ZyXEL Communications AMG1302-T10A Скачать руководство пользователя

Страница: 151 / 332

Chapter 10 Firewalls

AMG1302-T10A User’s Guide

151

Once these questions have been answered, adding rules is simply a matter of entering the

information into the correct fields in the web configurator screens.

10.4.4 Triangle Route

When the firewall is on, your Device acts as a secure gateway between your LAN and the Internet.

In an ideal network topology, all incoming and outgoing network traffic passes through the Device

to protect your LAN against attacks.

Figure 82

Ideal Firewall Setup

10.4.4.1 The “Triangle Route” Problem

A traffic route is a path for sending or receiving data packets between two Ethernet devices. You

may have more than one connection to the Internet (through one or more ISPs). If an alternate

gateway is on the LAN (and its IP address is in the same subnet as the Device’s LAN IP address),

the “triangle route” (also called asymmetrical route) problem may occur. The steps below describe

the “triangle route” problem.

A computer on the LAN initiates a connection by sending out a SYN packet to a receiving server on

the WAN.

The Device reroutes the SYN packet through Gateway

on the LAN to the WAN.

The reply from the WAN goes directly to the computer on the LAN without going through the

Device.

As a result, the Device resets the connection, as the connection has not been acknowledged.

Figure 83

“Triangle Route” Problem

WAN

LAN

WAN

LAN

ISP 1

ISP 2

Содержание AMG1302-T10A

Страница 1: ...less N ADSL2 4 port Gateway IMPORTANT READ CAREFULLY BEFORE USE KEEP THIS GUIDE FOR FUTURE REFERENCE Copyright 2012 ZyXEL Communications Corporation Version 1 00 Edition 1 2 2012 Default Login Details LAN IP Address https 192 168 1 1 Password 1234 ...

Страница 2: ...g system versions or if you installed updated firmware software for your device Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick S tart Guide The Quick Start Guide shows how to connect the Device and access the Web Configurator wizards See the wizard real time help for information on configuring each screen It also contains a connecti...

Страница 3: ...e 53 Internet Setup Wizard 55 WAN Setup 69 LAN Setup 85 Wireless LAN 97 Network Address Translation NAT 127 Firewalls 141 Filters 153 Static Route 159 Port Binding 163 PVID Setting 167 Quality of Service QoS 169 Dynamic DNS Setup 177 Remote Management 179 Universal Plug and Play UPnP 187 CWMP 199 System Settings 203 Logs 207 Tools 217 Diagnostic 223 Troubleshooting 227 ...

Страница 4: ...Contents Overview AMG1302 T10A User s Guide 4 ...

Страница 5: ...t Access 16 1 5 Wireless Access 16 1 5 1 Using the WPS WLAN Button 17 1 6 LEDs Lights 18 1 7 The RESET Button 19 1 7 1 Using the Reset Button 19 Chapter 2 The Web Configurator 21 2 1 Overview 21 2 1 1 Accessing the Web Configurator 21 2 2 The Main Screen 23 2 2 1 Title Bar 23 2 2 2 Navigation Panel 24 2 2 3 Main Window 25 2 2 4 Status Bar 26 Chapter 3 Status Screens 27 3 1 Overview 27 3 2 The Stat...

Страница 6: ...ctions 48 4 7 2 Configuring Port Binding 51 Part II Technical Reference 53 Chapter 5 Internet Setup Wizard 55 5 1 Overview 55 5 2 Internet Access Wizard Setup 55 5 2 1 Manual Configuration 58 5 3 Wireless Connection Wizard Setup 63 5 3 1 Manually Assign a WPA PSK key 66 5 3 2 Manually Assign a WEP Key 66 Chapter 6 WAN Setup 69 6 1 Overview 69 6 1 1 What You Can Do in the WAN Screens 69 6 1 2 What ...

Страница 7: ...he LAN IP Alias Screen 91 7 6 The IPv6 Screen 92 7 7 LAN Technical Reference 93 7 7 1 LANs WANs and the Device 93 7 7 2 DHCP Setup 93 7 7 3 DNS Server Addresses 94 7 7 4 LAN TCP IP 94 7 7 5 RIP Setup 95 7 7 6 Multicast 96 Chapter 8 Wireless LAN 97 8 1 Overview 97 8 1 1 What You Can Do in the Wireless LAN Screens 97 8 1 2 What You Need to Know About Wireless 98 8 1 3 Before You Start 98 8 2 The AP ...

Страница 8: ...t Forwarding Screen 129 9 3 1 Configuring the Port Forwarding Screen 130 9 3 2 The Port Forwarding Rule Edit Screen 132 9 4 The Address Mapping Screen 133 9 4 1 The Address Mapping Rule Edit Screen 134 9 5 The ALG Screen 135 9 6 NAT Technical Reference 136 9 6 1 NAT Definitions 136 9 6 2 What NAT Does 137 9 6 3 How NAT Works 137 9 6 4 NAT Application 138 9 6 5 NAT Mapping Types 138 Chapter 10 Fire...

Страница 9: ...Route Screens 160 12 2 The Static Route Screen 160 12 2 1 Static Route Edit 161 Chapter 13 Port Binding 163 13 1 Overview 163 13 1 1 What You Can Do in the Port Binding Screens 164 13 2 The Port Binding Screen 164 13 2 1 Port Binding Summary screen 165 Chapter 14 PVID Setting 167 14 1 Overview 167 14 1 1 What You Can Do in the pvid Setting Screen 167 14 1 2 What You Need to Know About 802 1Q 167 1...

Страница 10: ...WW Screen 181 17 2 1 Configuring the WWW Screen 181 17 3 The Telnet Screen 181 17 4 The FTP Screen 182 17 5 The SNMP Screen 183 17 5 1 Configuring SNMP 184 17 6 The DNS Screen 185 17 7 The ICMP Screen 185 Chapter 18 Universal Plug and Play UPnP 187 18 1 Overview 187 18 1 1 What You Can Do in the UPnP Screen 187 18 1 2 What You Need to Know About UPnP 187 18 2 The UPnP Screen 188 18 3 Installing UP...

Страница 11: ...een 221 Chapter 23 Diagnostic 223 23 1 Overview 223 23 1 1 What You Can Do in the Diagnostic Screens 223 23 2 The General Screen 223 23 3 The DSL Line Screen 224 Chapter 24 Troubleshooting 227 24 1 Power Hardware Connections and LEDs 227 24 2 Device Access and Login 228 24 3 Internet Access 229 Appendix A Setting up Your Computer s IP Address 231 Appendix B IP Addresses and Subnetting 251 Appendix...

Страница 12: ...Table of Contents AMG1302 T10A User s Guide 12 ...

Страница 13: ...13 PART I User s Guide ...

Страница 14: ...14 ...

Страница 15: ...s are mostly used for troubleshooting by service engineers FTP for firmware upgrades and configuration backup restore TR 069 This is an auto configuration server used to remotely configure your device 1 3 Good Habits for Managing the Device Do the following things regularly to make the Device more secure and to manage the Device more effectively Change the password Use a password that s easy to gu...

Страница 16: ...that probes from the outside to your network are allowed but you can safely browse the Internet and download files Use the filtering feature to block access to specific web sites or Internet applications such as MSN or Yahoo Messenger You can also configure IP MAC filtering rules for incoming or outgoing traffic Use QoS to efficiently manage traffic on your network by giving priority to certain ty...

Страница 17: ... green the wireless network is active You can also use the WPS WLAN button to quickly set up a secure wireless connection between the Device and a WPS compatible client by adding one device at a time To activate WPS 1 Make sure the POWER LED is on and blinking 2 Press the WPS WLAN button for five to ten seconds and release it 3 Press the WPS button on another WPS enabled device within range of the...

Страница 18: ...g data to from the LAN Off The Device does have an Ethernet connection with the LAN WPS WLAN Green On The wireless network is activated Blinking The Device is communicating with other wireless clients Red Blinking The Device is setting up a WPS connection Off The wireless network is activated DSL Green On The DSL line is up Blinking The Device is initializing the DSL line Off The DSL line is down ...

Страница 19: ...uration file This means that you will lose all configurations that you had previously and the password will be reset to 1234 1 7 1 Using the Reset Button 1 Make sure the POWER LED is on blinking 2 To set the device back to the factory default settings press the RESET button for ten seconds or until the POWER LED begins to blink and then release it When the POWER LED begins to blink the defaults ha...

Страница 20: ...Chapter 1 Introduction AMG1302 T10A User s Guide 20 ...

Страница 21: ...ce Pack 2 JavaScripts enabled by default Java permissions enabled by default See Appendix C on page 259 if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Configurator 1 Make sure your Device hardware is properly connected refer to the Quick Start Guide 2 Launch your web browser 3 Type 192 168 1 1 as the URL 4 A password screen displays To access the ...

Страница 22: ...to proceed to the main menu if you do not want to change the password now Figure 5 Change Password Screen 6 Select Go to Wizard setup and click Apply to display the wizard main screen Otherwise select Go to Advanced setup and click Apply to display the Status screen Figure 6 Replace Factory Default Certificate Screen Note For security reasons the Device automatically logs you out if you do not use...

Страница 23: ...ide 23 2 2 The Main Screen Figure 7 Main Screen As illustrated above the main screen is divided into these parts A title bar B navigation panel C main window D status bar 2 2 1 Title Bar The title bar provides some icons in the upper right corner B C D A ...

Страница 24: ...nd DNS server Client List Use this screen to view current DHCP client information and to always assign specific IP addresses to individual MAC addresses and host names IP Alias Use this screen to partition your LAN interface into subnets IPv6 Use this screen to configure the IPv6 settings on the Device s LAN interface Wireless LAN AP Use this screen to configure the wireless LAN settings and WLAN ...

Страница 25: ...e the Device FTP Use this screen to configure through which interface s and from which IP address es users can use FTP to access the Device SNMP Use this screen to configure through which interface s and from which IP address es users can access the SNMP agent on the Device DNS Use this screen to configure through which interface s and from which IP address es users can send DNS queries to the Dev...

Страница 26: ... s Guide 26 Right after you log in the Status screen is displayed See Chapter 3 on page 27 for more information about the Status screen 2 2 4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated ...

Страница 27: ...Screens 3 1 Overview Use the Status screens to look at the current status of the device system resources and interfaces LAN and WAN The Status screen also provides detailed information from DHCP and statistics from bandwidth management and traffic ...

Страница 28: ...ate this screen Apply Click this to update this screen immediately Device Information Host Name This field displays the Device system name It is used for identification Model Number This is the model name of your device MAC Address This is the MAC Media Access Control or Ethernet address unique to your Device ZyNOS Firmware Version This is the current version of the firmware inside the device Clic...

Страница 29: ...o to the screen where you can change it IP Subnet Mask This is the current subnet mask in the LAN DHCP This field displays what DHCP services the Device is providing to the LAN Choices are Server The Device is a DHCP server in the LAN It assigns IP addresses to other computers in the LAN Relay The Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote serv...

