background image

 Chapter 7 Wireless LAN

AMG1312-T Series User’s Guide

105

her favorite movie is Vanishing Point (which you know was made in 1971) you could use 
“70dodchal71vanpoi” as your security key.

The following sections introduce different types of wireless security you can set up in the wireless 
network.

7.10.3.1  SSID

Normally, the AMG1312-T Series acts like a beacon and regularly broadcasts the SSID in the area. 
You can hide the SSID instead, in which case the AMG1312-T Series does not broadcast the SSID. 
In addition, you should change the default SSID to something that is difficult to guess.

This type of security is fairly weak, however, because there are ways for unauthorized wireless 
devices to get the SSID. In addition, unauthorized wireless devices can still see the information that 
is sent in the wireless network.

7.10.3.2  MAC Address Filter

Every device that can use a wireless network has a unique identification number, called a MAC 
address.

1

 A MAC address is usually written using twelve hexadecimal characters

2

; for example, 

00A0C5000002 or 00:A0:C5:00:00:02. To get the MAC address for each device in the wireless 
network, see the device’s User’s Guide or other documentation.

You can use the MAC address filter to tell the AMG1312-T Series which devices are allowed or not 
allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to 
have the correct information (SSID, channel, and security). If a device is not allowed to use the 
wireless network, it does not matter if it has the correct information.

This type of security does not protect the information that is sent in the wireless network. 
Furthermore, there are ways for unauthorized wireless devices to get the MAC address of an 
authorized device. Then, they can use that MAC address to use the wireless network.

7.10.3.3  User Authentication

Authentication is the process of verifying whether a wireless device is allowed to use the wireless 
network. You can make every user log in to the wireless network before using it. However, every 
device in the wireless network has to support IEEE 802.1x to do this.

For wireless networks, you can store the user names and passwords for each user in a RADIUS 
server. This is a server used in businesses more than in homes. If you do not have a RADIUS server, 
you cannot set up user names and passwords for your users.

Unauthorized wireless devices can still see the information that is sent in the wireless network, 
even if they cannot use the wireless network. Furthermore, there are ways for unauthorized 
wireless users to get a valid user name and password. Then, they can use that user name and 
password to use the wireless network.

1.

Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds 
of wireless devices might not have MAC addresses.

2.

Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F.

Summary of Contents for AMG1312-T Series

Page 1: ... AMG1312 T Series Wireless N ADSL2 4 port Gateway with USB Version 2 00 Edition 1 8 2013 Copyright 2013 ZyXEL Communications Corporation User s Guide Default Login Details LAN IP Address http 192 168 1 1 User Name admin Password 1234 ...

Page 2: ...in this book may differ slightly from the product due to differences in operating systems operating system versions or if you installed updated firmware software for your device Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the AMG1312 T Series and access the Web Configurator I...

Page 3: ...ystem Info Screens 63 Broadband 68 Wireless LAN 87 Home Networking 115 Static Route 132 Quality of Service QoS 136 Network Address Translation NAT 147 Port Binding 157 Dynamic DNS Setup 161 Filters 163 Firewall 168 Parental Control 186 Certificate 189 Logs 194 Traffic Status 196 User Account 199 TR 069 Client 200 System Settings 202 Firmware Upgrade 205 Backup Restore 207 Remote Management 210 Dia...

Page 4: ...ess Access 15 1 5 General Hardware Features 16 1 6 Using the WPS Button 17 1 7 The RESET Button 18 1 7 1 Using the Reset Button 18 1 8 Ways to Manage the AMG1312 T Series 18 Chapter 2 Introducing the Web Configurator 19 2 1 Overview 19 2 1 1 Accessing the Web Configurator 19 2 2 The Web Configurator Layout 22 2 2 1 Title Bar 23 2 2 2 Main Window 24 2 2 3 Navigation Panel 24 Chapter 3 Internet Wire...

Page 5: ... Port Binding 55 4 10 Configuring QoS to Prioritize Traffic 56 4 11 Access the AMG1312 T Series from the Internet Using DDNS 59 4 11 1 Registering a DDNS Account on www dyndns org 59 4 11 2 Configuring DDNS on Your AMG1312 T Series 60 4 11 3 Testing the DDNS Setting 60 Part II Technical Reference 61 Chapter 5 Connection Status and System Info Screens 63 5 1 Overview 63 5 2 The Connection Status Sc...

Page 6: ...K 91 7 2 4 WPA 2 Authentication 92 7 3 The More Guest AP Screen 94 7 3 1 More AP Edit 94 7 4 The MAC Authentication Screen 96 7 5 The WPS Screen 97 7 6 The WDS Screen 99 7 7 The WMM Screen 100 7 8 The Scheduling Screen 100 7 9 The Advanced Screen 101 7 10 Wireless LAN Technical Reference 102 7 10 1 Wireless Network Overview 102 7 10 2 Additional Wireless Terms 104 7 10 3 Wireless Security Overview...

Page 7: ... Route 132 9 1 Overview 132 9 1 1 What You Can Do in the Static Route Screens 133 9 2 The Static Route Screen 133 9 2 1 Static Route Add Edit 133 9 3 IPv6 Static Route 134 9 3 1 IPv6 Static Route Edit 135 Chapter 10 Quality of Service QoS 136 10 1 Overview 136 10 1 1 What You Can Do in the QoS Screens 136 10 1 2 What You Need to Know About QoS 137 10 2 The Quality of Service General Screen 137 10 ...

Page 8: ... 6 5 NAT Mapping Types 155 Chapter 12 Port Binding 157 12 1 Overview 157 12 1 1 What You Can Do in the Port Binding Screens 158 12 2 The Port Binding General Screen 158 12 3 The Port Binding Screen 158 12 3 1 Port Binding Summary Screen 159 Chapter 13 Dynamic DNS Setup 161 13 1 Overview 161 13 1 1 What You Can Do in the DDNS Screen 161 13 1 2 What You Need To Know About DDNS 161 13 2 The Dynamic D...

Page 9: ...nhancing Security With Your Firewall 182 15 6 3 Security Considerations 183 15 6 4 Triangle Route 183 Chapter 16 Parental Control 186 16 1 Overview 186 16 2 The Parental Control Screen 186 16 2 1 Add Edit Parental Control Rule 187 Chapter 17 Certificate 189 17 1 Overview 189 17 1 1 What You Can Do in this Chapter 189 17 2 What You Need to Know 189 17 3 Local Certificates 189 17 4 The Trusted CA Sc...

Page 10: ...ngs Screens 202 22 2 The System Screen 202 22 3 The Time Screen 202 Chapter 23 Firmware Upgrade 205 23 1 Overview 205 23 2 The Firmware Screen 205 Chapter 24 Backup Restore 207 24 1 Overview 207 24 2 The Backup Restore Screen 207 24 3 The Reboot Screen 209 Chapter 25 Remote Management 210 25 1 Overview 210 25 1 1 What You Can Do in the Remote Management Screens 210 25 1 2 What You Need to Know Abo...

Page 11: ...l Screen 221 26 3 The DSL Line Screen 222 Chapter 27 Troubleshooting 224 27 1 Power Hardware Connections and LEDs 224 27 2 AMG1312 T Series Access and Login 225 27 3 Internet Access 227 Appendix A Setting up Your Computer s IP Address 229 Appendix B IP Addresses and Subnetting 249 Appendix C Pop up Windows JavaScripts and Java Permissions 257 Appendix D Wireless LANs 264 Appendix E IPv6 277 Append...

Page 12: ...12 PART I User s Guide ...

Page 13: ...13 ...

Page 14: ...for troubleshooting by service engineers FTP for firmware upgrades and configuration backup restore TR 069 This is an auto configuration server used to remotely configure your device 1 3 Good Habits for Managing the AMG1312 T Series Do the following things regularly to make the AMG1312 T Series more secure and to manage the AMG1312 T Series more effectively Change the password Use a password that ...

Page 15: ... not allowed but you can safely browse the Internet and download files Use the filtering feature to block access to specific web sites or Internet applications such as MSN or Yahoo Messenger You can also configure IP MAC filtering rules for incoming or outgoing traffic Use QoS to efficiently manage traffic on your network by giving priority to certain types of traffic and or to particular computer...

Page 16: ... receiving power and ready for use Blinking The AMG1312 T Series is self testing Red On The AMG1312 T Series detected an error while self testing or there is a device malfunction Off The AMG1312 T Series is not receiving power Ethernet 1 4 Green On The AMG1312 T Series has an Ethernet connection with a device on the Local Area Network LAN Blinking The AMG1312 T Series is sending receiving data to ...

Page 17: ...ng The AMG1312 T Series is initializing the DSL line Off The DSL line is down INTERNET Green On The AMG1312 T Series has an IP connection but no traffic Your device has a WAN IP address either static or assigned by a DHCP server PPP negotiation was successfully completed if used and the DSL connection is up Blinking The AMG1312 T Series is sending or receiving IP traffic Red On The AMG1312 T Serie...

Page 18: ...means that you will lose all configurations that you had previously and the user name and password will be reset to the default 1 7 1 Using the Reset Button 1 Make sure the POWER LED is on not blinking 2 To set the device back to the factory default settings press the RESET button for ten seconds or until the POWER LED begins to blink and then release it When the POWER LED begins to blink the defa...

Page 19: ... browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default See Appendix C on page 257 if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Configurator 1 Make sure your AMG1312 T Series hardware is properly connected refer to the Qui...

Page 20: ...e minutes default If this happens log in again 5 The following screen displays if you have not yet changed your password It is strongly recommended you change the default password Enter a new password retype it to confirm and click Apply alternatively click Skip to proceed to the Connection Status screen if you do not want to change the password now Figure 5 Change Password Screen 6 The Connection...

Page 21: ...ducing the Web Configurator AMG1312 T Series User s Guide 21 Figure 6 Connection Status 7 Click System Info to display the System Info screen where you can view the AMG1312 T Series s interface and system information ...

Page 22: ...r s Guide 22 2 2 The Web Configurator Layout Click Connection Status System Info to show the following screen Figure 7 Web Configurator Layout Screen As illustrated above the main screen is divided into these parts A title bar B main window C navigation panel A B C ...

Page 23: ...pter 2 Introducing the Web Configurator AMG1312 T Series User s Guide 23 2 2 1 Title Bar The title bar shows the following icon in the upper right corner Click this icon to log out of the web configurator ...

Page 24: ... network status of the AMG1312 T Series and computers devices connected to it Network Setting Broadband Internet Connection Use this screen to configure ISP parameters WAN IP address assignment DNS servers and other advanced properties More Connections Use this screen to configure additional WAN connections 3G Backup Use this screen to configure 3G WAN connection Wireless General Use this screen t...

Page 25: ...s NAT General Use this screen to activate deactivate NAT Port Forwarding Use this screen to make your local servers visible to the outside world DMZ Use this screen to configure a default server which receives packets from ports that are not specified in the Port Forwarding screen ALG Use this screen to enable or disable SIP ALG Port Binding General Use this screen to activate deactivate port bind...

Page 26: ... Users Account Use this screen to configure the passwords your user accounts TR 069 Client TR 069 Client Use this screen to configure the AMG1312 T Series to be managed by an Auto Configuration Server ACS System System Use this screen to configure management inactivity time out setting Time Time Setting Use this screen to change your AMG1312 T Series s time and date Log Setting Log Setting Use thi...

