manualshive.com logo in svg

ZyXEL Communications AMG1202-T series, User Manual

The ZyXEL Communications AMG1202-T series is a comprehensive networking solution featuring high-speed internet connectivity. Easily get started with the Quick Start Manual, available for free download on our website. This user-friendly manual serves as a handy guide for effortlessly setting up and optimizing your device's performance.

Share
Download
background image

Appendix D Wireless LANs

AMG1302/AMG1202-TSeries User’s Guide

288

EAP-MD5 (Message-Digest Algorithm 5)

MD5 authentication is the simplest one-way authentication method. The authentication server 
sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by 
encrypting the password with the challenge and sends back the information. Password is not sent in 
plain text. 

However, MD5 authentication has some weaknesses. Since the authentication server needs to get 
the plaintext passwords, the passwords must be stored. Thus someone other than the 
authentication server may access the password file. In addition, it is possible to impersonate an 
authentication server as MD5 authentication method does not perform mutual authentication. 
Finally, MD5 authentication method does not support data encryption with dynamic session key. You 
must configure WEP encryption keys for data encryption. 

EAP-TLS (Transport Layer Security)

With EAP-TLS, digital certifications are needed by both the server and the wireless clients for 
mutual authentication. The server presents a certificate to the client. After validating the identity of 
the server, the client sends a different certificate to the server. The exchange of certificates is done 
in the open before a secured tunnel is created. This makes user identity vulnerable to passive 
attacks. A digital certificate is an electronic ID card that authenticates the sender’s identity. 
However, to implement EAP-TLS, you need a Certificate Authority (CA) to handle certificates, which 
imposes a management overhead. 

EAP-TTLS (Tunneled Transport Layer Service) 

EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server-
side authentications to establish a secure connection. Client authentication is then done by sending 
username and password through the secure connection, thus client identity is protected. For client 
authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, 
CHAP, MS-CHAP and MS-CHAP v2. 

PEAP (Protected EAP)   

Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then 
use simple username and password methods through the secured connection to authenticate the 
clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, 
EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is 
implemented only by Cisco.

LEAP

LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. 

Dynamic WEP Key Exchange

The AP maps a unique key that is generated with the RADIUS server. This key expires when the 
wireless connection times out, disconnects or reauthentication times out. A new WEP key is 
generated each time reauthentication is performed.

Summary of Contents for AMG1202-T series

Page 1: ... N ADSL2 4 port Gateway AMG1202 TSeries Wireless N lite ADSL2 4 port Gateway Version 2 00 AAJC 0 Edition 2 5 2013 Copyright 2013 ZyXEL Communications Corporation User s Guide Default Login Details LAN IP Address http 192 168 1 1 User Name admin Password 1234 ...

Page 2: ...in this book may differ slightly from the product due to differences in operating systems operating system versions or if you installed updated firmware software for your device Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the AMG1302 AMG1202 TSeries and access the Web Configu...

Page 3: ...d System Info Screens 67 Broadband 73 Wireless LAN 91 Home Networking 121 Static Route 135 Quality of Service QoS 139 Network Address Translation NAT 151 Port Binding 161 Dynamic DNS Setup 165 Filters 167 Firewall 173 Parental Control 191 Certificate 195 Logs 201 Traffic Status 203 User Account 207 TR 069 Client 209 System Settings 213 Firmware Upgrade 217 Backup Restore 219 Remote Management 223 ...

Page 4: ...Contents Overview AMG1302 AMG1202 TSeries User s Guide 4 ...

Page 5: ...1 4 2 Wireless Access 16 1 5 General Hardware Features 17 1 6 Using the WPS Button 18 1 7 The RESET Button 19 1 7 1 Using the Reset Button 19 1 8 Ways to Manage the AMG1302 AMG1202 TSeries 19 Chapter 2 Introducing the Web Configurator 21 2 1 Overview 21 2 1 1 Accessing the Web Configurator 21 2 2 The Web Configurator Layout 23 2 2 1 Title Bar 24 2 2 2 Main Window 25 2 2 3 Navigation Panel 25 Chapt...

Page 6: ...ing Port Binding 58 4 10 Configuring QoS to Prioritize Traffic 59 4 11 Access the AMG1302 AMG1202 TSeries from the Internet Using DDNS 62 4 11 1 Registering a DDNS Account on www dyndns org 62 4 11 2 Configuring DDNS on Your AMG1302 AMG1202 TSeries 63 4 11 3 Testing the DDNS Setting 63 Part II Technical Reference 65 Chapter 5 Connection Status and System Info Screens 67 5 1 Overview 67 5 2 The Con...

Page 7: ...entication 96 7 3 The More AP Screen 98 7 3 1 More AP Edit 98 7 4 The MAC Authentication Screen 100 7 5 The WPS Screen 101 7 6 The WDS Screen 103 7 7 The WMM Screen 104 7 8 The Scheduling Screen 105 7 9 The Advanced Screen 106 7 10 Wireless LAN Technical Reference 107 7 10 1 Wireless Network Overview 107 7 10 2 Additional Wireless Terms 109 7 10 3 Wireless Security Overview 109 7 10 4 Signal Probl...

Page 8: ...tic Route Screen 136 9 2 1 Static Route Add Edit 136 9 3 IPv6 Static Route 137 9 3 1 IPv6 Static Route Edit 138 Chapter 10 Quality of Service QoS 139 10 1 Overview 139 10 1 1 What You Can Do in the QoS Screens 139 10 1 2 What You Need to Know About QoS 140 10 2 The Quality of Service General Screen 140 10 3 The Queue Screen 141 10 3 1 Adding a QoS Queue 142 10 4 The Class Setup Screen 143 10 4 1 C...

Page 9: ...e Port Binding General Screen 162 12 3 The Port Binding Screen 162 12 3 1 Port Binding Summary Screen 163 Chapter 13 Dynamic DNS Setup 165 13 1 Overview 165 13 1 1 What You Can Do in the DDNS Screen 165 13 1 2 What You Need To Know About DDNS 165 13 2 The Dynamic DNS Screen 165 Chapter 14 Filters 167 14 1 Overview 167 14 1 1 What You Can Do in the Filter Screens 167 14 1 2 What You Need to Know Ab...

Page 10: ... Parental Control 191 16 1 Overview 191 16 2 The Parental Control Screen 191 16 2 1 Add Edit Parental Control Rule 192 Chapter 17 Certificate 195 17 1 Overview 195 17 1 1 What You Can Do in this Chapter 195 17 2 What You Need to Know 195 17 3 Local Certificates 195 17 4 The Trusted CA Screen 197 17 5 Trusted CA Import 197 17 6 View Certificate 198 Chapter 18 Logs 201 18 1 Overview 201 18 1 1 What ...

Page 11: ...Upgrade 217 23 1 Overview 217 23 2 The Firmware Screen 217 Chapter 24 Backup Restore 219 24 1 Overview 219 24 2 The Backup Restore Screen 219 24 3 The Reboot Screen 221 Chapter 25 Remote Management 223 25 1 Overview 223 25 1 1 What You Can Do in the Remote Management Screens 223 25 1 2 What You Need to Know About Remote Management 224 25 2 The WWW Screen 224 25 2 1 Configuring the WWW Screen 224 2...

Page 12: ...r 27 Troubleshooting 239 27 1 Power Hardware Connections and LEDs 239 27 2 AMG1302 AMG1202 TSeries Access and Login 240 27 3 Internet Access 242 Appendix A Setting up Your Computer s IP Address 245 Appendix B IP Addresses and Subnetting 265 Appendix C Pop up Windows JavaScripts and Java Permissions 273 Appendix D Wireless LANs 281 Appendix E IPv6 295 Appendix F Services 305 Appendix G Legal Inform...

Page 13: ...13 PART I User s Guide ...

Page 14: ...14 ...

Page 15: ...ostly used for troubleshooting by service engineers FTP for firmware upgrades and configuration backup restore TR 069 This is an auto configuration server used to remotely configure your device 1 3 Good Habits for Managing the AMG1302 AMG1202 TSeries Do the following things regularly to make the AMG1302 AMG1202 TSeries more secure and to manage the AMG1302 AMG1202 TSeries more effectively Change t...

Page 16: ...e to your network are not allowed but you can safely browse the Internet and download files Use the filtering feature to block access to specific web sites or Internet applications such as MSN or Yahoo Messenger You can also configure IP MAC filtering rules for incoming or outgoing traffic Use QoS to efficiently manage traffic on your network by giving priority to certain types of traffic and or t...

Page 17: ...er and ready for use Blinking The AMG1302 AMG1202 TSeries is self testing Red On The AMG1302 AMG1202 TSeries detected an error while self testing or there is a device malfunction Off The AMG1302 AMG1202 TSeries is not receiving power Ethernet 1 4 Green On The AMG1302 AMG1202 TSeries has an Ethernet connection with a device on the Local Area Network LAN Blinking The AMG1302 AMG1202 TSeries is sendi...

Page 18: ...activated Blinking The AMG1302 AMG1202 TSeries is communicating with other wireless clients Green Blinking The AMG1302 AMG1202 TSeries is setting up a WPS connection Off The wireless network is not activated DSL Green On The DSL line is up Blinking The AMG1302 AMG1202 TSeries is initializing the DSL line Off The DSL line is down INTERNET Green On The AMG1302 AMG1202 TSeries has an IP connection bu...

Page 19: ...g the Reset Button 1 Make sure the POWER LED is on not blinking 2 To set the device back to the factory default settings press the RESET button for ten seconds or until the POWER LED begins to blink and then release it When the POWER LED begins to blink the defaults have been restored and the device restarts 1 8 Ways to Manage the AMG1302 AMG1202 TSeries Use any of the following methods to manage ...

Page 20: ...Chapter 1 Introduction AMG1302 AMG1202 TSeries User s Guide 20 ...

Page 21: ... up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default See Appendix C on page 273 if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Configurator 1 Make sure your AMG1302 AMG1202 TSeries hardware is properly connected refer to the Quick St...

Page 22: ...ave not yet changed your password It is strongly recommended you change the default password Enter a new password retype it to confirm and click Apply alternatively click Skip to proceed to the Connection Status screen if you do not want to change the password now Figure 5 Change Password Screen 6 The Connection Status screen appears Figure 6 Connection Status 7 Click System Info to display the Sy...

Page 23: ...troducing the Web Configurator AMG1302 AMG1202 TSeries User s Guide 23 2 2 The Web Configurator Layout Click Connection Status System Info to show the following screen Figure 7 Web Configurator Layout Screen A B C ...

Page 24: ...eries User s Guide 24 As illustrated above the main screen is divided into these parts A title bar B main window C navigation panel 2 2 1 Title Bar The title bar shows the following icon in the upper right corner Click this icon to log out of the web configurator ...

Page 25: ...Status This screen shows the network status of the AMG1302 AMG1202 TSeries and computers devices connected to it Network Setting Broadband Internet Connection Use this screen to configure ISP parameters WAN IP address assignment DNS servers and other advanced properties More Connections Use this screen to configure additional WAN connections Wireless General Use this screen to turn the wireless co...

Page 26: ...ke your local servers visible to the outside world DMZ Use this screen to configure a default server which receives packets from ports that are not specified in the Port Forwarding screen Port Binding General Use this screen to activate deactivate port binding Port Binding Use this screen to configure and view port binding groups Dynamic DNS Dynamic DNS Use this screen to allow a static hostname a...

Page 27: ...R 069 Client TR 069 Client Use this screen to configure the AMG1302 AMG1202 TSeries to be managed by an Auto Configuration Server ACS System System Use this screen to configure management inactivity time out setting Time Time Setting Use this screen to change your AMG1302 AMG1202 TSeries s time and date Log Setting Log Setting Use this screen to select which logs and or immediate alerts your devic...