Страница 30: ... memory usage does get close to 100 the Device is probably becoming unstable and you should restart the device See Section 22 4 on page 221 or turn off the device unplug the power for a few seconds Interface Status Interface This column displays each interface the Device has Status This field indicates whether or not the Device is using the interface For the DSL interface this field displays Down ...

Страница 31: ...mas wants to set up a wireless network so that he can use his notebook to access the Internet In this wireless network the Device serves as an access point AP and the notebook is the wireless client The wireless client can access the Internet through the AP Thomas has to configure the wireless network settings on the Device Then he can set up a wireless network using WPS Section 4 2 2 on page 33 o...

Страница 32: ...see page 31 Click Apply 2 Click the Advanced Setup button and select 802 11b g n in the 802 11 Mode field Click Apply Thomas can now use the WPS feature to establish a wireless connection between his notebook and the Device see Section 4 2 2 on page 33 He can also use the notebook s wireless client to search for the Device see Section 4 2 3 on page 36 ...

Страница 33: ...within the cover range of the wireless signal 2 Make sure that you have installed the wireless client driver and utility in your notebook 3 In the wireless client utility go to the WPS setting page Enable WPS and press the WPS button Start or WPS button 4 Push and hold the WPS button located on the Device s rear panel for more than 5 seconds Alternatively you may log into Device s web configurator...

Страница 34: ...nt Example WPS Process PBC Method PIN Configuration When you use the PIN configuration method you need to use both the Device s web configurator and the wireless client s utility 1 Launch your wireless client s configuration utility Go to the WPS settings and select the PIN method to get a PIN number Wireless Client Device SECURITY INFO COMMUNICATION WITHIN 2 MINUTES Press and hold for 5 seconds ...

Страница 35: ...Start buttons or the button next to the PIN field on boththe wireless client utility screen and the Device s WPS Station screen within two minutes The Device authenticates the wireless client and sends the proper configuration settings to the wireless client This may take up to two minutes The wireless client is then able to communicate with the Device securely ...

Страница 36: ...lient by using PIN method Example WPS Process PIN Method 4 2 3 Without WPS Use the wireless adapter s utility installed on the notebook to search for the Example SSID Then enter the DoNotStealMyWirelessNetwork pre shared key to establish an wireless Internet connection Authentication by PIN SECURITY INFO WITHIN 2 MINUTES Wireless Client Device COMMUNICATION ...

Страница 37: ...ss adapter supports one of these standards 4 2 4 Setting Up Wireless Network Scheduling Thomas mostly uses his notebook to access the Internet on weekends occasionally he uses it at night on weekdays Here is how Thomas can set up a schedule to turn on the wireless network at specific time and days 1 Click Network Wireless Network Scheduling to open the following screen ...

Страница 38: ...days Click Apply 4 3 Configuring the MAC Address Filter Thomas iced that his daughter Josephine spends too much time surfing the web and downloading media files He decided to prevent Josephine from accessing the Internet so that she can concentrate on preparing for her final exams Josephine s computer connects wirelessly to the Internet through the Device Thomas can deny access to the wireless net...

Страница 39: ... T10A User s Guide 39 1 Click Network LAN Client List to open the following screen Look for the MAC address of Josephine s computer 2 Click Network Wireless LAN to open the AP screen Click the Edit button in the MAC Filter field ...

Страница 40: ...ic flowing directions you may connect a router to the Device s LAN The router may be used to separate two department networks This tutorial shows how to configure a static routing rule for two network routings In the following figure router R is connected to the Device s LAN R connects to two networks N1 192 168 1 x 24 and N2 192 168 10 x 24 If you want to send traffic from computer A in N1 networ...

Страница 41: ... R routes the traffic to B This tutorial uses the following example IP settings To configure a static route to route traffic from N1 to N2 1 Log into the Device s Web Configurator in advanced mode 2 Click Advanced Static Route Table 5 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The Device s WAN 172 16 1 1 The Device s LAN 192 168 1 1 A 192 168 1 34 R s N1 192 168 1 253 R s N2 192 168 1...

Страница 42: ...teway IP Address field 4a Click Apply Now B should be able to receive traffic from A You may need to additionally configure B s firewall settings to allow specific traffic to pass through 4 5 Multiple Public and Private IP Address Mappings If your ISP gives you more than one static IP address for your Internet access you can map each IP address for a specific service This tutorial assumes you are ...

Страница 43: ...our applications can use random public IP addresses and the applications are initiated from the Intranet computers A and B For example VoIP application See Section 4 5 2 on page 44 if it is not To configure this 1 Click Network NAT 2 Select Active Network Address Translation NAT and Full Feature in the General screen Click Apply Table 6 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The D...

Страница 44: ... IP addresses 192 168 1 2 192 168 1 3 Global IP addresses 172 16 1 253 172 16 1 254 Then click Apply 4 5 2 Full Feature NAT One to One Mapping Use this setting if your applications must use fixed public IP addresses and the applications can be initiated either from the Intranet computers A and B or the Internet computer C For example gaming application To configure this setting 1 Click Network NAT...

Страница 45: ...ule 4 Configure two rules for the one to one mappings Rule 1 This maps the public IP address 172 16 1 253 to the private IP address 192 168 1 2 Type One to One Local Start IP 192 168 1 2 Global Start IP 172 16 1 253 Rule 2 This maps the public IP address 172 16 1 254 to the private IP address 192 168 1 3 Type One to One Local Start IP 192 168 1 3 Global Start IP 172 16 1 254 Click Apply on each of...

Страница 46: ...the Internet 1 Click Security Firewall Rules 2 Select WAN to LAN in the Packet Direction field Figure 9 Firewall Example Rules 3 In the Rules screen select the index number after which you want to add the rule For example if you select 6 your new rule becomes number 7 and the previous rule 7 if there is one becomes rule 8 4 Click Add to display the firewall rule configuration screen ...

Страница 47: ...it Configure the Source and Destination Addresses as follows and click Add for each In the Available Services menu select SSH TCP UDP 22 and click Add Click Apply Figure 10 Firewall Example Edit Rule On completing the configuration procedure for this Internet firewall rule the Rules screen should look like the following ...

Страница 48: ...WAN PVCs for time sensitive VoIP traffic and non time sensitive data traffic 4 7 1 Configuring ATM QoS for Multiple WAN Connections This example shows an application for multiple WAN connections with different ATM QoS Settings More than one WAN connection on the Device may be configured to record traffic statistics or calculate service charges Three WAN connections are configured over the ADSL lin...

Страница 49: ...Chapter 4 Tutorials AMG1302 T10A User s Guide 49 2 To configure bandwidth for the data connection select UBR in the ATM QoS Type field Click Apply to save the settings ...

Страница 50: ...M QoS Type field and enter the Peak Cell Rate as 943 divide the bandwidth 400000 bps by 424 Click Apply to save the settings Configured WAN connections can be viewed by clicking the More Connections tab under Network WAN See the WAN Setup chapter Chapter 6 on page 89 for more information on configuring WAN connections and ATM QoS settings ...

Страница 51: ...port binding screen by clicking Advanced Port Binding and select Activated to turn on the port binding feature Specify the Group Index and select the ports to include in the port binding group Click Apply to save the settings The configured groups can be viewed by clicking the Port Binding Summary button See the Port Binding chapter Chapter 14 on page 195 for more details on configuring port bindi...

Страница 52: ...Chapter 4 Tutorials AMG1302 T10A User s Guide 52 ...

Страница 53: ...53 PART II Technical Reference ...

Страница 54: ...54 ...

Страница 55: ...on given to you by your ISP Note See the advanced menu chapters for background information on these fields 5 2 Internet Access Wizard Setup 1 After you enter the password to access the web configurator select Go to Wizard setup and click Apply Otherwise click the wizard icon in the top right corner of the web configurator to go to the wizards Figure 12 Select a Mode ...

Страница 56: ... Check your hardware connections and click Restart the INTERNET WIRELESS SETUP Wizard to return to the wizard welcome screen If you still cannot connect click Manually configure your Internet connection Follow the directions in the wizard and enter your Internet setup information as provided to you by your ISP See Section 5 2 1 on page 58 for more details If you would like to skip your Internet se...

Страница 57: ... or service name exactly as provided by your ISP Then click Next and see Section 5 3 on page 63 for wireless connection wizard setup Figure 15 Auto Detection PPPoE 3c The following screen appears if the Device detects a connection but not the connection type Click Next and refer to Section 5 2 1 on page 58 on how to manually configure the Device for Internet access Figure 16 Auto Detection Failed ...

Страница 58: ...you more than one IP address and you want the connected computers to get individual IP address from ISP s DHCP server directly If you select Bridge you cannot use Firewall DHCP server and NAT on the Device Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop down list box Choices vary depending on what you select in the Mode field If you select Bridge in the Mode f...

Страница 59: ...ntinue See Section 5 3 on page 63 for wireless connection wizard setup Figure 18 Internet Connection with PPPoE Back Click this to return to the previous screen without saving Next Click this to continue to the next wizard screen The next wizard screen you see depends on what protocol you chose above Exit Click this to close the wizard screen without saving Table 8 Internet Access Wizard Setup ISP...

Страница 60: ...ser name exactly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password Enter the password associated with the user name above Service Name Type the name of your PPPoE service here Back Click this to return to the previous screen without saving Apply Click this to save your changes Exit Click this ...

Страница 61: ...AP Table 10 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field Type your ISP assigned IP address in this field Back Click this to return to the previous screen without saving Next Click this to continue to the next wizard screen Exit Click this to close the wizard screen without saving ...

Страница 62: ...dress Subnet Mask Enter a subnet mask in dotted decimal notation Refer to the appendix to calculate a subnet mask If you are implementing subnetting Gateway IP address You must specify a gateway IP address supplied by your ISP when you use ENET ENCAP in the Encapsulation field in the previous screen First DNS Server Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP c...

Страница 63: ...iled 1 If the following screen displays check if your account is activated or click Restart the Internet Wireless Setup Wizard to verify your Internet access settings Figure 23 Connection Test Failed 2 5 3 Wireless Connection Wizard Setup After you configure the Internet access information use the following screens to set up your wireless LAN Apply Click this to save your changes Exit Click this t...

Страница 64: ...ate the wireless LAN Click Next to continue Figure 25 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen Table 13 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN Back Click this to return to the previous screen without saving Next Click this to continue to the next wizard screen Exit Click this to close the wiza...

Страница 65: ...ce make sure all wireless stations use the same SSID in order to access the network Channel Selection The range of radio frequencies used by IEEE 802 11b g wireless devices is called a channel Select a channel ID that is not already in use by a neighboring device Security Select Manually assign a WPA PSK key to configure a Pre Shared Key WPA PSK Choose this option only if your wireless clients sup...

Страница 66: ...ssign a WEP key to setup WEP Encryption parameters Figure 28 Manually Assign a WEP key Table 15 Manually Assign a WPA PSK key LABEL DESCRIPTION Pre Shared Key Type from 8 to 63 case sensitive ASCII characters You can set up the most secure wireless connection by configuring WPA in the wireless LAN screens You need to configure an authentication server to do this Back Click this to return to the pr...

