manualshive.com logo in svg

ZyXEL Communications VWG1312-B10A, User Manual

The ZyXEL Communications VWG1312-B10A is a highly reliable and powerful networking solution for homes and small businesses. Enhance your internet experience with its advanced features. Explore all its functionalities and settings by downloading the comprehensive User Manual for free from our website, manualshive.com.

Share
Download
background image

 Chapter 7 Wireless

VMG1312-B10A User’s Guide

129

variety of networks to exist in the same place without interfering with one another. When you 
create a network, you must select a channel to use. 

Since the available unlicensed spectrum varies from one country to another, the number of 
available channels also varies. 

7.10.2  Additional Wireless Terms

The following table describes some wireless network terms and acronyms used in the Device’s Web 
Configurator.

7.10.3  Wireless Security Overview

By their nature, radio communications are simple to intercept. For wireless data networks, this 
means that anyone within range of a wireless network without security can not only read the data 
passing over the airwaves, but also join the network. Once an unauthorized person has access to 
the network, he or she can steal information or introduce malware (malicious software) intended to 
compromise the network. For these reasons, a variety of security systems have been developed to 
ensure that only authorized people can use a wireless data network, or understand the data carried 
on it.

These security standards do two things. First, they authenticate. This means that only people 
presenting the right credentials (often a username and password, or a “key” phrase) can access the 
network. Second, they encrypt. This means that the information sent over the air is encoded. Only 
people with the code key can understand the information, and only people who have been 
authenticated are given the code key.

These security standards vary in effectiveness. Some can be broken, such as the old Wired 
Equivalent Protocol (WEP). Using WEP is better than using no security at all, but it will not keep a 
determined attacker out. Other security standards are secure in themselves but can be broken if a 
user does not use them properly. For example, the WPA-PSK security standard is very secure if you 
use a long key which is difficult for an attacker’s software to guess - for example, a twenty-letter 
long string of apparently random numbers and letters - but it is not very secure if you use a short 
key which is very easy to guess - for example, a three-letter word from the dictionary.

Table 28   

Additional Wireless Terms

TERM

DESCRIPTION

RTS/CTS Threshold

In a wireless network which covers a large area, wireless devices are sometimes not 
aware of each other’s presence. This may cause them to send information to the AP 
at the same time and result in information colliding and not getting through.

By setting this value lower than the default value, the wireless devices must 
sometimes get permission to send information to the Device. The lower the value, the 
more often the devices must get permission.

If this value is greater than the fragmentation threshold value (see below), then 
wireless devices never have to get permission to send information to the Device.

Preamble

A preamble affects the timing in your wireless network. There are two preamble 
modes: long and short.

 

If a device uses a different preamble mode than the Device 

does, it cannot communicate with the Device.

Authentication

The process of verifying whether a wireless device is allowed to use the wireless 
network.

Fragmentation 
Threshold

A small fragmentation threshold is recommended for busy networks, while a larger 
threshold provides faster performance if the network is not very busy.

Summary of Contents for VWG1312-B10A

Page 1: ...com VMG1312 B10A Wireless N VDSL2 4 ports Gateway with USB Copyright 2011 ZyXEL Communications Corporation Firmware Version 1 00 Edition 1 12 2011 Default Login Details IP Address http 192 168 1 1 User Name admin Password 1234 ...

Page 2: ......

Page 3: ... up and running right away It contains information on setting up your network and configuring for Internet access Support Disc Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications Disclaimer Graphics in this book may differ slightly from the product due to differences in operating systems operati...

Page 4: ... stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Log Log Setting means you first click Mai...

Page 5: ...ser s Guide 5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Device icon is not an exact representation of your device Device Computer Notebook computer Server Firewall Telephone Router Switch ...

Page 6: ... for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution If the power adaptor or cord is damaged remove it from the device and the power source Do NOT attempt to rep...

Page 7: ...ity of Service QoS 169 Network Address Translation NAT 187 Dynamic DNS Setup 203 Interface Group 207 USB Service 213 Firewall 219 MAC Filter 229 Parental Control 231 Scheduler Rules 235 Certificates 237 Log 245 Traffic Status 249 ARP Table 253 Routing Table 255 IGMP Status 257 xDSL Statistics 259 User Account 263 Remote Management 265 TR 069 Client 267 TR 064 269 Time Settings 271 E mail Notificat...

Page 8: ...Contents Overview VMG1312 B10A User s Guide 8 Troubleshooting 291 ...

Page 9: ... Good Habits for Managing the Device 21 1 4 Applications for the Device 22 1 4 1 Internet Access 22 1 4 2 Device s USB Support 23 1 5 LEDs Lights 24 1 6 The RESET Button 25 1 7 Wireless Access 25 1 7 1 Using the WLAN WPS Button 26 Chapter 2 The Web Configurator 27 2 1 Overview 27 2 1 1 Accessing the Web Configurator 27 2 2 Web Configurator Layout 29 2 2 1 Title Bar 29 2 2 2 Main Window 30 2 2 3 Na...

Page 10: ... Your Device 56 4 7 3 Testing the DDNS Setting 56 4 8 Configuring the MAC Address Filter 57 4 9 Access Your Shared Files From a Computer 58 4 10 Using the Media Server Feature 59 4 10 1 Configuring the Device 59 4 10 2 Using Windows Media Player 59 4 10 3 Using a Digital Media Adapter 62 4 11 Using the Print Server Feature 64 Part II Technical Reference 79 Chapter 5 Network Map and Status Screens ...

Page 11: ...PS Screen 120 7 6 The WMM Screen 122 7 7 The WDS Screen 123 7 7 1 WDS Scan 124 7 8 The Others Screen 125 7 9 The Channel Status Screen 127 7 10 Technical Reference 127 7 10 1 Wireless Network Overview 127 7 10 2 Additional Wireless Terms 129 7 10 3 Wireless Security Overview 129 7 10 4 Signal Problems 131 7 10 5 BSS 132 7 10 6 MBSSID 132 7 10 7 Preamble Type 133 7 10 8 Wireless Distribution System...

Page 12: ...ding Screen 165 9 3 1 Add Edit Policy Forwarding 167 Chapter 10 Quality of Service QoS 169 10 1 Overview 169 10 1 1 What You Can Do in this Chapter 169 10 2 What You Need to Know 170 10 3 The Quality of Service General Screen 171 10 4 The Queue Setup Screen 172 10 4 1 Adding a QoS Queue 174 10 5 The Class Setup Screen 174 10 5 1 Add Edit QoS Class 176 10 6 The QoS Policer Setup Screen 179 10 6 1 A...

Page 13: ... What You Can Do in this Chapter 203 12 1 2 What You Need To Know 204 12 2 The DNS Entry Screen 204 12 2 1 Add Edit DNS Entry 205 12 3 The Dynamic DNS Screen 205 Chapter 13 Interface Group 207 13 1 Overview 207 13 1 1 What You Can Do in this Chapter 207 13 2 The Interface Group Screen 207 13 2 1 Interface Group Configuration 208 13 2 2 Interface Grouping Criteria 210 Chapter 14 USB Service 213 14 ...

Page 14: ...Overview 231 17 2 The Parental Control Screen 231 17 2 1 Add Edit a Parental Control Rule 232 Chapter 18 Scheduler Rules 235 18 1 Overview 235 18 2 The Scheduler Rules Screen 235 18 2 1 Add Edit a Schedule 236 Chapter 19 Certificates 237 19 1 Overview 237 19 1 1 What You Can Do in this Chapter 237 19 2 What You Need to Know 237 19 3 The Local Certificates Screen 238 19 3 1 Create Certificate Reque...

Page 15: ...22 ARP Table 253 22 1 Overview 253 22 1 1 How ARP Works 253 22 2 ARP Table Screen 253 Chapter 23 Routing Table 255 23 1 Overview 255 23 2 The Routing Table Screen 255 Chapter 24 IGMP Status 257 24 1 Overview 257 24 2 The IGMP Group Status Screen 257 Chapter 25 xDSL Statistics 259 25 1 The xDSL Statistics Screen 259 Chapter 26 User Account 263 26 1 Overview 263 26 2 The User Account Screen 263 Chap...

Page 16: ...tion Screen 275 31 2 1 Email Notification Edit 276 Chapter 32 Logs Setting 277 32 1 Overview 277 32 2 The Log Settings Screen 277 32 2 1 Example E mail Log 278 Chapter 33 Firmware Upgrade 281 33 1 Overview 281 33 2 The Firmware Screen 281 Chapter 34 Configuration 283 34 1 Overview 283 34 2 The Configuration Screen 283 34 3 The Reboot Screen 285 Chapter 35 Diagnostic 286 35 1 Overview 286 35 1 1 Wh...

Page 17: ... 36 3 Internet Access 294 36 4 Wireless Internet Access 295 36 5 USB Device Connection 296 36 6 UPnP 296 Appendix A Setting up Your Computer s IP Address 299 Appendix B IP Addresses and Subnetting 321 Appendix C Pop up Windows JavaScripts and Java Permissions 329 Appendix D Wireless LANs 339 Appendix E IPv6 353 Appendix F Services 361 Appendix G Legal Information 365 Index 369 ...

Page 18: ...Table of Contents VMG1312 B10A User s Guide 18 ...

Page 19: ...19 PART I User s Guide ...

Page 20: ...20 ...

Page 21: ...is recommended for everyday management of the Device using a supported web browser TR 069 This is an auto configuration server used to remotely configure your device 1 3 Good Habits for Managing the Device Do the following things regularly to make the Device more secure and to manage the Device more effectively Change the password Use a password that s not easy to guess and that consists of differ...

Page 22: ... layer 2 interfaces that you configure in the Device Refer to Section 6 2 on page 88 for the Network Setting Broadband screen Computers can connect to the Device s LAN ports or wirelessly Figure 1 Device s Internet Access Application You can also configure IP filtering on the Device for secure Internet access When the IP filter is on all incoming traffic from the Internet to your network is blocke...

Page 23: ...USB hard drive B You can connect one USB hard drive to the Device at a time Use FTP to access the files on the USB device Figure 2 USB File Sharing Application Media Server You can also use the Device as a media server This lets anyone on your network play video music and photos from a USB device B connected to the Device s USB port without having to copy them to another computer Figure 3 USB Medi...

Page 24: ...king Firmware upgrade is in progress ETHERNET 1 4 Green On The Device has a successful 100 Mbps Ethernet connection with a device on the Local Area Network LAN Blinking The Device is sending or receiving data to from the LAN at 100 Mbps Off The Device does not have an Ethernet connection with the LAN WLAN WPS Green On The wireless network is activated Blinking The Device is communicating with othe...

Page 25: ...t AP for wireless clients such as notebook computers or PDAs and iPads It allows them to connect to the Internet without having to rely on inconvenient Ethernet cables INTERNET Green On The Device has an IP connection but no traffic Your device has a WAN IP address either static or assigned by a DHCP server PPP negotiation was successfully completed if used and the DSL connection is up Blinking Th...

Page 26: ... secure wireless connection between the Device and a WPS compatible client by adding one device at a time To activate WPS 1 Make sure the POWER LED is on and not blinking 2 Press the WLAN WPS button for five seconds and release it 3 Press the WPS button on another WPS enabled device within range of the Device The WLAN WPS LED flashes orange while the Device sets up a WPS connection with the other ...

Page 27: ...e 329 if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Configurator 1 Make sure your Device hardware is properly connected refer to the Quick Start Guide 2 Launch your web browser If the Device does not automatically re direct you to the login screen go to http 192 168 1 1 3 A password screen displays To access the administrative web configurator an...

Page 28: ...d to the main menu if you do not want to change the password now Figure 7 Change Password Screen 5 The Quick Start Wizard screen appears You can configure the Device s time zone basic Internet access and wireless settings See Chapter 3 on page 35 for more information 6 After you finished or closed the Quick Start Wizard screen the Network Map page appears Figure 8 Network Map 7 Click Status to dis...

Page 29: ...ndow C navigation panel 2 2 1 Title Bar The title bar provides some icons in the upper right corner The icons provide the following functions B C A Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Quick Start Click this icon to open screens where you can configure the Device s time zone Internet access and wireless settings Logout Click this icon to log out of the web configurator ...

Page 30: ...ice s ports The connected ports are in color and disconnected ports are gray Figure 10 Virtual Device 2 2 3 Navigation Panel Use the menu items on the navigation panel to open screens to configure Device features The following tables describe each menu item Table 3 Navigation Panel Summary LINK TAB FUNCTION Connection Status This screen shows the network status of the Device and computers devices ...

Page 31: ...evices when they request IP addresses 5th Ethernet Port Use this screen to configure the Ethernet WAN port as a LAN port Routing Static Route Use this screen to view and set up static routes on the Device Policy Forwarding Use this screen to configure policy routing on the Device QoS General Use this screen to enable QoS and traffic prioritizing You can also configure the QoS rules and actions Que...

