 276 39 6 OAM Ping 277 Chapter 40 Troubleshooting 280 40 1 Power Hardware Connections and LEDs 280 40 2 VMG Access a...

Page 15: ...Table of Contents VMG3925 B10C B30C User s Guide 15 Appendix A Customer Support 288 Appendix B Wireless LANs 294 Appendix C IPv6 307 Appendix D Services 315 Appendix E Legal Information 319 Index 326 ...

Page 16: ...16 PART I User s Guide ...

Page 17: ...t provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack You can have multiple WAN services over one ADSL or VDSL The VMG cannot work in ADSL and VDSL mode at the same time Note The ADSL and VDSL lines share the same WAN layer 2 interfaces that you configure in the VMG Refer to Section 6 2 on page 79 for the Network Setting Broadban...

Page 18: ...Ethernet connection and still use the QoS Firewall and parental control functions on the VMG Figure 2 VMG s Internet Access Application Ethernet WAN 1 1 1 2 WAN Priority The WAN connection priority is as follows 1 Ethernet WAN DSL If you have a DSL connection and Ethernet WAN connection at the same time go to the Status screen to see which connection is up 2 Cellular WAN 3G See Section 1 1 3 on pa...

Page 19: ...twork The cellular WAN connection is a backup in case the wired DSL or Ethernet WAN connection fails To set up a cellular connection click Network Setting Broadband Cellular Backup To update the supported cellular USB dongle list download the latest WWAN package from the Zyxel website and upload it to the VMG using the Maintenance Firmware Upgrade screen Figure 4 Internet Access Application Cellul...

Page 20: ...nd photos from a USB device B connected to the VMG s USB port without having to copy them to another computer Figure 6 USB Media Server Application 1 2 Ways to Manage the VMG Use any of the following methods to manage the VMG Web Configurator This is recommended for everyday management of the VMG using a supported web browser TR 069 This is an auto configuration server used to remotely configure y...

Page 21: ...Back up the configuration and make sure you know how to restore it Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes If you forget your password you will have to reset the VMG to its factory default settings If you backed up an earlier configuration file you would not have to totally re configure the VMG You could simply restore your last confi...

Page 22: ...tion was successfully completed if used and the DSL connection is up Blinking The VMG is sending or receiving IP traffic Off There is no Internet connection or the gateway is in bridged mode Red On The VMG attempted to make an IP connection but failed Possible causes are no response from a DHCP server no PPPoE response PPPoE authentication failed WAN Green On The VMG has a successful 10 100 1000 M...

Page 23: ...ess clients Amber Blinking The VMG is setting up a WPS connection with a 5 GHz wireless client Off The 5 GHz wireless network is not activated USB Green On The VMG recognizes a USB connection through the USB1 slot Blinking The VMG is sending receiving data to from the USB device connected to it Off The VMG does not detect a USB connection through the USB1 slot Table 1 LED Descriptions continued LE...

Page 24: ...the WPS button on another WPS enabled device within range of the VMG The 2 4G WLAN WPS or 5G WLAN WPS LED flashes orange while the VMG sets up a WPS connection with the other wireless device 4 Once the connection is successfully made the 2 4G WLAN WPS or 5G WLAN WPS LED shines green To turn off the wireless network press the WLAN button for two to five seconds The 2 4G WLAN WPS or 5G WLAN WPS LED ...

Page 25: ...ing 2 To set the device back to the factory default settings press the RESET button for more than five seconds or until the PWR SYS LED begins to blink and then release it When the PWR SYS LED begins to blink the defaults have been restored and the device restarts Rear Panel Ports LABEL DESCRIPTION DSL Connect a RJ 11 cable to the DSL port for Internet access LAN1 LAN4 Connect computers or other E...

Page 26: ...ript enabled by default Java permissions enabled by default 2 1 1 Accessing the Web Configurator 1 Make sure your VMG hardware is properly connected refer to the Quick Start Guide 2 Launch your web browser If the VMG does not automatically re direct you to the login screen go to http 192 168 1 1 3 A password screen displays To access the administrative web configurator and manage the VMG type the ...

Page 27: ...s Guide 27 Figure 12 Change Password Screen 5 configure basic Internet access and wireless settings The Network Map page appears Figure 13 Network Map 6 Click Status to display the Status screen where you can view the VMG s interface and system information ...

Page 28: ...n panel 2 2 1 Title Bar The title bar provides some icons in the upper right corner The icons provide the following functions C A B Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Language Select the language you prefer Quick Start Click this icon to open screens where you can configure the VMG s time zone Internet access and wireless settings Logout Click this icon to log out of ...

Page 29: ...enable or disable Wi Fi MultiMedia WMM Others Use this screen to configure advanced wireless settings Channel Status Use this screen to scan wireless LAN channel noises and view the results WLAN Scheduler Use this screen to schedule the times the Wireless LAN is enabled Home Networking LAN Setup Use this screen to configure LAN TCP IP settings and other advanced properties Static DHCP Use this scr...

Page 30: ...Use this screen to configure multicast settings IGMP for IPv4 and MLD for IPv6 multicast groups on the WAN Vlan Group Vlan Group Use this screen to group and tag VLAN IDs to outgoing traffic from the specified interface Interface Grouping Interface Grouping Use this screen to map a port to a PVC or bridge group USB Service File Sharing Use this screen to enable file sharing via the VMG Media Serve...

Page 31: ...n the VMG MLD Status Use this screen to view the status of all MLD settings on the VMG xDSL Statistics xDSL Statistics Use this screen to view the VMG s xDSL traffic statistics WLAN Station Status WLAN Station Status Use this screen to view the wireless stations that are currently associated to the VMG Cellular Statistics Cellular Statistics Use this screen to look at 3G Internet connection status...

Page 32: ...f Diagnostic Ping Traceroute Nslookup Use this screen to identify problems with the DSL connection You can use Ping TraceRoute or Nslookup to help you identify problems 802 1ag Use this screen to configure CFM Connectivity Fault Management MD maintenance domain and MA maintenance association perform connectivity tests and view test reports 802 3ah Use this screen to configure link OAM port paramet...

Page 33: ...tion on the features in this chapter 3 2 Quick Start Setup 1 The Quick Start Wizard appears automatically after login Or you can click the QuickClick Start icon in the top right corner of the web configurator to open the quick start screens Select the time zone of your location Click Next Figure 15 Quick Start Welcome 2 Enter your Internet connection information in this screen The screen and field...

Page 34: ... Internet Connection 3 Turn the wireless LAN on or off If you keep it on record the security settings so you can configure your wireless clients to connect to the VMG Click Save Figure 17 Quick Start Wireless 4 Your VMG saves your settings and attempts to connect to the Internet ...

Page 35: ...oS Queue and Class Setup see page 62 Access the VMG Using DDNS see page 65 Configuring the MAC Address Filter see page 66 Access Your Shared Files From a Computer see page 68 4 2 Setting Up an ADSL PPPoE Connection This tutorial shows you how to set up an ADSL Internet connection using the Web Configurator If you connect to the Internet through an ADSL connection use the information from your Inte...

Page 36: ...e provider 5 Configure this rule as your default Internet connection by selecting the Apply as Default Gateway check box Then select DNS as Static and enter the DNS server addresses provided to you such as 192 168 5 2 DNS server1 192 168 5 1 DNS server2 6 Leave the rest of the fields to the default settings 7 Click Apply to save your settings General Name MyDSLConnection Type ADSL Connection Mode ...

Page 37: ...Chapter 4 Tutorials VMG3925 B10C B30C User s Guide 37 8 You should see a summary of your new DSL connection setup in the Broadband screen as follows ...

Page 38: ...et In this wireless network the VMG serves as an access point AP and the notebook is the wireless client The wireless client can access the Internet through the AP Thomas has to configure the wireless network settings on the VMG Then he can set up a wireless network using WPS Section 4 3 2 on page 40 or manual configuration Section 4 3 3 on page 43 4 3 1 Configuring the Wireless Network Settings T...

Page 39: ...eless to open the General screen Select More Secure as the security level and WPA2 PSK as the security mode Configure the screen using the provided parameters see page 38 Click Apply 2 Go to the Wireless Others screen and select 802 11b g n Mixed in the 802 11 Mode field Click Apply ...

Page 40: ...ton Configuration PBC 1 Make sure that your VMG is turned on and your Android 4 42 smartphone is within the cover range of the wireless signal 2 WPS is enabled by default on the VMG If not log into VMG s Web Configurator and turn it on in the Network Setting Wireless WPS screen You can either press the WPS button on the VMG s panel or press the WPS button in the Network Setting Wireless WPS screen...

Page 41: ...mber and the VMG s web configurator 1 Go to your phone settings and turn on Wi Fi Open the Wi Fi networks list and tap WPS PIN Entry to get a PIN number 2 Log into VMG s web configurator and go to the Network Setting Wireless WPS screen Enable the WPS function and click Apply Wireless Client SECURITY INFO COMMUNICATION WITHIN 2 MINUTES VMG WPS Press and hold for more than 5 seconds ...

Page 42: ... within two minutes The VMG authenticates the wireless client and sends the proper configuration settings to the wireless client This may take up to two minutes The wireless client is then able to communicate with the VMG securely The following figure shows you how to set up a wireless network and its security on a VMG and a wireless client Android 4 4 2 smartphone in this example by using PIN met...

Page 43: ... Network Manually No WPS In this example we change the VMG s wireless settings and then manually select the VMG s new SSID and enter the Wi Fi key to connect a wireless client to the VMG Authentication by PIN SECURITY INFO COMMUNICATION WITHIN 2 MINUTES Enter WPS PIN WPS from other device WPS Register Wireless Client VMG ...

Page 44: ...ns require that your hardware is connected see the Quick Start Guide and you are logged into the Web Configurator through your LAN connection see Section 2 2 on page 16 1 Go to the Network Setting Wireless General screen to enable the 2 4 GHz wireless network 2 Enter SSID_Example as the SSID and select Auto to have the VMG scans for and select an available channel automatically Frequency Band 2 4 ...

Page 45: ...Chapter 4 Tutorials VMG3925 B10C B30C User s Guide 45 3 Set security mode to WPA2 PSK and enter ThisismyWPA PSKpre sharedkey in the Pre Shared Key field Click Apply ...

Page 46: ...ows 7 laptop that has a built in wireless adapter as the wireless client 1 The VMG supports IEEE 802 11a IEEE 802 11b IEEE 802 11g IEEE 802 11n IEEE 802 11a IEEE 802 11an and IEEE 802 11ac wireless clients Make sure that your notebook or computer s wireless adapter supports one of these standards 2 Click the Wi Fi icon in your computer s system tray 3 The Wireless Network Connection screen display...

Page 47: ...Guide 47 4 Select SSID_Example and click Connect 5 The following screen displays if WPS is enabled on the VMG but you didn t press the WPS button Click Connect using as security key instead 6 Type the security key in the following screen Click OK ...

Page 48: ...make sure the VMG is connected to a router with the DHCP server enabled If your connection is successful open your Internet browser and enter http www zyxel com or the URL of any other web site in the address bar If you are able to access the web site your wireless connection is successfully configured 4 4 Setting Up Multiple Wireless Groups Company A wants to create different wireless network gro...

Page 49: ...password Company A will use the following parameters to set up the wireless network groups 1 Click Network Setting Wireless to open the General screen Use this screen to set up the company s general wireless network group Configure the screen using the provided parameters and click Apply COMPANY VIP GUEST SSID Company VIP Guest Security Level More Secure More Secure More Secure Security Mode WPA2 ...

Page 50: ...Chapter 4 Tutorials VMG3925 B10C B30C User s Guide 50 2 Click Network Setting Wireless Guest More AP to open the following screen Click the Edit icon to configure the second wireless network group ...

Page 51: ... s Guide 51 3 Configure the screen using the provided parameters and click Apply 4 In the Guest More AP screen click the Edit icon to configure the third wireless network group Configure the screen using the provided parameters and click Apply ...

Page 52: ...Chapter 4 Tutorials VMG3925 B10C B30C User s Guide 52 5 Check the status of VIP and Guest in the Guest More AP screen The yellow bulbs signify that the SSIDs are active and ready for wireless access ...