Page 28: ...Chapter 2 Introducing the Web Configurator AMG1302 AMG1202 TSeries User s Guide 28 ...

Page 29: ...given to you by your ISP Note See the advanced menu chapters for background information on these fields 3 2 Internet Wireless Wizard Setup 1 After you enter the password to access the web configurator click the Wizard icon in the top right corner of the web configurator to go to the Wizard 2 Click INTERNET WIRELESS SETUP to configure the system for Internet access and wireless connection ...

Page 30: ... Welcome Enter your Internet access information in the wizard screen exactly as your service provider gave it to you Leave the defaults in any fields for which you were not given information 4 Configure the field and click Next to continue See Section 3 2 on page 29 for wireless connection wizard setup Figure 9 Internet Access Wizard Setup IPoA Configuration ...

Page 31: ...ither VC based or LLC based VPI Enter the Virtual Path Identifier VPI assigned to you This field may already be configured VCI Enter the Virtual Channel Identifier VCI assigned to you This field may already be configured IP Address Enter the IP address of the AMG1302 AMG1202 TSeries Default Gateway Enter the default gateway of the ZyXEL Device Primary DNS Server Enter the primary DNS server IP add...

Page 32: ... to enter specific IP information from your Internet service provider Enter your Internet access information exactly as your service provider gave it to you IP Address Enter the IP address of the AMG1302 AMG1202 TSeries Subnet Mask Enter the subnet mask in dotted decimal notation Refer to the appendix to calculate a subnet mask if you are implementing subnetting Default Gateway You must specify a ...

Page 33: ... multiplexing method used by your ISP from the Multiplex drop down list box either VC based or LLC based VPI Enter the Virtual Path Identifier VPI assigned to you This field may already be configured VCI Enter the Virtual Channel Identifier VCI assigned to you This field may already be configured IP Address Enter the IP address of the AMG1302 AMG1202 TSeries Primary DNS Server Enter the primary DN...

Page 34: ... method used by your ISP from the Multiplex drop down list box either VC based or LLC based VPI Enter the Virtual Path Identifier VPI assigned to you This field may already be configured VCI Enter the Virtual Channel Identifier VCI assigned to you This field may already be configured Select Yes to enter specific IP information from your Internet service provider Enter your Internet access informat...

Page 35: ... Wireless Network Name SSID Enter a descriptive name up to 32 printable 7 bit ASCII characters for the wireless LAN If you change this field on the AMG1302 AMG1202 TSeries make sure all wireless stations use the same SSID in order to access the network Channel Selection The range of radio frequencies used by IEEE 802 11b g wireless devices is called a channel Select a channel ID that is not alread...

Page 36: ...plied Click Close to complete the Internet Wireless setup Figure 14 Results Summary 8 Launch your web browser and navigate to www zyxel com Internet access is just the beginning Refer to the rest of this guide for more detailed information on the complete range of AMG1302 AMG1202 TSeries features If you cannot access the Internet open the web configurator again to confirm that the Internet setting...

Page 37: ...Internet Using DDNS see page 62 4 2 Setting Up Your DSL Connection This tutorial shows you how to set up your Internet connection using the web configurator If you connect to the Internet through a DSL connection use the information from your Internet Service Provider ISP to configure the AMG1302 AMG1202 TSeries Do the following steps 1 Connect the AMG1302 AMG1202 TSeries properly Refer to the Qui...

Page 38: ...mation General Mode Router Encapsulation PPPoE User Name 1234 DSL Ex com Password ABCDEF Service Name My DSL Multiplex LLC IPv6 IPv4 Dual Stack Enabled PPP Authentication Auto VPI 0 VCI 33 Others IP Address Obtain IP Address Automatically DNS Server Obtained From ISP IPv6 Address Obtain IPv6 Address Automatically DHCP IPv6 DHCP DHCP PD Enable WAN Identifier Type EUI64 ...

Page 39: ...o Network Setting Broadband enter or select these values and click Apply This completes your DSL WAN connection setting 4 3 IPv6 Address Configuration If the ISP s network supports IPv6 the ISP may assign an IPv6 address to the AMG1302 AMG1202 TSeries automatically ...

Page 40: ...nternet In this wireless network the AMG1302 AMG1202 TSeries serves as an access point AP and the notebook is the wireless client The wireless client can access the Internet through the AP Thomas has to configure the wireless network settings on the AMG1302 AMG1202 TSeries Then he can set up a wireless network using WPS Section 4 4 2 on page 41 or manual configuration Section 4 4 3 on page 45 4 4 ...

Page 41: ...to establish a wireless connection between his notebook and the AMG1302 AMG1202 TSeries see Section 4 4 2 on page 41 He can also use the notebook s wireless client to search for the AMG1302 AMG1202 TSeries see Section 4 4 3 on page 45 4 4 2 Using WPS This section shows you how to set up a wireless network using WPS WPS is a way to automatically set up a secure wireless network connection between a...

Page 42: ... signal 2 Make sure that you have installed the wireless client driver and utility in your notebook 3 Make sure wireless LAN is enabled and the wireless security mode is set to WPA PSK2 or No Security in the Network Setting Wireless General screen 4 In the wireless client utility go to the WPS setting page Enable WPS and press the WPS button Start or WPS button 5 Push and hold the WPS button on th...

Page 43: ... you use the PIN configuration method you need to use both the AMG1302 AMG1202 TSeries s web config ur at or and the wireless client s utility 1 Launch your wireless client s configuration utility Go to the WPS settings and select the PIN method to get a PIN number 2 Enter the PIN number in the PIN section in the Network Setting Wireless WPS screen on the AMG1302 AMG1202 TSeries Wireless Client Th...

Page 44: ...n within two minutes The AMG1302 AMG1202 TSeries authenticates the wireless client and sends the proper configuration settings to the wireless client This may take up to two minutes The wireless client is then able to communicate with the AMG1302 AMG1202 TSeries securely The following figure shows you how to set up a wireless network and its security on a AMG1302 AMG1202 TSeries and a wireless cli...

Page 45: ...scribes how to connect wirelessly to your AMG1302 AMG1202 TSeries The connection procedure is shown here using Windows XP as an example 1 Right click the wireless adapter icon which appears in the bottom right of your computer monitor Click View Available Wireless Networks Authentication by PIN SECURITY INFO WITHIN 2 MINUTES Wireless Client The Device COMMUNICATION ...

Page 46: ...The SSID SecureWirelessNetwork is given here as an example Tutorial Status 3 You are prompted to enter a password Enter it and click Connect Tutorial Status 4 You may have to wait several minutes while your computer connects to the wireless network 5 You should now be securely connected wirelessly to the AMG1302 AMG1202 TSeries Tutorial Status A ...

Page 47: ...able 4 5 Configuring the MAC Address Filter for Restricting Wireless Internet Access Thomas noticed that his daughter Josephine spends too much time surfing the web and downloading media files He decided to prevent Josephine from accessing the Internet so that she can concentrate on preparing for her final exams Josephine s computer connects wirelessly to the Internet through the AMG1302 AMG1202 T...

Page 48: ...essly through the AMG1302 AMG1202 TSeries 4 6 Setting Up NAT Forwarding for a Game Server Thomas manages a Doom server on a computer behind the AMG1302 AMG1202 TSeries In order for players on the Internet like A in the figure below coming through the default WAN connection PVC0 to communicate with the Doom server Thomas can use port forwarding C ipconfig all Ethernet adapter Wireless Network Conne...

Page 49: ...om server computer which has an IP address of 192 168 1 34 Thomas may set up the port settings by configuring the port settings for the Doom server computer see Section 11 3 on page 153 for more information 1 Activate NAT in the Network Setting NAT General screen Click Apply 2 Click Network Setting NAT Port Forwarding Select PVC0 as the WAN interface and click Add new rule 3 Configure the screen w...

Page 50: ...er 4 7 Configuring Firewall Rules to Allow a Specified Service By default the firewall will block traffic originating from the WAN 1 However if you are running a server or other service you may need to allow access from the WAN 2 The following tutorial will show how to allow traffic from WAN to LAN if it matches a specified port number Service Name Select User Define Start End Ports Enter 666 as t...

Page 51: ...e Rules tab In the Packet Direction field select WAN to LAN and click Add Tutorial Advanced QoS Queue Setup 3 The Add New Firewall Rule screen will appear Click the Edit Customized Services button to access the following screen Click Add and configure the following settings In this tutorial a hypothetical port 123 is allowed Click OK WAN LAN 1 2 A Service Name My_Service Service Type TCP Port Numb...

Page 52: ...202 TSeries User s Guide 52 Tutorial Advanced QoS Queue Setup 4 In the Add New Firewall Rule screen select Active In the Available Services field select the service you configured My_Service Click OK Tutorial Advanced QoS Queue Setup ...

Page 53: ... to configure a static routing rule for two network routings In the following figure router R is connected to the AMG1302 AMG1202 TSeries s LAN R connects to two networks N1 192 168 1 x 24 and N2 192 168 10 x 24 If you want to send traffic from computer A in N1 network to computer B in N2 network the traffic is sent to the AMG1302 AMG1202 TSeries s WAN default gateway by default In this case B wil...

Page 54: ...Static Route screen 4 Configure the Static Route Setup screen using the following settings 4a Type 192 168 10 0 and subnet mask 255 255 255 0 for the destination N2 4b Type 192 168 1 253 R s N1 address in the Gateway IP Address field 4c Enter 1 in the Metric field Table 8 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The AMG1302 AMG1202 TSeries s WAN 172 16 1 1 The AMG1302 AMG1202 TSerie...

Page 55: ...S settings are also configured for another WAN PVC for non time sensitive data traffic 4 9 1 Configuring ATM QoS for Multiple WAN Connections This example shows an application for multiple WAN connections with different ATM QoS Settings More than one WAN connection on the AMG1302 AMG1202 TSeries may be configured to record traffic statistics or calculate service charges Three WAN connections are c...

Page 56: ...Chapter 4 Tutorials AMG1302 AMG1202 TSeries User s Guide 56 To configure bandwidth for the data connection select UBR with PCR in the ATM QoS Type field Click Apply E X A M P L E ...

Page 57: ...e as 943 divide the bandwidth 400000 bps by 424 Click Apply to save the settings To configure variable bandwidth of 2 Mbps for MOD data connection select Realtime VBR in the ATM QoS Type field Set the Peak Cell Rate as 4717 divide the bandwidth 2mbps by 424 and set both the Sustain Cell Rate and Maximum Burst Size as 4716 which is less than the peak cell rate Click Apply to save the settings ...

Page 58: ...LANs so traffic from these ports is forwarded through specific WAN PVCs In the configuration shown below the WAN connections set up in the previous section are bound as follows 1 Access the port binding screen by clicking Network Setting Port Binding and select Activated Port Binding to turn on the port binding feature 2 Click the Port Binding tab specify the Group Index and select the ports to in...

Page 59: ...our colleagues use the Internet for research as well as chat applications for communicating with other branch offices In the following figure you want to configure QoS so that e mail traffic gets the highest priority You can do the following Configure a queue to assign the highest priority queue 1 to e mail traffic from the LAN interface so that e mail traffic would not get delayed when there is n...

Page 60: ...elect Active and give it a name Queue1 in this example Select WAN in the Interface field and 1 in the Priority and Weight fields Then click OK Tutorial Advanced QoS Queue Setup 4 Go to Network Setting QoS Class Setup and click Add new Classifier 5 Select Active and follow the settings as shown in the screen below Then click OK Note that you have to select TCP in the IP Protocol field first then yo...