Страница 67: ... and save the wizard setup Table 16 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data Both the Device and the wireless stations must use the same WEP key for data transmission Enter any 5 or 13 ASCII characters or 10 or 26 hexadecimal characters 0 9 A F for a 64 bit or 128 bit WEP key respectively Back Click this to return to the previous screen without saving N...

Страница 68: ...and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www zyxel com Internet access is just the beginning Refer to the rest of this guide for more detailed information on the complete range of Device features If you cannot access the Internet open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct ...

Страница 69: ...WAN Screens Use t he Internet Access Setup screen Section 6 2 on page 71 to configure the WAN settings on the Device for Internet access Use t he More Connections screen Section 6 3 on page 75 to set up additional Internet access connections 6 1 2 What You Need to Know About WAN Encapsulation Method Encapsulation is used to include data from an upper la yer protocol into a lower layer protocol T o...

Страница 70: ...icast Traditionally IP packets are transmitted in one of either two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just one IGMP IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast group it is not used to carry user data...

Страница 71: ... 71 6 2 The Internet Access Setup Screen Use this screen to change your Device s WAN settings Click Network WAN Internet Access Setup The screen differs by the WAN type and encapsulation you select Figure 32 Network WAN Internet Access Setup PPPoE ...

Страница 72: ...capsulation only Enter the user name exactly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password PPPoA and PPPoE encapsulation only Enter the password associated with the user name above Service Name PPPoE only Type the name of your PPPoE service here Multiplexing Select the method of multiplexi...

Страница 73: ... gateway IPv6 address provided by your ISP IPv6 DNS Server1 Enter the first IPv6 DNS server address assigned by the ISP IPv6 DNS Server2 Enter the second IPv6 DNS server address assigned by the ISP MLD Proxy Select Enable to have the Device act as an MLD proxy on this connection This allows the Device to get subscription information and maintain a joined member list for each multicast group It can...

Страница 74: ...s field to control how much routing information the Device sends and receives on the subnet Select the RIP direction from None Both In Only and Out Only RIP Version This field is not configurable if you select None in the RIP Direction field Select the RIP version from RIP 1 RIP 2B RIP 2M Select RIP 1 to use RIP version 1 Select RIP 2B RIP 2M to use RIP version 2 broadcast and multicast Multicast ...

Страница 75: ...quire closely controlled delay and delay variation Peak Cell Rate Divide the DSL line rate bps by 424 the size of an ATM cell to find the Peak Cell Rate PCR This is the maximum rate at which the sender can send cells Type the PCR here Sustain Cell Rate The Sustain Cell Rate SCR sets the average cell rate long term that can be transmitted Type the SCR which must be less than the PCR Note that syste...

Страница 76: ...he name you gave to the Internet connection VPI VCI This field displays the Virtual Path Identifier VPI and Virtual Channel Identifier VCI numbers configured for this WAN connection Encapsulation This field indicates the encapsulation method of the Internet connection Modify The first ISP connection is read only in this screen Use the WAN Internet Access Setup screen to edit it Click the Edit icon...

Страница 77: ...een Table 20 Network WAN More Connections Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection Name Enter a unique descriptive name of up to 13 ASCII characters for this connection Mode Select Route from the drop down list box if your ISP allows multiple computers to share an Internet account If you select Bridge the Device wil...

Страница 78: ...he Internet If you use the encapsulation type except RFC 1483 select Obtain an IP Address Automatically when you have a dynamic IP address otherwise select Static IP Address and type your ISP assigned IP address in the IP Address field below If you use RFC 1483 enter the IP address given by your ISP in the IP Address field Subnet Mask This option is available if you select ENET ENCAP in the Encaps...

Страница 79: ...formation Protocol allows a router to exchange routing information with other routers Use this field to control how much routing information the Device sends and receives on the subnet Select the RIP direction from None Both In Only and Out Only RIP Version This field is not configurable if you select None in the RIP Direction field Select the RIP version from RIP 1 RIP 2B and RIP 2M ATM QoS Type ...

Страница 80: ...on is for a dial up connection using PPPoE For the service provider PPPoE offers an access and authentication method that works with existing access control systems for example RADIUS One of the benefits of PPPoE is the ability to let you access one of multiple network services a function known as dynamic service selection This enables the service provider to easily create and offer new IP service...

Страница 81: ...irtual circuit VC based multiplexing Please refer to RFC 1483 for more detailed information 6 4 2 Multiplexing There are two conventions to identify what protocols the virtual circuit VC is carrying Be sure to use the multiplexing method required by your ISP VC based Multiplexing In this case by prior mutual agreement each protocol is assigned to a specific virtual circuit for example VC1 carries ...

Страница 82: ... things when you specify a nailed up connection The first is that idle timeout is disabled The second is that the Device will try to bring up the connection when turned on and whenever the connection is down A nailed up connection can be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connection ...

Страница 83: ... Constant Bit Rate CBR provides fixed bandwidth that is always available even if no data is being sent CBR traffic is generally time sensitive doesn t tolerate delay CBR is used for connections that continuously require a specific amount of bandwidth A PCR is specified and if traffic exceeds this rate cells may be dropped Examples of connections that need CBR would be high resolution video and voi...

Страница 84: ...affic typical on LANs PCR and MBS define the burst levels SCR defines the minimum level An example of an VBR nRT connection would be non time sensitive data file transfers Unspecified Bit Rate UBR The Unspecified Bit Rate UBR ATM traffic class is for bursty data transfers However UBR doesn t guarantee any bandwidth and only delivers traffic when the network has spare bandwidth An example applicati...

Страница 85: ...ng settings from this screen Use t he DHCP Server screen Section 7 3 on page 88 to configure the Device s DHCP settings Use t he Client List screen Section 7 4 on page 89 to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Use t he IP Alias screen Section 7 5 on page 90 to change your Device s IP alias settings Use t he IPv6 screen Section 7 6 on page 92...

Страница 86: ...MP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast group it is not used to carry user data There are three versions of IGMP IGMP version 2 and 3 are improvements over version 1 but IGMP version 1 is still in wide use DNS DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa The DNS server is extr...

Страница 87: ...cast and Windows Networking settings Click the Advanced Setup button in the LAN IP screen The screen appears as shown Figure 39 Network LAN IP Advanced Setup Table 22 Network LAN IP LABEL DESCRIPTION IP Address Enter the LAN IP address you want to assign to your Device in dotted decimal notation for example 192 168 1 1 factory default IP Subnet Mask Type the subnet mask of your network in dotted d...

Страница 88: ... DHCP Server Table 23 Network LAN IP Advanced Setup LABEL DESCRIPTION RIP Multicast Setup RIP Direction Select the RIP direction from None Both In Only and Out Only RIP Version Select the RIP version from RIP 1 RIP 2B and RIP 2M IGMP Snoop Select Enabled to activate IGMP Snooping This allows the Device to passively learn memberships in multicast groups Back Click this to return to the previous scr...

Страница 89: ...Server field in this case When DHCP is used the following items need to be set IP Pool Starting Address This field specifies the first of the contiguous addresses in the IP address pool Pool Size This field specifies the size or count of the IP address pool Remote DHCP Server If Relay is selected in the DHCP field above then enter the IP address of the actual remote DHCP server here DNS Server DNS...

Страница 90: ...is is the index number of the static IP table entry row Status This field displays whether the client is connected to the Device Host Name This field displays the computer host name IP Address This field displays the IP address relative to the field listed above MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadeci...

Страница 91: ... IP Alias The following table describes the labels in this screen Ethernet Interface A 192 168 1 1 192 168 1 24 B 192 168 2 1 192 168 2 24 C 192 168 3 1 192 168 3 24 Table 26 Network LAN IP Alias LABEL DESCRIPTION IP Alias Select the check box to configure another LAN network for the Device IP Address Enter the IP address of your Device in dotted decimal notation Alternatively click the right mous...

Страница 92: ...vertise its presence and other parameters such as IPv6 prefix and DNS information Router solicitation is a request from a host to locate a router that can act as the default router and forward packets Note The LAN hosts neither generate global IPv6 addresses nor communicate with other networks if you disable this feature Radvd Mode If Auto is selected the Device will pass IPv6 prefix and DNS infor...

Страница 93: ...n for the clients If you turn DHCP service off you must have another DHCP server on your LAN or else the computer must be manually configured DHCP6 Setup DHCP6 Server Select Enable to have the Device act as aDHCP6 server and pass IPv6 Prefix and DNS information to clients DHCP6 Mode Select Auto if your ISP dynamically assigns IPv6 Prefix and DNS information Select Mannual to configure these parame...

Страница 94: ... mean you can leave the DNS servers out of the DHCP setup under all circumstances If your ISP gives you explicit DNS servers make sure that you enter their IP addresses in the DHCP Setup screen 7 7 4 LAN TCP IP The Device has built in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability IP Address and Subnet Mask Similar to the way houses ...

Страница 95: ... hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Note Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Internets and RFC 1466 Guidelines for Management of ...

Страница 96: ... about interoperability between IGMP version 2 and version 1 please see sections 4 and 5 of RFC 2236 The class D IP address is used to identify host groups and can be in the range 224 0 0 0 to 239 255 255 255 The address 224 0 0 0 is not assigned to any group and is used by IP multicast computers The address 224 0 0 1 is used for query messages and is assigned to the permanent group of all IP host...

Страница 97: ...s security configure the MAC filter and make other basic configuration changes Use t he More AP screen see Section 8 3 on page 106 to set up multiple wireless networks on your Device Use t he WPS screen see Section 8 4 on page 108 to enable or disable WPS generate a security PIN Personal Identification Number and see information about the Device s WPS status Use t he WPS Station see Section 8 5 on...

Страница 98: ...l characters 0 9 and A to F and it is usually written in the following format 0A A0 00 BB CC DD The MAC address filter controls access to the wireless network You can use the MAC address of each wireless client to allow or deny access to the wireless network Finding Out More See Section 8 8 on page 112 for advanced technical information on wireless networks 8 1 3 Before You Start Before you start ...

Страница 99: ... descriptive name up to 32 printable 7 bit ASCII characters for the wireless LAN Note If you are configuring the Device from a computer connected to the wireless LAN and you change the Device s SSID or WEP settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match the Device s new settings Hide SSID Select th...

Страница 100: ...P No Security The following table describes the labels in this screen 8 2 2 WEP Encryption Use this screen to configure and enable WEP encryption Click Network Wireless LAN to display the AP screen Select Static WEP from the Security Mode list Cancel Click this to restore your previously saved settings Advanced Setup Click this to display the Wireless Advanced Setup screen and edit more details of...

Страница 101: ...ronger than WEP use the highest encryption level available Figure 48 Network Wireless LAN AP Static WEP The following table describes the wireless LAN security labels in this screen Table 30 Network Wireless LAN AP Static WEP LABEL DESCRIPTION Security Mode Choose Static WEP from the drop down list box Passphrase Enter a passphrase up to 32 printable characters and click Generate The Device automa...