Page 53: ... are not allowed for the USB share name 4 5 1 1 Activate File Sharing Connect your USB device to the USB port at the side panel of the VMG Click Network Setting USB Service File Sharing Select Enable and click Apply to activate the file sharing function The VMG automatically adds your USB device to the Information 4 5 1 2 Set up File Sharing on Your VMG You also need to set up file sharing on your...

Page 54: ...e accessed by users connecting to the VMG you can select Public in Access Level or select Security to specific users use only Please note that you need to create the users accounts that are eligible to access the secure shares beforehand under Account Management if you want to configure the Access Level to Security For detailed information please refer to the steps below The Add Share Directory sc...

Page 55: ...e screen should look like the following 4 5 2 Access Your Shared Files From a Computer You can use Windows Explorer to access the file storage devices connected to the VMG Note The examples in this User s Guide show you how to use Microsoft s Windows 7 to browse your shared files Refer to your operating system s documentation for how to browse your file structure Open Windows Explorer to access Bo...

Page 56: ...connections Before you begin connect the USB storage device containing the media files you want to play to the USB port of your VMG 4 6 1 Configuring the VMG To use your VMG as a media server click Network Setting USB Service Media Server Enable Media Server select an interface on which you want to enable the media server function enter the path clients use to access the media files on a USB stora...

Page 57: ...e left panel as shown above go to Organize Manage Libraries Music Videos Pictures Recorded TV Add 192 168 1 1 BobShare Select the folder containing the media you wish to upload to Windows Media Player 9 In the right panel you should see a list of files available in the USB storage device ...

Page 58: ...age device in your TV screen Note For this tutorial your DMA 2500 should already be set up with the TV according to the instructions in the DMA 2500 Quick Start Guide 1 Connect the DMA 2500 to an available LAN port in your VMG 2 Turn on the TV and wait for the DMA 2500 Home screen to appear Using the remote control go to MyMedia to open the following screen Select the GPON Device as your media ser...

Page 59: ... flowing directions you may connect a router to the VMG s LAN The router may be used to separate two department networks This tutorial shows how to configure a static routing rule for two network routings In the following figure router R is connected to the VMG s LAN R connects to two networks N1 192 168 1 x 24 and N2 192 168 10 x 24 If you want to send traffic from computer A in N1 network to com...

Page 60: ...to N2 In this case the VMG routes traffic from A to R and then R routes the traffic to B This tutorial uses the following example IP settings Table 4 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The VMG s WAN 172 16 1 1 The VMG s LAN 192 168 1 1 IP Type IPv4 Use Interface VDSL ppp1 1 A 192 168 1 34 R s N1 192 168 1 253 R s N2 192 168 10 2 B 192 168 10 33 ...

Page 61: ...using the following settings 4a Select the Active check box Enter the Route Name as R 4b Set IP Type to IPv4 4c Type 192 168 10 0 and subnet mask 255 255 255 0 for the destination N2 4d Select Enable in the Use Gateway IP Address field Type 192 168 1 253 R s N1 address in the Gateway IP Address field 4e Select VDSL as the Use Interface 4a Click OK Now B should be able to receive traffic from A You...

Page 62: ...0 000 kbps For this example you want to configure QoS so that e mail traffic gets the highest priority with at least 5 000 kbps You can do the following Configure a queue to assign the highest priority queue 1 to e mail traffic going to the WAN interface so that e mail traffic would not get delayed when there is network congestion Note the IP address 192 168 1 23 for example and or MAC address AA ...

Page 63: ...screen that opens check Active and enter or select the following values Name E mail Interface WAN Priority 1 High Weight 8 Rate Limit 5 000 kbps Tutorial Advanced QoS Queue Setup 3 Click Classification Setup Add new Classification to create a new class Check Active and follow the settings as shown in the screen below ...

Page 64: ...Select LAN1 for this example Ether Type Select IP to identify the traffic source by its IP address or MAC address IP Address Type the IP address of your computer 192 168 1 23 Type the IP Subnet Mask if you know it MAC Address Type the MAC address of your computer AA FF AA FF AA FF Type the MAC Mask if you know it To Queue Index Link this to an item in the Network Setting QoS Queue Setup screen whi...

Page 65: ... to access the VMG using a domain name To use this feature you have to apply for DDNS service at www dyndns org This tutorial covers Registering a DDNS Account on www dyndns org Configuring DDNS on Your VMG Testing the DDNS Setting Note If you have a private WAN IP address then you cannot use DDNS 4 9 1 Registering a DDNS Account on www dyndns org 1 Open a browser and type http www dyndns org 2 Ap...

Page 66: ...he computer using the IP address a b c d that is connected to the Internet 2 Type http zyxelrouter dyndns org and press Enter 3 The VMG s login page should appear You can then log into the VMG and manage it 4 10 Configuring the MAC Address Filter Thomas noticed that his daughter Josephine spends too much time surfing the web and downloading media files He decided to prevent Josephine from accessin...

Page 67: ... to activate MAC filter function 2 Select Allow Then enter the host name and MAC address of Thomas computer in this screen Click Apply Thomas can also grant access to the computers of other members of his family and friends However Josephine and others not listed in this screen will no longer be able to access the Internet through the VMG ...

Page 68: ...VMG s USB port Note This example uses the FileZilla FTP program to browse your shared files 1 In FileZilla enter the IP address of the VMG the default is 192 168 1 1 your account s user name and password and port 21 and click Quickconnect A screen asking for password authentication appears File Sharing via Windows Explorer 2 Once you log in the USB device displays in the mnt folder ...

Page 69: ...69 PART II Technical Reference ...

Page 70: ...connection status of the VMG and clients connected to it You can use the Status screen to look at the current status of the VMG system resources and interfaces LAN WAN and WLAN 5 2 The Network Map Screen Use this screen to view the network connection status of the device and its clients A warning message appears if there is a connection problem Figure 18 Network Map Icon View Mode ...

Page 71: ...e it If you want to change the name or icon of the client click Change name icon If you prefer to view the status in a list click List View in the Viewing mode selection box You can configure how often you want the VMG to update this screen in Refresh interval Figure 19 Network Map List View Mode 5 3 The Status Screen Use this screen to view the status of the VMG Click Status to open this screen ...

Page 72: ... number of the VMG Firmware Version This is the current version of the firmware inside the VMG WAN Information These fields display when you have a WAN connection Encapsulation This field displays the current encapsulation method IP Address This field displays the current IP address of the VMG in the WAN Click Release to release your IP address to 0 0 0 0 If you want to renew your IP address click...

Page 73: ...e name used to identify the VMG in a wireless LAN Channel This is the channel number used by the wireless interface now Security This displays the type of security mode the wireless interface is using in the wireless LAN 802 11 Mode This displays the type of 802 11 mode the wireless interface is using in the wireless LAN WPS This displays whether WPS is activated on the wireless interface Security...

Page 74: ... enabled Up or disabled Disable state of the interface For the DSL interface this field displays Down line down Up line up or connected Drop dropping a call if you re using PPPoE encapsulation and NoLink when not using the interface For the 3G interface this field displays Up when using the interface and NoDevice when no device is detected in any USB slot Rate For the Ethernet WAN and LAN interfac...

Page 75: ...e the Broadband screen to view remove or add a WAN interface You can also configure the WAN settings on the VMG for Internet access Section 6 2 on page 79 Use the Cellular Backup screen to configure cellular WAN connection Section 6 3 on page 87 Use the Advanced screen to enable or disable PTM over ADSL Annex M Annex J and DSL PhyR functions Section 6 4 on page 92 Table 6 WAN Setup Overview LAYER ...

Page 76: ...ard In PTM packets are encapsulated directly in the High level Data Link Control HDLC frames It is designed to provide a low overhead transparent way of transporting packets over DSL links as an alternative to ATM IPv6 Introduction IPv6 Internet Protocol version 6 is designed to enhance IP address size and features The increase in IPv6 address size to 128 bits from the 32 bit IPv4 address allows u...

Page 77: ...mpose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means that the first 32 bits 2001 db8 is the subnet prefix IPv6 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128 bit binary digits which are divided into eight 16 bit blocks and written in hexadecimal notation Hexadecimal uses four bits for each character 1 ...

Page 78: ...te to use IPv4 computers and services The VMG tunnels IPv4 packets inside IPv6 encapsulation packets to the ISP s Address Family Transition Router AFTR in the graphic to connect to the IPv4 Internet The local network can also use IPv6 services The VMG uses it s configured IPv6 WAN IP to route IPv6 traffic to the IPv6 Internet Figure 23 Dual Stack Lite 6 1 3 Before You Begin You need to know your I...

Page 79: ... 1p This indicates the 802 1p priority level assigned to traffic sent through this connection This displays N A when there is no priority level assigned 802 1q This indicates the VLAN ID number assigned to traffic sent through this connection This displays N A when there is no VLAN ID number assigned IGMP Proxy This shows whether the VMG act as an IGMP proxy on this connection NAT This shows wheth...

Page 80: ... encapsulation and IPv6 IPv4 mode you select 6 2 1 1 Routing Mode Use Routing mode if your ISP give you one IP address only and you want multiple computers to share an Internet account The following example screen displays when you select the ADSL VDSL over ATM connection type Routing mode and PPPoE encapsulation The screen varies when you select other interface type encapsulation and IPv6 IPv4 mo...

Page 81: ...od of multiplexing used by your ISP from the drop down list box Choices are LLC SNAP BRIDGING In LCC encapsulation bridged PDUs are encapsulated by identifying the type of the bridged media in the SNAP header VC MUX In VC multiplexing each protocol is carried on a single ATM virtual circuit VC To transport multiple protocols the VMG needs separate VCs There is a binding between a VC and the type o...

Page 82: ...for traffic through this connection MTU MTU Enter the MTU Maximum Transfer Unit size for this traffic Routing Feature This is available only when you select IPv4 Only or IPv4 IPv6 DualStack in the IPv4 IPv6 Mode field NAT Enable Select this option to activate NAT on this connection Fullcone NAT Enable Select this option to enable full cone NAT on this connection This field is available only when y...

Page 83: ...in the IPv4 IPv6 Mode field Request Options Select Option 43 to have the VMG automatically add vendor specific information in the DHCP packets to request the vendor specific options from the DHCP server Select Option 121 to have the VMG push static routes to clients Sent Options option 60 Select this and enter the device identity you want the VMG to add in the DHCP discovery packets that go to the...

Page 84: ...ption information and maintain a joined member list for each multicast group It can reduce multicast traffic significantly Apply as Default Gateway Select this option to have the VMG use the WAN interface of this connection as the system default gateway IPv6 DNS Server This is available only when you select IPv4 IPv6 DualStack or IPv6 Only in the IPv4 IPv6 Mode field Configure the IPv6 DNS server ...

Page 85: ...ou more than one IP address and you want the connected computers to get individual IP address from ISP s DHCP server directly If you select Bridge you cannot use routing functions such as QoS Firewall DHCP server and NAT on traffic from the selected LAN port s VLAN This section is available only when you select ADSL VDSL over PTM in the Type field Active Select Enable to activate VLAN on this WAN ...

Page 86: ... routing functions such as QoS Firewall DHCP server and NAT on traffic from the selected LAN port s ATM PVC Configuration These fields appear when the Type is set to ADSL over ATM VPI The valid range for the VPI is 0 to 255 Enter the VPI assigned to you VCI The valid range for the VCI is 32 to 65535 0 to 31 is reserved for local management of ATM traffic Enter the VCI assigned to you Encapsulation...

Page 87: ...e VBR non real time Variable Bit Rate for connections that do not require closely controlled delay and delay variation Select Realtime VBR real time Variable Bit Rate for applications with bursty connections that require closely controlled delay and delay variation VLAN This section is available only when you select ADSL VDSL over PTM in the Type field Active Select Enable to activate VLAN on this...

Page 88: ...5 B10C B30C User s Guide 88 Note The actual data rate you obtain varies depending the cellular card you use the signal strength to the service provider s base station and so on Figure 29 Network Setting Broadband Cellular Backup ...

Page 89: ...ocol CHAP is more secure than PAP however PAP is readily available on more platforms Use the drop down list box to select an authentication protocol for outgoing calls Options are AUTO Your VMG accepts either CHAP or PAP when requested by this remote node CHAP Your VMG accepts CHAP only PAP Your VMG accepts PAP only PIN A PIN Personal Identification Number code is a key to a cellular card Without ...

Page 90: ...kup Email Title Type a title that you want to be in the subject line of the e mail notifications that the VMG sends Send Notification to Email Notifications are sent to the e mail address specified in this field If this field is left blank notifications cannot be sent via e mail Advanced Click this to show the advanced cellular backup settings Budget Setup Enable Budget Control Select Enable to se...

Page 91: ...le of time budget data budget Mbytes data budget kPackets Select Enable and enter a number from 1 to 99 in the percentage fields If you change the value after you configure and enable budget control the VMG resets the statistics Actions when over budget Specify the actions the VMG takes when the time or data limit is exceeded Current Cellular connection Select Keep to maintain an existing cellular...

Page 92: ...ission buffer ITU T G 993 2 standard defines a wide range of settings for various parameters some of which are encompassed in profiles as shown in the next table Click Network Setting Broadband Advanced to display the following screen Figure 30 Network Setting Broadband Advanced Table 12 VDSL Profiles PROFILE BANDWIDTH MHZ NUMBER OF DOWNSTREAM CARRIERS CARRIER BANDWIDTH KHZ POWER DBM MAX DOWNSTREA...

Page 93: ...NSI T1 413 is a technical standard that defines the requirements for the single asymmetric digital subscriber line ADSL for the interface between the telecommunications network and the customer installation in terms of their interaction and electrical characteristics ADSL2 It optionally extends the capability of basic ADSL in data rates to 12 Mbit s downstream and depending on Annex version up to ...

Page 94: ...lexer Please refer to RFC 2364 for more information on PPPoA Refer to RFC 1661 for more information on PPP PPP over Ethernet PPPoE Point to Point Protocol over Ethernet PPPoE provides access control and billing functionality in a manner similar to dial up services using PPP PPPoE is an IETF standard RFC 2516 specifying how a personal computer PC interacts with a broadband modem DSL cable wireless ...

Page 95: ...ne VC carries multiple protocols with protocol identifying information being contained in each packet header Despite the extra bandwidth and processing overhead this method may be advantageous if it is not practical to have a separate VC for each carried protocol for example if charging heavily depends on the number of simultaneous VCs Traffic Shaping Traffic Shaping is an agreement between the ca...

Page 96: ...BR RT or non real time VBR nRT connections The VBR RT real time Variable Bit Rate type is used with bursty connections that require closely controlled delay and delay variation It also provides a fixed amount of bandwidth a PCR is specified but is only available when data is being sent An example of an VBR RT connection would be video conferencing Video conferencing requires real time data transfe...

Page 97: ...he MAC header to identify the VLAN membership of a frame across bridges they are not confined to the switch on which they were created The VLANs can be created statically by hand or dynamically through GVRP The VLAN ID associates a frame with a specific VLAN and provides the information that switches need to process the frame across the network A tagged frame is four bytes longer than an untagged ...

Page 98: ... IP address of a computer before you can access it The VMG can get the DNS server addresses in the following ways 1 The ISP tells you the DNS server addresses usually in the form of an information sheet when you sign up If your ISP gives you DNS server addresses manually enter them in the DNS server fields 2 If your ISP dynamically assigns the DNS server IP addresses along with the VMG s WAN IP ad...

Page 99: ...less networks for multimedia applications Section 7 6 on page 110 Use the Others screen to configure wireless advanced features such as the RTS CTS Threshold Section 7 7 on page 111 Use the Channel Status screen to scan wireless LAN channel noises and view the results Section 7 8 on page 112 Use the WLAN Scheduler screen to set the times your wireless LAN is turned on and off Section 7 9 on page 1...

Page 100: ... LAN enter the SSID and select the wireless security mode Note If you are configuring the VMG from a computer connected to the wireless LAN and you change the VMG s SSID channel or security settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match the VMG s new settings Click Network Setting Wireless to open...

Page 101: ...etting Wireless General LABEL DESCRIPTION Wireless Network Setup Band This shows the wireless band which this radio profile is using 2 4GHz is the frequency used by IEEE 802 11b g n wireless clients while 5GHz is used by IEEE 802 11a ac wireless clients Wireless You can Enable or Disable the wireless LAN in this field Channel Use Auto to have the VMG automatically determine a channel to use ...

Page 102: ...e set with which a wireless device is associated Wireless devices associating to the access point AP must have the same SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Max Clients Specify the maximum number of clients that can connect to this network at the same time Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station c...

Page 103: ...ct WPA2 PSK from the Security Mode list Figure 34 Wireless General More Secure WPA2 PSK The following table describes the labels in this screen Table 15 Wireless General No Security LABEL DESCRIPTION Security Level Choose No Security to allow all wireless connections without data encryption or authentication Table 16 Wireless General More Secure WPA2 PSK LABEL DESCRIPTION Security Level Select Mor...

Page 104: ...yption type AES for data encryption Select AES if your wireless clients can all use AES Group Key Update Timer The Group Key Update Timer is the rate at which the RADIUS server sends a new group key out to all clients Table 16 Wireless General More Secure WPA2 PSK continued LABEL DESCRIPTION Table 17 Network Setting Wireless Guest More AP LABEL DESCRIPTION This is the index number of the entry Sta...

Page 105: ...ays Guest WLAN This displays if the guest WLAN function has been enabled for this WLAN If Home Guest displays clients can connect to each other directly If External Guest displays clients are blocked from connecting to each other directly N A displays if guest WLAN is disabled Modify Click the Edit icon to configure the SSID profile Table 17 Network Setting Wireless Guest More AP continued LABEL D...

Page 106: ...it LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in this field Wireless Network Settings Wireless Network Name The SSID Service Set IDentity identifies the service set with which a wireless device is associated Wireless devices associating to the access point AP must have the same SSID Enter a descriptive name up to 32 English keyboard characters for ...

Page 107: ...e in the Access Scenario field Access Scenario If you select Home Guest clients can connect to each other directly If you select External Guest clients are blocked from connecting to each other directly Max Upstream Bandwidth Specify the maximum rate for upstream wireless traffic to the WAN from this WLAN in kilobits per second Kbps Max Downstream Bandwidth Specify the maximum rate for downstream ...

Page 108: ...o permit access to the VMG MAC addresses not listed will be denied access to the VMG MAC address List Add new MAC address Click this if you want to add a new MAC address entry to the MAC filter list below This button is not configurable when you select Disable in the MAC Restrict Mode field Enter the MAC addresses of the wireless devices that are allowed or denied access to the VMG Enter the MAC a...

Page 109: ...38 Network Setting Wireless WPS The following table describes the labels in this screen Table 20 Network Setting Wireless WPS LABEL DESCRIPTION General WPS Select Enable to activate WPS on this VMG Add a new device with WPS Method Method 1 Use this section to set up a WPS wireless network using Push Button Configuration PBC Select Enable and click Apply to activate WPS method 1 on the VMG WPS Clic...

Page 110: ...e VMG Method 3 Use this section to set up a WPS wireless network by entering the PIN of the VMG into the client Select Enable and click Apply to activate WPS method 3 on the VMG Release Configuration The default WPS status is configured Click this button to remove all configured wireless and wireless security settings for WPS connections on the VMG Generate New PIN Number If this method has been e...

Page 111: ...ch makes them run more smoothly WMM Automatic Power Save Delivery APSD Select this option to extend the battery life of your mobile devices especially useful for small devices that are running multimedia applications The VMG goes to sleep mode to save power when it is not transmitting data The AP buffers the packets sent to the VMG until the VMG wakes up The VMG wakes up periodically to check for ...

Page 112: ...e can cause clients to lose connectivity with the network This value can be set from 1 to 255 802 11 Mode Select 802 11b Only to allow only IEEE 802 11b compliant WLAN devices to associate with the VMG Select 802 11g Only to allow only IEEE 802 11g compliant WLAN devices to associate with the VMG Select 802 11n Only to allow only IEEE 802 11n compliant WLAN devices to associate with the VMG Select...

Page 113: ...tus 7 9 The WLAN Scheduler Screen Use this screen to set the times your wireless LAN is turned on and off Wireless LAN scheduler is disabled by default The wireless LAN can be scheduled to turn on or off on certain days and at certain times To open this screen click Network Wireless WLAN Scheduler tab ...

Page 114: ...ick this to create a new scheduler rule This is the index number of the entry Active Select to enable or disable this scheduler rule Rule Name This shows the name of the scheduler rule SSID This shows the name of the wireless LAN on which this scheduler rule is enabled Day This shows the day s on which this scheduler rule is enabled Time This shows the period of time on which this scheduler rule i...

Page 115: ...t relays communications between access points and wireless clients extending a network s range Table 24 Network Wireless WLAN Scheduler Add Edit a Rule LABEL DESCRIPTION Active Select Enable or Disable to activate or deactivate this scheduler rule SSID Select an SSID for this scheduler rule Rule Name Enter a name up to 31 printable English keyboard characters not including spaces for this schedule...

Page 116: ... network devices A and B use the access point AP to interact with the other devices such as the printer or with the Internet Your VMG is the AP Every wireless network must follow these basic guidelines Every device in the same wireless network must use the same SSID The SSID is the name of the wireless network It stands for Service Set IDentifier If two wireless networks overlap they should use a ...

Page 117: ...ith the code key can understand the information and only people who have been authenticated are given the code key These security standards vary in effectiveness Some can be broken such as the old Wired Equivalent Protocol WEP Using WEP is better than using no security at all but it will not keep a determined attacker out Other security standards are secure in themselves but can be broken if a use...

Page 118: ...that can use a wireless network has a unique identification number called a MAC address 1 A MAC address is usually written using twelve hexadecimal characters2 for example 00A0C5000002 or 00 A0 C5 00 00 02 To get the MAC address for each device in the wireless network see the device s User s Guide or other documentation You can use the MAC address filter to tell the VMG which devices are allowed o...

Page 119: ...supports WEP and WPA Therefore you should set up Static WEP in the wireless network Note It is recommended that wireless networks use WPA PSK WPA or stronger encryption The other types of encryption are better than none at all but it is still possible for unauthorized wireless devices to figure out the original information pretty quickly When you select WPA2 or WPA2 PSK in your VMG you can also se...

Page 120: ...ation A and B can access the wired network and communicate with each other When Intra BSS traffic blocking is enabled wireless station A and B can still access the wired network but cannot communicate with each other Figure 45 Basic Service set 7 10 6 MBSSID Traditionally you need to use different APs to configure different Basic Service Sets BSSs As well as the cost of buying extra APs there is a...

Page 121: ...ise the VMG uses long preamble Note The wireless devices MUST use the same preamble mode in order to communicate 7 10 8 WiFi Protected Setup WPS Your VMG supports WiFi Protected Setup WPS which is an easy way to set up a secure wireless network WPS is an industry standard specification defined by the WiFi Alliance WPS allows you to quickly set up a wireless network with strong security without hav...

Page 122: ...first two devices to activate WPS in range of each other However you need to log into the configuration interfaces of both devices to use the PIN method When you use the PIN method you must enter the PIN from one device usually the wireless client into the second device usually the Access Point or wireless router Then when WPS is activated on the first device it presents its PIN to the second devi...

Page 123: ...tebook computer connecting to the WPS enabled AP via the PIN method Figure 46 Example WPS Process PIN Method 7 10 8 3 How WPS Works When two WPS enabled devices connect each device must assume a specific role One device acts as the registrar the device that supplies network and security settings and the other device acts as the enrollee the device that receives network and security settings The re...

Page 124: ...ss point AP is not always the registrar and the wireless client is not always the enrollee All WPS certified APs can be a registrar and so can some WPS enabled wireless clients By default a WPS devices is unconfigured This means that it is not part of an existing network and can act as either enrollee or registrar if it supports both functions If the registrar is unconfigured the security settings...

Page 125: ...to the network You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network In this case AP1 must be the registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 Figure 49 WPS Exa...

Page 126: ...e enrollee devices Whether the network uses WPA PSK or WPA2 PSK depends on the device You can check the configuration interface of the registrar device to discover the key the network is using if the device supports this feature Then you can enter the key into the non WPS device and join the network as normal the non WPS device must also support WPA PSK or WPA2 PSK When you use the PBC method ther...

Page 127: ...was not involved in the WPS handshake a rogue device must still associate with the access point to gain access to the network Check the MAC addresses of your wireless clients usually printed on a label on the bottom of the device If there is an unknown MAC address you can remove it or reset the AP ...

Page 128: ...s on the LAN to specific individual computers based on their MAC Addresses Section 8 3 on page 134 Use the UPnP screen to enable UPnP and UPnP NAT traversal on the VMG Section 8 4 on page 136 Use the Additional Subnet screen to configure IP alias and public static IP Section 8 5 on page 138 Use the STB Vendor ID screen to configure the Vendor IDs of the connected Set Top Box STB devices which have...

Page 129: ... you can access it RADVD Router Advertisement Daemon When an IPv6 host sends a Router Solicitation RS request to discover the available routers RADVD with Router Advertisement RA messages in response to the request It specifies the minimum and maximum intervals of RA broadcasts RA messages containing the address prefix IPv6 hosts can be generated with the IPv6 prefix an IPv6 address 8 1 2 2 About ...

Page 130: ...as achieved UPnP certification from the Universal Plug and Play Forum UPnP Implementers Corp UIC Zyxel s UPnP implementation supports Internet Gateway Device IGD 1 0 See Section 8 4 1 on page 137 for examples of installing and using UPnP Finding Out More See Section 8 9 on page 141 for technical background information on LANs 8 1 3 Before You Begin Find out the MAC addresses of your network device...

Page 131: ...Chapter 8 Home Networking VMG3925 B10C B30C User s Guide 131 3 Click Apply to save your settings Figure 51 Network Setting Home Networking LAN Setup ...

Page 132: ...s only available when you select DHCP Relay in the DHCP field IP Address Enter the IPv4 IP address of the actual remote DHCP server in this field IP Addressing Values This field is only available when you select Enable in the DHCP field Beginning IP Address This field specifies the first of the contiguous addresses in the IP address pool Ending IP Address This field specifies the last of the conti...

Page 133: ...t packets from the WAN to all LAN ports Select Blocking Mode to block all unknown multicast packets from the WAN LAN IPv6 Address Assign Setup Select how you want to obtain an IPv6 address Stateless The VMG uses IPv6 stateless autoconfiguration RADVD Router Advertisement Daemon is enabled to have the VMG send IPv6 prefix information in router advertisements periodically and in response to router s...

Page 134: ... VMG forwards the requests to the IPv4 DNS server and sends clients the DNS information it receives IPv6 DNS Server First The VMG forwards the requests to the IPv6 DNS server first and then the IPv4 DNS server Then it sends clients the first DNS information it receives IPv4 DNS Server First The VMG forwards the requests to the IPv4 DNS server first and then the IPv6 DNS server Then it sends client...

Page 135: ...connection between the client and the VMG Group Name Select the interface group name for which you want to configure static DHCP settings See Chapter 15 on page 198 for how to create a new interface group IP Type This field displays IPv4 for the type of the DHCP IP address At the time of writing it is not allowed to select other type Select Device Info Select a device or computer from the drop dow...

Page 136: ...d use a UPnP application to open the web configurator s login screen without entering the VMG s IP address although you must still enter the password to access the web configurator UPnP NAT T Select Enable to allow UPnP enabled applications to automatically configure the VMG so that they can communicate through the VMG by using NAT traversal UPnP applications automatically reserve a NAT forwarding...

Page 137: ...k the start icon Control Panel and then the Network and Sharing Center 2 Click Change Advanced Sharing Settings 3 Select Turn on network discovery and click Save Changes Network discovery allows your computer to find other computers and devices on the network and other computers on the network to find your computer This makes it easier to share files and printers Apply Click Apply to save your cha...

Page 138: ...reen Use the Additional Subnet screen to configure IP alias and public static IP IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface The VMG supports multiple logical LAN interfaces via its physical Ethernet interface with the ...

Page 139: ...lias settings See Chapter 15 on page 198 for how to create a new interface group Active Select Enable to configure a LAN network for the VMG IPv4 Address Enter the IP address of your VMG in dotted decimal notation Subnet Mask Your VMG will automatically calculate the subnet mask based on the IPv4 address that you assign Unless you are implementing subnetting use this value computed by the VMG Publ...

Page 140: ...king STB Vendor ID The following table describes the labels in this screen 8 7 The Wake on LAN Screen Use this screen to turn on a device on the LAN network To use this feature the remote device must also support Wake On LAN You need to know the MAC address of the LAN device It may be on a label on the device or in its documentation Click Network Setting Home Networking Wake on Lan to open this sc...

Page 141: ...s some technical background information about the topics covered in this chapter Table 33 Network Setting Home Networking Wake on Lan LABEL DESCRIPTION Wake by Address Select Manual and enter the IP address or MAC address of the device to turn it on remotely The drop down list also lists the IP addresses that can be found in the VMG s ARP table Select an IP address and it will then automatically u...

Page 142: ...computer must be manually configured IP Pool Setup The VMG is pre configured with a pool of IP addresses for the DHCP clients DHCP Pool See the product specifications in the appendices Do not assign static IP addresses from the DHCP pool to your LAN computers 8 9 3 DNS Server Addresses DNS Domain Name System maps a domain name to its corresponding IP address and vice versa The DNS server is extrem...

Page 143: ...he connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 and you must enable the Network Address Translation NAT feature of the VMG The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select...

Page 144: ...the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Note Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for P...

Page 145: ...ected to the VMG s LAN interface The VMG routes most traffic from A to the Internet through the VMG s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the LAN Figure 60 Example of Routing Topology 9 2 The Routing Screen Use this screen to ...

Page 146: ...that this route is active A gray bulb signifies that this route is not active Name This is the name that describes or identifies this route Destination IP This parameter specifies the IP network address of the final destination Routing is always based on network number Subnet Mask Prefix Length This parameter specifies the IP network subnet mask of the final destination Gateway This is the IP addr...

Page 147: ...etwork address of the final destination IP Subnet Mask If you are using IPv4 and need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID Enter the IP subnet mask here Use Gateway IP Address The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gatewa...

Page 148: ... Figure 64 DNS Route Add Table 37 Network Setting Routing DNS Route LABEL DESCRIPTION Add New DNS Route Click this to add a new DNS route This is the index number of a DNS route Status This field displays whether the DNS route is active or not A yellow bulb signifies that this DNS route is active A gray bulb signifies that this DNS route is not active Domain Name This is the host name or domain na...

Page 149: ...outing Policy Route The following table describes the labels in this screen Table 38 DNS Route Add LABEL DESCRIPTION Active Select Enable to activate this DNS route Domain Name Enter the domain name of the DNS route entry Subnet Mask Enter the subnet mask of the DNS route entry WAN Interface Select the WAN connection through which the VMG forwards DNS requests for this domain name WWAN means the w...

Page 150: ...hrough which the traffic is routed Modify Click the Edit icon to edit this policy Click the Delete icon to remove a policy from the VMG A window displays asking you to confirm that you want to delete the policy Table 39 Network Setting Routing Policy Route continued LABEL DESCRIPTION Table 40 Policy Route Add Edit Sheet 1 of 2 LABEL DESCRIPTION Active Select Enable to activate this policy route Ro...

Page 151: ... 2 of 2 LABEL DESCRIPTION Table 41 RIP LABEL DESCRIPTION This is the index of the interface in which the RIP setting is used Interface This is the name of the interface in which the RIP setting is used Version The RIP version controls the format and the broadcasting method of the RIP packets that the VMG sends it recognizes both formats when receiving RIP version 1 is universally supported but RIP...

Page 152: ...10C B30C User s Guide 152 Disable Default Gateway Select the check box to set the VMG to not send the route information to the default gateway Apply Click Apply to save your changes back to the VMG Table 41 RIP LABEL DESCRIPTION ...

Page 153: ...priority are processed more quickly than those with low priority if there is congestion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Voice over IP VoIP or Internet gaming and those for which jitter alone is a problem such as Internet radio or ...

Page 154: ...while DiffServ is a new protocol and defines a new DS field which replaces the eight bit ToS Type of Service field in the IP header Tagging and Marking In a QoS class you can configure whether to add or change the DSCP DiffServ Code Point value IEEE 802 1p priority level and VLAN ID number in a matched packet When the packet passes through a compatible network the networking device such as a backb...

Page 155: ... algorithms Token Bucket Filter TBF Single Rate Two Color Maker srTCM and Two Rate Two Color Marker trTCM You can specify actions which are performed on the colored packets See Section 10 8 on page 166 for more information on each metering algorithm 10 3 The Quality of Service General Screen Click Network Setting QoS General to open the screen as shown next Use this screen to enable or disable QoS...

Page 156: ...ter the amount of downstream bandwidth for the LAN interfaces including WLAN that you want to allocate using QoS The recommendation is to set this speed to match the WAN interfaces actual transmission speed For example set the LAN managed downstream bandwidth to 100000 kbps if you use a 100 Mbps wired Ethernet WAN connection You can also set this number lower than the WAN interfaces actual transmi...

Page 157: ...ive Name This shows the descriptive name of this queue Interface This shows the name of the VMG s interface through which traffic in this queue passes Priority This shows the priority of this queue Weight This shows the weight of this queue Buffer Management This shows the queue management algorithm used for this queue Queue management algorithms determine how the VMG should handle packets when it...

Page 158: ...ority queues gets through faster while traffic in lower priority queues is dropped if the network is congested Weight Select the weight from 1 to 8 of this queue If two queues have the same priority level the VMG divides the bandwidth across the queues according to their weights Queues with larger weights get more bandwidth than queues with smaller weights Buffer Management This field displays Dro...

Page 159: ...or the Edit icon next to a classifier to open the following screen Table 45 Network Setting QoS Classification Setup LABEL DESCRIPTION Add New Classification Click this to create a new classifier Order This is the index number of the entry The classifiers are applied in order of their numbering Status This field displays whether the classifier is active or not A yellow bulb signifies that this cla...

Page 160: ...Chapter 10 Quality of Service QoS VMG3925 B10C B30C User s Guide 160 Figure 72 Classification Setup Add Edit ...

Page 161: ...ource MAC address of the packet MAC Mask Type the mask for the specified MAC address to determine which bits a packet s MAC address should match Enter f for each bit of the specified source MAC address that the traffic s MAC address should match Enter 0 for the bit s of the matched traffic s MAC address which can be of any hexadecimal character s For example if you set the MAC address to 00 13 49 ...

Page 162: ...he fields provided DSCP This field is available only when you select IP in the Ether Type field Select this option and specify a DSCP DiffServ Code Point number between 0 and 63 in the field provided 802 1P This field is available only when you select 802 1Q in the Ether Type field Select this option and select a priority level between 0 and 7 from the drop down list box 0 is the lowest priority l...

Page 163: ...ueue that applies to this class You should have configured a queue in the Queue Setup screen already OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving Table 46 Classification Setup Add Edit continued LABEL DESCRIPTION Table 47 Network Setting QoS Shaper Setup LABEL DESCRIPTION Add New Shaper Click this to create a new entry This is the index number of the entr...

Page 164: ...u to limit the transmission rate of incoming traffic and apply actions such as drop pass or modify the DSCP value for matched traffic Click Network Setting QoS Policer Setup The screen appears as shown Figure 75 Network Setting QoS Policer Setup Table 48 Shaper Setup Add Edit LABEL DESCRIPTION Active Select Enable to activate this shaper Interface Select the VMG s interface through which traffic i...

Page 165: ...w bulb signifies that this policer is active A gray bulb signifies that this policer is not active Name This field displays the descriptive name of this policer Regulated Classes This field displays the name of a QoS classifier Meter Type This field displays the type of QoS metering algorithm used in this policer Rule These are the rates and burst sizes against which the policer checks the traffic...

Page 166: ...formation Rate PIR Committed Rate Specify the committed rate When the incoming traffic rate of the member QoS classes is less than the committed rate the device applies the conforming action to the traffic Committed Burst Size Specify the committed burst size for packet bursts This must be equal to or less than the peak burst size two rate three color or excess burst size single rate three color i...

Page 167: ...Service TOS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping The DSCP value determines the forwardi...

Page 168: ...802 1p priority level IP precedence and or packet length to assign priority to traffic which does not match a class The following table shows you the internal layer 2 and layer 3 QoS mapping on the VMG On the VMG traffic assigned to higher priority queues gets through faster while traffic in lower index queues is dropped if the network is congested Table 52 Internal Layer2 and Layer3 QoS Mapping P...

Page 169: ...d that may cause outgoing packets to be dropped A larger transmission rate requires a big bucket size For example use a bucket size of 10 kbytes to get the transmission rate up to 10 Mbps Single Rate Three Color Marker The Single Rate Three Color Marker srTCM defined in RFC 2697 is a type of traffic policing that identifies packets by comparing them to one user defined rate the Committed Informati...

Page 170: ...oss priority levels High packet loss priority level is referred to as red medium is referred to as yellow and low is referred to as green The trTCM is based on the token bucket filter and has two token buckets Committed Burst Size CBS and Peak Burst Size PBS Tokens are generated and added into the two buckets at the CIR and PIR respectively All packets are evaluated against the PIR If a packet exc...

Page 171: ...ings Section 11 4 on page 177 Use the DMZ screen to configure a default server Section 11 5 on page 179 Use the ALG screen to enable and disable the NAT and SIP VoIP ALG in the VMG Section 11 6 on page 180 Use the Address Mapping screen to configure the VMG s address mapping settings Section 11 7 on page 181 Use the Sessions screen to configure the VMG s maximum number of NAT sessions Section 11 7...

Page 172: ... address of the desired server The port number identifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports The...

Page 173: ...is field displays whether the NAT rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active Service Name This shows the service s name Originating IP This field displays the source IP address from the WAN interface WAN Interface This shows the WAN interface through which the service is forwarded Server IP Address This is the server s ...

Page 174: ...elete an existing rule Table 53 Network Setting NAT Port Forwarding continued LABEL DESCRIPTION Table 54 Port Forwarding Add Edit LABEL DESCRIPTION Active Select Enable or Disable to activate or deactivate the rule Service Name Enter a name to identify this rule using keyboard characters A Z a z 1 2 and so on WAN Interface Select the WAN interface through which the service is forwarded You must ha...

Page 175: ...ld above Translation Start Port This shows the port number to which you want the VMG to translate the incoming port For a range of ports enter the first number of the range to which you want the incoming ports translated Translation End Port This shows the last port of the translated port range Server IP Address Enter the inside IP address of the virtual server here Configure Originating IP Select...

Page 176: ...te the rule Table 55 Network Setting NAT Applications continued LABEL DESCRIPTION Table 56 Applications Add LABEL DESCRIPTION WAN Interface Select the WAN interface that you want to apply this NAT rule to Server IP Address Enter the inside IP address of the application here Application Category Select the category of the application from the drop down list box Application Forwarded Select a servic...

Page 177: ...esponse with a specific port number and protocol open port the VMG forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service closes another computer on the LAN can use the service in the same manner This way you do not need to configure a new IP address each time you want a different LAN computer to use the application For ex...

Page 178: ...nterface This field shows the WAN interface through which the service is forwarded Trigger Start Port The trigger port is a port or a range of ports that causes or triggers the VMG to record the IP address of the LAN computer that sent the traffic to a server on the WAN This is the first port number that identifies a service Trigger End Port This is the last port number that identifies a service T...

Page 179: ...or a range of ports that causes or triggers the VMG to record the IP address of the LAN computer that sent the traffic to a server on the WAN Type a port number or the starting port number in a range of port numbers Trigger End Port Type a port number or the ending port number in a range of port numbers Trigger Protocol Select the transport layer protocol from TCP UDP or TCP UDP Open Start Port Th...

Page 180: ...P address You do not need to use STUN or an outbound proxy if your VMG is behind a SIP ALG Use this screen to enable and disable the NAT and SIP VoIP ALG in the VMG To access this screen click Network Setting NAT ALG Figure 86 Network Setting NAT ALG Table 59 Network Setting NAT DMZ LABEL DESCRIPTION Default Server Address Enter the IP address of the default server which receives packets from port...

Page 181: ...ocol RTSP is a remote control for multimedia on the Internet PPTP ALG Enable this to turn on the PPTP ALG on the VMG to detect PPTP traffic and help build PPTP sessions through the VMG s NAT IPSEC ALG Enable this to turn on the IPsec ALG on the VMG to detect IPsec traffic and help build IPsec sessions through the VMG s NAT Apply Click Apply to save your changes Cancel Click Cancel to restore your ...

Page 182: ...e This mode maps multiple local IP addresses to one global IP address This is equivalent to SUA i e PAT port address translation the VMG s Single User Account feature that previous routers supported only Many to Many This mode maps multiple local IP addresses to shared global IP addresses Wan Interface Name This is the WAN interface to which the address mapping rule applies Modify Click the Edit i...

Page 183: ...e PAT port address translation the VMG s Single User Account feature that previous routers supported only Many to Many This mode maps multiple local IP addresses to shared global IP addresses Local Start IP Enter the starting Inside Local IP Address ILA Local End IP Enter the ending Inside Local IP Address ILA If the rule is for all local IP addresses then this field displays 0 0 0 0 as the Local ...

Page 184: ...es the source IP address in a packet received from a subscriber the inside local address to another the inside global address before forwarding the packet to the WAN side When the response comes back NAT translates the destination address the inside global address back to the inside local address before forwarding it to the original inside host Note that the IP address either local or global of an...

Page 185: ...and the IGA Inside Global Address is the source address on the WAN For incoming packets the ILA is the destination address on the LAN and the IGA is the destination address on the WAN NAT maps private local IP addresses to globally unique ones required for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Ma...

Page 186: ...mbers Please also refer to the Supporting CD for more examples and details on port forwarding and NAT Table 65 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Finger 79 HTTP Hyper Text Transfer protocol or WWW Web 80 POP3 Post Office Protocol 110 NNTP Network News Transport Protocol 119 SNMP Simple ...

Page 187: ... to one FTP Telnet and SMTP server A in the example port 80 to another B in the example and assign a default server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 92 Multiple Servers Behind NAT Example ...

Page 188: ...ontact you in NetMeeting CU SeeMe etc You can also access your FTP server or Web site on your own computer using a domain name for instance myhost dhs org where myhost is a name of your choice that will never change instead of using an IP address that changes each time you reconnect Your friends or relatives will always be able to call you even if they don t know your IP address First of all you n...

Page 189: ...dd Edit DNS Entry You can manually add or edit the VMG s DNS name and IP address entry Click Add New DNS Entry in the DNS Entry screen or the Edit icon next to the entry you want to edit The screen shown next appears Table 66 Network Setting DNS DNS Entry LABEL DESCRIPTION Add New DNS Entry Click this to create a new DNS entry This is the index number of the entry Hostname This indicates the host ...

Page 190: ... this screen to change your VMG s DDNS Click Network Setting DNS Dynamic DNS The screen appears as shown Figure 95 Network Setting DNS Dynamic DNS Table 67 DNS Entry Add Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry IP Address Enter the IP address of the DNS entry Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving ...

Page 191: ... You can specify up to two host names in the field separated by a comma Username Type your user name Password Type the password assigned to you Dynamic DNS Status User Authentication Result This shows Success if the account is correctly set up with the Dynamic DNS provider account Last Updated Time This shows the last time the IP address the Dynamic DNS provider has associated with the hostname wa...

Page 192: ...ous to IGMP snooping and IGMP proxy in IPv4 MLD filtering controls which multicast groups a port can join An MLD Report message is equivalent to an IGMP Report message and a MLD Done message is equivalent to an IGMP Leave message IGMP Fast Leave When a host leaves a multicast group 224 1 1 1 it sends an IGMP leave message to inform all routers 224 0 0 2 in the multicast group When a router receive...

Page 193: ...et the group membership information Query Response Interval Enter the maximum number of seconds the VMG can wait for receiving a General Query message Multicast routers use general queries to learn which multicast groups have members Last Member Query Interval Enter the maximum number of seconds the VMG can wait for receiving a response to a Group Specific Query message Multicast routers use group...

Page 194: ...icast members a multicast group can have Fast Leave Enable Select this option to set the VMG to remove a port from the multicast tree immediately without sending an IGMP or MLD membership query message once it receives an IGMP or MLD leave message This is helpful if a user wants to quickly change a TV channel multicast group change especially for IPTV applications LAN to LAN Intra LAN Multicast En...

Page 195: ... Demand and IPTV traffic respectively coming from the two VoD and IPTV multicast servers The VMG DSL can also tag outgoing requests to these servers with these VLAN IDs Figure 97 VLAN Group Example 14 1 1 What You Can Do in this Chapter Use these screens to group separate VLAN groups together to be treated as one VLAN group 14 2 The Vlan Group Screen Click Network Setting Vlan Group to open the fo...

Page 196: ... Name This shows the descriptive name of the VLAN group VLAN ID This shows the unique ID number that identifies the VLAN group Interfaces This shows the LAN ports included in the VLAN group and if traffic leaving the port will be tagged with the VLAN ID Modify Click the Edit icon to change an existing VLAN group setting or click the Delete icon to remove the VLAN group Table 71 Add Edit VLAN Group...

Page 197: ...tgoing traffic from the associated LAN port with the VLAN ID number entered above Note LAN5 displays if the WAN port was configured as a LAN port in the Home Networking 5th Ethernet port screen Apply Click Apply to save your changes back to the VMG Cancel Click Cancel to exit this screen without saving Table 71 Add Edit VLAN Group continued LABEL DESCRIPTION ...

Page 198: ...to a new group Alternatively you can have the VMG automatically add the incoming traffic and the LAN interface on which traffic is received to an interface group when its DHCP Vendor ID option information matches one listed for the interface group Use the LAN screen to configure the private IP addresses the DHCP server on the VMG assigns to the clients in the default and or user defined groups If ...

Page 199: ...screen Use this screen to create a new interface group Note An interface can belong to only one group at a time Table 72 Network Setting Interface Grouping LABEL DESCRIPTION Add New Interface Group Click this button to create a new interface group Group Name This shows the descriptive name of the group WAN Interface This shows the WAN interfaces in the group LAN Interfaces This shows the LAN inter...

Page 200: ...terface used in the grouping Select the WAN interface this group uses The group can have up to one PTM interface up to one ATM interface and up to one ETH interface Select None to not add a WAN interface to this group Selected LAN Interfaces Available LAN Interfaces Select one or more LAN interfaces Ethernet LAN HPNA or wireless LAN in the Available LAN Interfaces list and use the left arrow to mo...

Page 201: ... on which the matched traffic is received will belong to this group automatically WildCard Support This shows if wildcard on DHCP option 60 is enabled Modify Click the Edit icon to change the group setting Click the Delete icon to delete this group from the VMG Apply Click Apply to save your changes back to the VMG Cancel Click Cancel to exit this screen without saving Table 73 Interface Group Con...

Page 202: ...fic Enterprise Number Enter the vendor s 32 bit enterprise number registered with the IANA Internet Assigned Numbers Authority Manufactur er OUI Specify the vendor s OUI Organization Unique Identifier It is usually the first three bytes of the MAC address Product Class Enter the product class of the device Serial Number Enter the serial number of the device Apply Click Apply to save your changes b...

Page 203: ...104 File Sharing Overview The VMG will not be able to join the workgroup if your local area network has restrictions set up that do not allow devices to join a workgroup In this case contact your network administrator 16 1 1 What You Can Do in this Chapter Use the File Sharing screen to enable file sharing server Section 16 1 3 on page 204 Use the Media Server screen to enable or disable the shari...

Page 204: ...t File System The VMG uses Common Internet File System CIFS protocol for its file sharing functions CIFS compatible computers can access the USB file storage devices connected to the VMG CIFS protocol is supported on Microsoft Windows Linux Samba and other operating systems refer to your systems specifications for CIFS compatibility 16 1 3 Before You Begin Make sure the VMG is connected to your ne...

Page 205: ...B device Server Configuration File Sharing Services Select Enable to activate file sharing through the VMG Share Directory List Add New Share Click this to set up a new share on the VMG Active Select this to allow the share to be accessed Status This field shows the status of the share The share is not activated The share is activated Share Name This field displays the share name on the GPON Devic...

Page 206: ...d for the share User Name This is the name of a user who is allowed to access the secured shares on the USB device Apply Click this to save your changes to the VMG Cancel Click this to restore your previously saved settings Table 75 Network Setting USB Service File Sharing LABEL DESCRIPTION Table 76 Network Setting USB Service Media Server LABEL DESCRIPTION Volume Select the volume in the USB stor...

Page 207: ...G media server enables you to Publish all shares for everyone to play media files in the USB storage device connected to the VMG Use hardware based media clients like the DMA 2500 to play the files Note Anyone on your network can play the media files in the published shares No user name and password or other form of security is used The media server is enabled by default with the video photo and m...

Page 208: ...rvice VMG3925 B10C B30C User s Guide 208 Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 77 Network Setting USB Service Media Server continued LABEL DESCRIPTION ...

Page 209: ...A can initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 108 Default Firewall Action 17 1 1 What You Can Do in this Chapter Use the General screen to configure the security level of the firewall on the VMG Section 17 2 on page 210 Use the Protocol screen to add o...

Page 210: ...is one in which multiple compromised systems attack a single target thereby causing denial of service for users of the targeted system LAND Attack In a LAND attack hackers flood SYN packets into the network with a spoofed source IP address of the target system This makes it appear as if the host computer sent the packets to itself making the system unavailable while the target system tries to resp...

Page 211: ... website See Appendix D on page 315 for some examples Click Security Firewall Protocol to display the following screen Table 78 Security Firewall General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the VMG Low Select Low to allow LAN to WAN and WAN to LAN packet directions Medium Select Medium to allow LAN to WAN but deny WAN to LAN packet directions High Select Hi...

Page 212: ...play the following screen Figure 111 Service Add Edit Table 79 Security Firewall Protocol LABEL DESCRIPTION Add New Protocol Entry Click this to add a new service Name This is the name of your customized service Description This is the description of your customized service Ports Protocol Number This shows the IP protocol TCP UDP ICMP or TCP UDP and the port number or range of ports that defines y...

Page 213: ...rop down list box Select Other to be able to enter a protocol number Protocol Number This field is displayed if you select Other as the protocol Enter the protocol number of your customized port OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving Table 81 Security Firewall Access Control LABEL DESCRIPTION Add New ACL Rule Click this to go to add a filter rule fo...

Page 214: ...er REJECT or allows the passage of packets ACCEPT Modify Click the Edit icon to edit the rule Click the Delete icon to delete an existing rule Note that subsequent rules move up by one when you take this action Click the Move To icon to change the order of the rule Enter the number in the field Table 81 Security Firewall Access Control continued LABEL DESCRIPTION Table 82 Access Control Add Edit L...

Page 215: ...field is displayed only when you select Specific Protocol in Select Protocol Choose the IP port TCP UDP TCP UDP ICMP or ICMPv6 that defines your customized port from the drop down list box Custom Source Port This field is displayed only when you select Specific Protocol in Select Protocol Enter a single port number or the range of port numbers of the source Custom Destination Port This field is di...

Page 216: ...l DoS The following table describes the labels in this screen Table 83 Security Firewall DoS LABEL DESCRIPTION DoS Protection Blocking Select Enable to enable protection against DoS attacks Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving ...

Page 217: ...rnet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC addresses of the devices to configure this screen 18 2 The MAC Filter Screen Use this screen to allow wireless and LAN clients access to the VMG Click Security MAC Filter The screen appears as...

Page 218: ...et This is the index number of the MAC address Active Select Active to enable the MAC filter rule The rule will not be applied if Active is not selected Host Name Enter the host name of the wireless or LAN clients that are allowed access to the VMG MAC Address Enter the MAC addresses of the wireless or LAN clients that are allowed access to the VMG in these address fields Enter the MAC addresses i...

Page 219: ...reen Figure 116 Security Parental Control The following table describes the fields in this screen Table 85 Security Parental Control LABEL DESCRIPTION Parental Control Select Enable to activate parental control Add new PCP Click this if you want to configure a new Parental Control Profile PCP This shows the index number of the rule Status This indicates whether the rule is active or not A yellow b...

Page 220: ...Parental Control Rule Add Edit Rule Internet Access Schedule This shows the day s and time on which parental control is enabled Network Service This shows whether the network service is configured If not None will be shown Website Block This shows whether the website block is configured If not None will be shown Modify Click the Edit icon to go to the screen where you can edit the rule Click the D...

Page 221: ...wed Network Service Network Service Setting If you select Block the VMG prohibits the users from viewing the Web sites with the URLs listed below If you select Allow the VMG blocks access to all URLs except ones listed below Add New Service Click this to show a screen in which you can add a new service rule You can configure the Service Name Protocol and Port of the new rule This shows the index n...

Page 222: ...to exit this screen without saving Table 87 Parental Control Rule Add Edit Add New Service LABEL DESCRIPTION Service Name Select the name of the service Otherwise select User Define and manualy specify the protocol and the port of the service If you have chosen a pre defined service in the Service Name field this field will not be configurable Protocol Select the transport layer protocol used for ...

Page 223: ...een OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving Table 88 Parental Control Rule Add Edit Add Keyword LABEL DESCRIPTION Site URL Keyword Enter a keyword and click OK to have the VMG block access to the website URLs that contain the keyword OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving Table 87 Parental Control Rule...

Page 224: ...the Add New Rule button in the Scheduler Rule screen or click the Edit icon next to a schedule rule to open the following screen Use this screen to configure a restricted access schedule Table 89 Security Scheduler Rule LABEL DESCRIPTION Add New Rule Click this to create a new rule This is the index number of the entry Rule Name This shows the name of the rule Day This shows the day s on which thi...

Page 225: ...up to 31 printable English keyboard characters not including spaces for this schedule Day Select check boxes for the days that you want the VMG to perform this scheduler rule Time of Day Range Enter the time period of each day in 24 hour format during which the rule will be enforced Description Enter a description for this scheduler rule OK Click OK to save your changes Cancel Click Cancel to exit...

Page 226: ...u Need to Know The following terms and concepts may help as you read through this chapter Certification Authority A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities The certification authority uses its private key to sign certificat...

Page 227: ...e It is recommended that you give each certificate a unique name Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Issuer This field displays identifying information about the certificate s issuin...

Page 228: ...ddress in dotted decimal notation domain name or e mail address in the field provided The domain name or e mail address can be up to 63 ASCII characters The domain name or e mail address is for identification purposes only and can be any string Organization Name Type up to 63 characters to identify the company or group to which the certificate owner belongs You may use any character including spac...

Page 229: ...tion Authority signed the certificate Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C Certificate This read only text box displays the certificate in Privacy Enhanced Mail PEM format PEM uses base 64 to convert the binary certificate into a printable form You can copy and paste the certi...

Page 230: ...s is the index number of the entry Name This field displays the name used to identify this certificate Subject This field displays information that identifies the owner of the certificate such as Common Name CN OU Organizational Unit or department Organization O State ST and Country C It is recommended that each certificate have unique subject information Type This field displays general informati...

Page 231: ...s Table 95 Trusted CA View LABEL DESCRIPTION Name This field displays the identifying name of this certificate This read only text box displays the certificate in Privacy Enhanced Mail PEM format PEM uses base 64 to convert the binary certificate into a printable form You can copy and paste the certificate into an e mail to send to friends or colleagues or you can copy and paste the certificate in...

Page 232: ...ble describes the fields in this screen Table 96 Trusted CA Import Certificate LABEL DESCRIPTION Certificate File Path Type in the location of the certificate you want to upload in this field or click Choose File to find it Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving ...

Page 233: ...onsist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages A syslog enabled device can generate a syslog message and send it to a syslog server Syslog is def...

Page 234: ... selected When you select a severity the VMG searches through all logs of that severity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintenance Logs Setting screen...

Page 235: ...rity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintenance Logs Setting screen This field is a sequential value and is not associated with a specific entry Time ...

Page 236: ...reen to view the WAN traffic statistics Section 23 2 on page 236 Use the LAN screen to view the LAN traffic statistics Section 23 3 on page 237 Use the NAT screen to view the NAT status of the VMG s client s Section 23 4 on page 238 23 2 The WAN Status Screen Click System Monitor Traffic Status to open the WAN screen The figure in this screen shows the number of bytes received and sent on the VMG ...

Page 237: ...g packets dropped on this interface Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Disabled Interface This shows the name of the WAN interface that is currently disconnected Packets Sent Data This indica...

Page 238: ...the LAN or WLAN interface Bytes Sent This indicates the number of bytes transmitted on this interface Bytes Received This indicates the number of bytes received on this interface Interface This shows the LAN or WLAN interfaces Sent Packets Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop...

Page 239: ...Name This displays the name of the connected host IPv4 Address This displays the IP address of the connected host MAC Address This displays the MAC address of the connected host No of Open Session This displays the number of NAT sessions currently opened for the connected host Total This displays what percentage of NAT sessions the VMG can support is currently being used by all connected hosts You...

Page 240: ...ooks in the ARP Table and if it finds the address sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The device fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the device puts all ones in the target MAC field FF FF FF FF FF FF ...

Page 241: ...owing table describes the labels in this screen Table 103 System Monitor ARP Table LABEL DESCRIPTION This is the ARP table entry number IPv4 IPv6 Address This is the learned IPv4 or IPv6 IP address of a device connected to a port MAC Address This is the MAC address of the device with the listed IP address Device This is the type of interface used by the device You can click on the device type to g...

Page 242: ...able 25 1 Overview Routing is based on the destination address only and the VMG takes the shortest path to forward a packet 25 2 The Routing Table Screen Click System Monitor Routing Table to open the following screen Figure 135 System Monitor Routing Table ...

Page 243: ...kup to fail G Gateway The route uses a gateway to forward traffic H Host The target of the route is a host R Reinstate The route is reinstated for dynamic routing D Dynamic redirect The route is dynamically installed by a routing daemon or redirect M Modified redirect The route is modified from a routing daemon or redirect Metric The metric represents the cost of transmission A router determines t...

Page 244: ...ESCRIPTION Refresh Click this button to update the information on this screen Interface This field displays the name of an interface on the VMG that belongs to an IGMP multicast group Multicast Group This field displays the name of the IGMP multicast group to which the interface belongs Filter Mode INCLUDE means that only the IP addresses in the Source List get to receive the multicast group s tra...

Page 245: ...he status on this screen Interface This field displays the name of an interface on the VMG that belongs to an MLD multicast group Multicast Group This field displays the name of the MLD multicast group to which the interface belongs Filter Mode INCLUDE means that only the IP addresses in the Source List get to receive the multicast group s traffic EXCLUDE means that the IP addresses in the Source ...

Page 246: ...TION Refresh Interval Select the time interval for refreshing statistics Line Select which DSL line s statistics you want to display xDSL Training Status This displays the current state of setting up the DSL connection Mode This displays the ITU standard used for this connection Traffic Type This displays the type of traffic the DSL port is sending and receiving Inactive displays if the DSL port i...

Page 247: ...s how much power the service provider is receiving from the port Downstream is how much power the port is receiving from the service provider Actual INP Sudden spikes in the line s level of external noise impulse noise can cause errors and result in lost packets This could especially impact the quality of multimedia traffic such as voice or video Impulse noise protection INP provides a buffer to a...

Page 248: ...nitor WLAN Station Status The following table describes the labels in this screen Table 108 System Monitor WLAN Station Status LABEL DESCRIPTION This is the index number of an associated wireless station MAC Address This field displays the MAC address of an associated wireless station Rate Mbps This field displays the transmission rate of the wireless LAN traffic between an associated wireless sta...

Page 249: ...l This field displays a number which represent the strength of the wireless LAN signal between an associated wireless station and an AP The VMG uses the RSSI and SNR values to determine the strength of the wireless LAN signal 5 means the VMG is receiving an excellent wireless LAN signal 4 means the VMG is receiving a very good wireless LAN signal 3 means the VMG is receiving a weak wireless LAN si...

Page 250: ...tatistics screens to look at Cellular Internet connection status 29 2 The Cellular Statistics Screen To open this screen click System Monitor Cellular Statistics The Cellular status is available on this screen only when you insert a compatible Cellular dongle in a USB port on the VMG Figure 140 System Monitor Cellular Statistics ...

Page 251: ...Packet Access 3 5G HSUPA High Speed Uplink Packet Access 3 75G HSPA HSDPA HSUPA 3 75G Service Provider This field displays the name of the service provider Signal Strength This field displays the strength of the signal in dBm Connection Uptime This field displays the time the connection has been up Cellular Card Manufacturer This field displays the manufacturer of the Cellular card Cellular Card M...

Page 252: ...e following screen Figure 141 Maintenance System The following table describes the labels in this screen Table 110 Maintenance System LABEL DESCRIPTION Host Name Type a hostname for your VMG Enter a descriptive name of up to 16 alphanumeric characters not including spaces underscores and dashes Domain Name Type a Domain name for your host VMG Apply Click Apply to save your changes Cancel Click Can...

Page 253: ...ox to disable the user account Select the check box to enable it User Name This field displays the name of the account used to log into the VMG web configurator Retry Times This field displays the number of times consecutive wrong passwords can be entered for this account 0 means there is no limit Idle Timeout This field displays the the length of inactive time before the VMG will automatically lo...

Page 254: ...Type your new system password up to 256 characters Note that as you type a password the screen displays a for each character you type After you change the password use the new password to access the VMG Verify Password Verify New Password Type the new password again for confirmation Retry Times Enter the number of times consecutive wrong passwords can be entered for this account 0 means there is n...

Page 255: ...ess the VMG Note The VMG is managed using the Web Configurator 32 2 The Remote MGMT Screen Use this screen to configure through which interface s which services can access the VMG You can also specify the port numbers the services must use to connect to the VMG Click Maintenance Remote MGMT to open the following screen Figure 144 Maintenance Remote MGMT ...

Page 256: ... connections are up service This is the service you may use to access the VMG LAN WLAN Select the Enable check box for the corresponding services that you want to allow access to the VMG from the LAN WLAN WAN Select the Enable check box for the corresponding services that you want to allow access to the VMG from all WAN connections Trust Domain Select the Enable check box for the corresponding ser...

Page 257: ...Domain The following table describes the fields in this screen IP Address This field shows a trusted host IP address Delete Click the Delete icon to remove the trust IP address Table 114 Maintenance Remote MGMT Trust Domain continued LABEL DESCRIPTION Table 115 Maintenance Remote MGMT Trust Domain Add Trust Domain LABEL DESCRIPTION IP Address Enter a public IPv4 IP address which is allowed to acce...

Page 258: ...f two main types of component agents and a manager An agent is a management software module that resides in a managed device the VMG An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor manage...

Page 259: ...tenance SNMP The following table describes the fields in this screen Table 116 Maintenance SNMP LABEL DESCRIPTION SNMP Agent Select Enable to let the VMG act as an SNMP agent which allows a manager station to manage and monitor the VMG through the network Select Disable to turn this feature off Get Community Enter the Get Community which is the password for the incoming Get and GetNext requests fr...

Page 260: ...ystem related settings such as system time password name the domain name and the inactivity timeout interval 34 2 The Time Screen To change your VMG s time and date click Maintenance Time The screen appears as shown Use this screen to configure the VMG s time based on your local time zone Figure 149 Maintenance Time ...

Page 261: ...time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States set the day to Second Sunday the month to March and the time to 2 in the Hour field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the Europe...

Page 262: ...r information on the VMG Figure 150 Maintenance Email Notification The following table describes the labels in this screen Table 118 Maintenance Email Notification LABEL DESCRIPTION Add New E mail Click this button to create a new entry Mail Server Address This field displays the server name or the IP address of the mail server Username This field displays the user name of the sender s mail accoun...

Page 263: ...c Authentication Username Enter the user name up to 32 characters This is usually the user name of a mail account you specified in the Account Email Address field Authentication Password Enter the password associated with the user name above Account E mail Address Enter the e mail address that you want to be in the from sender line of the e mail notification that the VMG sends If you activate SSL ...

Page 264: ...can configure where the VMG sends logs and which logs and or immediate alerts the VMG records in the Logs Setting screen 36 2 The Log Settings Screen To change your VMG s log settings click Maintenance Logs Setting The screen appears as shown Figure 152 Maintenance Logs Setting ...

Page 265: ...gs E mail Log Settings Select Enable to have the VMG send logs and alarm messages to the configured e mail addresses Mail Account Select a mail account from which you want to send logs You can configure mail accounts in the Maintenance Email Notification screen System Log Mail Subject Type a title that you want to be in the subject line of the system log e mail message that the VMG sends Security ...

Page 266: ... 255 default policy forward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 7 00 From 192 168 1 6 To 10 10 10 10 match forward 09 54 19 UDP src port 03516 dest port 00053 1 01 snip snip 126 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 00 UDP src port 00520 dest port 00520 1 02 127 Apr 7 00 From 192 168 1 131 To 192 168 1 255 match forward 10 05 17 UDP src port 00520 dest p...

Page 267: ...our device s performance Only use firmware for your device s specific model Refer to the label on the bottom of your VMG 37 2 The Firmware Screen Click Maintenance Firmware Upgrade to open the following screen The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minutes After a successful upload the system will reboot Do NOT turn off the VMG while firmware upload is in p...

Page 268: ...Click the check box to have the VMG automatically reset itself after the new firmware is uploaded Current Firmware Version This is the present Firmware version and the date created File Path Type in the location of the file you wasnt to upload in this field or click Choose File to find it Choose File Click this to find the bin file you want to upload Remember that you must decompress compressed zi...

Page 269: ...Chapter 37 Firmware Upgrade VMG3925 B10C B30C User s Guide 269 Figure 157 Error Message ...

Page 270: ...nd restoring configuration appears in this screen as shown next Figure 158 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the VMG s current configuration to a file on your computer Once your VMG is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup conf...

Page 271: ...uration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 If the upload was not successful the following screen will appear Click OK to go back to the Configuration screen Figure 160 Configuration Upload Error Reset to Factory Defaults Click the Reset button to clear all user entered configuration information a...

Page 272: ...factory defaults of your VMG Refer to Section 1 4 6 on page 25 for more information on the RESET button 38 3 The Reboot Screen System restart allows you to reboot the VMG remotely without turning the power off You may need to do this if the VMG hangs for example Click Maintenance Reboot Click Reboot to have the VMG reboot This does not affect the VMG s configuration Figure 163 Maintenance Reboot ...

Page 273: ...port parameters Section 39 5 on page 276 The OAM Ping screen lets you send an ATM OAM Operation Administration and Maintenance packet to verify the connectivity of a specific PVC Section 39 6 on page 277 39 2 What You Need to Know The following terms and concepts may help as you read through this chapter How CFM Works A Maintenance Association MA defines a VLAN and associated Maintenance End Point...

Page 274: ...le 123 Maintenance Diagnostic Ping TraceRoute NsLookup LABEL DESCRIPTION URL or IP Address Type the IP address of a computer that you want to perform ping traceroute or nslookup in order to test a connection Ping Click this to ping the IPv4 address that you entered Ping 6 Click this to ping the IPv6 address that you entered TraceRoute Click this to display the route path and transmission delays be...

Page 275: ...age connection faults Y 1731 Select Enable or Disable to activate or deactivate Y 1731 which monitors Ethernet performance Interface Select the interface on which you want to enable the IEE 802 1ag CFM Maintenance Domain MD Level Select a level 0 7 under which you want to create an MA MEG ID Enter the Maintenance Entity Group Identifier This identifies the MEG that the MEP belongs to MD Name Enter...

Page 276: ...Select Enable to continue sending MEP information by CCM Connectivity Check Messages When CCMs are received the VMG will always process it no matter if CCM is enabled or not Remote MEP ID Enter the remote Maintenance Endpoint Identifier 1 8191 Test the connection to another Maintenance End Point MEP Destination MAC Address Enter the target device s MAC address to which the VMG performs a CFM loopb...

Page 277: ... error such as errors in symbol frames or seconds is detected Otherwise click Disable and you will not be notified Features Select Variable Retrieval so the VMG can respond to requests for information such as requests for Ethernet counters and statistics about link events Select Link Events so the VMG can interpret link events such as link fault and dying asp Link events are set in event notificat...

Page 278: ... cells on the VC connections and are distinguished from data cells by a predefinded Payload Type Identifier PTI in the cell header Both F4 flows and F5 flows are bidirectional and have two types segment F4 flows VCI 3 end to end F4 flows VCI 4 segment F5 flows PTI 100 end to end F5 flows PTI 101 OAM F4 or F5 tests are used to check virtual path or virtual channel availability between two DSL devic...

Page 279: ...tenance Diagnostic OAM Ping LABEL DESCRIPTION Select a PVC on which you want to perform the loopback test F4 segment Press this to perform an OAM F4 segment loopback test F4 end end Press this to perform an OAM F4 end to end loopback test F5 segment Press this to perform an OAM F5 segment loopback test F5 end end Press this to perform an OAM F5 end to end loopback test ...

Page 280: ...Ds turn on 1 Make sure the VMG is turned on 2 Make sure you are using the power adaptor or cord included with the VMG 3 Make sure the power adaptor or cord is connected to the VMG and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the VMG off and on 5 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you un...

Page 281: ...default login names and associated passwords 2 If those do not work you have to reset the device to its factory defaults See Section 1 4 6 on page 25 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 8 2 on page 130 use the new IP address If you changed the IP ...

Page 282: ...ensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the VMG Log out of the VMG in the other session or ask the person who is logged in to log out 3 Turn the VMG off and on 4 If this does not work you have to reset the device to its factory defaults See Section 40 1 on page 280 I cannot Telnet to the VMG See the troubleshooti...

Page 283: ...ted to is in the same interface group as the DSL connection Network Setting Interface Group 4 If you set up a WAN connection using bridging service make sure you turn off the DHCP feature in the LAN screen to have the clients get WAN IP addresses directly from your ISP s DHCP server I cannot connect to the Internet using a second DSL connection ADSL and VDSL connections cannot work at the same tim...

Page 284: ...tion is not available anymore 1 Your session with the VMG may have expired Try logging into the VMG again 2 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 1 4 2 on page 21 3 Turn the VMG off and on 4 If the problem continues contact your vendor 40 4 Wireless Internet Access What factors may cause intermittent or unstabled wirele...

Page 285: ...t What is a Server Set ID SSID An SSID is a name that uniquely identifies a wireless network The AP and all the clients within a wireless network must use the same SSID 40 5 USB Device Connection The VMG fails to detect my USB device 1 Disconnect the USB device 2 Reboot the VMG 3 If you are connecting a USB hard drive that comes with an external power supply make sure it is connected to an appropr...

Page 286: ...Chapter 40 Troubleshooting VMG3925 B10C B30C User s Guide 286 The Local Area Connection icon for UPnP disappears in the screen Restart your computer ...

Page 287: ...287 PART III Appendices Appendices contain general information Some information may not apply to your device ...

Page 288: ... information Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan Zyxel Communications Corporation http www zyxel com Asia China Zyxel Communications Shanghai Corp Z...

Page 289: ...l com pk Philippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation http www zyxel com tw zh Thailand Zyxel Thailand Co Ltd http www zyxel co th Vietnam Zyxel Communications Corporation Vietnam Office http www zyxel com vn vi Europe Austria Zyxel Deutschland GmbH http www zyxel de Belarus Zyxel BY http www zyx...