Page 61: ...Chapter 4 Tutorials AMG1302 AMG1202 TSeries User s Guide 61 Tutorial Advanced QoS Class Setup ...

Page 62: ...se this feature you have to apply for DDNS service at www dyndns org This tutorial shows you how to Registering a DDNS Account on www dyndns org Configuring DDNS on Your AMG1302 AMG1202 TSeries Testing the DDNS Setting Note If you have a private WAN IP address then you cannot use DDNS 4 11 1 Registering a DDNS Account on www dyndns org 1 Open a browser and type http www dyndns org Interface Select...

Page 63: ...count and host name on the AMG1302 AMG1202 TSeries later 4 11 2 Configuring DDNS on Your AMG1302 AMG1202 TSeries Configure the following settings in the Network Setting Dynamic DNS screen Select Active Dynamic DNS Select www dyndns org in the Service Provider field Type zyxelrouter dyndns org in the Host Name field Enter the user name UserName1 and password 12345 Click Apply 4 11 3 Testing the DDN...

Page 64: ...Chapter 4 Tutorials AMG1302 AMG1202 TSeries User s Guide 64 ...

Page 65: ...65 PART II Technical Reference ...

Page 66: ...66 ...

Page 67: ...een to look at the current status of the device system resources and interfaces LAN WAN WLAN 5 2 The Connection Status Screen Use this screen to view the network connection status of the device and its clients A warning message appears if there is a connection problem If you prefer to view the status in a list click List View in the Viewing mode selection box You can configure how often you want t...

Page 68: ...View In Icon View if you want to view information about a client click the client s name and then click on Info In List View you can also view the client s information 5 3 The System Info Screen Click Connection Status System Info to open this screen Figure 17 System Info Screen Each field is described in the following table ...

Page 69: ...cable Primary Secondary DNS This is the primary secondary DNS server IP address assigned to the AMG1302 AMG1202 TSeries IPv6 Global IP This is the current IPv6 address of the AMG1302 AMG1202 TSeries in the WAN Click this to go to the screen where you can change it IPv6 Prefix Length This is the current IPv6 prefix length in the WAN IPv6 Gateway This is the IPv6 address of the default gateway if ap...

Page 70: ...s activated WiFi MAC This is the MAC Media Access Control of the WiFi interface Security Firewall This displays whether or not the AMG1302 AMG1202 TSeries s firewall is activated Click this to go to the screen where you can change it Interface Status Interface This column displays each interface the AMG1302 AMG1202 TSeries has Status This field indicates whether or not the AMG1302 AMG1202 TSeries ...

Page 71: ... what percentage of the AMG1302 AMG1202 TSeries s processing ability is currently used When this percentage is close to 100 the AMG1302 AMG1202 TSeries is running at full load and the throughput is not going to improve anymore If you want some applications to have more throughput you should turn off other applications Memory Usage This field displays what percentage of the AMG1302 AMG1202 TSeries ...

Page 72: ...Chapter 5 Connection Status and System Info Screens AMG1302 AMG1202 TSeries User s Guide 72 ...

Page 73: ...ettings on the AMG1302 AMG1202 TSeries for Internet access Use the More Connections screen Section 6 3 on page 81 to set up additional Internet access connections 6 1 2 What You Need to Know About WAN Encapsulation Method Encapsulation is used to include data from an upper layer protocol into a lower layer protocol To set up a WAN connection to the Internet you need to use the same encapsulation m...

Page 74: ...rotocol used to establish membership in a Multicast group it is not used to carry user data There are three versions of IGMP IGMP version 2 and 3 are improvements over version 1 but IGMP version 1 is still in wide use IPv6 IPv6 Internet Protocol version 6 is designed to increase IP address space and enhance features The AMG1302 AMG1202 TSeries supports IPv4 IPv6 dual stack and can connect to IPv4 ...

Page 75: ...Chapter 6 Broadband AMG1302 AMG1202 TSeries User s Guide 75 Figure 19 Network Setting Broadband Internet Connection Auto Sync Up ...

Page 76: ...Chapter 6 Broadband AMG1302 AMG1202 TSeries User s Guide 76 Figure 20 Network Setting Broadband Internet Connection Ethernet ETH1 ...

Page 77: ... Mode field method of encapsulation is not available User Name PPPoA and PPPoE encapsulation only Enter the user name exactly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password PPPoA and PPPoE encapsulation only Enter the password associated with the user name above Service Name PPPoE only Type...

Page 78: ... Enter the first DNS server address assigned by the ISP Secondary DNS Server Enter the second DNS server address assigned by the ISP IPv6 Address Obtain an IP Address Automatically Select this option if you want to have the AMG1302 AMG1202 TSeries use the IPv6 prefix from the connected router s Router Advertisement RA to generate an IPv6 address DHCP IPv6 Select DHCP if you want to obtain an IPv6 ...

Page 79: ...lected Manual enter the WAN Identifier in this field The WAN identifier should be unique and 64 bits in hexadecimal form Every 16 bit block should be separated by a colon as in XXXX XXXX XXXX XXXX where X is a hexadecimal character Blocks of zeros can be represented with double colons as in XXXX XXXX XXXX Connection PPPoA and PPPoE encapsulation only Keep Alive Select Keep Alive when you want your...

Page 80: ...R Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select UBR With PCR Unspecified Bit Rate for applications that are non time sensitive such as e mail Select Realtime VBR real time Variable Bit Rate type for applications with bursty connections that require closely controlled delay and delay variation Select Non Realtime VBR non real time Variable Bit Rate type f...

Page 81: ...s an index number indicating the number of the corresponding connection Active This field indicates whether the connection is active or not Clear the check box to disable the connection Select the check box to enable it Node Name This is the name you gave to the Internet connection VPI VCI This field displays the Virtual Path Identifier VPI and Virtual Channel Identifier VCI numbers configured for...

Page 82: ...it Node Name This is the name you gave to the Internet connection VID This field displays the VLAN ID number used by this connection Encapsulation This field indicates the encapsulation method of the Internet connection Modify The first ISP connection is read only in this screen Use the Broadband Internet Connection screen to edit it Click the Edit icon to edit the Internet connection settings Cli...

Page 83: ...ork Setting Broadband More Connections Edit The following table describes the labels in this screen Table 14 Network Setting Broadband More Connections Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection ...

Page 84: ...ddress type If you select Disable the AMG1302 AMG1202 TSeries will operate in IPv4 mode VPI The valid range for the VPI is 0 to 255 Enter the VPI assigned to you VCI The valid range for the VCI is 32 to 65535 0 to 31 is reserved for local management of ATM traffic Enter the VCI assigned to you IP Address This option is available if you select Router in the Mode field A static IP address is a fixed...

Page 85: ...ed to establish membership in a multicast group The AMG1302 AMG1202 TSeries supports IGMP v1 IGMP v2 and IGMP v3 Select None to disable it ATM QoS ATM QoS Type Select CBR Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select UBR Unspecified Bit Rate for applications that are non time sensitive such as e mail Select nrtVBR Variable Bit Rate non Real Time or rtVBR...

Page 86: ...m DSL cable wireless etc connection The PPPoE option is for a dial up connection using PPPoE For the service provider PPPoE offers an access and authentication method that works with existing access control systems for example RADIUS One of the benefits of PPPoE is the ability to let you access one of multiple network services a function known as dynamic service selection This enables the service ...

Page 87: ... to use the multiplexing method required by your ISP VC based Multiplexing In this case by prior mutual agreement each protocol is assigned to a specific virtual circuit for example VC1 carries IP etc VC based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical LLC based Multiplexing In this case one VC carries multiple protocols w...

Page 88: ...ection The first is that idle timeout is disabled The second is that the AMG1302 AMG1202 TSeries will try to bring up the connection when turned on and whenever the connection is down A nailed up connection can be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connection and the cost is of no co...

Page 89: ...e CBR Constant Bit Rate CBR provides fixed bandwidth that is always available even if no data is being sent CBR traffic is generally time sensitive doesn t tolerate delay CBR is used for connections that continuously require a specific amount of bandwidth A PCR is specified and if traffic exceeds this rate cells may be dropped Examples of connections that need CBR would be high resolution video an...

Page 90: ...ty traffic typical on LANs PCR and MBS define the burst levels SCR defines the minimum level An example of an VBR nRT connection would be non time sensitive data file transfers Unspecified Bit Rate UBR The Unspecified Bit Rate UBR ATM traffic class is for bursty data transfers However UBR doesn t guarantee any bandwidth and only delivers traffic when the network has spare bandwidth An example appl...

Page 91: ...p multiple wireless networks on your AMG1302 AMG1202 TSeries Use the MAC Authentication screen to allow or deny wireless clients based on their MAC addresses from connecting to the AMG1302 AMG1202 TSeries Section 7 4 on page 100 Use the WPS screen see Section 7 5 on page 101 to enable or disable WPS generate a security PIN Personal Identification Number and see information about the AMG1302 AMG120...

Page 92: ...port IEEE 802 11g for example What is the most appropriate standard to use What security options do the other wireless devices in your network support WPA PSK for example What is the strongest security option supported by all the devices in your network Do the other wireless devices in your network support WPS Wi Fi Protected Setup If so you can set up a well secured network very easily Even if so...

Page 93: ...n the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool Client Isolation Select this to keep the wireless clients in this SSID from communicating with each other through the AMG1302 AMG1202 TSeries MBSSID LAN Isolation Select this to keep the wireless clients in this SSID from communicating with clients in other SSIDs or wired LAN devices through t...

Page 94: ...y mechanism that all the wireless devices in your network support For example use WPA PSK or WPA2 PSK if all your wireless devices support it or use WPA or WPA2 if your wireless devices support it and you have a RADIUS server If your wireless devices support nothing stronger than WEP use the highest encryption level available Your AMG1302 AMG1202 TSeries allows you to configure one 64 bit or 128 b...

Page 95: ...robust version of the WPA encryption standard It offers slightly better security although the use of PSK makes it less robust than it could be Table 17 Wireless General Basic WEP LABEL DESCRIPTION Security Level Select Basic to enable WEP data encryption Generate password automatically Select this option to have the AMG1302 AMG1202 TSeries automatically generate a password The password field will ...

Page 96: ...PSK are the same The only difference between the two is that WPA 2 PSK uses a simple common password instead of user specific credentials Type a pre shared key from 8 to 63 case sensitive keyboard characters more hide more Click more to show more fields in this section Click hide more to hide them WPA PSK Compatible This field appears when you choose WPA PSK2 as the Security Mode Select Enable to ...

Page 97: ...ication server You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the AMG1302 AMG1202 TSeries The key must be the same on the external authentication server and your AMG1302 AMG1202 TSeries The key is...

Page 98: ...e AMG1302 AMG1202 TSeries uses either TKIP and AES TKIPAES MIX for data encryption If you choose WPA2 as the security mode but disable WPA PSK Compatible the AMG1302 AMG1202 TSeries uses AES for data encryption Table 19 Wireless General More Secure WPA 2 continued LABEL DESCRIPTION Table 20 Network Setting Wireless More AP LABEL DESCRIPTION This is the index number of each SSID profile Active This...

Page 99: ... name up to 32 English keyboard characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool Client Isolation Select this to keep the wireless clients in this SSID from communicating with each other through the AMG1302 AMG1202 TSeries MBSSID LAN Isolation Select this to ke...

Page 100: ...r More Secure WPA 2 PSK WPA 2 to add security on this wireless network The wireless clients which want to associate to this network must have same wireless security settings as the AMG1302 AMG1202 TSeries After you select to use a security additional options appears in this screen Or you can select No Security to allow any client to associate this network without any data encryption or authenticat...