Page 27: ...menu chapters for background information on these fields 3 2 Internet Wireless Wizard Setup 1 After you enter the password to access the web configurator click the Wizard icon in the top right corner of the web configurator to go to the Wizard 2 Click INTERNET WIRELESS SETUP to configure the system for Internet access and wireless connection 3 Select your Time Zone from the drop down menu and clic...

Page 28: ...P PPPoA or PPPoE Multiplex Select the multiplexing method used by your ISP from the Multiplex drop down list box either VC based or LLC based VPI Enter the Virtual Path Identifier VPI assigned to you This field may already be configured VCI Enter the Virtual Channel Identifier VCI assigned to you This field may already be configured IP Address Enter the IP address of the AMG1312 T Series Default G...

Page 29: ...dentifier VCI assigned to you This field may already be configured Select Yes to enter specific IP information from your Internet service provider Enter your Internet access information exactly as your service provider gave it to you IP Address Enter the IP address of the AMG1312 T Series Subnet Mask Enter the subnet mask in dotted decimal notation Refer to the appendix to calculate a subnet mask ...

Page 30: ...ect the multiplexing method used by your ISP from the Multiplex drop down list box either VC based or LLC based VPI Enter the Virtual Path Identifier VPI assigned to you This field may already be configured VCI Enter the Virtual Channel Identifier VCI assigned to you This field may already be configured IP Address Enter the IP address of the AMG1312 T Series Primary DNS Server Enter the primary DN...

Page 31: ...name above Multiplex Select the multiplexing method used by your ISP from the Multiplex drop down list box either VC based or LLC based VPI Enter the Virtual Path Identifier VPI assigned to you This field may already be configured VCI Enter the Virtual Channel Identifier VCI assigned to you This field may already be configured Select Yes to enter specific IP information from your Internet service ...

Page 32: ...ce Click this to enable or disable wireless service on the ZyXEL device Wireless Network Name SSID Enter a descriptive name up to 32 printable 7 bit ASCII characters for the wireless LAN If you change this field on the AMG1312 T Series make sure all wireless stations use the same SSID in order to access the network Channel Selection The range of radio frequencies used by IEEE 802 11b g wireless de...

Page 33: ...d navigate to www zyxel com Internet access is just the beginning Refer to the rest of this guide for more detailed information on the complete range of AMG1312 T Series features If you cannot access the Internet open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct ...

Page 34: ...s from the Internet Using DDNS see page 59 4 2 Setting Up Your DSL Connection This tutorial shows you how to set up your Internet connection using the web configurator If you connect to the Internet through a DSL connection use the information from your Internet Service Provider ISP to configure the AMG1312 T Series Do the following steps 1 Connect the AMG1312 T Series properly Refer to the Quick ...

Page 35: ...on General Mode Router Encapsulation PPPoE User Name 1234 DSL Ex com Password ABCDEF Service Name My DSL Multiplex LLC IPv6 IPv4 Dual Stack Enabled PPP Authentication Auto VPI 0 VCI 33 Others IP Address Obtain IP Address Automatically DNS Server Obtained From ISP IPv6 Address Obtain IPv6 Address Automatically DHCP IPv6 DHCP DHCP PD Enable WAN Identifier Type EUI64 ...

Page 36: ...o Network Setting Broadband enter or select these values and click Apply This completes your DSL WAN connection setting 4 3 IPv6 Address Configuration If the ISP s network supports IPv6 the ISP may assign an IPv6 address to the AMG1312 T Series automatically ...

Page 37: ...nternet In this wireless network the AMG1312 T Series serves as an access point AP and the notebook is the wireless client The wireless client can access the Internet through the AP Thomas has to configure the wireless network settings on the AMG1312 T Series Then he can set up a wireless network using WPS Section 4 4 2 on page 38 or manual configuration Section 4 4 3 on page 42 4 4 1 Configuring ...

Page 38: ... his notebook and the AMG1312 T Series see Section 4 4 2 on page 38 He can also use the notebook s wireless client to search for the AMG1312 T Series see Section 4 4 3 on page 42 4 4 2 Using WPS This section shows you how to set up a wireless network using WPS WPS is a way to automatically set up a secure wireless network connection between an AP and a notebook Limitations of using WPS are that is...

Page 39: ...s enabled and the wireless security mode is set to WPA PSK2 or No Security in the Network Setting Wireless General screen 4 In the wireless client utility go to the WPS setting page Enable WPS and press the WPS button Start or WPS button 5 Push and hold the WPS button on the AMG1312 T Series for 1 2 seconds Alternatively you may log into AMG1312 T Series s web configuration enable WPS and click th...

Page 40: ...s web config ur at or and the wireless client s utility 1 Launch your wireless client s configuration utility Go to the WPS settings and select the PIN method to get a PIN number 2 Enter the PIN number in the PIN section in the Network Setting Wireless WPS screen on the AMG1312 T Series Wireless Client The Device SECURITY INFO COMMUNICATION WITHIN 2 MINUTES Press and hold for 5 seconds ...

Page 41: ...reen within two minutes The AMG1312 T Series authenticates the wireless client and sends the proper configuration settings to the wireless client This may take up to two minutes The wireless client is then able to communicate with the AMG1312 T Series securely The following figure shows you how to set up a wireless network and its security on a AMG1312 T Series and a wireless client by using PIN m...

Page 42: ...ibes how to connect wirelessly to your AMG1312 T Series The connection procedure is shown here using Windows XP as an example 1 Right click the wireless adapter icon which appears in the bottom right of your computer monitor Click View Available Wireless Networks Authentication by PIN SECURITY INFO WITHIN 2 MINUTES Wireless Client The Device COMMUNICATION ...

Page 43: ...SSID SecureWirelessNetwork is given here as an example Tutorial Status 3 You are prompted to enter a password Enter it and click Connect Tutorial Status 4 You may have to wait several minutes while your computer connects to the wireless network 5 You should now be securely connected wirelessly to the AMG1312 T Series Tutorial Status A ...

Page 44: ...5 Configuring the MAC Address Filter for Restricting Wireless Internet Access Thomas noticed that his daughter Josephine spends too much time surfing the web and downloading media files He decided to prevent Josephine from accessing the Internet so that she can concentrate on preparing for her final exams Josephine s computer connects wirelessly to the Internet through the AMG1312 T Series Thomas ...

Page 45: ...irelessly through the AMG1312 T Series 4 6 Setting Up NAT Forwarding for a Game Server Thomas manages a Doom server on a computer behind the AMG1312 T Series In order for players on the Internet like A in the figure below coming through the default WAN connection PVC0 to communicate with the Doom server Thomas can use port forwarding C ipconfig all Ethernet adapter Wireless Network Connection Medi...

Page 46: ...er computer which has an IP address of 192 168 1 34 Thomas may set up the port settings by configuring the port settings for the Doom server computer see Section 11 3 on page 149 for more information 1 Activate NAT in the Network Setting NAT General screen Click Apply 2 Click Network Setting NAT Port Forwarding Select PVC0 as the WAN interface and click Add new rule 3 Configure the screen with the...

Page 47: ...Configuring Firewall Rules to Allow a Specified Service By default the firewall will block traffic originating from the WAN 1 However if you are running a server or other service you may need to allow access from the WAN 2 The following tutorial will show how to allow traffic from WAN to LAN if it matches a specified port number Service Name Select User Define Start End Ports Enter 666 as the Star...

Page 48: ...ules tab In the Packet Direction field select WAN to LAN and click Add Tutorial Advanced QoS Queue Setup 3 The Add New Firewall Rule screen will appear Click the Edit Customized Services button to access the following screen Click Add and configure the following settings In this tutorial a hypothetical port 123 is allowed Click OK WAN LAN 1 2 A Service Name My_Service Service Type TCP Port Number ...

Page 49: ...T Series User s Guide 49 Tutorial Advanced QoS Queue Setup 4 In the Add New Firewall Rule screen select Active In the Available Services field select the service you configured My_Service Click OK Tutorial Advanced QoS Queue Setup ...

Page 50: ...how to configure a static routing rule for two network routings In the following figure router R is connected to the AMG1312 T Series s LAN R connects to two networks N1 192 168 1 x 24 and N2 192 168 10 x 24 If you want to send traffic from computer A in N1 network to computer B in N2 network the traffic is sent to the AMG1312 T Series s WAN default gateway by default In this case B will never rec...

Page 51: ...Static Route screen 4 Configure the Static Route Setup screen using the following settings 4a Type 192 168 10 0 and subnet mask 255 255 255 0 for the destination N2 4b Type 192 168 1 253 R s N1 address in the Gateway IP Address field 4c Enter 1 in the Metric field Table 8 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The AMG1312 T Series s WAN 172 16 1 1 The AMG1312 T Series s LAN 192 16...

Page 52: ...S settings are also configured for another WAN PVC for non time sensitive data traffic 4 9 1 Configuring ATM QoS for Multiple WAN Connections This example shows an application for multiple WAN connections with different ATM QoS Settings More than one WAN connection on the AMG1312 T Series may be configured to record traffic statistics or calculate service charges Three WAN connections are configur...

Page 53: ...Chapter 4 Tutorials AMG1312 T Series User s Guide 53 To configure bandwidth for the data connection select UBR with PCR in the ATM QoS Type field Click Apply E X A M P L E ...

Page 54: ...s 943 divide the bandwidth 400000 bps by 424 Click Apply to save the settings To configure variable bandwidth of 2 Mbps for MOD data connection select Realtime VBR in the ATM QoS Type field Set the Peak Cell Rate as 4717 divide the bandwidth 2mbps by 424 and set both the Sustain Cell Rate and Maximum Burst Size as 4716 which is less than the peak cell rate Click Apply to save the settings ...

Page 55: ...s so traffic from these ports is forwarded through specific WAN PVCs In the configuration shown below the WAN connections set up in the previous section are bound as follows 1 Access the port binding screen by clicking Network Setting Port Binding and select Activated Port Binding to turn on the port binding feature 2 Click the Port Binding tab specify the Group Index and select the ports to inclu...

Page 56: ...ay Your colleagues use the Internet for research as well as chat applications for communicating with other branch offices In the following figure you want to configure QoS so that e mail traffic gets the highest priority You can do the following Configure a queue to assign the highest priority queue 1 to e mail traffic from the LAN interface so that e mail traffic would not get delayed when there ...

Page 57: ...ct Active and give it a name Queue1 in this example Select WAN in the Interface field and 1 in the Priority and Weight fields Then click OK Tutorial Advanced QoS Queue Setup 4 Go to Network Setting QoS Class Setup and click Add new Classifier 5 Select Active and follow the settings as shown in the screen below Then click OK Note that you have to select TCP in the IP Protocol field first then you c...

Page 58: ...Chapter 4 Tutorials AMG1312 T Series User s Guide 58 Tutorial Advanced QoS Class Setup ...

Page 59: ...e you have to apply for DDNS service at www dyndns org This tutorial shows you how to Registering a DDNS Account on www dyndns org Configuring DDNS on Your AMG1312 T Series Testing the DDNS Setting Note If you have a private WAN IP address then you cannot use DDNS 4 11 1 Registering a DDNS Account on www dyndns org 1 Open a browser and type http www dyndns org Interface Select From LAN To Queue Li...