Page 32: ...System Log Use this screen to view the status of events that occurred to the Device You can export or e mail the logs Security Log Use this screen to view the login record of the Device You can export or e mail the logs Traffic Status WAN Use this screen to view the status of all network traffic going through the WAN port of the Device LAN Use this screen to view the status of all network traffic ...

Page 33: ...aceroute Nslookup Use this screen to identify problems with the DSL connection You can use Ping TraceRoute or Nslookup to help you identify problems 802 1ag Use this screen to configure CFM Connectivity Fault Management MD maintenance domain and MA maintenance association perform connectivity tests and view test reports OAM Ping Use this screen to view information to help you identify problems wit...

Page 34: ...Chapter 2 The Web Configurator VMG1312 B10A User s Guide 34 ...

Page 35: ...technical reference chapters starting on page 79 for background information on the features in this chapter 3 2 Quick Start Setup 1 The Quick Start Wizard appears automatically after login Or you can click the Click Start icon in the top right corner of the web configurator to open the quick start screens Select the time zone of the Device s location and click Next Figure 11 Time Zone ...

Page 36: ...pending on your current connection type Click Next Click Next Figure 12 Internet Connection 3 Turn the wireless LAN on or off If you keep it on record the security settings so you can configure your wireless clients to connect to the Device Click Save Figure 13 Internet Connection 4 Your Device saves your settings and attempts to connect to the Internet ...

Page 37: ...d Files From a Computer see page 58 Using the Media Server Feature see page 59 Using the Print Server Feature see page 64 4 2 Setting Up an ADSL PPPoE Connection This tutorial shows you how to set up your Internet connection using the Web Configurator If you connect to the Internet through an ADSL connection use the information from your Internet Service Provider ISP to configure the Device Be sur...

Page 38: ...ovider 5 Configure this rule as your default Internet connection by selecting the Apply as Default Gateway check box Then select DNS as Static and enter the DNS server addresses provided to you such as 192 168 5 2 DNS server1 192 168 5 1 DNS server2 6 Leave the rest of the fields to the default settings Connection Mode Routing Encapsulation PPPoE IPv6 IPv4 Mode IPv4 ATM PVC Configuration VPI VCI 3...

Page 39: ...Chapter 4 Tutorials VMG1312 B10A User s Guide 39 7 Click Apply to save your settings ...

Page 40: ... can use his notebook to access the Internet In this wireless network the Device serves as an access point AP and the notebook is the wireless client The wireless client can access the Internet through the AP Thomas has to configure the wireless network settings on the Device Then he can set up a wireless network using WPS Section 4 3 2 on page 42 or manual configuration Section 4 3 3 on page 45 4...

Page 41: ... screen using the provided parameters see page 40 Click Apply 2 Go to the Wireless Others screen and select 802 11b g n Mixed in the 802 11 Mode field Click Apply Thomas can now use the WPS feature to establish a wireless connection between his notebook and the Device see Section 4 3 2 on page 42 He can also use the notebook s wireless client to search for the Device see Section 4 3 3 on page 45 ...

Page 42: ... PIN on the Device A wireless client must also use the same PIN in order to download the wireless network settings from the Device Push Button Configuration PBC 1 Make sure that your Device is turned on and your notebook is within the cover range of the wireless signal 2 Make sure that you have installed the wireless client driver and utility in your notebook 3 In the wireless client utility go to...

Page 43: ...utton within two minutes of pressing the first one The Device sends the proper configuration settings to the wireless client This may take up to two minutes The wireless client is then able to communicate with the Device securely The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both Device and wireless client Example WPS Process...

Page 44: ...IN number 2 Log into Device s web configurator and go to the Network Setting Wireless WPS screen Enable the WPS function and click Apply 3 Enter the PIN number of the wireless client and click the Register button Activate WPS function on the wireless client utility screen within two minutes The Device authenticates the wireless client and sends the proper configuration settings to the wireless cli...

Page 45: ...reless adapter s utility installed on the notebook to search for the Example SSID Then enter the DoNotStealMyWirelessNetwork pre shared key to establish an wireless Internet connection Note The Device supports IEEE 802 11b and IEEE 802 11g wireless clients Make sure that your notebook or computer s wireless adapter supports one of these standards Authentication by PIN SECURITY INFO WITHIN 2 MINUTE...

Page 46: ... A will use a general Company wireless network group Higher management level and important visitors will use the VIP group Visiting guests will use the Guest group which has a lower security mode Company A will use the following parameters to set up the wireless network groups COMPANY VIP GUEST SSID Company VIP Guest Security Level More Secure More Secure Basic Security Mode WPA2 PSK WPA2 PSK Stat...

Page 47: ...he General screen Use this screen to set up the company s general wireless network group Configure the screen using the provided parameters and click Apply 2 Click Network Setting Wireless More AP to open the following screen Click the Edit icon to configure the second wireless network group ...

Page 48: ...pter 4 Tutorials VMG1312 B10A User s Guide 48 3 Configure the screen using the provided parameters and click Apply 4 In the More AP screen click the Edit icon to configure the third wireless network group ...

Page 49: ... Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions you may connect a router to the Device s LAN The router may be used to separate two department networks This tutorial shows how to configure a static routing rule for two network routings In the following figure router R is connected to the Device s LAN R connects to two networks N1 192 16...

Page 50: ...le on the Device to specify R as the router in charge of forwarding traffic to N2 In this case the Device routes traffic from A to R and then R routes the traffic to B This tutorial uses the following example IP settings Table 4 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The Device s WAN 172 16 1 1 The Device s LAN 192 168 1 1 IP Type IPv4 Use Interface ADSL atm0 A 192 168 1 34 R s N1...

Page 51: ...ck box Enter the Route Name as R 4b Set IP Type to IPv4 4c Type 192 168 10 0 and subnet mask 255 255 255 0 for the destination N2 4d Select Enable in the Use Gateway IP Address field Type 192 168 1 253 R s N1 address in the Gateway IP Address field 4e Select ADSL atm0 as the Use Interface 4a Click OK Now B should be able to receive traffic from A You may need to additionally configure B s firewall...

Page 52: ...ssion bandwidth of 10 000 kbps For this example you want to configure QoS so that e mail traffic gets the highest priority with at least 5 000 kbps You can do the following Configure a queue to assign the highest priority queue 1 to e mail traffic going to the WAN interface so that e mail traffic would not get delayed when there is network congestion Note the IP address 192 168 1 23 for example an...

Page 53: ...kbps or leave this blank to have the Device automatically determine this figure Click Apply Tutorial Advanced QoS 2 Click Queue Setup Add new Queue to create a new queue In the screen that opens check Active and enter or select the following values Name E mail Interface WAN Priority 1 High Weight 8 Rate Limit 5 000 kbps Tutorial Advanced QoS Queue Setup ...

Page 54: ... is the interface from which the traffic will be coming from Select LAN1 for this example Ether Type Select IP to identify the traffic source by its IP address or MAC address IP Address Type the IP address of your computer 192 168 1 23 Type the IP Subnet Mask if you know it MAC Address Type the MAC address of your computer AA FF AA FF AA FF Type the MAC Mask if you know it To Queue Index Link this...

Page 55: ...a domain name To use this feature you have to apply for DDNS service at www dyndns org This tutorial covers Registering a DDNS Account on www dyndns org Configuring DDNS on Your Device Testing the DDNS Setting Note If you have a private WAN IP address then you cannot use DDNS 4 7 1 Registering a DDNS Account on www dyndns org 1 Open a browser and type http www dyndns org 2 Apply for a user account...

Page 56: ...elrouter dyndns org in the Host Name field Enter the user name UserName1 and password 12345 Click Apply 4 7 3 Testing the DDNS Setting Now you should be able to access the Device from the Internet To test this 1 Open a web browser on the computer using the IP address a b c d that is connected to the Internet 2 Type http zyxelrouter dyndns org and press Enter 3 The Device s login page should appear...

Page 57: ...te on preparing for her final exams Josephine s computer connects wirelessly to the Internet through the Device Thomas decides to use the Security MAC Filter screen to grant wireless network access to his computer but not to Josephine s computer 1 Click Security MAC Filter to open the MAC Filter screen Select the Enable check box to activate MAC filter function 2 Select Allow Then enter the host n...

Page 58: ...From a Computer Here is how to use an FTP program to access a file storage device connected to the Device s USB port Note This example uses the FileZilla FTP program to browse your shared files 1 In FileZilla enter the IP address of the Device the default is 192 168 1 1 your account s user name and password and port 21 and click Quickconnect A screen asking for password authentication appears File...

Page 59: ...rrect hardware connections Before you begin connect the USB storage device containing the media files you want to play to the USB port of your Device 4 10 1 Configuring the Device Note The Media Server feature is enabled by default To use your Device as a media server click Network Setting Home Networking Media Server Tutorial USB Services Media Server Check Enable Media Server and click Apply Thi...

Page 60: ...indows Vista 1 Open Windows Media Player and click Library Media Sharing as follows Tutorial Media Sharing using Windows Vista 2 Check Find media that others are sharing in the following screen and click OK Tutorial Media Sharing using Windows Vista 2 ...

Page 61: ...e Device displays as a playlist Clicking on the category icons in the right panel shows you the media files in the USB storage device attached to your Device Windows 7 1 Open Windows Media Player It should automatically detect the Device Tutorial Media Sharing using Windows 7 1 If you cannot see the Device in the left panel as shown above right click Other Libraries Refresh Other Libraries ...

Page 62: ...ld see a list of files available in the USB storage device Tutorial Media Sharing using Windows 7 2 4 10 3 Using a Digital Media Adapter This section shows you how you can use the Device with a ZyXEL DMA 2500 to play media files stored in the USB storage device in your TV screen Note For this tutorial your DMA 2500 should already be set up with the TV according to the instructions in the DMA 2500 ...

Page 63: ...een to appear Using the remote control go to MyMedia to open the following screen Select the Device as your media server Tutorial Media Sharing using DMA 2500 3 The screen shows you the list of available media files in the USB storage device Select the file you want to open and push the Play button in the remote control Tutorial Media Sharing using DMA 2500 2 DMA 2500 ZyXEL Device USB Storage Devi...

Page 64: ... items may look different on your operating system The TCP IP port must be configured with the IP address of the Device and must use the RAW protocol to communicate with the printer Consult your operating systems documentation for instructions on how to do this or follow the instructions below if you have a Windows 2000 XP operating system 1 Click Start Settings then right click on Printers and se...

Page 65: ...lick on your printer and select Properties Tutorial Open Printer Properties 4 Select the Ports tab and click Add Port Tutorial Printer Properties Window 5 A Printer Ports window appears Select Standard TCP IP Port and click New Port Tutorial Add a Port Window ...

Page 66: ...e to which the printer is connected in the Printer Name or IP Address field In our example we use the default IP address of the Device 192 168 1 1 The Port Name field updates automatically to reflect the IP address of the port Click Next Note The computer from which you are configuring the TCP IP printer port must be on the same LAN in order to use the printer sharing function Tutorial Enter IP Ad...

Page 67: ...Custom under Device Type and click Settings Tutorial Custom Port Settings 9 Confirm the IP address of the Device in the IP Address field 10 Select Raw under Protocol 11 The Port Number is automatically configured as 9100 Click OK Tutorial Custom Port Settings ...

Page 68: ...ndow Tutorial Finish Adding the TCP IP Port 13 Repeat steps 1 to 12 to add this printer to other computers on your network Add a New Printer Using Windows This example shows how to connect a printer to your Device using the Windows XP Professional operating system Some menu items may look different on your operating system ...

Page 69: ... User s Guide 69 1 Click Start Control Panel Printers and Faxes to open the Printers and Faxes screen Click Add a Printer Tutorial Printers Folder 2 The Add Printer Wizard screen displays Click Next Tutorial Add Printer Wizard Welcome ...

Page 70: ... Guide 70 3 Select Local printer attached to this computer and click Next Tutorial Add Printer Wizard Local or Network Printer 4 Select Create a new port and Standard TCP IP Port Click Next Tutorial Add Printer Wizard Select the Printer Port ...

Page 71: ...e to which the printer is connected in the Printer Name or IP Address field In our example we use the default IP address of the Device 192 168 1 1 The Port Name field updates automatically to reflect the IP address of the port Click Next Note The computer from which you are configuring the TCP IP printer port must be on the same LAN in order to use the printer sharing function Tutorial Enter IP Ad...

Page 72: ...ck Settings Tutorial Custom Port Settings 8 Confirm the IP address of the Device in the Printer Name or IP Address field 9 Select Raw under Protocol 10 The Port Number is automatically configured as 9100 Click OK to go back to the previous screen and click Next Tutorial Custom Port Settings ...

Page 73: ... to the print server in the Manufacturer list of printers 13 Select the printer model from the list of Printers 14 If your printer is not displayed in the list of Printers you can insert the printer driver installation CD disk or download the driver file to your computer click Have Disk and install the new printer driver 15 Click Next to continue Tutorial Add Printer Wizard Printer Driver ...

Page 74: ...printer driver installed on your computer and you do not want to change it Otherwise select Replace existing driver to replace it with the new driver you selected in the previous screen and click Next Tutorial Add Printer Wizard Use Existing Driver 17 Type a name to identify the printer and then click Next to continue Tutorial Add Printer Wizard Name Your Printer ...

Page 75: ... in the same network just select Do not share this printer and click Next to proceed to the following screen Tutorial Add Printer Wizard Printer Sharing 19 Select Yes and then click the Next button if you want to print a test page A pop up screen displays to ask if the test page printed correctly Otherwise select No and then click Next to continue Tutorial Add Printer Wizard Print Test Page ...

Page 76: ... up a print server driver on your Macintosh computer 1 Click the Print Center icon located in the Macintosh Dock a place holding a series of icons shortcuts at the bottom of the desktop Proceed to step 6 to continue If the Print Center icon is not in the Macintosh Dock proceed to the next step 2 On your desktop double click the Macintosh HD icon to open the Macintosh HD window Tutorial Macintosh H...

Page 77: ...l Utilities Folder 6 Click the Add icon at the top of the screen Tutorial Printer List Folder 7 Set up your printer in the Printer List configuration screen Select IP Printing from the drop down list box 8 In the Printer s Address field type the IP address of your Device 9 Deselect the Use default queue on server check box 10 Type LP1 in the Queue Name field ...

Page 78: ...ation 12 Click Add to select a printer model save and close the Printer List configuration screen Tutorial Printer Model 13 The Name LP1 on 192 168 1 1 displays in the Printer List field The default printer Name displays in bold type Tutorial Print Server Your Macintosh print server driver setup is complete You can now use the Device s print server to print from a Macintosh computer ...

Page 79: ...79 PART II Technical Reference ...

Page 80: ...80 ...

Page 81: ...nt status of the Device system resources and interfaces LAN WAN and WLAN 5 2 The Network Map Screen Use this screen to view the network connection status of the device and its clients A warning message appears if there is a connection problem If you prefer to view the status in a list click List View in the Viewing Mode selection box You can configure how often you want the Device to update this s...

Page 82: ...k Change icon name In List Mode you can also view the client s information 5 3 The Status Screen Use this screen to view the status of the Device Click Status to open this screen Figure 16 Status Screen Each field is described in the following table Table 5 Status Screen LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen Device Information Host Name This ...

Page 83: ...N Relay The Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients None The Device is not providing any DHCP services to the LAN MAC Address This shows the LAN Ethernet adapter MAC Media Access Control Address of your Device WLAN Information MAC Address This shows the wireless adapter MAC Media Access Control Address of your Device S...

Page 84: ...pplications to have more throughput you should turn off other applications for example using QoS see Chapter 10 on page 169 Memory Usage This field displays what percentage of the Device s memory is currently used Usually this percentage should not increase much If memory usage does get close to 100 the Device is probably becoming unstable and you should restart the device See Section 34 2 on page...

Page 85: ...uters in other locations Figure 17 LAN and WAN 3G third generation standards for the sending and receiving of voice video and data in a mobile environment You can attach a 3G wireless adapter to the USB port and set the Device to use this 3G connection as your WAN or a backup when the wired WAN connection fails Figure 18 3G WAN Connection 6 1 1 What You Can Do in this Chapter Use the Broadband scr...

Page 86: ...d by the Device to communicate with other devices in other networks It can be static fixed or dynamically assigned by the ISP each time the Device tries to access the Internet If your ISP assigns you a static WAN IP address they should also assign you the subnet mask and DNS server IP address es ATM Asynchronous Transfer Mode ATM is a WAN networking technology that provides high speed data transfe...

Page 87: ...8 IP addresses The Device can use IPv4 IPv6 dual stack to connect to IPv4 and IPv6 networks and supports IPv6 rapid deployment 6RD IPv6 Addressing The 128 bit IPv6 address is written as eight 16 bit hexadecimal blocks separated by colons This is an example IPv6 address 2001 0db8 1a2b 0015 0000 0000 1a2f 0000 IPv6 addresses can be abbreviated in two ways Leading zeros in a block can be omitted So 2...

Page 88: ...dband LABEL DESCRIPTION Add new WAN Interface Click this button to create a new connection This is the index number of the entry Name This is the service name of the connection Type This shows whether it is an ATM PTM or Ethernet connection Mode This shows whether the connection is in routing or bridge mode Encapsulation This is the method of encapsulation used by this connection 802 1p This indic...

Page 89: ...e computers to share an Internet account The following example screen displays when you select the ADSL over ATM connection type Routing mode and PPPoE encapsulation The screen varies when you select other interface type encapsulation and IPv6 IPv4 mode Figure 20 Routing Mode MLD Proxy This shows whether Multicast Listener Discovery MLD is activated or not for this connection MLD is not available ...

Page 90: ...capsulation field EoA Ethernet over ATM uses an Ethernet header in the packet so that you can have multiple services connections over one PVC You can set each connection to have its own MAC address or all connections share one MAC address but use different VLAN IDs for different services EoA supports ENET ENCAP IPoE PPPoE and RFC1483 2684 bridging encapsulation methods PPPoA PPP over ATM allows ju...

Page 91: ...user domain where domain identifies a service name then enter both components exactly as given PPP Password Enter the password associated with the user name above PPP Auto Connect Select this option if you do not want the connection to time out IDLE Timeout This value specifies the time in minutes that elapses before the router automatically disconnects from the PPPoE server This field is not conf...

Page 92: ...4 Mode field IPv6 Address Select Automatic if you want to have the Device use the IPv6 prefix from the connected router s Router Advertisement RA to generate an IPv6 address Select the Get IPv6 Address From DHCPv6 Server checkbox if you want to obtain an IPv6 address from a DHCPv6 server The IP address assigned by a DHCPv6 server has priority over the IP address automatically generated by the Devi...

Page 93: ... the Type is set to ADSL VDSL over PTM Active Select this option to add the VLAN tag specified below to the outgoing traffic through this connection 802 1p IEEE 802 1p defines up to 8 separate traffic types by inserting a tag into a MAC layer frame that contains bits to define class of service Select the IEEE 802 1p priority level from 0 to 7 to add to traffic through this connection The greater t...

Page 94: ...f you select Bridge you cannot use routing functions such as QoS Firewall DHCP server and NAT on traffic from the selected LAN port s VLAN This section is available only when you select ADSL VDSL over PTM in the Type field Active Select this to add the VLAN Tag specified below to the outgoing traffic through this connection 802 1p IEEE 802 1p defines up to 8 separate traffic types by inserting a t...

Page 95: ...ns such as QoS Firewall DHCP server and NAT on traffic from the selected LAN port s ATM PVC Configuration These fields appear when the Type is set to ADSL over ATM VPI The valid range for the VPI is 0 to 255 Enter the VPI assigned to you VCI The valid range for the VCI is 32 to 65535 0 to 31 is reserved for local management of ATM traffic Enter the VCI assigned to you DSL Link Type This field is n...

Page 96: ...ect UBR Without PCR or UBR With PCR for applications that are non time sensitive such as e mail Select CBR Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select Non Realtime VBR non real time Variable Bit Rate for connections that do not require closely controlled delay and delay variation Select Realtime VBR real time Variable Bit Rate for applications with bur...

Page 97: ... want the Device to ping check the connection status of your WAN You can configure the frequency of the ping check and number of consecutive failures before triggering 3G backup Check Cycle Enter the frequency of the ping check in this field Consecutive Fail Enter how many consecutive failures are required before 3G backup is triggered Ping Default Gateway Select this to have the Device ping the W...

Page 98: ...onnection up all the time and specify an idle time out in the Max Idle Timeout field Max Idle Timeout This value specifies the time in minutes that elapses before the Device automatically disconnects from the ISP Obtain an IP Address Automatically Select this option If your ISP did not assign you a fixed IP address Use the following static IP address Select this option If the ISP assigned a fixed ...

Page 99: ...hly budget restart so if you configured the time and data budget counters to reset on the second day of the month and you use this button on the first the time and data budget counters will still reset on the second Actions before over budget Specify the actions the Device takes before the time or data limit exceeds Enable of time budget data budget Mbytes data budget kPackets Select Enable and en...

Page 100: ...ble to use PTM over ADSL Since PTM has less overhead than ATM some ISPs use PTM over ADSL for better performance Annex M You can enable Annex M for the Device to use double upstream mode to increase the maximum upstream transfer rate PhyR US Enable or disable PhyR US upstream for upstream transmission to the WAN PhyR US should be enabled if data being transmitted upstream is sensitive to noise How...

Page 101: ...ctive Interface This is the interface that uses the authentication This displays N A when there is no interface assigned EAP Identity This shows the EAP identity of the authentication This displays N A when there is no EAP identity assigned EAP method This shows the EAP method used in the authentication This displays N A when there is no EAP method assigned Bidirectional Authentication This shows ...

Page 102: ...tication Select this to enable the authentication Clear this to disable this authentication without having to delete the entry EAP Identity Enter the EAP identity of the authentication EAP method This is the EAP method used for this authentication Enable Bidirectional Authentication Select this to allow bidirectional authentication Certificate Select the certificate you want to assign to the authe...

Page 103: ...ionality in a manner similar to dial up services using PPP PPPoE is an IETF standard RFC 2516 specifying how a personal computer PC interacts with a broadband modem DSL cable wireless etc connection For the service provider PPPoE offers an access and authentication method that works with existing access control systems for example RADIUS One of the benefits of PPPoE is the ability to let you acces...

Page 104: ...er and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network This agreement helps eliminate congestion which is important for transmission of real time data such as audio and video connections Peak Cell Rate PCR is the maximum rate at which the sender can send cells This parameter may be lower but not higher than the maximum line speed 1 ATM cell is ...

Page 105: ... RT or non real time VBR nRT connections The VBR RT real time Variable Bit Rate type is used with bursty connections that require closely controlled delay and delay variation It also provides a fixed amount of bandwidth a PCR is specified but is only available when data is being sent An example of an VBR RT connection would be video conferencing Video conferencing requires real time data transfers...

Page 106: ...a specific broadcast domain Introduction to IEEE 802 1Q Tagged VLAN A tagged VLAN uses an explicit tag VLAN ID in the MAC header to identify the VLAN membership of a frame across bridges they are not confined to the switch on which they were created The VLANs can be created statically by hand or dynamically through GVRP The VLAN ID associates a frame with a specific VLAN and provides the informati...

Page 107: ...S to map a domain name to its corresponding IP address and vice versa for instance the IP address of www zyxel com is 204 217 0 2 The DNS server is extremely important because without it you must know the IP address of a computer before you can access it The Device can get the DNS server addresses in the following ways 1 The ISP tells you the DNS server addresses usually in the form of an informat...

Page 108: ...dband VMG1312 B10A User s Guide 108 compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means that the first 32 bits 2001 db8 is the subnet prefix ...

Page 109: ...ication screen to allow or deny wireless clients based on their MAC addresses from connecting to the Device Section 7 4 on page 119 Use the WPS screen to enable or disable WPS view or generate a security PIN Personal Identification Number Section 7 5 on page 120 Use the WMM screen to enable Wi Fi MultiMedia WMM to ensure quality of service in wireless networks for multimedia applications Section 7...

Page 110: ...quire a license to use However wireless networking is different from that of most traditional radio communications in that there a number of wireless networking standards available with different methods of data encryption Finding Out More See Section 7 10 on page 127 for advanced technical information on wireless networks 7 2 The General Screen Use this screen to enable the Wireless LAN enter the...

Page 111: ...e channel may help Try to use a channel that is as many channels away from any channels used by neighboring APs as possible The channel number which the Device is currently using then displays next to this field more less Click more to show more information Click less to hide them Bandwidth Select whether the Device uses a wireless channel width of 20MHz or 40MHz A standard 20MHz channel offers tr...

Page 112: ...me SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool Client Isolation Select this to keep the wireless clients in this SSID from communicating with each other through the Device MBSSID LAN Isolation Select ...

Page 113: ... can be broken by an attacker using widely available software It is strongly recommended that you use a more effective security mechanism Use the strongest security mechanism that all the wireless devices in your network support For example use WPA PSK or WPA2 PSK if all your wireless devices support it or use WPA or WPA2 if your wireless devices support it and you have a RADIUS server If your wir...

Page 114: ...will not be configurable when you select this option Password 1 4 The password WEP keys are used to encrypt data Both the Device and the wireless stations must use the same password WEP key for data transmission If you chose 64 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F ...

Page 115: ...n Table 18 Wireless General More Secure WPA 2 PSK LABEL DESCRIPTION Security Level Select More Secure to enable WPA 2 PSK data encryption Security Mode Select WPA PSK or WPA2 PSK from the drop down list box Generate password automatically Select this option to have the Device automatically generate a password The password field will not be configurable when you select this option Password The encr...

Page 116: ...k Network Setting Wireless to display the General screen Select More Secure as the security level Then select WPA or WPA2 from the Security Mode list Figure 32 Wireless General More Secure WPA 2 The following table describes the labels in this screen Encryption Select the encryption type AES or TKIP AES for data encryption Select AES if your wireless clients can all use AES Select TKIP AES to allo...

Page 117: ...s to hide them WPA Compatible This field is only available for WPA2 Select this if you want the Device to support WPA and WPA2 simultaneously Encryption Select the encryption type AES or TKIP AES for data encryption Select AES if your wireless clients can all use AES Select TKIP AES to allow the wireless clients to use either TKIP or AES WPA2 Pre Authentication This field is available only when yo...

Page 118: ...at this SSID is active A gray bulb signifies that this SSID is not active SSID An SSID profile is the set of parameters relating to one of the Device s BSSs The SSID Service Set IDentifier identifies the Service Set with which a wireless device is associated This field displays the name of the wireless profile on the network When a wireless client scans for an AP to associate with this is the name...

Page 119: ...ireless Network Name SSID The SSID Service Set IDentity identifies the service set with which a wireless device is associated Wireless devices associating to the access point AP must have the same SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID t...

Page 120: ...ings MAC Restrict Mode Define the filter action for the list of MAC addresses in the MAC Address table Select Disable to turn off MAC filtering Select Deny to block access to the Device MAC addresses not listed will be allowed to access the Device Select Allow to permit access to the Device MAC addresses not listed will be denied access to the Device Add new MAC address Click this if you want to a...

Page 121: ... Click this button to add another WPS enabled wireless device within wireless range of the Device to your wireless network This button may either be a physical button on the outside of device or a menu button similar to the Connect button on this screen Note You must press the other wireless device s WPS button within two minutes of pressing this button Method 2 Use this section to set up a WPS wi...

Page 122: ... save your changes Cancel Click Cancel to restore your previously saved settings Table 23 Network Setting Wireless WPS continued LABEL DESCRIPTION Table 24 Network Setting Wireless WMM LABEL DESCRIPTION WMM Select On to have the Device automatically give a service a priority level according to the ToS value in the IP header of packets it sends WMM QoS Wifi MultiMedia Quality of Service gives high ...

Page 123: ...ts Note At the time of writing WDS is compatible with other ZyXEL APs only Not all models support WDS links Check your other AP s documentation Click Network Setting Wireless WDS The following screen displays Figure 38 Network Setting Wireless WDS The following table describes the labels in this screen Table 25 Network Setting Wireless WDS LABEL DESCRIPTION Wireless Bridge Setup AP Mode Select the...

Page 124: ...ick the Edit icon and type the MAC address of the peer device in a valid MAC address format six hexadecimal character pairs for example 12 34 56 78 9a bc Click the Delete icon to remove this entry Scan Click the Scan icon to search and display the available APs within range Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 25 Network Setting...

Page 125: ...cify the interval in minutes for how often the Device scans for the best channel Enter 0 to disable the periodical scan Output Power Set the output power of the Device If there is a high density of APs in an area decrease the output power to reduce interference with other APs Select one of the following 20 40 60 80 or 100 Beacon Interval When a wirelessly networked device sends a beacon it include...

Page 126: ... your Device might be reduced 802 11 Protection Enabling this feature can help prevent collisions in mixed mode networks networks with both IEEE 802 11b and IEEE 802 11g traffic Select Auto to have the wireless devices transmit data after a RTS CTS handshake This helps improve IEEE 802 11g performance Select Off to disable 802 11 protection The transmission rate of your Device might be reduced in ...

Page 127: ...Technical Reference This section discusses wireless LANs in depth For more information see Appendix D on page 339 7 10 1 Wireless Network Overview Wireless networks consist of wireless clients access points and bridges A wireless client is a radio connected to a user s computer An access point is a radio with a wired connection to a network which can connect with numerous wireless clients and let ...

Page 128: ...the AP Every wireless network must follow these basic guidelines Every device in the same wireless network must use the same SSID The SSID is the name of the wireless network It stands for Service Set IDentifier If two wireless networks overlap they should use a different channel Like radio stations or television channels each wireless network uses a specific channel or frequency to send and recei...

Page 129: ...he old Wired Equivalent Protocol WEP Using WEP is better than using no security at all but it will not keep a determined attacker out Other security standards are secure in themselves but can be broken if a user does not use them properly For example the WPA PSK security standard is very secure if you use a long key which is difficult for an attacker s software to guess for example a twenty letter...

Page 130: ...00A0C5000002 or 00 A0 C5 00 00 02 To get the MAC address for each device in the wireless network see the device s User s Guide or other documentation You can use the MAC address filter to tell the Device which devices are allowed or not allowed to use the wireless network If a device is allowed to use the wireless network it still has to have the correct information SSID channel and security If a ...

Page 131: ...commended that wireless networks use WPA PSK WPA or stronger encryption The other types of encryption are better than none at all but it is still possible for unauthorized wireless devices to figure out the original information pretty quickly When you select WPA2 or WPA2 PSK in your Device you can also select an option WPA compatible to support WPA as well In this case if some of the devices suppo...

Page 132: ...unicate with each other When Intra BSS traffic blocking is enabled wireless station A and B can still access the wired network but cannot communicate with each other Figure 43 Basic Service set 7 10 6 MBSSID Traditionally you need to use different APs to configure different Basic Service Sets BSSs As well as the cost of buying extra APs there is also the possibility of channel interference The Dev...

Page 133: ... preamble when all wireless devices on the network support it otherwise the Device uses long preamble Note The wireless devices MUST use the same preamble mode in order to communicate 7 10 8 Wireless Distribution System WDS The Device can act as a wireless network bridge and establish WDS Wireless Distribution System links with other APs You need to know the MAC addresses of the APs you want to li...

Page 134: ... the Device see Section 7 6 on page 122 3 Press the button on one of the devices it doesn t matter which For the Device you must press the WPS button for more than three seconds 4 Within two minutes press the button on the other device The registrar sends the network name SSID and security key through an secure connection to the enrollee If you need to make sure that WPS worked check the list of a...

Page 135: ...IN in the AP s configuration interface 5 If the client device s configuration interface has an area for entering another device s PIN you can either enter the client s PIN in the AP or enter the AP s PIN in the client it does not matter which 6 Start WPS on both devices within two minutes 7 Use the configuration utility to activate WPS not the push button on the device itself 8 On a computer conne...

Page 136: ...vice acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the registrar is already part of a network it sends the existi...

Page 137: ...at it is not part of an existing network and can act as either enrollee or registrar if it supports both functions If the registrar is unconfigured the security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has connected to another device using WPS it becomes configured A configured wireless client can still act as enrollee or registrar in subsequent WPS co...

Page 138: ... You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network In this case AP1 must be the registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 Figure 48 WPS Example Network S...

Page 139: ...o enrollees and one registrar you must set up the first enrollee by pressing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devices However you can still add non WPS devices to a network you already set up using WPS WPS works by automatically issuing a ra...

Page 140: ...f this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open the access point s configuration interface and look at the list of associated clients usually displayed by MAC address It does not matter if the access point is the WPS registrar the enrollee or was...

Page 141: ...8 2 on page 143 Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Section 8 3 on page 146 Use the UPnP screen to enable UPnP and UPnP NAT traversal on the Device Section 8 4 on page 148 Use the Additional Subnet screen to configure IP alias and public static IP Section 8 5 on page 149 Use the STB Vendor ID screen to have the ...

Page 142: ...you can access it RADVD Router Advertisement Daemon When an IPv6 host sends a Router Solicitation RS request to discover the available routers RADVD with Router Advertisement RA messages in response to the request It specifies the minimum and maximum intervals of RA broadcasts RA messages containing the address prefix IPv6 hosts can be generated with the IPv6 prefix an IPv6 address 8 1 2 2 About U...

Page 143: ...achieved UPnP certification from the Universal Plug and Play Forum UPnP Implementers Corp UIC ZyXEL s UPnP implementation supports Internet Gateway Device IGD 1 0 See Section 8 5 on page 149 for examples of installing and using UPnP Finding Out More See Section 8 10 on page 159 for technical background information on LANs 8 1 3 Before You Begin Find out the MAC addresses of your network devices if...

Page 144: ...k in dotted decimal notation for example 255 255 255 0 factory default Your Device automatically computes the subnet mask based on the IP Address you enter so do not change this field unless you are instructed to do so IGMP Snooping Status Select the Enable IGMP Snooping checkbox to allows the Device to passively learn multicast group IGMP Mode Select Standard Mode to have the Device forward multi...

Page 145: ...e the Static DNS service DNS Server 1 DNS Server 2 Enter the first and second DNS Domain Name System server IP address the Device passes to the DHCP clients LAN IPv6 Mode Setup IPv6 State Select Enable to activate the IPv6 mode and configure IPv6 settings on the Device LAN IPv6 Address Setup Delegate prefix from WAN Select this option to automatically obtain an IPv6 network prefix from the service...

Page 146: ...er and pass IPv6 addresses DNS server and domain name information to DHCPv6 clients stateful DHCPv6 relay The Device uses IPv6 stateful autoconfiguration DHCPv6 Relay is enabled to have the Device relay client DHCPv6 requests DHCPv6 Configuration DHCPv6 State This shows the status of the DHCPv6 IPv6 DNS Values IPv6 DNS Server 1 3 Select From ISP if your ISP dynamically assigns IPv6 DNS server info...

Page 147: ...ted to the Device MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal notation A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory This address follows an industry standard that ensures no other adapter has a similar address IP Address This field display...

Page 148: ...have the MAC Address and IP Address auto detected MAC Address If you select Manual Input enter the MAC address of a computer on your LAN IP Address If you select Manual Input enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 32 S...

Page 149: ...to install the UPnP in Windows Me 1 Click Start and Control Panel Double click Add Remove Programs 2 Click on the Windows Setup tab and select Communication in the Components selection box Click Details Add Remove Programs Windows Setup Communication Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 33 Network Setting Home Networking UPnP continued...

Page 150: ...Components 4 Click OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections 3 In the Network Connections window click Advanced in the main menu and select Optional Networking Components Networ...

Page 151: ...nal Networking Components Wizard 5 In the Networking Services window select the Universal Plug and Play check box Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next 8 6 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activate...

Page 152: ... discover Your UPnP enabled Network Device 1 Click Start and Control Panel Double click Network Connections An icon displays under Internet Gateway 2 Right click the icon and select Properties Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Internet Connection Properties ...

Page 153: ...Internet Connection Properties Advanced Settings Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6 Select Show icon in notification area when connected option and click OK An icon displays in the system tray System Tray Icon ...

Page 154: ...on Status Web Configurator Easy Access With UPnP you can access the web based configurator on the Device without finding out the IP address of the Device first This comes helpful if you do not know the IP address of the Device Follow the steps below to access the web configurator 1 Click Start and then Control Panel 2 Double click Network Connections ...

Page 155: ... Places under Other Places Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network 5 Right click on the icon for your Device and select Invoke The web configurator login screen displays Network Connections My Network Places ...

Page 156: ...ing VMG1312 B10A User s Guide 156 6 Right click on the icon for your Device and select Properties A properties window displays with basic information about the Device Network Connections My Network Places Properties Example ...

Page 157: ...ure 54 Network Setting Home Networking Additional Subnet The following table describes the labels in this screen Table 34 Network Setting Home Networking Additional Subnet LABEL DESCRIPTION IP Alias Setup Group Name Select the interface group name for which you want to configure the IP alias settings See Chapter 13 on page 207 for how to create a new interface group Active Select the checkbox to c...

Page 158: ...ndor ID to open this screen Figure 55 Network Setting Home Networking STB Vendor ID The following table describes the labels in this screen Offer Public IP by DHCP Select the checkbox to enable the Device to provide public IP addresses by DHCP server Enable ARP Proxy Select the checkbox to enable the ARP Address Resolution Protocol proxy Apply Click Apply to save your changes Cancel Click Cancel t...

Page 159: ...gs of downstream traffic before sending it out through this LAN port Unchange Don t do anything to the traffic s VLAN ID and priority tags Add Add VLAN ID and priority tags to untagged traffic Remove Delete one tag from tagged traffic If the frame has double tags this removes the outer tag This does not affect untagged traffic Remark Change the value of the outer VLAN ID and priority tags 802 1P M...

Page 160: ...mputer must be manually configured IP Pool Setup The Device is pre configured with a pool of IP addresses for the DHCP clients DHCP Pool See the product specifications in the appendices Do not assign static IP addresses from the DHCP pool to your LAN computers 8 10 3 DNS Server Addresses DNS Domain Name System maps a domain name to its corresponding IP address and vice versa The DNS server is extr...

Page 161: ...nnection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 and you must enable the Network Address Translation NAT feature of the Device The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select 1...

Page 162: ... Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Note Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Priv...

Page 163: ...outes most traffic from A to the Internet through the Device s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the LAN Figure 58 Example of Routing Topology 9 1 1 What You Can Do in this Chapter Use the Static Route screen to view and set...

Page 164: ...active A gray bulb signifies that this route is not active Name This is the name that describes or identifies this route Destination IP This parameter specifies the IP network address of the final destination Routing is always based on network number Subnet Mask This parameter specifies the IP network subnet mask of the final destination Gateway This is the IP address of the gateway The gateway is...

Page 165: ...e deactivate this static route Select this to enable the static route Clear this to disable this static route without having to delete the entry Route Name Enter a descriptive name for the static route IP Type Select whether your IP type is IPv4 or IPv6 Destination IP Address Enter the IPv4 or IPv6 network address of the final destination IP Subnet Mask If you are using IPv4 and need to specify a ...

Page 166: ...els in this screen Table 39 Network Setting Routing Policy Forwarding LABEL DESCRIPTION Add new Policy Forward Rule Click this to create a new policy forwarding rule This is the index number of the entry Policy Name This is the name of the rule Source IP This is the source IP address Source Subnet Mask his is the source subnet mask address Protocol This is the transport layer protocol Source Port ...

Page 167: ... LABEL DESCRIPTION Policy Name Enter a descriptive name of up to 8 printable English keyboard characters not including spaces Source IP Enter the source IP address Source Subnet Mask Enter the source subnet mask address Protocol Select the transport layer protocol TCP or UDP Source Port Enter the source port number Source MAC Enter the source MAC address WAN Select a WAN interface through which th...

Page 168: ...Chapter 9 Routing VMG1312 B10A User s Guide 168 ...

Page 169: ...kets assigned a high priority are processed more quickly than those with low priority if there is congestion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Voice over IP VoIP or Internet gaming and those for which jitter alone is a problem such ...

Page 170: ...e DiffServ is a new protocol and defines a new DS field which replaces the eight bit ToS Type of Service field in the IP header Tagging and Marking In a QoS class you can configure whether to add or change the DSCP DiffServ Code Point value IEEE 802 1p priority level and VLAN ID number in a matched packet When the packet passes through a compatible network the networking device such as a backbone ...

Page 171: ...algorithms Token Bucket Filter TBF Single Rate Two Color Maker srTCM and Two Rate Two Color Marker trTCM You can specify actions which are performed on the colored packets See Section 10 8 on page 182 for more information on each metering algorithm 10 3 The Quality of Service General Screen Click Network Setting QoS General to open the screen as shown next Use this screen to enable or disable QoS ...

Page 172: ...bandwidth for the LAN interfaces including WLAN that you want to allocate using QoS The recommendation is to set this speed to match the WAN interfaces actual transmission speed For example set the LAN managed downstream bandwidth to 100000 kbps if you use a 100 Mbps wired Ethernet WAN connection You can also set this number lower than the WAN interfaces actual transmission speed This will cause t...

Page 173: ...is queue is not active Name This shows the descriptive name of this queue Interface This shows the name of the Device s interface through which traffic in this queue passes Priority This shows the priority of this queue Weight This shows the weight of this queue Buffer Management This shows the queue management algorithm used for this queue Queue management algorithms determine how the Device shou...

Page 174: ...ld is read only if you are editing the queue Priority Select the priority level from 1 to 7 of this queue The smaller the number the higher the priority level Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if the network is congested Weight Select the weight from 1 to 8 of this queue If two queues have the same priority level the De...

Page 175: ...hether the classifier is active or not A yellow bulb signifies that this classifier is active A gray bulb signifies that this classifier is not active Class Name This is the name of the classifier Classification Criteria This shows criteria specified in this classifier for example the interface from which traffic of this class should come and the source MAC address of traffic that matches this cla...

Page 176: ... of Service QoS VMG1312 B10A User s Guide 176 10 5 1 Add Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to a classifier to open the following screen Figure 67 Class Setup Add Edit ...

Page 177: ... Type the mask for the specified MAC address to determine which bits a packet s MAC address should match Enter f for each bit of the specified source MAC address that the traffic s MAC address should match Enter 0 for the bit s of the matched traffic s MAC address which can be of any hexadecimal character s For example if you set the MAC address to 00 13 49 00 00 00 and the mask to ff ff ff 00 00 ...

Page 178: ...Ether Type field Select this option and select a priority level between 0 and 7 from the drop down list box 0 is the lowest priority level and 7 is the highest VLAN ID This field is available only when you select 802 1Q in the Ether Type field Select this option and specify a VLAN ID number TCP ACK This field is available only when you select IP in the Ether Type field If you select this option th...

Page 179: ...BEL DESCRIPTION Add new Policer Click this to create a new entry This is the index number of the entry Status This field displays whether the policer is active or not A yellow bulb signifies that this policer is active A gray bulb signifies that this policer is not active Name This field displays the descriptive name of this policer Regulated Classes This field displays the name of a QoS classifie...

Page 180: ...n the token bucket filter and identifies packets by comparing them to the Committed Information Rate CIR and the Peak Information Rate PIR Committed Rate Specify the committed rate When the incoming traffic rate of the member QoS classes is less than the committed rate the device applies the conforming action to the traffic Committed Burst Size Specify the committed burst size for packet bursts Th...

Page 181: ...e your changes Cancel Click Cancel to exit this screen without saving Table 47 Policer Setup Add Edit LABEL DESCRIPTION Table 48 Network Setting QoS Monitor LABEL DESCRIPTION Refresh Interval Enter how often you want the Device to update this screen Select No Refresh to stop refreshing statistics Interface Monitor This is the index number of the entry Name This shows the name of the interface on t...

Page 182: ...llows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going DSCP and Per Hop Behavior DiffServ defines a new Differentiated Services DS...

Page 183: ...e IP header There are eight classes of services ranging from zero to seven in IP precedence Zero is the lowest priority level and seven is the highest Automatic Priority Queue Assignment If you enable QoS on the Device the Device can automatically base on the IEEE 802 1p priority level IP precedence and or packet length to assign priority to traffic which does not match a class The following table...

Page 184: ...kens are available in the bucket In traffic policing Drops it Transmits it but adds a DSCP mark The Device may drop these marked packets if the network is overloaded Configure the bucket size to be equal to or less than the amount of the bandwidth that the interface can support It does not help if you set it to a bucket size over the interface s capability The smaller the bucket size the lower the...

Page 185: ...ned in RFC 2698 is a type of traffic policing that identifies packets by comparing them to two user defined rates the Committed Information Rate CIR and the Peak Information Rate PIR The CIR specifies the average rate at which packets are admitted to the network The PIR is greater than or equal to the CIR CIR and PIR values are based on the guaranteed and maximum bandwidth respectively as negotiat...

Page 186: ...Chapter 10 Quality of Service QoS VMG1312 B10A User s Guide 186 ...

Page 187: ...o configure a default server Section 11 5 on page 195 Use the ALG screen to enable and disable the NAT and SIP VoIP ALG in the Device Section 11 6 on page 196 Use the Address Mapping screen to configure the Device s address mapping settings Section 11 7 on page 196 11 1 2 What You Need To Know Inside Outside Inside outside denotes where a host is located relative to the Device for example the comp...

Page 188: ...erver The port number identifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports The most often used port num...

Page 189: ...r of the entry Status This field displays whether the NAT rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active Service Name This shows the service s name WAN Interface This shows the WAN interface through which the service is forwarded WAN IP This field displays the incoming packet s destination IP address Server IP Address This ...

Page 190: ...rt Forwarding Add Edit LABEL DESCRIPTION Active Clear the checkbox to disable the rule Select the check box to enable it Service Name Enter a name to identify this rule using keyboard characters A Z a z 1 2 and so on WAN Interface Select the WAN interface through which the service is forwarded You must have already configured a WAN connection with NAT enabled WAN IP Enter the WAN IP address for wh...

Page 191: ...ows the port number to which you want the Device to translate the incoming port For a range of ports enter the first number of the range to which you want the incoming ports translated Translation End Port This shows the last port of the translated port range Server IP Address Enter the inside IP address of the virtual server here Protocol Select the protocol supported by this virtual server Choic...

Page 192: ...ce records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol a trigger port When the Device s WAN port receives a response with a specific port number and protocol open port the Device forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service closes an...

Page 193: ... this screen to view your Device s trigger port settings Figure 77 Network Setting NAT Port Triggering The following table describes the labels in this screen Table 55 Network Setting NAT Port Triggering LABEL DESCRIPTION Add new rule Click this to create a new rule This is the index number of the entry Status This field displays whether the port triggering rule is active or not A yellow bulb sign...

Page 194: ... Proto This is the open transport layer protocol Modify Click the Edit icon to edit this rule Click the Delete icon to delete an existing rule Table 55 Network Setting NAT Port Triggering continued LABEL DESCRIPTION Table 56 Port Triggering Configuration Add Edit LABEL DESCRIPTION Active Select the check box to enable this rule Service Name Enter a name to identify this rule using keyboard charact...

Page 195: ...umber or the starting port number in a range of port numbers Open End Port Type a port number or the ending port number in a range of port numbers Open Protocol Select the transport layer protocol from TCP UDP or TCP UDP OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving Table 56 Port Triggering Configuration Add Edit continued LABEL DESCRIPTION Table 57 Networ...

Page 196: ...etwork Setting NAT ALG The following table describes the fields in this screen 11 7 The Address Mapping Screen Ordering your rules is important because the Device applies the rules in the order that you specify When a rule matches the current packet the Device takes the corresponding action and the remaining rules are ignored Click Network Setting NAT Address Mapping to display the following scree...

Page 197: ...Global Start IP This is the starting Inside Global IP Address IGA Enter 0 0 0 0 here if you have a dynamic IP address from your ISP You can only do this for the Many to One mapping type Global End IP This is the ending Inside Global IP Address IGA This field is blank for One to One and Many to One mapping types Type This is the address mapping type One to One This mode maps one local IP address to...

Page 198: ...do not change for the One to one NAT mapping type Many to One This mode maps multiple local IP addresses to one global IP address This is equivalent to SUA i e PAT port address translation the Device s Single User Account feature that previous routers supported only Many to Many This mode maps multiple local IP addresses to shared global IP addresses Local Start IP Enter the starting Inside Local ...

Page 199: ...e inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outside host is never changed The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP In addition you can designate servers for example a web server and a telnet server on your local network and make them accessible to the outsid...

Page 200: ...ired for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and then forwards it to the Internet The Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored The following figure illustrates...

Page 201: ...ers are shown in the following table Please refer to RFC 1700 for further information about port numbers Please also refer to the Supporting CD for more examples and details on port forwarding and NAT Table 62 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Finger 79 HTTP Hyper Text Transfer protoco...

Page 202: ...port 80 to another B in the example and assign a default server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 85 Multiple Servers Behind NAT Example D 192 168 1 36 192 168 1 1 IP address assigned by ISP A 192 168 1 33 B 192 168 1 34 C 192 168 1 35 ...

Page 203: ...uting table Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you in NetMeeting CU SeeMe etc You can also access your FTP server or Web site on your own computer using a domain name for instance myhost dhs org where myhost is a name of your choice that will never change instead of using an IP address that c...

Page 204: ...ynamic DNS 12 2 The DNS Entry Screen Use this screen to view and configure DNS routes on the Device Click Network Setting DNS to open the DNS Entry screen Figure 86 Network Setting DNS DNS Entry The following table describes the fields in this screen Table 63 Network Setting DNS DNS Entry LABEL DESCRIPTION Add new DNS entry Click this to create a new DNS entry This is the index number of the entry...

Page 205: ... 87 DNS Entry Add Edit The following table describes the labels in this screen 12 3 The Dynamic DNS Screen Use this screen to change your Device s DDNS Click Network Setting DNS Dynamic DNS The screen appears as shown Figure 88 Network Setting DNS Dynamic DNS Table 64 DNS Entry Add Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry IP Address Enter the IP address of the DNS entr...

Page 206: ... domain name assigned to your Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma Username Type your user name Password Type the password assigned to you Email If you select TZO in the Service Provider field enter the user name you used to register for this service Key If you select TZO in the Service Provider field enter the password you used...

Page 207: ...reate multiple networks on the Device Section 13 2 on page 207 13 2 The Interface Group Screen You can manually add a LAN interface to a new group Alternatively you can have the Device automatically add the incoming traffic and the LAN interface on which traffic is received to an interface group when its DHCP Vendor ID option information matches one listed for the interface group Use the LAN scree...

Page 208: ...uration Click the Add New Interface Group button in the Interface Group screen to open the following screen Use this screen to create a new interface group Table 66 Network Setting Interface Group LABEL DESCRIPTION Add New Interface Group Click this button to create a new interface group Group Name This shows the descriptive name of the group WAN Interface This shows the WAN interfaces in the grou...

Page 209: ...Interfaces Available LAN Interfaces Select one or more LAN interfaces Ethernet LAN HPNA or wireless LAN in the Available LAN Interfaces list and use the left arrow to move them to the Grouped LAN Interfaces list to add the interfaces to this group To remove a LAN or wireless LAN interface from the Grouped LAN Interfaces use the right facing arrow Automatically Add Clients With the following DHCP V...

Page 210: ... 67 Interface Group Configuration continued LABEL DESCRIPTION Table 68 Interface Grouping Criteria LABEL DESCRIPTION Source MAC Address Enter the source MAC address of the packet DHCP Option 60 Select this option and enter the Vendor Class Identifier Option 60 of the matched traffic such as the type of the hardware or firmware Enable wildcard on DHCP option 60 option Select this option to be able ...

Page 211: ...tifies the device in the DUID field DHCP Option 125 Select this and enter vendor specific information of the matched traffic Enterprise Number Enter the vendor s 32 bit enterprise number registered with the IANA Internet Assigned Numbers Authority Manufactur er OUI Specify the vendor s OUI Organization Unique Identifier It is usually the first three bytes of the MAC address Product Class Enter the...

Page 212: ...Chapter 13 Interface Group VMG1312 B10A User s Guide 212 ...

Page 213: ...are connected on a network and share resources such as a printer or files Windows automatically assigns the workgroup name when you set up a network Shares When settings are set to default each USB device connected to the Device is given a folder called a share If a USB hard drive connected to the Device has more than one partition then each partition will be allocated a share You can also configu...

Page 214: ...tocol is a set of communications protocols that most of the Internet runs on Port A port maps a network service such as http to a process running on your computer such as a process run by your web browser When traffic from the Internet is received on your computer the port number is used to identify which process running on your computer it is intended for Supported OSs Your operating system must ...

Page 215: ...e the Device is connected to your network and turned on 1 Connect the USB device to one of the Device s USB port Make sure the Device is connected to your network 2 The Device detects the USB device and makes its contents available for browsing If you are connecting a USB hard drive that comes with an external power supply make sure it is connected to an appropriate power source that is on Note If...

Page 216: ... all shares for everyone to play media files in the USB storage device connected to the Device Use hardware based media clients like the DMA 2500 to play the files Note Anyone on your network can play the media files in the published shares No user name and password or other form of security is used The media server is enabled by default with the video photo and music shares published To change yo...

Page 217: ...ur computer The computers on your network must have the printer software already installed before they can create a TCP IP port for printing via the network Follow your printer manufacturers instructions on how to install the printer software on your computer Note Your printer s installation instructions may ask that you connect the printer to your computer Connect your printer to the Device inste...

Page 218: ...g table describes the labels in this menu Table 71 Network Setting USB Service Print Server LABEL DESCRIPTION Printer Server Select Enable to have the Device share a USB printer Printer Name Enter the name of the printer Make and model Enter the manufacturer and model number of the printer Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings ...

Page 219: ...tiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 98 Default Firewall Action 15 1 1 What You Can Do in this Chapter Use the General screen to configure the security level of the firewall on the Device Section 15 2 on page 221 Use the Service screen to add or remove...

Page 220: ...resources The ZyXEL Device is pre configured to automatically detect and thwart all known DoS attacks DDoS A DDoS attack is one in which multiple compromised systems attack a single target thereby causing denial of service for users of the targeted system LAND Attack In a LAND attack hackers flood SYN packets into the network with a spoofed source IP address of the target system This makes it appe...

Page 221: ...ices and port numbers in the Service screen For a comprehensive list of port numbers and services visit the IANA Internet Assigned Number Authority website See Appendix F on page 361 for some examples Table 72 Security Firewall General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the Device Easy Select Easy to allow LAN to WAN and WAN to LAN packet directions Medium...

Page 222: ...e in the Service screen to display the following screen Figure 101 Service Add Edit Table 73 Security Firewall Service LABEL DESCRIPTION Add new service entry Click this to add a new service Name This is the name of your customized service Description This is the description of your customized service Ports Protocol Number This shows the IP protocol TCP UDP ICMP or TCP UDP and the port number or r...

Page 223: ...ce If you select Any the service is applied to all ports Type a single port number or the range of port numbers that define your customized service Protocol Number This field is displayed if you select Other as the protocol Enter the protocol number of your customized port Add Click this to add the protocol to the Rule List below Rule List Protocol This is the IP port TCP UDP ICMP or Other that de...

Page 224: ...e IP addresses to which this rule applies Please note that a blank source address is equivalent to Any Dst IP This displays the destination IP addresses to which this rule applies Please note that a blank destination address is equivalent to Any Service This displays the transport layer protocol that defines the service and the direction of traffic to which this rule applies Action This field disp...

Page 225: ... not including spaces underscores and dashes You must enter the filter name to add an ACL rule This field is read only if you are editing the ACL rule Order Select the order of the ACL rule Select Source Device Select the source device to which the ACL rule applies If you select Specific IP Address enter the source IP address in the field below Source IP Address Enter the source IP address Select ...

Page 226: ...s field is displayed only when you select Specific Protocol in Select Protocol Enter a single port number or the range of port numbers of the source Custom Destination Port This field is displayed only when you select Specific Protocol in Select Protocol Enter a single port number or the range of port numbers of the destination Policy Use the drop down list box to select whether to discard DROP de...

Page 227: ...this screen Table 77 Security Firewall DoS LABEL DESCRIPTION DoS Protection Blocking Select Enable to enable protection against DoS attacks Deny Ping Response Select Enable to block ping request packets Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving ...

Page 228: ...Chapter 15 Firewall VMG1312 B10A User s Guide 228 ...

Page 229: ...et device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC addresses of the devices to configure this screen 16 2 The MAC Filter Screen Use this screen to allow wireless and LAN clients access to the Device Click Security MAC Filter The screen appears a...

Page 230: ...will be denied access to the Device If you clear this the MAC Address field for this set clears Host name Enter the host name of the wireless or LAN clients that are allowed access to the Device MAC Address Enter the MAC addresses of the wireless or LAN clients that are allowed access to the Device in these address fields Enter the MAC addresses in a valid MAC address format that is six hexadecima...

Page 231: ... screen Figure 106 Security Parental Control The following table describes the fields in this screen Table 79 Security Parental Control LABEL DESCRIPTION Parental Control Select Enable to activate parental control Add new PCP Click this if you want to configure a new parental control rule This shows the index number of the rule Status This indicates whether the rule is active or not A yellow bulb ...

Page 232: ...rental Control Rule Add Edit Internet Access Schedule This shows the day s and time on which parental control is enabled Network Service This shows whether the network service is configured If not None will be shown Website Block This shows whether the website block is configured If not None will be shown Modify Click the Edit icon to go to the screen where you can edit the rule Click the Delete i...

Page 233: ...ting If you select Block the Device prohibits the users from viewing the Web sites with the URLs listed below If you select Allow the Device blocks access to all URLs except ones listed below Add new service Click this to show a screen in which you can add a new service rule You can configure the Service Name Protocol and Name of the new rule This shows the index number of the rule Select the chec...

Page 234: ...Chapter 17 Parental Control VMG1312 B10A User s Guide 234 ...

Page 235: ...een Figure 108 Security Scheduler Rules The following table describes the fields in this screen Table 81 Security Scheduler Rules LABEL DESCRIPTION Add new rule Click this to create a new rule This is the index number of the entry Rule Name This shows the name of the rule Day This shows the day s on which this rule is enabled Time This shows the period of time on which this rule is enabled Descrip...

Page 236: ...ble describes the fields in this screen Table 82 Scheduler Rules Add Edit LABEL DESCRIPTION Rule Name Enter a name up to 31 printable English keyboard characters not including spaces for this schedule Day Select check boxes for the days that you want the Device to perform this scheduler rule Time if Day Range Enter the time period of each day in 24 hour format during which parental control will be...

Page 237: ...save the certificates of trusted CAs to the Device Section 19 4 on page 241 19 2 What You Need to Know The following terms and concepts may help as you read through this chapter Certification Authority A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certi...

Page 238: ...ed that you give each certificate a unique name Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Issuer This field displays identifying information about the certificate s issuing certification a...

Page 239: ...dentify this certificate Common Name Select Auto to have the Device configure this field automatically Or select Customize to enter it manually Type the IP address in dotted decimal notation domain name or e mail address in the field provided The domain name or e mail address can be up to 63 ASCII characters The domain name or e mail address is for identification purposes only and can be any strin...

Page 240: ...ou create a certificate request and have it signed by a Certificate Authority in the Local Certificates screen click the certificate request s Load Signed icon to import the signed certificate into the Device Note You must remove any spaces from the certificate s filename before you can import it Figure 113 Load Signed Certificate ...

Page 241: ...Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 86 Security Certificates Trusted CA LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority that you trust to the Device This is the index number of the entry Name This field displays the name used to identify this certificate...

Page 242: ... the certificate ca means that a Certification Authority signed the certificate Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C Certificate This read only text box displays the certificate in Privacy Enhanced Mail PEM format PEM uses base 64 to convert the binary certificate into a print...

Page 243: ...Table 88 Trusted CA Import Certificate LABEL DESCRIPTION Certificate File Path Type in the location of the certificate you want to upload in this field or click Browse to find it Enable Trusted CA for 802 1x Authentication If you select this checkbox the trusted CA will be used for 802 1x authentication The selected trusted CA will be displayed in the Network Setting Broadband 802 1x Edit screen C...

Page 244: ...Chapter 19 Certificates VMG1312 B10A User s Guide 244 ...

Page 245: ...onsist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages A syslog enabled device can generate a syslog message and send it to a syslog server Syslog is def...

Page 246: ... level you have selected When you select a severity the Device searches through all logs of that severity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintenance L...

Page 247: ...h all logs of that severity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintenance Logs Setting screen This field is a sequential value and is not associated with...

Page 248: ...Chapter 20 Log VMG1312 B10A User s Guide 248 ...

Page 249: ... Can Do in this Chapter Use the WAN screen to view the WAN traffic statistics Section 21 2 on page 249 Use the LAN screen to view the LAN traffic statistics Section 21 3 on page 251 21 2 The WAN Status Screen Click System Monitor Traffic Status to open the WAN screen The figure in this screen shows the number of bytes received and sent on the Device Figure 119 System Monitor Traffic Status WAN ...

Page 250: ...indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface more hide more Click more to show more information Click hide more to hide them Disabled Interface This shows the name of the WAN interface that is currently disconnected Packets Sent Data This indicates the number of transmitted packets on this interfa...

Page 251: ...r WLAN interface Bytes Sent This indicates the number of bytes transmitted on this interface more hide more Click more to show more information Click hide more to hide them Interface This shows the LAN or WLAN interface Sent Packets Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop This i...

Page 252: ...Chapter 21 Traffic Status VMG1312 B10A User s Guide 252 ...

Page 253: ...s own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the device puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast address The replying device which is either the IP address of the device being sought or the router that knows the way replaces the broadcast address with the target ...

Page 254: ...Address This is the MAC address of the device with the listed IP address Device This is the type of interface used by the device You can click on the device type to go to its configuration screen Table 94 System Monitor ARP Table continued LABEL DESCRIPTION ...

Page 255: ...teway that helps forward this route s traffic Subnet Mask This indicates the destination subnet mask of this route Flag This indicates the route status U Up The route is up Reject The route is blocked and will force a route lookup to fail G Gateway The route uses a gateway to forward traffic H Host The target of the route is a host R Reinstate The route is reinstated for dynamic routing D Dynamic ...

Page 256: ... forward the route Interface This indicates the name of the interface through which the route is forwarded br0 indicates the LAN interface ptm0 indicates the WAN interface using IPoE or in bridge mode ppp0 indicates the WAN interface using PPPoE Table 95 System Monitor Routing Table continued LABEL DESCRIPTION ...

Page 257: ... System Monitor IGMP Group Status LABEL DESCRIPTION Interface This field displays the name of an interface on the Device that belongs to an IGMP multicast group Multicast Group This field displays the name of the IGMP multicast group to which the interface belongs Filter Mode INCLUDE means that only the IP addresses in the Source List get to receive the multicast group s traffic EXCLUDE means that...

Page 258: ...Chapter 24 IGMP Status VMG1312 B10A User s Guide 258 ...

Page 259: ...uide 259 CHAPTER 25 xDSL Statistics 25 1 The xDSL Statistics Screen Use this screen to view detailed DSL statistics Click System Monitor xDSL Statistics to open the following screen Figure 124 System Monitor xDSL Statistics ...

Page 260: ...his is the upstream and downstream interleave delay It is the wait in milliseconds that determines the size of a single block of data to be interleaved assembled and then transmitted Interleave delay is used when transmission error correction Reed Solomon is necessary due to a less than ideal telephone line The bigger the delay the bigger the data block size allowing better error correction to be ...

Page 261: ...undancy Checks ES This is the number of Errored Seconds meaning the number of seconds containing at least one errored block or at least one defect SES This is the number of Severely Errored Seconds meaning the number of seconds containing 30 or more errored blocks or at least one defect This is a subset of ES UAS This is the number of UnAvailable Seconds LOS This is the number of Loss Of Signal se...

Page 262: ...Chapter 25 xDSL Statistics VMG1312 B10A User s Guide 262 ...

Page 263: ...LABEL DESCRIPTION User Name This field displays the name of the account that you used to log in the system Old Password Type the default password or the existing password you use to access the system in this field New Password Type your new system password up to 30 characters Note that as you type a password the screen displays a for each character you type After you change the password use the ne...

Page 264: ...Chapter 26 User Account VMG1312 B10A User s Guide 264 ...

Page 265: ...cation through the following interfaces LAN WAN Trust Domain Note The Device is managed using the Web Configurator 27 2 The Remote MGMT Screen Use this screen to configure through which interface s users can use which service s to manage the Device Click Maintenance Remote MGMT to open the following screen Figure 126 Maintenance Remote MGMT ...

Page 266: ...ck box for the corresponding services that you want to allow access to the Device from the WAN Trust Domain Select the Enable check box for the corresponding services that you want to allow access to the Device from the Trust Domain Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Certifi...

Page 267: ...cedure Calls RPCs between an ACS and a client device RPCs are sent in Extensible Markup Language XML format over HTTP or HTTPS An administrator can use an ACS to remotely set up the Device modify settings perform firmware upgrades as well as monitor and diagnose the Device You have to enable the device to be managed by the ACS and specify the ACS IP address or domain name and username and password...

Page 268: ...re configured WAN connection s Display SOAP messages on serial console Select Enable to show the SOAP messages on the console Connection Request Authentication Select this option to enable authentication when there is a connection request from the ACS Connection Request User Name Enter the connection request user name When the ACS makes a connection request to the Device this user name is used to ...

Page 269: ... 064 compliant CPE management application on their computers from the LAN to discover the CPE and configure user specific parameters such as the username and password Click Maintenance TR 064 to open the following screen Figure 128 Maintenance TR 064 The following table describes the fields in this screen Table 101 Maintenance TR 064 LABEL DESCRIPTION State Select Enable to activate management via...

Page 270: ...Chapter 29 TR 064 VMG1312 B10A User s Guide 270 ...

Page 271: ...ted settings such as system time password name the domain name and the inactivity timeout interval 30 2 The Time Screen To change your Device s time and date click Maintenance Time The screen appears as shown Use this screen to configure the Device s time based on your local time zone Figure 129 Maintenance Time Setting ...

Page 272: ...the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States set the day to Second Sunday the month to March and the time to 2 in the Hour field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time...

Page 273: ...er 30 Time Settings VMG1312 B10A User s Guide 273 Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 102 Maintenance Time Setting continued LABEL DESCRIPTION ...

Page 274: ...Chapter 30 Time Settings VMG1312 B10A User s Guide 274 ...

Page 275: ...ove and add mail server information on the Device Figure 130 Maintenance Email Notification The following table describes the labels in this screen Table 103 Maintenance Email Notification LABEL DESCRIPTION Add New Email Click this button to create a new entry Mail Server Address This field displays the server name or the IP address of the mail server Username This field displays the user name of ...

Page 276: ...If this field is left blank reports logs or notifications will not be sent via e mail Authentication Username Enter the user name up to 32 characters This is usually the user name of a mail account you specified in the Account Email Address field Authentication Password Enter the password associated with the user name above Account Email Address Enter the e mail address that you want to be in the ...

Page 277: ...figure where the Device sends logs and which logs and or immediate alerts the Device records in the Logs Setting screen 32 2 The Log Settings Screen To change your Device s log settings click Maintenance Logs Setting The screen appears as shown Figure 132 Maintenance Logs Setting ...

Page 278: ...t via E mail System Log Mail Subject Type a title that you want to be in the subject line of the system log e mail message that the Device sends Security Log Mail Subject Type a title that you want to be in the subject line of the security log e mail message that the Device sends Send Log to The Device sends logs to the e mail address specified in this field If this field is left blank the Device ...

Page 279: ...m 192 168 1 131 To 192 168 1 255 default policy forward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 7 00 From 192 168 1 6 To 10 10 10 10 match forward 09 54 19 UDP src port 03516 dest port 00053 1 01 snip snip 126 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 00 UDP src port 00520 dest port 00520 1 02 127 Apr 7 00 From 192 168 1 131 To 192 168 1 255 match forward 10 05 ...

Page 280: ...Chapter 32 Logs Setting VMG1312 B10A User s Guide 280 ...

Page 281: ...col and may take up to two minutes After a successful upload the system will reboot Do NOT turn off the Device while firmware upload is in progress Figure 134 Maintenance Firmware Upgrade The following table describes the labels in this screen Table 106 Maintenance Firmware Upgrade LABEL DESCRIPTION Current Firmware Version This is the present Firmware version and the date created File Path Type i...

Page 282: ...y restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 136 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful the following screen will appear Click OK to go back to the Firmware Upgrade screen Figure 137 Erro...

Page 283: ...ing configuration appears in this screen as shown next Figure 138 Maintenance Configuration Backup Configuration Backup Configuration allows you to back up save the Device s current configuration to a file on your computer Once your Device is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup configur...

Page 284: ...Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 See Appendix A on page 299 for details on how to set up your computer s IP address If the upload was not successful the following screen will appear Click OK to go back to the Configuration scree...

Page 285: ...Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your Device Refer to Section 1 6 on page 25 for more information on the RESET button 34 3 The Reboot Screen System restart allows you to reboot the Device remotely without turning the power off You may need to do this if the Device hangs for example Click Maintenance Reboot Click Reboot to have t...

Page 286: ... Ping Test screen lets you send an ATM OAM Operation Administration and Maintenance packet to verify the connectivity of a specific PVC Section 35 5 on page 289 35 2 What You Need to Know The following terms and concepts may help as you read through this chapter How CFM Works A Maintenance Association MA defines a VLAN and associated Maintenance End Point MEP ports on the device under a Maintenanc...

Page 287: ... the fields in this screen Table 108 Maintenance Diagnostic Ping TraceRoute NsLookup LABEL DESCRIPTION URL or IP Address Type the IP address of a computer that you want to perform ping traceroute or nslookup in order to test a connection Ping Click this to ping the IP address that you entered TraceRoute Click this button to perform the traceroute function This determines the path a packet takes to...

Page 288: ...evice performs a CFM loopback test 802 1Q VLAN ID Type a VLAN ID 0 4095 for this MA VDSL Traffic Type This shows whether the VDSL traffic is activated Loopback Message LBM This shows how many Loop Back Messages LBMs are sent and if there is any inorder or outorder Loop Back Response LBR received from a remote MEP Linktrace Message LTM This shows the destination MAC address in the Link Trace Respon...

Page 289: ...tual channel VC level F4 cells use the same VPI as the user data cells on VP connections but use different predefined VCI values F5 cells use the same VPI and VCI as the user data cells on the VC connections and are distinguished from data cells by a predefinded Payload Type Identifier PTI in the cell header Both F4 flows and F5 flows are bidirectional and have two types segment F4 flows VCI 3 end...

Page 290: ... fields in this screen Table 110 Maintenance Diagnostic OAM Ping Test LABEL DESCRIPTION Select a PVC on which you want to perform the loopback test F4 segment Press this to perform an OAM F4 segment loopback test F4 end end Press this to perform an OAM F4 end to end loopback test F5 segment Press this to perform an OAM F5 segment loopback test F5 end end Press this to perform an OAM F5 end to end ...

Page 291: ...n on 1 Make sure the Device is turned on 2 Make sure you are using the power adaptor or cord included with the Device 3 Make sure the power adaptor or cord is connected to the Device and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the Device off and on 5 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure ...

Page 292: ...ion 1 6 on page 25 I forgot the password 1 The default admin password is 1234 2 If this does not work you have to reset the device to its factory defaults See Section 1 6 on page 25 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 8 2 on page 143 use the new I...

Page 293: ...I cannot log in to the Device 1 Make sure you have entered the password correctly The default admin password is 1234 The field is case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the Device Log out of the Device in the other session or ask the person who is logged in to log out 3 Turn the Device off and on 4 If this...

Page 294: ...ave the DSL WAN port connected to a telephone jack or the DSL or modem jack on a splitter if you have one 2 Make sure you configured a proper DSL WAN interface Network Setting Broadband screen with the Internet account information provided by your ISP and that it is enabled 3 Check that the LAN interface you are connected to is in the same interface group as the DSL connection Network Setting Inte...

Page 295: ... signal strength is low Reduce wireless interference that may be caused by other wireless networks or surrounding wireless electronics such as cordless phones Place the AP where there are minimum obstacles such as walls and ceilings between the AP and the wireless client Reduce the number of wireless clients connecting to the same AP simultaneously or add additional APs if necessary Try closing so...

Page 296: ... mostly used in business networks WEP Wired Equivalent Privacy WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private 36 5 USB Device Connection The Device fails to detect my USB device 1 Disconnect the USB device 2 Reboot the Device 3 If you are connecting a USB hard drive that comes with an external power supply ma...

Page 297: ... Troubleshooting VMG1312 B10A User s Guide 297 I cannot open special applications such as white board file transfer and video when I use the MSN messenger 1 Wait more than three minutes 2 Restart the applications ...

Page 298: ...Chapter 36 Troubleshooting VMG1312 B10A User s Guide 298 ...

Page 299: ...IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP addresses that place th...

Page 300: ...w click Add 2 Select Protocol and then click Add 3 Select Microsoft from the list of manufacturers 4 Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks 1 Click Add 2 Select Client and then click Add 3 Select Microsoft from the list of manufacturers 4 Select Client for Microsoft Networks from the list of network clients and then click OK 5 R...

Page 301: ... Address and Subnet Mask fields Figure 149 Windows 95 98 Me TCP IP Properties IP Address 3 Click the DNS Configuration tab If you do not know your DNS information select Disable DNS If you know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in Figure 150 Windows 95 98 Me TCP IP Properties DNS Configuration ...

Page 302: ...close the Network window Insert the Windows CD if prompted 7 Turn on your Device and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default gateway Windows 2000 NT XP The following example ...

Page 303: ... 303 2 In the Control Panel double click Network Connections Network and Dial up Connections in Windows 2000 NT Figure 152 Windows XP Control Panel 3 Right click Local Area Connection and then click Properties Figure 153 Windows XP Control Panel Network Connections Properties ...

Page 304: ...k Properties Figure 154 Windows XP Local Area Connection Properties 5 The Internet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields ...

Page 305: ...IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default me...

Page 306: ...perties 7 In the Internet Protocol TCP IP Properties window the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields ...

Page 307: ...se the Local Area Connection Properties window 10 Close the Network Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a n...

Page 308: ...ser s Guide 308 1 Click the Start icon Control Panel Figure 158 Windows Vista Start Menu 2 In the Control Panel double click Network and Internet Figure 159 Windows Vista Control Panel 3 Click Network and Sharing Center Figure 160 Windows Vista Network And Internet ...

Page 309: ...connections Figure 161 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then click Properties Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue Figure 162 Windows Vista Network and Sharing Center ...

Page 310: ...Figure 163 Windows Vista Local Area Connection Properties 7 The Internet Protocol Version 4 TCP IPv4 Properties window opens the General tab If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP address and fill in the IP address Subnet mask and Default gateway fields ...

Page 311: ... tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a de...

Page 312: ...roperties 9 In the Internet Protocol Version 4 TCP IPv4 Properties window the General tab Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields ...

Page 313: ...et Protocol Version 4 TCP IPv4 Properties window 11 Click Close to close the Local Area Connection Properties window 12 Close the Network Connections window 13 Turn on your Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connecti...

Page 314: ...tting up Your Computer s IP Address VMG1312 B10A User s Guide 314 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 167 Macintosh OS 8 9 Apple Menu ...

Page 315: ...IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Device in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu an...

Page 316: ...0 Macintosh OS X Network 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your Device in the Router address box 5 Click Apply Now and close the window 6 Turn on your Device and restart your computer if prompted Verifying Settings Check your TCP IP...

Page 317: ...e location may vary depending on your Linux distribution and release version Note Make sure you are logged in as the root administrator Using the K Desktop Environment KDE Follow the steps below to configure your computer IP address using the KDE 1 Click the Red Hat button located on the bottom left corner select System Setting and click Network Figure 171 Red Hat 9 0 KDE Network Configuration Dev...

Page 318: ...ain IP address settings with and select dhcp from the drop down list If you have a static IP address click Statically set IP Addresses and fill in the Address Subnet mask and Default Gateway Address fields 3 Click OK to save the changes and close the Ethernet Device General screen 4 If you know your DNS server IP address es click the DNS tab in the Network Configuration screen Enter the DNS server...

Page 319: ...0 is the name of the Ethernet card Open the configuration file with any plain text editor If you have a dynamic IP address enter dhcp in the BOOTPROTO field The following figure shows an example Figure 175 Red Hat 9 0 Dynamic IP Address Setting in ifconfig eth0 If you have a static IP address enter static in the BOOTPROTO field Type IPADDR followed by the IP address in dotted decimal notation and ...

Page 320: ...s Enter ifconfig in a terminal screen to check your TCP IP properties Figure 179 Red Hat 9 0 Checking TCP IP Properties nameserver 172 23 5 1 nameserver 172 23 5 2 root localhost init d network restart Shutting down interface eth0 OK Shutting down loopback interface OK Setting network parameters OK Bringing up loopback interface OK Bringing up interface eth0 OK root localhost ifconfig eth0 Link en...

Page 321: ...er and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the...

Page 322: ... 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist ...

Page 323: ...e As these two IP addresses cannot be used for individual hosts calculate the maximum number of possible hosts in a network as follows Notation Since the mask is always a continuous number of ones beginning from the left followed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually ...

Page 324: ... a maximum of 28 2 or 254 possible hosts The following figure shows the company network before subnetting Figure 181 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1...

Page 325: ...2 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask...

Page 326: ...ost ID 192 168 1 126 Table 117 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 118 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST O...

Page 327: ...MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 121 16 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382 3 255 255 22...

Page 328: ...our Device will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP...

Page 329: ...Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 183 Pop up Blocker Y...

Page 330: ...of the screen This disables any web pop up blockers you may have enabled Figure 184 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab ...

Page 331: ...G1312 B10A User s Guide 331 2 Select Settings to open the Pop up Blocker Settings screen Figure 185 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 ...

Page 332: ... Add to move the IP address to the list of Allowed sites Figure 186 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScripts are allowed ...

Page 333: ...lorer click Tools Internet Options and then the Security tab Figure 187 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default ...

Page 334: ...ck OK to close the window Figure 188 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected ...

Page 335: ...sions VMG1312 B10A User s Guide 335 5 Click OK to close the window Figure 189 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected ...

Page 336: ...ck OK to close the window Figure 190 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Click Tools then click Options in the screen that appears Figure 191 Mozilla Firefox Tools Options ...

Page 337: ...p up Windows JavaScripts and Java Permissions VMG1312 B10A User s Guide 337 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 192 Mozilla Firefox Content Security ...

Page 338: ...Appendix C Pop up Windows JavaScripts and Java Permissions VMG1312 B10A User s Guide 338 ...

Page 339: ...h is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 193 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client ...

Page 340: ... ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the imm...

Page 341: ...duce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using chan...

Page 342: ...ves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead...

Page 343: ...ireless clients access points and the wired network Wireless security methods available on the Device are data encryption wireless client authentication restricting access by device MAC address and hiding the Device identity The following figure shows the relative effectiveness of these wireless security methods available on your Device Note You must enable the same wireless security settings on t...

Page 344: ...and the server is the RADIUS server The RADIUS server handles the following tasks Authentication Determines the identity of the users Authorization Determines the network services available to authenticated users once they are connected to the network Accounting Keeps track of the client s network activity RADIUS is a simple package exchange in which your AP acts as a message relay between the wir...

Page 345: ...and a CA issues certificates and guarantees the identity of each certificate owner EAP MD5 Message Digest Algorithm 5 MD5 authentication is the simplest one way authentication method The authentication server sends a challenge to the wireless client The wireless client proves that it knows the password by encrypting the password with the challenge and sends back the information Password is not sen...

Page 346: ...e The AP maps a unique key that is generated with the RADIUS server This key expires when the wireless connection times out disconnects or reauthentication times out A new WEP key is generated each time reauthentication is performed If this feature is enabled it is not necessary to configure a default encryption key in the wireless security configuration screen You may still configure and store ke...

Page 347: ...ributed by the authentication server AES Advanced Encryption Standard is a block cipher that uses a 256 bit mathematical algorithm called Rijndael They both include a per packet key mixing function a Message Integrity Check MIC named Michael an extended initialization vector IV with sequencing rules and a re keying mechanism WPA and WPA2 regularly change and rotate the encryption keys so that the ...

Page 348: ...ion process again Pre authentication enables fast roaming by allowing the wireless client already connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA At the time of writing the most widely availabl...

Page 349: ...passwords into the AP and all wireless clients The Pre Shared Key PSK must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters including spaces and symbols 2 The AP checks each wireless client s password and allows it to join the network only if the password matches 3 The AP and wireless clients generate a common PMK Pairwise Master Key The key itself is not sent over the net...

Page 350: ...r 5GHz IEEE 802 11a is needed to communicate efficiently in a wireless LAN Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an indoor site each...

Page 351: ...ble to make circular overlapping coverage areas with multiple access points Directional antennas concentrate the RF signal in a beam like a flashlight does with the light from its bulb The angle of the beam determines the width of the coverage pattern Angles typically range from 20 degrees very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoor poin...

Page 352: ...Appendix D Wireless LANs VMG1312 B10A User s Guide 352 ...

Page 353: ... 0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length ...

Page 354: ...sts in a multicast group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 127 Predefined Multicast Address MULTICAST ADDRESS D...

Page 355: ...xample Identity Association An Identity Association IA is a collection of addresses assigned to a DHCP client through which the server and client can manage a set of related IP addresses Each IA must be associated with exactly one interface The DHCP client uses the IA assigned to an interface to obtain configuration from a DHCP server for that interface Each IA consists of a unique IAID and associ...

Page 356: ...e relay agent restarts Prefix Delegation Prefix delegation enables an IPv6 router to use the IPv6 prefix network address received from the ISP or a connected uplink router for its LAN The Device uses the received IPv6 prefix for example 2001 db2 48 to generate its LAN IP address Through sending Router Advertisements RAs regularly by multicast the Device passes the IPv6 prefix information to its LA...

Page 357: ...rectly without passing through a router If the address is unlink the address is considered as the next hop Otherwise the Device determines the next hop from the default router list or routing table Once the next hop IP address is known the Device looks into the neighbor cache to get the link layer address and sends the packet when the neighbor is reachable If the Device cannot find an entry in the...

Page 358: ...your network uses DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on you...

Page 359: ...from a DHCPv6 server Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 checkbox to enable it 3 Click OK to save the change ...

Page 360: ...r dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 16 100...

Page 361: ...pe of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation ...

Page 362: ...l a program to enable fast transfer of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used in e commerce ICMP User Defined 1 Internet Control Message Protocol is often used for diagnostic purposes I...

Page 363: ...GRE User Defined 47 PPTP Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the data channel RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login ROADRUNNER TCP UDP 1026 This is an ISP that provides services mainly for ...

Page 364: ...1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host s...

Page 365: ...mission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the following two conditions This device may not cause harmful interference This device must accept any interference received including interference that may cause undesired operations This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part ...

Page 366: ...備之干擾 本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用 減少電磁波影響 請妥適使用 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This device has been designed for the WLAN 2 4 GHz network throughout the EC region and Switzerland with restrictions in France Ce produit est conçu pour les bandes de fréquences 2 4 GHz et ou 5 GHz c...

Page 367: ... all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose MitraStar shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact MitraStar s Service Center for your Return Material Authorization number RMA Products must be returned Posta...

Page 368: ...Appendix G Legal Information VMG1312 B10A User s Guide 368 ...

Page 369: ...erver see ACS 267 B backup configuration 283 Basic Service Set See BSS 339 Basic Service Set see BSS blinking LEDs 24 Broadband 85 broadcast 107 BSS 132 339 example 132 C CA 237 345 Canonical Format Indicator See CFI CCMs 286 certificate factory default 238 Certificate Authority See CA certificates 237 authentication 237 CA creating 239 public key 237 replacing 238 storage space 238 Certification ...

Page 370: ... DoS 220 DS field 182 DS dee differentiated services DSCP 182 dynamic DNS 203 wildcard 204 Dynamic Host Configuration Protocol see DHCP dynamic WEP key exchange 346 DYNDNS wildcard 204 E EAP Authentication 345 ECHO 201 e mail log example 278 Encapsulation 103 MER 103 PPP over Ethernet 103 encapsulation 86 RFC 1483 103 encryption 131 347 ESS 340 Extended Service Set IDentification 112 119 Extended ...

Page 371: ...ddress Assignment 106 IP alias NAT applications 201 IPv6 87 353 addressing 87 107 353 EUI 64 355 global address 354 interface ID 355 link local address 353 Neighbor Discovery Protocol 353 ping 353 prefix 87 107 353 prefix delegation 88 prefix length 87 107 353 unspecified address 354 ISP 86 iTunes server 216 L LAN 141 and USB printer 217 client list 146 DHCP 142 160 DNS 142 160 IP address 142 143 ...

Page 372: ...LG 196 activation 196 NAT example 202 Network Address Translation see NAT Network Address Translation see NAT Network Map 81 network map 30 NNTP 201 P Pairwise Master Key PMK 347 349 passwords 27 28 PBC 134 Peak Cell Rate PCR 104 Per Hop Behavior see PHB 183 PHB 183 PIN WPS 134 example 136 Ping of Death 220 Point to Point Tunneling Protocol 201 POP3 201 port forwarding 188 ports 24 PPP over Ethern...

Page 373: ...control 265 Service Set 112 119 Services 201 setup firewalls 221 static route 102 165 205 Single Rate Three Color Marker see srTCM SIP ALG 196 activation 196 SMTP 201 SNMP 201 SNMP trap 201 SPI 220 srTCM 184 SSID 130 activation 118 MBSSID 132 static route 163 275 configuration 102 165 205 example 163 static VLAN status 81 firmware version 83 LAN 83 WAN 83 wireless LAN 83 status indicators 24 subne...

Page 374: ...us 83 Wide Area Network see WAN 85 warranty note 367 WDS 123 133 compatibility 123 example 133 web configurator 27 login 27 passwords 27 28 WEP 131 WEP Encryption 114 115 WEP encryption 113 WEP key 113 Wi Fi Protected Access 347 wireless client WPA supplicants 348 Wireless Distribution System see WDS wireless LAN 109 127 authentication 129 130 BSS 132 example 132 channel 128 encryption 131 example...

Page 375: ...48 vs WPA PSK 347 wireless client supplicant 348 with RADIUS application example 348 WPA2 347 user authentication 348 vs WPA2 PSK 347 wireless client supplicant 348 with RADIUS application example 348 WPA2 Pre Shared Key 347 WPA2 PSK 347 application example 349 WPA PSK 131 347 application example 349 WPS 133 136 example 137 limitations 139 PIN 134 example 136 push button 26 134 ...

Page 376: ...VMG1312 B10A User s Guide 376 Index ...

Page 377: ...Index VMG1312 B10A User s Guide 377 ...

Page 378: ...VMG1312 B10A User s Guide 378 Index ...

Reviews:

No comments

Related manuals for VWG1312-B10A

Salus G30 Installer Manual preview
G30
Brand: Salus Pages: 2
DAE CC2030 Installation Manual preview
CC2030
Brand: DAE Pages: 2
Quantum StorNext G300 R520 Hardware Manual preview
StorNext G300 R520
Brand: Quantum Pages: 52
BURG WATCHER TSE 5001 Assembly And User'S Manual preview
TSE 5001
Brand: BURG WATCHER Pages: 21
Motorola NC800 User Manual preview
NC800
Brand: Motorola Pages: 28
Motorola Netopia 2200 User Manual preview
Netopia 2200
Brand: Motorola Pages: 351
Motorola SURFboard eXtreme SBG6782-AC Quick Start Manual preview
SURFboard eXtreme SBG6782-AC
Brand: Motorola Pages: 2
Siemens SIMATIC IOT2020 Quick Install Manual preview
SIMATIC IOT2020
Brand: Siemens Pages: 2
Siemens SIMATIC IOT Gateway MQTT Installation Quick Manual preview
SIMATIC IOT Gateway MQTT
Brand: Siemens Pages: 2
Siemens MindConnect Nano Quick Start preview
MindConnect Nano
Brand: Siemens Pages: 2
Siemens Instabus/DALI Gateway N 141 Technical Product Information preview
Instabus/DALI Gateway N 141
Brand: Siemens Pages: 5
Siemens SIMATIC IOT2050 Product Information preview
SIMATIC IOT2050
Brand: Siemens Pages: 25
Siemens GAMMA 5WG1 143-1AB01 Operating And Mounting Instructions preview
GAMMA 5WG1 143-1AB01
Brand: Siemens Pages: 2
Siemens DCW1151 Installation Manual preview
DCW1151
Brand: Siemens Pages: 6
Siemens Gigaset SE567 Quick Start Manual preview
Gigaset SE567
Brand: Siemens Pages: 8
Siemens DESIGO RXC Manual preview
DESIGO RXC
Brand: Siemens Pages: 20
Siemens SIMATIC PN/M-Bus LINK Operating Instructions Manual preview
SIMATIC PN/M-Bus LINK
Brand: Siemens Pages: 62
Siemens HiPath HG 1500 Service Manual preview
HiPath HG 1500
Brand: Siemens Pages: 43

Brands by name

Popular brands

Load more brands