Page 101: ...S The following screen displays Select Enable and click Apply to activate the WPS function Then you can configure the WPS settings in this screen Add new MAC address Click this if you want to add a new MAC address entry to the MAC filter list below Enter the MAC addresses of the wireless devices that are allowed or denied access to the AMG1302 AMG1202 TSeries in these address fields Enter the MAC ...

Page 102: ...this section to set up a WPS wireless network using Push Button Configuration PBC WPS Click this button to add another WPS enabled wireless device within wireless range of the AMG1302 AMG1202 TSeries to your wireless network This button may either be a physical button on the outside of device or a menu button similar to the WPS button on this screen Note You must press the other wireless device s ...

Page 103: ...ion utility of the device you want to connect to using WPS The PIN is not necessary when you use WPS push button method Click the Generate New PIN button to have the AMG1302 AMG1202 TSeries create a new PIN Status This displays Configured when the AMG1302 AMG1202 TSeries has connected to a wireless network using WPS or Enable WPS is selected and wireless or wireless security settings have been cha...

Page 104: ...use the same pre shared key for data transmission The option is available only when you set the security mode to WPA 2 or WPA 2 PSK in the Wireless General screen TKIP Select this to use TKIP Temporal Key Integrity Protocol encryption AES Select this to use AES Advanced Encryption Standard encryption This is the index number of the individual WDS link Active Select this to activate the link betwee...

Page 105: ...RIPTION Enable WMM of SSID1 4 Use the checkboxes to determine whether to have the AMG1302 AMG1202 TSeries automatically give a service a priority level according to the ToS value in the IP header of packets it sends for a wireless network WMM QoS WiFi MultiMedia Quality of Service gives high priority to voice and video which makes them run more smoothly Apply Click Apply to save your changes Cance...

Page 106: ...less LAN will be turned on only during this time period Apply Click this to save your changes Cancel Click this to restore your previously saved settings Table 26 Network Setting Wireless Scheduling LABEL DESCRIPTION Table 27 Network Setting Wireless Advanced LABEL DESCRIPTION Fragmentation Threshold This is the maximum data fragment size that can be sent Enter a value between 256 and 2346 Output ...

Page 107: ...es Select 802 11g n to allow either IEEE 802 11g or IEEE 802 11n compliant WLAN devices to associate with the AMG1302 AMG1202 TSeries The transmission rate of your AMG1302 AMG1202 TSeries might be reduced Select 802 11b g n to allow IEEE 802 11b IEEE 802 11g or IEEE802 11n compliant WLAN devices to associate with the AMG1302 AMG1202 TSeries The transmission rate of your AMG1302 AMG1202 TSeries mig...

Page 108: ...1202 TSeries is the AP Every wireless network must follow these basic guidelines Every device in the same wireless network must use the same SSID The SSID is the name of the wireless network It stands for Service Set IDentifier If two wireless networks overlap they should use a different channel Like radio stations or television channels each wireless network uses a specific channel or frequency t...

Page 109: ...y in effectiveness Some can be broken such as the old Wired Equivalent Protocol WEP Using WEP is better than using no security at all but it will not keep a determined attacker out Other security standards are secure in themselves but can be broken if a user does not use them properly For example the WPA PSK security standard is very secure if you use a long key which is difficult for an attacker ...

Page 110: ...ed to use the wireless network it still has to have the correct information SSID channel and security If a device is not allowed to use the wireless network it does not matter if it has the correct information This type of security does not protect the information that is sent in the wireless network Furthermore there are ways for unauthorized wireless devices to get the MAC address of an authoriz...

Page 111: ...le for unauthorized wireless devices to figure out the original information pretty quickly When you select WPA2 or WPA2 PSK in your AMG1302 AMG1202 TSeries you can also select an option WPA compatible to support WPA as well In this case if some of the devices support WPA and some support WPA2 you should set up WPA2 PSK or WPA2 depending on the type of wireless network login and select the WPA comp...

Page 112: ...MBSSID Traditionally you need to use different APs to configure different Basic Service Sets BSSs As well as the cost of buying extra APs there is also the possibility of channel interference The AMG1302 AMG1202 TSeries s MBSSID Multiple Basic Service Set IDentifier function allows you to use one access point to provide several BSSs simultaneously You can then assign varying QoS priorities and or ...

Page 113: ...y way to set up a secure wireless network WPS is an industry standard specification defined by the WiFi Alliance WPS allows you to quickly set up a wireless network with strong security without having to configure security settings manually Each WPS connection works between two devices Both devices must support WPS check each device s documentation to make sure Depending on the devices you have yo...

Page 114: ...PIN method you must enter the PIN from one device usually the wireless client into the second device usually the Access Point or wireless router Then when WPS is activated on the first device it presents its PIN to the second device If the PIN matches one device sends the network and security information to the other allowing it to join the network Take the following steps to set up a WPS connecti...

Page 115: ...acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA2 PSK pre shared key to the enrollee If the registrar is already part of a network it sends the existing information If not it generates the SSID and WPA2 PSK randomly The following figure shows a WPS ena...

Page 116: ...ed the security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has connected to another device using WPS it becomes configured A configured wireless client can still act as enrollee or registrar in subsequent WPS connections but a configured access point can no longer act as enrollee It will be the registrar in all subsequent WPS connections in which it is i...

Page 117: ...e the registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 Figure 45 WPS Example Network Step 2 In step 3 you add another access point AP2 to your network AP2 is out of range of AP1 so you cannot use AP1 for the WPS handshake with the new access point However you know that Client 2 supports the registrar fun...

Page 118: ...lee devices You can check the configuration interface of the registrar device to discover the key the network is using if the device supports this feature Then you can enter the key into the non WPS device and join the network as normal the non WPS device must also support WPA2 PSK When you use the PBC method there is a short period from the moment you press the button on one device to the moment ...

Page 119: ...ollee or was not involved in the WPS handshake a rogue device must still associate with the access point to gain access to the network Check the MAC addresses of your wireless clients usually printed on a label on the bottom of the device If there is an unknown MAC address you can remove it or reset the AP ...

Page 120: ...Chapter 7 Wireless LAN AMG1302 AMG1202 TSeries User s Guide 120 ...

Page 121: ...assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Section 8 3 on page 125 Use the UPnP screen to enable UPnP and UPnP NAT traversal on the AMG1302 AMG1202 TSeries Section 8 4 on page 126 Use the IP Alias screen Section 8 5 on page 126 to change your AMG1302 AMG1202 TSeries s IP alias settings Use the IPv6 LAN Setup screen Section 8 6 on page 127 to config...

Page 122: ...ice NAT Traversal UPnP NAT traversal automates the process of allowing an application to operate through NAT UPnP network devices can automatically configure network addressing announce their presence in the network to other UPnP devices and enable exchange of simple product and service descriptions NAT traversal allows the following Dynamic port mapping Learning public IP addresses Assigning leas...

Page 123: ...7 on page 131 for technical background information on LANs 8 1 3 Before You Begin Find out the MAC addresses of your network devices if you intend to add them to the DHCP Client List screen 8 2 The LAN Setup Screen Use this screen to set the Local Area Network IP address subnet mask and advanced networking settings such as RIP multicast of your AMG1302 AMG1202 TSeries Click Network Setting Home Ne...

Page 124: ...sively learn memberships in multicast groups Otherwise select Disabled to deactivate it DHCP Server State DHCP If set to Enable your AMG1302 AMG1202 TSeries can assign IP addresses an IP default gateway and DNS servers to Windows 95 Windows NT and other systems that support the DHCP client If set to Disable the DHCP server will be disabled If set to DHCP Relay the AMG1302 AMG1202 TSeries acts as a...

Page 125: ...try the following screen displays Figure 49 Static DHCP Add Edit Table 31 Network Setting Home Networking Static DHCP LABEL DESCRIPTION Add new static lease Click this to add a new static DHCP entry This is the index number of the entry Active This field displays whether the client is connected to the AMG1302 AMG1202 TSeries MAC Address The MAC Media Access Control or Ethernet address on a LAN Loc...

Page 126: ...al networks over the same Ethernet interface The AMG1302 AMG1202 TSeries supports multiple logical LAN interfaces via its physical Ethernet interface with the AMG1302 AMG1202 TSeries itself as the gateway for the LAN network Table 32 Static DHCP Add Edit LABEL DESCRIPTION MAC Address If you select Manual Input in the Select Device Info field enter the MAC address of a computer on your LAN IP Addre...

Page 127: ...s screen to configure the IPv6 settings for your AMG1302 AMG1202 TSeries s LAN interface See Appendix E on page 295 for background information about IPv6 Table 34 Network Setting Home Networking IP Alias LABEL DESCRIPTION IP Alias Select Enable to configure a LAN network for the AMG1302 AMG1202 TSeries IP Address Enter the IP address of your AMG1302 AMG1202 TSeries in dotted decimal notation IP Su...

Page 128: ...ld enter the LAN IPv6 address you want to assign to your AMG1302 AMG1202 TSeries in hexadecimal notation for example fe80 1 factory default Prefix Enter the address prefix to specify how many most significant bits in an IPv6 address compose the network address MLD Snooping Multicast Listener Discovery MLD allows an IPv6 switch or router to discover the presence of MLD hosts who wish to receive mul...

Page 129: ...on Select this to have the AMG1302 AMG1202 TSeries send router advertisement messages to the LAN hosts Router advertisement is a response to a router solicitation or a periodical multicast advertisement from a router to advertise its presence and other parameters such as IPv6 prefix and DNS information Router solicitation is a request from a host to locate a router that can act as the default rout...

Page 130: ...service provider or uplink router Manual Select this to specify the MTU manually MTU The Maximum Transmission Unit Type the maximum size of each IPv6 data packet in bytes that can move through this interface If a larger packet arrives the AMG1302 AMG1202 TSeries divides it into smaller fragments DAD attempts Specify the number of DAD Duplicate Address Detection attempts before an IPv6 address is a...

Page 131: ...TCP IP configuration for the clients If you turn DHCP service off you must have another DHCP server on your LAN or else the computer must be manually configured IP Pool Setup The AMG1302 AMG1202 TSeries is pre configured with a pool of IP addresses for the DHCP clients DHCP Pool Do not assign static IP addresses from the DHCP pool to your LAN computers 8 7 3 DNS Server Addresses DNS Domain Name Sy...

Page 132: ...connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 and you must enable the Network Address Translation NAT feature of the AMG1302 AMG1202 TSeries The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let...

Page 133: ...dcasting method of the RIP packets that the AMG1302 AMG1202 TSeries sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while RIP...

Page 134: ...in IGMP The address 224 0 0 2 is assigned to the multicast routers group At start up the AMG1302 AMG1202 TSeries queries all directly connected networks to gather group membership After that the AMG1302 AMG1202 TSeries periodically updates this information IP multicasting can be enabled disabled on the AMG1302 AMG1202 TSeries LAN and or WAN interfaces in the web configurator LAN WAN Select None to...

Page 135: ... static routes For example the next figure shows a computer A connected to the AMG1302 AMG1202 TSeries s LAN interface The AMG1302 AMG1202 TSeries routes most traffic from A to the Internet through the AMG1302 AMG1202 TSeries s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate ne...

Page 136: ...dit The screen shown next appears Table 36 Network Setting Static Route LABEL DESCRIPTION Add new static route Click this to configure a new static route This is the number of an individual static route Destination IP This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gateway The gateway is a rout...

Page 137: ...rk number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address Enter the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward p...

Page 138: ...the Edit icon to go to the screen where you can set up a static route on the AMG1302 AMG1202 TSeries Click the Remove icon to remove a static route from the AMG1302 AMG1202 TSeries A window displays asking you to confirm that you want to delete the route Table 38 Network Setting Static Route IPv6 Static Route LABEL DESCRIPTION Table 39 Network Setting Static Route IPv6 Static Route Add Edit LABEL ...