Page 60: ...same account and host name on the AMG1312 T Series later 4 11 2 Configuring DDNS on Your AMG1312 T Series Configure the following settings in the Network Setting Dynamic DNS screen Select Active Dynamic DNS Select www dyndns org in the Service Provider field Type zyxelrouter dyndns org in the Host Name field Enter the user name UserName1 and password 12345 Click Apply 4 11 3 Testing the DDNS Setti...

Page 61: ...61 PART II Technical Reference ...

Page 62: ...62 ...

Page 63: ... to look at the current status of the device system resources and interfaces LAN WAN WLAN 5 2 The Connection Status Screen Use this screen to view the network connection status of the device and its clients A warning message appears if there is a connection problem If you prefer to view the status in a list click List View in the Viewing mode selection box You can configure how often you want the ...

Page 64: ...nection Status List View In Icon View if you want to view information about a client click the client s name and then click on Info In List View you can also view the client s information 5 3 The System Info Screen Click Connection Status System Info to open this screen Figure 17 System Info Screen ...

Page 65: ... Gateway This is the IP address of the default gateway if applicable Primary Secondary DNS This is the primary secondary DNS server IP address assigned to the AMG1312 T Series IPv6 Global IP This is the current IPv6 address of the AMG1312 T Series in the WAN Click this to go to the screen where you can change it IPv6 Prefix Length This is the current IPv6 prefix length in the WAN IPv6 Gateway This...

Page 66: ...ling This displays whether WLAN scheduling is activated WiFi MAC This is the MAC Media Access Control of the WiFi interface Security Firewall This displays whether or not the AMG1312 T Series s firewall is activated Click this to go to the screen where you can change it Interface Status Interface This column displays each interface the AMG1312 T Series has Status This field indicates whether or no...

Page 67: ...This field displays what percentage of the AMG1312 T Series s processing ability is currently used When this percentage is close to 100 the AMG1312 T Series is running at full load and the throughput is not going to improve anymore If you want some applications to have more throughput you should turn off other applications Memory Usage This field displays what percentage of the AMG1312 T Series s ...

Page 68: ...n screen Section 6 2 on page 69 to configure the WAN settings on the AMG1312 T Series for Internet access Use the More Connections screen Section 6 3 on page 75 to set up additional Internet access connections Use the 3G Backup screen to configure 3G WAN connection Section 6 4 on page 80 6 1 2 What You Need to Know About WAN Encapsulation Method Encapsulation is used to include data from an upper ...

Page 69: ...t everybody and not just one IGMP IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast group it is not used to carry user data There are three versions of IGMP IGMP version 2 and 3 are improvements over version 1 but IGMP version 1 is still in wide use IPv6 IPv6 Internet Protocol version 6 is designed to increase IP address space and enhanc...

Page 70: ...Chapter 6 Broadband AMG1312 T Series User s Guide 70 Figure 19 Network Setting Broadband Internet Connection Auto Sync Up ...

Page 71: ...the Mode field select PPPoA RFC 1483 ENET ENCAP or PPPoE If you select Bridge in the Mode field method of encapsulation is not available User Name PPPoA and PPPoE encapsulation only Enter the user name exactly as your ISP assigned If assigned a name in the form user domain where domain identifies a service name then enter both components exactly as given Password PPPoA and PPPoE encapsulation only...

Page 72: ... want to have the AMG1312 T Series use the IPv6 prefix from the connected router s Router Advertisement RA to generate an IPv6 address DHCP IPv6 Select DHCP if you want to obtain an IPv6 address from a DHCPv6 server The IP address assigned by a DHCPv6 server has priority over the IP address automatically generated by the AMG1312 T Series using the IPv6 prefix from an RA Select SLAAC Stateless addr...

Page 73: ...idge traffic between the WAN interface and certain Ethernet port s and or SSID s Other ports and SSIDs will be still in router mode with the WAN interface Note The port binding feature will be disabled automatically when you select this option Connection PPPoA and PPPoE encapsulation only Keep Alive Select Keep Alive when you want your connection up all the time The AMG1312 T Series will try to br...

Page 74: ... protocol used to establish membership in a multicast group The AMG1312 T Series supports IGMP v1 IGMP v2 and IGMP v3 Select None to disable it MLD Proxy Select the version of MLD proxy v1 or v2 to have the AMG1312 T Series act as for this connection This allows the AMG1312 T Series to get subscription information and maintain a joined member list for each multicast group It can reduce multicast t...

Page 75: ...em default is 0 cells sec Maximum Burst Size Maximum Burst Size MBS refers to the maximum number of cells that can be sent at the peak rate Type the MBS which is less than 65535 PPPoE Passthrough If encapsulation type is PPPoE select this to enable PPPoE Passthrough In addition to the Device s built in PPPoE client you can select this to allow hosts on the LAN to use PPPoE client software on their...

Page 76: ...ad only in this screen Use the Broadband Internet Connection screen to edit it Click the Edit icon to edit the Internet connection settings Click this icon on an empty configuration to add a new Internet access setup Click the Remove icon to delete the Internet access setup from your connection list Ethernet Connections Table This is an index number indicating the number of the corresponding conne...

Page 77: ... Setting Broadband More Connections Edit The following table describes the labels in this screen Table 14 Network Setting Broadband More Connections Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection ...

Page 78: ...ddress type If you select Disable the AMG1312 T Series will operate in IPv4 mode VPI The valid range for the VPI is 0 to 255 Enter the VPI assigned to you VCI The valid range for the VCI is 32 to 65535 0 to 31 is reserved for local management of ATM traffic Enter the VCI assigned to you IP Address This option is available if you select Router in the Mode field A static IP address is a fixed IP tha...

Page 79: ...o establish membership in a multicast group The AMG1312 T Series supports IGMP v1 IGMP v2 and IGMP v3 Select None to disable it ATM QoS ATM QoS Type Select CBR Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select UBR Unspecified Bit Rate for applications that are non time sensitive such as e mail Select nrtVBR Variable Bit Rate non Real Time or rtVBR Variable B...

Page 80: ...n available Note This AMG1312 T Series supports connecting one 3G dongle at a time Figure 24 Internet Access Application 3G WAN Use this screen to configure your 3G settings Click Network Setting Broadband 3G Backup MTU The Maximum Transmission Unit MTU defines the size of the largest packet allowed on an interface or connection Enter the MTU in this field For ENET ENCAP the MTU value is 1500 For ...

Page 81: ... manufacturer and model name of your 3G card if you inserted one in the AMG1312 T Series Otherwise it displays N A Username Type the user name of up to 64 ASCII printable characters given to you by your service provider Password Type the password of up to 64 ASCII printable characters associated with the user name above PIN A PIN Personal Identification Number code is a key to a 3G card Without th...

Page 82: ...es from the ISP automatically Use the following static IP address Select this to have the AMG1312 T Series use the DNS server addresses you configure manually IP Address Enter your WAN IP address in this field if you selected Use the following static IP address DNS server Obtain DNS info dynamically Select this to have the Device get the DNS server addresses from the ISP automatically Use the foll...

Page 83: ...PoE saves significant effort for both you and the ISP or carrier as it requires no specific configuration of the broadband modem at the customer site By implementing PPPoE directly on the AMG1312 T Series rather than individual computers the computers on the LAN do not need PPPoE software installed since the AMG1312 T Series does that part of the task Furthermore with NAT all of the LANs computers...

Page 84: ...nabled or disabled if you have either a dynamic or static IP However the encapsulation method assigned influences your choices for IP address and ENET ENCAP gateway IP Assignment with PPPoA or PPPoE Encapsulation If you have a dynamic IP then the IP Address and Gateway IP Address fields are not applicable N A If you have a Static IP Address assigned by your ISP then they should also assign you a S...

Page 85: ...CR is the maximum rate at which the sender can send cells This parameter may be lower but not higher than the maximum line speed 1 ATM cell is 53 bytes 424 bits so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells sec This rate is not guaranteed because it is dependent on the line speed Sustained Cell Rate SCR is the mean cell rate of each bursty traffic source It specifies the maximum ...

Page 86: ... real time Variable Bit Rate type is used with bursty connections that require closely controlled delay and delay variation It also provides a fixed amount of bandwidth a PCR is specified but is only available when data is being sent An example of an VBR RT connection would be video conferencing Video conferencing requires real time data transfers and the bandwidth requirement varies in proportion...

Page 87: ... and or set up a guest wireless network on your AMG1312 T Seriesto allow associated wireless clients to access the Internet Use the MAC Authentication screen to allow or deny wireless clients based on their MAC addresses from connecting to the AMG1312 T Series Section 7 4 on page 96 Use the WPS screen see Section 7 5 on page 97 to enable or disable WPS generate a security PIN Personal Identificati...

Page 88: ...ork support IEEE 802 11g for example What is the most appropriate standard to use What security options do the other wireless devices in your network support WPA PSK for example What is the strongest security option supported by all the devices in your network Do the other wireless devices in your network support WPS Wi Fi Protected Setup If so you can set up a well secured network very easily Eve...

Page 89: ...the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool Client Isolation Select this to keep the wireless clients in this SSID from communicating with each other through the AMG1312 T Series MBSSID LAN Isolation Select this to keep the wireless clients in this SSID from communicating with clients in other SSIDs or wired LAN devices throug...

Page 90: ...nications private Both the wireless stations and the access points must use the same WEP key Security Mode Select Basic WEP or More Secure WPA 2 PSK WPA 2 to add security on this wireless network The wireless clients which want to associate to this network must have same wireless security settings as the AMG1312 T Series When you select to use a security additional options appears in this screen O...

Page 91: ...ryption and user authentication over WEP Using a Pre Shared Key PSK both the AMG1312 T Series and the connecting client share a common password in order to validate the connection This type of encryption while robust is not as strong as WPA WPA2 or even WPA2 PSK The WPA2 PSK security mode is a newer more robust version of the WPA encryption standard It offers slightly better security although the ...

Page 92: ...A 2 and WPA 2 PSK are the same The only difference between the two is that WPA 2 PSK uses a simple common password instead of user specific credentials Type a pre shared key from 8 to 63 case sensitive keyboard characters more hide more Click more to show more fields in this section Click hide more to hide them WPA PSK Compatible This field appears when you choose WPA PSK2 as the Security Mode Sel...

Page 93: ...authentication server You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password up to 31 alphanumeric characters as the key to be shared between the external authentication server and the AMG1312 T Series The key must be the same on the external authentication server and your AMG1312 T Series The key is not se...

Page 94: ...ble the AMG1312 T Series uses either TKIP and AES TKIPAES MIX for data encryption If you choose WPA2 as the security mode but disable WPA PSK Compatible the AMG1312 T Series uses AES for data encryption Table 20 Wireless General More Secure WPA 2 continued LABEL DESCRIPTION Table 21 Network Setting Wireless More guest AP LABEL DESCRIPTION This is the index number of each SSID profile Active This f...

Page 95: ... Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool Guest WLAN Select this check box to enable and configure the guest wireless network Security Level Security Mode Select Basic WEP or More Secure WPA 2 PSK WPA 2 to add security on this wireless network The wireless clients which want to associ...