Страница 102: ...security mode is WPA2 PSK and WPA Compatible is selected you can set the encryption mode to TKIP AES to allow both TKIP and AES types of security in your wireless network WPA Compatible This check box is available only when you select WPA2 PSK in the Security Mode field Select the check box to have both WPA PSK wireless clients be able to communicate with the Device even when the Device is using W...

Страница 103: ...S types of security in your wireless network WPA Compatible This check box is available only when you select WPA2 PSK or WPA2 in the Security Mode field Select the check box to have both WPA PSK and WPA wireless clients be able to communicate with the Device even when the Device is using WPA2 PSK or WPA2 ReAuthentication Timer Specify how often wireless stations have to resend usernames and passwo...

Страница 104: ... network administrator instructs you to do so with additional information Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the Device The key must be the same on the external authentication server and your Device The key is not sent over the network Table 32 Network Wireless LAN AP WPA 2 LABEL DESCRIPTION Table 3...

Страница 105: ...ed the Device will use 40MHz if it is supported A 40MHz channel uses two standard channels and offers faster speeds 40MHz channel bonding or dual channel bonds two adjacent radio channels to increase throughput The wireless clients must also support 40 MHz It is often better to use the 20 MHz setting in a location where the environment hinders the wireless signal Select 20MHz if you want to lessen...

Страница 106: ...ilter Action Define the filter action for the list of MAC addresses in the MAC Address table Select Deny to block access to the Device MAC addresses not listed will be allowed to access the Device Select Allow to permit access to the Device MAC addresses not listed will be denied access to the Device Set This is the index number of the MAC address MAC Address Enter the MAC addresses of the wireles...

Страница 107: ...ore AP LABEL DESCRIPTION This is the index number of each SSID profile Active This field indicates whether this SSID is active SSID An SSID profile is the set of parameters relating to one of the Device s BSSs The SSID Service Set IDentifier identifies the Service Set with which a wireless device is associated This field displays the name of the wireless profile on the network When a wireless clie...

Страница 108: ...ess LAN and you change the Device s SSID or security settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match the Device s new settings Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool Security Mode Se...

Страница 109: ...t necessary when you use WPS push button method Generate Click this to have the Device create a new PIN WPS Status This displays Configured when the Device has connected to a wireless network using WPS or Enable WPS is selected and wireless or wireless security settings have been changed The current wireless and wireless security settings also appear in the screen This displays Unconfigured if WPS...

Страница 110: ...ecurity settings between the Device and any wireless clients Note At the time of writing WDS is compatible with other ZyXEL APs only Not all models support WDS links Check your other AP s documentation Table 38 Network Wireless LAN WPS Station LABEL DESCRIPTION Push Button Click this to add another WPS enabled wireless device within wireless range of the Device to your wireless network This button...

Страница 111: ...LAN AP screen TKIP Select this to use TKIP Temporal Key Integrity Protocol encryption AES Select this to use AES Advanced Encryption Standard encryption This is the index number of the individual WDS link Active Select this to activate the link between the Device and the peer device to which this entry refers When you do not select the check box this link is down Remote Bridge MAC Address Type the...

Страница 112: ... in depth For more information see the appendix Table 40 Network Wireless LAN QoS LABEL DESCRIPTION Enable Wireless LAN Scheduling Select this box to activate wireless LAN scheduling on your Device Action Select On or Off to enable or disable the wireless LAN Day Check the day s you want to turn the wireless LAN on or off The following times Specify a time frame during which the schedule would app...

Страница 113: ... has one or more access points and one or more wireless clients The wireless clients connect to the access points An ad hoc type of network is one in which there is no access point Wireless clients connect to one another in order to exchange information The following figure provides an example of a wireless network Figure 59 Example of a Wireless Network The wireless network is the part in the blu...

Страница 114: ...e airwaves but also join the network Once an unauthorized person has access to the network he or she can steal information or introduce malware malicious software intended to compromise the network For these reasons a variety of security systems have been developed to ensure that only authorized people can use a wireless data network or understand the data carried on it Table 41 Additional Wireles...

Страница 115: ...s not include real words For example if your mother owns a 1970 Dodge Challenger and her favorite movie is Vanishing Point which you know was made in 1971 you could use 70dodchal71vanpoi as your security key The following sections introduce different types of wireless security you can set up in the wireless network 8 8 3 1 SSID Normally the Device acts like a beacon and regularly broadcasts the SS...

Страница 116: ...is sent in the wireless network Encryption is like a secret code If you do not know the secret code you cannot understand the message The types of encryption you can choose depend on the type of authentication See Section 8 8 3 3 on page 116 for information about this For example if the wireless network has a RADIUS server you can choose WPA or WPA2 If users do not log in to the wireless network y...

Страница 117: ... the data signal Interference may come from other radio transmissions such as military or air traffic control communications or from machines that are coincidental emitters such as electric motors or microwaves Problems with absorption occur when physical objects such as thick walls are between the two radios muffling the signal 8 8 5 BSS A Basic Service Set BSS exists when all communications betw...

Страница 118: ...y settings of peer sides match one another the connection between devices is made At the time of writing WDS security is compatible with other ZyXEL access points only Refer to your other access point s documentation for details The following figure illustrates how WDS link works between APs Notebook computer A is a wireless client connecting to access point AP 1 AP 1 has no wired Internet connect...

Страница 119: ...need to make sure that WPS worked check the list of associated wireless clients in the AP s configuration utility If you see the wireless client in the list WPS was successful 8 8 8 2 PIN Configuration Each WPS enabled device has its own PIN Personal Identification Number This may either be static it cannot be changed or dynamic in some devices you can generate a new PIN by clicking on a button in...

Страница 120: ...tion interface has an area for entering another device s PIN you can either enter the client s PIN in the AP or enter the AP s PIN in the client it does not matter which 6 Start WPS on both devices within two minutes 7 Use the configuration utility to activate WPS not the push button on the device itself 8 On a computer connected to the wireless client try to connect to the Internet If you can con...

Страница 121: ...evice acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the registrar is already part of a network it sends the exist...

Страница 122: ... that it is not part of an existing network and can act as either enrollee or registrar if it supports both functions If the registrar is unconfigured the security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has connected to another device using WPS it becomes configured A configured wireless client can still act as enrollee or registr ar in subsequent WP...

Страница 123: ...rk You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network In this case AP1 must be the registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 Figure 65 WPS Example Network...

Страница 124: ...wo enrollees and one registrar you must set up the first enrollee by pressing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devices However you can still add non WPS devices to a network you already set up using WPS WPS works by automatically issuing a r...

Страница 125: ... if this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open the access point s configuration interface and look at the list of associated clients usually displayed by MAC address It does not matter if the access point is the WPS registrar the enrollee or w...

Страница 126: ...Chapter 8 Wireless LAN AMG1302 T10A User s Guide 126 ...

Страница 127: ...to enable and disable the SIP VoIP ALG in the Device 9 1 2 What You Need To Know About NAT Inside Outside Inside outside denotes where a host is located relative to the Device for example the computers of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global Local Global local denotes the IP address of a host in a packet as the packet traverses a ...

Страница 128: ...hoose SUA Only if you have just one public WAN IP address for your Device Choose Full Feature if you have multiple public WAN IP addresses for your Device Finding Out More See Section 9 6 on page 136 for advanced technical information on NAT 9 2 The NAT General Setup Screen Use this screen to activate NAT Click Network NAT to open the following screen Note You must create a firewall rule in additi...

Страница 129: ...s In addition to the servers for specified services NAT supports a default server IP address A default server receives packets from ports that are not specified in this screen Note If you do not assign a Default Server IP address the Device discards all packets received for ports that are not specified here or in the remote management setup Max NAT Firewall Session Per User When computers use peer...

Страница 130: ...n the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 68 Multiple Servers Behind NAT Example 9 3 1 Configuring the Port Forwarding Screen Click Network NAT Port Forwarding to open the following screen See Appendix F on page 291 for port numbers commonly used for particular services Figure 69 Network NAT ...

Страница 131: ... specified service Add Click this button to add a rule to the table below This is the rule index number read only Active This field indicates whether the rule is active or not Clear the check box to disable the rule Select the check box to enable it Service Name This is a service s name Start Port This is the first port number that identifies a service End Port This is the last port number that id...

Страница 132: ...number here and the end port number in the End Port field End Port Enter a port number in this field To forward only one port enter the port number again in the Start Port field above and then enter it again in this field To forward a series of ports enter the last port number in a series that begins with the port number in the Start Port field above Server IP Address Enter the inside IP address o...

Страница 133: ...me new rules 4 5 and 6 To change your Device s address mapping settings click Network NAT Address Mapping to open the following screen Figure 71 Network NAT Address Mapping The following table describes the fields in this screen Table 46 Network NAT Address Mapping LABEL DESCRIPTION This is the rule index number Local Start IP This is the starting Inside Local IP Address ILA Local IP addresses are...

Страница 134: ...e PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported only M M Ov Overload Many to Many Overload mode maps multiple local IP addresses to shared global IP addresses MM No No Overload Many to Many No Overload mode maps each local IP address to unique global IP addresses Server This type allows you to specify inside servers of different services beh...

Страница 135: ...to Many Overload mode maps multiple local IP addresses to shared global IP addresses Many to Many No Overload Many to Many No Overload mode maps each local IP address to unique global IP addresses Server This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world Local Start IP Address This is the starting local IP address ILA Local IP ...

Страница 136: ...cket is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the location of a host while global local refers to the IP address of a host used in a packet Thus an inside local address ILA is the IP address of an inside host in a packet when the packet is still in the local network whi...

Страница 137: ...er to RFC 1631 The IP Network Address Translator NAT 9 6 3 How NAT Works Each packet has two addresses a source address and a destination address F or outgoing packets the ILA Inside Local Address is the source address on the LAN and the IGA Inside Global Address is the source address on the WAN For incoming packets the ILA is the destination address on the LAN and the IGA is the destination addre...

Страница 138: ...Device maps multiple local IP addresses to one global IP address This is equivalent to SUA for instance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers Many to Many Overload In Many to Many Overload mode the Device maps the multiple local IP addresses to shared global IP addresses Many to Many No Overload...

Страница 139: ...arizes these types Table 50 NAT Mapping Types TYPE IP MAPPING One to One ILA1 IGA1 Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 Many to Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 Many to Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 ...

Страница 140: ...Chapter 9 Network Address Translation NAT AMG1302 T10A User s Guide 140 ...

Страница 141: ...is session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 76 Default Firewall Action 10 1 1 What You Can Do in the Firewall Screens Use t he General screen to enable firewall and or triangle route on the Device and set the default action that the firewall takes on packets that do not match any of the firewall rules Use t he Rules screen to view the configu...

Страница 142: ...eps outsiders from discovering your Device when unsupported ports are probed ICMP Internet Control Message Protocol ICMP is a message control and error reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol IP datagrams but the messages are processed by the TCP IP software and directly apparent to the application user 10 2 The Firewall General Screen Use...