Page 139: ...gestion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Voice over IP VoIP or Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video In the following figure your Internet connection has an upstream...

Page 140: ...rk by grouping similar types of traffic together and treating each type as a class You can use 802 1p to give different priorities to different packet types Tagging and Marking In a QoS class you can configure whether to add or change the DiffServ Code Point DSCP value and IEEE 802 1p priority level in a matched packet When the packet passes through a compatible network the networking device such ...

Page 141: ...ue with the lowest priority Ethernet Priority Automatically assign priority based on the IEEE 802 1p priority level IP Precedence Automatically assign priority based on the first three bits of the TOS field in the IP header Packet Length Automatically assign priority based on the packet size Smaller packets get higher priority since control signaling VoIP internet gaming or other real time packets...

Page 142: ...r the descriptive name of this queue Interface Select the interface to which this queue is applied This field is read only if you are editing the queue Priority Select the priority level from 1 to 3 of this queue The smaller the number the higher the priority level Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if the network is con...

Page 143: ...Click Add new Classifier in the Network Setting QoS Class Setup screen or click the Edit icon next to a class the screen appears as shown next Table 43 Network Setting QoS Class Setup LABEL DESCRIPTION Add new Classifier Click this to create a new classifier Index This is the index number of the entry Status This field displays whether the classifier is active or not A yellow bulb signifies that t...

Page 144: ...Chapter 10 Quality of Service QoS AMG1302 AMG1202 TSeries User s Guide 144 Figure 64 QoS Class Setup Add Edit ...

Page 145: ...P address means any source IP address Subnet Netmask Source Prefix Length Enter the source subnet mask if you select IPv4 as the Ether Type Enter the source prefix length if you select IPv6 as the Ether Type Port Range If you select TCP UDP TCP or UDP in the IP protocol field select the check box and enter the port number s of the source MAC Address Select the check box and enter the source MAC ad...

Page 146: ...om 46 to 1500 in the fields provided IPP DS Field Select IPP TOS to specify an IP precedence range and type of services Select DSCP to specify a DiffServ Code Point DSCP range IP Precedence Range Enter a range from 0 to 7 for IP precedence 0 is the lowest priority and 7 is the highest Type of Service Select a type of service from the drop down list box Available options are Normal service Minimize...

Page 147: ...ets 802 1Q Tag If you select Remark select a priority level in the Ethernet Priority field and enter a VLAN ID number in the VLAN ID field with which the AMG1302 AMG1202 TSeries replaces the IEEE 802 1p priority field and VLAN ID of the frames If you select Remove the AMG1302 AMG1202 TSeries deletes the VLAN ID of the frames before forwarding them out If you select Add the AMG1302 AMG1202 TSeries ...

Page 148: ...ct this to have QoS give the highest priority to traffic for the games you specify This priority is higher than the other QoS queues Select the games below Apply Click this to save your changes Cancel Click this to restore previously saved settings Table 46 IEEE 802 1p Priority Level and Traffic Type PRIORITY LEVEL TRAFFIC TYPE Level 7 Typically used for network control traffic such as router conf...

Page 149: ...er 3 QoS mapping on the AMG1302 AMG1202 TSeries On the AMG1302 AMG1202 TSeries traffic assigned to higher priority queues gets through faster while traffic in lower index queues is dropped if the network is congested Table 47 Internal Layer2 and Layer3 QoS Mapping PRIORITY QUEUE LAYER 2 LAYER 3 IEEE 802 1P USER PRIORITY ETHERNET PRIORITY TOS IP PRECEDENCE DSCP IP PACKET LENGTH BYTE 0 1 0 000000 1 ...

Page 150: ...Chapter 10 Quality of Service QoS AMG1302 AMG1202 TSeries User s Guide 150 ...

Page 151: ... 156 11 1 2 What You Need To Know About NAT Inside Outside Inside outside denotes where a host is located relative to the AMG1302 AMG1202 TSeries for example the computers of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global Local Global local denotes the IP address of a host in a packet as the packet traverses a router for example the local a...

Page 152: ... this check box to enable NAT Max NAT Firewall Session Per User When computers use peer to peer applications such as file sharing applications they need to establish NAT sessions If you do not limit the number of NAT sessions a single client can establish this can result in all of the available NAT sessions being used In this case no additional NAT sessions can be established and users may not be ...

Page 153: ...may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP Default Server IP Address In addition to the servers for specified services NAT supports a default server IP address A default server receives packets from ports that are not specified in this screen Note If you do not assign a Default Server IP a...

Page 154: ...port forwarding rule Add new rule Click this button to add a rule to the table below This is the rule index number read only Active This field indicates whether the rule is active or not Clear the check box to disable the rule Select the check box to enable it Service Name This is a service s name External Start Port This is the first port number of a port range that incoming service requests may ...

Page 155: ...ast port number in a series that begins with the port number in the Start Port field above Server IP Address Enter the IP address of the server in your local network Trigger Protocol Select the protocol of the service TCP UDP or ALL TCP UDP Open Start Port Enter the first port number here to which you want the device to translate the incoming port For a range of ports you only need to enter the fi...

Page 156: ...et traverses a router for example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the location of a host while global local refers to the IP address of a host used in a packet Thus an inside local address ILA...

Page 157: ...l benefit of firewall protection With no servers defined your AMG1302 AMG1202 TSeries filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 11 5 3 How NAT Works Each packet has two addresses a source address and a destination address For outgoing packets the ILA I...

Page 158: ...G1302 AMG1202 TSeries can communicate with three distinct WAN networks Figure 72 NAT Application With IP Alias 11 5 5 NAT Mapping Types NAT supports five types of IP port mapping They are 192 168 1 13 192 168 1 10 192 168 1 11 192 168 1 12 SA 192 168 1 10 SA IGA1 Inside Local IP Address 192 168 1 10 192 168 1 11 192 168 1 12 192 168 1 13 Inside Global IP Address IGA 1 IGA 2 IGA 3 IGA 4 NAT Table W...

Page 159: ...202 TSeries maps the multiple local IP addresses to shared global IP addresses Many to Many No Overload In Many to Many No Overload mode the AMG1302 AMG1202 TSeries maps each local IP address to a unique global IP address Server This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world Port numbers do NOT change for One to One and Man...

Page 160: ...Chapter 11 Network Address Translation NAT AMG1302 AMG1202 TSeries User s Guide 160 ...

Page 161: ... Different ATM QoS settings can be specified for each WAN PVC to meet bandwidth requirements for the type of traffic to be transferred For example three port binding groups could be created on the device R1 for three different WAN PVC connections The first PVC PVC0 is for non time sensitive data traffic The second and third PVCs PVC1 and PVC2 are for time sensitive Media On Demand MOD video traffi...

Page 162: ... Binding screen Section 12 3 on page 162 to set up port binding groups Use the Port Binding Summary screen Section 12 3 1 on page 163 to view configured port binding groups 12 2 The Port Binding General Screen Use this screen to activate port binding and set up port binding groups Click Network Setting Port Binding to display the following screen Figure 74 Network Setting Port Binding The followin...

Page 163: ...ed to a port binding group traffic will be forwarded to the other ports in the group but not to ports in other groups If a port is not included in any groups traffic will be forwarded according to the routing table ATM VCs Select the ATM VC PVC to include in the port binding group Each ATM VC can only be bound to one group Ethernet Select the Ethernet Eth ports to include in the port binding group...

Page 164: ...Guide 164 The following table describes the labels in this screen Table 56 Network Setting Port Binding Port Binding Summary LABEL DESCRIPTION Group ID This field displays the group index number Group port This field displays the ports included in the group ...

Page 165: ...This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 13 1 1 What You Can Do in the DDNS Screen Use the Dynamic DNS screen Section 13 2 on page 165 to enable DDNS and configure the DDNS settings on the AMG1302 AMG1202 TSeries 13 1 2 What You Need To Know About DDNS DYNDNS Wildc...

Page 166: ...ic DNS Service Provider This is the website of your Dynamic DNS service provider Host Name Type the domain name assigned to your AMG1302 AMG1202 TSeries by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma Username Type your user name Password Type the password assigned to you Enable Wildcard Option Select the check box to enable DynDNS Wildcard Apply...

Page 167: ... 170 to create IPv6 and MAC filter rules 14 1 2 What You Need to Know About Filtering URL The URL Uniform Resource Locator identifies and helps locates resources on a network On the Internet the URL is the web address that you type in the address bar of your Internet browser for example http www zyxel com URL and IP Filter Structure The URL IP and IPv6 filters have individual rule indexes The AMG1...

Page 168: ...ich to apply the filter Direction Apply the filter to Incoming or Outgoing traffic direction Rule Type Select IP or MAC type to configure the rule Use the IP Filter to block or allow traffic by IP addresses Use the MAC Filter to block or allow traffic by MAC address Source IP Address Enter the source IP address of the packets you wish to filter This field is ignored if it is 0 0 0 0 Subnet Mask En...

Page 169: ...eld shows whether the rule is activated Interface This is the interface that the filter set applies to Direction The filter set applies to this traffic direction Src IP Mask This is the source IP address and subnet mask when you select IP as the rule type Dest IP Mask This is the destination IP address and subnet mask Mac Address This is the MAC address of the packets being filtered Src Port This ...

Page 170: ...le Index Select the index number of the filter rule Active Use this field to enable or disable the filter rule Interface Select the PVC to which to apply the filter Direction Apply the filter to Incoming or Outgoing traffic direction Rule Type Select IP or MAC type to configure the rule Use the IP Filter to block or allow traffic by IPv6 addresses Use the MAC Filter to block or allow traffic by MA...

Page 171: ...ation 136 Neighbor Advertisement 137 Redirect Redirect message Protocol This is the upper layer protocol that defines the service to which this rule applies By default it is ICMPv6 IPv6 MAC Filter Listing IPv6 MAC Filter Rule Index Select the index number of the filter set from the drop down list box This is the index number of the rule in a filter set Active This field shows whether the rule is a...

Page 172: ...Chapter 14 Filters AMG1302 AMG1202 TSeries User s Guide 172 ...

Page 173: ...iate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 80 Default Firewall Action 15 1 1 What You Can Do in the Firewall Screens Use the General screen Section 15 2 on page 175 to select the firewall protection level on the AMG1302 AMG1202 TSeries Use the Default Action ...

Page 174: ...arget thereby causing denial of service for users of the targeted system LAND Attack In a Local Area Network Denial LAND attack hackers flood SYN packets into the network with a spoofed source IP address of the target system This makes it appear as if the host computer sent the packets to itself making the system unavailable while the target system tries to respond to itself Ping of Death Ping of ...

Page 175: ...l and error reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol IP datagrams but the messages are processed by the TCP IP software and directly apparent to the application user DoS Thresholds For DoS attacks the AMG1302 AMG1202 TSeries uses thresholds to determine when to drop sessions that do not become fully established These thresholds apply global...

Page 176: ...t but blocks anyone from the Internet from accessing any services on your local network Low This setting allows traffic to the Internet and also allows someone from the Internet to access services on your local network This would be used with Port Forwarding Default Server Custom This setting allows the customer to create and edit individual firewall rules Firewall rules can be created in the Defa...

Page 177: ... AMG1302 AMG1202 TSeries itself Default Action Use the drop down list boxes to select the default action that the firewall is to take on packets that are traveling in the selected direction and do not match any of the firewall rules Select Drop to silently discard the packets without sending a TCP reset packet or an ICMP destination unreachable message to the sender Select Reject to deny the packe...

Page 178: ...e the rules you have created that apply to traffic traveling in the selected packet direction The firewall rules that you configure summarized below take priority over the general firewall action settings in the General screen This is your firewall rule number The ordering of your rules is important as rules are applied in turn Active This field displays whether a firewall is turned on or not Sele...

Page 179: ...lies This is the interface through which the traffic is destined to leave the AMG1302 AMG1202 TSeries Please note that a blank source interface is equivalent to Any Modify Click the Edit icon to go to the screen where you can edit the rule Click the Remove icon to delete an existing firewall rule A window displays asking you to confirm that you want to delete the firewall rule Note that subsequent...

Page 180: ...rop deny and send an ICMP destination unreachable message to the sender of Reject or allow the passage of Permit packets that match this rule IP Version Type Select the IP version IPv4 or IPv6 to apply this firewall rule to Rate Limit Set a maximum number of packets per second minute or hour to limit the throughput of traffic that matches this rule Maximum Burst Number Set the maximum number of pa...

Page 181: ...pply this firewall rule applies Please note that a blank source MAC address is equivalent to any Source Interface Specify a source interface to which this firewall rule applies This is the interface through which the traffic entered the AMG1302 AMG1202 TSeries Please note that a blank source interface is equivalent to any Destination Interface Specify a destination interface to which this firewall...

Page 182: ...irewall Rules Edit Edit Customized Services LABEL DESCRIPTION This is the number of your customized port Name This is the name of your customized service Protocol This shows the IP protocol TCP or UDP that defines your customized service Port Type This is the port number or range that defines your customized service Start Port This is a single port number or the starting port number of a range tha...

Page 183: ... that defines your customized port from the drop down list box Port Configuration Type Click Single to specify one port only or Port Range to specify a span of ports that define your customized service Port Number Type a single port number or the range of port numbers that define your customized service Back Click this to return to the previous screen without saving Apply Click this to save your c...

Page 184: ...ication that initiates a session sends a SYN synchronize packet to the receiving server The receiver sends back an ACK acknowledgment packet and its own SYN and then the initiator responds with an ACK acknowledgment After this handshake a connection is established Figure 88 Three Way Handshake For UDP half open means that the firewall has detected no return traffic An unusually high number or arri...

Page 185: ...ns 2 The minimum capacity of server backlog in your LAN network 3 The CPU power of servers in your LAN network 4 Network bandwidth 5 Type of traffic for certain servers Reduce the threshold values if your network is slower than average for any of these factors especially if you have servers that are slow or handle many tasks and are often busy If you often use P2P applications such as file sharing...

Page 186: ...ttings to allow only a specific computer to manage the AMG1302 AMG1202 TSeries Table 67 Security Firewall DoS Advanced LABEL DESCRIPTION TCP SYN Request Count This is the rate of new TCP half open sessions per second that causes the firewall to start deleting half open sessions When the rate of new connection attempts rises above this number the AMG1302 AMG1202 TSeries deletes half open sessions a...

Page 187: ...C Internet Relay Chat from the LAN to the Internet Allow certain types of traffic such as Lotus Notes database synchronization from specific hosts on the Internet to specific hosts on the LAN Allow everyone except your competitors to access a web server Restrict use of certain protocols such as Telnet to authorized users on the LAN These custom rules work by comparing the source IP address destina...

Page 188: ...or example if FTP ports TCP 20 21 are allowed from the Internet to the LAN Internet users may be able to connect to computers with running FTP servers 4 Does this rule conflict with any existing rules Once these questions have been answered adding rules is simply a matter of entering the information into the correct fields in the web configurator screens 15 6 4 Triangle Route When the firewall is ...

Page 189: ...s firewall protection Another solution is to use IP alias IP alias allows you to partition your network into logical sections over the same Ethernet interface Your AMG1302 AMG1202 TSeries supports up to three logical LAN interfaces with the AMG1302 AMG1202 TSeries being the gateway for each logical network It s like having multiple LAN networks that actually use the same physical cables and ports ...

Page 190: ...Chapter 15 Firewall AMG1302 AMG1202 TSeries User s Guide 190 Figure 92 IP Alias 1 2 3 LAN A ISP 1 ISP 2 4 WAN Subnet 1 Subnet 2 ...

Page 191: ...e fields in this screen Table 68 Security Parental Control LABEL DESCRIPTION Parental Control Use this field to activate or deactivate parental control Add new PCP Click this to create a new parental control rule This is the index number of the rule Status This indicates whether the rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not a...

Page 192: ...94 Add Edit Parental Control Rule The following table describes the fields in this screen Website Blocked This shows whether the website block is configured If not None will be shown Modify Click the Edit icon to go to the screen where you can edit the rule Click the Delete icon to delete an existing rule Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved s...

Page 193: ...ewing the Web sites with the URLs listed below If you select Access the AMG1302 AMG1202 TSeries blocks access to all URLs except ones listed below Add new service Click this to show a screen in which you can add a new service rule You can configure the Service Name Protocol and Name of the new rule Active This shows whether a configured service is activated or not Service Name This shows the name ...

Page 194: ...Chapter 16 Parental Control AMG1302 AMG1202 TSeries User s Guide 194 ...

Page 195: ...ssues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities The certification authority uses its private key to sign certificates Anyone can then use the certification authority s public key to verify the certificates You can use the AMG1302 AMG1202 TSeries to generate c...

Page 196: ...certification authority such as a common name organizational unit or department organization or company and country Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applicable Valid To This field displays the date that the certificate expires The text displays in red a...

Page 197: ...he Import Certificate screen You can save a trusted certification authority s certificate to the AMG1302 AMG1202 TSeries Table 71 Security Certificates Trusted CA LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority that you trust to the AMG1302 AMG1202 TSeries Name This field displays the name used to identify this...

Page 198: ...tificate s name and set whether or not you want the AMG1302 AMG1202 TSeries to check a certification authority s list of revoked certificates before trusting a certificate issued by the certification authority Table 72 Security Certificates Trusted CA Import LABEL DESCRIPTION Certificate File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse C...

Page 199: ...he name type up to 31 characters to identify this key certificate You may use any character not including spaces Certificate Detail This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII characters to convert the binary certificate into a printable form You can copy and paste the certificate into an e mail to send to friends ...

Page 200: ...Chapter 17 Certificate AMG1302 AMG1202 TSeries User s Guide 200 ...

Page 201: ... by their color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages A syslog enabled device can generate a syslog message and send it to a syslog server Syslog is defined in RFC 3164 The RFC defines the packet format conten...

Page 202: ...EL DESCRIPTION Level Select a severity level from the drop down list box This filters search results according to the severity level you have selected When you select a severity the AMG1302 AMG1202 TSeries searches through all logs of that severity or higher Refresh Click this to renew the log screen Clear Logs Click this to delete all the logs Export Click this to download logs to a file on your ...

Page 203: ...es s client s Section 19 4 on page 205 19 2 The WAN Status Screen Click System Monitor Traffic Status to open the WAN screen You can view the WAN traffic statistics in this screen Figure 100 System Monitor Traffic Status WAN The following table describes the fields in this screen Table 76 System Monitor Traffic Status WAN LABEL DESCRIPTION Status This shows the number of bytes received and sent th...

Page 204: ... this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 76 System Monitor Traffic Status WAN continued LABEL DESCRIPTION Table 77 System Monitor Traffic Status LAN LABEL DESCRIPTION Refresh Interval s Select how often you want the AMG1302 AMG1202 TSeries to update this screen...

Page 205: ...of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 77 System Monitor Traffic Status LAN continued LABEL DESCRIPTION Table 78 System Monitor Traffic Status NAT LABEL DESCRIPTION Refresh Interval Select how often you want the AMG1302 AMG1202 TSeries t...

Page 206: ...Chapter 19 Traffic Status AMG1302 AMG1202 TSeries User s Guide 206 ...

Page 207: ...enance User Account LABEL DESCRIPTION User Name You can configure the password for the Power User and Admin accounts Old Password Type the default password or the existing password you use to access the system in this field New Password Type your new system password up to 30 characters Note that as you type a password the screen displays a for each character you type After you change the password ...

Page 208: ...Chapter 20 User Account AMG1302 AMG1202 TSeries User s Guide 208 ...

Page 209: ... Figure 104 LAN and WAN An administrator can use a management server to remotely set up the AMG1302 AMG1202 TSeries modify settings perform firmware upgrades as well as monitor and diagnose the AMG1302 AMG1202 TSeries In order to use CWMP you need to configure the following steps 1 Activate CWMP 2 Specify the URL username and password 3 Activate periodic inform and specify an interval value 21 2 T...

Page 210: ...02 AMG1202 TSeries The management server uses this path to verify the AMG1302 AMG1202 TSeries Connection Request Port The default port for access to the AMG1302 AMG1202 TSeries from the management server is port 7547 If you change it make sure it does not conflict with another port on your network and it is recommended to use a port number above 1024 not a commonly used port The management server ...

Page 211: ...R 069 Client AMG1302 AMG1202 TSeries User s Guide 211 Apply Click this to save your changes Cancel Click this to restore your previously saved settings Table 80 Maintenance TR 069 Client continued LINK DESCRIPTION ...

Page 212: ...Chapter 21 TR 069 Client AMG1302 AMG1202 TSeries User s Guide 212 ...

Page 213: ...ce System The following table describes the labels in this screen 22 3 The Time Screen Use this screen to configure the AMG1302 AMG1202 TSeries s time based on your local time zone To change your AMG1302 AMG1202 TSeries s time and date click Maintenance System Time Setting The screen appears as shown Table 81 Maintenance System LABEL DESCRIPTION Administrator Inactivity Timer Type how many seconds...

Page 214: ...is field displays the last updated time in hh mm ss format from the time server or the last time configured manually When you set Time and Date Setup to Manual enter the new time in this field and then click Apply Current Time This field displays the last updated date in yyyy mm dd format from the time server or the last date configured manually When you set Time and Date Setup to Manual enter the...

Page 215: ... Sunday March The time you type in the o clock field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The o clock field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the Uni...

Page 216: ...Chapter 22 System Settings AMG1302 AMG1202 TSeries User s Guide 216 ...

Page 217: ...es After a successful upload the system will reboot Do NOT turn off the AMG1302 AMG1202 TSeries while firmware upload is in progress Figure 108 Maintenance Firmware Upgrade The following table describes the labels in this screen After you see the firmware updating screen wait two minutes before logging into the AMG1302 AMG1202 TSeries again Table 83 Maintenance Firmware Upgrade LABEL DESCRIPTION C...

Page 218: ...a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 110 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful an error screen will appear Click OK to go back to the Firmware Upgrade screen Figure 111 Error Message ...

Page 219: ...appears in this screen as shown next Figure 112 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the AMG1302 AMG1202 TSeries s current configuration to a file on your computer Once your AMG1302 AMG1202 TSeries is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes Th...

Page 220: ...ndix A on page 245 for details on how to set up your computer s IP address If the upload was not successful an error screen will appear Click OK to go back to the Configuration screen Reset to Factory Defaults Click the Reset button to clear all user entered configuration information and return the AMG1302 AMG1202 TSeries to its factory defaults The following warning screen appears Figure 114 Rese...

Page 221: ... the AMG1302 AMG1202 TSeries remotely without turning the power off You may need to do this if the AMG1302 AMG1202 TSeries hangs for example Click Maintenance Reboot Click the Reboot button to have the AMG1302 AMG1202 TSeries reboot This does not affect the AMG1302 AMG1202 TSeries s configuration Figure 115 Maintenance Reboot ...

Page 222: ...Chapter 24 Backup Restore AMG1302 AMG1202 TSeries User s Guide 222 ...

Page 223: ... remote location via Internet WAN only LAN only LAN and WAN None Disable To disable remote management of a service select Disable in the corresponding Service Access field 25 1 1 What You Can Do in the Remote Management Screens Use the WWW screen Section 25 2 on page 224 to configure through which interface s and from which IP address es users can use HTTP to manage the AMG1302 AMG1202 TSeries Use...

Page 224: ... s and from which IP address es users can use SSH to manage the AMG1302 AMG1202 TSeries 25 1 2 What You Need to Know About Remote Management Remote Management Limitations Remote management does not work when You have not enabled that service on the interface in the corresponding remote management screen You have disabled that service in one of the remote management screens The IP address in the Se...

Page 225: ...owing WAN access even temporarily to change the default password in Maintenance User Account To allow access from the WAN you will need to configure a WAN to Router firewall rule See Section 4 1 on page 37 for information on configuring firewall rules Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the AMG1302 AMG1202 TSeries using this service ...

Page 226: ...ys the service port number for accessing the AMG1302 AMG1202 TSeries If the number is grayed out it is not editable Server Access Select the interface s through which a computer may access the AMG1302 AMG1202 TSeries using this service Note It is recommended if you are allowing WAN access even temporarily to change the default password in Maintenance User Account To allow access from the WAN you w...

Page 227: ...es supports SNMP version one SNMPv1 and version two SNMPv2c The next figure illustrates an SNMP management operation Table 87 Maintenance RemoteMGMT FTP LABEL DESCRIPTION Server Port This displays the service port number for accessing the AMG1302 AMG1202 TSeries If the number is grayed out it is not editable Server Access Select the interface s through which a computer may access the AMG1302 AMG12...

Page 228: ...twork administrators perform network management functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed...

Page 229: ...o access the SNMP agent on the AMG1302 AMG1202 TSeries Select All to allow any computer to access the SNMP agent Choose Range to just allow the computer s with an IP address in the range that you specify to access the AMG1302 AMG1202 TSeries using this service Get Community Enter the Get Community which is the password for the incoming Get and GetNext requests from the management station The defau...

Page 230: ...appears as shown If an outside user attempts to probe an unsupported port on your AMG1302 AMG1202 TSeries an ICMP response packet is automatically returned This allows the outside user to know the Table 89 Maintenance RemoteMGMT DNS LABEL DESCRIPTION Server Port This displays the service port number for accessing the AMG1302 AMG1202 TSeries If the number is grayed out it is not editable Access Sta...

Page 231: ...that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network Click Maintenance RemoteMGMT SSH tab to display the screen as shown Table 90 Maintenance RemoteMGMT ICMP LABEL DESCRIPTION Respond to Ping on The AMG1302 AMG1202 TSeries will not respond to any incoming Ping requests when Disable is selected Select LAN to reply to ...

Page 232: ...lect the interface s through which a computer may access the AMG1302 AMG1202 TSeries using this service Note It is recommended if you are allowing WAN access even temporarily to change the default password in Maintenance User Account To allow access from the WAN you will need to configure a WAN to Router firewall rule See Firewall Section on page 173 for information on configuring firewall rules S...

Page 233: ...Management AMG1302 AMG1202 TSeries User s Guide 233 2 A window displays prompting you to store the host key in your computer Click Yes to continue 3 Enter your user name and password 4 The command line interface displays ...

Page 234: ...Chapter 25 Remote Management AMG1302 AMG1202 TSeries User s Guide 234 ...

Page 235: ...General Screen Use this screen to ping an IP address Click Maintenance Diagnostic Ping to open the screen shown next Figure 125 Maintenance Diagnostic Ping The following table describes the fields in this screen Table 92 Maintenance Diagnostic Ping LABEL DESCRIPTION Type the IP address of a computer that you want to ping in order to test a connection Ping Click this to ping the IP address that you...

Page 236: ... to zero whenever the device starts up inPkts is the number of good ATM cells that have been received inDiscards is the number of received ATM cells that were rejected inF4Pkts is the number of ATM Operations Administration and Management OAM F4 cells that have been received See ITU recommendation I 610 for more on OAM for ATM inF5Pkts is the number of ATM OAM F5 cells that have been received outP...

Page 237: ... bit allocation This is displayed as the number in hexadecimal format of bits transmitted for each tone This can be used to determine the quality of the connection whether a given sub carrier loop has sufficient margins to support certain ADSL transmission rates and possibly to determine whether particular specific types of interference or line attenuation exist Refer to the ITU T G 992 1 recommen...

Page 238: ...Chapter 26 Diagnostic AMG1302 AMG1202 TSeries User s Guide 238 ...

Page 239: ...g the power adaptor or cord included with the AMG1302 AMG1202 TSeries 3 Make sure the power adaptor or cord is connected to the AMG1302 AMG1202 TSeries and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the AMG1302 AMG1202 TSeries off and on 5 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand...

Page 240: ...owser 3 If this does not work you have to reset the device to its factory defaults See Section 1 7 on page 19 I forgot the password 1 The default admin user name and password can be found on the cover of this User s Guide 2 If this does not work you have to reset the device to its factory defaults See Section 1 7 on page 19 I cannot see or access the Login screen for the web configurator 1 Make su...

Page 241: ...re you have entered the password correctly The default user and default admin password can be found on the cover page of this User s Guide The field is case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the AMG1302 AMG1202 TSeries Log out of the AMG1302 AMG1202 TSeries in the other session or ask the person who is log...

Page 242: ... 6 If the problem continues contact your ISP I cannot access the Internet anymore I had access to the Internet with the AMG1302 AMG1202 TSeries but my Internet connection is not available anymore 1 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 27 1 on page 225 2 Turn the AMG1302 AMG1202 TSeries off and on 3 If the problem conti...

Page 243: ...m continues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Check the settings for QoS If it is disabled you might consider activating it If it is enabled you might consider raising or lowering the priority for some applications ...

Page 244: ...Chapter 27 Troubleshooting AMG1302 AMG1202 TSeries User s Guide 244 ...

Page 245: ...lication package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP addresses that place them in ...

Page 246: ...icrosoft from the list of manufacturers 4 Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks 1 Click Add 2 Select Client and then click Add 3 Select Microsoft from the list of manufacturers 4 Select Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer so the changes you made take effect Co...

Page 247: ...erties IP Address 3 Click the DNS Configuration tab If you do not know your DNS information select Disable DNS If you know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in Figure 129 Windows 95 98 Me TCP IP Properties DNS Configuration 4 Click the Gateway tab ...

Page 248: ...your AMG1302 AMG1202 TSeries and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default gateway Windows 2000 NT XP The following example figures use the default Windows XP GUI theme 1 Click...

Page 249: ... User s Guide 249 Figure 131 Windows XP Control Panel 3 Right click Local Area Connection and then click Properties Figure 132 Windows XP Control Panel Network Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties ...

Page 250: ...ernet Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields Click Advanced Figure 134 Windows XP Internet Protocol TCP IP Properties ...

Page 251: ...s In TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Automatic metric check box and type a metric in Metric Click Add Repeat the previous three steps for each default gateway you want to add Click OK when finished Figure 135 Windows XP Advanced TCP IP Properties 7 In the Internet Protocol ...

Page 252: ...nnections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your AMG1302 AMG1202 TSeries and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Sup...

Page 253: ...re 137 Windows Vista Start Menu 2 In the Control Panel double click Network and Internet Figure 138 Windows Vista Control Panel 3 Click Network and Sharing Center Figure 139 Windows Vista Network And Internet 4 Click Manage network connections Figure 140 Windows Vista Network and Sharing Center ...

Page 254: ...ndows displays a screen saying that it needs your permission to continue Figure 141 Windows Vista Network and Sharing Center 6 Select Internet Protocol Version 4 TCP IPv4 and click Properties Figure 142 Windows Vista Local Area Connection Properties 7 The Internet Protocol Version 4 TCP IPv4 Properties window opens the General tab If you have a dynamic IP address click Obtain an IP address automat...

Page 255: ...want to configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address ...

Page 256: ...4 Properties window the General tab Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them ...

Page 257: ...ies window 12 Close the Network Connections window 13 Turn on your AMG1302 AMG1202 TSeries and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Macintos...

Page 258: ...r s Guide 258 Figure 146 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 147 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server from the Configure list 4 For statically assigned settings do the following ...

Page 259: ...to save changes to your configuration 7 Turn on your AMG1302 AMG1202 TSeries and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu and click System Preferences to open the System Preferences window Figure 148 Macintosh OS X Apple Menu 2 Click Network in the icon bar Select Automatic from the Lo...

Page 260: ...IP address of your AMG1302 AMG1202 TSeries in the Router address box 5 Click Apply Now and close the window 6 Turn on your AMG1302 AMG1202 TSeries and restart your computer if prompted Verifying Settings Check your TCP IP properties in the Network window Linux This section shows you how to configure your computer s TCP IP settings in Red Hat Linux 9 0 Procedure screens and file location may vary d...

Page 261: ...k Configuration Devices 2 Double click on the profile of the network card you wish to configure The Ethernet Device General screen displays as shown Figure 151 Red Hat 9 0 KDE Ethernet Device General If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list If you have a static IP address click Statically set IP Addresses and fill ...

Page 262: ...es in all screens Figure 153 Red Hat 9 0 KDE Network Configuration Activate 7 After the network card restart process is complete make sure the Status is Active in the Network Configuration screen Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address 1 Assuming that you have only one network card on the computer locate the ifconfig...

Page 263: ...e shows an example where two DNS server IP addresses are specified Figure 156 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configuration files you must restart the network card Enter network restart in the etc rc d init d directory The following figure shows an example Figure 157 Red Hat 9 0 Restart Ethernet Card Verifying Settings Enter ifconfig in a terminal screen to ch...

Page 264: ...cap Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717 errors 0 dropped 0 overruns 0 frame 0 TX packets 13 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 100 RX bytes 730412 713 2 Kb TX bytes 1570 1 5 Kb Interrupt 10 Base address 0x1000 root localhost ...

Page 265: ...treet share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered Structure An IP address is made up o...

Page 266: ... bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Subnet masks can be refe...

Page 267: ...ntinuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks using bo...

Page 268: ... The following figure shows the company network before subnetting Figure 160 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following...

Page 269: ... 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits ...

Page 270: ...NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 101 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 192 IP Address Binary 11000...

Page 271: ...d Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the AMG1302 AMG1202 TSeries Table 103 24 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62...

Page 272: ...or example you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If y...

Page 273: ... blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 162 Pop up Blocker You can also check if pop up blocking is disabled in the Pop up B...

Page 274: ...ptions Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab 2 Select Settings to open the Pop up Blocker Settings screen ...

Page 275: ...r s Guide 275 Figure 164 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to move the IP address to the list of Allowed sites Figure 165 Pop up Blocker Settings ...

Page 276: ...ot display properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 166 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default...

Page 277: ... Figure 167 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected 5 Click OK to close the window ...

Page 278: ...G1202 TSeries User s Guide 278 Figure 168 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Click OK to close the window Figure 169 Java Sun ...

Page 279: ...are used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Click Tools then click Options in the screen that appears Figure 170 Mozilla Firefox Tools Options Click Content to show the screen below Select the check boxes as shown in the following screen Figure 171 Mozilla Firefox Content Security ...

Page 280: ...Appendix C Pop up Windows JavaScripts and Java Permissions AMG1302 AMG1202 TSeries User s Guide 280 ...

Page 281: ...r Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 172 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point AP Intra BSS traffic...

Page 282: ...This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless clients within...

Page 283: ...ls partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not...

Page 284: ... RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead involved in the RTS Request To Send CTS Clear to Send handshake If the RTS CTS value is greater than the Fragmentation Threshold value see next then the RTS Request To Send CTS Cle...

Page 285: ...ote The wireless devices MUST use the same preamble mode in order to communicate IEEE 802 11g Wireless LAN IEEE 802 11g is fully compatible with the IEEE 802 11b standard This means an IEEE 802 11b adapter can interface directly with an IEEE 802 11g access point and vice versa at 11 Mbps or lower depending on range IEEE 802 11g has several intermediate rate steps between the maximum and minimum da...

Page 286: ...9 for centralized user profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the clien...

Page 287: ...nsure network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauthorized access Types of EAP Authentication This section discusses some popular authentication types EAP MD5 EAP TLS EAP TTLS PEAP ...

Page 288: ...d This makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only th...

Page 289: ...y requires a single identical password entered into each access point wireless gateway and wireless client As long as the passwords match a wireless client will be granted access to a WLAN If the AP or the wireless clients do not support WPA2 just use WPA or WPA PSK depending on whether you have an external RADIUS server or not Select WEP only when the AP and or wireless clients do not support WPA...

Page 290: ...s The common password approach makes WPA 2 PSK susceptible to brute force password guessing attacks but it s still an improvement over WEP as it employs a consistent single alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys This prevent all wireless devices sharing the same encryption keys a weakness of WEP User Authentication WPA and WPA2 apply IEEE 80...

Page 291: ... The RADIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients Figure 176 WPA 2 with RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks...

Page 292: ...ntenna couples RF signals onto air A transmitter within a wireless device sends an RF signal to the antenna which propagates the signal through the air The antenna also operates in reverse by capturing RF signals from the air Positioning the antennas properly increases the range and coverage area of a wireless LAN Table 108 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT P...

Page 293: ...here are two types of antennas used for wireless LAN applications Omni directional antennas send the RF signal out in all directions on a horizontal plane The coverage area is torus shaped like a donut which makes these antennas ideal for a room environment With a wide coverage area it is possible to make circular overlapping coverage areas with multiple access points Directional antennas concentr...

Page 294: ...Appendix D Wireless LANs AMG1302 AMG1202 TSeries User s Guide 294 ...

Page 295: ...0 1a2f 0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix l...

Page 296: ...ll hosts in a multicast group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 110 Predefined Multicast Address MULTICAST ADDR...

Page 297: ...the first byte of the MAC address See the following example Stateless Autoconfiguration With stateless autoconfiguration in IPv6 addresses can be uniquely and automatically generated Unlike DHCPv6 Dynamic Host Configuration Protocol version six which is used in IPv6 stateful autoconfiguration the owner and status of addresses don t need to be maintained by a DHCP server Every IPv6 device is able t...

Page 298: ...ddress in the IA Each IA holds one type of address IA_NA means an identity association for non temporary addresses and IA_TA is an identity association for temporary addresses An IA_NA option contains the T1 and T2 fields but an IA_TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_...

Page 299: ... identify ICMP for IPv4 ICMPv6 is an integral part of IPv6 IPv6 nodes use ICMPv6 to report errors encountered in packet processing and perform other diagnostic functions such as ping Multicast Listener Discovery The Multicast Listener Discovery MLD protocol defined in RFC 2710 is derived from IPv4 s Internet Group Management Protocol version 2 IGMPv2 MLD uses ICMPv6 message types rather than IGMP ...

Page 300: ...s This allows the router to send and receive IPv6 data over the IPv4 network In this case you must specify B s public IPv4 address on A similarly specify A s public IPv4 address on B in order for packets to arrive at the intended destination through the IPv4 network Figure 178 Configured Tunnel Example 6to4 Tunnel A 6to4 tunnel is an automatic tunnelling mechanism that provides connection between ...

Page 301: ... ipconfig command to see auto generated IP addresses IPv6 is installed and enabled by default in Windows Vista Use the ipconfig command to check your automatic configured IPv6 address as well You should see at least one IPv6 address available for the interface on your computer Example Enabling DHCPv6 on Windows XP Windows XP does not support DHCPv6 If your network uses DHCPv6 for IP address assign...

Page 302: ...ce 3 Select Start Control Panel Administrative Tools Services 4 Double click Dibbler a DHCPv6 client 5 Click Start and then OK 6 Now your computer can obtain an IPv6 address from a DHCPv6 server Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 ...

Page 303: ...Select Start All Programs Accessories Command Prompt 6 Use the ipconfig command to check your dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 1...

Page 304: ...Appendix E IPv6 AMG1302 AMG1202 TSeries User s Guide 304 ...

Page 305: ...the type of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explan...

Page 306: ...otocol a program to enable fast transfer of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used in e commerce ICMP User Defined 1 Internet Control Message Protocol is often used for diagnostic purpo...

Page 307: ...UNNEL GRE User Defined 47 PPTP Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the data channel RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login ROADRUNNER TCP UDP 1026 This is an ISP that provides services mainl...

Page 308: ... UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote h...

Page 309: ...his device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This device generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful int...

Page 310: ... of this warranty contact ZyXEL s Service Center for your Return Material Authorization number RMA Products must be returned Postage Prepaid It is recommended that the unit be insured when shipped Any returned products without proof of purchase or those with an out dated warranty will be repaired or replaced at the discretion of ZyXEL and the customer will be billed for parts and labor All repaire...

Page 311: ... CE Latvian Ar šo ZyXEL deklarē ka iekārtas atbilst Direktīvas 1999 5 EK būtiskajām prasībām un citiem ar to saistītajiem noteikumiem Lithuanian Šiuo ZyXEL deklaruoja kad šis įranga atitinka esminius reikalavimus ir kitas 1999 5 EB Direktyvos nuostatas Dutch Hierbij verklaart ZyXEL dat het toestel uitrusting in overeenstemming is met de essentiële eisen en de andere relevante bepalingen van richtl...

Page 312: ...e calculated by adding the gain of the antenna used specified in dBi to the output power available at the connector specified in dBm Safety Warnings Do NOT use this product near water for example in a wet basement or near a swimming pool Do NOT expose your device to dampness dust or corrosive liquids Do NOT store things on the device Do NOT install use or service this device during a thunderstorm ...

Page 313: ...80 85 PCR 80 85 QoS 80 85 89 SCR 80 85 status 236 authentication 109 110 RADIUS server 110 automatic logout 22 B backup configuration 219 Basic Service Set See BSS 281 Basic Service Set see BSS broadcast 74 BSS 112 281 example 112 C CA 195 288 CBR 80 85 89 certificate factory default 196 Certificate Authority See CA certificates 195 authentication 195 CA public key 195 replacing 196 storage space ...

Page 314: ...0 documentation related 2 Domain Name System see DNS DoS 174 three way handshake 184 thresholds 175 184 185 DSCP 146 DSL connections status 237 dynamic DNS 165 activation 166 wildcard 165 activation 166 Dynamic Host Configuration Protocol see DHCP dynamic WEP key exchange 288 DYNDNS wildcard 165 activation 166 E EAP Authentication 287 encapsulation 73 77 84 ENET ENCAP 86 PPPoA 87 PPPoE 86 RFC 1483...

Page 315: ...ee IBSS 281 initialization vector IV 290 Inside Global Address see IGA Inside Local Address see ILA Internet Control Message Protocol see ICMP Internet Protocol version 6 see IPv6 IP address 69 73 78 84 87 121 132 default 21 default server 153 ping 235 private 132 IP alias 126 configuration 127 NAT applications 158 IP precedence 147 148 configuration 146 IP MAC filter 167 configuration 168 structu...

Page 316: ...3 IGMPInternet Group Multicast Protocol see IGMP Multiple BSS see MBSSID multiplexing 77 84 87 LLC based 87 VC based 87 N nailed up connection 79 88 NAT 84 151 156 157 271 activation 152 address mapping types 158 applications 158 IP alias 158 default server IP address 153 example 158 global 157 IGA 156 ILA 156 inside 157 local 157 outside 157 P2P 152 port forwarding 152 153 activation 155 configur...

Page 317: ...DIUS server 110 registration product 310 related documentation 2 remote management 223 DNS 230 FTP 226 ICMP 230 limitations 224 NAT 224 SSH 231 Telnet 226 WWW 224 reset 19 220 restart 221 restoring configuration 220 RFC 1483 77 84 87 RFC 3164 201 RIP 80 133 Routing Information Protocol see RIP RTS Request To Send 284 threshold 283 284 rules port forwarding 154 S schedules wireless LAN 105 SCR 80 8...

Page 318: ...esholds data fragment 106 109 DoS 175 184 185 P2P 185 time 213 TR 069 15 trademarks 309 traffic shaping 88 example 89 triangle route 188 solutions 189 trusted CAs and certificates 197 U UBR 80 85 90 unicast 74 Universal Plug and Play see UPnP upgrading firmware 217 UPnP 126 cautions 122 NAT traversal 122 URL 167 URL filter URL 167 V VBR 89 VBR nRT 80 85 90 VBR RT 80 85 89 VCI 77 84 87 version firm...

Page 319: ...6 109 RADIUS server 110 scheduling 105 security 109 SSID 110 activation 98 WDS 103 113 compatibility 104 example 113 WEP 111 wizard 35 WPA 111 WPA PSK 111 WPS 101 113 115 activation 102 example 116 limitations 118 PIN 114 push button 18 113 status 103 wireless security 285 Wireless tutorial 41 wizard 29 configuration 30 wireless LAN 35 WLAN interference 283 security parameters 292 WPA 111 289 key ...

Page 320: ...Index AMG1302 AMG1202 TSeries User s Guide 320 ...

Reviews:

No comments

Related manuals for AMG1202-T series

Eaton EMP Quick Start preview
EMP
Brand: Eaton Pages: 2
2N SmartGate Quick Start preview
SmartGate
Brand: 2N Pages: 2
KE2 SmartGate Installation And Setup preview
SmartGate
Brand: KE2 Pages: 16
2Wire HomePortal Installation And Support Manual preview
HomePortal
Brand: 2Wire Pages: 14
Patton SmartNode 4940 Series User Manual preview
SmartNode 4940 Series
Brand: Patton Pages: 59
B meters RFM-C2 WMBUS User Manual preview
RFM-C2 WMBUS
Brand: B meters Pages: 29
TENA 91290 Manual preview
91290
Brand: TENA Pages: 40
H3C MSR3610-I Series Installation Manual preview
MSR3610-I Series
Brand: H3C Pages: 33
QUNDIS Q node 5.5 Operating And Installation Instructions preview
Q node 5.5
Brand: QUNDIS Pages: 48
Enttec DMX ETHERGATE MK3 Quick Start Manual preview
DMX ETHERGATE MK3
Brand: Enttec Pages: 6
Haltian Thingsee ENVIRONMENT RUGGED Quick Manual preview
Thingsee ENVIRONMENT RUGGED
Brand: Haltian Pages: 13
Gree ME30-24/F1 K Owner'S Manual preview
ME30-24/F1 K
Brand: Gree Pages: 44
3Com OfficeConnect User Manual preview
OfficeConnect
Brand: 3Com Pages: 112
Velleman HAA9523S User Manual preview
HAA9523S
Brand: Velleman Pages: 84
Peavey CAB 16i User Manual preview
CAB 16i
Brand: Peavey Pages: 41
GRASS VALLEY IPG-4901 Manual To Installation And Operation preview
IPG-4901
Brand: GRASS VALLEY Pages: 47
ZyXEL Communications 802.11g ADSL 2+ 4-Port Security Gateway HW-D Series User Manual preview
802.11g ADSL 2+ 4-Port Security Gateway HW-D Series
Brand: ZyXEL Communications Pages: 496
Cooper Bussmann 915U-2 User Manual preview
915U-2
Brand: Cooper Bussmann Pages: 115

Brands by name

Popular brands

Load more brands