Page 96: ...ect the SSID for which you want to configure MAC filter settings MAC List Define the filter action for the list of MAC addresses in the MAC Address table Select Disable to turn off MAC filtering Select Allow to permit access to the AMG1312 T Series MAC addresses not listed will be denied access to the AMG1312 T Series Select Deny to block access to the AMG1312 T Series MAC addresses not listed wil...

Page 97: ...eries applies the security settings configured in the General screen see Section 7 2 on page 88 If you want to use the WPS feature make sure you have set the security mode to WPA PSK WPA2 PSK or No Security Click Network Setting Wireless WPS The following screen displays Select Enable and click Apply to activate the WPS function Then you can configure the WPS settings in this screen Figure 35 Netw...

Page 98: ...ice you want to connect to using WPS The PIN is not necessary when you use WPS push button method Click the Generate New PIN button to have the AMG1312 T Series create a new PIN Status This displays Configured when the AMG1312 T Series has connected to a wireless network using WPS or Enable WPS is selected and wireless or wireless security settings have been changed The current wireless and wirele...

Page 99: ...Setting Wireless WDS The following table describes the labels in this screen Table 25 Network Setting Wireless WDS LABEL DESCRIPTION WDS Security Select the type of the key used to encrypt data between APs All the wireless APs including the AMG1312 T Series must use the same pre shared key for data transmission The option is available only when you set the security mode to WPA 2 or WPA 2 PSK in th...

Page 100: ...ble or disable the wireless LAN Click Network Setting Wireless Scheduling The following screen displays Figure 38 Network Setting Wireless Scheduling Table 26 Network Setting Wireless WMM LABEL DESCRIPTION Enable WMM of SSID1 4 Use the checkboxes to determine whether to have the AMG1312 T Series automatically give a service a priority level according to the ToS value in the IP header of packets it...

Page 101: ...ss LAN Day Check the day s you want to turn the wireless LAN on or off Time 24 Hour Format Specify a time frame during which the schedule would apply For example if you set the time range from 12 00 to 23 00 the wireless LAN will be turned on only during this time period Apply Click this to save your changes Cancel Click this to restore your previously saved settings Table 28 Network Setting Wirel...

Page 102: ...lect 802 11g n to allow either IEEE 802 11g or IEEE 802 11n compliant WLAN devices to associate with the AMG1312 T Series The transmission rate of your AMG1312 T Series might be reduced Select 802 11b g n to allow IEEE 802 11b IEEE 802 11g or IEEE802 11n compliant WLAN devices to associate with the AMG1312 T Series The transmission rate of your AMG1312 T Series might be reduced Channel Width Selec...

Page 103: ...eries is the AP Every wireless network must follow these basic guidelines Every device in the same wireless network must use the same SSID The SSID is the name of the wireless network It stands for Service Set IDentifier If two wireless networks overlap they should use a different channel Like radio stations or television channels each wireless network uses a specific channel or frequency to send ...

Page 104: ...y in effectiveness Some can be broken such as the old Wired Equivalent Protocol WEP Using WEP is better than using no security at all but it will not keep a determined attacker out Other security standards are secure in themselves but can be broken if a user does not use them properly For example the WPA PSK security standard is very secure if you use a long key which is difficult for an attacker ...

Page 105: ...wireless network it still has to have the correct information SSID channel and security If a device is not allowed to use the wireless network it does not matter if it has the correct information This type of security does not protect the information that is sent in the wireless network Furthermore there are ways for unauthorized wireless devices to get the MAC address of an authorized device Then...

Page 106: ...le for unauthorized wireless devices to figure out the original information pretty quickly When you select WPA2 or WPA2 PSK in your AMG1312 T Series you can also select an option WPA compatible to support WPA as well In this case if some of the devices support WPA and some support WPA2 you should set up WPA2 PSK or WPA2 depending on the type of wireless network login and select the WPA compatible ...

Page 107: ...MBSSID Traditionally you need to use different APs to configure different Basic Service Sets BSSs As well as the cost of buying extra APs there is also the possibility of channel interference The AMG1312 T Series s MBSSID Multiple Basic Service Set IDentifier function allows you to use one access point to provide several BSSs simultaneously You can then assign varying QoS priorities and or securit...

Page 108: ...t up a secure wireless network WPS is an industry standard specification defined by the WiFi Alliance WPS allows you to quickly set up a wireless network with strong security without having to configure security settings manually Each WPS connection works between two devices Both devices must support WPS check each device s documentation to make sure Depending on the devices you have you can eithe...

Page 109: ...hod you must enter the PIN from one device usually the wireless client into the second device usually the Access Point or wireless router Then when WPS is activated on the first device it presents its PIN to the second device If the PIN matches one device sends the network and security information to the other allowing it to join the network Take the following steps to set up a WPS connection betw...

Page 110: ...k and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the registrar is already part of a network it sends the existing information If not it generates the SSID and WPA 2 PSK...

Page 111: ...he security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has connected to another device using WPS it becomes configured A configured wireless client can still act as enrollee or registrar in subsequent WPS connections but a configured access point can no longer act as enrollee It will be the registrar in all subsequent WPS connections in which it is invol...

Page 112: ...he registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 Figure 46 WPS Example Network Step 2 In step 3 you add another access point AP2 to your network AP2 is out of range of AP1 so you cannot use AP1 for the WPS handshake with the new access point However you know that Client 2 supports the registrar functi...

Page 113: ...WPA PSK or WPA2 PSK depends on the device You can check the configuration interface of the registrar device to discover the key the network is using if the device supports this feature Then you can enter the key into the non WPS device and join the network as normal the non WPS device must also support WPA PSK or WPA2 PSK When you use the PBC method there is a short period from the moment you pres...

Page 114: ...e or was not involved in the WPS handshake a rogue device must still associate with the access point to gain access to the network Check the MAC addresses of your wireless clients usually printed on a label on the bottom of the device If there is an unknown MAC address you can remove it or reset the AP ...

Page 115: ...net mask and DHCP settings of your AMG1312 T Series Section 8 2 on page 117 Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Section 8 3 on page 119 Use the IP Alias screen Section 8 4 on page 120 to change your AMG1312 T Series s IP alias settings Use the UPnP screen to enable UPnP and UPnP NAT traversal on the AMG1312 T Se...

Page 116: ...s extremely important because without it you must know the IP address of a networking device before you can access it 8 1 2 2 About UPnP Identifying UPnP Devices UPnP hardware is identified as an icon in the Network Connections folder Windows XP Each UPnP compatible device installed on your network will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the info...

Page 117: ... freely with each other without additional configuration Disable UPnP if this is not your intention UPnP and ZyXEL Sexual has achieved UPnP certification from the Universal Plug and Play Forum UPnP Implementers Corp UIC ZyXEL s UPnP implementation supports Internet Gateway Device IGD 1 0 Finding Out More See Section 8 8 on page 128 for technical background information on LANs 8 1 3 Before You Begi...

Page 118: ...enter so do not change this field unless you are instructed to do so Dynamic Route RIP Routing Information Protocol allows a router to exchange routing information with other routers Select the RIP version from RIP1 and RIP2 Direction Use this field to control how much routing information the VDSL Router sends and receives on the subnet Select the RIP Direction from None Both IN Only and OUT Only ...

Page 119: ...requests and responses between the remote server and the clients Enter the IP address of the actual remote DHCP server in the Remote DHCP Server field in this case When DHCP is used the following items need to be set IP Addressing Values Beginning IP Address This field specifies the first of the contiguous addresses in the IP address pool Pool Size This field specifies the size or count of the IP ...

Page 120: ...ies MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal notation A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory This address follows an industry standard that ensures no other adapter has a similar address IP Address This field displays the IP addre...

Page 121: ...nd learn about other devices on the network In turn a device can leave a network smoothly and automatically when it is no longer in use See page 116 for more information on UPnP Use the following screen to enable or disable the UPnP function on your AMG1312 T Series Click Network Setting Home Networking UPnP to display the screen shown next Figure 52 Network Setting Home Networking UPnP Table 34 N...

Page 122: ... 53 Network Setting Home Networking IPv6 LAN Setup Table 35 Network Setting Home Networking UPnP LABEL DESCRIPTION UPnP Select Enable to activate UPnP Be aware that anyone could use a UPnP application to open the web configurator s login screen without entering the AMG1312 T Series s IP address although you must still enter the password to access the web configurator Otherwise select Disable to de...

Page 123: ...erface ID to identify the LAN interface The LAN Identifier is appended to the IPv6 address prefix to create the routable global IPv6 address Select EUI64 to use the EUI 64 format to generate an interface ID from the Ethernet MAC address Lan Identifier If you selected Manual enter the LAN Identifier in this field The LAN identifier should be unique and 64 bits in hexadecimal form Every 16 bit block...

Page 124: ...t Enter the maximum number of network segments that a packet can cross before reaching the destination When forwarding an IPv6 packet IPv6 routers are required to decrease the Hop Limit by 1 and to discard the IPv6 packet when the Hop Limit is 0 Possible value for this field are 0 255 Router Lifetime Enter the time in seconds that hosts should consider the AMG1312 T Series to be the default router...

Page 125: ...on the AMG1312 T Series DNSv6 Mode Select the DNS role Proxy or Relay that you want the AMG1312 T Series to act in the IPv6 LAN network Alternatively select Manual and specify the DNS servers IPv6 address in the fields below Primary DNS This field is available if you choose Manual as the DNSv6 mode Enter the first DNS server IPv6 address the AMG1312 T Series passes to the DHCP clients Secondary DN...

Page 126: ...the AMG1312 T Series Share Directory Access Level Select Public to allow all users on the network to access the shared files Select Security to require users to log in to access shared files Account Management This field shows the number of the user Status This field shows the status of the user The user account is not activated for the share The user account is activated for the share User Name T...

Page 127: ...edit user file sharing through the AMG1312 T Series User Name Type in the user name of 5 to 15 keyboard characters in length New Password Type in the new password of 5 to 15 keyboard characters in length Retype New Password Retype the new password of 5 to 15 keyboard characters in length Apply Click this to save your changes to the AMG1312 T Series Cancel Click this to restore your previously save...

Page 128: ...ration for the clients If you turn DHCP service off you must have another DHCP server on your LAN or else the computer must be manually configured IP Pool Setup The AMG1312 T Series is pre configured with a pool of IP addresses for the DHCP clients DHCP Pool Do not assign static IP addresses from the DHCP pool to your LAN computers 8 8 3 DNS Server Addresses DNS Domain Name System maps a domain na...

Page 129: ...the connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 and you must enable the Network Address Translation NAT feature of the AMG1312 T Series The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s ...

Page 130: ...d of the RIP packets that the AMG1312 T Series sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadcasting while RIP 2M uses multicasting...

Page 131: ...cipate in IGMP The address 224 0 0 2 is assigned to the multicast routers group At start up the AMG1312 T Series queries all directly connected networks to gather group membership After that the AMG1312 T Series periodically updates this information IP multicasting can be enabled disabled on the AMG1312 T Series LAN and or WAN interfaces in the web configurator LAN WAN Select None to disable IP mu...

Page 132: ... static routes For example the next figure shows a computer A connected to the AMG1312 T Series s LAN interface The AMG1312 T Series routes most traffic from A to the Internet through the AMG1312 T Series s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router...

