manualshive.com logo in svg

ZyXEL Communications VMG8825-B Series, User Manual, Page: 330 / 360

Share
Download
ZyXEL Communications VMG8825-B Series User Manual Download Page 330

Appendix B Wireless LANs

VMG8825-B Series User’s Guide

330

WPA(2)-PSK Application Example

A WPA(2)-PSK application looks as follows.

1

First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist 
of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols).

2

The AP checks each wireless client's password and allows it to join the network only if the password 
matches.

3

The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over 
the network, but is derived from the PSK and the SSID. 

4

The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged 
in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged 
between them.

Figure 199   

WPA(2)-PSK Authentication

Security Parameters Summary

Refer to this table to see what other security parameters you should configure for each authentication 
method or key management protocol type. MAC address filters are not dependent on how you 
configure these security features.

Table 152   Wireless Security Relational Matrix

AUTHENTICATION METHOD/ 

KEY MANAGEMENT 

PROTOCOL

ENCRYPTION 

METHOD

ENTER MANUAL 

KEY

IEEE 802.1X

Open

None

No

Disable

Enable without Dynamic WEP Key

Open

WEP

No          

Enable with Dynamic WEP Key

Yes

Enable without Dynamic WEP Key

Yes

Disable

Shared

WEP 

No          

Enable with Dynamic WEP Key

Yes

Enable without Dynamic WEP Key

Yes

Disable

Summary of Contents for VMG8825-B Series

Page 1: ...er s Guide VMG8825 B Series Dual Band Wireless AC N VDSL2 IAD with USB Copyright 2018 Zyxel Communications Corporation LAN IP Address http 192 168 1 1 Login admin Password See the device label Version...

Page 2: ...enushots and graphics in this book may differ slightly from what you see due to differences in release versions or your computer operating system Every effort has been made to ensure that the informat...

Page 3: ...142 Quality of Service QoS 149 Network Address Translation NAT 167 Dynamic DNS Setup 183 IGMP MLD 187 Vlan Group 190 Interface Grouping 192 USB Service 197 Home Connectivity 203 Firewall 205 MAC Filte...

Page 4: ...iew VMG8825 B Series User s Guide 4 Remote Management 283 SNMP 286 Time Settings 288 E mail Notification 290 Log Setting 292 Firmware Upgrade 295 Backup Restore 298 Diagnostic 301 Troubleshooting 307...

Page 5: ...s USB Support 18 1 1 7 VoIP Features 20 1 2 Ways to Manage the VMG 20 1 3 Good Habits for Managing the VMG 21 1 4 Hardware 21 1 4 1 Front and Side Panels 21 1 4 2 Using the WLAN and WPS Buttons 23 1...

Page 6: ...ing a Digital Media Adapter 53 4 7 Configuring Static Route for Routing to Another Network 55 4 8 Configuring QoS Queue and Class Setup 57 4 9 Access the VMG Using DDNS 61 4 9 1 Registering a DDNS Acc...

Page 7: ...Channel Status Screen 109 7 9 The MESH Screen 109 7 10 The WLAN Scheduler Screen 111 7 10 1 Add Scheduler Rule 112 7 11 Technical Reference 113 7 11 1 Wireless Network Overview 113 7 11 2 Additional...

Page 8: ...te 147 9 5 RIP 148 9 5 1 The RIP Screen 148 Chapter 10 Quality of Service QoS 149 10 1 Overview 149 10 1 1 What You Can Do in this Chapter 149 10 2 What You Need to Know 150 10 3 The Quality of Servic...

Page 9: ...11 9 3 How NAT Works 180 11 9 4 NAT Application 181 Chapter 12 Dynamic DNS Setup 183 12 1 Overview 183 12 1 1 What You Can Do in this Chapter 183 12 1 2 What You Need To Know 183 12 2 The DNS Entry S...

Page 10: ...ter 17 Home Connectivity 203 17 1 Overview 203 17 2 The Home Connectivity Screen 203 Chapter 18 Firewall 205 18 1 Overview 205 18 1 1 What You Can Do in this Chapter 205 18 1 2 What You Need to Know 2...

Page 11: ...n Do in this Chapter 228 23 1 2 What You Need to Know About VoIP 228 23 2 Before You Begin 229 23 3 The SIP Account Screen 229 23 3 1 The SIP Account Add Edit Screen 230 23 4 The SIP Service Provider...

Page 12: ...er 27 ARP Table 267 27 1 Overview 267 27 1 1 How ARP Works 267 27 2 ARP Table Screen 268 Chapter 28 Routing Table 269 28 1 Overview 269 28 2 The Routing Table Screen 269 Chapter 29 Multicast Status 27...

Page 13: ...rvices Screen 283 35 3 The Trust Domain Screen 284 35 4 The Add Trust Domain Screen 284 Chapter 36 SNMP 286 36 1 Overview 286 36 2 The SNMP Screen 286 Chapter 37 Time Settings 288 37 1 Overview 288 37...

Page 14: ...ou Need to Know 301 42 3 Ping TraceRoute NsLookup 302 42 4 802 1ag 302 42 5 802 3ah 304 42 6 OAM Ping 305 Chapter 43 Troubleshooting 307 43 1 Power Hardware Connections and LEDs 307 43 2 VMG Access an...

Page 15: ...15 PART I User s Guide...

Page 16: ...igital Network or T ISDN UR 2 Only use firmware for your VMG s specific model Refer to the label on the back of your VMG 1 1 1 Internet Access Your VMG provides shared Internet access by connecting th...

Page 17: ...hat probes from the outside to your network are not allowed but you can safely browse the Internet and download files 1 1 2 Ethernet WAN If you prefer not to use a DSL line and you have another broadb...

Page 18: ...ion about Cellular backup 1 1 5 Wireless Access The VMG is a wireless Access Point AP for IEEE 802 11b g n a ac wireless clients such as notebook computers iPands smartphones etc These devices can con...

Page 19: ...oadband Cellular Backup To update the supported cellular USB dongle list download the latest WWAN package from the Zyxel website and upload it to the VMG using the Maintenance Firmware Upgrade screen...

Page 20: ...r call to a VoIP service provider s SIP server which forwards your calls to either VoIP or PSTN phones 1 2 Ways to Manage the VMG Use any of the following methods to manage the VMG Web Configurator Th...

Page 21: ...t in a safe place Back up the configuration and make sure you know how to restore it Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes If you forg...

Page 22: ...Chapter 1 Introducing the VMG VMG8825 B Series User s Guide 22 Figure 8 VMG8825 B Series Side Panels Figure 9 VMG8825 B Series Side Panels...

Page 23: ...ange of the VMG The WLAN WPS LED flashes amber while the VMG sets up a WPS connection with the other wireless device 4 Once the connection is successfully made the WLAN WPS LED shines green Note that...

Page 24: ...n The VMG has an IP connection but no traffic Your device has a WAN IP address either static or assigned by a DHCP server PPP negotiation was successfully completed if used and the DSL connection is u...

Page 25: ...rresponding SIP account Amber On A SIP account is registered for the phone port and there s voice message in the corresponding SIP account Blinking A telephone connected to the phone port has its rece...

Page 26: ...ess the Web Configurator you will need to use the RESET button at the back of the device to reload the factory default configuration file This means that you will lose all configurations that you had...

Page 27: ...ault Java permissions enabled by default 2 1 1 Accessing the Web Configurator 1 Make sure your VMG hardware is properly connected refer to the Quick Start Guide 2 Launch your web browser If the VMG do...

Page 28: ...ed your password Enter a new password retype it to confirm and click Apply Figure 13 Change Password Screen 5 Configure basic Internet access and wireless settings The Network Map page appears Figure...

Page 29: ...panel 2 2 1 Title Bar The title bar provides some icons in the upper right corner The icons provide the following functions C A B Table 4 Web Configurator Icons in the Title Bar ICON DESCRIPTION Lang...

Page 30: ...WMM Others Use this screen to configure advanced wireless settings Channel Status Use this screen to scan wireless LAN channel noises and view the results MESH Use this screen to enable or disable Zyx...

Page 31: ...tings IGMP for IPv4 and MLD for IPv6 multicast groups on the WAN Vlan Group Vlan Group Use this screen to group and tag VLAN IDs to outgoing traffic from the specified interface Interface Grouping Int...

Page 32: ...security events in their proper drop down list window Levels include Emergency Alert Critical Error Warning Notice Informational Debugging Categories include Account Attack Firewall MAC Filter Traffi...

Page 33: ...ses on the VMG Log Setting Log Setting Use this screen to change your VMG s log settings Firmware Upgrade Firmware Upgrade Use this screen to upload firmware to your VMG Backup Restore Backup Restore...

Page 34: ...ation on the features in this chapter 3 2 Quick Start Setup 1 The Quick Start Wizard appears automatically after login Or you can click the Quick Start icon in the top right corner of the Web Configur...

Page 35: ...nternet Connection 3 Turn the wireless LAN on or off If you keep it on record the security settings so you can configure your wireless clients to connect to the VMG Click Save Figure 18 Quick Start Wi...

Page 36: ...G Using DDNS see page 61 Configuring the MAC Address Filter see page 62 Access Your Shared Files From a Computer see page 64 4 2 Setting Up an ADSL PPPoE Connection This tutorial shows you how to set...

Page 37: ...Internet connection by selecting the Apply as Default Gateway check box Then select DNS as Static and enter the DNS server addresses provided to you such as 192 168 5 2 DNS server1 192 168 5 1 DNS se...

Page 38: ...Chapter 4 Tutorials VMG8825 B Series User s Guide 38 8 You should see a summary of your new DSL connection setup in the Broadband screen as follows...

Page 39: ...wireless client can access the Internet through the AP Thomas has to configure the wireless network settings on the VMG Then he can set up a wireless network using WPS Section 4 3 2 on page 40 or manu...

Page 40: ...book and the VMG see Section 4 3 2 on page 40 He can also use the notebook s wireless client to search for the VMG see Section 4 3 3 on page 44 4 3 2 Using WPS This section gives you an example of how...

Page 41: ...seconds Alternatively you may log into VMG s Web Configurator and go to the Network Setting Wireless WPS screen Enable the WPS function for method 1 and click Apply Then click the Connect button Note...

Page 42: ...u need to check the client s PIN number and use the VMG s configuration interface 1 Go to your phone settings and turn on Wi Fi Open the Wi Fi networks list and tap WPS PIN Entry to get a PIN number 2...

Page 43: ...n two minutes The VMG authenticates the wireless client and sends the proper configuration settings to the wireless client This may take up to two minutes The wireless client is then able to communica...

Page 44: ...for the Example SSID Then enter the DoNotStealMyWirelessNetwork pre shared key to establish an wireless Internet connection Note The VMG supports IEEE 802 11b and IEEE 802 11g wireless clients Make su...

Page 45: ...itors will use the VIP group Visiting guests will use the Guest group which has a different SSID and password Company A will use the following parameters to set up the wireless network groups 1 Click...

Page 46: ...ries User s Guide 46 2 Click Network Setting Wireless Guest More AP to open the following screen Click the Edit icon to configure the second wireless network group 3 Configure the screen using the pro...

Page 47: ...4 Tutorials VMG8825 B Series User s Guide 47 4 In the Guest More AP screen click the Edit icon to configure the third wireless network group Configure the screen using the provided parameters and clic...

Page 48: ...the SSIDs are active and ready for wireless access 4 5 Using the File Sharing Feature In this section you can Set up file sharing of your USB device from the VMG Access the shared files of your USB d...

Page 49: ...VMG automatically adds your USB device to the Information 4 5 1 2 Set up File Sharing on Your VMG You also need to set up file sharing on your VMG in order to share files 1 Click Add New Share in the...

Page 50: ...s below The Add Share Directory screen should look like the following Click Apply to finish 4 This sets up the file sharing server You can see the USB storage device listed in the table below 5 If you...

Page 51: ...ccess BobShare via your VMG you do not have to relogin unless you restart your computer 4 6 Using the Media Server Feature Use the media server feature to play files on a computer or on your televisio...

Page 52: ...music and image files in your USB storage device 4 6 2 Using Windows Media Player This section shows you how to play the media files on the USB storage device connected to your VMG using Windows Medi...

Page 53: ...gital Media Adapter This section shows you how you can use the VMG with a Zyxel DMA 2500 to play media files stored in the USB storage device in your TV screen Note For this tutorial your DMA 2500 sho...

Page 54: ...Home screen to appear Using the remote control go to MyMedia to open the following screen Select the GPON Device as your media server 3 The screen shows you the list of available media files in the US...

Page 55: ...o network routings In the following figure router R is connected to the VMG s LAN R connects to two networks N1 192 168 1 x 24 and N2 192 168 10 x 24 If you want to send traffic from computer A in N1...

Page 56: ...r in advanced mode 2 Click Network Setting Routing 3 Click Add new Static Route in the Static Route screen 4 Configure the Static Route Setup screen using the following settings Table 6 IP Settings in...

Page 57: ...ice You want to prioritize e mail traffic because your task includes sending urgent updates to clients at least twice every hour You also upload data files such as logs and e mail archives to the FTP...

Page 58: ...pstream Bandwidth to 10 000 kbps or leave this blank to have the VMG automatically determine this figure Click Apply Tutorial Advanced QoS 2 Click Queue Setup Add new Queue to create a new queue On th...

Page 59: ...825 B Series User s Guide 59 Tutorial Advanced QoS Queue Setup 3 Click Classification Setup Add new Classification to create a new class Select Enable in the Active field and follow the settings as sh...

Page 60: ...traffic such as E mail in this example From Interface This is the interface from which the traffic will be coming from Select LAN1 for this example Ether Type Select IP to identify the traffic source...

Page 61: ...hen you cannot use DDNS 4 9 1 Registering a DDNS Account on www dyndns org 1 Open a browser and type http www dyndns org 2 Apply for a user account This tutorial uses UserName1 and 12345 as the userna...

Page 62: ...et 2 Type http zyxelrouter dyndns org and press Enter 3 The VMG s login page should appear You can then log into the VMG and manage it 4 10 Configuring the MAC Address Filter Thomas noticed that his d...

Page 63: ...activate MAC filter function 2 Select Allow Then enter the host name and MAC address of Thomas computer on this screen Click Apply Thomas can also grant access to the computers of other members of hi...

Page 64: ...MG s USB port Note This example uses the FileZilla FTP program to browse your shared files 1 In FileZilla enter the IP address of the VMG the default is 192 168 1 1 your account s user name and passwo...

Page 65: ...65 PART II Technical Reference...

Page 66: ...onnection status of the VMG and clients connected to it You can use the Status screen to look at the current status of the VMG system resources and interfaces LAN WAN and WLAN 5 2 The Network Map Scre...

Page 67: ...it If you want to change the name or icon of the client click Change name icon If you prefer to view the status in a list click List View in the Viewing mode selection box You can configure how often...

Page 68: ...VMG Serial Number This field displays the serial number of the VMG Firmware Version This is the current version of the firmware inside the VMG WAN Information These fields display when you have a WAN...

Page 69: ...d to identify the VMG in a wireless LAN Channel This is the channel number used by the wireless interface now Security This displays the type of security mode the wireless interface is using in the wi...

Page 70: ...ce is detected in any USB slot Registration Status Account This column displays each SIP account in the VMG Action If the SIP account is already registered with the SIP server the Account Status field...

Page 71: ...he Broadband screen to view remove or add a WAN interface You can also configure the WAN settings on the VMG for Internet access Section 6 2 on page 75 Use the Cellular Backup screen to configure cell...

Page 72: ...d In PTM packets are encapsulated directly in the High level Data Link Control HDLC frames It is designed to provide a low overhead transparent way of transporting packets over DSL links as an alterna...

Page 73: ...pose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means that the first 32 bits 2001 db8 is the subnet prefix IPv6 Subnet Masking Bot...

Page 74: ...nd you set IPv6 IPv4 Mode to IPv6 Only you can enable Dual Stack Lite to use IPv4 computers and services The VMG tunnels IPv4 packets inside IPv6 encapsulation packets to the ISP s Address Family Tran...

Page 75: ...ulation This is the method of encapsulation used by this connection 802 1p This indicates the 802 1p priority level assigned to traffic sent through this connection This displays N A when there is no...

Page 76: ...es depending on the interface type mode encapsulation and IPv6 IPv4 mode you select 6 2 1 1 Routing Mode Use Routing mode if your ISP give you one IP address only and you want multiple computers to sh...

Page 77: ...table describes the labels on this screen Table 10 Network Setting Broadband Add New WAN Interface Edit Routing Mode LABEL DESCRIPTION General Active Select Enable or Disable to activate or deactivate...

Page 78: ...that elapses before the router automatically disconnects from the PPPoE server This field is not available if you select Auto Connect in the PPP Connection Trigger field PPPoE Passthrough This field...

Page 79: ...activate VLAN on this WAN interface Otherwise select Disable to deactivate 802 1p IEEE 802 1p defines up to 8 separate traffic types by inserting a tag into a MAC layer frame that contains bits to def...

Page 80: ...k Border Relay IPv4 Address When you select Manually Configured specify the relay server s IPv4 address in this field DHCPC Options This is available only when you select IPv4 Only or IPv4 IPv6 DualSt...

Page 81: ...alStack or IPv6 Only in the IPv4 IPv6 Mode field You can enable IPv6 routing features in the following section MLD Proxy Enable Select this check box to have the VMG act as an MLD proxy on this connec...

Page 82: ...u more than one IP address and you want the connected computers to get individual IP address from ISP s DHCP server directly If you select Bridge you cannot use routing functions such as QoS Firewall...

Page 83: ...served for local management of ATM traffic Enter the VCI assigned to you Encapsulation Select the method of multiplexing used by your ISP from the drop down list box Choices are LLC SNAP BRIDGING In L...

Page 84: ...me VBR non real time Variable Bit Rate for connections that do not require closely controlled delay and delay variation Select Realtime VBR real time Variable Bit Rate for applications with bursty con...

Page 85: ...B Series User s Guide 85 Note The actual data rate you obtain varies depending the cellular card you use the signal strength to the service provider s base station and so on Figure 32 Network Setting...

Page 86: ...our ISP enabled PIN code authentication enter the 4 digit PIN code 0000 for example provided by your ISP If you enter the PIN code incorrectly the cellular card may be blocked by your ISP and you cann...

Page 87: ...dget Mbytes Select this and specify how much downstream and or upstream data in Mega bytes can be transmitted via the cellular connection within one month Select Download Upload to set a limit on the...

Page 88: ...l Notification Select this to enable the e mail notification function The VMG will e mail you a notification when there over budget occurs Mail Account Select an e mail address you have configured in...

Page 89: ...tting Broadband Advanced LABEL DESCRIPTION DSL Capabilities PhyR US Enable or disable PhyR US upstream for upstream transmission to the WAN PhyR US should be enabled if data being transmitted upstream...

Page 90: ...am and 800 kbit s upstream AnnexL Annex L is an optional specification in the ITU T ADSL2 recommendation G 992 3 titled Specific requirements for a Reach Extended ADSL2 READSL2 system operating in the...

Page 91: ...tocol over Ethernet PPPoE provides access control and billing functionality in a manner similar to dial up services using PPP PPPoE is an IETF standard RFC 2516 specifying how a personal computer PC i...

Page 92: ...average rate and fluctuations of data transmission over an ATM network This agreement helps eliminate congestion which is important for transmission of real time data such as audio and video connecti...

Page 93: ...and delay variation It also provides a fixed amount of bandwidth a PCR is specified but is only available when data is being sent An example of an VBR RT connection would be video conferencing Video...

Page 94: ...bytes longer than an untagged frame and contains two bytes of TPID Tag Protocol Identifier residing within the type length field of the Ethernet frame and two bytes of TCI Tag Control Information sta...

Page 95: ...addresses manually enter them in the DNS server fields 2 If your ISP dynamically assigns the DNS server IP addresses along with the VMG s WAN IP address set the DNS server fields to get the DNS serve...

Page 96: ...ion 7 6 on page 106 Use the Others screen to configure wireless advanced features such as the RTS CTS Threshold Section 7 7 on page 107 Use the Channel Status screen to scan wireless LAN channel noise...

Page 97: ...select the wireless security mode Note If you are configuring the VMG from a computer connected to the wireless LAN and you change the VMG s SSID channel or security settings you will lose your wirele...

Page 98: ...et the Bandwidth field to 40MHz Set whether the control channel set in the Channel field should be in the Lower or Upper range of channel bands Wireless Network Settings Wireless Network Name The SSID...

Page 99: ...Using a Pre Shared Key PSK both the VMG and the connecting client share a common password in order to validate the connection This type of encryption while robust is not as strong as WPA WPA2 or even...

Page 100: ...mechanisms used for WPA 2 and WPA 2 PSK are the same The only difference between the two is that WPA 2 PSK uses a simple common password instead of user specific credentials If you did not select Gen...

Page 101: ...e set of parameters relating to one of the VMG s BSSs The SSID Service Set IDentifier identifies the Service Set with which a wireless device is associated This field displays the name of the wireless...

Page 102: ...access point AP must have the same SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame...

Page 103: ...address pool The VMG assigns IP addresses from this DHCP pool to wireless clients connecting to the SSID DHCP End Address Specify the last of the contiguous addresses in the DHCP IP address pool SSID...

Page 104: ...ect Allow to permit access to the VMG MAC addresses not listed will be denied access to the VMG MAC address List Add new MAC address Click this if you want to add a new MAC address entry to the MAC fi...

Page 105: ...the WPS settings on this screen Figure 41 Network Setting Wireless WPS The following table describes the labels in this screen Table 23 Network Setting Wireless WPS LABEL DESCRIPTION General WPS Sele...

Page 106: ...VMG Method 3 Use this section to set up a WPS wireless network by entering the PIN of the VMG into the client Select Enable and click Apply to activate WPS method 3 on the VMG Release Configuration T...

Page 107: ...e battery life of your mobile devices especially useful for small devices that are running multimedia applications The VMG goes to sleep mode to save power when it is not transmitting data The AP buff...

Page 108: ...ompliant WLAN devices to associate with the VMG Select 802 11ac Only to allow only IEEE 802 11ac compliant WLAN devices to associate with the VMG Select 802 11a n Mixed to allow either IEEE 802 11a or...

Page 109: ...twork Setting Wireless Channel Status 7 9 The MESH Screen Use this screen to enable or disable Zyxel MESH Multy Pro It supports AP steering and Band steering AP steering allows wireless clients to roa...

Page 110: ...your Multy Pro supported extender s UG for how to enable the wireless LAN 3 If the Multy Pro supported extender is in AP mode connect it to the VMG using an Ethernet cable 4 Turn on the Multy Pro sup...

Page 111: ...n displays Figure 46 Network Wireless MESH 7 10 The WLAN Scheduler Screen Use this screen to define time periods and days during which the VMG s wireless interfaces detain traffic to connected devices...

Page 112: ...duler rules are created or activated all wireless networks remain active by default Add New Rule Click this button to create a new scheduler rule This is the index number of the scheduler rule Active...

Page 113: ...ss the network A bridge is a radio that relays communications between access points and wireless clients extending a network s range Traditionally a wireless network operates in one of two ways Table...

Page 114: ...very wireless network must follow these basic guidelines Every device in the same wireless network must use the same SSID The SSID is the name of the wireless network It stands for Service Set IDentif...

Page 115: ...he old Wired Equivalent Protocol WEP Using WEP is better than using no security at all but it will not keep a determined attacker out Other security standards are secure in themselves but can be broke...

Page 116: ...or 00 A0 C5 00 00 02 To get the MAC address for each device in the wireless network see the device s User s Guide or other documentation You can use the MAC address filter to tell the VMG which device...

Page 117: ...on are better than none at all but it is still possible for unauthorized wireless devices to figure out the original information pretty quickly When you select WPA2 or WPA2 PSK in your VMG you can als...

Page 118: ...fferent APs to configure different Basic Service Sets BSSs As well as the cost of buying extra APs there is also the possibility of channel interference The VMG s MBSSID Multiple Basic Service Set IDe...

Page 119: ...curity settings manually Each WPS connection works between two devices Both devices must support WPS check each device s documentation to make sure Depending on the devices you have you can either pre...

Page 120: ...ends the network and security information to the other allowing it to join the network Take the following steps to set up a WPS connection between an access point or wireless router referred to here a...

Page 121: ...eives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrol...

Page 122: ...e WPS enabled wireless clients By default a WPS devices is unconfigured This means that it is not part of an existing network and can act as either enrollee or registrar if it supports both functions...

Page 123: ...o the network You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the...

Page 124: ...button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devices However...

Page 125: ...if this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens op...

Page 126: ...the LAN to specific individual computers based on their MAC Addresses Section 8 3 on page 132 Use the UPnP screen to enable UPnP and UPnP NAT traversal on the VMG Section 8 4 on page 133 Use the Addi...

Page 127: ...ou can access it RADVD Router Advertisement Daemon When an IPv6 host sends a Router Solicitation RS request to discover the available routers RADVD with Router Advertisement RA messages in response to...

Page 128: ...s achieved UPnP certification from the Universal Plug and Play Forum UPnP Implementers Corp UIC Zyxel s UPnP implementation supports Internet Gateway Device IGD 1 0 See Section 8 4 1 on page 134 for e...

Page 129: ...reate a new interface group LAN IP Setup IPAddress Enter the LAN IPv4 IP address you want to assign to your VMG in dotted decimal notation for example 192 168 1 1 factory default Subnet Mask Type the...

Page 130: ...assigns IP addresses to clients when they log in DHCP centralizes IP address management on central computers that run the DHCP server program DHCP leases addresses for a period of time which means tha...

Page 131: ...CPv6 Server The VMG provides DNS information through both router advertisements and DHCPv6 DHCPv6 Configuration DHCPv6 Active This shows the status of the DHCPv6 DHCP Server displays if you configured...

Page 132: ...tic DHCP entry the following screen displays Table 32 Network Setting Home Networking Static DHCP LABEL DESCRIPTION Static DHCP Configuration Click this to add a new static DHCP entry This is the inde...

Page 133: ...to activate the connection between the client and the VMG Otherwise select Disable to deactivate Group Name Select the interface group name for which you want to configure static DHCP settings See Cha...

Page 134: ...en without entering the VMG s IP address although you must still enter the password to access the web configurator UPnP NAT T State UPnP NAT T Select Enable to allow UPnP enabled applications to autom...

Page 135: ...vanced Sharing Settings 3 Select Turn on network discovery and click Save Changes Network discovery allows your computer to find other computers and devices on the network and other computers on the n...

Page 136: ...bes the labels on this screen Table 35 Network Setting Home Networking Additional Subnet LABEL DESCRIPTION IP Alias Setup Group Name Select the interface group name for which you want to configure the...

Page 137: ...ng table describes the labels on this screen 8 7 The Wake on LAN Screen Use this screen to turn on a device on the LAN network To use this feature the remote device must also support Wake On LAN You n...

Page 138: ...een Table 37 Network Setting Home Networking Wake on Lan LABEL DESCRIPTION Wake by Address Select Manual and enter the IP address or MAC address of the device to turn it on remotely The drop down list...

Page 139: ...gured as a server the VMG provides the TCP IP configuration for the clients If you turn DHCP service off you must have another DHCP server on your LAN or else the computer must be manually configured...

Page 140: ...etwork number then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established If this is the case it is recommended that you select...

Page 141: ...de you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresse...

Page 142: ...cted to the VMG s LAN interface The VMG routes most traffic from A to the Internet through the VMG s default gateway R1 You create one static route to connect to services offered by your ISP behind ro...

Page 143: ...hat this route is active A gray bulb signifies that this route is not active Name This is the name that describes or identifies this route Destination IP This parameter specifies the IP network addres...

Page 144: ...your IP type is IPv4 or IPv6 Destination IP Address Enter the IPv4 or IPv6 network address of the final destination IP Subnet Mask If you are using IPv4 and need to specify a route to a single host us...

Page 145: ...te This is the index number of a DNS route Status This field displays whether the DNS route is active or not A yellow bulb signifies that this DNS route is active A gray bulb signifies that this DNS r...

Page 146: ...owing table describes the labels on this screen Subnet Mask Enter the subnet mask of the DNS route entry WAN Interface Select the WAN connection through which the VMG forwards DNS requests for this do...

Page 147: ...want to delete the policy Table 43 Network Setting Routing Policy Route continued LABEL DESCRIPTION Table 44 Policy Route Add Edit Sheet 1 of 2 LABEL DESCRIPTION Active Select Enable or Disable to ac...

Page 148: ...he format and the broadcasting method of the RIP packets that the VMG sends it recognizes both formats when receiving RIP version 1 is universally supported but RIP version 2 carries more information...

Page 149: ...riority are processed more quickly than those with low priority if there is congestion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that re...

Page 150: ...ile DiffServ is a new protocol and defines a new DS field which replaces the eight bit ToS Type of Service field in the IP header Tagging and Marking In a QoS class you can configure whether to add or...

Page 151: ...algorithms Token Bucket Filter TBF Single Rate Two Color Maker srTCM and Two Rate Two Color Marker trTCM You can specify actions which are performed on the colored packets See Section 10 8 on page 162...

Page 152: ...r the amount of downstream bandwidth for the LAN interfaces including WLAN that you want to allocate using QoS The recommendation is to set this speed to match the WAN interfaces actual transmission s...

Page 153: ...e Name This shows the descriptive name of this queue Interface This shows the name of the VMG s interface through which traffic in this queue passes Priority This shows the priority of this queue Weig...

Page 154: ...Select the priority level from 1 to 7 of this queue The smaller the number the higher the priority level Traffic assigned to higher priority queues gets through faster while traffic in lower priority...

Page 155: ...CRIPTION Add New Classification Click this to create a new classifier Order This is the index number of the entry The classifiers are applied in order of their numbering Status This field displays whe...

Page 156: ...1 Class Configuration Active Select Enable or Disable to activate or deactivate the classifier Class Name Enter a descriptive name of up to 15 printable English keyboard characters not including space...

Page 157: ...clude the packets that match the specified criteria from this classifier Destination Address Select the check box and enter the source IP address in dotted decimal notation A blank source IP address m...

Page 158: ...ield is available only when you select 802 1Q in the Ether Type field Select this option and specify a VLAN ID number TCP ACK This field is available only when you select IP in the Ether Type field If...

Page 159: ...ble 50 Classification Setup Add Edit continued LABEL DESCRIPTION Table 51 Network Setting QoS Shaper Setup LABEL DESCRIPTION Add New Shaper Click this to create a new entry This is the index number of...

Page 160: ...Figure 81 Network Setting QoS Policer Setup The following table describes the labels in this screen Table 52 Shaper Setup Add Edit LABEL DESCRIPTION Active Select Enable or Disable to activate or dea...

Page 161: ...ing algorithm used in this policer Rule These are the rates and burst sizes against which the policer checks the traffic of the member QoS classes Action This shows the how the policer has the VMG tre...

Page 162: ...rate When the incoming traffic rate of the member QoS classes is less than the committed rate the device applies the conforming action to the traffic Committed Burst Size Specify the committed burst s...

Page 163: ...field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward compatible with the three precedence bits in the ToS octet so that...

Page 164: ...2 1p priority level IP precedence and or packet length to assign priority to traffic which does not match a class The following table shows you the internal layer 2 and layer 3 QoS mapping on the VMG...

Page 165: ...that may cause outgoing packets to be dropped A larger transmission rate requires a big bucket size For example use a bucket size of 10 kbytes to get the transmission rate up to 10 Mbps Single Rate T...

Page 166: ...s priority levels High packet loss priority level is referred to as red medium is referred to as yellow and low is referred to as green The trTCM is based on the token bucket filter and has two token...

Page 167: ...ngs Section 11 4 on page 172 Use the DMZ screen to configure a default server Section 11 5 on page 175 Use the ALG screen to enable and disable the NAT and SIP VoIP ALG in the VMG Section 11 6 on page...

Page 168: ...address of the desired server The port number identifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support m...

Page 169: ...whether the NAT rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active Service Name This shows the service s name Originating IP Thi...

Page 170: ...ect Enable or Disable to activate or deactivate the rule Service Name Enter a name to identify this rule using keyboard characters A Z a z 1 2 and so on WAN Interface Select the WAN interface through...

Page 171: ...orts translated Translation End Port This shows the last port of the translated port range Server IP Address Enter the inside IP address of the virtual server here Configure Originating IP Select Enab...

Page 172: ...request a service with a specific port number and protocol a trigger port When the VMG s WAN port receives a response with a specific port number and protocol open port the VMG forwards the traffic to...

Page 173: ...6970 7170 3 The Real Audio server responds using a port number ranging between 6970 7170 4 The VMG forwards the traffic to Jane s computer IP address 5 Only Jane can connect to the Real Audio server...

Page 174: ...e This field shows the WAN interface through which the service is forwarded Trigger Start Port The trigger port is a port or a range of ports that causes or triggers the VMG to record the IP address o...

Page 175: ...mber or the starting port number in a range of port numbers Trigger End Port Type a port number or the ending port number in a range of port numbers Trigger Protocol Select the transport layer protoco...

Page 176: ...l to restore your previously saved settings Table 63 Network Setting NAT DMZ continued LABEL DESCRIPTION Table 64 Network Setting NAT ALG LABEL DESCRIPTION NAT ALG Enable this to make sure application...

Page 177: ...Start IP address and 255 255 255 255 as the Local End IP address This field is blank for One to One mapping types Global Start IP This is the starting Inside Global IP Address IGA Enter 0 0 0 0 here i...

Page 178: ...AT port address translation the VMG s Single User Account feature that previous routers supported only Many to Many This mode maps multiple local IP addresses to shared global IP addresses Local Start...

Page 179: ...ddress ILA is the IP address of an inside host in a packet when the packet is still in the local network while an inside global address IGA is the IP address of the same inside host when the packet is...

Page 180: ...Overload mapping NAT offers the additional benefit of firewall protection With no servers defined your VMG filters out all incoming inquiries thus preventing intruders from probing your network For mo...

Page 181: ...s and Port Numbers The most often used port numbers are shown in the following table Please refer to RFC 1700 for further information about port numbers Please also refer to the Supporting CD for more...

Page 182: ...gn a default server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Intern...

Page 183: ...ntact you in NetMeeting CU SeeMe etc You can also access your FTP server or Web site on your own computer using a domain name for instance myhost dhs org where myhost is a name of your choice that wil...

Page 184: ...y You can manually add or edit the VMG s DNS name and IP address entry Click Add New DNS Entry in the DNS Entry screen or the Edit icon next to the entry you want to edit The screen shown next appears...

Page 185: ...Setting DNS Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Dynamic DNS Select Enable to use dynamic DNS Service Provider Select your Dynamic DNS service provider from the drop down list box Host Doma...

Page 186: ...namic DNS Setup VMG8825 B Series User s Guide 186 Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 72 Network Setting DNS Dynamic DNS continued LABEL...

Page 187: ...us to IGMP snooping and IGMP proxy in IPv4 MLD filtering controls which multicast groups a port can join An MLD Report message is equivalent to an IGMP Report message and a MLD Done message is equival...

Page 188: ...Query message Multicast routers use general queries to learn which multicast groups have members Last Member Query Interval Enter the maximum number of seconds the VMG can wait for receiving a respons...

Page 189: ...diately without sending an IGMP or MLD membership query message once it receives an IGMP or MLD leave message This is helpful if a user wants to quickly change a TV channel multicast group change espe...

Page 190: ...and and IPTV traffic respectively coming from the two VoD and IPTV multicast servers The VMG DSL can also tag outgoing requests to these servers with these VLAN IDs Figure 103 VLAN Group Example 14 1...

Page 191: ...hows the LAN ports included in the VLAN group and if traffic leaving the port will be tagged with the VLAN ID Modify Click the Edit icon to change an existing VLAN group setting or click the Delete ic...

Page 192: ...lly add a LAN interface to a new group Alternatively you can have the VMG automatically add the incoming traffic and the LAN interface on which traffic is received to an interface group when its DHCP...

Page 193: ...open the following screen Use this screen to create a new interface group Note An interface can belong to only one group at a time Table 76 Network Setting Interface Grouping LABEL DESCRIPTION Add Ne...

Page 194: ...interface and and up to one WWAN interface Select None to not add a WAN interface to this group Selected LAN Interfaces Available LAN Interfaces Select one or more LAN interfaces Ethernet LAN HPNA or...

Page 195: ...to exit this screen without saving Table 77 Interface Group Configuration continued LABEL DESCRIPTION Table 78 Interface Grouping Criteria LABEL DESCRIPTION Source MAC Address Enter the source MAC add...

Page 196: ...e MAC address Serial Number Enter the serial number of the device Product Class Enter the product class of the device VLAN Group Select this and the VLAN group of the matched traffic from the drop dow...

Page 197: ...File Sharing Overview The VMG will not be able to join the workgroup if your local area network has restrictions set up that do not allow devices to join a workgroup In this case contact your network...

Page 198: ...File System The VMG uses Common Internet File System CIFS protocol for its file sharing functions CIFS compatible computers can access the USB file storage devices connected to the VMG CIFS protocol i...

Page 199: ...device Server Configuration File Sharing Services Select Enable to activate file sharing through the VMG Share Directory List Add New Share Click this to set up a new share on the VMG Active Select t...

Page 200: ...er Name This is the name of a user who is allowed to access the secured shares on the USB device Apply Click this to save your changes to the VMG Cancel Click this to restore your previously saved set...

Page 201: ...The VMG media server enables you to Publish all shares for everyone to play media files in the USB storage device connected to the VMG Use hardware based media clients like the DMA 2500 to play the f...

Page 202: ...vice VMG8825 B Series User s Guide 202 Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 81 Network Setting USB Service Media Server continued...

Page 203: ...m the mobile device You can even use the App to access the VMG s web configurator If your wireless router supports Zyxel One Connect VMG for example you can download and install the Multy Pro app in y...

Page 204: ...Chapter 17 Home Connectivity VMG8825 B Series User s Guide 204 Figure 115 Network Setting Home Connectivity...

Page 205: ...an initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 116 Defau...

Page 206: ...one in which multiple compromised systems attack a single target thereby causing denial of service for users of the targeted system LAND Attack In a LAND attack hackers flood SYN packets into the net...

Page 207: ...x D on page 341 for some examples Click Security Firewall Protocol to display the following screen Figure 118 Security Firewall Protocol Table 82 Security Firewall General LABEL DESCRIPTION Firewall S...

Page 208: ...ows the IP protocol TCP UDP ICMP or TCP UDP and the port number or range of ports that defines your customized service Other and the protocol number displays if the service uses another IP protocol Mo...

Page 209: ...s the name of the rule Src IP This displays the source IP addresses to which this rule applies Please note that a blank source address is equivalent to Any Dst IP This displays the destination IP addr...

Page 210: ...ination device to which the ACL rule applies If you select Specific IP Address enter the destiniation IP address in the field below Destination IP Address Enter the destination IP address IP Type Sele...

Page 211: ...chable message to the sender of REJECT or allow the passage of ACCEPT packets that match this rule Direction Use the drop down list box to select the direction of traffic to which this rule applies En...

Page 212: ...net device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know t...

Page 213: ...t This is the index number of the MAC address Active Select Active to enable the MAC filter rule The rule will not be applied if Allow is not selected Host Name Enter the host name of the wireless or...

Page 214: ...enable parental control view the parental control rules and schedules Note You can t configure parental control settings when One Connect is enabled in the Network Home Connectivity screen If you try...

Page 215: ...is shows the index number of the rule Status This indicates whether the rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active PCP Na...

Page 216: ...plies to all LAN users Rule List In Home Network User select Custom enter the LAN user s MAC address then click the Add icon to enter a computer MAC address for this PCP Up to five are allowed Click t...

Page 217: ...VMG prohibits the users from viewing the Web sites with the URLs listed below If you select Allow the Web URLs the VMG blocks access to all URLs except ones listed below Add Click Add to show a scree...

Page 218: ...ervice If you have chosen a pre defined service in the Service Name field this field will not be configurable Protocol Select the transport layer protocol used for the service Choices are TCP UDP or T...

Page 219: ...e Add New Rule button in the Scheduler Rule screen or click the Edit icon next to a schedule rule to open the following screen Use this screen to configure a restricted access schedule Table 93 Securi...

Page 220: ...p to 31 printable English keyboard characters not including spaces for this schedule Day Select check boxes for the days that you want the VMG to perform this scheduler rule Time of Day Range Enter th...

Page 221: ...Need to Know The following terms and concepts may help as you read through this chapter Certification Authority A Certification Authority CA issues certificates and guarantees the identity of each ce...

Page 222: ...It is recommended that you give each certificate a unique name Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or depart...

Page 223: ...dress in dotted decimal notation domain name or e mail address in the field provided The domain name or e mail address can be up to 63 ASCII characters The domain name or e mail address is for identif...

Page 224: ...cate into a printable form You can copy and paste the certificate into an e mail to send to friends or colleagues or you can copy and paste the certificate into a text editor and save the file on a ma...

Page 225: ...ertificate Table 99 Security Certificates Trusted CA LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority that you tr...

Page 226: ...Table 100 Trusted CA View LABEL DESCRIPTION Name This field displays the identifying name of this certificate This read only text box displays the certificate in Privacy Enhanced Mail PEM format PEM u...

Page 227: ...e describes the fields in this screen Table 101 Trusted CA Import Certificate LABEL DESCRIPTION Certificate File Path Type in the location of the certificate you want to upload in this field or click...

Page 228: ...n Section 23 5 on page 239 to view detailed information of the phone devices Use the Region screen Section 23 6 on page 241 to change settings that depend on the country you are in Use the Call Rule s...

Page 229: ...by taking care of the call routing and setup figuring out how to get your call to the right place in a way that you and the other person can talk to one another How to Find Out More See Chapter 4 on p...

Page 230: ...r account Click less to see and configure only the fields needed for this feature Table 102 VoIP SIP SIP Account LABEL DESCRIPTION Add new account Click this to configure a SIP account This is the ind...

Page 231: ...Chapter 23 Voice VMG8825 B Series User s Guide 231 Figure 139 VoIP SIP SIP Account Add new account Edit...

Page 232: ...he SIP number SIP include the SIP service domain name TEL do not include the SIP service domain name Voice Features Primary Compression Type Secondary Compression Type Third Compression Type Select th...

Page 233: ...No Answer Forward Select this if you want the VMG to forward incoming calls to the specified phone number if the call is unanswered See No Answer Time Specify the phone number in the To Number field...

Page 234: ...l Missed Call Email Title Type a title that you want to be in the subject line of the e mail notifications that the VMG sends Early Media Select this option if you want people to hear a customized rec...

Page 235: ...to use all these fields to set up your account Click less to see and configure only the fields needed for this feature SIP Proxy Server Address This shows the IP address or domain name of the SIP serv...

Page 236: ...Chapter 23 Voice VMG8825 B Series User s Guide 236 Figure 141 VoIP SIP SIP Service Provider Add new provider Edit...

Page 237: ...main Enter the SIP service domain name In the full SIP URI this is the part after the symbol You can use up to 127 printable ASCII Extended set characters RFC Support PRACK RFC 3262 Require 100rel PRA...

Page 238: ...C_SHA1_32 to enable both data encryption and authentication for voice data Select AES_CM_128_NULL to use 128 bit data encryption but disable data authentication Select NULL_CIPHER_HMAC_SHA1_80 to disa...

Page 239: ...connects the session Min SE Enter the minimum number of seconds the VMG lets a SIP session remain idle without traffic before it automatically disconnects the session When two SIP devices start a SIP...

Page 240: ...hone Phone Device Edit Table 106 VoIP Phone Phone Device LABEL DESCRIPTION This displays the index number of the phone device Phone ID This field displays the name of a phone port on the VMG Internal...

Page 241: ...ou cannot receive any calls on this phone port Immediate Dial Enable Select this if you want to use the pound key to tell the VMG to make the phone call immediately instead of waiting the number of se...

Page 242: ...lick this to save your changes and to apply them to the VMG Cancel Click this to set every field in this screen to its last saved value Table 108 VoIP Region LABEL DESCRIPTION Table 109 VoIP Call Rule...

Page 243: ...ing screen displays Table 110 VoIP Call History Call History LABEL DESCRIPTION Classify Select the type of the calls The call types are Incoming Outgoing and Missed Clear List Click this button to rem...

Page 244: ...ion Protocol SIP is an application layer control signaling protocol that handles the setting up altering and tearing down of voice and multimedia sessions over the Internet SIP signaling is separate f...

Page 245: ...knows that the users identified by their dedicated SIP URIs are represented by the UA and knows the IP address to which the SIP requests and responses should be sent Registration is initiated by the U...

Page 246: ...nd forwards them to another server In the following example you want to use client device A to call someone who is using client device C 1 The client device A in the figure sends a call invitation to...

Page 247: ...r Server A SIP register server maintains a database of SIP identity to IP address or domain name mapping The register server checks your user name and password when you register RTP When you make a Vo...

Page 248: ...P UAC sets up a phone call by sending a request to the SIP proxy server Then the proxy server looks up the destination to which the call should be forwarded according to the URI requested by the SIP U...

Page 249: ...SIP telephone call Proxy 1 sends a response indicating that it is trying to complete the request 2 Proxy 1 sends a SIP INVITE request to Proxy 2 Proxy 2 sends a response indicating that it is trying t...

Page 250: ...ased on the difference between each audio sample and a prediction based on previous samples The more similar the audio sample is to the prediction the less space needed to describe it G 726 operates a...

Page 251: ...u are done Listening to Custom Tones Do the following to listen to a custom tone 1 Pick up the phone and press on your phone s keypad and wait for the message that says you are in the configuration me...

Page 252: ...mber state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 3 DSCP and Per Hop Behavior DiffServ de...

Page 253: ...erred since the timing is much more precise With manual tapping if the duration is too long it may be interpreted as hanging up by the VMG You can invoke all the supplementary services by using the fl...

Page 254: ...t the second call Press the flash key and then press 0 Disconnect the first call and answer the second call Either press the flash key and press 1 or just hang up the phone and then answer the phone a...

Page 255: ...mand timeout 2 seconds expires or issue an invalid sub command the current operation will be aborted USA Call Hold Call hold allows you to put a call A on hold by pressing the flash key If you have an...

Page 256: ...connections again press the flash key This time the party B is on line and party A is on hold 23 10 2 4 Phone Functions Summary The following table shows the key combinations you can enter on your ph...

Page 257: ...sist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allows devices to send...

Page 258: ...from the drop down list box This filters search results according to the severity level you have selected When you select a severity the VMG searches through all logs of that severity or higher Catego...

Page 259: ...logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintenance...

Page 260: ...en to view the WAN traffic statistics Section 25 2 on page 260 Use the LAN screen to view the LAN traffic statistics Section 25 3 on page 261 Use the NAT screen to view the NAT status of the VMG s cli...

Page 261: ...the number of outgoing packets dropped on this interface Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors rec...

Page 262: ...e number of bytes received on this interface Interface This shows the LAN or WLAN interfaces Sent Packets Data This indicates the number of transmitted packets on this interface Error This indicates t...

Page 263: ...e connected host Total This displays what percentage of NAT sessions the VMG can support is currently being used by all connected hosts You can also see the number of active NAT sessions and the maxim...

Page 264: ...o wait before updating this screen and then click Set Interval Click Stop to have the VMG stop updating this screen SIP Status Account This column displays each SIP account in the VMG Registration Thi...

Page 265: ...te is displayed in the Status field and it turns to InCall state once the call is successfully established Incoming Call It s a SIP VoIP call made or originated by remote SIP accounts to connect to th...

Page 266: ...shows Unknown during the call setup phase signaling phase This is because one or more local phone ports can be configured or designed to receive these two types of calls see the Call Type above and t...

Page 267: ...oks in the ARP Table and if it finds the address sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The device fills in its own MAC...

Page 268: ...ing table describes the labels in this screen Table 125 System Monitor ARP Table LABEL DESCRIPTION This is the ARP table entry number IPv4 IPv6 Address This is the learned IPv4 or IPv6 IP address of a...

Page 269: ...screen Figure 160 System Monitor Routing Table The following table describes the labels in this screen Table 126 System Monitor Routing Table LABEL DESCRIPTION IPv4 IPv6 Routing Table Destination This...

Page 270: ...is modified from a routing daemon or redirect Metric The metric represents the cost of transmission A router determines the best route for transmission by choosing a path with the lowest cost The smal...

Page 271: ...ystem Monitor Multicast Status MLD Status Table 127 System Monitor Multicast Status IGMP Status LABEL DESCRIPTION Refresh Click this button to update the information on this screen Interface This fiel...

Page 272: ...an MLD multicast group Multicast Group This field displays the name of the MLD multicast group to which the interface belongs Filter Mode INCLUDE means that only the IP addresses in the Source List ge...

Page 273: ...m Monitor xDSL Statistics The following table describes the labels on this screen Table 129 Status xDSL Statistics LABEL DESCRIPTION Monitor Refresh Interval Select the time interval for refreshing st...

Page 274: ...he upstream and downstream far end actual aggregate transmit power in dBm Upstream is how much power the port is using to transmit to the service provider Downstream is how much port the service provi...

Page 275: ...Loss of Margin seconds Retr This is the number of DSL retraining count in BRCM DSL driver HostInitRetr This is the number of the retraining counts the host initiated FailedRetr This is the number of...

Page 276: ...n Status The following table describes the labels in this screen Table 130 System Monitor WLAN Station Status LABEL DESCRIPTION This is the index number of an associated wireless station MAC Address T...

Page 277: ...Level This field displays a number which represent the strength of the wireless LAN signal between an associated wireless station and an AP The VMG uses the RSSI and SNR values to determine the streng...

Page 278: ...atistics screens to look at cellular Internet connection status 32 2 The Cellular Statistics Screen To open this screen click System Monitor Cellular Statistics The cellular status is available on thi...

Page 279: ...cket Access 3 5G HSUPA High Speed Uplink Packet Access 3 75G HSPA HSDPA HSUPA 3 75G Service Provider This field displays the name of the service provider Signal Strength This field displays the streng...

Page 280: ...following screen Figure 166 Maintenance System The following table describes the labels on this screen Table 132 Maintenance System LABEL DESCRIPTION Host Name Type a hostname for your VMG Enter a des...

Page 281: ...box to enable it User Name This field displays the name of the account used to log into the VMG web configurator Retry Times This field displays the number of times consecutive wrong passwords can be...

Page 282: ...r new system password up to 256 characters Note that as you type a password the screen displays a for each character you type After you change the password use the new password to access the VMG Verif...

Page 283: ...es The following table describes the fields on this screen Table 135 Maintenance Remote Management MGMT Services LABEL DESCRIPTION WAN Interface used for services Select Any_WAN to have the VMG automa...

Page 284: ...t Domain Select the Enable check box for the corresponding services that you want to allow access to the VMG from the trusted hosts configured in the Maintenance Remote MGMT Trust Domain screen If you...

Page 285: ...ble describes the fields on this screen Table 137 Maintenance Remote Management Trust Domain Add Trust Domain LABEL DESCRIPTION IP Address Enter a public IPv4 IP address which is allowed to access the...

Page 286: ...two main types of component agents and a manager An agent is a management software module that resides in a managed device the VMG An agent translates the local management information from the managed...

Page 287: ...enance SNMP The following table describes the fields on this screen Table 138 Maintenance SNMP LABEL DESCRIPTION SNMP Agent Select Enable to let the VMG act as an SNMP agent which allows a manager sta...

Page 288: ...To change your VMG s time and date click Maintenance Time The screen appears as shown Use this screen to configure the VMG s time based on your local time zone Figure 174 Maintenance Time The followi...

Page 289: ...and the time to 2 in the Hour field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the sa...

Page 290: ...scribes the labels on this screen 38 2 1 Email Notification Edit Click the Add button in the Email Notification screen Use this screen to configure the required information for sending e mail via a ma...

Page 291: ...r name of a mail account you specified in the Account Email Address field Authentication Password Enter the password associated with the user name above Account Email Address Enter the e mail address...

Page 292: ...creen 39 2 The Log Settings Screen To change your VMG s log settings click Maintenance Logs Setting The screen appears as shown Figure 177 Maintenance Logs Setting The following table describes the fi...

Page 293: ...ount from which you want to send logs You can configure mail accounts in the Maintenance Email Notification screen System Log Mail Subject Type a title that you want to be in the subject line of the s...

Page 294: ...255 default policy forward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 7 00 From 192 168 1 6 To 10 10 10 10 match forward 09 54 19 UDP src port 03516 dest port 00053 1 01 snip snip 126 Apr...

Page 295: ...ur device s performance Only use firmware for your device s specific model Refer to the label on the bottom of your VMG 40 2 The Firmware Screen Click Maintenance Firmware Upgrade to open the followin...

Page 296: ...lick the check box to have the VMG automatically reset itself after the new firmware is uploaded Current Firmware Version This is the present Firmware version and the date created File Path Type in th...

Page 297: ...Chapter 40 Firmware Upgrade VMG8825 B Series User s Guide 297 Figure 182 Error Message...

Page 298: ...restoring configuration appears on this screen as shown next Figure 183 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the VMG s current configuration...

Page 299: ...ration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 If the upload was not successful the following screen w...

Page 300: ...actory defaults of your VMG Refer to Section 1 4 5 on page 26 for more information on the RESET button 41 3 The Reboot Screen System restart allows you to reboot the VMG remotely without turning the p...

Page 301: ...rt parameters Section 42 5 on page 304 The OAM Ping screen lets you send an ATM OAM Operation Administration and Maintenance packet to verify the connectivity of a specific PVC Section 42 6 on page 30...

Page 302: ...145 Maintenance Diagnostic Ping TraceRoute NsLookup LABEL DESCRIPTION URL or IP Address Type the IP address of a computer that you want to perform ping traceroute or nslookup in order to test a connec...

Page 303: ...a level 0 7 under which you want to create an MA MD Name Enter a descriptive name for the MD Maintenance Domain MA ID Enter a descriptive name to identify the Maintenance Association 802 1Q VLAN ID Ty...

Page 304: ...ollowing table describes the labels on this screen Linktrace Message LTM This shows the MAC address of MEPs that respond to the LTMs Apply Click this button to save your changes Send Loopback Click th...

Page 305: ...ata cells on VP connections but use different predefined VCI values F5 cells use the same VPI and VCI as the user data cells on the VC connections and are distinguished Features Select Variable Retrie...

Page 306: ...tests allow you to verify integrity of a PVC to the nearest neighboring ATM device End to end loopback tests allow you to verify integrity of an end to end PVC Note The DSLAM to which the VMG is conne...

Page 307: ...turn on 1 Make sure the VMG is turned on 2 Make sure you are using the power adaptor or cord included with the VMG 3 Make sure the power adaptor or cord is connected to the VMG and plugged in to an a...

Page 308: ...fault login names and associated passwords 2 If those do not work you have to reset the device to its factory defaults See Section 1 4 5 on page 26 I cannot see or access the Login screen in the web c...

Page 309: ...nsitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the VMG Log out of the VMG in the other session or ask the person who is lo...

Page 310: ...the DSL connection Network Setting Interface Grouping 4 If you set up a WAN connection using bridging service make sure you turn off the DHCP feature in the LAN screen to have the clients get WAN IP a...

Page 311: ...he LEDs are behaving as expected See the Quick Start Guide and Section 1 4 3 on page 23 3 Turn the VMG off and on 4 If the problem continues contact your vendor 43 4 Wireless Internet Access What fact...

Page 312: ...d all the clients within a wireless network must use the same SSID 43 5 USB Device Connection The VMG fails to detect my USB device 1 Disconnect the USB device 2 Reboot the VMG 3 If you are connecting...

Page 313: ...313 PART III Appendices Appendices contain general information Some information may not apply to your device...

Page 314: ...information Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief de...

Page 315: ...com pk Philippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation http www zyxel com tw zh Thailand Zyxel Thail...

Page 316: ...h Republic Zyxel Communications Czech s r o http www zyxel cz Denmark Zyxel Communications A S http www zyxel dk Estonia Zyxel Estonia http www zyxel com ee et Finland Zyxel Communications http www zy...

Page 317: ...nelux http www zyxel nl Norway Zyxel Communications http www zyxel no Poland Zyxel Communications Poland http www zyxel pl Romania Zyxel Romania http www zyxel com ro ro Russia Zyxel Russia http www z...

Page 318: ...kraine http www ua zyxel com Latin America Argentina Zyxel Communication Corporation http www zyxel com ec es Brazil Zyxel Communications Brasil Ltda https www zyxel com br pt Ecuador Zyxel Communicat...

Page 319: ...User s Guide 319 North America USA Zyxel Communications Inc North America Headquarters http www zyxel com us en Oceania Australia Zyxel Communications Corporation http www zyxel com au en Africa Sout...

Page 320: ...dependent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 194 Peer to Peer Communication in an Ad hoc...

Page 321: ...ired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired netwo...

Page 322: ...ally overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 chann...

Page 323: ...uested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the...

Page 324: ...tication restricting access by device MAC address and hiding the VMG identity The following figure shows the relative effectiveness of these wireless security methods available on your VMG Note You mu...

Page 325: ...ected to the network Accounting Keeps track of the client s network activity RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RA...

Page 326: ...rypting the password with the challenge and sends back the information Password is not sent in plain text However MD5 authentication has some weaknesses Since the authentication server needs to get th...

Page 327: ...ecurity certificate based authentications EAP TLS EAP TTLS and PEAP use dynamic keys for data encryption They are often deployed in corporate environments but for public deployment a simple user name...

Page 328: ...unicated between the AP and the wireless clients This all happens in the background automatically The Message Integrity Check MIC is designed to prevent an attacker from capturing data packets alterin...

Page 329: ...built in Zero Configuration wireless client However you must run Windows XP to use it WPA 2 with RADIUS Application Example To set up WPA 2 you need the IP address of the RADIUS server its port numbe...

Page 330: ...the TKIP or AES encryption process the PMK and information exchanged in a handshake to create temporal encryption keys They use these keys to encrypt data exchanged between them Figure 199 WPA 2 PSK A...

Page 331: ...ase of approximately 2 5 For an unobstructed outdoor site each 1dB increase in gain results in a range increase of approximately 5 Actual results may vary depending on the network environment Antenna...

Page 332: ...tennas In general antennas should be mounted as high as practically possible and free of obstructions In point to point application position both antennas at the same height and in a direct line of si...

Page 333: ...1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length speci...

Page 334: ...of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast grou...

Page 335: ...of the MAC address See the following example Identity Association An Identity Association IA is a collection of addresses assigned to a DHCP client through which the server and client can manage a se...

Page 336: ...ion enables an IPv6 router to use the IPv6 prefix network address received from the ISP or a connected uplink router for its LAN The VMG uses the received IPv6 prefix for example 2001 db2 48 to genera...

Page 337: ...address is unlink the address is considered as the next hop Otherwise the VMG determines the next hop from the default router list or routing table Once the next hop IP address is known the VMG looks...

Page 338: ...DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in...

Page 339: ...r Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network a...

Page 340: ...ur dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific...

Page 341: ...ype of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number P...

Page 342: ...iles including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTP...

Page 343: ...REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login ROADRUNNER TCP UDP 1026 This is an ISP that provides services mainly for cable modems RTELNET TCP 107 Remote Telnet RTSP TCP UDP 554...

Page 344: ...gin and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems VDOLIVE TCP...

Page 345: ...d if not installed and used according to the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installa...

Page 346: ...of the device This radio transmitter has been approved by Industry Canada to operate with the antenna types listed below with the maximum permissible gain and required antenna impedance for each anten...

Page 347: ...s Please check http www bipt be for more details Draadloze verbindingen voor buitengebruik en met een reikwijdte van meer dan 300 meter dienen aangemeld te worden bij het Belgisch Instituut voor postd...

Page 348: ...t auja no Elektronisko sakaru direkcijas Vair k inform cijas http www esd lv Lietuvi kalba Lithuanian iuo Zyxel deklaruoja kad is ranga atitinka esminius reikalavimus ir kitas 2014 53 ES Direktyvos nu...

Page 349: ...k from lightning CAUTION Risk of explosion if battery is replaced by an incorrect type dispose of used batteries according to the instruction Dispose them at the applicable collection point for the re...

Page 350: ...n punto limpio Cuando llegue el momento de desechar el producto la recogida por separado ste y o su bater a ayudar a salvar los recursos naturales y a proteger la salud humana y medioambiental Le symb...

Page 351: ...re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of Zyxel This warranty shall not apply if the product has been modified misused tampered...

Page 352: ...s in part some free software distributed under GPL license terms and or GPL like licenses Open source licenses are provided with the firmware package You can download the latest firmware at www zyxel...

Page 353: ...ng LEDs 24 Broadband 71 broadcast 94 BSS 118 320 example 118 BYE request 248 C CA 221 326 call history 243 call hold 254 255 call service mode 253 255 call transfer 254 255 call waiting 254 255 Canoni...

Page 354: ...disclaimer 345 DLNA 201 DMZ 175 DNS 127 139 DNS server address assignment 95 Domain Name 181 Domain Name System see DNS Domain Name System See DNS DoS 206 DS field 163 252 DS dee differentiated servic...

Page 355: ...Internet wizard setup 34 Internet access 16 wizard setup 34 Internet Protocol version 6 72 Internet Protocol version 6 see IPv6 Intra LAN Multicast 189 IP address 127 140 ping 302 private 140 WAN 72...

Page 356: ...er 201 activation 201 iTunes server 201 MEP 301 MLD 187 MLDv1 187 MLDv2 187 MTU Multi Tenant Unit 94 multicast 94 Multicast Listener Discovery see MLD multimedia 244 Multiple BSS see MBSSID multiplexi...

Page 357: ...restoring configuration 299 RFC 1058 See RIP RFC 1389 See RIP RFC 1483 91 RFC 1889 247 RFC 3164 257 RIP 148 router features 16 Routing Information Protocol See RIP RTP 247 RTS Request To Send 323 thr...

Page 358: ...ate SCR 92 SYN attack 206 syslog protocol 257 severity levels 257 system firmware 295 version 68 passwords 27 28 reset 26 status 66 LAN 69 WAN 68 wireless LAN 69 time 288 T Tag Control Information See...

Page 359: ...gmentation threshold 107 115 limitations 117 MAC address filter 103 116 MBSSID 118 preamble 108 115 RADIUS server 116 RTS CTS threshold 107 115 security 115 SSID 116 activation 101 status 69 WEP 117 W...

Page 360: ...Index VMG8825 B Series User s Guide 360 Z ZyXEL Family Safety page 217...

Reviews:

No comments