Страница 143: ...gh the Device A better solution is to use IP alias to put the Device and the backup gateway on separate subnets See Section 10 4 4 1 on page 151 for an example Packet Direction This is the direction of travel of packets LAN to Router LAN to WAN WAN to Router WAN to LAN Firewall rules are grouped based on the direction of travel of packets to which they apply For example LAN to Router means packets...

Страница 144: ...es Create a new rule after rule number Select an index number and click Add to add a new firewall rule after the selected index number For example if you select 6 your new rule becomes number 7 and the previous rule 7 if there is one becomes rule 8 The following read only fields summarize the rules you have created that apply to traffic traveling in the selected packet direction The firewall rules...

Страница 145: ...e This field tells you whether a schedule is specified Yes or not No Modify Click the Edit icon to go to the screen where you can edit the rule Click the Remove icon to delete an existing firewall rule A window displays asking you to confirm that you want to delete the firewall rule Note that subsequent firewall rules move up by one when you take this action Order Click the Move icon to display th...

Страница 146: ...it LABEL DESCRIPTION Edit Rule Active Select this option to enable this firewall rule Action for Matched Packet Use the drop down list box to select whether to discard Drop deny and send an ICMP destination unreachable message to the sender of Reject or allow the passage of Permit packets that match this rule Source Destination Address Address Type Do you want your rule to apply to packets with a ...

Страница 147: ...dd multiple addresses ranges of addresses and or subnets Edit To edit an existing source or destination address select it from the box and click Edit Delete Highlight an existing source or destination address from the Source or Destination Address box above and click Delete to remove it Service Available Selected Services Highlight a service from the Available Services box on the left then click A...

Страница 148: ...service Protocol This shows the IP protocol TCP UDP or TCP UDP that defines your customized service Port This is the port number or range that defines your customized service Back Click this to return to the Firewall Edit Rule screen Table 55 Security Firewall Rules Edit Edit Customized Services Config LABEL DESCRIPTION Config Service Name Type a unique name for your custom port Service Type Choos...

Страница 149: ...e Device remote management Note You can also configure the remote management settings to allow only a specific computer to manage the Device LAN t o W AN These rules specify which computers on the LAN can access which computers or services on the WAN By default the Device s stateful packet inspection drops packets traveling in the following directions WAN t o LAN These rules specify which computer...

Страница 150: ...services to access the firewall or the network 5 For local services that are enabled protect against misuse Protect by configuring the services to communicate only with specific peers and protect by configuring rules to block packets for the services at specific interfaces 6 Protect against IP spoofing by making sure the firewall is active 7 Keep the firewall in a secured locked room 10 4 3 Securi...

Страница 151: ...ts between two Ethernet devices You may have more than one connection to the Internet through one or more ISPs If an alternate gateway is on the LAN and its IP address is in the same subnet as the Device s LAN IP address the triangle route also called asymmetrical route problem may occur The steps below describe the triangle route problem 1 A computer on the LAN initiates a connection by sending o...

Страница 152: ... the Device being the gateway for each logical network It s like having multiple LAN networks that actually use the same physical cables and ports By putting your LAN and Gateway A in different subnets all returning network traffic must pass through the Device to your LAN The following steps describe such a scenario 1 A computer on the LAN initiates a connection by sending a SYN packet to a receiv...

Страница 153: ...ction 11 3 on page 154 to allow or deny traffic from certain types of applications Use t he IP MAC Filter screen Section 11 4 on page 156 to create IP MAC filter rules 11 1 2 What You Need to Know About Filtering URL The URL Uniform Resource Locator identifies and helps locates resources on a network On the Internet the URL is the web address that you type in the address bar of your Internet brows...

Страница 154: ... manage the use of various applications on the network Table 56 Access Management Filter URL LABEL DESCRIPTION URL Filter Editing URL Filter Use this field to enable or disable the URL filter URL Index Select the index number of the filter Individual active Select Yes to make the filter active and No to make it inactive URL Enter the URL for the Device to block URL Filter Listing Index This is the...

Страница 155: ...n LABEL DESCRIPTION Application Filter Editing Application Filter Use this field to enable or disable the application filter ICQ Use this field to allow or deny ICQ traffic MSN Use this field to allow or deny MSN traffic YMSG Use this field to allow or deny Yahoo Messenger traffic Real Audio Video Use this field to allow or deny transferring RealPlayer format files Save Click this to save your cha...

Страница 156: ...PVC to which to apply the filter Direction Apply the filter to Both Incoming or Outgoing traffic direction Rule Type Select IP or MAC type to configure the rule Use the IP Filter to block traffic by IP addresses Use the MAC Filter to block traffic by MAC address Source IP Address Enter the source IP address of the packets you wish to filter This field is ignored if it is 0 0 0 0 Subnet Mask Enter ...

Страница 157: ...ace This is the interface that the filter set applies to Direction The filter set applies to this traffic direction This is the index number of the rule in a filter set Active This field shows whether the rule is activated Src IP Mask This is the source IP address and subnet mask when you select IP as the rule type Dest IP Mask This is the destination IP address and subnet mask Mac Address This is...

Страница 158: ...Chapter 11 Filters AMG1302 T10A User s Guide 158 ...

Страница 159: ... use static routes For example the next figure shows a computer A connected to the Device s LAN interface The Device routes most traffic from A to the Internet through the Device s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the LAN F...

Страница 160: ...is is the number of an individual static route Destination This parameter specifies the IP network address of the final destination Routing is always based on network number Netmask This parameter specifies the IP network subnet mask of the final destination Gateway This is the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port T...

Страница 161: ...ork address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address Enter the IP address of the gateway The gateway is a router or switch on the same networ...

Страница 162: ...Chapter 12 Static Route AMG1302 T10A User s Guide 162 ...

Страница 163: ...erent ATM QoS settings can be specified for each WAN PVC to meet bandwidth requirements for the type of traffic to be transferred For example three port binding groups could be created on the device R1 for three different WAN PVC connections The first PVC PVC0 is for non time sensitive data traffic The second and third PVCs PVC1 and PVC2 are for time sensitive Media On Demand MOD video traffic and...

Страница 164: ...lay the following screen Figure 92 Advanced Port Binding The following table describes the labels in this screen Table 61 Advanced Port Binding LABEL DESCRIPTION Port Binding Active Activate or deactivate the port binding feature Group Index Select the index number for the port binding group When a port is assigned to a port binding group traffic will be forwarded to the other ports in the group b...

Страница 165: ...ibes the labels in this screen Group Summary Port Binding Summary Click this to view a summary of configured port binding groups Apply Add the selected port binding group configuration Delete Delete the selected port binding group configuration Cancel Click this to restore your previously saved settings Table 61 Advanced Port Binding continued LABEL DESCRIPTION Table 62 Advanced Port Binding PortB...

Страница 166: ...Chapter 13 Port Binding AMG1302 T10A User s Guide 166 ...

Страница 167: ...mbership of a frame across bridges they are not confined to the device on which they were created The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process the frame across the network Forwarding Tagged and Untagged Frames Each port on the device is capable of passing tagged or untagged frames To forward a frame from an 802 1Q VLAN aware device t...

Страница 168: ...3 Advanced pvid Setting LABEL DESCRIPTION Active Activate or deactivate the VLAN feature PORT This field displays the types of ports available to join the VLAN group PVID Assign a VLAN ID for the port The valid VID range is between 1 and 4094 The Device assigns the PVID to untagged frames or priority tagged frames received on this port TAG Select TAG if you want the port to tag all outgoing traffi...

Страница 169: ...stion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter v ariations in delay such as Voice over IP VoIP or Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video In the following figure your Internet connection has an upstream ...

Страница 170: ...You can use 802 1p to give different priorities to different packet types Tagging and Marking In a QoS class you can configure whether to add or change the DiffServ Code Point DSCP value IEEE 802 1p priority level and VLAN ID number in a matched packet When the packet passes through a compatible network the networking device such as a backbone switch can provide specific treatment or service based...

Страница 171: ... your network performance You can give priority to traffic that the Device forwards out through the WAN interface Give high priority to voice and video to make them run more smoothly Similarly give low priority to many large file downloads so that they do not reduce the quality of other applications Discipline Select weighted round robin WRR scheduling to allow packets of all priorities to transmi...

Страница 172: ... applied Source MAC Type a source MAC address here QoS is then applied to traffic containing this source MAC address Leave it blank to apply the rule to all MAC addresses IP Enter a source IP address in dotted decimal notation QoS is then applied to traffic containing this source IP address A blank source IP address means any source IP address Mask Enter a source subnet mask here Port Range Enter ...

Страница 173: ...o re assign the priority level to matched traffic Queue Specify a Low Medium High or Highest queue tag to matched traffic Traffic assigned to a higher queue gets through faster while traffic in lower queues is dropped when there is network congestion ADD Click this to add the rule DELETE Click this to remove the rule CANCEL Click this to restore previously saved settings Table 64 Advanced Setup Qo...

Страница 174: ... this field to matched traffic 802 1p Remarking The Device re assigns the priority levels specified in this field to matched traffic Queue The Device assigns the queue level specified in this field to matched traffic Table 65 Advanced Setup QoS Rule Action Summary LABEL DESCRIPTION Table 66 IEEE 802 1p Priority Level and Traffic Type PRIORITY LEVEL TRAFFIC TYPE Level 7 Typically used for network c...

Страница 175: ...oS mapping on the Device On the Device traffic assigned to higher priority queues gets through faster while traffic in lower index queues is dropped if the network is congested Table 67 Internal Layer2 and Layer3 QoS Mapping PRIORITY QUEUE LAYER 2 LAYER 3 IEEE 802 1P USER PRIORITY ETHERNET PRIORITY TOS IP PRECEDENCE DSCP IP PACKET LENGTH BYTE 0 1 0 000000 1 2 2 0 0 000000 1100 3 3 1 001110 001100 ...

Страница 176: ...Chapter 15 Quality of Service QoS AMG1302 T10A User s Guide 176 ...

Страница 177: ...t of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 16 1 1 What You Can Do in the DDNS Screen Use the Dynamic DNS screen Section 16 2 on page 178 to enable DDNS and configure the DDNS settings on t...

Страница 178: ...dynamic DNS Service Provider This is the name of your Dynamic DNS service provider Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider Host Name Type the domain name assigned to your Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma User Name Type your user name Password Type the pas...

Страница 179: ...you still need to configure an IP filter rule to allow access You may manage your Device from a remote location via Internet WAN only LAN o nly LAN a nd WAN None Disable To disable remote management of a service select Disable in the corresponding Service Access field You may only have one remote management session running at a time The Device automatically disconnects a remote management session ...

Страница 180: ...7 7 on page 185 to set whether or not your Device will respond to pings and probes for services that you have not made available 17 1 2 What You Need to Know About Remote Management Remote Management Limitations Remote management does not work when You have not enabled that service on the interface in the corresponding remote management screen You have disabled that service in one of the remote ma...

Страница 181: ...e 69 Advanced Remote Management WWW LABEL DESCRIPTION Server Port You may change the server port number for a service if needed However you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access the Device using this service Secured Client IP Address A secured client is a trusted computer that is all...

Страница 182: ...s click Advanced Remote MGMT FTP The screen appears as shown Figure 103 Advanced Remote MGMT FTP Table 70 Advanced Remote Management Telnet LABEL DESCRIPTION Server Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Server Access Select the interface s through which a computer may access th...

Страница 183: ...nt translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform Table 71 Advanced Remote MGMT FTP LABEL DESCRIPTION Server Port You may change the server port number for a service if needed However you must use the same port number in order to use that service for remote management Serve...

Страница 184: ... 161 by default If you change the SNMP server port to a different number on the Device for example 8161 then you must notify people who need to access the Device SNMP agent to use the same port Server Access Select the interface s through which a computer may access the Device using this service Secured Client IP Address A secured client is a trusted computer that is allowed to access the SNMP age...

Страница 185: ...er attempts to probe an unsupported port on your Device an ICMP response packet is automatically returned This allows the outside user to know the Device exists Your Device supports anti probing which prevents the ICMP response packet from being sent This keeps outsiders from discovering your Device when unsupported ports are probed Table 73 Advanced Remote Management DNS LABEL DESCRIPTION Server ...

Страница 186: ... is a message control and error reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol IP datagrams but the messages are processed by the TCP IP software and directly apparent to the application user Respond to Ping on The Device will not respond to any incoming Ping requests when Disable is selected Select LAN to reply to incoming LAN Ping requests Sele...

Страница 187: ...compatible device installed on your network will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate through NAT UPnP network devices can automatically configure network addressing announce their presence in the network to oth...

Страница 188: ...he screen shown next See Section 18 1 on page 187 for more information Figure 108 Advanced UPnP General The following table describes the fields in this screen Table 75 Advanced UPnP General LABEL DESCRIPTION Active the Universal Plug and Play UPnP Feature Select this check box to activate UPnP Be aware that anyone could use a UPnP application to open the web configurator s login screen without en...

Страница 189: ...w the steps below to install the UPnP in Windows Me 1 Click Start and Control Panel Double click Add Remove Programs 2 Click on the Windows Setup tab and select Communication in the Components selection box Click Details Add Remove Programs Windows Setup Communication Apply Click this to save your changes Reset Click this to restore your previously saved settings Table 75 Advanced UPnP General LAB...

Страница 190: ...omponents selection box Add Remove Programs Windows Setup Communication Components 4 Click OK to go back to the Add Remove Programs Properties window and click Next 5 Restart the computer when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Network Connections ...

Страница 191: ...ions window click Advanced in the main menu and select Optional Networking Components Network Connections 4 The Windows Optional Networking Components Wizard window displays Select Networking Service in the Components selection box and click Details Windows Optional Networking Components Wizard ...

Страница 192: ...and click Next 18 4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP activated on the Device Make sure the computer is connected to a LAN port of the Device Turn on your computer and the Device Auto discover Your UPnP enabled Network Device 1 Click Start and Control Panel Double click Netwo...

Страница 193: ...G1302 T10A User s Guide 193 2 Right click the icon and select Properties Network Connections 3 In the Internet Connection Properties window click Settings to see the port mappings there were automatically created Internet Connection Properties ...

Страница 194: ...or delete the port mappings or click Add to manually add port mappings Internet Connection Properties Advanced Settings Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically ...

Страница 195: ...on to display your current Internet connection status Internet Connection Status Web Configurator Easy Access With UPnP you can access the web based configurator on the Device without finding out the IP address of the Device first This comes helpful if you do not know the IP address of the Device Follow the steps below to access the web configurator 1 Click Start and then Control Panel 2 Double cl...

Страница 196: ...Universal Plug and Play UPnP AMG1302 T10A User s Guide 196 3 Select My Network Places under Other Places Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Network ...

Страница 197: ... your Device and select Invoke The web configurator login screen displays Network Connections My Network Places 6 Right click on the icon for your Device and select Properties A properties window displays with basic information about the Device Network Connections My Network Places Properties Example ...

Страница 198: ...Chapter 18 Universal Plug and Play UPnP AMG1302 T10A User s Guide 198 ...

Страница 199: ...r Device ZD can be managed via a management server MS such as ZyXEL s Vantage Access Figure 109 LAN and WAN An administrator can use a management server to remotely set up the Device modify settings perform firmware upgrades as well as monitor and diagnose the Device In order to use CWMP you need to configure the following steps 1 Activate CWMP 2 Specify the URL username and password 3 Activate pe...

Страница 200: ...evice to be managed by a management server ACS Login Information Configure this part of the screen to log into the management server URL Type the IP address or domain name of the management server If the Device is behind a NAT router that assigns it a private IP address you will have to configure a NAT port forwarding rule on the NAT router User Name The user name is used to authenticate the Devic...

Страница 201: ...forwarding rules if they were already configured UserName The user name is used to authenticate the management server when connecting to the Device Type a user name of up to 255 printable characters found on an English language keyboard Spaces and characters such as _ are allowed Password The password is used to authenticate the management server when connecting to the Device Type a password of up...

Страница 202: ...Chapter 19 CWMP AMG1302 T10A User s Guide 202 ...

Страница 203: ...time 20 2 The General Screen Use this screen to configure system admin password Click Maintenance System to open the General screen Figure 111 Maintenance System General The following table describes the labels in this screen Table 77 Maintenance System General LABEL DESCRIPTION Password Admin Password Old Password Type the default password or the existing password you use to access the system in ...

Страница 204: ...rm Type the new password again for confirmation Apply Click this to save your changes Cancel Click this to restore your previously saved settings Table 77 Maintenance System General LABEL DESCRIPTION Table 78 Maintenance System Time and Date LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your Device Each time you reload this page the Device synchronizes the ti...

Страница 205: ...ield uses the 24 hour format Here are a couple of examples Daylight Saving Time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and type 2 in the o clock field Daylight Saving Time starts in the European Union on the last Sun...

Страница 206: ...Chapter 20 System Settings AMG1302 T10A User s Guide 206 ...

Страница 207: ...empted access to blocked web sites Some categories such as System Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Logs A log is a message about an event that occurred on your Device For example when someone logs in to the Device you can set a schedule for how often logs should be enabled or sent...

Страница 208: ...table describes the fields in this screen Table 79 Maintenance Logs Log Settings LABEL DESCRIPTION System Log Log Type Select the types of logs that you want to display and record Then click Submit to display the details Clear Log Click this to delete all the logs Save Log Click this to save the logs in a text file Remote System Log Active Select to enable or disable remote system logging Remote H...

Страница 209: ...e router via ftp NAT Session Table is Full The maximum number of NAT session table entries has been exceeded and the table is full Starting Connectivity Monitor Starting Connectivity Monitor Time initialized by Daytime Server The router got the time and date from the Daytime server Time initialized by Time server The router got the time and date from the time server Time initialized by NTP server ...

Страница 210: ...e firewall allowed a triangle route session to pass through Packet without a NAT table entry blocked TCP UDP IGMP ESP GRE OSPF The router blocked a packet that didn t have a corresponding NAT table entry Router sent blocked web site message TCP The router sent a message to notify a user that the router blocked access to a web site that the user requested Table 83 TCP Reset Logs LOG MESSAGE DESCRIP...

Страница 211: ...ket Direction type d code d ICMP access matched the default policy and was blocked or forwarded according to the user s setting Firewall rule match ICMP Packet Direction rule d type d code d ICMP access matched or didn t match a firewall rule deed by its number and was blocked or forwarded according to the rule Triangle route packet forwarded ICMP The firewall allowed a triangle route session to p...

Страница 212: ... opening ppp LCP Closing The PPP connection s Link Control Protocol stage is closing ppp IPCP Closing The PPP connection s Internet Protocol Control Protocol stage is closing Table 88 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall Table 89 Content Filtering Logs LOG MESSAGE DESCRIPTION s block keyword The content of a requested web page matc...

Страница 213: ...ICMP vulnerability attack traceroute ICMP type d code d The firewall detected an ICMP traceroute attack Table 91 802 1X Logs LOG MESSAGE DESCRIPTION RADIUS accepts user A user was authenticated by the RADIUS Server RADIUS rejects user Pls check RADIUS Server A user was not authenticated by the RADIUS Server Please check the RADIUS Server User logout because of session timeout expired The router lo...

Страница 214: ...ble 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don t Fragment DF 5 Source route failed 4 Source Quench 0 A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route to the destination network 5 Redirect 0 Redirect datagrams for the Networ...

Страница 215: ...name if you haven t configured one when the router generates a syslog The facility is defined in the web MAIN MENU LOGS Log Settings page The severity is the log s syslog class The definition of messages and notes are defined in the various log charts throughout this appendix The devID is the last three characters of the MAC address of the router s LAN port The cat is the same as the category in t...

Страница 216: ...Chapter 21 Logs AMG1302 T10A User s Guide 216 ...

Страница 217: ... can download new firmware releases from your nearest ZyXEL FTP site or www zyxel com to use to upgrade your device s performance Only use firmware for your device s specific model Refer to the label on the bottom of your Device 22 1 1 What You Can Do in the Tool Screens Use t he Firmware Upgrade screen Section 22 2 on page 217 to upload firmware to your device Use t he Configuration screen Sectio...

Страница 218: ...gain Figure 115 Firmware Upload In Progress Table 96 Maintenance Tools Firmware LABEL DESCRIPTION Current Firmware Version This is the present Firmware version and the date created File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Click this to find the bin file you want to upload Remember that you must decompress compressed zip files bef...

Страница 219: ... two minutes log in again and check your new firmware version in the Status screen If the upload was not successful the following screen will appear Click Return to go back to the Firmware screen Figure 117 Error Message 22 3 The Configuration Screen Click Maintenance Tools Configuration Information related to factory defaults backup configuration and restoring configuration appears in this screen...

Страница 220: ...ile from your computer to your Device Do not turn off the Device while configuration file upload is in progress After you see a restore configuration successful screen you must then wait one minute before logging into the Device again Figure 119 Configuration Upload Successful The Device automatically restarts in this time causing a temporary network disconnect In some operating systems you may se...

Страница 221: ... Figure 121 Configuration Upload Error Reset to Factory Defaults Click the Reset button to clear all user entered configuration information and return the Device to its factory defaults The following warning screen appears Figure 122 Reset Warning Message Figure 123 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your Device Refer to ...

Страница 222: ...hapter 22 Tools AMG1302 T10A User s Guide 222 Click Maintenance Tools Restart Click Restart to have the Device reboot This does not affect the Device s configuration Figure 124 Maintenance Tools Restart ...

Страница 223: ... Can Do in the Diagnostic Screens Use t he General screen Section 23 2 on page 223 to ping an IP address Use t he DSL Line screen Section 23 3 on page 224 to view the DSL line statistics and reset the ADSL line 23 2 The General Screen Use this screen to ping an IP address Click Maintenance Diagnostic to open the screen shown next Figure 125 Maintenance Diagnostic General ...

Страница 224: ... line statistics and reset the ADSL line Click Maintenance Diagnostic DSL Line to open the screen shown next Figure 126 Maintenance Diagnostic DSL Line Table 98 Maintenance Diagnostic General LABEL DESCRIPTION TCP IP Address Type the IP address of a computer that you want to ping in order to test a connection Ping Click this to ping the IP address that you entered ...

Страница 225: ...tDiscards is the number of ATM cells sent that were rejected inF4Pkts is the number of ATM Operations Administration and Management OAM F4 cells that have been received See ITU recommendation I 610 for more on OAM for ATM outF4Pkts is the number of ATM OAM F4 cells that have been sent inF5Pkts is the number of ATM OAM F5 cells that have been received outF5Pkts is the number of ATM OAM F5 cells tha...

Страница 226: ... quality of the connection whether a given sub carrier loop has sufficient margins to support certain ADSL transmission rates and possibly to determine whether particular specific types of interference or line attenuation exist Refer to the ITU T G 992 1 recommendation for more information on DMT The better or shorter the line the higher the number of bits transmitted for a DMT tone The maximum nu...

Страница 227: ...ure you are using the power adaptor or cord included with the Device 3 Make sure the power adaptor or cord is connected to the Device and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the Device off and on 5 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED See...

Страница 228: ... does not work you have to reset the device to its factory defaults See Section 1 7 on page 19 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 7 2 on page 86 use the new IP address If you changed the IP address and have forgotten it see the troubleshooting su...

Страница 229: ... or ask the person who is logged in to log out 3 Turn the Device off and on 4 If this does not work you have to reset the device to its factory defaults See Section 24 1 on page 227 I cannot Telnet to the Device See the troubleshooting suggestions for I cannot see or access the Login screen in the web configurator Ignore the suggestions about your browser I cannot use FTP to upload download the co...

Страница 230: ... page 18 2 Turn the Device off and on 3 If the problem continues contact your ISP The Internet connection is slow or intermittent 1 There might be a lot of traffic on the network Look at the LEDs and check Section 1 6 on page 18 If the Device is sending or receiving a lot of information try closing some programs that use the Internet especially peer to peer applications 2 Check the signal strength...

Страница 231: ...P application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP addresses that place the...

Страница 232: ...ft from the list of manufacturers 4 Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks 1 Click Add 2 Select Client and then click Add 3 Select Microsoft from the list of manufacturers 4 Select Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer so the changes you made take effect Configur...

Страница 233: ... IP Address 3 Click the DNS Configuration tab If you do not know your DNS information select Disable DNS If you know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in Figure 129 Windows 95 98 Me TCP IP Properties DNS Configuration 4 Click the Gateway tab ...

Страница 234: ...on your Device and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default gateway Windows 2000 NT XP The following example figures use the default Windows XP GUI theme 1 Click start Start i...

Страница 235: ...s Guide 235 Figure 131 Windows XP Control Panel 3 Right click Local Area Connection and then click Properties Figure 132 Windows XP Control Panel Network Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties ...

Страница 236: ... Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields Click Advanced Figure 134 Windows XP Internet Protocol TCP IP Properties ...

Страница 237: ...TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Automatic metric check box and type a metric in Metric Click Add Repeat the previous three steps for each default gateway you want to add Click OK when finished Figure 135 Windows XP Advanced TCP IP Properties 7 In the Internet Protocol TCP I...

Страница 238: ... Connections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Windo...

Страница 239: ...7 Windows Vista Start Menu 2 In the Control Panel double click Network and Internet Figure 138 Windows Vista Control Panel 3 Click Network and Sharing Center Figure 139 Windows Vista Network And Internet 4 Click Manage network connections Figure 140 Windows Vista Network and Sharing Center ...

Страница 240: ... displays a screen saying that it needs your permission to continue Figure 141 Windows Vista Network and Sharing Center 6 Select Internet Protocol Version 4 TCP IPv4 and click Properties Figure 142 Windows Vista Local Area Connection Properties 7 The Internet Protocol Version 4 TCP IPv4 Properties window opens the General tab If you have a dynamic IP address click Obtain an IP address automaticall...

Страница 241: ... configure additional IP addresses In t he IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of the...

Страница 242: ...perties window the General tab Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them ...

Страница 243: ...erties window 12 Close the Network Connections window 13 Turn on your Device and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Macintosh OS 8 9 1 Cli...

Страница 244: ...uide 244 Figure 146 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 147 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server from the Configure list 4 For statically assigned settings do the following ...

Страница 245: ...ve changes to your configuration 7 Turn on your Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu and click System Preferences to open the System Preferences window Figure 148 Macintosh OS X Apple Menu 2 Click Network in the icon bar Select Automatic from the Location list Select Bui...

Страница 246: ...ox Type the IP address of your Device in the Router address box 5 Click Apply Now and close the window 6 Turn on your Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the Network window Linux This section shows you how to configure your computer s TCP IP settings in Red Hat Linux 9 0 Procedure screens and file location may vary depending on your Linux...

Страница 247: ...iguration Devices 2 Double click on the profile of the network card you wish to configure The Ethernet Device General screen displays as shown Figure 151 Red Hat 9 0 KDE Ethernet Device General If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list If you have a static IP address click Statically set IP Addresses and fill in the...

Страница 248: ...all screens Figure 153 Red Hat 9 0 KDE Network Configuration Activate 7 After the network card restart proc ess is complete make sure the Status is Active in the Network Configuration screen Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address 1 Assuming that you have only one network card on the computer locate the ifconfig eth0...

Страница 249: ...ws an example where two DNS server IP addresses are specified Figure 156 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configuration files you must restart the network card Enter network restart in the etc rc d init d directory The following figure shows an example Figure 157 Red Hat 9 0 Restart Ethernet Card Verifying Settings Enter ifconfig in a terminal screen to check y...

Страница 250: ...hernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717 errors 0 dropped 0 overruns 0 frame 0 TX packets 13 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 100 RX bytes 730412 713 2 Kb TX bytes 1570 1 5 Kb Interrupt 10 Base address 0x1000 root localhost ...

Страница 251: ...share a common street name the hosts on a n etwork share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered Structure An IP address is made up of fou...

Страница 252: ...n the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Subnet masks can be referred t...

Страница 253: ...s number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks using both nota...

Страница 254: ...ollowing figure shows the company network before subnetting Figure 160 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following figur...

Страница 255: ...68 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving...

Страница 256: ...R LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 107 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 192 IP Address Binary 11000000 1...

Страница 257: ...gned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the Device Table 109 24 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255...

Страница 258: ...P addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organizati...

Страница 259: ...ing to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 162 Pop up Blocker You can also check if pop up blocking is disabled in the Pop up Blocker...

Страница 260: ... Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab 2 Select Settings to open the Pop up Blocker Settings screen ...

Страница 261: ...uide 261 Figure 164 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to move the IP address to the list of Allowed sites Figure 165 Pop up Blocker Settings ...

Страница 262: ...splay properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 166 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default 6 Cl...

Страница 263: ...e 167 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected 5 Click OK to close the window ...

Страница 264: ...302 T10A User s Guide 264 Figure 168 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Click OK to close the window Figure 169 Java Sun ...

Страница 265: ...sed here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Click Tools then click Options in the screen that appears Figure 170 Mozilla Firefox Tools Options Click Content to show the screen below Select the check boxes as shown in the following screen Figure 171 Mozilla Firefox Content Security ...

Страница 266: ...Appendix C Pop up Windows JavaScripts and Java Permissions AMG1302 T10A User s Guide 266 ...

Страница 267: ...ependent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 172 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point AP Intra BSS traffic is t...

Страница 268: ...wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless clients within the ...

Страница 269: ...rtially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not with...

Страница 270: ...equest To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead involved in the RTS Request To Send CTS Clear to Send handshake If the RTS CTS value is greater than the Fragmentation Threshold value see next then the RTS Request To Send CTS Clear to ...

Страница 271: ...e Note The wireless devices MUST use the same preamble mode in order to communicate IEEE 802 11g Wireless LAN IEEE 802 11g is fully compatible with the IEEE 802 11b standard This means an IEEE 802 11b adapter can interface directly with an IEEE 802 11g access point and vice versa at 11 Mbps or lower depending on range IEEE 802 11g has several intermediate rate steps between the maximum and minimum...

Страница 272: ... profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the server is th...

Страница 273: ...network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauthorized access Types of EAP Authentication This section discusses some popular authentication types EAP MD5 EAP TLS EAP TTLS PEAP and LE...

Страница 274: ... makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the serv...

Страница 275: ...ires a single identical password entered into each access point wireless gateway and wireless client As long as the passwords match a wi reless client will be granted access to a WLAN If the AP or the wireless clients do not support WPA2 just use WPA or WPA PSK depending on whether you have an external RADIUS server or not Select WEP only when the AP and or wireless clients do not support WPA or W...

Страница 276: ...common password approach makes WPA 2 PSK susceptible to brute force password guessing attacks but it s still an improvement over WEP as it employs a consistent single alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys This prevent all wireless devices sharing the same encryption keys a weakness of WEP User Authentication WPA and WPA2 apply IEEE 802 1x a...

Страница 277: ...RADIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients Figure 176 WPA 2 with RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as f...

Страница 278: ...a couples RF signals onto air A transmitter within a wireless device sends an RF signal to the antenna which propagates the signal through the air The antenna also operates in reverse by capturing RF signals from the air Positioning the antennas properly increases the range and coverage area of a wireless LAN Table 114 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROTOC...

Страница 279: ...re two types of antennas used for wireless LAN applications Omni directional antennas send the RF signal out in all directions on a horizontal plane The coverage area is torus shaped like a donut which makes these antennas ideal for a room environment With a wide coverage area it is possible to make circular overlapping coverage areas with multiple access points Directional antennas concentrate th...

Страница 280: ...Appendix D Wireless LANs AMG1302 T10A User s Guide 280 ...

Страница 281: ... 0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length ...

Страница 282: ...sts in a multicast group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 116 Predefined Multicast Address MULTICAST ADDRESS D...

Страница 283: ... byte of the MAC address See the following example Stateless Autoconfiguration With stateless autoconfiguration in IPv6 addresses can be uniquely and automatically generated Unlike DHCPv6 Dynamic Host Configuration Protocol version six which is used in IPv6 stateful autoconfiguration the owner and status of addresses don t need to be maintained by a DHCP server Every IPv6 device is able to generat...

Страница 284: ...ach IA holds one type of address IA_NA means an identity association for non temporary addresses and IA_TA is an identity association for tempor ary addresses An IA_NA option contains the T1 and T2 fields but an IA_TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_NA before the lif...

Страница 285: ...encountered in packet processing and perform other diagnostic functions such as ping Multicast Listener Discovery The Multicast Listener Discovery MLD protocol defined in RFC 2710 is derived from IPv4 s Internet Group Management Protocol version 2 IGMPv2 MLD uses ICMPv6 message types rather than IGMP message types MLDv1 is equivalent to IGMPv2 and MLDv2 is equivalent to IGMPv3 MLD allows an IPv6 s...

Страница 286: ...4 network Figure 178 Configured Tunnel Example 6to4 Tunnel A 6to4 tunnel is an automatic tunnelling mechanism that provides connection between IPv6 networks across an IPv4 network To transmit IPv6 packets over an IPv4 network the IPv6 packets are encapsulated inside IPv4 packets The following figure shows a network example Figure 179 6to4 Relay Router Network Example In a 6to4 tunnel 6to4 routers ...

Страница 287: ...ter Example Enabling DHCPv6 on Windows XP Windows XP does not support DHCPv6 If your network uses DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 clie...

Страница 288: ... Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 checkbox to enable it 3 Click OK to save the change ...

Страница 289: ...r dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 16 100...

Страница 290: ...Appendix E IPv6 AMG1302 T10A User s Guide 290 ...

Страница 291: ...e of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If t he Protocol is TCP UDP or TCP UDP this is the IP port number If t he Protocol is USER this is the IP protocol number Description This is a brief explanation...

Страница 292: ...l a program to enable fast transfer of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used in e commerce ICMP User Defined 1 Internet Control Message Protocol is often used for diagnostic purposes I...

Страница 293: ...GRE User Defined 47 PPTP Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the data channel RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login ROADRUNNER TCP UDP 1026 This is an ISP that pro vides services mainly for...

Страница 294: ...1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host s...

Страница 295: ...ice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners Certifications Federal Communications Commission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the follow...

Страница 296: ...or 802 11g operation of this product in the U S A is firmware limited to channels 1 through 11 To comply with FCC RF exposure compliance requirements a separation distance of at least 20 cm must be maintained between the antenna of this device and all persons 注意依據低功率電波輻射性電機管理辦法第十二條經型式認證合格之低功率射頻電機非經許可公司商號或使用者均不得擅自變更頻率加大功率或變更原設計之特性及功能第十四條低功率射頻電機之使用不得影響飛航安全及干擾合法通信經發現有干擾現象時應立即停用並改善至無干擾時...

Страница 297: ...fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact ZyXEL s Service Center for your Return Material Authorization number RMA Products must be returned Postage Prepaid It is recommended that the unit be insured when shipped Any returned products without proof...

Страница 298: ... You have no ownership rights in the Software Rather you have a license to use the Software as long as this License Agreement remains in full force and effect Ownership of the Software Documentation and all intellectual property rights therein shall remain at all times with ZyXEL Any other use of the Software by any other entity is strictly forbidden and is a violation of this License Agreement 3 ...

Страница 299: ...No Warranty THE SOFTWARE IS PROVIDED AS IS TO THE MAXIMUM EXTENT PERMITTED BY LAW ZyXEL DISCLAIMS ALL WARRANTIES OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT ZyXEL DOES NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET ANY REQUIREMENTS OR NEEDS YOU MAY HAVE OR TH...

Страница 300: ...entiality proprietary rights and non disclosure shall survive the termination of this Software License Agreement 11 General This License Agreement shall be construed interpreted and governed by the laws of Republic of China without regard to conflicts of laws provisions thereof The exclusive forum for any disputes arising out of or relating to this License Agreement shall be an appropriate court o...

Страница 301: ... to change without notice Companies names and data used in examples herein are fictitious unless otherwise noted No part may be reproduced or transmitted in any form or by any means electronic or mechanical for any purpose except the express written permission of ZyXEL Communications Corporation ...

Страница 302: ... receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you know you can do these things To protect your rights we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the sof...

Страница 303: ... distribute such modifications or work under the terms of Section 1 above provided that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be l...

Страница 304: ...es the executable If distribution of executable or object code is made by offering access to copy from a designated place then offering equivalent access to copy the source code from the same place counts as distribution of the source code even though third parties are not compelled to copy the source along with the object code 4 You may not copy modify sublicense or distribute the Program except ...

Страница 305: ...eral Public License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new problems or concerns Each version is given a distinguishing version number If the Program specifies a version number of this License which applies to it and any later version you have the option of following the terms and conditions either of that version...

Страница 306: ...e your freedom to share and change free software to make sure the software is free for all its users This license the Lesser General Public License applies to some specially designated software packages typically libraries of the Free Software Foundation and other authors who decide to use it You can use it too but we suggest you first think carefully about whether this license or the ordinary Gen...

Страница 307: ...he combination of the two is legally speaking a combined work a derivative of the original library The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom The Lesser General Public License permits more lax criteria for linking other code with the library We call this license the Lesser General Public License because it does Les...

Страница 308: ...opriately publish on each copy an appropriate copyright notice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and distribute a copy of this License along with the Library You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify yo...

Страница 309: ...ny portion of the Library but is designed to work with the Library by being compiled or linked with it is called a work that uses the Library Such a work in isolation is not a derivative work of the Library and therefore falls outside the scope of this License However linking a work that uses the Library with the Library creates an executable that is a derivative of the Library because it contains...

Страница 310: ...equirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system Such a contradiction means you cannot use both them and the Library together in an executable that you distribute 7 You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities not covered...

Страница 311: ...nse may add an explicit geographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if written in the body of this License 13 The Free Software Foundation may publish revised and or new versions of the Lesser General Public License from time to time Such new ve...

Страница 312: ...u link the application to a modified version of Mini XML then the changes to Mini XML must be provided under the terms of the LGPL in sections 1 2 and 2 You do not have to provide a copy of the Mini XML license with programs that are linked to the Mini XML library nor do you have to identify the Mini XML license in your program or documentation as required by section 6 of the LGPL This Product inc...

Страница 313: ...rights apply to this package listed in various separate parts below Please make sure that you read all the parts Part 1 CMU UCD copyright notice BSD like Copyright 1989 1991 1992 by Carnegie Mellon University Derivative Work 1996 1998 2000 Copyright 1996 1998 2000 The Regents of the University of California All Rights Reserved Permission to use copy modify and distribute this software and its docu...

Страница 314: ... c 2001 2003 Networks Associates Technology Inc All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright not...

Страница 315: ...distributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution The name of Cambridge Broadband Ltd may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER...

Страница 316: ...imer in the documentation and or other materials provided with the distribution Neither the name of the Sun Microsystems Inc nor the names of its contributors ma y be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NO...

Страница 317: ...re without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY O...

Страница 318: ...MPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS IN...

Страница 319: ...EORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY W AY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Part 8 Apple Inc copyright notice BSD Copyright c 2007 Apple Inc All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the follo...

Страница 320: ...tions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution Neither the name of ScienceLogic LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED ...

Страница 321: ...ca or 230V AC in Europe Do not allow anything to rest on the power adaptor or cord and do not place the product where anyone can walk on the power adaptor or cord Do not use the device if the power adaptor or cord is damaged as it might cause electrocution If the power adaptor or cord is damaged remove it from the device and the power source Do not attempt to repair the power adaptor or cord Conta...

Страница 322: ...Appendix G Legal InformationSafety Warnings AMG1302 T10A User s Guide 322 ...

Страница 323: ...279 omni directional 279 anti probing 142 AP access point 269 application filter 154 applications NAT 138 asymmetrical routes 143 Asynchronous Transfer Mode see ATM ATM 225 MBS 75 80 PCR 75 79 QoS 75 79 83 SCR 75 80 status 225 authentication 114 116 RADIUS server 116 WPA 104 B backup configuration 220 Basic Service Set See BSS 267 Basic Service Set see BSS broadcast 70 BSS 117 267 example 117 C CA...

Страница 324: ...omain Name System see DNS DoS 141 DSCP 172 DSL connections status 226 dynamic DNS 177 activation 178 wildcard 177 activation 178 Dynamic Host Configuration Protocol see DHCP dynamic WEP key exchange 274 DYNDNS wildcard 177 activation 178 E EAP Authentication 273 encapsulation 69 72 78 ENET ENCAP 80 PPPoA 81 PPPoE 80 RFC 1483 81 encryption 99 116 275 WEP 100 key 101 WPA 103 authentication 104 reaut...

Страница 325: ...dress see IGA Inside Local Address see ILA Internet Control Message Protocol see ICMP Internet Group Multicast Protocol see IGMP Internet Protocol version 6 see IPv6 IP address 70 72 78 81 85 94 default server 129 131 ping 223 private 95 IP alias 90 configuration 91 NAT applications 138 IP precedence 172 174 configuration 172 IP MAC filter 156 configuration 156 structure 153 IPv6 281 addressing 28...

Страница 326: ...onnection 73 78 82 NAT 78 127 136 137 257 activation 128 address mapping 133 rules 134 types 134 135 138 applications 138 IP alias 138 default server IP address 129 131 example 137 global 137 IGA 136 ILA 136 inside 136 local 137 outside 136 P2P 129 port forwarding 128 129 activation 132 configuration 130 example 130 rules 132 remote management 180 SIP ALG 135 activation 136 SUA 128 Network Address...

Страница 327: ...ion 2 remote management 179 DNS 185 FTP 182 ICMP 185 NAT 180 WWW 181 reset 19 221 restart 221 restoring configuration 220 RFC 1483 72 78 81 RIP 86 88 95 Routing Information Protocol see RIP RTS Request To Send 270 threshold 269 270 RTS threshold 104 114 rules port forwarding 132 S safety warnings 321 schedules wireless LAN 112 SCR 75 80 83 security network 150 wireless LAN 99 114 Service Set IDent...

Страница 328: ...204 T tagging frames 168 thresholds data fragment 104 114 RTS CTS 104 114 time 204 TR 069 15 trademarks 295 traffic shaping 82 example 83 triangle route 143 151 solutions 152 U UBR 75 79 84 unicast 70 Universal Plug and Play see UPnP upgrading firmware 217 UPnP 187 activation 188 cautions 187 example 189 installation 189 NAT traversal 187 URL 153 URL filter 154 URL 153 V VBR 83 VBR nRT 75 79 84 VB...

Страница 329: ...security 114 SSID 98 99 108 115 activation 107 status 29 WDS 110 118 compatibility 110 example 118 WEP 100 116 key 101 wizard 63 WPA 103 116 authentication 104 reauthentication 103 WPA PSK 102 116 pre shared key 102 WPS 108 118 121 activation 109 adding stations 110 example 122 limitations 124 PIN 109 110 119 push button 17 110 119 status 109 wireless security 271 Wireless tutorial 33 wizard 55 co...

Страница 330: ...Index AMG1302 T10A User s Guide 330 example 122 limitations 124 PIN 109 110 119 example 121 push button 17 110 119 status 109 ...

Страница 331: ...Index AMG1302 T10A User s Guide 331 ...

Страница 332: ...Index AMG1302 T10A User s Guide 332 ...

Результаты поиска

Содержание AMG1302-T10A

Отзывы:

Похожие инструкции для AMG1302-T10A

Бренды по названию

Популярные бренды

ZyXEL Communications AMG1302-T10A, Руководство пользователя

Результаты поиска

Содержание AMG1302-T10A

Отзывы:

Похожие инструкции для AMG1302-T10A

Бренды по названию

Популярные бренды