Page 133: ...dit The screen shown next appears Table 39 Network Setting Static Route LABEL DESCRIPTION Add new static route Click this to configure a new static route This is the number of an individual static route Destination IP This parameter specifies the IP network address of the final destination Routing is always based on network number Gateway This is the IP address of the gateway The gateway is a rout...

Page 134: ...rk number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask here Gateway IP Address Enter the IP address of the gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward p...

Page 135: ...e Edit icon to go to the screen where you can set up a static route on the AMG1312 T Series Click the Remove icon to remove a static route from the AMG1312 T Series A window displays asking you to confirm that you want to delete the route Table 41 Network Setting Static Route IPv6 Static Route continued LABEL DESCRIPTION Table 42 Network Setting Static Route IPv6 Static Route Add Edit LABEL DESCRI...

Page 136: ... allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Voice over IP VoIP or Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video In the following figure your Internet connection has an upstream transm...

Page 137: ...ing similar types of traffic together and treating each type as a class You can use 802 1p to give different priorities to different packet types Tagging and Marking In a QoS class you can configure whether to add or change the DiffServ Code Point DSCP value and IEEE 802 1p priority level in a matched packet When the packet passes through a compatible network the networking device such as a backbo...

Page 138: ... the lowest priority Ethernet Priority Automatically assign priority based on the IEEE 802 1p priority level IP Precedence Automatically assign priority based on the first three bits of the TOS field in the IP header Packet Length Automatically assign priority based on the packet size Smaller packets get higher priority since control signaling VoIP internet gaming or other real time packets are us...

Page 139: ... Enter the descriptive name of this queue Interface Select the interface to which this queue is applied This field is read only if you are editing the queue Priority Select the priority level from 1 to 3 of this queue The smaller the number the higher the priority level Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if the network i...

Page 140: ...dd new Classifier in the Network Setting QoS Class Setup screen or click the Edit icon next to a class the screen appears as shown next Table 46 Network Setting QoS Class Setup LABEL DESCRIPTION Add new Classifier Click this to create a new classifier Index This is the index number of the entry Status This field displays whether the classifier is active or not A yellow bulb signifies that this cla...

Page 141: ...Chapter 10 Quality of Service QoS AMG1312 T Series User s Guide 141 Figure 67 QoS Class Setup Add Edit ...

Page 142: ...dress means any source IP address Subnet Netmask Source Prefix Length Enter the source subnet mask if you select IPv4 as the Ether Type Enter the source prefix length if you select IPv6 as the Ether Type Port Range If you select TCP UDP TCP or UDP in the IP protocol field select the check box and enter the port number s of the source MAC Address Select the check box and enter the source MAC addres...

Page 143: ...to specify an IP precedence range and type of services Select DSCP to specify a DiffServ Code Point DSCP range IP Precedence Range Enter a range from 0 to 7 for IP precedence 0 is the lowest priority and 7 is the highest Type of Service Select a type of service from the drop down list box Available options are Normal service Minimize delay Maximize throughput Maximize reliability and Minimize mone...

Page 144: ...e Ethernet Priority field and enter a VLAN ID number in the VLAN ID field with which the AMG1312 T Series replaces the IEEE 802 1p priority field and VLAN ID of the frames If you select Remove the AMG1312 T Series deletes the VLAN ID of the frames before forwarding them out If you select Add the AMG1312 T Series treat all matched traffic untagged and add a second priority level and VLAN ID that yo...

Page 145: ...his to have QoS give the highest priority to traffic for the games you specify This priority is higher than the other QoS queues Select the games below Apply Click this to save your changes Cancel Click this to restore previously saved settings Table 49 IEEE 802 1p Priority Level and Traffic Type PRIORITY LEVEL TRAFFIC TYPE Level 7 Typically used for network control traffic such as router configur...

Page 146: ... QoS mapping on the AMG1312 T Series On the AMG1312 T Series traffic assigned to higher priority queues gets through faster while traffic in lower index queues is dropped if the network is congested Table 50 Internal Layer2 and Layer3 QoS Mapping PRIORITY QUEUE LAYER 2 LAYER 3 IEEE 802 1P USER PRIORITY ETHERNET PRIORITY TOS IP PRECEDENCE DSCP IP PACKET LENGTH BYTE 0 1 0 000000 1 2 2 0 0 000000 110...

Page 147: ... VoIP ALG in the AMG1312 T Series Section 11 5 on page 152 11 1 2 What You Need To Know About NAT Inside Outside Inside outside denotes where a host is located relative to the AMG1312 T Series for example the computers of your subscribers are the inside hosts while the web servers on the Internet are the outside hosts Global Local Global local denotes the IP address of a host in a packet as the pa...

Page 148: ...s check box to enable NAT Max NAT Firewall Session Per User When computers use peer to peer applications such as file sharing applications they need to establish NAT sessions If you do not limit the number of NAT sessions a single client can establish this can result in all of the available NAT sessions being used In this case no additional NAT sessions can be established and users may not be able...

Page 149: ...may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your ISP Default Server IP Address In addition to the servers for specified services NAT supports a default server IP address A default server receives packets from ports that are not specified in this screen Note If you do not assign a Default Server IP a...

Page 150: ...ailable only when you enable the 3G backup function Add new rule Click this button to add a rule to the table below This is the rule index number read only Active This field indicates whether the rule is active or not Clear the check box to disable the rule Select the check box to enable it Service Name This is a service s name External Start Port This is the first port number of a port range that...

Page 151: ... port number in a series that begins with the port number in the Start Port field above Server IP Address Enter the IP address of the server in your local network Trigger Protocol Select the protocol of the service TCP UDP or ALL TCP UDP Open Start Port Enter the first port number here to which you want the device to translate the incoming port For a range of ports you only need to enter the first...

Page 152: ...MG1312 T Series registers with the SIP register server the SIP ALG translates the AMG1312 T Series s private IP address inside the SIP data stream to a public IP address You do not need to use STUN or an outbound proxy if your AMG1312 T Series is behind a SIP ALG Table 54 Network Setting NAT DMZ LABEL DESCRIPTION WAN Interface Select a WAN PVC connection PVC0 PVC7 from which you want to forward th...

Page 153: ...s of the host when the same packet is traveling in the WAN side Note that inside outside refers to the location of a host while global local refers to the IP address of a host used in a packet Thus an inside local address ILA is the IP address of an inside host in a packet when the packet is still in the local network while an inside global address IGA is the IP address of the same inside host whe...

Page 154: ...ss translation refer to RFC 1631 The IP Network Address Translator NAT 11 6 3 How NAT Works Each packet has two addresses a source address and a destination address For outgoing packets the ILA Inside Local Address is the source address on the LAN and the IGA Inside Global Address is the source address on the WAN For incoming packets the ILA is the destination address on the LAN and the IGA is the...

Page 155: ...tance PAT port address translation ZyXEL s Single User Account feature that previous ZyXEL routers supported the SUA Only option in today s routers Many to Many Overload In Many to Many Overload mode the AMG1312 T Series maps the multiple local IP addresses to shared global IP addresses Many to Many No Overload In Many to Many No Overload mode the AMG1312 T Series maps each local IP address to a u...

Page 156: ...ummarizes these types Table 57 NAT Mapping Types TYPE IP MAPPING One to One ILA1 IGA1 Many to One SUA PAT ILA1 IGA1 ILA2 IGA1 Many to Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 Many to Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 ...

Page 157: ...fferent ATM QoS settings can be specified for each WAN PVC to meet bandwidth requirements for the type of traffic to be transferred For example three port binding groups could be created on the device R1 for three different WAN PVC connections The first PVC PVC0 is for non time sensitive data traffic The second and third PVCs PVC1 and PVC2 are for time sensitive Media On Demand MOD video traffic a...

Page 158: ...ding screen Section 12 3 on page 158 to set up port binding groups Use the Port Binding Summary screen Section 12 3 1 on page 159 to view configured port binding groups 12 2 The Port Binding General Screen Use this screen to activate port binding and set up port binding groups Click Network Setting Port Binding to display the following screen Figure 78 Network Setting Port Binding The following ta...

Page 159: ...o a port binding group traffic will be forwarded to the other ports in the group but not to ports in other groups If a port is not included in any groups traffic will be forwarded according to the routing table ATM VCs Select the ATM VC PVC to include in the port binding group Each ATM VC can only be bound to one group Ethernet Select the Ethernet Eth ports to include in the port binding group Eac...

Page 160: ...e 160 The following table describes the labels in this screen Table 60 Network Setting Port Binding Port Binding Summary LABEL DESCRIPTION Group ID This field displays the group index number Group port This field displays the ports included in the group ...

Page 161: ...rg This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 13 1 1 What You Can Do in the DDNS Screen Use the Dynamic DNS screen Section 13 2 on page 161 to enable DDNS and configure the DDNS settings on the AMG1312 T Series 13 1 2 What You Need To Know About DDNS DYNDNS Wildcard ...

Page 162: ...ic DNS Service Provider This is the website of your Dynamic DNS service provider Host Name Type the domain name assigned to your AMG1312 T Series by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma Username Type your user name Password Type the password assigned to you Enable Wildcard Option Select the check box to enable DynDNS Wildcard Apply Click ...

Page 163: ... to create IPv6 and MAC filter rules 14 1 2 What You Need to Know About Filtering URL The URL Uniform Resource Locator identifies and helps locates resources on a network On the Internet the URL is the web address that you type in the address bar of your Internet browser for example http www zyxel com URL and IP Filter Structure The URL IP and IPv6 filters have individual rule indexes The AMG1312 ...

Page 164: ...to apply the filter Direction Apply the filter to Incoming or Outgoing traffic direction Rule Type Select IP or MAC type to configure the rule Use the IP Filter to block or allow traffic by IP addresses Use the MAC Filter to block or allow traffic by MAC address Source IP Address Enter the source IP address of the packets you wish to filter This field is ignored if it is 0 0 0 0 Subnet Mask Enter ...

Page 165: ... shows whether the rule is activated Interface This is the interface that the filter set applies to Direction The filter set applies to this traffic direction Src IP Mask This is the source IP address and subnet mask when you select IP as the rule type Dest IP Mask This is the destination IP address and subnet mask Mac Address This is the MAC address of the packets being filtered Src Port This is ...

Page 166: ...Index Select the index number of the filter rule Active Use this field to enable or disable the filter rule Interface Select the PVC to which to apply the filter Direction Apply the filter to Incoming or Outgoing traffic direction Rule Type Select IP or MAC type to configure the rule Use the IP Filter to block or allow traffic by IPv6 addresses Use the MAC Filter to block or allow traffic by MAC a...

Page 167: ...on 136 Neighbor Advertisement 137 Redirect Redirect message Protocol This is the upper layer protocol that defines the service to which this rule applies By default it is ICMPv6 IPv6 MAC Filter Listing IPv6 MAC Filter Rule Index Select the index number of the filter set from the drop down list box This is the index number of the rule in a filter set Active This field shows whether the rule is acti...

Page 168: ... IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 84 Default Firewall Action 15 1 1 What You Can Do in the Firewall Screens Use the General screen Section 15 2 on page 170 to select the firewall protection level on the AMG1312 T Series Use the Default Action screen Section...

Page 169: ...hereby causing denial of service for users of the targeted system LAND Attack In a Local Area Network Denial LAND attack hackers flood SYN packets into the network with a spoofed source IP address of the target system This makes it appear as if the host computer sent the packets to itself making the system unavailable while the target system tries to respond to itself Ping of Death Ping of Death u...