Page 290: ...g Czech Republic Zyxel Communications Czech s r o http www zyxel cz Denmark Zyxel Communications A S http www zyxel dk Estonia Zyxel Estonia http www zyxel com ee et Finland Zyxel Communications http www zyxel fi France Zyxel France http www zyxel fr Germany Zyxel Deutschland GmbH http www zyxel de Hungary Zyxel Hungary SEE http www zyxel hu Italy Zyxel Communications Italy http www zyxel it ...

Page 291: ...enelux http www zyxel nl Norway Zyxel Communications http www zyxel no Poland Zyxel Communications Poland http www zyxel pl Romania Zyxel Romania http www zyxel com ro ro Russia Zyxel Russia http www zyxel ru Slovakia Zyxel Communications Czech s r o organizacna zlozka http www zyxel sk Spain Zyxel Communications ES Ltd http www zyxel es Sweden Zyxel Communications http www zyxel se Switzerland St...

Page 292: ...Ukraine http www ua zyxel com Latin America Argentina Zyxel Communication Corporation http www zyxel com ec es Brazil Zyxel Communications Brasil Ltda https www zyxel com br pt Ecuador Zyxel Communication Corporation http www zyxel com ec es Middle East Israel Zyxel Communication Corporation http il zyxel com homepage shtml Middle East Zyxel Communication Corporation http www zyxel com me en ...

Page 293: ...C User s Guide 293 North America USA Zyxel Communications Inc North America Headquarters http www zyxel com us en Oceania Australia Zyxel Communications Corporation http www zyxel com au en Africa South Africa Nology Pty Ltd http www zyxel co za ...

Page 294: ...ndependent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 169 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point AP Intra BSS traffic is...

Page 295: ...s wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless clients within th...

Page 296: ...partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not wi...

Page 297: ...tation the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead involved in the RTS Request To Send C...

Page 298: ...ntication restricting access by device MAC address and hiding the VMG identity The following figure shows the relative effectiveness of these wireless security methods available on your VMG Note You must enable the same wireless security settings on the VMG and on all wireless clients that you want to associate with it IEEE 802 1x In June 2001 the IEEE 802 1x standard was designed to extend the fe...

Page 299: ...nnected to the network Accounting Keeps track of the client s network activity RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication Access Request Sent by an access poin...

Page 300: ...ncrypting the password with the challenge and sends back the information Password is not sent in plain text However MD5 authentication has some weaknesses Since the authentication server needs to get the plaintext passwords the passwords must be stored Thus someone other than the authentication server may access the password file In addition it is possible to impersonate an authentication server a...

Page 301: ... security certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deployment a simple user name and password pair is more practical The following table is a comparison of the features of authentication types WPA and WPA2 Wi Fi Protected Access WPA is a subset of the IEEE 802 11i standard WPA2 ...

Page 302: ...mmunicated between the AP and the wireless clients This all happens in the background automatically The Message Integrity Check MIC is designed to prevent an attacker from capturing data packets altering them and resending them The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC If they do not match it is assumed that the ...

Page 303: ...P s built in Zero Configuration wireless client However you must run Windows XP to use it WPA 2 with RADIUS Application Example To set up WPA 2 you need the IP address of the RADIUS server its port number default is 1812 and the RADIUS shared secret A WPA 2 application example with an external RADIUS server looks as follows A is the RADIUS server DS is the distribution system 1 The AP passes the w...

Page 304: ...r AES encryption process the PMK and information exchanged in a handshake to create temporal encryption keys They use these keys to encrypt data exchanged between them Figure 174 WPA 2 PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type MAC address filters are no...

Page 305: ...a range increase of approximately 2 5 For an unobstructed outdoor site each 1dB increase in gain results in a range increase of approximately 5 Actual results may vary depending on the network environment Antenna gain is sometimes specified in dBi which is how much the antenna increases the signal power compared to using an isotropic antenna An isotropic antenna is a theoretical perfect antenna th...

Page 306: ...Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to point application position both antennas at the same height and in a direct line of sight to each other to attain the best performance For omni directional antennas mounted on a table desk and so on point the antenna up For omni directional antennas mounted on a wall or ceiling point...

Page 307: ...00 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means ...

Page 308: ...x of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 132 Predefined Multicast Address MULTICAST ADDRESS DESCRIPTION FF01 0 0 0 0 0 0 1 All hosts on a local node FF01 0 0 0 0 0 0 2 All routers on a local node FF02 0 0 0 0 0 0 1 All hosts on a lo...

Page 309: ...e of the MAC address See the following example Identity Association An Identity Association IA is a collection of addresses assigned to a DHCP client through which the server and client can manage a set of related IP addresses Each IA must be associated with exactly one interface The DHCP client uses the IA assigned to an interface to obtain configuration from a DHCP server for that interface Each...

Page 310: ...tion enables an IPv6 router to use the IPv6 prefix network address received from the ISP or a connected uplink router for its LAN The VMG uses the received IPv6 prefix for example 2001 db2 48 to generate its LAN IP address Through sending Router Advertisements RAs regularly by multicast the VMG passes the IPv6 prefix information to its LAN hosts The hosts then can use the prefix to generate their ...

Page 311: ...e address is unlink the address is considered as the next hop Otherwise the VMG determines the next hop from the default router list or routing table Once the next hop IP address is known the VMG looks into the neighbor cache to get the link layer address and sends the packet when the neighbor is reachable If the VMG cannot find an entry in the neighbor cache or the state for the neighbor is not r...

Page 312: ... DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on your computer 2 Afte...

Page 313: ...ver Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 checkbox to enable it 3 Click OK to save the change ...

Page 314: ...our dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 16 1...

Page 315: ... type of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanati...

Page 316: ...files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used in e commerce ICMP User Defined 1 Internet Control Message Protocol is often used for diagnostic purposes ICQ UDP 4000 This is a popular Internet ...

Page 317: ...eb REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login ROADRUNNER TCP UDP 1026 This is an ISP that provides services mainly for cable modems RTELNET TCP 107 Remote Telnet RTSP TCP UDP 554 The Real Time Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 The Simple File Transfer Protocol is an old way of transferring files between comp...

Page 318: ...ogin and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems VDOLIVE TCP UDP 7000 user defined A videoconferencing solution The UDP port number is specified in the application Table 134 Examples of Services continued NAME PROTOCOL PORT S DESCRIPTION ...

Page 319: ... compliance could void the user s authority to operate the device This product has been tested and complies with the specifications for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This device generates uses and can radiate radio frequency energy and if not install...

Page 320: ...ntes Les dispositifs fonctionnant dans la bande 5150 5250 MHz sont réservés uniquement pour une utilisation à l intérieur afin de réduire les risques de brouillage préjudiciable aux systèmes de satellites mobiles utilisant les mêmes canaux Pour les dispositifs munis d antennes amovibles le gain maximal d antenne permis pour les dispositifs utilisant la bande de 5 725 à 5 850 MHz doit être conforme...

Page 321: ...nces essentielles et aux autres dispositions pertinentes de la directive 2014 53 UE Hrvatski Croatian Zyxel ovime izjavljuje da je radijska oprema tipa u skladu s Direktivom 2014 53 UE Íslenska Icelandic Hér með lýsir Zyxel því yfir að þessi búnaður er í samræmi við grunnkröfur og önnur viðeigandi ákvæði tilskipunar 2014 53 UE Italiano Italian Con la presente Zyxel dichiara che questo attrezzatura...

Page 322: ...oduct where anyone can walk on the power adaptor or cord Please use the provided or designated connection cables power cables adaptors Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe If the power adaptor or cord is damaged it might cause electrocution Remove it from the device and the power source repairing the power adapter or cord is prohibited Co...

Page 323: ...ements which are Network standby power consumption 8W and or Off mode power consumption 0 5W and or Standby mode power consumption 0 5W Wireless setting please refer to Wireless chapter for more detail European Union Disposal and Recycling Information The symbol below means that according to local regulations your product and or its battery shall be disposed of separately from domestic waste If th...

Page 324: ...份 灰塵及污物 切勿接觸灰塵 污物 沙土 食物或其他不合適的材料 雷雨天氣時 不要安裝 使用或維修此設備 有遭受電擊的風險 切勿重摔或撞擊設備 並勿使用不正確的電源變壓器 若接上不正確的電源變壓器會有爆炸的風險 請勿隨意更換產品內的電池 如果更換不正確之電池型式 會有爆炸的風險 請依製造商說明書處理使用過之電池 請將廢電池丟棄在適當的電器或電子設備回收處 請勿將設備解體 請勿阻礙設備的散熱孔 空氣對流不足將會造成設備損害 請插在正確的電壓供給插座 如 北美 台灣電壓 110V AC 歐洲是 230V AC 假若電源變壓器或電源變壓器的纜線損壞 請從插座拔除 若您還繼續插電使用 會有觸電死亡的風險 請勿試圖修理電源變壓器或電源變壓器的纜線 若有毀損 請直接聯絡您購買的店家 購買一個新的電源變壓器 請勿將此設備安裝於室外 此設備僅適合放置於室內 請勿隨一般垃圾丟棄 請參閱產品背貼上的設備額定功...

Page 325: ...nty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose Zyxel shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact your vendor You may also refer to the wa...

Page 326: ...t see BSS blinking LEDs 22 Broadband 75 broadcast 97 BSS 120 294 example 120 C CA 226 300 Canonical Format Indicator See CFI CCMs 273 certificate factory default 227 Certificate Authority See CA certificates 226 authentication 226 CA creating 227 public key 226 replacing 227 storage space 227 Certification Authority 226 Certification Authority see CA certifications 322 viewing 325 CFI 97 CFM 273 C...

Page 327: ... 167 DS dee differentiated services DSCP 167 dynamic DNS 188 wildcard 188 Dynamic Host Configuration Protocol see DHCP dynamic WEP key exchange 301 DYNDNS wildcard 188 E EAP Authentication 300 ECHO 186 e mail log example 265 Encapsulation 94 MER 94 PPP over Ethernet 94 encapsulation RFC 1483 95 encryption 119 302 ESS 295 Extended Service Set IDentification 102 106 Extended Service Set See ESS 295 ...

Page 328: ... EUI 64 309 global address 307 interface ID 309 link local address 307 Neighbor Discovery Protocol 307 ping 307 prefix 77 98 307 prefix delegation 78 prefix length 77 98 307 unspecified address 308 iTunes server 207 L LAN 128 client list 134 DHCP 129 142 DNS 129 142 IP address 129 130 143 MAC address 134 status 73 subnet mask 129 130 143 LAN to LAN multicast 194 LAND attack 210 LBR 273 limitations...

Page 329: ... example 187 Network Address Translation see NAT Network Map 70 network map 29 NNTP 186 P Pairwise Master Key PMK 302 304 passwords 26 PBC 121 Peak Cell Rate PCR 95 Per Hop Behavior see PHB 167 PHB 167 PIN WPS 122 example 123 Ping of Death 210 Point to Point Tunneling Protocol see PPTP POP3 186 port forwarding 172 ports 22 PPPoE 94 Benefits 94 PPTP 186 preamble 112 117 preamble mode 121 prefix del...

Page 330: ...ents 258 Get 259 GetNext 259 Manager 258 managers 258 MIB 258 network components 258 Set 259 Trap 259 versions 258 SNMP trap 186 SPI 210 srTCM 169 SSID 118 activation 104 MBSSID 120 static route 145 151 262 configuration 146 148 189 example 145 static VLAN status 70 firmware version 72 LAN 73 WAN 72 wireless LAN 73 status indicators 22 subnet mask 129 143 Summary Wireless station status 248 Sustai...

Page 331: ...117 118 BSS 120 example 120 channel 117 encryption 119 example 116 fragmentation threshold 111 117 limitations 119 MAC address filter 118 MBSSID 120 preamble 112 117 RADIUS server 118 RTS CTS threshold 111 117 security 117 SSID 118 activation 104 status 73 WEP 119 WPA 119 WPA PSK 119 WPS 121 123 example 124 limitations 126 PIN 122 push button 24 121 wireless security 298 Wireless tutorial 40 wizar...

Page 332: ...Index VMG3925 B10C B30C User s Guide 332 WPS 121 123 example 124 limitations 126 PIN 122 example 123 push button 24 121 Z ZyXEL Family Safety page 222 ...

Reviews: