manualshive.com logo in svg

ZyXEL Communications VSG1432-B101 - V1.10, Manual

The ZyXEL Communications VSG1432-B101 - V1.10 manual is a comprehensive guide to help you effortlessly set up and optimize your networking experience. This user-friendly manual is available for free download on our website, ensuring easy access to the information you need for maximizing the potential of your ZyXEL product.

Share
Download
background image

 Chapter 21 IPSec

VSG1432-B101 Series User’s Guide

261

Transport

 mode 

ESP

 with authentication is not compatible with NAT.

21.4.6  VPN, NAT, and NAT Traversal

NAT is incompatible with the AH protocol in both transport

 

and tunnel

 

mode. An 

IPSec VPN using the AH protocol digitally signs the outbound packet, both data 
payload and headers, with a hash value appended to the packet, but a NAT device 
between the IPSec endpoints rewrites the source or destination address. As a 
result, the VPN device at the receiving end finds a mismatch between the hash 
value and the data and assumes that the data has been maliciously altered.

NAT is not normally compatible with ESP in transport mode either, but the ZyXEL 
Device’s 

NAT Traversal

 feature provides a way to handle this. NAT traversal 

allows you to set up an IKE SA when there are NAT routers between the two IPSec 
routers.

Figure 123   

NAT Router Between IPSec Routers

Normally you cannot set up an IKE SA with a NAT router between the two IPSec 
routers because the NAT router changes the header of the IPSec packet. NAT 
traversal solves the problem by adding a UDP port 500 header to the IPSec 
packet. The NAT router forwards the IPSec packet with the UDP port 500 header 
unchanged. In the above figure, when IPSec router 

A

 tries to establish an IKE SA, 

IPSec router 

B

 checks the UDP port 500 header, and IPSec routers 

A

 and 

B

 build 

the IKE SA.

For NAT traversal to work, you must:

• Use ESP security protocol (in either transport or tunnel mode).
• Use  IKE  keying  mode.
• Enable NAT traversal on both IPSec endpoints.
• Set the NAT router to forward UDP port 500 to IPSec router 

A

.

Table 89   

VPN and NAT

SECURITY PROTOCOL

MODE

NAT

AH

Transport

N

AH

Tunnel

N

ESP

Transport

N

ESP

Tunnel

Y

A

B

Summary of Contents for VSG1432-B101 - V1.10

Page 1: ...m VSG1432 B101 Series 802 11n Wireless VDSL2 4 port Gateway Copyright 2010 ZyXEL Communications Corporation Firmware Version 1 10 Edition 1 11 2010 Default Login Details IP Address http 192 168 1 1 User Name admin Password 1234 ...

Page 2: ......

Page 3: ...ou get up and running right away It contains information on setting up your network and configuring for Internet access Support Disc Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications Documentation Feedback Send your comments questions or suggestions to techwriters zyxel com tw Thank you The Te...

Page 4: ...experiences as well Customer Support In the event of problems that cannot be solved by using this manual you should contact your vendor If you cannot contact your vendor then contact a ZyXEL office for the region in which you bought the device See http www zyxel com web contact_us php for contact information Please have the following information ready when you contact an office Product model and s...

Page 5: ...d font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Log Log Setting means you fir...

Page 6: ...r s Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The ZyXEL Device icon is not an exact representation of your device ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch ...

Page 7: ...tage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution If the power adaptor or cord is damaged remove it from the device and the power source Do NOT attempt to...

Page 8: ...Safety Warnings VSG1432 B101 Series User s Guide 8 ...

Page 9: ... Quality of Service QoS 151 Policy Forwarding 171 Network Address Translation NAT 175 Dynamic DNS Setup 193 IGMP 199 Interface Group 211 Firewall 215 MAC Filter 225 Parental Control 227 Scheduler Rules 231 Certificates 233 IPSec 245 Service Control 265 ARP Table 267 Logs 269 Traffic Status 273 IGMP Status 279 Users Configuration 283 Remote Management 287 Time Settings 291 Logs Setting 295 Firmware...

Page 10: ...Contents Overview VSG1432 B101 Series User s Guide 10 ...

Page 11: ...od Habits for Managing the ZyXEL Device 23 1 4 Applications for the ZyXEL Device 24 1 4 1 Internet Access 24 1 4 2 ZyXEL Device s USB Support 25 1 5 Hardware Setup 26 1 6 Hardware Connections 28 1 7 LEDs Lights 29 1 8 The RESET Button 31 1 9 Wireless Access 31 1 9 1 Using the WLAN WPS Button 31 Chapter 2 The Web Configurator 33 2 1 Overview 33 2 1 1 Accessing the Web Configurator 33 2 2 Web Config...

Page 12: ...QoS Queue and Class Setup 60 4 8 Access the ZyXEL Device Using DDNS 63 4 8 1 Registering a DDNS Account on www dyndns org 64 4 8 2 Configuring DDNS on Your ZyXEL Device 64 4 8 3 Testing the DDNS Setting 65 4 9 Access Your Shared Files From a Computer 65 Part II Technical Reference 67 Chapter 5 Network Map and Status Screens 69 5 1 Overview 69 5 2 The Network Map Screen 69 5 3 The Status Screen 71 ...

Page 13: ...1 Edit More AP 102 7 4 MAC Authentication 103 7 5 The WPS Screen 105 7 6 The WMM Screen 106 7 7 The WDS Screen 107 7 7 1 WDS Scan 109 7 8 The Others Screen 110 7 9 Technical Reference 111 7 9 1 Wireless Network Overview 111 7 9 2 Additional Wireless Terms 113 7 9 3 Wireless Security Overview 114 7 9 4 Signal Problems 117 7 9 5 BSS 117 7 9 6 MBSSID 118 7 9 7 Preamble Type 119 7 9 8 Wireless Distrib...

Page 14: ... this Chapter 151 10 2 What You Need to Know 152 10 3 The Quality of Service General Screen 153 10 4 The Queue Setup Screen 154 10 4 1 Adding a QoS Queue 156 10 5 The Class Setup Screen 157 10 5 1 Add Edit QoS Class 159 10 6 The QoS Policer Setup Screen 163 10 6 1 Add Edit a QoS Policer 164 10 7 The QoS Monitor Screen 165 10 8 Technical Reference 166 Chapter 11 Policy Forwarding 171 11 1 Overview ...

Page 15: ...o in this Chapter 194 13 1 2 What You Need To Know 194 13 2 The DNS Entry Screen 195 13 2 1 Add Edit DNS Entry 196 13 3 The Dynamic DNS Screen 196 Chapter 14 IGMP 199 14 1 Overview 199 14 1 1 What You Can Do in this Chapter 199 14 1 2 What You Need to Know 199 14 2 The IGMP General Screen 202 14 3 IGMP Filter Configuration 204 14 3 1 IGMP Host Limitation Edit 206 14 3 2 IGMP Service Add 207 14 3 3...

Page 16: ...he Parental Control Screen 227 18 2 1 Add Edit Parental Control Rule 228 Chapter 19 Scheduler Rules 231 19 1 Overview 231 19 2 The Scheduler Rules Screen 231 19 2 1 Add Edit a Schedule 232 Chapter 20 Certificates 233 20 1 Overview 233 20 1 1 What You Can Do in this Chapter 233 20 2 What You Need to Know 233 20 3 The Local Certificates Screen 234 20 3 1 Create Certificate Request 235 20 3 2 Load Si...

Page 17: ...PN NAT and NAT Traversal 261 21 4 7 ID Type and Content 262 21 4 8 Pre Shared Key 263 21 4 9 Diffie Hellman DH Key Groups 264 Chapter 22 Service Control 265 22 1 Overview 265 22 2 The Service Control Screen 265 Chapter 23 ARP Table 267 23 1 Overview 267 23 1 1 How ARP Works 267 23 2 ARP Table Screen 268 Chapter 24 Logs 269 24 1 Overview 269 24 1 1 What You Can Do in this Chapter 269 24 1 2 What Yo...

Page 18: ...5 Chapter 28 Remote Management 287 28 1 Overview 287 28 1 1 What You Can Do in this Chapter 287 28 2 The TR 069 Clients Screen 287 28 3 The TR 064 Screen 289 Chapter 29 Time Settings 291 29 1 Overview 291 29 2 The Time Setting Screen 291 Chapter 30 Logs Setting 295 30 1 Overview 295 30 2 The Log Settings Screen 295 30 2 1 Example E mail Log 297 Chapter 31 Firmware Upgrade 299 31 1 Overview 299 31 ...

Page 19: ...ternet Access 310 34 4 Wireless Internet Access 312 Chapter 35 Product Specifications 315 35 1 Hardware Specifications 315 35 2 Firmware Specifications 316 Appendix A Setting up Your Computer s IP Address 321 Appendix B IP Addresses and Subnetting 345 Appendix C Pop up Windows JavaScripts and Java Permissions 355 Appendix D Wireless LANs 365 Appendix E Services 381 Appendix F Open Software Announc...

Page 20: ...Table of Contents VSG1432 B101 Series User s Guide 20 ...

Page 21: ...21 PART I User s Guide ...

Page 22: ...22 ...

Page 23: ...vice The ZyXEL Device has a a USB port used to share files via a USB memory stick or a USB hard drive See Chapter 35 on page 315 for a full list of features 1 2 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device Web Configurator This is recommended for everyday management of the ZyXEL Device using a supported web browser TR 069 This is an auto configuration...

Page 24: ...the ZyXEL Device You could simply restore your last configuration 1 4 Applications for the ZyXEL Device Here are some example uses for which the ZyXEL Device is well suited 1 4 1 Internet Access Your ZyXEL Device provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack You can have up to five WAN services over one ADSL VDSL or Etherne...

Page 25: ... the IP filter is on all incoming traffic from the Internet to your network is blocked by default unless it is initiated from your network This means that probes from the outside to your network are not allowed but you can safely browse the Internet and download files 1 4 2 ZyXEL Device s USB Support The USB port of the ZyXEL Device is used for file sharing ADSL VDSL WLAN PPPoE IPoE Bridging WAN A...

Page 26: ...tick or a USB hard drive B You can connect one USB hard drive to the ZyXEL Device at a time Use FTP to access the files on the USB device Figure 2 USB File Sharing Application 1 5 Hardware Setup Place the ZyXEL Device flat on a desk or table or on the stand for a vertical installation Remove the ZyXEL Device s clear plastic covers before using it B A ...

Page 27: ...pter 1 Introducing the VSG1432 B101 VSG1432 B101 Series User s Guide 27 To connect the stand line up the arrow on the stand with the arrow on the bottom of the device as shown Figure 3 Connecting the Stand ...

Page 28: ...a and point it up 2 Do one of the following for your Internet connection 2a DSL WAN Use a telephone cable to connect your ZyXEL Device s DSL WAN port to a telephone jack or the DSL or modem jack on a splitter if you have one 2b ETHERNET WAN If you already have a broadband router or modem use an Ethernet cable to connect the ETHERNET WAN port to it for Internet access 2 3 4 5 1 ...

Page 29: ...r lower memory stick or a USB hard drive for file sharing Use a USB extension cable if the stick is too big to fit 5 POWER Use the provided power adaptor to connect the POWER socket to an appropriate power source Make sure the power at the outlet is on After connecting the power adaptor look at the lights on the front panel 1 7 LEDs Lights The following graphic displays the labels of the LEDs Figu...

Page 30: ...nking The ZyXEL Device is sending or receiving data to from the Gigabit Ethernet link Off There is no Gigabit Ethernet link USB Green On The ZyXEL Device recognizes a USB connection Blinking The ZyXEL Device is sending receiving data to from the USB device connected to it Off The ZyXEL Device does not detect a USB connection DSL WAN Green On The DSL line is up Blinking The ZyXEL Device is initiali...

Page 31: ...ns to blink the defaults have been restored and the device restarts 1 9 Wireless Access The ZyXEL Device is a wireless Access Point AP for wireless clients such as notebook computers or PDAs and iPads It allows them to connect to the Internet without having to rely on inconvenient Ethernet cables You can configure your wireless network in either the built in Web Configurator or using the WPS butto...

Page 32: ...nother WPS enabled device within range of the ZyXEL Device The WLAN WPS LED flashes green and orange while the ZyXEL Device sets up a WPS connection with the other wireless device 4 Once the connection is successfully made the WLAN WPS LED shines green To turn off the wireless network press the WLAN WPS button on the front of the ZyXEL Device for one to five seconds The WLAN WPS LED turns off when...

Page 33: ...ult See Appendix C on page 355 if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Configurator 1 Make sure your ZyXEL Device hardware is properly connected refer to the Quick Start Guide 2 Launch your web browser If the ZyXEL Device does not automatically re direct you to the login screen go to http 192 168 1 1 3 A password screen displays To access t...

Page 34: ...your last login such as the time number of failed login attempts and when the password expires It also shows if you are logged on from an IP address Select Show this page next time to see the welcome screen on your next login Otherwise deselect it Click Continue Figure 8 Welcome Screen 5 The following screen displays if you have not yet changed your password It is strongly recommended you change t...

Page 35: ... Figure 10 Network Map Note For security reasons the ZyXEL Device automatically logs you out if you do not use the web configurator for ten minutes default If this happens log in again 7 Click Status to display the Status screen where you can view the ZyXEL Device s interface and system information ...

Page 36: ...r s Guide 36 2 2 Web Configurator Layout Figure 11 Screen Layout As illustrated above the main screen is divided into these parts A title bar B main window C navigation panel 2 2 1 Title Bar The title bar provides some icons in the upper right corner B C A ...

Page 37: ...the web configurator Table 3 Navigation Panel Summary LINK TAB FUNCTION Network Map This screen shows the network status of the ZyXEL Device and computers devices connected to it Network Settings Broadband Use this screen to view and configure ISP parameters WAN IP address assignment and other advanced properties You can also add new WAN connections Wireless General Use this screen to configure th...

Page 38: ...e your ZyXEL Device s port triggering settings DMZ Use this screen to configure a default server which receives packets from ports that are not specified in the Port Forwarding screen ALG Use this screen to enable or disable SIP ALG Sessions Use this screen to limit the number of NAT sessions a single client can establish DNS DNS Entry Use this screen to view and configure DNS routes Dynamic DNS U...

Page 39: ...work traffic going through the WAN port of the ZyXEL Device LAN Use this screen to view the status of all network traffic going through the LAN ports of the ZyXEL Device IGMP Group Status IGMP Group Use this screen to view the status of all IGMP settings on the ZyXEL Device IGMP Statistics Use this screen to view the ZyXEL Device s IGMP multicast group and IGMP traffic statistics Maintenance Users...

Page 40: ...Chapter 2 The Web Configurator VSG1432 B101 Series User s Guide 40 ...

Page 41: ...ess and wireless settings Note See the technical reference chapters starting on page 67 for background information on the features in this chapter 3 2 Quick Start Setup 1 Click the Click Start icon in the top right corner of the web configurator to open the quick start screens Select the time zone of the ZyXEL Device s location and click Next Figure 12 Time Zone ...

Page 42: ...ic IP address settings to use select Yes and enter them in the fields that display Click Next Figure 13 Internet Connection 3 Turn the wireless LAN on or off If you keep it on record the security settings so you can configure your wireless clients to connect to the ZyXEL Device Click Save Figure 14 Internet Connection 4 Your ZyXEL Device saves your settings and attempts to connect to the Internet ...

Page 43: ...S Queue and Class Setup see page 60 Access the ZyXEL Device Using DDNS see page 63 Access Your Shared Files From a Computer see page 65 4 2 Setting Up an ADSL PPPoE Connection This tutorial shows you how to set up your Internet connection using the Web Configurator If you connect to the Internet through an ADSL connection use the information from your Internet Service Provider ISP to configure the...

Page 44: ... you by your DSL service provider 5 Configure this rule as your default Internet connection by selecting the Apply as Default Gateway check box Then select DNS as Static and enter the DNS server addresses provided to you such as 192 168 5 2 DNS server1 192 168 5 1 DNS server2 General Connection Name MyDSLConnection Type ADSL Connection Mode Routing Encapsulation PPPoE ATM PVC Configuration VPI VCI...

Page 45: ...Chapter 4 Tutorials VSG1432 B101 Series User s Guide 45 6 Click Apply to save your settings 7 You should see a summary of your new DSL connection setup in the Broadband screen as follows ...

Page 46: ...net In this wireless network the ZyXEL Device serves as an access point AP and the notebook is the wireless client The wireless client can access the Internet through the AP Thomas has to configure the wireless network settings on the ZyXEL Device Then he can set up a wireless network using WPS Section 4 3 2 on page 48 or manual configuration Section 4 3 3 on page 52 4 3 1 Configuring the Wireless...

Page 47: ...nd WPA PSK as the security mode Configure the screen using the provided parameters see page 46 Click Apply 2 Go to the Wireless Others screen and select 802 11b g n Mixed in the 802 11 Mode field Click Apply Thomas can now use the WPS feature to establish a wireless connection between his notebook and the ZyXEL Device see Section 4 3 2 on page 48 He can also ...

Page 48: ...the wireless client settings Push Button Configuration PBC simply press a button This is the easier of the two methods PIN Configuration configure a Personal Identification Number PIN on the ZyXEL Device A wireless client must also use the same PIN in order to download the wireless network settings from the ZyXEL Device Push Button Configuration PBC 1 Make sure that your ZyXEL Device is turned on ...

Page 49: ...nect button Note Your ZyXEL Device has a WPS button located on its front panel as well as a WPS button in its configuration utility Both buttons have exactly the same function you can use one or the other Note It doesn t matter which button is pressed first You must press the second button within two minutes of pressing the first one The ZyXEL Device sends the proper configuration settings to the ...

Page 50: ...re shows you an example of how to set up a wireless network and its security by pressing a button on both ZyXEL Device and wireless client Example WPS Process PBC Method Wireless Client ZyXEL Device SECURITY INFO COMMUNICATION WITHIN 2 MINUTES Press and hold for 5 seconds WPS ...

Page 51: ...number 2 Log into ZyXEL Device s web configurator and go to the Network Settings Wireless WPS screen Enable the WPS function and click Apply 3 Enter the PIN number of the wireless client and click the Register button Activate WPS function on the wireless client utility screen within two minutes The ZyXEL Device authenticates the wireless client and sends the proper configuration settings to the wi...

Page 52: ...ss client by using PIN method Example WPS Process PIN Method 4 3 3 Without WPS Use the wireless adapter s utility installed on the notebook to search for the Example SSID Then enter the DoNotStealMyWirelessNetwork pre shared key to establish an wireless Internet connection Authentication by PIN SECURITY INFO WITHIN 2 MINUTES Wireless Client ZyXEL Device COMMUNICATION ...

Page 53: ...n in the following figure Each group has its own SSID and security mode Employees in Company A will use a general Comapny wireless network group Higher management level and important visitors will use the VIP group Visiting guests will use the Guest group which has a lower security mode Company A will use the following parameters to set up the wireless network groups COMPANY VIP GUEST SSID Company...

Page 54: ...en the General screen Use this screen to set up the company s general wireless network group Configure the screen using the provided parameters and click Apply 2 Click Network Settings Wireless More AP to open the following screen Click the Edit icon to configure the second wireless network group ...

Page 55: ...r 4 Tutorials VSG1432 B101 Series User s Guide 55 3 Configure the screen using the provided parameters and click Apply 4 In the More AP screen click the Edit icon to configure the third wireless network group ...

Page 56: ...the More AP screen The yellow bulbs signify that the SSIDs are active and ready for wireless access 4 5 Setting Up NAT Port Forwarding Thomas manages the Doom server on a computer behind the ZyXEL Device In order for players on the Internet like A in the figure below to communicate with the Doom server Thomas needs to configure the port settings and IP address on ...

Page 57: ...information 1 Click Network Settings NAT Add new rule and configure the screen with the following values 2 The screen should look as follows Click Apply D 192 168 1 34 WAN LAN port 666 A Service Name Doom_Server WAN Interface Select the WAN interface through which the Doom service is forwarded This example uses MyDSLConnection External Port s Enter 666 as the Start and End port Server IP Address E...

Page 58: ...ol traffic flowing directions you may connect a router to the ZyXEL Device s LAN The router may be used to separate two department networks This tutorial shows how to configure a static routing rule for two network routings In the following figure router R is connected to the ZyXEL Device s LAN R connects to two networks N1 192 168 1 x 24 and N2 192 168 10 x 24 If you want to send traffic from com...

Page 59: ...ple IP settings To configure a static route to route traffic from N1 to N2 1 Log into the ZyXEL Device s Web Configurator in advanced mode 2 Click Advanced Routing 3 Click Add New Static Route Entry in the Static Route screen 4 Configure the Static Route Setup screen using the following settings Table 4 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The ZyXEL Device s WAN 172 16 1 1 The Z...

Page 60: ...r task includes sending urgent updates to clients at least twice every hour You also upload data files such as logs and e mail archives to the FTP server throughout the day Your colleagues use the Internet for research as well as chat applications for communicating with other branch offices In the following figure your Internet connection has an upstream transmission bandwidth of 10 000 kbps For t...

Page 61: ... your WAN Managed Upstream Bandwidth to 10 000 kbps or leave this blank to have the ZyXEL Device automatically determine this figure Click Apply Tutorial Advanced QoS 2 Click Queue Setup Add new Queue to create a new queue In the screen that opens check Active and enter or select the following values Name E mail To Interface WAN Priority 1 High Weight 8 10 000 kbps DSL Your computer IP 192 168 1 2...

Page 62: ...ries User s Guide 62 Rate Limit 5 000 kbps Tutorial Advanced QoS Queue Setup 3 Click Class Setup Add new Classifier to create a new class Check Active and follow the settings as shown in the screen below Tutorial Advanced QoS Class Setup ...

Page 63: ...s changes dynamically Dynamic DNS DDNS allows you to access the ZyXEL Device using a domain name To use this feature you have to apply for DDNS service at www dyndns org This tutorial covers Registering a DDNS Account on www dyndns org Class Name Give a class name to this traffic such as E mail in this example From Interface This is the interface from which the traffic will be coming from Select L...

Page 64: ...a new DDNS host name This tutorial uses the following settings as an example Hostname zyxelrouter dyndns org Service Type Host with IP address IP Address Enter the WAN IP address that your ZyXEL Device is currently using You can find the IP address on the ZyXEL Device s Web Configurator Status page Then you will need to configure the same account and host name on the ZyXEL Device later 4 8 2 Confi...

Page 65: ...the computer using the IP address a b c d that is connected to the Internet 2 Type http zyxelrouter dyndns org and press Enter 3 The ZyXEL Device s login page should appear You can then log into the ZyXEL Device and manage it 4 9 Access Your Shared Files From a Computer Here is how to use an FTP program to access a file storage device connected to the ZyXEL Device s USB port Note This example uses...

Page 66: ...the IP address of the ZyXEL Device the default is 192 168 1 1 your account s user name and password and port 21 and click Quickconnect A screen asking for password authentication appears File Sharing via Windows Explorer Once you log in the USB device displays in the mnt folder ...

Page 67: ...67 PART II Technical Reference ...

Page 68: ...68 ...

Page 69: ...he network connection status of the ZyXEL Device and clients connected to it You can use the Status screen to look at the current status of the ZyXEL Device system resources and interfaces LAN WAN and WLAN 5 2 The Network Map Screen Use this screen to view the network connection status of the device and its clients A warning message appears if there is a connection problem ...

Page 70: ... update this screen in Refresh Interval Figure 15 Network Map Icon Mode Figure 16 Network Map List Mode In Icon Mode if you want to view information about a client click the client s name and Info Click the IP address if you want to change it If you want to change the name or icon of the client click Change name icon In List Mode you can also view the client s information and click on the IP addre...

Page 71: ...is screen Device Information Host Name This field displays the ZyXEL Device system name It is used for identification Model Number This shows the model number of your ZyXEL Device Firmware Version This is the current version of the firmware inside the device WAN Information These fields display when you have a WAN connection MAC Address This shows the WAN Ethernet adapter MAC Media Access Control ...

Page 72: ...computers in the LAN Relay The ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients None The ZyXEL Device is not providing any DHCP services to the LAN WLAN Information MAC Address This shows the wireless adapter MAC Media Access Control Address of your device Status This displays whether WLAN is activated Name SSID This is t...

Page 73: ...when WLAN is disabled System Status System Up Time This field displays how long the ZyXEL Device has been running since it last started up The ZyXEL Device starts up when you plug it in when you restart it Maintenance Reboot or when you reset it Current Date Time This field displays the current date and time in the ZyXEL Device You can change this in Maintenance Time Setting System Resource CPU Us...

Page 74: ...Chapter 5 Network Map and Status Screens VSG1432 B101 Series User s Guide 74 ...

Page 75: ...other networks so that a computer in one location can communicate with computers in other locations Figure 18 LAN and WAN 6 1 1 What You Need to Know Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol To set up a WAN connection to the Internet you need to use the same encapsulation method used by your ISP Internet Service Provider If...

Page 76: ...d Multicast Traditionally IP packets are transmitted in one of either two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just one IGMP IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast group it is not used to carry use...

Page 77: ...e name of the connection Type This shows whether it is a VDSL ADSL or Ethernet connection Encapsulation This is the method of encapsulation used by this connection VLAN This is the Virtual LAN VLAN number configured for this WAN connection VPI VCI This is the Virtual Path Identifier VPI and Virtual Channel Identifier VCI numbers configured for this WAN connection ATM QoS This is the type of ATM Qo...

Page 78: ...vice provider PPPoE offers an access and authentication method that works with existing access control systems for example Radius One of the benefits of PPPoE is the ability to let you access one of multiple network services a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE saves significan...

Page 79: ...Chapter 6 Broadband VSG1432 B101 Series User s Guide 79 This screen displays when you select the Routing mode and PPPoE encapsulation Figure 20 Broadband Add Edit ADSL PPPoE Encapsulation ...

Page 80: ...ct the method of encapsulation used by your ISP from the drop down list box This option is available only when you select Routing in the Mode field The choices are PPPoE PPPoA IPoE and IPoA ATM PVC Configuration These fields appear when the Type is set to ADSL VPI The valid range for the VPI is 0 to 255 Enter the VPI assigned to you VCI The valid range for the VCI is 32 to 65535 0 to 31 is reserve...

Page 81: ...CBR Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select Non Realtime VBR non real time Variable Bit Rate for connections that do not require closely controlled delay and delay variation Select Realtime VBR real time Variable Bit Rate for applications with bursty connections that require closely controlled delay and delay variation Peak Cell Rate Divide the DSL...

Page 82: ...is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the Internet Select this if you have a dynamic IP address Static IP Address Select this option If the ISP assigned a fixed IP address IP Address Enter the static IP address provided by your ISP IP Subnet Mask Enter the subnet mask provided by your ISP Gateway IP Addr...

Page 83: ...lds appear when the Type is set to VDSL or Ethernet Active Select this option to add the VLAN tag specified below to the outgoing traffic through this connection 802 1P IEEE 802 1p defines up to 8 separate traffic types by inserting a tag into a MAC layer frame that contains bits to define class of service Select the IEEE 802 1p priority level from 0 to 7 to add to traffic through this connection ...

Page 84: ... Ethernet header in the packet so that you can have multiple services connections over one PVC You can set each connection to have its own MAC address or all connections share one MAC address but use different VLAN IDs for different services Encapsulation Mode Select the method of multiplexing used by your ISP from the drop down list box Choices are LLC SNAP BRIDGING In LCC encapsulation bridged P...

Page 85: ...sent at the peak rate Type the MBS which is less than 65535 This field is available only when you select Non Realtime VBR or Realtime VBR VLAN These fields appear when the Type is set to VDSL or Ethernet Active Select this option to add the VLAN tag specified below to the outgoing traffic through this connection 802 1P IEEE 802 1p defines up to 8 separate traffic types by inserting a tag into a MA...

Page 86: ...ervices a function known as dynamic service selection This enables the service provider to easily create and offer new IP services for individuals Operationally PPPoE saves significant effort for both you and the ISP or carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the ZyXEL Device rather than individual computers the...

Page 87: ...practical to have a separate VC for each carried protocol for example if charging heavily depends on the number of simultaneous VCs 6 3 3 VPI and VCI Be sure to use the correct Virtual Path Identifier VPI and Virtual Channel Identifier VCI numbers assigned to you The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 0 to 31 is reserved for local management of ATM traffic Please se...

Page 88: ... be lower but not higher than the maximum line speed 1 ATM cell is 53 bytes 424 bits so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells sec This rate is not guaranteed because it is dependent on the line speed Sustained Cell Rate SCR is the mean cell rate of each bursty traffic source It specifies the maximum average rate at which cells can be sent over the virtual connection SCR may ...

Page 89: ...fied but is only available when data is being sent An example of an VBR RT connection would be video conferencing Video conferencing requires real time data transfers and the bandwidth requirement varies in proportion to the video image s changing dynamics The VBR nRT non real time Variable Bit Rate type is used with bursty connections that do not require closely controlled delay and delay variati...

Page 90: ... with a specific VLAN and provides the information that switches need to process the frame across the network A tagged frame is four bytes longer than an untagged frame and contains two bytes of TPID Tag Protocol Identifier residing within the type length field of the Ethernet frame and two bytes of TCI Tag Control Information starts after the source address field of the Ethernet frame The CFI Can...

Page 91: ...ks on your ZyXEL Device Section 7 3 on page 101 Use the MAC Authentication screen to allow or deny wireless clients based on their MAC addresses from connecting to the ZyXEL Device Section 7 4 on page 103 Use the WPS screen to enable or disable WPS view or generate a security PIN Personal Identification Number Section 7 5 on page 105 Use the WMM screen to enable Wi Fi MultiMedia WMM to ensure qual...

Page 92: ...a license to use However wireless networking is different from that of most traditional radio communications in that there a number of wireless networking standards available with different methods of data encryption Finding Out More See Section 7 9 on page 111 for advanced technical information on wireless networks 7 2 The General Screen Use this screen to enable the Wireless LAN enter the SSID a...

Page 93: ...Disable the wireless LAN in this field Channel Set the channel depending on your particular region Select a channel or use Auto to have the ZyXEL Device automatically determine a channel to use If you are having problems with wireless interference changing the channel may help Try to use a channel that is as many channels away from any channels used by neighboring APs as possible The channel numbe...

Page 94: ... channel bonds two adjacent radio channels to increase throughput The wireless clients must also support 40 MHz It is often better to use the 20 MHz setting in a location where the environment hinders the wireless signal Select 20MHz if you want to lessen radio interference with other wireless devices in your neighborhood or the wireless clients do not support channel bonding Control Sideband This...

Page 95: ...nly connect to the Internet through the ZyXEL Device Enhanced Multicast Forwarding Select this check box to allow the ZyXEL Device to convert wireless multicast traffic into wireless unicast traffic Security Level Security Mode Select Basic WEP or More Secure WPA 2 PSK WPA 2 to add security on this wireless network The wireless clients which want to associate to this network must have same wireles...

Page 96: ...ty mechanism that all the wireless devices in your network support For example use WPA PSK or WPA2 PSK if all your wireless devices support it or use WPA or WPA2 if your wireless devices support it and you have a RADIUS server If your wireless devices support nothing stronger than WEP use the highest encryption level available Your ZyXEL Device allows you to configure up to four 64 bit or 128 bit ...

Page 97: ...e used to encrypt data Both the ZyXEL Device and the wireless stations must use the same password WEP key for data transmission If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F You must configure at least one password only one password can be activated at any o...

Page 98: ...select WPA PSK or WPA2 PSK from the Security Mode list Figure 26 Wireless General More Secure WPA 2 PSK The following table describes the labels in this screen Table 12 Wireless General More Secure WPA 2 PSK LABEL DESCRIPTION Security Level Select More Secure to enable WPA 2 PSK data encryption Security Mode Select WPA PSK or WPA2 PSK from the drop down list box Generate password automatically Sel...

Page 99: ...dentials This encryption standard is slightly older than WPA2 and therefore is more compatible with older devices WPA PSK Compatible This field appears when you choose WPA PSK2 as the Security Mode Check this field to allow wireless devices using WPA PSK security mode to connect to your ZyXEL Device The ZyXEL Device supports WPA PSK and WPA2 PSK simultaneously Encryption Select the encryption type...

Page 100: ... external authentication server in dotted decimal notation Port Number Enter the port number of the external authentication server The default port number is 1812 You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authenticati...

Page 101: ...lient already connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Select Enabled to turn on preauthentication in WAP2 Otherwise select Disabled Network Re auth Interval Specify how often wireless stations have to resend usernames and passwords in order to stay connected If wireless station authentication is done using a RADIUS server the reauthenticati...

Page 102: ...ireless client scans for an AP to associate with this is the name that is broadcast and seen in the wireless client utility Security This field indicates the security mode of the SSID profile Modify Click the Edit icon to configure the SSID profile Table 14 Network Settings Wireless More AP LABEL DESCRIPTION Table 15 More AP Edit LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or ...

Page 103: ...communicating with each other MBSSID LAN Isolation Select this to keep the wireless clients in this SSID from communicating with clients in other SSIDs or LAN devices Enhanced Multicast Forwarding Select this check box to allow the ZyXEL Device to convert wireless multicast traffic into wireless unicast traffic Security Level Security Mode Select Basic WEP or More Secure WPA 2 PSK WPA 2 to add sec...

Page 104: ...dresses not listed will be allowed to access the ZyXEL Device Select Allow to permit access to the ZyXEL Device MAC addresses not listed will be denied access to the ZyXEL Device Add new MAC address Click this if you want to add a new MAC address entry to the MAC filter list below Enter the MAC addresses of the wireless devices that are allowed or denied access to the ZyXEL Device in these address...

Page 105: ...ettings of the SSID1 profile see Section 7 2 on page 92 If you want to use the WPS feature make sure you have set the security mode of SSID1 to WPA PSK WPA2 PSK or No Security Click Network Settings Wireless WPS The following screen displays Select Enable and click Apply to activate the WPS function Then you can configure the WPS settings in this screen Figure 31 Network Settings Wireless WPS The ...

Page 106: ...e to your wireless network You can find the PIN either on the outside of the device or by checking the device s settings Note You must also activate WPS on that device within two minutes to have it present its PIN to the ZyXEL Device Method 3 Use this section to set up a WPS wireless network by entering the PIN of the ZyXEL Device into the client Release Configuration The default WPS status is con...

Page 107: ...ients Note At the time of writing WDS is compatible with other ZyXEL APs only Not all models support WDS links Check your other AP s documentation Table 18 Network Settings Wireless WMM LABEL DESCRIPTION WMM Select On to have the ZyXEL Device automatically give a service a priority level according to the ToS value in the IP header of packets it sends WMM QoS Wifi MultiMedia Quality of Service give...

Page 108: ...r APs In this mode clients cannot connect to the ZyXEL Device wirelessly Bridge Restrict This field is available only when you set operating mode to Access Point Select Enabled to turn on WDS and enter the peer device s MAC address manually in the table below Select Disable to turn off WDS Remote Bridge MAC Address You can enter the MAC address of the peer device by clicking the Edit icon under Mo...

Page 109: ...an icon to search and display the available APs within range Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 19 Network Settings Wireless WDS LABEL DESCRIPTION Table 20 WDS Scan LABEL DESCRIPTION Wireless Bridge Scan Setup Refresh Click Refresh to update the table This is the index number of the entry SSID This shows the SSID of the availa...

Page 110: ... sent Enter a value between 256 and 2346 Auto Channel Timer If you set the channel to Auto in the Network Settings Wireless General screen specify the interval in minutes for how often the ZyXEL Device scans for the best channel Enter 0 to disable the periodical scan Output Power Set the output power of the ZyXEL Device If there is a high density of APs in an area decrease the output power to redu...

Page 111: ...ith the ZyXEL Device The transmission rate of your ZyXEL Device might be reduced Select 802 11b g n Mixed to allow IEEE 802 11b IEEE 802 11g or IEEE802 11n compliant WLAN devices to associate with the ZyXEL Device The transmission rate of your ZyXEL Device might be reduced 802 11 Protection Enabling this feature can help prevent collisions in mixed mode networks networks with both IEEE 802 11b and...

Page 112: ...s clients The wireless clients connect to the access points An ad hoc type of network is one in which there is no access point Wireless clients connect to one another in order to exchange information The following figure provides an example of a wireless network Figure 36 Example of a Wireless Network The wireless network is the part in the blue circle In this wireless network devices A and B use ...

Page 113: ...ms and acronyms used in the ZyXEL Device s Web Configurator Table 22 Additional Wireless Terms TERM DESCRIPTION RTS CTS Threshold In a wireless network which covers a large area wireless devices are sometimes not aware of each other s presence This may cause them to send information to the AP at the same time and result in information colliding and not getting through By setting this value lower t...

Page 114: ... all but it will not keep a determined attacker out Other security standards are secure in themselves but can be broken if a user does not use them properly For example the WPA PSK security standard is very secure if you use a long key which is difficult for an attacker s software to guess for example a twenty letter long string of apparently random numbers and letters but it is not very secure if...

Page 115: ... security does not protect the information that is sent in the wireless network Furthermore there are ways for unauthorized wireless devices to get the MAC address of an authorized device Then they can use that MAC address to use the wireless network 7 9 3 3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network You can make ...

Page 116: ...as two devices Device A only supports WEP and device B supports WEP and WPA Therefore you should set up Static WEP in the wireless network Note It is recommended that wireless networks use WPA PSK WPA or stronger encryption The other types of encryption are better than none at all but it is still possible for unauthorized wireless devices to figure out the original information pretty quickly When ...

Page 117: ...trol communications or from machines that are coincidental emitters such as electric motors or microwaves Problems with absorption occur when physical objects such as thick walls are between the two radios muffling the signal 7 9 5 BSS A Basic Service Set BSS exists when all communications between wireless stations or between a wireless station and a wired network client go through one access poin...

Page 118: ...tifier function allows you to use one access point to provide several BSSs simultaneously You can then assign varying QoS priorities and or security modes to different SSIDs Wireless devices can use different BSSIDs to associate with the same AP 7 9 6 1 Notes on Multiple BSSs A maximum of eight BSSs are allowed on one AP simultaneously You must use different keys for different BSSs If two wireless...

Page 119: ... support it otherwise the ZyXEL Device uses long preamble Note The wireless devices MUST use the same preamble mode in order to communicate 7 9 8 Wireless Distribution System WDS The ZyXEL Device can act as a wireless network bridge and establish WDS Wireless Distribution System links with other APs You need to know the MAC addresses of the APs you want to link to Once the security settings of pee...

Page 120: ... Configuration PBC is initiated by pressing a button on each WPS enabled device and allowing them to connect automatically You do not need to enter any information Not every WPS enabled device has a physical WPS button Some may have a WPS PBC button in their configuration utilities instead of or in addition to the physical button Take the following steps to set up WPS using the button 1 Ensure tha...

Page 121: ...g steps to set up a WPS connection between an access point or wireless router referred to here as the AP and a client device using the PIN method 1 Ensure WPS is enabled on both devices 2 Access the WPS section of the AP s configuration interface See the device s User s Guide for how to do this 3 Look for the client s WPS PIN it will be displayed either on the device or in the WPS section of the c...

Page 122: ... device acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the registrar is already part of a network it sends the exi...

Page 123: ...rollee All WPS certified APs can be a registrar and so can some WPS enabled wireless clients By default a WPS devices is unconfigured This means that it is not part of an existing network and can act as either enrollee or registrar if it supports both functions If the registrar is unconfigured the security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has c...

Page 124: ... Network Step 1 In step 2 you add another wireless client to the network You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network In this case AP1 must be the registrar since it is configured it already has security information for the network AP1 supplies the e...

Page 125: ...sing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devices However you can still add non WPS devices to a network you already set up using WPS WPS works by automatically issuing a randomly generated WPA PSK or WPA2 PSK pre shared key from the registrar d...

Page 126: ...ee if this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open the access point s configuration interface and look at the list of associated clients usually displayed by MAC address It does not matter if the access point is the WPS registrar the enrollee or...

Page 127: ...s to help you configure a LAN DHCP server and manage IP addresses 8 1 1 What You Can Do in this Chapter Use the LAN Setup screen to set the LAN IP address subnet mask and DHCP settings of your ZyXEL device Section 8 2 on page 130 Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Section 8 3 on page 132 Use the UPnP screen to ...

Page 128: ...DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a networking device before you can access it 8 1 2 2 About UPnP Identifying UPnP Devices UPnP hardware is identified as an icon in the Network Connections folder Windows XP Each UPnP compatible device installed o...

Page 129: ... UPnP device joins a network it announces its presence with a multicast message For security reasons the ZyXEL Device allows multicast messages on the LAN only All UPnP enabled devices may communicate freely with each other without additional configuration Disable UPnP if this is not your intention UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP Imp...

Page 130: ...figure your LAN settings 1 Enter an IP address into the IP Address field The IP address must be in dotted decimal notation This will become the IP address of your ZyXEL Device 2 Enter the IP subnet mask into the IP Subnet Mask field Unless instructed otherwise it is best to leave this alone the configurator will automatically compute a subnet mask based upon the IP address you entered 3 Click Appl...

Page 131: ...ield IP Address Enter the IP address of the actual remote DHCP server in this field IP Addressing Values This field is only available when you select Enable in the DHCP field Beginning IP Address This field specifies the first of the contiguous addresses in the IP address pool Ending IP Address This field specifies the last of the contiguous addresses in the IP address pool DHCP Server Lease Time ...

Page 132: ...e 24 Network Settings Home Networking LAN Setup LABEL DESCRIPTION Table 25 Network Settings Home Networking Static DHCP LABEL DESCRIPTION Add new static lease Click this to add a new static DHCP entry This is the index number of the entry Status This field displays whether the client is connected to the ZyXEL Device MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area N...

Page 133: ... can dynamically join a network obtain an IP address convey its capabilities and learn about other devices on the network In turn a device can leave a network smoothly and automatically when it is no longer in use See page 128 for more information on UPnP Table 26 Static DHCP Add Edit LABEL DESCRIPTION Active This field displays whether the client is connected to the ZyXEL Device MAC Address Enter...

Page 134: ...ove Programs Table 27 Network Settings Home Networking UPnP LABEL DESCRIPTION UPnP Select Enable to activate UPnP Be aware that anyone could use a UPnP application to open the web configurator s login screen without entering the ZyXEL Device s IP address although you must still enter the password to access the web configurator UPnP NAT T State Select Enable to allow UPnP enabled applications to au...

Page 135: ...p tab and select Communication in the Components selection box Click Details Add Remove Programs Windows Setup Communication 3 In the Communications window select the Universal Plug and Play check box in the Components selection box Add Remove Programs Windows Setup Communication Components ...

Page 136: ...s below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Network Connections 4 The Windows Optional Networking Components Wizard window displays Select Networking Service in the Components selection box and click Details Windows Optional ...

Page 137: ...xt 8 6 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device Make sure the computer is connected to a LAN port of the ZyXEL Device Turn on your computer and the ZyXEL Device Auto discover Your UPnP enabled Network Device 1 Click Start and Control Panel Double click ...

Page 138: ... Series User s Guide 138 2 Right click the icon and select Properties Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Internet Connection Properties ...

Page 139: ...ngs Internet Connection Properties Advanced Settings Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6 Select Show icon in notification area when connected option and click OK An icon displays in the system tray System Tray Icon ...

Page 140: ...atus Web Configurator Easy Access With UPnP you can access the web based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first This comes helpful if you do not know the IP address of the ZyXEL Device Follow the steps below to access the web configurator 1 Click Start and then Control Panel 2 Double click Network Connections ...

Page 141: ...k Places under Other Places Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your ZyXEL Device and select Invoke The web configurator login screen displays Network Connections My Network Places ...

Page 142: ...our ZyXEL Device and select Properties A properties window displays with basic information about the ZyXEL Device Network Connections My Network Places Properties Example 8 7 Technical Reference This section provides some technical background information about the topics covered in this chapter ...

Page 143: ...figuration for the clients If you turn DHCP service off you must have another DHCP server on your LAN or else the computer must be manually configured IP Pool Setup The ZyXEL Device is pre configured with a pool of IP addresses for the DHCP clients DHCP Pool See the product specifications in the appendices Do not assign static IP addresses from the DHCP pool to your LAN computers 8 7 3 DNS Server ...

Page 144: ...name so too do computers on a LAN share one common network number Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the ISP did not explicitly give you an IP network number then most likely you have a single u...

Page 145: ...rved the following three blocks of IP addresses specifically for private networks 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for y...

Page 146: ...Chapter 8 Home Networking VSG1432 B101 Series User s Guide 146 ...

Page 147: ...y use static routes For example the next figure shows a computer A connected to the ZyXEL Device s LAN interface The ZyXEL Device routes most traffic from A to the Internet through the ZyXEL Device s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 con...

Page 148: ...ellow bulb signifies that this route is active A gray bulb signifies that this route is not active Name This is the name that describes or identifies this route Destination IP This parameter specifies the IP network address of the final destination Routing is always based on network number Subnet Mask This parameter specifies the IP network subnet mask of the final destination Gateway This is the ...

Page 149: ...c route without having to delete the entry Route Name Enter a descriptive name for the static route Destination IP Address This parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the h...

Page 150: ...Chapter 9 Static Routing VSG1432 B101 Series User s Guide 150 ...

Page 151: ...packet a priority and then queues the packet accordingly Packets assigned a high priority are processed more quickly than those with low priority if there is congestion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Voice over IP VoIP or Interne...

Page 152: ...ging makes use of three bits in the packet header while DiffServ is a new protocol and defines a new DS field which replaces the eight bit ToS Type of Service field in the IP header Tagging and Marking In a QoS class you can configure whether to add or change the DSCP DiffServ Code Point value IEEE 802 1p priority level and VLAN ID number in a matched packet When the packet passes through a compat...

Page 153: ...ering algorithms Token Bucket Filter TBF Single Rate Two Color Maker srTCM and Two Rate Two Color Marker trTCM You can specify actions which are performed on the colored packets See Section 10 8 on page 166 for more information on each metering algorithm 10 3 The Quality of Service General Screen Click Network Settings QoS General to open the screen as shown next Use this screen to enable or disab...

Page 154: ...n the DSL port s actual transmission speed You can also set this number lower than the interfaces actual transmission speed This will cause the ZyXEL Device to not use some of the interfaces available bandwidth If you leave this field blank the ZyXEL Device automatically sets this number to be 95 of the WAN interfaces actual upstream transmission speed LAN Managed Downstream Bandwidth Enter the am...

Page 155: ...s queue is not active Name This shows the descriptive name of this queue Interface This shows the name of the ZyXEL Device s interface through which traffic in this queue passes Priority This shows the priority of this queue Weight This shows the weight of this queue Buffer Management This shows the queue management algorithm used for this queue Queue management algorithms determine how the ZyXEL ...

Page 156: ...es gets through faster while traffic in lower priority queues is dropped if the network is congested Weight Select the weight from 1 to 8 of this queue If two queues have the same priority level the ZyXEL Device divides the bandwidth across the queues according to their weights Queues with larger weights get more bandwidth than queues with smaller weights Buffer Management This field displays Drop...

Page 157: ...s QoS Class Setup to open the following screen Figure 55 Network Settings QoS Class Setup The following table describes the labels in this screen Table 33 Network Settings QoS Class Setup LABEL DESCRIPTION Add new Classifier Click this to create a new classifier This is the index number of the entry Status This field displays whether the classifier is active or not A yellow bulb signifies that thi...

Page 158: ...name of the queue in which traffic of this classifier is put Modify Click the Edit icon to edit the classifier Click the Delete icon to delete an existing classifier Note that subsequent rules move up by one when you take this action Table 33 Network Settings QoS Class Setup LABEL DESCRIPTION ...

Page 159: ...Service QoS VSG1432 B101 Series User s Guide 159 10 5 1 Add Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to a classifier to open the following screen Figure 56 Class Setup Add Edit ...

Page 160: ...k box and enter the source IP address in dotted decimal notation A blank source IP address means any source IP address Subnet Netmask Enter the source subnet mask Port Range If you select TCP or UDP in the IP Protocol field select the check box and enter the port number s of the source MAC Select the check box and enter the source MAC address of the packet MAC Mask Type the mask for the specified ...

Page 161: ...P UDP ICMP or IGMP If you select User defined enter the protocol service type number DHCP This field is available only when you select IP in the Ether Type field Select this option and select a DHCP option If you select Vendor Class ID DHCP Option 60 enter the Vendor Class Identifier Option 60 of the matched traffic such as the type of the hardware or firmware If you select User Class ID DHCP Opti...

Page 162: ...iority level with which the ZyXEL Device replaces the IEEE 802 1p priority field in the packets If you select Unchange the ZyXEL Device keep the 802 1p priority field in the packets VLAN ID If you select Remark enter a VLAN ID number with which the ZyXEL Device replaces the VLAN ID of the frames If you select Remove the ZyXEL Device deletes the VLAN ID of the frames before forwarding them out If y...

Page 163: ...s field displays whether the policer is active or not A yellow bulb signifies that this policer is active A gray bulb signifies that this policer is not active Name This field displays the descriptive name of this policer Regulated Classes This field displays the name of a QoS classifier Meter Type This field displays the type of QoS metering algorithm used in this policer Maximum Rate This field ...

Page 164: ...ol when traffic can be transmitted Each token represents one byte The algorithm allows bursts of up to b bytes which is also the bucket size Maximum Rate Specify the guaranteed rate at which packets are admitted to the network This is to specify how many bytes of tokens are added to a bucket every second Burst Size Specify the guaranteed amount of bytes that are admitted at the committed rate This...

Page 165: ...6 Policer Setup Add Edit LABEL DESCRIPTION Table 37 Network Settings QoS Monitor LABEL DESCRIPTION Refresh Interval Enter how often you want the ZyXEL Device to update this screen Select No Refresh to stop refreshing statistics Interface Monitor This is the index number of the entry Name This shows the name of the interface on the ZyXEL Device Pass Rate This shows how many packets forwarded to thi...

Page 166: ...mitted successfully Drop Rate This shows how many packets assigned to this queue are dropped Table 37 Network Settings QoS Monitor continued LABEL DESCRIPTION Table 38 IEEE 802 1p Priority Level and Traffic Type PRIORITY LEVEL TRAFFIC TYPE Level 7 Typically used for network control traffic such as router configuration messages Level 6 Typically used for voice traffic that is especially sensitive t...

Page 167: ...op Behavior DiffServ defines a new Differentiated Services DS field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward compatible with the three precedence bits in the ToS octet so that non DiffServ compliant ToS enabled ne...

Page 168: ...oS mapping on the ZyXEL Device On the ZyXEL Device traffic assigned to higher priority queues gets through faster while traffic in lower index queues is dropped if the network is congested Table 39 Internal Layer2 and Layer3 QoS Mapping PRIORITY QUEUE LAYER 2 LAYER 3 IEEE 802 1P USER PRIORITY ETHERNET PRIORITY TOS IP PRECEDENCE DSCP IP PACKET LENGTH BYTE 0 1 0 000000 1 2 2 0 0 000000 1100 3 3 1 00...

Page 169: ... marked packets if the network is overloaded Configure the bucket size to be equal to or less than the amount of the bandwidth that the interface can support It does not help if you set it to a bucket size over the interface s capability The smaller the bucket size the lower the data transmission rate and that may cause outgoing packets to be dropped A larger transmission rate requires a big bucke...

Page 170: ... the network The PIR is greater than or equal to the CIR CIR and PIR values are based on the guaranteed and maximum bandwidth respectively as negotiated between a service provider and client The trTCM evaluates incoming packets and marks them with one of three colors which refer to packet loss priority levels High packet loss priority level is referred to as red medium is referred to as yellow and...

Page 171: ...y forwarding to direct traffic from different users through different connections or distribute traffic among multiple paths for load sharing 11 2 The Policy Forwarding Screen The Policy Forwarding screens let you view and configure routing policies on the ZyXEL Device Click Network Settings Routing Policy Forwarding to open the Policy Forwarding screen Figure 60 Network Settings Routing Policy Fo...

Page 172: ...SourcePort This is the source port number Source MAC This is the source MAC address WAN This is the WAN interface through which the traffic is routed Modify Click the Edit icon to edit this policy Click the Delete icon to delete an existing policy Table 40 Network Settings Routing Policy Forwarding LABEL DESCRIPTION Table 41 Policy Forwarding Add Edit LABEL DESCRIPTION Policy Name Enter a descript...

Page 173: ...t a WAN interface through which the traffic is sent You must have the WAN interface s already configured in the Broadband screens Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 41 Policy Forwarding Add Edit LABEL DESCRIPTION ...

Page 174: ...Chapter 11 Policy Forwarding VSG1432 B101 Series User s Guide 174 ...

Page 175: ...he Applications screen to forward incoming service requests to the server s on your local network Section 12 3 on page 179 Use the Port Triggering screen to add and configure the ZyXEL Device s trigger port settings Section 12 4 on page 181 Use the DMZ screen to configure a default server Section 12 5 on page 185 Use the ALG screen to enable and disable the SIP VoIP ALG in the ZyXEL Device Section...

Page 176: ...on the LAN servers for example web or FTP that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world Finding Out More See Section 12 8 on page 187 for advanced technical information on NAT 12 2 The Port Forwarding Screen Use the Port Forwarding screen to forward incoming service requests to the server s on your lo...

Page 177: ...orts 21 25 to one FTP Telnet and SMTP server A in the example port 80 to another B in the example and assign a default server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 62 Multiple Servers Behind NAT Example Click Network Settings NAT Port Forwarding to...

Page 178: ...e is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active Service Name This shows the service s name WAN Interface This shows the WAN interface through which the service is forwarded External Start Port This is the first external port number that identifies a service External End Port This is the last external port number that identifies...

Page 179: ...ckets To forward only one port enter the port number again in the External End Port field To forward a series of ports enter the start port number here and the end port number in the External End Port field External End Port Enter the last port of the original destination port range To forward only one port enter the port number in the External Start Port field above and then enter it again in thi...

Page 180: ... rules Click Add new application in the Applications screen to open the following screen Figure 66 Applications Add Table 44 Network Settings NAT Applications LABEL DESCRIPTION Add new application Click this to add a new NAT application rule Application Forwarded This field shows the type of application that the service forwards WAN Interface This field shows the WAN interface through which the se...

Page 181: ...a specific port number and protocol a trigger port When the ZyXEL Device s WAN port receives a response with a specific port number and protocol open port the ZyXEL Device forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service closes another computer on the LAN can use the service in the same manner This way you do not nee...

Page 182: ...n is closed or times out The ZyXEL Device times out in three minutes with UDP User Datagram Protocol or two hours with TCP IP Transfer Control Protocol Internet Protocol Click Network Settings NAT Port Triggering to open the following screen Use this screen to view your ZyXEL Device s trigger port settings Figure 68 Network Settings NAT Port Triggering The following table describes the labels in t...

Page 183: ...on the WAN Start This is the first port number that identifies a service End This is the last port number that identifies a service Trigger Proto This is the trigger transport layer protocol Open The open port is a port or a range of ports that a server on the WAN uses when it sends out a particular service The ZyXEL Device forwards the traffic with this port or range of ports to the client comput...

Page 184: ...s of the LAN computer that sent the traffic to a server on the WAN Type a port number or the starting port number in a range of port numbers Trigger End Port Type a port number or the ending port number in a range of port numbers Trigger Protocol Select the transport layer protocol from TCP UDP or TCP UDP Open Start Port The open port is a port or a range of ports that a server on the WAN uses whe...

Page 185: ...MZ The following table describes the fields in this screen Table 48 Network Settings NAT DMZ LABEL DESCRIPTION Default Server Address Enter the IP address of the default server which receives packets from ports that are not specified in the NAT Port Forwarding screen Note If you do not assign a Default Server Address the ZyXEL Device discards all packets received for ports that are not specified i...

Page 186: ...Use this screen to enable and disable the SIP VoIP ALG in the ZyXEL Device To access this screen click Network Settings NAT ALG Figure 71 Network Settings NAT ALG The following table describes the fields in this screen 12 7 The Sessions Screen Use the Sessions screen to limit the number of concurrent NAT sessions all clients can use Table 49 Network Settings NAT ALG LABEL DESCRIPTION ALG Enable th...

Page 187: ...a host in a packet as the packet traverses a router for example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Table 50 Network Settings NAT Sessions LABEL DESCRIPTION MAX NAT Session Use this field to set a common limit to the number of conc...

Page 188: ...he inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outside host is never changed The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP In addition you can designate servers for example a web server and a telnet server on your local network and make them accessible to the outsi...

Page 189: ...uired for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and then forwards it to the Internet The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored The following figure illu...

Page 190: ...mbers The most often used port numbers are shown in the following table Please refer to RFC 1700 for further information about port numbers Please also refer to the Supporting CD for more examples and details on port forwarding and NAT Table 52 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Finger ...

Page 191: ...lt server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 75 Multiple Servers Behind NAT Example SNMP trap 162 PPTP Point to Point Tunneling Protocol 1723 Table 52 Services and Port Numbers SERVICES PORT NUMBER D 192 168 1 36 192 168 1 1 IP address assigned ...

Page 192: ...Chapter 12 Network Address Translation NAT VSG1432 B101 Series User s Guide 192 ...

Page 193: ...ecific WAN interface to its DNS server s The ZyXEL Device uses a system DNS server in the order you specify in the Broadband screen to resolve domain names that do not match any DNS routing entry After the ZyXEL Device receives a DNS reply from a DNS server it creates a new entry for the resolved IP address in the routing table In the following example the DNS server 168 92 5 1 obtained from the W...

Page 194: ...address First of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 13 1 1 What You Can Do in this Chapter Use the DNS Entry screen to view configure or remove DNS routes Section 13 2 on page 195 Use t...

Page 195: ...ing to open the DNS Entry screen Figure 77 Advanced DNS Setting DNS Setting The following table describes the fields in this screen Table 53 Advanced DNS Setting DNS Setting LABEL DESCRIPTION Add new DNS entry Click this to create a new DNS entry This is the index number of the entry Hostname This indicates the host name or domain name IP Address This indicates the IP address assigned to this comp...

Page 196: ...re 78 DNS Entry Add Edit The following table describes the labels in this screen 13 3 The Dynamic DNS Screen Use this screen to change your ZyXEL Device s DDNS Click Advanced DNS Setting Dynamic DNS The screen appears as shown Figure 79 Advanced DNS Setting Dynamic DNS Table 54 DNS Entry Add Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry IP Address Enter the IP address of th...

Page 197: ...e the domain name assigned to your ZyXEL Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type the password assigned to you Email If you select TZO in the Service Provider field enter the user name you used to register for this service Key If you select TZO in the Service Provider field enter the passw...

Page 198: ...Chapter 13 Dynamic DNS Setup VSG1432 B101 Series User s Guide 198 ...

Page 199: ...ngs Section 14 2 on page 202 Use the IGMP Filter screens to control IGMP access Section 14 3 on page 204 Use the IGMP ACL screens to block or allow access to specific multicast media channels Section 14 4 on page 209 14 1 2 What You Need to Know IP Multicast Addresses In IPv4 a multicast address allows a device to send packets to a specific group of hosts multicast group in a different sub network...

Page 200: ...L Device discards multicast traffic destined for multicast groups that it does not know IGMP snooping generates no additional network traffic allowing you to significantly reduce multicast traffic passing through your device IGMP Proxy To allow better network performance you can use IGMP proxy instead of a multicast routing protocol in a simple tree network topology Note Your ZyXEL Device is an IG...

Page 201: ...sts that are members of the query VLAN The ZyXEL Device only sends an IGMP leave message via the upstream interface when the last host leaves a multicast group Router Alert Option The router alert option provides a way to let routers intercept packets not addressed to them directly without incurring any significant performance penalty The router alert option in the IP header of an IGMP control pac...

Page 202: ...s connected to the IGMP proxy device Query Interval Specify how many seconds since the last query the ZyXEL Device waits before it queries all directly connected networks to gather multicast group membership Query Response Interval Specify how many seconds the host allots for gathering membership information from directly connected networks before it sends a report Robustness Value This is the num...

Page 203: ...gnore IGMP query without router alert option Select this to discard IGMP query packets that do not include a router alert option Ignore IGMP query which destination IP is not 224 0 0 1 Select this to discard IGMP query packets with a destination IP address other than 224 0 0 1 the all hosts multicast address Apply Click this button to save your settings back to the ZyXEL Device Cancel Click Cancel...

Page 204: ...e fields in this screen Table 57 Network Settings IGMP Setting IGMP Filter LABEL DESCRIPTION Allow IGMP packets from Ethernet interface Select this to accept IGMP packets received on any of the LAN Ethernet ports Clear this to discard IGMP packets received on any of the LAN Ethernet ports Allow IGMP packets from WiFi interface Select this to accept IGMP packets received through the wireless LAN in...

Page 205: ...his is the multicast address and subnet that the service domain uses STB Max Channels This is to how many of the service domain s IGMP channels a LAN STB device is allowed to subscribe Non STB Max Channels This is to how many of the service domain s IGMP channels LAN devices other than STBs are allowed to subscribe Modify Click the Edit icon to change the entry Click the Delete icon to delete the ...

Page 206: ...llowing table describes the fields in this screen Table 58 Network Settings IGMP Setting IGMP Filter LAN Host Edit LABEL DESCRIPTION LAN Host This is the IP address of one of the ZyXEL Device s LAN hosts IGMP Enabled Select whether or not the LAN device using the specified IP address is allowed to access IGMP services through the ZyXEL Device Max Allowed Channels Specify to how many IGMP channels ...

Page 207: ...s and underscores _ Spaces are not allowed Maximum active channels for STB Specify to how many of the service domain s IGMP channels a LAN STB device is allowed to subscribe Maximum active channels for Non STB Specify to how many of the service domain s IGMP channels LAN devices other than STBs are is allowed to subscribe Group List Use this section to specify the multicast groups and subnet masks...

Page 208: ...ticast service domain to which you want to block or allow access LAN Host Select the IP address of one of the ZyXEL Device s LAN hosts IGMP Enabled Select whether or not the LAN device using the specified IP address is allowed to use the IGMP multicast service domain Max Allowed Channels This shows to how many of the IGMP multicast service domain s channels the LAN device using the specified IP ad...

Page 209: ...o other multicast channels Select Disabled to have the ZyXEL Device not restrict which multicast channels the multimedia devices on the LAN can access Add a new rule Click this to create a new IGMP ACL rule White List These rules are for allowing access to specified multicast IP addresses Multicast Address This is the multicast IP address of a multicast media channel to which you want to allow acc...

Page 210: ...your previously saved settings Table 61 Network Settings IGMP Setting IGMP ACL continued LABEL DESCRIPTION Table 62 Network Settings IGMP Setting IGMP ACL Add a new rule LABEL DESCRIPTION Multicast IP Address Enter the multicast IP address of a multicast media channel to which you want to block or allow access Multicast IP Mask Enter the subnet mask of the multicast IP address Type Select Black Li...

Page 211: ...create multiple networks on the ZyXEL Device Section 15 2 on page 211 15 2 The Interface Group Screen You can manually add a LAN interface to a new group Alternatively you can have the ZyXEL Device automatically add the incoming traffic and the LAN interface on which traffic is received to an interface group when its DHCP Vendor ID option information matches one listed for the interface group Use ...

Page 212: ...PTION Add New Interface Group Click this button to create a new interface group Group Name This shows the descriptive name of the group WAN Interface This shows the WAN interfaces in the group LAN Interfaces This shows the LAN interfaces in the group DHCP Vendor IDs The ZyXEL Device automatically adds LAN hosts sending traffic with any of the Vendor Class Identifiers listed here to the interface g...

Page 213: ...ON Group Name Enter a name to identify this group You can enter up to 30 characters You can use letters numbers hyphens and underscores _ Spaces are not allowed WAN Interface used in the grouping Select the WAN interface this group uses Select No Interface None to not add a WAN interface to this group Grouped LAN Interfaces Available LAN Interfaces Select one or more LAN interfaces Ethernet LAN or...

Page 214: ... Vendor Class Identifiers DHCP Option 60 to identify LAN hosts to add to the interface group by criteria such as the type of the hardware or firmware Apply Click Apply to save your changes back to the ZyXEL Device Cancel Click Cancel to exit this screen without saving Table 64 Interface Group Configuration continued LABEL DESCRIPTION ...

Page 215: ...llustrates the default firewall action User A can initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 91 Default Firewall Action 16 1 1 What You Can Do in this Chapter Use the Firewall screen to configure the security level of the firewall on the ZyXEL Device Sect...

Page 216: ...ork resources The ZyXEL Device is pre configured to automatically detect and thwart all known DoS attacks DDoS A DDoS attack is one in which multiple compromised systems attack a single target thereby causing denial of service for users of the targeted system LAND Attack In a LAND attack hackers flood SYN packets into the network with a spoofed source IP address of the target system This makes it ...

Page 217: ...rotocol Screen You can configure customized services and port numbers in the Protocol screen For a comprehensive list of port numbers and services visit the IANA Internet Assigned Number Authority website See Appendix E on page 381 for some examples Table 65 Security Settings Firewall LABEL DESCRIPTION Low Select Low to allow LAN to WAN and WAN to LAN packet directions Medium Select Medium to allo...

Page 218: ...RIPTION Add New Protocol Entry Click this to add a new protocol Name This is the name of your customized service Description This is the description of your customized service Ports Protocol Number This shows the IP protocol TCP UDP ICMP or TCP UDP and the port number or range of ports that defines your customized service Other and the protocol number displays if the service uses another IP protoc...

Page 219: ...your customized port from the drop down list box Select Other to be able to enter a protocol number Source Destination Port These fields are displayed if you select TCP or UDP as the IP port Select Single to specify one port only or Range to specify a span of ports that define your customized service If you select Any the service is applied to all ports Type a single port number or the range of po...

Page 220: ...nter a unique name up to 32 printable English keyboard characters including spaces for your customized port Service Description Enter a description for your customized port Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 67 Security Settings Firewall Protocol Add LABEL DESCRIPTION Table 68 Security Settings Firewall Access Control LABEL DESCRIPTI...

Page 221: ...ction This displays the direction of traffic to which this rule applies Action This field displays whether the rule silently discards packets DROP discards packets and sends a TCP reset packet or an ICMP destination unreachable message to the sender REJECT or allows the passage of packets ACCEPT Modify Click the Edit icon to edit the rule Click the Delete icon to delete an existing rule Note that ...

Page 222: ...a descriptive name of up to 16 alphanumeric characters not including spaces underscores and dashes You must enter the filter name to add an ACL rule This field is read only if you are editing the ACL rule Select Source Device Select the source device to which the ACL rule applies If you select Specific IP Address enter the source IP address in the field below Source IP Address Enter the source IP ...

Page 223: ...c Protocol in Select Protocol Enter a single port number or the range of port numbers of the destination Policy Use the drop down list box to select whether to discard DROP deny and send an ICMP destination unreachable message to the sender of REJECT or allow the passage of ACCEPT packets that match this rule Direction Use the drop down list box to select the direction of traffic to which this rul...

Page 224: ...Chapter 16 Firewall VSG1432 B101 Series User s Guide 224 ...

Page 225: ...device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC addresses of the devices to configure this screen 17 2 The MAC Filter Screen Use this screen to change your ZyXEL Device s MAC filter settings Click Security Settings MAC Filter The screen appears ...

Page 226: ...XEL Device Select an entry from the Allow List and use the button to add it to the Block List Select an entry from the Block List and use the button to add it to the Allow List Add Device Select this to display the Add Device screen which you can add a device to the MAC filter Allow List Enter the device s MAC address and click OK This is the index number of the entry Device This is the name of th...

Page 227: ...screen see Chapter 19 on page 231 for detailed information 18 2 The Parental Control Screen Use this screen to configure parental control settings to block the users on your network from accessing certain web sites Click Parental Control to open the following screen Note You must configure a scheduler rule in the Advanced Scheduler Rule screen Section 19 2 on page 231 before the parental control f...

Page 228: ... new parental control rule This is the index number of the rule PC Name IP MAC The ZyXEL Device allows or prohibits the users from viewing the Web sites with the URLs listed below Access Type This shows the access type that is applied on the user to the web site of this rule Web Site This is the URL of the web site in this rule Scheduler Name This is the name of the schedule rule that is applied M...

Page 229: ...sers from viewing the web sites with the URLs listed below If you select Allow Web Site the ZyXEL Device blocks access to all URLs except ones listed below If you select Block All the ZyXEL Device blocks access to all URLs Web Site Enter the URL of web site to which the ZyXEL Device blocks or allows access Click Add to add this URL to the list below Remove Select an URL from the list and click Rem...

Page 230: ...Chapter 18 Parental Control VSG1432 B101 Series User s Guide 230 ...

Page 231: ...s Screen Use this screen to view add or edit time schedule rules Click Advanced Scheduler Rules to open the following screen Figure 100 Advanced Scheduler Rules The following table describes the fields in this screen Table 73 Advanced Scheduler Rules LABEL DESCRIPTION Add new rule Click this to create a new rule This is the index number of the entry Rule Name This shows the name of the rule Day Th...

Page 232: ...Click the Delete icon to delete a scheduler rule Note You cannot delete a scheduler rule once it is applied to a certain feature Table 73 Advanced Scheduler Rules LABEL DESCRIPTION Table 74 Scheduler Rules Add Edit LABEL DESCRIPTION Rule Name Enter a name up to 31 printable English keyboard characters not including spaces for this schedule Day Select check boxes for the days that you want the ZyXE...

Page 233: ...you save the certificates of trusted CAs to the ZyXEL Device Section 20 4 on page 241 20 2 What You Need to Know The following terms and concepts may help as you read through this chapter Certification Authority A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and govern...

Page 234: ... In Use This field displays whether the certificate is in use and how many applications use the certificate Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Type This field displays what kind of ...

Page 235: ...Name Type up to 63 ASCII characters not including spaces to identify this certificate Common Name Type the IP address in dotted decimal notation domain name or e mail address in the field provided The domain name or e mail address can be up to 63 ASCII characters The domain name or e mail address is for identification purposes only and can be any string Organization Name Type up to 63 characters t...

Page 236: ...tificate Request Created 20 3 2 Load Signed Certificate After you create a certificate request and have it signed by a Certificate Authority in the Local Certificates screen click the certificate request s Load Signed icon to import the signed certificate into the ZyXEL Device ...

Page 237: ...tings Local Certificates and then Import Certificate to open the Import Local Certificate screen Follow the instructions in this screen to save an existing certificate to the ZyXEL Device Table 77 Load Signed Certificate LABEL DESCRIPTION Certificate Name This is the name of the signed certificate Certificate Copy and paste the signed certificate into the text box to store it on the ZyXEL Device A...

Page 238: ...cate The following table describes the labels in this screen Table 78 Import Local Certificate LABEL DESCRIPTION Import from file Click this check box to open a screen where you can save the certificate of a certification authority that you trust from your computer to the ZyXEL Device Certificate Name Type up to 63 ASCII characters not including spaces to identify this certificate ...

Page 239: ...the certificate into the text box to store it on the ZyXEL Device Private Key Copy and paste the private key into the text box to store it on the ZyXEL Device Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 79 Import Local Certificate Import from file LABEL DESCRIPTION Certificate File Path Type in the location of the certificate you want to uplo...

Page 240: ...cation Authority signed the certificate request means this is a certification request Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organization O State ST and Country C Certificate This read only text box displays the certificate in Privacy Enhanced Mail PEM format PEM uses base 64 to convert the binary certificate into a printable for...

Page 241: ...PEM uses base 64 to convert the binary certificate into a printable form You can copy and paste the private key into an e mail to send to friends or colleagues or you can copy and paste the certificate into a text editor and save the file on a management computer for later distribution via floppy disk for example Signing Request This read only text box displays the request information in Privacy E...

Page 242: ...cate have unique subject information Type This field displays general information about the certificate ca means that a Certification Authority signed the certificate Action Click the View icon to open a screen with an in depth list of information about the certificate or certification request Click the Remove button to delete the certificate or certification request You cannot delete a certificat...

Page 243: ...e certificate such as Common Name CN Organizational Unit OU Organization O and Country C Certificate This read only text box displays the certificate in Privacy Enhanced Mail PEM format PEM uses base 64 to convert the binary certificate into a printable form You can copy and paste the certificate into an e mail to send to friends or colleagues or you can copy and paste the certificate into a text ...

Page 244: ...of a certification authority that you trust from your computer to the ZyXEL Device Certificate Name Enter the name that identifies this certificate The certificate name should not exceed 63 ASCII characters not including spaces Certificate Copy and paste the certificate into the text box to store it on the ZyXEL Device Apply Click Apply to save your changes Cancel Click Cancel to exit this screen ...

Page 245: ...s a standards based VPN that offers flexible solutions for secure data communications across a public network like the Internet IPSec is built around a number of standardized cryptographic techniques to provide confidentiality data integrity and authentication at the IP layer The following figure is an example of an IPSec VPN tunnel Figure 113 VPN Example 21 1 1 What You Can Do in this Chapter Use...

Page 246: ...transmitted in the networks Between routers X and Y the data is protected by tunneling encryption authentication and other security features of the IPSec SA The IPSec SA is established securely using the IKE SA that routers X and Y established first Remote IPSec Gateway Address Remote IPSec Gateway Address is the WAN IP address or domain name of the remote IPSec router secure gateway If the remote...

Page 247: ...Security Settings IPSec Status The following table describes the fields in this screen Table 85 Security Settings IPSec Status LABEL DESCRIPTION Refresh Interval Select how often the screen should be refreshed from the drop down list box Status This field displays whether the VPN connection is up a yellow bulb or down a gray bulb Connection Name This field displays the identification name for this...

Page 248: ...Table 86 Security Settings IPSec Settings LABEL DESCRIPTION Add New Connection Click this to configure a new VPN policy This is the index number of the entry Status This field displays whether the VPN policy is active or not A yellow bulb signifies that this VPN policy is active A gray bulb signifies that this VPN policy is not active Connection Name This field displays the identification name for...

Page 249: ...etup Auto IKE provides more protection so it is generally recommended You only configure VPN manual key when you select Auto IKE in the Key Exchange Local Addresses This is the IP address of computer s on your local network behind your ZyXEL Device Remote Addresses This is the IP address of computer s on the remote network behind the remote IPSec router Modify Click the Edit icon to edit the VPN c...

Page 250: ... LABEL DESCRIPTION Enable Select this check box to activate this VPN policy This option determines whether a VPN rule is applied before a packet leaves the firewall IPSec Connection Name Type up to 39 alphanumeric characters to identify this VPN policy You may use spaces underscores and dashes but the ZyXEL Device drops trailing spaces Remote IPSec Gateway Address Type the WAN IP address or the UR...

Page 251: ...el The remote IP addresses must correspond to the remote IPSec router s configured local IP addresses Two active SAs cannot have the local and remote IP address es both the same Two active SAs can have the same local or remote IP address but not both You can configure multiple SAs between the same local and remote IP addresses as long as only one is active at any time Use the drop down list box to...

Page 252: ...eld in a certificate This is used only with certificate based authentication Local Remote ID Content When you select IP in the Local Remote ID Type field type the IP address of your computer in the Local Remote ID Content field When you select DNS or E mail in the Local Remote ID Type field type a domain name or e mail address by which to identify this ZyXEL Device in the Local Remote ID Content f...

Page 253: ...is more secure than DES It also requires more processing power resulting in increased latency and decreased throughput This implementation of AES uses a 128 bit 192 bit or 256 bit key AES is faster than 3DES Integrity Algorithm Select SHA1 or MD5 from the drop down list box MD5 Message Digest 5 and SHA1 Secure Hash Algorithm are hash algorithms used to authenticate packet data The SHA1 algorithm i...

Page 254: ...following table describes the fields in this screen Table 88 IPSec Settings Add Edit Manual LABEL DESCRIPTION Enable Select this check box to activate this VPN policy This option determines whether a VPN rule is applied before a packet leaves the firewall IPSec Connection Name Type up to 39 alphanumeric characters to identify this VPN policy You may use spaces underscores and dashes but the ZyXEL ...

Page 255: ... The remote IP addresses must correspond to the remote IPSec router s configured local IP addresses Two active SAs cannot have the local and remote IP address es both the same Two active SAs can have the same local or remote IP address but not both You can configure multiple SAs between the same local and remote IP addresses as long as only one is active at any time Use the drop down list box to c...

Page 256: ...ter than 3DES Select ESP_NULL to set up a tunnel without encryption When you select ESP_NULL you do not enter an encryption key Encryption Key Type 16 hexadecimal 0 9 A F characters if you select to use the DES encryption algorithm or 48 hexadecimal characters if you use the 3DES encryption algorithm Authentication Algorithm Select SHA1 or MD5 from the drop down list box MD5 Message Digest 5 and S...

Page 257: ...acket formats and the default standards for packet structure including implementation algorithms The Encryption Algorithm describes the use of encryption techniques such as DES Data Encryption Standard and Triple DES algorithms The Authentication Algorithms HMAC MD5 RFC 2403 and HMAC SHA 1 RFC 2404 provide an authentication mechanism for the AH and ESP protocols Key Management Key management allow...

Page 258: ...ng IP address cannot be verified for integrity against the data With the use of AH as the security protocol protection is extended forward into the IP header to verify the integrity of the entire packet by use of portions of the original IP header in the hashing process Tunnel Mode Tunnel mode encapsulates the entire IP packet to transmit it securely A Tunnel mode is required for gateway services ...

Page 259: ... DH2 Set the IKE SA lifetime This field allows you to determine how long an IKE SA should stay up before it times out An IKE SA times out when the IKE SA lifetime period expires If an IKE SA times out when an IPSec SA is already established the IPSec SA stays connected In phase 2 you must Choose an encryption algorithm Choose an authentication algorithm Choose a Diffie Hellman public key cryptogra...

Page 260: ...ode An IPSec VPN using the AH protocol digitally signs the outbound packet both data payload and headers with a hash value appended to the packet When using AH protocol packet contents the data payload are not encrypted A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing The VPN device at the receiving end will verify the i...

Page 261: ...this NAT traversal allows you to set up an IKE SA when there are NAT routers between the two IPSec routers Figure 123 NAT Router Between IPSec Routers Normally you cannot set up an IKE SA with a NAT router between the two IPSec routers because the NAT router changes the header of the IPSec packet NAT traversal solves the problem by adding a UDP port 500 header to the IPSec packet The NAT router fo...

Page 262: ... rules with overlapping local and remote IP addresses With main mode see Section 21 4 4 on page 260 the ID type and content are encrypted to provide identity protection In this case the ZyXEL Device can only distinguish between up to 12 different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP addresses The ZyXEL Device can distinguish up to 48 incoming SAs because you...

Page 263: ...an communicate with them over a secure connection E mail Type an e mail address up to 31 characters by which to identify this ZyXEL Device The domain name or e mail address that you use in the Local ID Content field is used for identification purposes only and does not need to be a real domain name or e mail address Table 91 Local ID Type and Content Fields LOCAL ID TYPE CONTENT Table 92 Matching ...

Page 264: ...stablish a shared secret over an unsecured communications channel Diffie Hellman is used within IKE SA setup to establish session keys 768 bit 1024 bit 1536 bit 2048 bit and 3072 bit Diffie Hellman groups are supported Upon completion of the Diffie Hellman exchange the two peers have a shared secret but the IKE SA is not authenticated For authentication use pre shared keys ...

Page 265: ...ol screens Service Control allows you to manage your ZyXEL Device from a remote location through the following interfaces LAN WAN Note The ZyXEL Device is managed using the Web Configurator 22 2 The Service Control Screen Use this screen to configure through which interface s users can use which service s to manage the ZyXEL Device ...

Page 266: ...hat you want to allow access to the ZyXEL Device from the LAN WAN Select the Enable check box for the corresponding services that you want to allow access to the ZyXEL Device from the WAN Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Certificate HTTPS Certificate Select a certificate t...

Page 267: ...looks in the ARP Table and if it finds the address sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The device fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the device puts all ones in the target MAC field FF FF FF FF FF FF...

Page 268: ...le The following table describes the labels in this screen Table 95 System Monitor ARP Table LABEL DESCRIPTION This is the ARP table entry number IP Address This is the learned IP address of a device connected to a port MAC Address This is the MAC address of the device with the listed IP address Device This is the type of interface used by the device You can click on the device type to go to its c...

Page 269: ...his chapter Alerts and Logs An alert is a type of log that warrants more serious attention They include system errors attacks access control and attempted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protoco...

Page 270: ...r Log to open the System Log screen Figure 126 System Monitor Log System Log Table 96 Syslog Severity Levels CODE SEVERITY 0 Emergency The system is unusable 1 Alert Action must be taken immediately 2 Critical The system condition is critical 3 Error There is an error condition on the system 4 Warning There is a warning condition on the system 5 Notice There is a normal but significant condition o...

Page 271: ...gh all logs of that severity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintenance Logs Setting screen System Log This field is a sequential value and is not ass...

Page 272: ...te all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintenance Logs Setting screen This field is a sequential value and is not associated with a specific entry Time This field displays the time the log was recorded Facility The log facility allows you ...

Page 273: ...c Status screens to look at network traffic status and statistics of the WAN and LAN interfaces 25 1 1 What You Can Do in this Chapter Use the WAN screen to view the WAN traffic statistics Section 25 2 on page 274 Use the LAN screen to view the LAN traffic statistics Section 25 3 on page 276 ...

Page 274: ... currently connected Packets Sent Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with ...

Page 275: ...smitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 99 System Monitor Traffic Status WAN LABEL DESC...

Page 276: ...owing table describes the fields in this screen Table 100 System Monitor Traffic Status LAN LABEL DESCRIPTION Polls Interval s Select how often you want the ZyXEL Device to update this screen Interface This shows the LAN or WLAN interface Bytes Sent This indicates the number of bytes transmitted on this interface Bytes Received This indicates the number of bytes received on this interface more les...

Page 277: ...smitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 100 System Monitor Traffic Status LAN LABEL DES...

Page 278: ...Chapter 25 Traffic Status VSG1432 B101 Series User s Guide 278 ...

Page 279: ...roup and from each LAN host Section 26 3 on page 280 26 2 The IGMP Group Screen Use this screen to look at the current list of multicast groups the ZyXEL Device has joined and which ports have joined it To open this screen click System Monitor IGMP Group Status IGMP Group Figure 130 System Monitor IGMP Group Status IGMP Group The following table describes the labels in this screen Table 101 System...

Page 280: ... Group Status IGMP Group continued LABEL DESCRIPTION Table 102 System Monitor IGMP Group Status IGMP Statistics LABEL DESCRIPTION IGMP Multicast Group Statistics This section shows statistics about the number of IGMP related packets received for each IGMP multicast group Multicast Group This field displays the name of the IGMP multicast group for which the ZyXEL Device received IGMP related packet...

Page 281: ...ulticast group Total Time sec This field displays the total amount of time the ZyXEL Device counted from when the LAN IP address joined the IGMP multicast group to when it left Total Joins This field displays the total number of Join packets the ZyXEL Device has received from this LAN IP address Total Leaves This field displays the total number of Leave packets the ZyXEL Device has received from t...

Page 282: ...Chapter 26 IGMP Status VSG1432 B101 Series User s Guide 282 ...

Page 283: ...ation 27 1 Overview In the Users Configuration screen you can view add and configure user accounts of the ZyXEL Device 27 2 The Users Configuration Screen Click Maintenance Users Configuration to open the following screen Figure 132 Maintenance Users Configuration ...

Page 284: ...s to configure a new user account This is the index number of the entry User Name This field displays the name of the user Expire Time This field indicates the date that this user s password will expire If there is no expire date Not Available will be displayed Expire Period This field indicates how many days this user s password is available Retry Times This field indicates how many times a user ...

Page 285: ...haracters and include both letters and numbers Password Specify the password associated to this account The password can be 6 to 15 alphanumeric characters 0 9 A Z a z _ with no spaces not containing the user name It must contain both letters and numbers The characters are displayed as asterisks in this field Old Password This field is displayed only when you are editing the user account Type the ...

Page 286: ...riod Enter the number of minutes for the lockout period A user cannot log into the ZyXEL Device during the lockout period even if he she enters correct account information Group This field is read only if you are editing the user account Select a type of login account The web configurator screens and privileges vary depending on which account type you use to log in Administrator accounts can confi...

Page 287: ...page 289 28 2 The TR 069 Clients Screen TR 069 defines how Customer Premise Equipment CPE for example your ZyXEL Device can be managed over the WAN by an Auto Configuration Server ACS TR 069 is based on sending Remote Procedure Calls RPCs between an ACS and a client device RPCs are sent in Extensible Markup Language XML format over HTTP or HTTPS An administrator can use an ACS to remotely set up t...

Page 288: ...rver ACS URL Enter the URL or IP address of the auto configuration server ACS User Name Enter the TR 069 user name for authentication with the auto configuration server ACS Password Enter the TR 069 password for authentication with the auto configuration server WAN Interface used by TR 069 client Select a WAN interface through which the TR 069 traffic passes If you select Any_WAN you should also s...

Page 289: ...escribes the fields in this screen Connection Request Password Enter the connection request password When the ACS makes a connection request to the ZyXEL Device this password is used to authenticate the ACS Connection Request URL This shows the connection request URL The ACS can use this URL to make a connection request to the ZyXEL Device Apply Click Apply to save your changes Cancel Click Cancel...

Page 290: ...Chapter 28 Remote Management VSG1432 B101 Series User s Guide 290 ...

Page 291: ...gs such as system time password name the domain name and the inactivity timeout interval 29 2 The Time Setting Screen To change your ZyXEL Device s time and date click Maintenance Time Setting The screen appears as shown Use this screen to configure the ZyXEL Device s time based on your local time zone Figure 136 Maintenance Time Setting ...

Page 292: ...ahead of normal local time by one hour to give more daytime light in the evening State Select Enable if you use Daylight Saving Time Start rule Configure the day and time when Daylight Saving Time starts if you enabled Daylight Saving You can select a specific date in a particular month or a specific day of a specific week in a particular month The Time field uses the 24 hour format Here are a cou...

Page 293: ...ted States you would set the day to First Sunday the month to November and the time to 2 in the Hour field Daylight Saving Time ends in the European Union on the last Sunday of October All of the time zones in the European Union stop using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would set the day to Last Sunday and the month to October The time you sel...

Page 294: ...Chapter 29 Time Settings VSG1432 B101 Series User s Guide 294 ...

Page 295: ...e where the ZyXEL Device sends logs and which logs and or immediate alerts the ZyXEL Device records in the Logs Setting screen 30 2 The Log Settings Screen To change your ZyXEL Device s log settings click Maintenance Logs Setting The screen appears as shown Figure 137 Maintenance Logs Setting ...

Page 296: ...log e mail message that the ZyXEL Device sends From Specify where the logs are sent from Send Log to The ZyXEL Device sends logs to the e mail address specified in this field If this field is left blank the ZyXEL Device does not send logs via E mail Send Alarm to Alerts are real time notifications that are sent as soon as an event such as a DoS attack system error or forbidden web access attempt o...

Page 297: ...y to save your changes Cancel Click Cancel to restore your previously saved settings Table 108 Maintenance Logs Setting LABEL DESCRIPTION Subject Firewall Alert From Date Fri 07 Apr 2000 10 05 42 From user zyxel com To user zyxel com 1 Apr 7 00 From 192 168 1 1 To 192 168 1 255 default policy forward 09 54 03 UDP src port 00520 dest port 00520 1 00 2 Apr 7 00 From 192 168 1 131 To 192 168 1 255 de...

Page 298: ...Chapter 30 Logs Setting VSG1432 B101 Series User s Guide 298 ...

Page 299: ...n Click Maintenance Firmware Upgrade to open the following screen The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minutes After a successful upload the system will reboot Do NOT turn off the ZyXEL Device while firmware upload is in progress Figure 139 Maintenance Firmware Upgrade The following table describes the labels in this screen Table 109 Maintenance Firmware ...

Page 300: ...top Figure 141 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful the following screen will appear Click OK to go back to the Firmware Upgrade screen Figure 142 Error Message Browse Click this to find the bin file you want to upload Remember that you must decompress compressed zip files before yo...

Page 301: ...ts backup configuration and restoring configuration appears in this screen as shown next Figure 143 Maintenance Configuration Backup Configuration Backup Configuration allows you to back up save the ZyXEL Device s current configuration to a file on your computer Once your ZyXEL Device is configured and functioning properly it is highly recommended that you back up your configuration file before ma...

Page 302: ...me causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 144 Network Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 See Appendix A on page 321 for details on how to set up your ...

Page 303: ...actory Defaults Click the Reset button to clear all user entered configuration information and return the ZyXEL Device to its factory defaults The following warning screen appears Figure 146 Reset Warning Message Figure 147 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device Refer to Section 1 8 on page 31 for more infor...

Page 304: ...tart allows you to reboot the ZyXEL Device remotely without turning the power off You may need to do this if the ZyXEL Device hangs for example Click Maintenance Reboot Click Reboot to have the ZyXEL Device reboot This does not affect the ZyXEL Device s configuration Figure 148 Maintenance Reboot ...

Page 305: ... detailed results These read only screens display information to help you identify problems with the ZyXEL Device 33 2 The Diagnostic Screen Use this screen to ping traceroute or nslookup an IP address Click Maintenance Diagnostic Ping TraceRoute NsLookup to open the screen shown next Figure 149 Maintenance Diagnostic Ping TraceRoute NsLookup ...

Page 306: ...Address Type the IP address of a computer that you want to perform ping traceroute or nslookup in order to test a connection Ping Click this to ping the IP address that you entered TraceRoute Click this button to perform the traceroute function This determines the path a packet takes to the specified computer Nslookup Click this button to perform a DNS lookup on the IP address of a computer you en...

Page 307: ...evice does not turn on None of the LEDs turn on 1 Make sure the ZyXEL Device is turned on 2 Make sure you are using the power adaptor or cord included with the ZyXEL Device 3 Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the ZyXEL Device off and on 5 If the problem continues contact ...

Page 308: ...ddress of the default gateway for your computer To do this in most Windows computers click Start Run enter cmd and then enter ipconfig The IP address of the Default Gateway might be the IP address of the ZyXEL Device it depends on the network so enter this IP address in your Internet browser 3 If this does not work you have to reset the device to its factory defaults See Section 1 8 on page 31 I f...

Page 309: ...stions Advanced Suggestions Make sure you have logged out of any earlier management sessions using the same user account even if they were through a different interface or using a different browser Try to access the ZyXEL Device using another service such as Telnet If you can access the ZyXEL Device check the remote management settings and firewall rules to find out why the ZyXEL Device does not r...

Page 310: ...trol settings for FTP See Chapter 22 on page 265 34 3 Internet Access I cannot access the Internet 1 Check the hardware connections and make sure the LEDs are behaving as expected See Section 1 6 on page 28 and Section 1 7 on page 29 2 Make sure you entered your ISP account information correctly in the Network Settings Broadband screen These fields are case sensitive so make sure Caps Lock is not ...

Page 311: ...y from your ISP s DHCP server I cannot access the Internet through an Ethernet WAN connection 1 Make sure you have the ETHERNET WAN port connected to a broadband modem or router in your network 2 Make sure you configured a proper Ethernet WAN interface Network Settings Broadband screen with the Internet account information provided by your ISP and that it is enabled 3 Check that the LAN interface ...

Page 312: ...s walls ceilings furniture and so on Building Materials metal doors aluminum studs Electrical devices microwaves monitors electric motors cordless phones and other wireless devices To optimize the speed and quality of your wireless connection you can Move your wireless device closer to the AP if the signal strength is low Reduce wireless interference that may be caused by other wireless networks o...

Page 313: ...mmended This uses a pre shared key with the WPA2 standard WPA PSK This has the device use either WPA PSK or WPA2 PSK depending on which security mode the wireless client uses WPA2 WPA2 IEEE 802 11i is a wireless security standard that defines stronger encryption authentication and key management than WPA It requires the use of a RADIUS server and is mostly used in business networks WPA Wi Fi Prote...

Page 314: ...Chapter 34 Troubleshooting VSG1432 B101 Series User s Guide 314 ...

Page 315: ... turns green the wireless network is active While the WLAN WPS LED is green press the WLAN WPS button for five seconds and release it to enable WPS Wi Fi Protected Setup To turn off the wireless network press the WLAN WPS button on the front of the ZyXEL Device for one to five seconds The WLAN WPS LED turns off when the wireless network is off Antennas Two One detachable external 2dBi antenna and ...

Page 316: ...ckup Restoration Make a copy of the ZyXEL Device s configuration You can put it back on the ZyXEL Device later if you decide to revert back to an earlier configuration Port Forwarding If you have a server mail or web server for example on your network you can use this feature to let people access it from the Internet DHCP Dynamic Host Configuration Protocol Use this feature to have the ZyXEL Devic...

Page 317: ...decide whether a service HTTPS or FTP traffic for example from a computer on a network LAN or WAN for example can access the ZyXEL Device PPPoE Support RFC2516 PPPoE Point to Point Protocol over Ethernet emulates a dial up connection It allows your ISP to use their existing network configuration with newer broadband technologies such as ADSL The PPPoE driver on your device is transparent to the co...

Page 318: ...ndshake Amendment 1 11 07 Amendment 2 4 08 Supported Transport Protocol Specific Transmission Convergence TPS TC functions PTM via 64 65b encapsulation method defined in IEEE 802 3ah 2004 HDLC encapsulation for pre VDSL2 standard interoperability Impulse Noise Protection INP up to 16 symbols SNR target met delay maximized The maximum allowable delay will be 16 ms for down and 16ms for up Support f...

Page 319: ...r specific information as specified in 1TR112 and ITU T G 994 1 G hs ADSL ITU T G 992 2 G lite ADSL2 ITU T G 992 3 G dmt bis Annex A RE ADSL2 ITU T G 992 3 G dmt bis Annex L ADSL2 ITU T G 992 4 G lite bis Annex A ADSL2 ITU T G 992 5 Annex A Support Multi Mode Standard ANSI T1 413 Issue 2 G dmt ITU T G 992 1 ADSL2 ITU T G 992 3 ADSL2 ITU T G 992 5 Dual Latency support Other Protocol Support PPP Poi...

Page 320: ...mmittee IEEE 802 IEEE 802 11b Uses the 2 4 gigahertz GHz band IEEE 802 11g Uses the 2 4 gigahertz GHz band IEEE 802 11d Standard for Local and Metropolitan Area Networks Media Access Control MAC Bridges IEEE 802 11x Port Based Network Access Control IEEE 802 11e QoS IEEE 802 11 e Wireless LAN for Quality of Service ANSI T1 413 Issue 2 Asymmetric Digital Subscriber Line ADSL standard G dmt G 992 1 ...

Page 321: ...se TCP IP on your computer Windows 3 1 requires the purchase of a third party TCP IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of usin...

Page 322: ...tion Installing Components The Network window Configuration tab displays a list of installed components You need a network adapter the TCP IP protocol and Client for Microsoft Networks If you need the adapter 1 In the Network window click Add 2 Select Adapter and then click Add 3 Select the manufacturer and model of your network adapter and then click OK If you need TCP IP 1 In the Network window ...

Page 323: ...lect Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer so the changes you made take effect Configuring 1 In the Network window Configuration tab select your network adapter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address selec...

Page 324: ...b If you do not know your gateway s IP address remove previously installed gateways If you have a gateway IP address type it in the New gateway field and click Add 5 Click OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your ZyXEL Device and restart your computer when prompted Verifying Settings 1 Click Start and ...

Page 325: ... The following example figures use the default Windows XP GUI theme 1 Click start Start in Windows 2000 NT Settings Control Panel Figure 153 Windows XP Start Menu 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 154 Windows XP Control Panel ...

Page 326: ...and then click Properties Figure 155 Windows XP Control Panel Network Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties Figure 156 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP ...

Page 327: ...Do one or more of the following if you want to configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP ...

Page 328: ...Properties 7 In the Internet Protocol TCP IP Properties window the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields ...

Page 329: ...se the Local Area Connection Properties window 10 Close the Network Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right cli...

Page 330: ...s User s Guide 330 1 Click the Start icon Control Panel Figure 160 Windows Vista Start Menu 2 In the Control Panel double click Network and Internet Figure 161 Windows Vista Control Panel 3 Click Network and Sharing Center Figure 162 Windows Vista Network And Internet ...

Page 331: ...ork connections Figure 163 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then click Properties Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue Figure 164 Windows Vista Network and Sharing Center ...

Page 332: ...ies Figure 165 Windows Vista Local Area Connection Properties 7 The Internet Protocol Version 4 TCP IPv4 Properties window opens the General tab If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP address and fill in the IP address Subnet mask and Default gateway fields ...

Page 333: ...ngs tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a...

Page 334: ...IP Properties 9 In the Internet Protocol Version 4 TCP IPv4 Properties window the General tab Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields ...

Page 335: ...net Protocol Version 4 TCP IPv4 Properties window 11 Click Close to close the Local Area Connection Properties window 12 Close the Network Connections window 13 Turn on your ZyXEL Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network C...

Page 336: ...g up Your Computer s IP Address VSG1432 B101 Series User s Guide 336 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 169 Macintosh OS 8 9 Apple Menu ...

Page 337: ...y assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your ZyXEL Device in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your ZyXEL Device and restart your computer if prompted Verifyi...

Page 338: ...e System Preferences window Figure 171 Macintosh OS X Apple Menu 2 Click Network in the icon bar Select Automatic from the Location list Select Built in Ethernet from the Show list Click the TCP IP tab 3 For dynamically assigned settings select Using DHCP from the Configure list Figure 172 Macintosh OS X Network 4 For statically assigned settings do the following ...

Page 339: ...ing Settings Check your TCP IP properties in the Network window Linux This section shows you how to configure your computer s TCP IP settings in Red Hat Linux 9 0 Procedure screens and file location may vary depending on your Linux distribution and release version Note Make sure you are logged in as the root administrator Using the K Desktop Environment KDE Follow the steps below to configure your...

Page 340: ... obtain IP address settings with and select dhcp from the drop down list If you have a static IP address click Statically set IP Addresses and fill in the Address Subnet mask and Default Gateway Address fields 3 Click OK to save the changes and close the Ethernet Device General screen 4 If you know your DNS server IP address es click the DNS tab in the Network Configuration screen Enter the DNS se...

Page 341: ... screen Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address 1 Assuming that you have only one network card on the computer locate the ifconfig eth0 configuration file where eth0 is the name of the Ethernet card Open the configuration file with any plain text editor If you have a dynamic IP address enter dhcp in the BOOTPROTO fie...

Page 342: ... file in the etc directory The following figure shows an example where two DNS server IP addresses are specified Figure 179 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configuration files you must restart the network card Enter network restart in the etc rc d init d directory The following figure shows an example Figure 180 Red Hat 9 0 Restart Ethernet Card DEVICE eth0 ON...

Page 343: ...ties root localhost ifconfig eth0 Link encap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717 errors 0 dropped 0 overruns 0 frame 0 TX packets 13 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 100 RX bytes 730412 713 2 Kb TX bytes 1570 1 5 Kb Interrupt 10 Base address 0x...

Page 344: ...Appendix A Setting up Your Computer s IP Address VSG1432 B101 Series User s Guide 344 ...

Page 345: ...number and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on...

Page 346: ...he host ID using a logical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold ...

Page 347: ...rk number bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address with host IDs of all ones is the broadcast address for that network 192 168 1 255 with a 24 bit subnet mask for example As these two IP addresses cannot be used for individual hosts calculate the ma...

Page 348: ...tting You can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the company network for security reasons In this example the company network address is 192 168 1 0 The first three octets of the address 192 168 1 are the network number and the remaining octet is the...

Page 349: ...ne of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following figure shows the company network after subnetting There are now two sub networks A and B Figure 184 Subnetting Example After Subn...

Page 350: ... subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 26 2 or 62 hosts for each subnet a host ID of all zeroes is the subnet itself all ones is the subnet s broadcast address Table 119 Subnet 1 IP SUBNET MASK NETWORK NUMBER LAST OCTE...

Page 351: ...Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 122 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 192 IP Address Binary 11000000 10101000 00000001 11000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address ...

Page 352: ...UBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 125 16 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382 3 255 255 224 0 19 8 ...

Page 353: ...hat you entered You don t need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigned Nu...

Page 354: ...Appendix B IP Addresses and Subnetting VSG1432 B101 Series User s Guide 354 ...

Page 355: ...ternet Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up B...

Page 356: ...box in the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 186 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab ...

Page 357: ...2 B101 Series User s Guide 357 2 Select Settings to open the Pop up Blocker Settings screen Figure 187 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 ...

Page 358: ...lick Add to move the IP address to the list of Allowed sites Figure 188 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScripts are allowed ...

Page 359: ... Explorer click Tools Internet Options and then the Security tab Figure 189 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default ...

Page 360: ... Click OK to close the window Figure 190 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected ...

Page 361: ...s VSG1432 B101 Series User s Guide 361 5 Click OK to close the window Figure 191 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected ...

Page 362: ...Click OK to close the window Figure 192 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Click Tools then click Options in the screen that appears Figure 193 Mozilla Firefox Tools Options ...

Page 363: ...p Windows JavaScripts and Java Permissions VSG1432 B101 Series User s Guide 363 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 194 Mozilla Firefox Content Security ...

Page 364: ...Appendix C Pop up Windows JavaScripts and Java Permissions VSG1432 B101 Series User s Guide 364 ...

Page 365: ...ependent network which is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 195 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a ...

Page 366: ... Extended Service Set ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless netwo...

Page 367: ...hould use a channel different from an adjacent AP access point to reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For exa...

Page 368: ...ion that wants to transmit this frame must first send an RTS Request To Send message to the AP for permission to send it The AP then responds with a CTS Clear to Send message to all other stations within its range to notify them to defer their transmission It also reserves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than t...

Page 369: ...ully compatible with the IEEE 802 11b standard This means an IEEE 802 11b adapter can interface directly with an IEEE 802 11g access point and vice versa at 11 Mbps or lower depending on range IEEE 802 11g has several intermediate rate steps between the maximum and minimum data rates The IEEE 802 11g data rate and modulation are as follows Wireless Security Overview Wireless security is vital to y...

Page 370: ...Support for RADIUS Remote Authentication Dial In User Service RFC 2138 2139 for centralized user profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients RADIUS RADIUS is based on a client server model that supports...

Page 371: ...rver requesting more information in order to allow access The access point sends a proper response from the user and then sends another Access Request message The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting Accounting Request Sent by the access point requesting accounting Accounting Response Sent by the RADIUS server to indica...

Page 372: ...to get the plaintext passwords the passwords must be stored Thus someone other than the authentication server may access the password file In addition it is possible to impersonate an authentication server as MD5 authentication method does not perform mutual authentication Finally MD5 authentication method does not support data encryption with dynamic session key You must configure WEP encryption ...

Page 373: ... key is generated each time reauthentication is performed If this feature is enabled it is not necessary to configure a default encryption key in the wireless security configuration screen You may still configure and store keys but they will not be used while dynamic WEP is enabled Note EAP MD5 cannot be used with Dynamic WEP Key Exchange For added security certificate based authentications EAP TL...

Page 374: ... than WPA or WPA2 Encryption WPA improves data encryption by using Temporal Key Integrity Protocol TKIP Message Integrity Check MIC and IEEE 802 1x WPA2 also uses TKIP when required for compatibility reasons but offers stronger encryption than TKIP with Advanced Encryption Standard AES in the Counter mode with Cipher block chaining Message authentication code Protocol CCMP TKIP uses 128 bit keys t...

Page 375: ...temporal encryption keys This prevent all wireless devices sharing the same encryption keys a weakness of WEP User Authentication WPA and WPA2 apply IEEE 802 1x and Extensible Authentication Protocol EAP to authenticate wireless clients using an external RADIUS database WPA2 reduces the number of key exchange messages from six to four CCMP 4 way handshake and shortens the time required to connect ...

Page 376: ...ecks the user s identification against its database and grants or denies network access accordingly 3 A 256 bit Pairwise Master Key PMK is derived from the authentication process by the RADIUS server and the client 4 The RADIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys The keys ar...

Page 377: ...nged between them Figure 200 WPA 2 PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type MAC address filters are not dependent on how you configure these security features Table 129 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOCOL E...

Page 378: ...red in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an indoor site each 1 dB increase in antenna gain results in a range increase of approximately 2 5 For an unobstructed outdoor site each 1dB increase in gain results in a range increase of approximately 5 Actual results may vary depending on the ...

Page 379: ...overage pattern Angles typically range from 20 degrees very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoor point to point applications Positioning Antennas In general antennas should be mounted as high as practically possible and free of obstructions In point to point application position both antennas at the same height and in a direct line of ...

Page 380: ...Appendix D Wireless LANs VSG1432 B101 Series User s Guide 380 ...

Page 381: ...e type of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanat...

Page 382: ...Internet related command that can be used to find out if a user is logged on FTP TCP TCP 20 21 File Transfer Protocol a program to enable fast transfer of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session of...

Page 383: ...Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or other POP3S TCP 995 This is a more secure version of POP3 that runs over SSL PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_TUNNEL GRE User Defined 47 PPTP Point to Point Tunneling Protocol ena...

Page 384: ...including mainframes midrange systems UNIX systems and network servers SSDP UDP 1900 The Simple Service Discovery Protocol supports Universal Plug and Play UPnP SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access C...

Page 385: ...THRID PARTY S LICENSES OPEN SOURCED COMPONENTS THE OPEN SOURCED COMPONENTS ARE LISTED IN THE NOTICE OR APPENDIX BELOW ZYXEL MAY HAVE DISTRIBUTED TO YOU HARDWARE AND OR SOFTWARE OR MADE AVAILABLE FOR ELECTRONIC DOWNLOADS THESE FREE SOFTWARE PROGRAMS OF THRID PARTIES AND YOU ARE LICENSED TO FREELY COPY MODIFY AND REDISTIBUTE THAT SOFTWARE UNDER THE APPLICABLE LICENSE TERMS OF SUCH THIRD PARTY NONE O...

Page 386: ...pledge as security or otherwise encumber the rights and licenses granted hereunder with respect to the Software ZyXEL is not obligated to provide any maintenance technical or other support for the resultant modified Software You may not copy reverse engineer decompile reverse compile translate adapt or disassemble the Software or any part thereof nor shall you attempt to create the source code fro...

Page 387: ...NS CONTAINED IN THE SOFTWARE WILL MEET ANY REQUIREMENTS OR NEEDS YOU MAY HAVE OR THAT THE SOFTWARE WILL OPERATE ERROR FREE OR IN AN UNINTERUPTED FASHION OR THAT ANY DEFECTS OR ERRORS IN THE SOFTWARE WILL BE CORRECTED OR THAT THE SOFTWARE IS COMPATIBLE WITH ANY PARTICULAR PLATFORM SOME JURISDICTIONS DO NOT ALLOW THE WAIVER OR EXCLUSION OF IMPLIED WARRANTIES SO THEY MAY NOT APPLY TO YOU IF THIS EXCL...

Page 388: ...ing or returning to ZyXEL all copies of the Software and Documentation in your possession or under your control ZyXEL may terminate this License Agreement for any reason including but not limited to if ZyXEL finds that you have violated any of the terms of this License Agreement Upon notification of termination you agree to destroy or return to ZyXEL all copies of the Software and Documentation an...

Page 389: ...support zyxel com tw for a charge of no more than our cost of physically performing source code distribution a complete machine readable copy of the complete corresponding source code for the version of the Programs that we distributed to you if we are in possession of such Notice Information herein is subject to change without notice Companies names and data used in examples herein are fictitious...

Page 390: ...nyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the software or if you modify it For example if you distribute copies of such a program whether gratis or for a fee you must give the recipients all the rights that you have You must make sure that they too receive or can get the source c...

Page 391: ...ty keep intact all the notices that refer to this License and to the absence of any warranty and give any other recipients of the Program a copy of this License along with the Program You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify your copy or copies of the Program or any portion of it thu...

Page 392: ... of Sections 1 and 2 above on a medium customarily used for software interchange or b Accompany it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium custom...

Page 393: ...imposed on you whether by court order agreement or otherwise that contradict the conditions of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Program at all For example if a patent license would no...

Page 394: ...oftware Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMITTED BY APP...

Page 395: ...yle notice and some are under the GPL This Product includes Ssh server dropbear software under MIT style license The MIT License Copyright c year copyright holders Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy ...

Page 396: ... this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of the ORGANIZATION nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRES...

Page 397: ...y arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark ...

Page 398: ...device off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and the receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio TV technician for hel...

Page 399: ...nada Viewing Certifications 1 Go to http www zyxel com 2 Select your product on the ZyXEL home page to go to that product s page 3 Select the certification you wish to view from this page ZyXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase During the...

Page 400: ...Authorization number RMA Products must be returned Postage Prepaid It is recommended that the unit be insured when shipped Any returned products without proof of purchase or those with an out dated warranty will be repaired or replaced at the discretion of ZyXEL and the customer will be billed for parts and labor All repaired or replaced products will be shipped by ZyXEL to the corresponding retur...

Page 401: ...tion 113 115 RADIUS server 115 Auto Configuration Server see ACS 287 B backup configuration 301 Basic Service Set See BSS 365 Basic Service Set see BSS blinking LEDs 30 broadcast 76 BSS 117 365 example 118 C CA 233 372 Canonical Format Indicator See CFI CBR 89 certificate details 239 factory default 234 Certificate Authority See CA certificates 233 authentication 233 CA creating 235 importing 237 ...

Page 402: ...0 Domain Name System see DNS DoS 216 DS field 167 DS dee differentiated services DSCP 167 dynamic DNS 194 wildcard 194 Dynamic Host Configuration Protocol see DHCP dynamic WEP key exchange 373 DYNDNS wildcard 194 E EAP Authentication 371 ECHO 190 e mail log example 297 encapsulation 75 258 PPPoA 86 PPPoE 86 encryption 116 374 ESP 257 ESS 366 Extended Service Set IDentification 94 102 Extended Serv...

Page 403: ...see ILA interface group 211 Internet wizard setup 41 Internet access 24 wizard setup 41 Internet Group Multicast Protocol see IGMP Internet Key Exchange 259 Internet Protocol Security see IPSec IP address 76 87 128 144 ping 305 private 145 IP alias NAT applications 190 IP multicasting 319 IP Sec 245 IPSec 245 algorithms 257 architecture 257 NAT 260 see also VPN L LAN 127 client list 132 DHCP 128 1...

Page 404: ...midity 316 operation temperature 315 outside header 258 P Pairwise Master Key PMK 374 377 passwords 33 34 PBC 120 PCR 88 Per Hop Behavior see PHB 167 PHB 167 PIN WPS 121 example 122 Ping of Death 216 Point to Point Protocol over Ethernet 78 Point to Point Tunneling Protocol 191 POP3 190 port forwarding 176 ports 30 power adaptor 320 power specifications 315 PPP Point to Point Protocol Link Layer P...

Page 405: ...y Log 271 Security Parameter Index 253 Security Parameter Index see SPI service access control 265 Service Set 94 102 Services 190 setup firewalls 217 static route 149 196 285 shaping traffic 88 Single Rate Three Color Marker see srTCM SIP ALG 186 activation 186 SMTP 190 SNMP 190 319 SNMP trap 191 SPI 216 253 srTCM 169 SSID 114 activation 101 MBSSID 118 static route 147 configuration 149 196 285 e...

Page 406: ...tions 129 example 134 installation 134 NAT traversal 128 USB features 26 V VBR 89 VBR nRT 89 VBR RT 89 VCI 87 VDSL 318 band plans 318 HDLC 318 INP 318 MCM 318 profiles 318 SNR 318 SNRM 318 SRA 318 tone spacing 318 TPS TC 318 US0 types 318 VID Virtual Local Area Network See VLAN Virtual Private Network see VPN VLAN 89 Introduction 89 number of possible VIDs priority frame static VLAN ID 90 VLAN Ide...

Page 407: ...110 113 security 114 SSID 114 activation 101 status 72 WDS 107 119 compatibility 107 example 119 WEP 116 WPA 116 WPA PSK 116 WPS 120 122 example 124 limitations 125 PIN 121 push button 31 120 wireless security 369 Wireless tutorial 48 wizard setup Internet 41 WLAN interference 367 security parameters 377 WPA 116 374 key caching 375 pre authentication 375 user authentication 375 vs WPA PSK 375 wire...

Page 408: ...Index VSG1432 B101 Series User s Guide 408 ...

Reviews:

No comments

Related manuals for VSG1432-B101 - V1.10

H3C Voice Gateway H3C VG 10-10 Safety Manual preview
Voice Gateway H3C VG 10-10
Brand: H3C Pages: 31
H3C SR6602-I AI Series Installation Manual preview
SR6602-I AI Series
Brand: H3C Pages: 80
H3C SR6602-I AI Series Hardware Information preview
SR6602-I AI Series
Brand: H3C Pages: 33
H3C SecPath M9000 Series Quick Manual preview
SecPath M9000 Series
Brand: H3C Pages: 4
H3C SecPath M9000 Series Installation, Quick Start preview
SecPath M9000 Series
Brand: H3C Pages: 15
H3C MSR3610-I Series Installation, Quick Start preview
MSR3610-I Series
Brand: H3C Pages: 5
H3C SecPath M9000 Series Compliance And Safety Manual preview
SecPath M9000 Series
Brand: H3C Pages: 57
Arris Touchstone TG1652 User Manual preview
Touchstone TG1652
Brand: Arris Pages: 44
BURG WATCHER TSE 5001 Assembly And User'S Manual preview
TSE 5001
Brand: BURG WATCHER Pages: 21
Cisco D-PCG1000 PowerKEY CAS Datasheet preview
D-PCG1000 PowerKEY CAS
Brand: Cisco Pages: 4
Zte ZXHN H196Q User Manual preview
ZXHN H196Q
Brand: Zte Pages: 22
Philips Dynalite DTK622-USB Installation Instructions preview
Dynalite DTK622-USB
Brand: Philips Pages: 2
Philips Dynalite DMNG232 Installation Instructions preview
Dynalite DMNG232
Brand: Philips Pages: 2
Philips Dynalite DDNI-LON Installation Instructions preview
Dynalite DDNI-LON
Brand: Philips Pages: 2
Philips Dynalite DDNG485 User Manual preview
Dynalite DDNG485
Brand: Philips Pages: 2
Philips Dynalite DDNG232 Installation Instructions preview
Dynalite DDNG232
Brand: Philips Pages: 2
Philips Dynalite DDNG100BT Installation Manual preview
Dynalite DDNG100BT
Brand: Philips Pages: 2
Philips Dynalite DDNG-KNX Installation Instructions preview
Dynalite DDNG-KNX
Brand: Philips Pages: 2

Brands by name

Popular brands

Load more brands