Page 170: ...r reporting protocol between a host server and a gateway to the Internet ICMP uses Internet Protocol IP datagrams but the messages are processed by the TCP IP software and directly apparent to the application user DoS Thresholds For DoS attacks the AMG1312 T Series uses thresholds to determine when to drop sessions that do not become fully established These thresholds apply globally to all session...

Page 171: ...ut blocks anyone from the Internet from accessing any services on your local network Low This setting allows traffic to the Internet and also allows someone from the Internet to access services on your local network This would be used with Port Forwarding Default Server Custom This setting allows the customer to create and edit individual firewall rules Firewall rules can be created in the Default...

Page 172: ... AMG1312 T Series itself Default Action Use the drop down list boxes to select the default action that the firewall is to take on packets that are traveling in the selected direction and do not match any of the firewall rules Select Drop to silently discard the packets without sending a TCP reset packet or an ICMP destination unreachable message to the sender Select Reject to deny the packets and ...

Page 173: ...e rules you have created that apply to traffic traveling in the selected packet direction The firewall rules that you configure summarized below take priority over the general firewall action settings in the General screen This is your firewall rule number The ordering of your rules is important as rules are applied in turn Active This field displays whether a firewall is turned on or not Select t...

Page 174: ...This is the interface through which the traffic is destined to leave the AMG1312 T Series Please note that a blank source interface is equivalent to Any Modify Click the Edit icon to go to the screen where you can edit the rule Click the Remove icon to delete an existing firewall rule A window displays asking you to confirm that you want to delete the firewall rule Note that subsequent firewall ru...

Page 175: ... deny and send an ICMP destination unreachable message to the sender of Reject or allow the passage of Permit packets that match this rule IP Version Type Select the IP version IPv4 or IPv6 to apply this firewall rule to Rate Limit Set a maximum number of packets per second minute or hour to limit the throughput of traffic that matches this rule Maximum Burst Number Set the maximum number of packe...

Page 176: ...this firewall rule applies Please note that a blank source MAC address is equivalent to any Source Interface Specify a source interface to which this firewall rule applies This is the interface through which the traffic entered the AMG1312 T Series Please note that a blank source interface is equivalent to any Destination Interface Specify a destination interface to which this firewall rule applie...

Page 177: ...all Rules Edit Edit Customized Services LABEL DESCRIPTION This is the number of your customized port Name This is the name of your customized service Protocol This shows the IP protocol TCP or UDP that defines your customized service Port Type This is the port number or range that defines your customized service Start Port This is a single port number or the starting port number of a range that de...

Page 178: ...t defines your customized port from the drop down list box Port Configuration Type Click Single to specify one port only or Port Range to specify a span of ports that define your customized service Port Number Type a single port number or the range of port numbers that define your customized service Back Click this to return to the previous screen without saving Apply Click this to save your chang...

Page 179: ...ication that initiates a session sends a SYN synchronize packet to the receiving server The receiver sends back an ACK acknowledgment packet and its own SYN and then the initiator responds with an ACK acknowledgment After this handshake a connection is established Figure 92 Three Way Handshake For UDP half open means that the firewall has detected no return traffic An unusually high number or arri...

Page 180: ...e minimum capacity of server backlog in your LAN network 3 The CPU power of servers in your LAN network 4 Network bandwidth 5 Type of traffic for certain servers Reduce the threshold values if your network is slower than average for any of these factors especially if you have servers that are slow or handle many tasks and are often busy If you often use P2P applications such as file sharing with e...

Page 181: ...to allow only a specific computer to manage the AMG1312 T Series Table 71 Security Firewall DoS Advanced LABEL DESCRIPTION TCP SYN Request Count This is the rate of new TCP half open sessions per second that causes the firewall to start deleting half open sessions When the rate of new connection attempts rises above this number the AMG1312 T Series deletes half open sessions as required to accommo...

Page 182: ...hat from the LAN to the Internet Allow certain types of traffic such as Lotus Notes database synchronization from specific hosts on the Internet to specific hosts on the LAN Allow everyone except your competitors to access a web server Restrict use of certain protocols such as Telnet to authorized users on the LAN These custom rules work by comparing the source IP address destination IP address an...

Page 183: ...ty For example if FTP ports TCP 20 21 are allowed from the Internet to the LAN Internet users may be able to connect to computers with running FTP servers 4 Does this rule conflict with any existing rules Once these questions have been answered adding rules is simply a matter of entering the information into the correct fields in the web configurator screens 15 6 4 Triangle Route When the firewall...

Page 184: ...s firewall protection Another solution is to use IP alias IP alias allows you to partition your network into logical sections over the same Ethernet interface Your AMG1312 T Series supports up to three logical LAN interfaces with the AMG1312 T Series being the gateway for each logical network It s like having multiple LAN networks that actually use the same physical cables and ports By putting you...

Page 185: ...Chapter 15 Firewall AMG1312 T Series User s Guide 185 Figure 96 IP Alias 1 2 3 LAN A ISP 1 ISP 2 4 WAN Subnet 1 Subnet 2 ...

Page 186: ...s in this screen Table 72 Security Parental Control LABEL DESCRIPTION Parental Control Use this field to activate or deactivate parental control Add new PCP Click this to create a new parental control rule This is the index number of the rule Status This indicates whether the rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active P...

Page 187: ...Add Edit Parental Control Rule The following table describes the fields in this screen Website Blocked This shows whether the website block is configured If not None will be shown Modify Click the Edit icon to go to the screen where you can edit the rule Click the Delete icon to delete an existing rule Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved sett...

Page 188: ...g the Web sites with the URLs listed below If you select Access the AMG1312 T Series blocks access to all URLs except ones listed below Add new service Click this to show a screen in which you can add a new service rule You can configure the Service Name Protocol and Name of the new rule Active This shows whether a configured service is activated or not Service Name This shows the name of the rule...

Page 189: ...s certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities The certification authority uses its private key to sign certificates Anyone can then use the certification authority s public key to verify the certificates You can use the AMG1312 T Series to generate certificatio...

Page 190: ...certification authority such as a common name organizational unit or department organization or company and country Valid From This field displays the date that the certificate becomes applicable The text displays in red and includes a Not Yet Valid message if the certificate has not yet become applicable Valid To This field displays the date that the certificate expires The text displays in red a...

Page 191: ...Import Certificate screen You can save a trusted certification authority s certificate to the AMG1312 T Series Table 75 Security Certificates Trusted CA LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority that you trust to the AMG1312 T Series Name This field displays the name used to identify this certificate Subj...

Page 192: ... certificate s name and set whether or not you want the AMG1312 T Series to check a certification authority s list of revoked certificates before trusting a certificate issued by the certification authority Table 76 Security Certificates Trusted CA Import LABEL DESCRIPTION Certificate File Path Type in the location of the file you want to upload in this field or click Browse to find it Browse Clic...

Page 193: ...name type up to 31 characters to identify this key certificate You may use any character not including spaces Certificate Detail This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII characters to convert the binary certificate into a printable form You can copy and paste the certificate into an e mail to send to friends or ...

Page 194: ...color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages A syslog enabled device can generate a syslog message and send it to a syslog server Syslog is defined in RFC 3164 The RFC defines the packet format content and syst...

Page 195: ...og LABEL DESCRIPTION Level Select a severity level from the drop down list box This filters search results according to the severity level you have selected When you select a severity the AMG1312 T Series searches through all logs of that severity or higher Refresh Click this to renew the log screen Clear Logs Click this to delete all the logs Export Click this to download logs to a file on your c...

Page 196: ...es s client s Section 19 4 on page 198 19 2 The WAN Status Screen Click System Monitor Traffic Status to open the WAN screen You can view the WAN traffic statistics in this screen Figure 104 System Monitor Traffic Status WAN The following table describes the fields in this screen Table 80 System Monitor Traffic Status WAN LABEL DESCRIPTION Status This shows the number of bytes received and sent th...

Page 197: ... this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 80 System Monitor Traffic Status WAN continued LABEL DESCRIPTION Table 81 System Monitor Traffic Status LAN LABEL DESCRIPTION Refresh Interval s Select how often you want the AMG1312 T Series to update this screen from t...

Page 198: ...eceived packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Table 81 System Monitor Traffic Status LAN continued LABEL DESCRIPTION Table 82 System Monitor Traffic Status NAT LABEL DESCRIPTION Refresh Interval Select how often you want the AMG1312 T Series to update th...

Page 199: ...enance User Account LABEL DESCRIPTION User Name You can configure the password for the Power User and Admin accounts Old Password Type the default password or the existing password you use to access the system in this field New Password Type your new system password up to 30 characters Note that as you type a password the screen displays a for each character you type After you change the password ...

Page 200: ... Figure 108 LAN and WAN An administrator can use a management server to remotely set up the AMG1312 T Series modify settings perform firmware upgrades as well as monitor and diagnose the AMG1312 T Series In order to use CWMP you need to configure the following steps 1 Activate CWMP 2 Specify the URL username and password 3 Activate periodic inform and specify an interval value 21 2 The TR 069 Clie...

Page 201: ...ath to verify the AMG1312 T Series Connection Request Port The default port for access to the AMG1312 T Series from the management server is port 7547 If you change it make sure it does not conflict with another port on your network and it is recommended to use a port number above 1024 not a commonly used port The management server should use this port to connect to the AMG1312 T Series You may ne...

Page 202: ...nance System The following table describes the labels in this screen 22 3 The Time Screen Use this screen to configure the AMG1312 T Series s time based on your local time zone To change your AMG1312 T Series s time and date click Maintenance System Time Setting The screen appears as shown Table 85 Maintenance System LABEL DESCRIPTION Administrator Inactivity Timer Type how many seconds a manageme...

Page 203: ...d displays the last updated time in hh mm ss format from the time server or the last time configured manually When you set Time and Date Setup to Manual enter the new time in this field and then click Apply Current Time This field displays the last updated date in yyyy mm dd format from the time server or the last date configured manually When you set Time and Date Setup to Manual enter the new da...

Page 204: ...nday March The time you type in the o clock field depends on your time zone In Germany for instance you would type 2 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving The o clock field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the United...

Page 205: ...fter a successful upload the system will reboot Do NOT turn off the AMG1312 T Series while firmware upload is in progress Figure 112 Maintenance Firmware Upgrade The following table describes the labels in this screen After you see the firmware updating screen wait two minutes before logging into the AMG1312 T Series again Table 87 Maintenance Firmware Upgrade LABEL DESCRIPTION Current Firmware Ve...

Page 206: ...rary network disconnect In some operating systems you may see the following icon on your desktop Figure 114 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful an error screen will appear Click OK to go back to the Firmware Upgrade screen Figure 115 Error Message ...

Page 207: ...ration appears in this screen as shown next Figure 116 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the AMG1312 T Series s current configuration to a file on your computer Once your AMG1312 T Series is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backu...

Page 208: ...page 229 for details on how to set up your computer s IP address If the upload was not successful an error screen will appear Click OK to go back to the Configuration screen Reset to Factory Defaults Click the Reset button to clear all user entered configuration information and return the AMG1312 T Series to its factory defaults The following warning screen appears Figure 118 Reset Warning Message...

Page 209: ... to reboot the AMG1312 T Series remotely without turning the power off You may need to do this if the AMG1312 T Series hangs for example Click Maintenance Reboot Click the Reboot button to have the AMG1312 T Series reboot This does not affect the AMG1312 T Series s configuration Figure 119 Maintenance Reboot ...

Page 210: ...mote location via Internet WAN only LAN only LAN and WAN None Disable To disable remote management of a service select Disable in the corresponding Service Access field 25 1 1 What You Can Do in the Remote Management Screens Use the WWW screen Section 25 2 on page 211 to configure through which interface s and from which IP address es users can use HTTP to manage the AMG1312 T Series Use the Telne...

Page 211: ...nd from which IP address es users can use SSH to manage the AMG1312 T Series 25 1 2 What You Need to Know About Remote Management Remote Management Limitations Remote management does not work when You have not enabled that service on the interface in the corresponding remote management screen You have disabled that service in one of the remote management screens The IP address in the Secured Clien...

Page 212: ...owing WAN access even temporarily to change the default password in Maintenance User Account To allow access from the WAN you will need to configure a WAN to Router firewall rule See Section 4 1 on page 34 for information on configuring firewall rules Secured Client IP Address A secured client is a trusted computer that is allowed to communicate with the AMG1312 T Series using this service Select ...

Page 213: ... displays the service port number for accessing the AMG1312 T Series If the number is grayed out it is not editable Server Access Select the interface s through which a computer may access the AMG1312 T Series using this service Note It is recommended if you are allowing WAN access even temporarily to change the default password in Maintenance User Account To allow access from the WAN you will nee...

Page 214: ...es supports SNMP version one SNMPv1 and version two SNMPv2c The next figure illustrates an SNMP management operation Table 91 Maintenance RemoteMGMT FTP LABEL DESCRIPTION Server Port This displays the service port number for accessing the AMG1312 T Series If the number is grayed out it is not editable Server Access Select the interface s through which a computer may access the AMG1312 T Series usi...

Page 215: ...rk administrators perform network management functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a device Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed ob...

Page 216: ...ed to access the SNMP agent on the AMG1312 T Series Select All to allow any computer to access the SNMP agent Choose Range to just allow the computer s with an IP address in the range that you specify to access the AMG1312 T Series using this service Get Community Enter the Get Community which is the password for the incoming Get and GetNext requests from the management station The default is publ...

Page 217: ...be an unsupported port on your AMG1312 T Series an ICMP response packet is automatically returned This allows the outside user to know the AMG1312 T Series exists Your AMG1312 T Series supports anti probing which prevents the ICMP response Table 93 Maintenance RemoteMGMT DNS LABEL DESCRIPTION Server Port This displays the service port number for accessing the AMG1312 T Series If the number is gray...

Page 218: ...ovide secure encrypted communication between two hosts over an unsecured network Click Maintenance RemoteMGMT SSH tab to display the screen as shown Table 94 Maintenance RemoteMGMT ICMP LABEL DESCRIPTION Respond to Ping on The AMG1312 T Series will not respond to any incoming Ping requests when Disable is selected Select LAN to reply to incoming LAN Ping requests Select WAN to reply to incoming WA...

Page 219: ...cess Select the interface s through which a computer may access the AMG1312 T Series using this service Note It is recommended if you are allowing WAN access even temporarily to change the default password in Maintenance User Account To allow access from the WAN you will need to configure a WAN to Router firewall rule See Firewall Section on page 168 for information on configuring firewall rules S...

Page 220: ...te Management AMG1312 T Series User s Guide 220 2 A window displays prompting you to store the host key in your computer Click Yes to continue 3 Enter your user name and password 4 The command line interface displays ...

Page 221: ...eral Screen Use this screen to ping an IP address Click Maintenance Diagnostic Ping to open the screen shown next Figure 129 Maintenance Diagnostic Ping The following table describes the fields in this screen Table 96 Maintenance Diagnostic Ping LABEL DESCRIPTION Type the IP address of a computer that you want to ping in order to test a connection Ping Click this to ping the IP address that you en...

Page 222: ...back to zero whenever the device starts up inPkts is the number of good ATM cells that have been received inDiscards is the number of received ATM cells that were rejected inF4Pkts is the number of ATM Operations Administration and Management OAM F4 cells that have been received See ITU recommendation I 610 for more on OAM for ATM inF5Pkts is the number of ATM OAM F5 cells that have been received ...

Page 223: ...n This is displayed as the number in hexadecimal format of bits transmitted for each tone This can be used to determine the quality of the connection whether a given sub carrier loop has sufficient margins to support certain ADSL transmission rates and possibly to determine whether particular specific types of interference or line attenuation exist Refer to the ITU T G 992 1 recommendation for mor...

Page 224: ...e power adaptor or cord included with the AMG1312 T Series 3 Make sure the power adaptor or cord is connected to the AMG1312 T Series and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the AMG1312 T Series off and on 5 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of t...

Page 225: ...oes not work you have to reset the device to its factory defaults See Section 1 7 on page 18 I forgot the password 1 The default admin user name and password can be found on the cover of this User s Guide 2 If this does not work you have to reset the device to its factory defaults See Section 1 7 on page 18 I cannot see or access the Login screen for the web configurator 1 Make sure you are using ...

Page 226: ...have entered the password correctly The default user and default admin password can be found on the cover page of this User s Guide The field is case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the AMG1312 T Series Log out of the AMG1312 T Series in the other session or ask the person who is logged in to log out 3 T...

Page 227: ...uide again 6 If the problem continues contact your ISP I cannot access the Internet anymore I had access to the Internet with the AMG1312 T Series but my Internet connection is not available anymore 1 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 27 1 on page 225 2 Turn the AMG1312 T Series off and on 3 If the problem continues...

Page 228: ...ontinues contact the network administrator or vendor or try one of the advanced suggestions Advanced Suggestions Check the settings for QoS If it is disabled you might consider activating it If it is enabled you might consider raising or lowering the priority for some applications ...

Page 229: ...lication package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP addresses that place them in ...

Page 230: ...soft from the list of manufacturers 4 Select TCP IP from the list of network protocols and then click OK If you need Client for Microsoft Networks 1 Click Add 2 Select Client and then click Add 3 Select Microsoft from the list of manufacturers 4 Select Client for Microsoft Networks from the list of network clients and then click OK 5 Restart your computer so the changes you made take effect Config...

Page 231: ...es IP Address 3 Click the DNS Configuration tab If you do not know your DNS information select Disable DNS If you know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in Figure 133 Windows 95 98 Me TCP IP Properties DNS Configuration 4 Click the Gateway tab ...

Page 232: ...your AMG1312 T Series and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the IP Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default gateway Windows 2000 NT XP The following example figures use the default Windows XP GUI theme 1 Click start ...

Page 233: ...r s Guide 233 Figure 135 Windows XP Control Panel 3 Right click Local Area Connection and then click Properties Figure 136 Windows XP Control Panel Network Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and then click Properties ...

Page 234: ...et Protocol TCP IP Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an IP address automatically If you have a static IP address click Use the following IP Address and fill in the IP address Subnet mask and Default gateway fields Click Advanced Figure 138 Windows XP Internet Protocol TCP IP Properties ...

Page 235: ...n TCP IP Gateway Address type the IP address of the default gateway in Gateway To manually configure a default metric the number of transmission hops clear the Automatic metric check box and type a metric in Metric Click Add Repeat the previous three steps for each default gateway you want to add Click OK when finished Figure 139 Windows XP Advanced TCP IP Properties 7 In the Internet Protocol TCP...

Page 236: ...nnections window Network and Dial up Connections in Windows 2000 NT 11 Turn on your AMG1312 T Series and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support ta...

Page 237: ...141 Windows Vista Start Menu 2 In the Control Panel double click Network and Internet Figure 142 Windows Vista Control Panel 3 Click Network and Sharing Center Figure 143 Windows Vista Network And Internet 4 Click Manage network connections Figure 144 Windows Vista Network and Sharing Center ...

Page 238: ...ws displays a screen saying that it needs your permission to continue Figure 145 Windows Vista Network and Sharing Center 6 Select Internet Protocol Version 4 TCP IPv4 and click Properties Figure 146 Windows Vista Local Area Connection Properties 7 The Internet Protocol Version 4 TCP IPv4 Properties window opens the General tab If you have a dynamic IP address click Obtain an IP address automatica...

Page 239: ...t to configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subnet mask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the IP Settings tab by clicking Add in Default gateways In TCP IP Gateway Address type the IP address of ...

Page 240: ...roperties window the General tab Click Obtain DNS server address automatically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab to order them ...

Page 241: ...ies window 12 Close the Network Connections window 13 Turn on your AMG1312 T Series and restart your computer if prompted Verifying Settings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and then press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Macintosh OS 8 ...

Page 242: ... Guide 242 Figure 150 Macintosh OS 8 9 Apple Menu 2 Select Ethernet built in from the Connect via list Figure 151 Macintosh OS 8 9 TCP IP 3 For dynamically assigned settings select Using DHCP Server from the Configure list 4 For statically assigned settings do the following ...

Page 243: ...save changes to your configuration 7 Turn on your AMG1312 T Series and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP IP Control Panel window Macintosh OS X 1 Click the Apple menu and click System Preferences to open the System Preferences window Figure 152 Macintosh OS X Apple Menu 2 Click Network in the icon bar Select Automatic from the Location lis...

Page 244: ...he IP address of your AMG1312 T Series in the Router address box 5 Click Apply Now and close the window 6 Turn on your AMG1312 T Series and restart your computer if prompted Verifying Settings Check your TCP IP properties in the Network window Linux This section shows you how to configure your computer s TCP IP settings in Red Hat Linux 9 0 Procedure screens and file location may vary depending on...

Page 245: ...nfiguration Devices 2 Double click on the profile of the network card you wish to configure The Ethernet Device General screen displays as shown Figure 155 Red Hat 9 0 KDE Ethernet Device General If you have a dynamic IP address click Automatically obtain IP address settings with and select dhcp from the drop down list If you have a static IP address click Statically set IP Addresses and fill in t...

Page 246: ...in all screens Figure 157 Red Hat 9 0 KDE Network Configuration Activate 7 After the network card restart process is complete make sure the Status is Active in the Network Configuration screen Using Configuration Files Follow the steps below to edit the network configuration files and set your computer IP address 1 Assuming that you have only one network card on the computer locate the ifconfig et...

Page 247: ...hows an example where two DNS server IP addresses are specified Figure 160 Red Hat 9 0 DNS Settings in resolv conf 3 After you edit and save the configuration files you must restart the network card Enter network restart in the etc rc d init d directory The following figure shows an example Figure 161 Red Hat 9 0 Restart Ethernet Card Verifying Settings Enter ifconfig in a terminal screen to check...

Page 248: ...Ethernet HWaddr 00 50 BA 72 5B 44 inet addr 172 23 19 129 Bcast 172 23 19 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 717 errors 0 dropped 0 overruns 0 frame 0 TX packets 13 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 100 RX bytes 730412 713 2 Kb TX bytes 1570 1 5 Kb Interrupt 10 Base address 0x1000 root localhost ...

Page 249: ...et share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered Structure An IP address is made up of f...

Page 250: ... in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Subnet masks can be referred...

Page 251: ...ous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks using both no...

Page 252: ... following figure shows the company network before subnetting Figure 164 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following fig...

Page 253: ... 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits givi...

Page 254: ...BER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 105 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 192 IP Address Binary 11000000...

Page 255: ...d Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the AMG1312 T Series Table 107 24 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 ...

Page 256: ... can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA has reserved the following three blocks of IP addresses specifically for private networks 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a...

Page 257: ...cking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 166 Pop up Blocker You can also check if pop up blocking is disabled in the Pop up Block...

Page 258: ...ns Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab 2 Select Settings to open the Pop up Blocker Settings screen ...

Page 259: ... Guide 259 Figure 168 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 4 Click Add to move the IP address to the list of Allowed sites Figure 169 Pop up Blocker Settings ...

Page 260: ...display properly in Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 170 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default 6 ...

Page 261: ...ure 171 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected 5 Click OK to close the window ...

Page 262: ...2 T Series User s Guide 262 Figure 172 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Click OK to close the window Figure 173 Java Sun ...

Page 263: ... used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Click Tools then click Options in the screen that appears Figure 174 Mozilla Firefox Tools Options Click Content to show the screen below Select the check boxes as shown in the following screen Figure 175 Mozilla Firefox Content Security ...

Page 264: ...ndependent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 176 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network client go through one access point AP Intra BSS traffic is...

Page 265: ...s wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood An ESSID ESS IDentification uniquely identifies each ESS All access points and their associated wireless clients within th...

Page 266: ...partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using channel 1 then you need to select a channel between 6 or 11 RTS CTS A hidden node occurs when two stations are within range of the same access point but are not wi...

Page 267: ...S Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhead involved in the RTS Request To Send CTS Clear to Send handshake If the RTS CTS value is greater than the Fragmentation Threshold value see next then the RTS Request To Send CTS Clear ...

Page 268: ...ote The wireless devices MUST use the same preamble mode in order to communicate IEEE 802 11g Wireless LAN IEEE 802 11g is fully compatible with the IEEE 802 11b standard This means an IEEE 802 11b adapter can interface directly with an IEEE 802 11g access point and vice versa at 11 Mbps or lower depending on range IEEE 802 11g has several intermediate rate steps between the maximum and minimum da...

Page 269: ...alized user profile and accounting management on a network RADIUS server Support for EAP Extensible Authentication Protocol RFC 2486 that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients RADIUS RADIUS is based on a client server model that supports authentication authorization and accounting The access point is the client and the s...

Page 270: ...e network security the access point and the RADIUS server use a shared secret key which is a password they both know The key is not sent over the network In addition to the shared key password information exchanged is also encrypted to protect the network from unauthorized access Types of EAP Authentication This section discusses some popular authentication types EAP MD5 EAP TLS EAP TTLS PEAP and ...

Page 271: ...is makes user identity vulnerable to passive attacks A digital certificate is an electronic ID card that authenticates the sender s identity However to implement EAP TLS you need a Certificate Authority CA to handle certificates which imposes a management overhead EAP TTLS Tunneled Transport Layer Service EAP TTLS is an extension of the EAP TLS authentication that uses certificates for only the se...

Page 272: ...quires a single identical password entered into each access point wireless gateway and wireless client As long as the passwords match a wireless client will be granted access to a WLAN If the AP or the wireless clients do not support WPA2 just use WPA or WPA PSK depending on whether you have an external RADIUS server or not Select WEP only when the AP and or wireless clients do not support WPA or ...

Page 273: ...e common password approach makes WPA 2 PSK susceptible to brute force password guessing attacks but it s still an improvement over WEP as it employs a consistent single alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys This prevent all wireless devices sharing the same encryption keys a weakness of WEP User Authentication WPA and WPA2 apply IEEE 802 1x...

Page 274: ...e RADIUS server distributes the PMK to the AP The AP then sets up a key hierarchy and management system using the PMK to dynamically generate unique data encryption keys The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients Figure 180 WPA 2 with RADIUS Application Example WPA 2 PSK Application Example A WPA 2 PSK application looks as...

Page 275: ...nna couples RF signals onto air A transmitter within a wireless device sends an RF signal to the antenna which propagates the signal through the air The antenna also operates in reverse by capturing RF signals from the air Positioning the antennas properly increases the range and coverage area of a wireless LAN Table 112 Wireless Security Relational Matrix AUTHENTICATION METHOD KEY MANAGEMENT PROT...

Page 276: ...e are two types of antennas used for wireless LAN applications Omni directional antennas send the RF signal out in all directions on a horizontal plane The coverage area is torus shaped like a donut which makes these antennas ideal for a room environment With a wide coverage area it is possible to make circular overlapping coverage areas with multiple access points Directional antennas concentrate...

Page 277: ...2f 0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix lengt...

Page 278: ...hosts in a multicast group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 114 Predefined Multicast Address MULTICAST ADDRESS...

Page 279: ...first byte of the MAC address See the following example Stateless Autoconfiguration With stateless autoconfiguration in IPv6 addresses can be uniquely and automatically generated Unlike DHCPv6 Dynamic Host Configuration Protocol version six which is used in IPv6 stateful autoconfiguration the owner and status of addresses don t need to be maintained by a DHCP server Every IPv6 device is able to ge...

Page 280: ... the IA Each IA holds one type of address IA_NA means an identity association for non temporary addresses and IA_TA is an identity association for temporary addresses An IA_NA option contains the T1 and T2 fields but an IA_TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_NA before...

Page 281: ...port errors encountered in packet processing and perform other diagnostic functions such as ping Multicast Listener Discovery The Multicast Listener Discovery MLD protocol defined in RFC 2710 is derived from IPv4 s Internet Group Management Protocol version 2 IGMPv2 MLD uses ICMPv6 message types rather than IGMP message types MLDv1 is equivalent to IGMPv2 and MLDv2 is equivalent to IGMPv3 MLD allo...

Page 282: ...he IPv4 network Figure 182 Configured Tunnel Example 6to4 Tunnel A 6to4 tunnel is an automatic tunnelling mechanism that provides connection between IPv6 networks across an IPv4 network To transmit IPv6 packets over an IPv4 network the IPv6 packets are encapsulated inside IPv4 packets The following figure shows a network example Figure 183 6to4 Relay Router Network Example In a 6to4 tunnel 6to4 ro...

Page 283: ...puter Example Enabling DHCPv6 on Windows XP Windows XP does not support DHCPv6 If your network uses DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 cl...

Page 284: ...er Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 checkbox to enable it 3 Click OK to save the change ...

Page 285: ...our dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 16 1...

Page 286: ...type of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanatio...

Page 287: ...col a program to enable fast transfer of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used in e commerce ICMP User Defined 1 Internet Control Message Protocol is often used for diagnostic purposes...

Page 288: ...L GRE User Defined 47 PPTP Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the data channel RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login ROADRUNNER TCP UDP 1026 This is an ISP that provides services mainly fo...

Page 289: ...P 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host...

Page 290: ... These limits are designed to provide reasonable protection against harmful interference in a residential installation This device generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If...

Page 291: ...on Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com for global products or at www us zyxel com for North American products Regulatory Information European Union The following information applies if you use the product within the European Union Declaration of Conformity with Regard to EU Directive 1999 5 EC R TTE Directive Compliance Infor...

Page 292: ...tion en extérieur d une distance supérieure à 300 mètres doivent être notifiées à l Institut Belge des services Postaux et des Télécommunications IBPT Visitez http www ibpt be pour de plus amples détails Denmark In Denmark the band 5150 5350 MHz is also allowed for outdoor usage I Danmark må frekvensbåndet 5150 5350 også anvendes udendørs Italy Hungarian Alulírott ZyXEL nyilatkozom hogy a berendez...

Page 293: ...re is a remote risk of electric shock from lightning Connect ONLY suitable accessories to the device Do NOT open the device or unit Opening or removing covers can expose you to dangerous high voltage points or other risks ONLY qualified service personnel should service or disassemble this device Please contact your vendor for further information Make sure to connect the cables to the correct ports...

Page 294: ...79 PCR 74 79 QoS 74 79 86 SCR 75 79 status 222 authentication 104 105 RADIUS server 105 automatic logout 20 B backup configuration 207 Basic Service Set See BSS 264 Basic Service Set see BSS broadcast 69 BSS 107 264 example 107 C CA 189 271 CBR 74 79 86 certificate factory default 190 Certificate Authority See CA certificates 189 authentication 189 CA public key 189 replacing 190 storage space 190...

Page 295: ...ocumentation related 2 Domain Name System see DNS DoS 169 three way handshake 179 thresholds 170 179 180 DSCP 143 DSL connections status 223 dynamic DNS 161 activation 162 wildcard 161 activation 162 Dynamic Host Configuration Protocol see DHCP dynamic WEP key exchange 271 DYNDNS wildcard 161 activation 162 E EAP Authentication 270 encapsulation 68 71 78 ENET ENCAP 83 PPPoA 83 PPPoE 83 RFC 1483 83...

Page 296: ...BSS 264 initialization vector IV 273 Inside Global Address see IGA Inside Local Address see ILA Internet Control Message Protocol see ICMP Internet Protocol version 6 see IPv6 IP address 65 69 72 78 84 116 129 default 19 default server 149 ping 221 private 129 IP alias 120 configuration 121 NAT applications 155 IP precedence 143 145 configuration 143 IP MAC filter 163 configuration 164 structure 1...

Page 297: ...PInternet Group Multicast Protocol see IGMP Multiple BSS see MBSSID multiplexing 71 78 83 LLC based 84 VC based 84 N nailed up connection 73 84 NAT 78 147 153 154 255 activation 148 address mapping types 155 applications 154 IP alias 155 default server IP address 149 example 154 global 153 IGA 153 ILA 153 inside 153 local 153 outside 153 P2P 148 port forwarding 148 149 activation 151 configuration...

Page 298: ...US server 105 registration product 291 related documentation 2 remote management 210 DNS 217 FTP 213 ICMP 217 limitations 211 NAT 211 SSH 218 Telnet 213 WWW 211 reset 18 208 restart 209 restoring configuration 208 RFC 1483 71 78 83 RFC 3164 194 RIP 74 130 Routing Information Protocol see RIP RTS Request To Send 267 threshold 266 267 rules port forwarding 150 S schedules wireless LAN 101 SCR 75 79 ...

Page 299: ...lds data fragment 101 104 DoS 170 179 180 P2P 180 time 202 TR 069 14 trademarks 290 traffic shaping 85 example 85 triangle route 183 solutions 184 trusted CAs and certificates 191 U UBR 74 79 86 unicast 69 Universal Plug and Play see UPnP upgrading firmware 205 UPnP 121 cautions 117 NAT traversal 116 URL 163 URL filter URL 163 V VBR 86 VBR nRT 74 79 86 VBR RT 74 79 86 VCI 71 78 84 version firmware...

Page 300: ... 104 RADIUS server 105 scheduling 101 security 104 SSID 105 activation 94 WDS 99 108 compatibility 99 example 108 WEP 106 wizard 32 WPA 106 WPA PSK 106 WPS 97 108 110 activation 97 example 111 limitations 113 PIN 109 push button 17 108 status 98 wireless security 268 Wireless tutorial 38 wizard 27 configuration 28 wireless LAN 32 WLAN interference 266 security parameters 275 WPA 106 272 key cachin...

Reviews: