ZyXEL Communications AX7501-B0, User Manual

Page 1: ...lt Login Details User s Guide EX5501 B0 AX7501 B0 PX7501 B0 Copyright 2019 Zyxel Communications Corporation LAN IP Address http 192 168 1 1 Login admin Password See the device label Version 5 15 Ed 2 11 2019 ...

Page 2: ...may differ slightly from what you see due to differences in your product firmware or your computer operating system Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the Zyxel Device More Information Go to support zyxel com to find other information on the Zyxel Device ...

Page 3: ...labels screen names field labels and field choices are all in bold font A right angle bracket within a screen name denotes a mouse click For example Network Setting Routing DNS Route means you first click Network Setting in the navigation panel then the Routing sub menu and finally the DNS Route tab to get to that screen Icons Used in Figures Figures in this user s guide may use the following gene...

Page 4: ...Routing 144 Quality of Service QoS 152 Network Address Translation NAT 171 Dynamic DNS Setup 188 IGMP MLD 192 VLAN Group 195 Interface Grouping 198 USB Service 203 Firewall 209 MAC Filter 218 Parental Control 220 Scheduler Rule 227 Certificates 229 VoIP 236 Log 266 Traffic Status 269 VoIP Status 273 ARP Table 276 Routing Table 278 Multicast Status 281 WLAN Station Status 283 Cellular Statistics 28...

Page 5: ...nts Overview EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 5 E mail Notification 301 Log Setting 304 Firmware Upgrade 308 Backup Restore 311 Diagnostic 315 Troubleshooting and Appendices 320 Troubleshooting 321 ...

Page 6: ... 18 1 2 2 Dual Band WiFi 19 1 2 3 VoIP Applications 20 1 3 Ways to Manage the Zyxel Device 21 1 4 Good Habits for Managing the Zyxel Device 21 1 5 Hardware 21 1 5 1 Top Panel 22 1 5 2 Bottom Panel 24 1 5 3 WPS Button 25 1 5 4 RESET Button 26 Chapter 2 The Web Configurator 27 2 1 Overview 27 2 1 1 Accessing the Web Configurator 27 2 2 Web Configurator Layout 30 2 2 1 Navigation Panel 30 Chapter 3 Q...

Page 7: ...9 4 6 2 Configuring DDNS on Your Zyxel Device 60 4 6 3 Testing the DDNS Setting 60 4 7 Configuring the MAC Address Filter 61 Part II Technical Reference 62 Chapter 5 Connection Status 63 5 1 Overview 63 5 1 1 Layout Icon 64 5 1 2 Connectivity 64 5 1 3 System Info 65 5 2 WiFi Settings 68 5 3 Guest WiFi Settings 69 5 4 LAN Settings 71 5 5 Parental Control 72 5 5 1 Create Edit a Parental Control Prof...

Page 8: ...1 7 9 1 Wireless Network Overview 111 7 9 2 Additional Wireless Terms 113 7 9 3 Wireless Security Overview 113 7 9 4 Signal Problems 115 7 9 5 BSS 115 7 9 6 MBSSID 116 7 9 7 Preamble Type 116 7 9 8 WiFi Protected Setup WPS 117 Chapter 8 Home Networking 124 8 1 Home Networking Overview 124 8 1 1 What You Can Do in this Chapter 124 8 1 2 What You Need To Know 124 8 1 3 Before You Begin 126 8 2 LAN S...

Page 9: ...ou Need to Know 152 10 3 Quality of Service General Settings 154 10 4 Queue Setup 155 10 4 1 Adding a QoS Queue 157 10 5 QoS Classification Setup 158 10 5 1 Add Edit QoS Class 158 10 6 QoS Shaper Setup 162 10 6 1 Add Edit a QoS Shaper 163 10 7 QoS Policer Setup 163 10 7 1 Add Edit a QoS Policer 164 10 8 Technical Reference 166 Chapter 11 Network Address Translation NAT 171 11 1 NAT Overview 171 11...

Page 10: ...y 189 12 3 Dynamic DNS 190 Chapter 13 IGMP MLD 192 13 1 IGMP MLD Overview 192 13 1 1 What You Need To Know 192 13 2 IGMP MLD Settings 192 Chapter 14 VLAN Group 195 14 1 Overview 195 14 1 1 What You Can Do in this Chapter 195 14 2 VLAN Group Settings 196 14 2 1 Add Edit a VLAN Group 196 Chapter 15 Interface Grouping 198 15 1 Interface Grouping Overview 198 15 1 1 What You Can Do in this Chapter 198...

Page 11: ...5 DoS Settings 216 Chapter 18 MAC Filter 218 18 1 MAC Filter Overview 218 18 2 MAC Filter Settings 218 Chapter 19 Parental Control 220 19 1 Parental Control Overview 220 19 2 Parental Control Settings 220 19 2 1 Add Edit a Parental Control Profile 221 Chapter 20 Scheduler Rule 227 20 1 Scheduler Rule Overview 227 20 2 Scheduler Rule Settings 227 20 2 1 Add Edit a Schedule Rule 228 Chapter 21 Certi...

Page 12: ... 22 5 Phone Device 247 22 5 1 Phone Device Edit 248 22 6 Phone Region 249 22 7 Call Rule 250 22 8 Call History 251 22 9 Technical Reference 253 22 9 1 Quality of Service QoS 260 22 9 2 Phone Services Overview 261 Chapter 23 Log 266 23 1 Log Overview 266 23 1 1 What You Can Do in this Chapter 266 23 1 2 What You Need To Know 266 23 2 System Log 267 23 3 Security Log 268 Chapter 24 Traffic Status 26...

Page 13: ...29 WLAN Station Status 283 29 1 WLAN Station Status Overview 283 Chapter 30 Cellular Statistics 285 30 1 Cellular Statistics Overview 285 30 2 Cellular Statistics Settings 285 Chapter 31 System 287 31 1 System Overview 287 31 2 System Settings 287 Chapter 32 User Account 288 32 1 User Account Overview 288 32 2 User Account Settings 288 32 2 1 User Account Add Edit 289 Chapter 33 Remote Management ...

Page 14: ... Setting 304 37 1 Logs Setting Overview 304 37 2 Log Settings 304 37 2 1 Example E mail Log 306 Chapter 38 Firmware Upgrade 308 38 1 Firmware Upgrade Overview 308 38 2 Firmware Upgrade Settings 308 Chapter 39 Backup Restore 311 39 1 Backup Restore Overview 311 39 2 Backup Restore Settings 311 39 3 Reboot 314 Chapter 40 Diagnostic 315 40 1 Diagnostic Overview 315 40 1 1 What You Can Do in this Chap...

Page 15: ...Troubleshooting 321 41 1 Power Hardware Connections and LEDs 321 41 2 Zyxel Device Access and Login 322 41 3 Internet Access 323 41 4 Wireless Internet Access 325 41 5 UPnP 325 41 6 IP Address Setup 326 Appendix A Customer Support 329 Appendix B IPv6 335 Appendix C Services 343 Appendix D Legal Information 347 Index 354 ...

Page 16: ...16 PART I User s Guide ...

Page 17: ...can be configured as a backup WAN port in case the Cellular Fiber connection has a problem as well as for file sharing and as a media server It has two phone ports to make Internet VoIP phone calls It also supports dual band 2 4G 5G WiFi with WiFi6 that is most suitable in areas with a high concentration of users You can schedule Internet usage using Parental Control See Section on page 96 for mor...

Page 18: ...d of the connected network device 100 Mbps not supported on EX5501 B0 1 Gbps 2 5 Gbps or 5 Gbps and you just need to use a Cat 5 Cat 5e or Cat 6 Ethernet cable See the following table for the cables required and distance limitation to attain the corresponding speed 1 2 Example Applications This section shows a few examples of using the Zyxel Device in various network environments Note that the Zyx...

Page 19: ...Internet and download files Connect the WAN port to the broadband modem or router This way you can access the Internet via an Ethernet connection and use the QoS Firewall and parental control functions on the Zyxel Device Figure 2 Zyxel Device s Internet Access Application Ethernet WAN 1 2 2 Dual Band WiFi By default WiFi is enabled on the Zyxel Device IEEE 802 11a b g n ac ax compliant clients ca...

Page 20: ...onnect to the Internet without having to rely on inconvenient Ethernet cables Your Zyxel Device supports WiFi Protected Setup WPS which allows you to quickly set up a wireless network with strong security Figure 4 Wireless Access Example 1 2 3 VoIP Applications The Zyxel Device s VoIP function allows you to register up to 2 SIP Session Initiation Protocol accounts and use the Zyxel Device to make ...

Page 21: ... to manage the Zyxel Device more effectively Change the WiFi and Web Configurator passwords Use a password that is not easy to guess and that consists of different types of characters such as numbers and letters Write down the passwords and put it in a safe place Back up the configuration and make sure you know how to restore it Restoring an earlier working configuration may be useful if the devic...

Page 22: ... firmware Off The Zyxel Device is not receiving power WAN Blue On The Zyxel Device has a successful 2 5 Gbps Ethernet connection on the WAN Green On The Zyxel Device has a successful 1 Gbps Ethernet connection on the WAN Off The Zyxel Device does not have an Ethernet connection with the WAN The LED will cycle Green Blue Off repeat when the Zyxel Device has an unsupported 100 Mbps Ethernet connecti...

Page 23: ...al Area Network LAN via the 10G LAN port Blinking The Zyxel Device is sending or receiving data to from the LAN at 10 100 10000 Mbps via the 10G LAN port Off The Zyxel Device does not have an Ethernet connection with the LAN via the 10G LAN port LAN1 4 Green On The Zyxel Device has a successful 10 100 Mbps Ethernet connection with a device on the Local Area Network LAN via the LAN1 4 ports Blinkin...

Page 24: ...ne connected to this phone port has an incoming call or is off the hook There is a voice message in the corresponding SIP account USB Green On The Zyxel Device recognizes a USB connection through the USB port Blinking The Zyxel Device is sending receiving data to from the USB device connected to it Note For AX7501 B0 PX7501 B0 only Off The Zyxel Device does not detect a USB connection through the ...

Page 25: ...utton You can use the WPS button to quickly set up a secure wireless connection between the Zyxel Device and a WPS compatible client by adding one device at a time To activate WPS 1 Make sure the POWER LED is on and not blinking 2 Press the WPS button for 1 second EX5501 B0 5 seconds AX7501 B0 PX7501 B0 and release it LAN1 LAN4 2 5G LAN 10G LAN Connect computers or other Ethernet devices to Ethern...

Page 26: ...et your password or cannot access the Web Configurator you will need to use the RESET button to reload the factory default configuration file This means that you will lose all configurations that you had previously The password will be reset to the factory default see the device label and the LAN IP address will be 192 168 1 1 1 Make sure the POWER LED is on not blinking 2 To set the device back t...

Page 27: ... default 2 1 1 Accessing the Web Configurator 1 Make sure your Zyxel Device hardware is properly connected refer to the Quick Start Guide 2 Make sure your computer has an IP address in the same subnet as the Zyxel Device Your computer should have an IP address from 192 168 1 2 to 192 168 1 254 See Section 41 6 on page 326 for details 3 Launch your web browser If the Zyxel Device does not automatic...

Page 28: ...lays when you log into the Web Configurator for the first time Enter a new password retype it to confirm and click Change password If you prefer to use the default password click Skip Figure 12 Change Password Screen 7 The Wizard screen displays when you log into the Web Configurator for the first time Use the Wizard screens to configure the Zyxel Device s time zone basic Internet access and wirel...

Page 29: ...Chapter 2 The Web Configurator EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 29 Figure 13 Connection Status ...

Page 30: ...gure 14 Screen Layout As illustrated above the main screen is divided into these parts A Navigation Panel B Layout Icon C Main Window 2 2 1 Navigation Panel Click the menu icon to display the navigation panel that contains configuration menus and icons quick links Click X to close the navigation panel C A B ...

Page 31: ...ress assignment and other advanced properties You can also add new WAN connections Cellular Backup Use this screen to configure a cellular WAN connection as a backup to keep you online if the primary WAN connection fails Wireless General Use this screen to configure the WiFi settings and wireless LAN authentication security settings Guest More AP Use this screen to configure multiple BSSs on the Z...

Page 32: ...is screen to define a classifier Shaper Setup Use this screen to limit outgoing traffic rate on the selected interface Policer Setup Use this screen to configure QoS policers NAT Port Forwarding Use this screen to make your local servers visible to the outside world Port Triggering Use this screen to change your Zyxel Device s port triggering settings DMZ Use this screen to configure a default ser...

Page 33: ...handle outgoing and incoming calls Region Use this screen to select your location and call service mode Call Rule Call Rule Use this screen to configure speed dial for SIP phone numbers that you often call Call History Call History Use this screen to view detailed information for each outgoing call you made or each incoming call from someone calling you You can also view a summary list of received...

Page 34: ... Protocol settings Time Time Use this screen to change your Zyxel Device s time and date E mail Notification E mail Notification Use this screen to configure up to two mail servers and sender addresses on the Zyxel Device Log Settings Log Setting Use this screen to change your Zyxel Device s log settings Firmware Upgrade Firmware Upgrade Use this screen to upload firmware to your Zyxel Device Back...

Page 35: ...this icon to open screens where you can configure the Zyxel Device s time zone Internet access and wireless settings See Chapter 3 on page 36 for more information about the Wizard screens Theme Click this icon to select a color that you prefer and apply it to the Web Configurator Language Select the language you prefer Restart Click this icon to reboot the Zyxel Device without turning the power of...

Page 36: ...rd Setup You can click the Wizard icon in the navigation panel to open the Wizard screens See Section 2 2 1 on page 30 for more information about the navigation panel After you click the Wizard icon the following screen appears Click Let s Go to proceed with settings on time zone basic Internet access and wireless networks It will take you a few minutes to complete the settings on the Wizard scree...

Page 37: ...tion type Click Next to proceed You can also click Skip to bypass checking for an Internet connection Figure 18 Wizard Internet 2 If the following screen displays select the encapsulation type your ISP uses Click Next Figure 19 Wizard Incorrect Internet Information IPoE 3 Enter your Internet connection information The screen and fields to enter may vary depending on your current connection type Cl...

Page 38: ...ful Internet connection Figure 21 Wizard Successful WAN Connection Unsuccessful Internet Connection The following screen displays when the Zyxel Device did not detect a WAN connection For EX5501 B0 connect the WAN port to a broadband modem or router For AX7501 B0 PX7501 B0 connect a fiber optic cable to the Fiber port for Internet access if you have not connected any Click Next ...

Page 39: ...Fi Turn WiFi on or off If you keep it on record the security settings so you can configure your wireless clients to connect to the Zyxel Device Click the Keep 2 4G and 5G the same check box to use the same SSID for 2 4G and 5G wireless networks Otherwise deselect the check box to have two different SSIDs for 2 4G and 5G wireless networks The screen and fields to enter may vary when you select or d...

Page 40: ...Chapter 3 Quick Start Wizard EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 40 Figure 24 Wizard WiFi ...

Page 41: ...rk Thomas wants to set up a wireless network so that he can use his notebook to access the Internet In this wireless network the Zyxel Device serves as an access point AP and the notebook is the wireless client The wireless client can access the Internet through the AP Thomas has to configure the wireless network settings on the Zyxel Device Then he can set up a wireless network using WPS Section ...

Page 42: ...B0 PX7501 B0 User s Guide 42 1 Click Network Setting Wireless to open the General screen Select More Secure as the security level and WPA2 PSK as the security mode Configure the screen using the provided parameters see page 41 Click Apply ...

Page 43: ...ection This tutorial shows you how to do both Push Button Configuration PBC create a secure wireless network simply by pressing a button See Section on page 43 This is the easier method PIN Configuration create a secure wireless network simply by entering a wireless client s PIN Personal Identification Number in the Zyxel Device s interface See Section on page 45 This is the more secure method sin...

Page 44: ...ter which button is pressed first You must press the second button within two minutes of pressing the first one The Zyxel Device sends the proper configuration settings to the wireless client This may take up to two minutes The wireless client is then able to communicate with the Zyxel Device securely The following figure shows you how to set up wireless network and security by pressing a button o...

Page 45: ...ou need to check the client s PIN number and use the Zyxel Device s configuration interface 1 Go to your phone settings and turn on WiFi Open the WiFi networks list and tap WPS PIN Entry to get a PIN number 2 Log into Zyxel Device s Web Configurator and go to the Network Setting Wireless WPS screen Enable the WPS function and click Apply Wireless Client SECURITY INFO COMMUNICATION WITHIN 2 MINUTES...

Page 46: ... minutes The Zyxel Device authenticates the wireless client and sends the proper configuration settings to the wireless client This may take up to two minutes The wireless client is then able to communicate with the Zyxel Device securely The following figure shows you how to set up wireless network and security on Zyxel Device and wireless client Android smartphone in this example by using the PIN...

Page 47: ...earch for the Example SSID Then enter the DoNotStealMyWirelessNetwork pre shared key to establish a wireless Internet connection Note The Zyxel Device supports IEEE 802 11a b g n ac ax wireless clients Make sure that your notebook or computer s wireless adapter supports one of these standards Authentication by PIN SECURITY INFO COMMUNICATION WITHIN 2 MINUTES Enter WPS PIN WPS from other device WPS...

Page 48: ...rtant visitors will use the VIP group Visiting guests will use the Guest group which has a different SSID and password Company A will use the following parameters to set up the wireless network groups 1 Click Network Setting Wireless to open the General screen Use this screen to set up the company s general wireless network group Configure the screen using the provided parameters and click Apply C...

Page 49: ...Chapter 4 Tutorials EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 49 ...

Page 50: ...0 PX7501 B0 User s Guide 50 2 Click Network Setting Wireless Guest More AP to open the following screen Click the Edit icon to configure the second wireless network group 3 Configure the screen using the provided parameters and click Apply ...

Page 51: ...orials EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 51 4 In the Guest More AP screen click the Edit icon to configure the third wireless network group Configure the screen using the provided parameters and click Apply ...

Page 52: ...ter 4 Tutorials EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 52 5 Check the status of VIP and Guest in the Guest More AP screen The yellow bulbs signify that the SSIDs are active and ready for wireless access ...

Page 53: ...twork routings In the following figure router R is connected to the Zyxel Device s LAN R connects to two networks N1 192 168 1 x 24 and N2 192 168 10 x 24 If you want to send traffic from computer A in N1 network to computer B in N2 network the traffic is sent to the Zyxel Device s WAN default gateway by default In this case B will never receive the traffic You need to specify a static routing rul...

Page 54: ...onfigurator in advanced mode 2 Click Network Setting Routing 3 Click Add new Static Route in the Static Route screen 4 Create a new static route using the following settings Table 7 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The Zyxel Device s WAN 172 16 1 1 The Zyxel Device s LAN 192 168 1 1 IP Type IPv4 Use Interface Ethernet A 192 168 1 34 R s N1 192 168 1 253 R s N2 192 168 10 2 B...

Page 55: ...ld 4e Select ETHWAN as the Use Interface 4a Click OK Now B should be able to receive traffic from A You may need to additionally configure B s firewall settings to allow specific traffic to pass through 4 5 Configuring QoS Queue and Class Setup This section contains tutorials on how you can configure the QoS screen Let us say you are a team leader of a small sales branch office You want to priorit...

Page 56: ...owing out of the Zyxel Device Traffic that does not match this class is assigned a priority queue based on the internal QoS mapping table on the Zyxel Device QoS Example 1 Click Network Setting QoS General and click the QoS button to enable When the switch goes to the right the function is enabled Set your WAN Managed Upstream Bandwidth to 10 000 kbps or leave this blank to have the Zyxel Device a...

Page 57: ...Interface WAN Priority 1 High Weight 8 Rate Limit 5 000 kbps Tutorial Advanced QoS Queue Setup 3 Click Network QoS Classification Setup Add new Classification to create a new class Select Enable in the Active field and follow the settings as shown in the screen below ...

Page 58: ...Chapter 4 Tutorials EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 58 Tutorial Advanced QoS Class Setup ...

Page 59: ...onfiguring DDNS on Your Zyxel Device Testing the DDNS Setting Note If you have a private WAN IP address then you cannot use DDNS 4 6 1 Registering a DDNS Account on www dyndns org 1 Open a browser and type http www dyndns org 2 Apply for a user account This tutorial uses UserName1 and 12345 as the username and password 3 Log into www dyndns org using your account Class Name Give a class name to th...

Page 60: ... 2 Configuring DDNS on Your Zyxel Device Configure the following settings in the Network Setting DNS Dynamic DNS screen Select Enable Dynamic DNS Select www DynDNS com as the service provider Type zyxelrouter dyndns org in the Host Name field Enter the user name UserName1 and password 12345 Click Apply 4 6 3 Testing the DDNS Setting Now you should be able to access the Zyxel Device from the Intern...

Page 61: ...ce Thomas decides to use the Security MAC Filter screen to grant wireless network access to his computer but not to Josephine s computer 1 Click Security MAC Filter to open the MAC Filter screen Select the Enable check box to activate MAC filter function 2 Select Allow Click Add a new setting to add a new entry Then enter the host name and MAC address of Thomas computer in this screen Click Apply ...

Page 62: ...62 PART II Technical Reference ...

Page 63: ... you log into the Web Configurator the Connection Status screen appears You can configure basic Internet access wireless settings and parental control settings in this screen It also shows the network status of the Zyxel Device and computers devices connected to it Figure 27 Connection Status ...

Page 64: ...es 5 1 2 Connectivity Use this screen to view the network connection status of the Zyxel Device and its clients Figure 28 Connectivity Click the Arrow icon to open the following screen Use this screen to view IP addresses and MAC addresses of the wireless and wired devices connected to the Zyxel Device Place your mouse within the device block and an Edit icon will appear Click the Edit icon to cha...

Page 65: ...dit icon Select an icon and or enter a name in the Device Name field for a connected device Click Save to save your changes Figure 30 Connectivity Edit 5 1 3 System Info Use this screen to view the basic system information of the Zyxel Device Figure 31 System Info Click the Arrow icon to open the following screen Use this screen to view more information on the status of your firewall and interface...

Page 66: ...vice Serial Number This field displays the serial number of the Zyxel Device Firmware Version This is the current version of the firmware on the Zyxel Device System Uptime This field displays how long the Zyxel Device has been running since it last started up The Zyxel Device starts up when you plug it in when you restart it Maintenance Reboot or when you reset it Interface Status Virtual ports ar...

Page 67: ... in the LAN IPv6 Address This field displays the current IPv6 address of the Zyxel Device in the LAN IPv6 Link Local Address This field displays the current link local address of the Zyxel Device for the LAN interface DHCP This field displays what DHCP services the Zyxel Device is providing to the LAN The possible values are Server The Zyxel Device is a DHCP server in the LAN It assigns IP address...

Page 68: ...n or the QR code on the upper right corner to check the SSIDs WiFi network name and passwords of the main wireless networks If you want to show or hide your WiFi passwords click the Eye icon Figure 33 WiFi Settings Click the Arrow icon to open the following screen Use this screen to configure the SSIDs and or passwords for your main wireless networks Select Keep 2 4G and 5G the same to use the sam...

Page 69: ... the switch goes to the right the function is enabled Otherwise it is not WiFi Name The SSID Service Set IDentity identifies the service set with which a wireless device is associated Wireless devices associating to the access point AP must have the same SSID Enter a descriptive name up to 32 English keyboard characters for WiFi WiFi Password If you selected Random Password this field displays a p...

Page 70: ...ferent SSIDs Each field is described in the following table Table 10 WiFi Settings Configuration LABEL DESCRIPTION WiFi 2 4G 5G WiFi Click this switch to enable or disable the 2 4G and or 5G wireless networks When the switch goes to the right the function is enabled Otherwise it is not WiFi Name The SSID Service Set IDentity identifies the service set with which a wireless device is associated Wir...

Page 71: ...ey from 8 to 64 case sensitive keyboard characters Click the Eye icon to show or hide the password of your wireless network When the Eye icon is slashed you ll see the password in plain text Otherwise it is hidden Random Password Select this option to have the Zyxel Device automatically generate a password The WiFi Password field will not be configurable when you select this option Hide WiFi Name ...

Page 72: ...based on the IP address you enter so do not change this field unless you are instructed to do so IP Addressing Values Beginning IP Address This field specifies the first of the contiguous addresses in the IP address pool Ending IP Address This field specifies the last of the contiguous addresses in the IP address pool DHCP Server State DHCP Server Lease Time This is the period of time DHCP assigne...

Page 73: ...n to enable parental control and add more profiles Add a profile to create restricted access schedules Go to the Security Parental Control Add New PCP Edit screen to configure URL filtering settings to block the users on your network from accessing certain web sites Figure 41 Parental Control Scheduled Profile no profile Figure 42 Parental Control Scheduled Profile ...

Page 74: ...oes to the right this profile is active Otherwise it is not Scheduled Profile This screen shows all the created profile s Click beside Profile Device List to view more information about the profile You can click Delete to remove the profile or click Edit to change the profile settings Only the Add more Profile button displays if there is no profile created Add more Profile Click this button to cre...

Page 75: ...e is enabled Otherwise it is disabled Profile Device List This field shows the devices selected on the right for this profile Allowing Schedule This field shows the time during which Internet access is blocked on the profile device s Schedule Add New Schedule Click this to add a new block for scheduling Start End blocking Select the time period when Internet access is blocked on the profile device...

Page 76: ... in other locations Figure 45 LAN and WAN 6 1 1 What You Can Do in this Chapter Use the Broadband screen to view remove or add a WAN interface You can also configure the WAN settings on the Zyxel Device for Internet access Section 6 2 on page 79 6 1 2 What You Need to Know The following terms and concepts may help as you read this chapter Table 15 WAN Setup Overview LAYER 2 INTERFACE INTERNET CONN...

Page 77: ...n 6 is designed to enhance IP address size and features The increase in IPv6 address size to 128 bits from the 32 bit IPv4 address allows up to 3 4 x 1038 IP addresses The Zyxel Device can use IPv4 IPv6 dual stack to connect to IPv4 and IPv6 networks and supports IPv6 rapid deployment 6RD IPv6 Addressing The 128 bit IPv6 address is written as eight 16 bit hexadecimal blocks separated by colons Thi...

Page 78: ...e Zyxel Device generates a global IPv6 prefix from its IPv4 WAN address and tunnels IPv6 traffic to the ISP s Border Relay router BR in the figure to connect to the native IPv6 Internet The local network can also use IPv4 services The Zyxel Device uses it s configured IPv4 WAN IP to route IPv4 traffic to the IPv4 Internet Figure 46 IPv6 Rapid Deployment Dual Stack Lite Use Dual Stack Lite when loc...

Page 79: ...nd WAN IP address Get this information from your ISP 6 2 Broadband Settings Use this screen to change your Zyxel Device s Internet access settings The summary table shows you the configured WAN services connections on the Zyxel Device Use information provided by your ISP to configure WAN settings Click Network Setting Broadband to access this screen Figure 48 Network Setting Broadband ...

Page 80: ...n to a PON Passive Optical Network Mode This shows whether the connection is in routing or bridge mode Encapsulation This is the method of encapsulation used by this connection 802 1p This indicates the 802 1p priority level assigned to traffic sent through this connection This displays N A when there is no priority level assigned 802 1q This indicates the VLAN ID number assigned to traffic sent t...

Page 81: ...e When the switch goes to the right the function is enabled Otherwise it is not Name Specify a descriptive name for this connection Type This field shows Ethernet and indicates an Ethernet connection to a PON Passive Optical Network Mode Select Routing if your ISP give you one IP address only and you want multiple computers to share an Internet account Encapsulation Select the method of encapsulat...

Page 82: ...rough is an alternative to NAT for application where NAT is not appropriate Disable PPPoE pass through if you do not need to allow hosts on the LAN to use PPPoE client software on their computers to connect to the ISP VLAN Click this switch to enable or disable VLAN on this WAN interface When the switch goes to the right the function is enabled Otherwise it is not 802 1p IEEE 802 1p defines up to ...

Page 83: ...maps all outgoing packets from an internal IP address and port to a single IP address and port on the external network The Zyxel Device also maps packets coming to that external IP address and port to the internal IP address and port DHCPC Options This is available only when you set the Encapsulation to IPoE and select IPv4 Only or IPv4 IPv6 DualStack in the IPv4 IPv6 Mode field Request Options Se...

Page 84: ...traffic significantly Apply as Default Gateway Select this option to have the Zyxel Device use the WAN interface of this connection as the system default gateway DS Lite This is available only when you select IPv6 Only in the IPv4 IPv6 Mode field Enable Dual Stack Lite to let local computers use IPv4 through an ISP s IPv6 network See Dual Stack Lite on page 78 for more information Click this switc...

Page 85: ...able the interface When the switch goes to the right the function is enabled Otherwise it is not Name Enter a service name of the connection Type This field shows Ethernet and indicates an Ethernet connection to a PON Passive Optical Network Mode Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP s DHCP serve...

Page 86: ...ar Backup The actual data rate you obtain varies depending on the cellular card you use the signal strength to the service provider s base station and so on Note Entering a wrong PIN code three times will lock the SIM card in your cellular dongle Note If you select Drop in the Current Cellular Connection field the Zyxel Device will drop the cellular WAN connection when the Time Budget or Data Budg...

Page 87: ...Chapter 6 Broadband EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 87 Figure 52 Network Setting Broadband Cellular Backup General Cellular Connection Settings ...

Page 88: ... backup when the wired WAN connection fails When the switch goes to the right the function is enabled Otherwise it is not Ping Check Click this switch to ping check the connection status of your WAN When the switch goes to the right the function is enabled Otherwise it is not You can configure the frequency of the ping check and number of consecutive failures before triggering cellular backup Chec...

Page 89: ...Access Point Name provided by your service provider Connections with different APNs may provide different services such as Internet access or MMS Multi Media Messaging Service and charge method You can enter up to 32 ASCII printable characters Spaces are allowed Connection Select Nailed UP if you do not want the connection to time out Select on Demand if you do not want the connection up all the t...

Page 90: ...load to set a limit on the downstream traffic from the ISP to the Zyxel Device Select Upload to set a limit on the upstream traffic from the Zyxel Device to the ISP If you change the value after you configure and enable budget control the Zyxel Device resets the statistics Data Budget kPackets Select this and specify how much downstream and or upstream data in k Packets can be transmitted via the ...

Page 91: ...en the time or data limit is exceeded Current Cellular connection Select Keep to maintain an existing cellular connection or Drop to disconnect it Actions Enable E mail Notification Click this switch to enable or disable the e mail notification function When the switch goes to the right the function is enabled Otherwise it is not The Zyxel Device will e mail you a notification whenever over budget...

Page 92: ...ress and default gateway Introduction to VLANs A Virtual Local Area Network VLAN allows a physical network to be partitioned into multiple logical networks Devices on a logical network belong to one group A device can belong to more than one group With VLAN a device cannot directly talk to or hear from devices that are not in the same group s the traffic must first go through a router In Multi Ten...

Page 93: ...class D IP address is used to identify host groups and can be in the range 224 0 0 0 to 239 255 255 255 The address 224 0 0 0 is not assigned to any group and is used by IP multicast computers The address 224 0 0 1 is used for query messages and is assigned to the permanent group of all IP hosts including gateways All hosts must join the 224 0 0 1 group in order to participate in IGMP The address ...

Page 94: ...000 1a2f 0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 IPv6 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The p...

Page 95: ... on page 106 Use the WMM screen to enable WiFi MultiMedia WMM to ensure quality of service in wireless networks for multimedia applications Section 7 6 on page 107 Use the Others screen to configure wireless advanced features such as the RTS CTS Threshold Section 7 7 on page 108 Use the Channel Status screen to scan WiFi channel noises and view the results Section 7 8 on page 111 7 1 2 What You Ne...

Page 96: ...able WPA2 PSK data encryption Note If you are configuring the Zyxel Device from a computer connected to WiFi and you change the Zyxel Device s SSID channel or security settings you will lose your wireless connection when you press Apply to confirm You must then change the wireless settings of your computer to match the Zyxel Device s new settings Note If upstream downstream bandwidth is empty the ...

Page 97: ...Chapter 7 Wireless EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 97 Figure 54 Network Setting Wireless General ...

Page 98: ... interference with other wireless devices in your neighborhood or the wireless clients do not support channel bonding Because not all devices support 40 MHz and or 160 MHz channels select 20 40MHz or 20 40 80 160MHz to allow the Zyxel Device to adjust the channel bandwidth automatically Control Sideband This is available for some regions when you select a specific channel and set the Bandwidth fie...

Page 99: ...nst dictionary attacks password guessing attempts It improves security by requiring a new encryption key every time a WPA3 connection is made A handshake is the communication between the Zyxel Device and a connecting client at the beginning of a WiFi session Click Network Setting Wireless to display the General screen Select More Secure as the security level Then select WPA3 SAE from the Security ...

Page 100: ...rd automatically Select this option to have the Zyxel Device automatically generate a password The password field will not be configurable when you select this option Password Select Generate password automatically or enter a Password The password has two uses 1 Manual Manually enter the same password on the Zyxel Device and the client Enter 8 63 ASCII characters or exactly 64 hexadecimal 0 9 a f ...

Page 101: ...ng Wireless Guest More AP LABEL DESCRIPTION This is the index number of the entry Status This field indicates whether this SSID is active A yellow bulb signifies that this SSID is active while a gray bulb signifies that this SSID is not active SSID An SSID profile is the set of parameters relating to one of the Zyxel Device s BSSs The SSID Service Set IDentifier identifies the Service Set with whi...

Page 102: ...Chapter 7 Wireless EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 102 Figure 58 Network Setting Wireless Guest More AP Edit ...

Page 103: ... the wireless interface on the Zyxel Device when WiFi is enabled SSID Subnet Click on this switch to Enable this function if you want the wireless network interface to assign DHCP IP addresses to the associated wireless clients This option cannot be used if the WPS function is enabled in the Network Setting Wireless WPS screen or if the Keep the same settings for 2 4G and 5G wireless networks chec...

Page 104: ...Network Setting Wireless MAC Authentication The screen appears as shown Figure 59 Network Setting Wireless MAC Authentication Password WPA2 PSK uses a simple common password instead of user specific credentials If you did not select Generate password automatically you can manually type a pre shared key from 8 to 64 case sensitive keyboard characters Click the Eye icon to show or hide the password ...

Page 105: ...Mode Define the filter action for the list of MAC addresses in the MAC Address table Select Disable to turn off MAC filtering Select Deny to block access to the Zyxel Device MAC addresses not listed will be allowed to access the Zyxel Device Select Allow to permit access to the Zyxel Device MAC addresses not listed will be denied access to the Zyxel Device MAC Address List Add New MAC Address This...

Page 106: ...ethod if your wireless client supports it See Section 7 9 8 3 on page 119 for more information about WPS Note The Zyxel Device applies the security settings of the main SSID SSID1 profile see Section 7 2 on page 96 Note If WPS is enabled UPnP will automatically be turned on Note The WPS switch is grayed out when WiFi is disabled Click Network Setting Wireless WPS The following screen displays Clic...

Page 107: ... two minutes of pressing this button Method 2 Use this section to set up a WPS wireless network by entering the PIN of the client into the Zyxel Device Click this switch and make it turn blue Click Apply to activate WPS method 2 on the Zyxel Device Register Enter the PIN of the device that you are setting up a WPS connection with and click Register to authenticate and add the wireless device to yo...

Page 108: ... IP header of packets it sends WMM QoS WiFi MultiMedia Quality of Service gives high priority to voice and video which makes them run more smoothly If the 802 11 Mode in Network Setting Wireless Others is set to include 802 11n or 802 11ac WMM cannot be disabled WMM Automatic Power Save Delivery APSD Select this option to extend the battery life of your mobile devices especially useful for small d...

Page 109: ...ase the output power to reduce interference with other APs Select one of the following 20 40 60 80 or 100 Beacon Interval When a wirelessly networked device sends a beacon it includes with it a beacon interval This specifies the time period before the device sends the beacon again The interval tells receiving devices on the network how long they can wait in low power mode before waking up to handl...

Page 110: ...The transmission rate of your Zyxel Device might be reduced Select 802 11a n ac Mixed to allow IEEE 802 11a IEEE 802 11n or IEEE 802 11ac compliant WiFi devices to associate with the Zyxel Device The transmission rate of your Zyxel Device might be reduced Select 802 11a n ac ax Mixed to allow IEEE 802 11a IEEE 802 11n IEEE 802 11ac or IEEE 802 11ax compliant WiFi devices to associate with the Zyxe...

Page 111: ... cursor over a bar graph to view the AP count and number of Current WLAN Channel Note If the current channel is a DFS channel the warning Channel scan process is denied because current channel is a DFS channel Channel 52 140 If you want to run channel scan please select a non DFS channel and try again appears Figure 64 Network Setting Wireless Channel Status 7 9 Technical Reference This section di...

Page 112: ...which there is no access point Wireless clients connect to one another in order to exchange information The following figure provides an example of a wireless network Figure 65 Example of a Wireless Network The wireless network is the part in the blue circle In this wireless network devices A and B use the access point AP to interact with the other devices such as the printer or with the Internet ...

Page 113: ...an use a wireless data network or understand the data carried on it These security standards do two things First they authenticate This means that only people presenting the right credentials often a username and password or a key phrase can access the network Second they encrypt This means that the information sent over the air is encoded Only people with the code key can understand the informati...

Page 114: ...lly the Zyxel Device acts like a beacon and regularly broadcasts the SSID in the area You can hide the SSID instead in which case the Zyxel Device does not broadcast the SSID In addition you should change the default SSID to something that is difficult to guess This type of security is fairly weak however because there are ways for unauthorized wireless devices to get the SSID In addition unauthor...

Page 115: ... message Many types of encryption use a key to protect the information in the wireless network The longer the key the stronger the encryption Every device in the wireless network must have the same key 7 9 4 Signal Problems Because wireless networks are radio networks their signals are subject to limitations of distance interference and absorption Problems with distance occur when the two radios a...

Page 116: ...iate with the same AP 7 9 6 1 Notes on Multiple BSSs A maximum of eight BSSs are allowed on one AP simultaneously You must use different keys for different BSSs If two wireless devices have different BSSIDs they are in different BSSs but have the same keys they may hear each other s communications but not communicate with each other MBSSID should not replace but rather be used in conjunction with ...

Page 117: ... authenticate the other in each of the two devices When WPS is activated on a device it has two minutes to find another device that also has WPS activated Then the two devices connect and set up a secure network by themselves 7 9 8 1 Push Button Configuration WPS Push Button Configuration PBC is initiated by pressing a button on each WPS enabled device and allowing them to connect automatically Yo...

Page 118: ...less router referred to here as the AP and a client device using the PIN method 1 Ensure WPS is enabled on both devices 2 Access the WPS section of the AP s configuration interface See the device s User s Guide for how to do this 3 Look for the client s WPS PIN it will be displayed either on the device or in the WPS section of the client s configuration interface see the device s User s Guide for ...

Page 119: ...hat receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the registrar is already part of a network it sends the existing information If not it generates the...

Page 120: ...if it supports both functions If the registrar is unconfigured the security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has connected to another device using WPS it becomes configured A configured wireless client can still act as enrollee or registrar in subsequent WPS connections but a configured access point can no longer act as enrollee It will be the ...

Page 121: ...int anyway in order to use the network In this case AP1 must be the registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 Figure 70 WPS Example Network Step 2 In step 3 you add another access point AP2 to your network AP2 is out of range of AP1 so you cannot use AP1 for the WPS handshake with the new access p...

Page 122: ... to the enrollee devices Whether the network uses WPA PSK or WPA2 PSK depends on the device You can check the configuration interface of the registrar device to discover the key the network is using if the device supports this feature Then you can enter the key into the non WPS device and join the network as normal the non WPS device must also support WPA PSK or WPA2 PSK When you use the PBC metho...

Page 123: ...ee or was not involved in the WPS handshake a rogue device must still associate with the access point to gain access to the network Check the MAC addresses of your wireless clients usually printed on a label on the bottom of the device If there is an unknown MAC address you can remove it or reset the AP ...

Page 124: ...o enable UPnP and UPnP NAT traversal on the Zyxel Device Section 8 4 on page 132 Use the Additional Subnet screen to configure IP alias and public static IP Section 8 5 on page 137 Use the STB Vendor ID screen to configure the Vendor IDs of the connected Set Top Box STB devices which have the Zyxel Device automatically create static DHCP entries for the STB devices when they request IP addresses S...

Page 125: ... prefix an IPv6 address 8 1 2 2 About UPnP Identifying UPnP Devices UPnP hardware is identified as an icon in the Network Connections folder Windows 10 Each UPnP compatible device installed on your network will appear as a separate icon Selecting the icon of a UPnP device will allow you to access the information and properties of that device NAT Traversal UPnP NAT traversal automates the process o...

Page 126: ...ction 8 9 on page 141 for technical background information on LANs 8 1 3 Before You Begin Find out the MAC addresses of your network devices if you intend to add them to the DHCP Client List screen 8 2 LAN Setup Use this screen to set the IP address and subnet mask of your Zyxel Device Configure DHCP settings to have the Zyxel Device or a DHCP server assign IP addresses to devices Click Network Se...

Page 127: ...Chapter 8 Home Networking EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 127 3 Click Apply to save your settings Figure 73 Network Setting Home Networking LAN Setup ...

Page 128: ...t DHCP Relay in the DHCP field IP Address Enter the IPv4 IP address of the actual remote DHCP server in this field IP Addressing Values This field is only available when you select Enable in the DHCP field Beginning IP Address This field specifies the first of the contiguous addresses in the IP address pool Ending IP Address This field specifies the last of the contiguous addresses in the IP addre...

Page 129: ...not This allows the Zyxel Device to check MLD packets passing through it and learn the multicast group membership It helps reduce multicast traffic MLD Mode Select Standard Mode to forward multicast packets to a port that joins the multicast group and broadcast unknown multicast packets from the WAN to all LAN ports Select Blocking Mode to block all unknown multicast packets from the WAN LAN IPv6 ...

Page 130: ...ss of a DNS server Enter the DNS server IPv6 addresses the Zyxel Device passes to the DHCP clients Select None if you do not want to configure IPv6 DNS servers DNS Query Scenario Select how the Zyxel Device handles clients DNS information requests IPv4 IPv6 DNS Server The Zyxel Device forwards the requests to both the IPv4 and IPv6 DNS servers and sends clients the first DNS information it receive...

Page 131: ...MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal notation A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory This address follows an industry standard that ensures no other adapter has a similar address IP Address This field displays the IP address relative to the f...

Page 132: ...twork Setting Home Networking UPnP to display the screen shown next Note To use UPnP NAT T enable NAT in the Network Setting Broadband Edit Add New WAN Interface screen Figure 76 Network Setting Home Networking UPnP Select Device Info Select a device or computer from the drop down list or select Manual Input to manually enter a device s MAC address and IP address in the following fields MAC Addres...

Page 133: ...ss the Web Configurator UPnP NAT T State UPnP NAT T Click this switch to allow UPnP enabled applications to automatically configure the Zyxel Device so that they can communicate through the Zyxel Device by using NAT traversal When the switch goes to the right the function is enabled Otherwise it is not UPnP applications automatically reserve a NAT forwarding port in order to communicate with anoth...

Page 134: ...ange Advanced Sharing Settings 3 Select Turn on network discovery and click Save Changes Network discovery allows your computer to find other computers and devices on the network and other computers on the network to find your computer This makes it easier to share files and printers ...

Page 135: ... the UPnP feature in Windows 10 UPnP server is installed in Windows 10 Activate UPnP on the Zyxel Device in Network Setting Home Networking UPnP Make sure the computer is connected to the LAN port of the Zyxel Device Turn on your computer and the Zyxel Device 1 Click the start icon Settings and then Network Internet 2 Click Network and Sharing Center ...

Page 136: ...dvanced sharing settings 4 Under Domain select Turn on network discovery and click Save Changes Network discovery allows your computer to find other computers and devices on the network and other computers on the network to find your computer This makes it easier to share files and printers ...

Page 137: ... networks over the same Ethernet interface The Zyxel Device supports multiple logical LAN interfaces via its physical Ethernet interface with the Zyxel Device itself as the gateway for the LAN network When you use IP alias you can also configure firewall rules to control access to the LAN s logical network subnet If your ISP provides the Public LAN service the Zyxel Device may use a LAN IP address...

Page 138: ...Your Zyxel Device will automatically calculate the subnet mask based on the IPv4 address that you assign Unless you are implementing subnetting use this value computed by the Zyxel Device Public LAN Active Click this switch to enable or disable the Public LAN feature When the switch goes to the right the function is enabled Otherwise it is not Your ISP must support Public LAN and static IP IPv4 Ad...

Page 139: ...u to remotely turn on a device on the network such as a computer storage device or media server To use this feature the remote hardware for example the network adapter on a computer must support Wake On LAN using the Magic Packet method You need to know the MAC address of the LAN device It may be on a label on the device or in its documentation Table 37 Network Setting Home Networking STB Vendor I...

Page 140: ...Network Setting Home Networking TFTP Server Name Table 38 Network Setting Home Networking Wake on LAN LABEL DESCRIPTION Wake by Address Select Manual and enter the IP address or MAC address of the device to turn it on remotely The drop down list also lists the IP addresses that can be found in the Zyxel Device s ARP table If you select an IP address the MAC address of the device with the selected ...

Page 141: ...ients to obtain TCP IP configuration at start up from a server You can configure the Zyxel Device as a DHCP server or disable it When configured as a server the Zyxel Device provides the TCP IP configuration for the clients If you turn DHCP service off you must have another DHCP server on your LAN or else the computer must be manually configured IP Pool Setup The Zyxel Device is pre configured wit...

Page 142: ... IP Address and Subnet Mask Similar to the way houses on a street share a common street name so too do computers on a LAN share one common network number Where you obtain your network number depends on your particular situation If the ISP or your network administrator assigns you a block of registered IP addresses follow their instructions in selecting the IP addresses and the subnet mask If the I...

Page 143: ...68 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the ...

Page 144: ...l Device s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the LAN Figure 82 Example of Routing Topology 9 2 Static Route Settings Use this screen to view and configure the static route rules on the Zyxel Device A static route is used to ...

Page 145: ...ute is active or not A yellow bulb signifies that this route is active A gray bulb signifies that this route is not active Name This is the name that describes or identifies this route Destination IP This parameter specifies the IP network address of the final destination Routing is always based on network number Subnet Mask Prefix Length This parameter specifies the IP network subnet mask of the ...

Page 146: ...tion Subnet Mask If you are using IPv4 and need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID Enter the IP subnet mask here Use Gateway IP Address The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their desti...

Page 147: ...d New DNS Route in the Network Setting Routing DNS Route screen The screen shown next appears Table 42 Network Setting Routing DNS Route LABEL DESCRIPTION Add New DNS Route Click this to add a new DNS route This is the index number of a DNS route Status This field displays whether the DNS route is active or not A yellow bulb signifies that this DNS route is active A gray bulb signifies that this D...

Page 148: ... forwarding to direct traffic from different users through different connections or distribute traffic among multiple paths for load sharing Table 43 DNS Route Add LABEL DESCRIPTION Active Click this switch to enable or disable the DNS route When the switch goes to the right the function is enabled Otherwise it is not Domain Name Enter the domain name of the DNS route entry Subnet Mask Enter the s...

Page 149: ...e DNS route is active or not A yellow bulb signifies that this DNS route is active A gray bulb signifies that this DNS route is not active Name This is the name of the rule Source IP This is the source IP address Source Subnet Mask This is the source subnet mask address Protocol This is the transport layer protocol Source Port This is the source port number Source MAC This is the source MAC addres...

Page 150: ...ht the function is enabled Otherwise it is not Route Name Enter a descriptive name of up to 8 printable English keyboard characters not including spaces Source IP Address Enter the source IP address Source Subnet Mask Enter the source subnet mask address Protocol Select the transport layer protocol TCP or UDP Source Port Enter the source port number Source MAC Enter the source MAC address SourceIn...

Page 151: ...ls the format and the broadcasting method of the RIP packets that the Zyxel Device sends it recognizes both formats when receiving RIP version 1 is universally supported but RIP version 2 carries more information RIP version 1 is probably adequate for most networks unless you have an unusual network topology Operation Select Passive to have the Zyxel Device update the routing table based on the RI...

Page 152: ...ere is congestion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Voice over IP VoIP or Internet gaming and those for which jitter alone is a problem such as Internet radio or streaming video There are eight priority levels with 1 having the high...

Page 153: ...802 1p priority level and VLAN ID number in a matched packet When the packet passes through a compatible network the networking device such as a backbone switch can provide specific treatment or service based on the tag or marker Traffic Shaping Bursty traffic may cause network congestion Traffic shaping regulates packets to be transmitted with a pre configured data transmission rate using buffers...

Page 154: ...QoS and set the upstream bandwidth or assign traffic priority See Section 10 1 on page 152 for more information When one of the following situations happens the current WAN linkup rate will be used instead 1 WAN Managed Upstream Bandwidth is set to 0 2 WAN Managed Upstream Bandwidth is empty 3 WAN Managed Upstream Bandwidth is higher than the current WAN interface linkup rate Note Manually defined...

Page 155: ...ble bandwidth If you leave this field blank the Zyxel Device automatically sets this number to be 95 of the WAN interfaces actual upstream transmission speed LAN Managed Downstream Bandwidth Enter the amount of downstream bandwidth for the LAN interfaces including wireless LAN that you want to allocate using QoS The recommendation is to set this speed to match the WAN interfaces actual transmissio...

Page 156: ... queue is not active Name This shows the descriptive name of this queue Interface This shows the name of the Zyxel Device s interface through which traffic in this queue passes Priority This shows the priority of this queue The lower the number the higher the priority level Weight This shows the weight of this queue Buffer Management This shows the queue management algorithm used for this queue Qu...

Page 157: ...rity queues gets through faster while traffic in lower priority queues is dropped if the network is congested Weight Select the weight from 1 to 8 of this queue If two queues have the same priority level the Zyxel Device divides the bandwidth across the queues according to their weights Queues with larger weights get more bandwidth than queues with smaller weights Buffer Management This field disp...

Page 158: ...reen or the Edit icon next to a classifier to open the following screen Table 50 Network Setting QoS Classification Setup LABEL DESCRIPTION Add New Classification Click this to create a new classifier Order This is the index number of the entry The classifiers are applied in order of their numbering Status This field displays whether the classifier is active or not A yellow bulb signifies that thi...

Page 159: ...Chapter 10 Quality of Service QoS EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 159 Figure 94 Classification Setup Add Edit ...

Page 160: ...source MAC Select the check box and enter the source MAC address of the packet MAC Mask Type the mask for the specified MAC address to determine which bits a packet s MAC address should match Enter f for each bit of the specified source MAC address that the traffic s MAC address should match Enter 0 for the bit s of the matched traffic s MAC address which can be of any hexadecimal character s For ...

Page 161: ...option and enter the minimum and maximum packet length from 46 to 1500 in the fields provided DSCP This field is available only when you select IP in the Ether Type field Select this option and specify a DSCP DiffServ Code Point number between 0 and 63 in the field provided 802 1P This field is available only when you select 802 1Q in the Ether Type field Select this option and select a priority l...

Page 162: ... according to the default routing table Step5 Outgoing Queue Selection To Queue Index Select a queue that applies to this class You should have configured a queue in the Queue Setup screen already Cancel Click Cancel to exit this screen without saving any changes OK Click OK to save your changes Table 51 Classification Setup Add Edit continued LABEL DESCRIPTION Table 52 Network Setting QoS Shaper ...

Page 163: ... and apply actions such as drop pass or modify to the DSCP value of matched traffic Click Network Setting QoS Policer Setup The screen appears as shown Figure 97 Network Setting QoS Policer Setup Table 53 Shaper Setup Add Edit LABEL DESCRIPTION Active Click this switch to enable or disable the shaper When the switch turns blue the function is enabled Otherwise it is not Interface Select a Zyxel De...

Page 164: ...ies that this policer is active A gray bulb signifies that this policer is not active Name This field displays the descriptive name of this policer Regulated Classes This field displays the name of a QoS classifier Meter Type This field displays the type of QoS metering algorithm used in this policer Rule These are the rates and burst sizes against which the policer checks the traffic of the membe...

Page 165: ...control when traffic can be transmitted Each token represents one byte The algorithm allows bursts of up to b bytes which is also the bucket size The Single Rate Three Color Marker srTCM is based on the token bucket filter and identifies packets by comparing them to the Committed Information Rate CIR the Committed Burst Size CBS and the Excess Burst Size EBS The Two Rate Three Color Marker trTCM i...

Page 166: ...ble when you select Two Rate Three Color in the Meter Type field Conforming Action Specify what the Zyxel Device does for packets within the committed rate and burst size green marked packets Pass Send the packets without modification DSCP Mark Change the DSCP mark value of the packets Enter the DSCP mark value to use Partial Conforming Action Specify the action that the Zyxel Device takes on yell...

Page 167: ...ar service or give advanced notice of where the traffic is going DSCP and Per Hop Behavior DiffServ defines a new Differentiated Services DS field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS field DSCP is backward compatible with the three...

Page 168: ...Assignment If you enable QoS on the Zyxel Device the Zyxel Device can automatically base on the IEEE 802 1p priority level IP precedence and or packet length to assign priority to traffic which does not match a class The following table shows you the internal layer 2 and layer 3 QoS mapping on the Zyxel Device On the Zyxel Device traffic assigned to higher priority queues gets through faster while...

Page 169: ...l enough tokens are available in the bucket In traffic policing Drops it Transmits it but adds a DSCP mark The Zyxel Device may drop these marked packets if the network is overloaded Configure the bucket size to be equal to or less than the amount of the bandwidth that the interface can support It does not help if you set it to a bucket size over the interface s capability The smaller the bucket s...

Page 170: ...TCM defined in RFC 2698 is a type of traffic policing that identifies packets by comparing them to two user defined rates the Committed Information Rate CIR and the Peak Information Rate PIR The CIR specifies the average rate at which packets are admitted to the network The PIR is greater than or equal to the CIR CIR and PIR values are based on the guaranteed and maximum bandwidth respectively as ...

Page 171: ...the Zyxel Device Section 11 5 on page 180 Use the Address Mapping screen to configure the Zyxel Device s address mapping settings Section 11 6 on page 181 Use the Sessions screen to configure the Zyxel Device s maximum number of NAT sessions Section 11 6 on page 181 11 1 2 What You Need To Know Inside Outside Inside outside denotes where a host is located relative to the Zyxel Device for example t...

Page 172: ... service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports The most often used port numbers and services are shown in App...

Page 173: ...eld displays whether the NAT rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active Service Name This shows the service s name Originating IP This field displays the source IP address from the WAN interface WAN Interface This shows the WAN interface through which the service is forwarded Server IP Address This is the server s IP ad...

Page 174: ...n the Start Port End Port Translation Start Port and Translation End Port fields Note To configure port translation you need to have different configurations in the Start Port End Port Translation Start Port and Translation End Port fields Note TCP port 7547 is reserved for system use Translation End Port This is the last internal port number that identifies a service Protocol This shows the IP pr...

Page 175: ...service is forwarded You must have already configured a WAN connection with NAT enabled Note This field is not available if you select Obtain WAN IP Automatically Start Port Enter the original destination port for the packets To forward only one port enter the port number again in the End Port field To forward a series of ports enter the start port number here and the end port number in the End Po...

Page 176: ...rds the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service closes another computer on the LAN can use the service in the same manner This way you do not need to configure a new IP address each time you want a different LAN computer to use the application Note TCP port 7547 is reserved for system use Note The maximum number of trigg...

Page 177: ...6970 7170 3 The Real Audio server responds using a port number ranging between 6970 7170 4 The Zyxel Device forwards the traffic to Jane s computer IP address 5 Only Jane can connect to the Real Audio server until the connection is closed or times out The Zyxel Device times out in three minutes with UDP User Datagram Protocol or two hours with TCP IP Transfer Control Protocol Internet Protocol Cli...

Page 178: ...the service used by this rule WAN Interface This field shows the WAN interface through which the service is forwarded Trigger Start Port The trigger port is a port or a range of ports that causes or triggers the Zyxel Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN This is the first port number that identifies a service Trigger End Port This is the ...

Page 179: ...r port is a port or a range of ports that causes or triggers the Zyxel Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN Type a port number or the starting port number in a range of port numbers Trigger End Port Type a port number or the ending port number in a range of port numbers Trigger Protocol Select the transport layer protocol from TCP UDP or ...

Page 180: ...applications It allows SIP calls to pass through the Zyxel Device When the Zyxel Device registers with the SIP register server the SIP ALG translates the Zyxel Device s private IP address inside the SIP data stream to a public IP address You do not need to use STUN or an outbound proxy if your Zyxel Device is behind a SIP ALG Use this screen to enable and disable the ALGs in the Zyxel Device To ac...

Page 181: ... ALG Enable this to make sure applications such as FTP and file transfer in IM applications work correctly with port forwarding and address mapping rules SIP ALG Enable this to make sure SIP VoIP works correctly with port forwarding and address mapping rules RTSP ALG Enable this to have the Zyxel Device detect RTSP traffic and help build RTSP sessions through its NAT The Real Time Streaming media ...

Page 182: ...This is the starting Inside Global IP Address IGA Enter 0 0 0 0 here if you have a dynamic IP address from your ISP You can only do this for the Many to One mapping type Global End IP This is the ending Inside Global IP Address IGA This field is blank for One to One and Many to One mapping types Type This is the address mapping type One to One This mode maps one local IP address to one global IP a...

Page 183: ...alent to SUA for example PAT port address translation the Zyxel Device s Single User Account feature that previous routers supported only Many to Many This mode maps multiple local IP addresses to shared global IP addresses Local Start IP Enter the starting Inside Local IP Address ILA Local End IP Enter the ending Inside Local IP Address ILA If the rule is for all local IP addresses then this fiel...

Page 184: ... Global local denotes the IP address of a host in a packet as the packet traverses a router for example the local address refers to the IP address of a host when the packet is in the local network while the global address refers to the IP address of the host when the same packet is traveling in the WAN side Note that inside outside refers to the location of a host while global local refers to the ...

Page 185: ... your Zyxel Device filters out all incoming inquiries thus preventing intruders from probing your network For more information on IP address translation refer to RFC 1631 The IP Network Address Translator NAT 11 8 3 How NAT Works Each packet has two addresses a source address and a destination address For outgoing packets the ILA Inside Local Address is the source address on the LAN and the IGA In...

Page 186: ...uide 186 Figure 110 How NAT Works 11 8 4 NAT Application The following figure illustrates a possible NAT application where three inside LANs logical LANs using IP alias behind the Zyxel Device can communicate with three distinct WAN networks Figure 111 NAT Application With IP Alias ...

Page 187: ...ther B in the example and assign a default server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 112 Multiple Servers Behind NAT Example Table 68 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer P...

Page 188: ... can contact you in NetMeeting CU SeeMe and so on You can also access your FTP server or Web site on your own computer using a domain name for instance myhost dhs org where myhost is a name of your choice that will never change instead of using an IP address that changes each time you reconnect Your friends or relatives will always be able to call you even if they don t know your IP address You fi...

Page 189: ...st s local name and home is the domain name Figure 113 Network Setting DNS DNS Entry The following table describes the fields in this screen 12 2 1 Add Edit DNS Entry You can manually add or edit the Zyxel Device s DNS name and IP address entry Click Add New DNS Entry in the DNS Entry screen or the Edit icon next to the entry you want to edit The screen shown next appears Table 69 Network Setting ...

Page 190: ...dynamic IP address mapping to a hostname Use this screen to configure a DDNS service provider on your Zyxel Device Click Network Setting DNS Dynamic DNS The screen appears as shown Table 70 DNS Entry Add Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry IP Address Enter the IP address of the DNS entry Cancel Click Cancel to restore your previously saved settings OK Click OK to ...

Page 191: ... Password Type the password assigned to you Enable Wildcard Option Select the check box to enable DynDNS Wildcard Enable Off Line Option Only applies to custom DNS Check with your Dynamic DNS service provider to have traffic redirected to a URL that you can specify while you are off line Dynamic DNS Status User Authentication Result This shows Success if the account is correctly set up with the Dy...

Page 192: ...ticast groups the hosts want to join on its network MLD snooping and MLD proxy are analogous to IGMP snooping and IGMP proxy in IPv4 MLD filtering controls which multicast groups a port can join An MLD Report message is equivalent to an IGMP Report message and a MLD Done message is equivalent to an IGMP Leave message IGMP Fast Leave When a host leaves a multicast group 224 1 1 1 it sends an IGMP l...

Page 193: ...ult Version Enter the version of IGMP 1 3 and MLD 1 2 that you want the Zyxel Device to use on the WAN Query Interval Enter the number of seconds the Zyxel Device sends a query message to hosts to get the group membership information Query Response Interval Enter the maximum number of seconds the Zyxel Device can wait for receiving a General Query message Multicast routers use general queries to l...

Page 194: ... of multicast data sources 1 24 a multicast group is allowed to have Note The setting only works for IGMPv3 and MLDv2 Maximum Multicast Groups Members Enter a number to limit the number of multicast members a multicast group can have Fast Leave Enable Select this option to set the Zyxel Device to remove a port from the multicast tree immediately without sending an IGMP or MLD membership query mess...

Page 195: ...rts in the same VLAN as the server Ports can belong to other VLAN groups too VLAN groups can be modified at any time by adding moving or changing ports without any re cabling A tagged VLAN uses an explicit tag VLAN ID in the MAC header to identify the VLAN membership of a frame across bridges The VLAN ID associates a frame with a specific VLAN and provides the information that switches the need to...

Page 196: ...ing screen Use this screen to create a new VLAN group Figure 119 Add Edit VLAN Group Table 73 Network Setting VLAN Group LABEL DESCRIPTION Add New VLAN Group Click this button to create a new VLAN group This is the index number of the VLAN group Group Name This shows the descriptive name of the VLAN group VLAN ID This shows the unique ID number that identifies the VLAN group Interface This shows t...

Page 197: ... hyphens and underscores _ Spaces are not allowed VLAN ID Enter a unique ID number from 1 to 4 094 to identify this VLAN group Outgoing traffic is tagged with this ID if TX Tagging is selected below LAN Select Include to add the associated LAN interface to this VLAN group Note Select TX Tagging to tag outgoing traffic from the associated LAN port with the VLAN ID number entered above Cancel Click ...

Page 198: ... Alternatively you can have the Zyxel Device automatically add the incoming traffic and the LAN interface on which traffic is received to an interface group when its DHCP Vendor ID option information matches one listed for the interface group Use the LAN Setup screen to configure the private IP addresses the DHCP server on the Zyxel Device assigns to the clients in the default and or user defined ...

Page 199: ...tting Interface Grouping to open the following screen Figure 121 Network Setting Interface Grouping The following table describes the fields in this screen Table 75 Network Setting Interface Grouping LABEL DESCRIPTION Add New Interface Group Click this button to create a new interface group Group Name This shows the descriptive name of the group WAN Interface This shows the WAN interfaces in the g...

Page 200: ...ts to a new group use filtering criteria Note An interface can belong to only one group at a time Note After configuring a vendor ID reboot the client device attached to the Zyxel Device to obtain an appropriate IP address Note You can have up to 15 filter criteria Modify Click the Edit icon to modify an existing Interface group setting or click the Delete icon to remove the Interface group Add Cl...

Page 201: ...are not allowed WAN Interfaces used in the grouping Select the WAN interface this group uses The group can have up to one ETH interface and one WWAN interface Select None to not add a WAN interface to this group Selected LAN Interfaces Available LAN Interfaces Select one or more LAN interfaces Ethernet LAN HPNA or wireless LAN in the Available LAN Interfaces list and use the left arrow to move the...

Page 202: ...ter Criteria This shows the filtering criteria The LAN interface on which the matched traffic is received will belong to this group automatically WildCard Support This shows if wildcard on DHCP option 60 is enabled Modify Click the Edit icon to change the group setting Click the Delete icon to delete this group from the Zyxel Device Cancel Click Cancel to exit this screen without saving any change...

Page 203: ...yxel Device Figure 123 File Sharing Overview The Zyxel Device will not be able to join the workgroup if your local area network has restrictions set up that do not allow devices to join a workgroup In this case contact your network administrator 16 1 1 What You Can Do in this Chapter Use the File Sharing screen to enable file sharing server Section 16 1 3 on page 204 Use the Media Server screen to...

Page 204: ...xel Device uses Common Internet File System CIFS protocol for its file sharing functions CIFS compatible computers can access the USB file storage devices connected to the Zyxel Device CIFS protocol is supported on Microsoft Windows Linux Samba and other operating systems refer to your systems specifications for CIFS compatibility 16 1 3 Before You Begin Make sure the Zyxel Device is connected to ...

Page 205: ...is is the volume name the Zyxel Device gives to an inserted USB device Capacity This is the total available memory size in megabytes on the USB device Used Space This is the memory size in megabytes already used on the USB device Server Configuration File Sharing Services Click this switch to enable or disable file sharing through the Zyxel Device When the switch goes to the right the function is ...

Page 206: ...re Path This field displays the path for the share directories folders on the PON Device These are the directories folders on your USB storage device Share Description This field displays information about the share Modify Click the Edit icon to change the settings of an existing share Click the Delete icon to delete this share in the list Account Management Add New User Click this button to creat...

Page 207: ...rage device connected to the Zyxel Device Use hardware based media clients like the DMA 2500 to play the files Note Anyone on your network can play the media files in the published shares No user name and password or other form of security is used The media server is enabled by default with the video photo and music shares published Table 78 Network Setting USB Service Media Server LABEL DESCRIPTI...

Page 208: ...ice function as a DLNA compliant media server When the switch goes to the right the function is enabled Otherwise it is not Enable the media server to let DLNA compliant media clients on your network play media files located in the shares Interface Select an interface on which you want to enable the media server function An interface can be added or modified in Network Setting Interface Grouping M...

Page 209: ...ll action User A can initiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 127 Default Firewall Action 17 1 1 What You Can Do in this Chapter Use the General screen to configure the security level of the firewall on the Zyxel Device Section 17 2 on page 210 Use the ...

Page 210: ...ial of service for users of the targeted system LAND Attack In a LAND attack hackers flood SYN packets into the network with a spoofed source IP address of the target system This makes it appear as if the host computer sent the packets to itself making the system unavailable while the target system tries to respond to itself Ping of Death Ping of Death uses a ping utility to create and send an IP ...

Page 211: ...firewall feature on the Zyxel Device for IPv4 traffic When the switch goes to the right the function is enabled Otherwise it is disabled IPv6 Firewall Use the switch to turn on or off the firewall feature on the Zyxel Device for IPv6 traffic When the switch goes to the right the function is enabled Otherwise it is disabled Low Select Low to allow traffic from LAN to WAN or from WAN to LAN Medium S...

Page 212: ... table describes the labels in this screen 17 3 1 Add New Edit Protocol Entry Use this screen to add a customized service rule that you can use in the firewall s ACL rule configuration Click Add New Protocol Entry or the Edit icon next to an existing service in the Protocol screen to display the following screen Table 81 Security Firewall Protocol LABEL DESCRIPTION Add New Protocol Entry Click thi...

Page 213: ...l Choose the IP protocol TCP UDP ICMP ICMPv6 or Other that defines your customized port from the drop down list box Select Other to be able to enter a protocol number Protocol Number This field is displayed if you select Other as the protocol Enter the protocol number of your customized port Source Port This field is displayed if you select either the TCP or UDP protocol You may set it to Any Sing...

Page 214: ... This is the index number of the entry Name This displays the name of the rule Src IP This displays the source IP addresses to which this rule applies Please note that a blank source address is equivalent to Any Dst IP This displays the destination IP addresses to which this rule applies Please note that a blank destination address is equivalent to Any Service This displays the transport layer pro...

Page 215: ...is field is read only if you are editing the ACL rule Order Select the order of the ACL rule Select Source IP Address Select the source device to which the ACL rule applies If you select Specific IP Address enter the source IP address in the field below Source IP Address Enter the source IP address Select Destination Device Select the destination device to which the ACL rule applies If you select ...

Page 216: ... have either TCP or UDP in the Protocol field Enter a single port number or the range of port numbers of the destination TCP flag This field is displayed only when you select Specific Service in Select Service and have TCP in the Protocol field Select one of the following TCP flags SYN Synchronize ACK Acknowledge URG Urgent PSH Push RST Reset or FIN Finished Type This field is displayed only when ...

Page 217: ...wall DoS The following table describes the labels in this screen Table 85 Security Firewall DoS LABEL DESCRIPTION DoS Protection Blocking Select Enable to enable protection against DoS attacks Cancel Click Cancel to restore your previously saved settings Apply Click Apply to save your changes ...

Page 218: ...sts of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC addresses of the LAN client to configure this screen 18 2 MAC Filter Settings Enable MAC Address Filter and add the host name and MAC address of a LAN client to the table if you wish to allow or deny them access to your network Click Security MAC Filter The screen appears as shown Figure 134 Security ...

Page 219: ...ton to create a new entry Set This is the index number of the MAC address Active Select Active to enable the MAC filter rule The rule will not be applied if Allow is not selected Host Name Enter the host name of the wireless or LAN clients that are allowed access to the Zyxel Device MAC Address Enter the MAC addresses of the wireless or LAN clients that are allowed access to the Zyxel Device in th...

Page 220: ...ol and view parental control rules and schedules You can limit the time a user can access the Internet and prevent users from viewing inappropriate content or participating in specified online activities These rules are defined in a Parental Control Profile PCP Click Security Parental Control to open the following screen Figure 136 Security Parental Control The following table describes the fields...

Page 221: ...A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active PCP Name This shows the name of the rule Home Network User MAC This shows the MAC address of the LAN user s computer to which this rule applies Internet Access Schedule This shows the day s and time on which parental control is enabled Network Service This shows whether the network service is config...

Page 222: ...Chapter 19 Parental Control EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 222 Figure 137 Security Parental Control Add Edit PCP General Rule List Internet Access Schedule ...

Page 223: ... s MAC address then click the Add icon to enter a computer MAC address for this PCP Up to five are allowed Click the Delete icon to remove one Internet Access Schedule Day Select check boxes for the days that you want the Zyxel Device to perform parental control Time Drag the time bar to define the time that the LAN user is allowed access Authorized access or denied access No access Add New Servic...

Page 224: ...s except ones listed below Add Click Add to show a screen to enter the URL of web site or URL keyword to which the Zyxel Device blocks or allows access This shows the index number of the rule Website This shows the URL of web site or URL keyword to which the Zyxel Device blocks or allows access Modify Click the Edit icon to go to the screen where you can edit the rule Click the Delete icon to dele...

Page 225: ...Keyword Table 89 Security Parental Control Add Edit PCP Add New Service LABEL DESCRIPTION Add New Service Select the name of the service from the drop down list Otherwise select User Define and specify the name protocol and port of the service If you have chosen a pre defined service in the Service Name field this field will not be configurable Protocol Select the transport layer protocol used for...

Page 226: ... this screen Table 90 Security Parental Control Add Edit PCP Add Keyword LABEL DESCRIPTION Site URL Keyword Enter a keyword and click OK to have the Zyxel Device block access to the website URLs that contain the keyword Cancel Click Cancel to exit this screen without saving any changes OK Click OK to save your changes ...

Page 227: ...pen the following screen Figure 142 Security Scheduler Rule The following table describes the fields in this screen Table 91 Security Scheduler Rule LABEL DESCRIPTION Add New Rule Click this to create a new rule This is the index number of the entry Rule Name This shows the name of the rule Day This shows the day s on which this rule is enabled Time This shows the period of time on which this rule...

Page 228: ...s the fields in this screen Table 92 Scheduler Rule Add Edit LABEL DESCRIPTION Rule Name Enter a name up to 31 printable English keyboard characters not including spaces for this schedule Day Select check boxes for the days that you want the Zyxel Device to perform this scheduler rule Time of Day Range Enter the time period of each day in 24 hour format during which the rule will be enforced Descr...

Page 229: ...d to Know The following terms and concepts may help as you read through this chapter Certification Authority A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities The certification authority uses its private key to sign certificates An...

Page 230: ...el Device generate a certification request Current File This field displays the name used to identify this certificate It is recommended that you give each certificate a unique name Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certific...

Page 231: ...nfigure this field automatically Or select Customize to enter it manually Type the IP address in dotted decimal notation domain name or e mail address in the field provided The domain name or e mail address can be up to 63 ASCII characters The domain name or e mail address is for identification purposes only and can be any string Organization Name Type up to 63 characters to identify the company o...

Page 232: ...Request View LABEL DESCRIPTION Name This field displays the identifying name of this certificate Type This field displays general information about the certificate ca means that a Certification Authority signed the certificate Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C ...

Page 233: ...py and paste the certificate into a text editor and save the file on a management computer for later distribution Private Key This field displays the private key of this certificate Signing Request This field displays the CSR Certificate Signing Request information of this certificate The CSR will be provided to a certificate authority and it includes information about the public key organization ...

Page 234: ...tributed to others Figure 148 Trusted CA View Type This field displays general information about the certificate ca means that a Certification Authority signed the certificate Modify Click the View icon to open a screen with an in depth list of information about the certificate or certification request Click the Remove button to delete the certificate or certification request You cannot delete a c...

Page 235: ...ted CA View LABEL DESCRIPTION Name This field displays the identifying name of this certificate This read only text box displays the certificate in Privacy Enhanced Mail PEM format PEM uses base 64 to convert the binary certificate into a printable form You can copy and paste the certificate into an e mail to send to friends or colleagues or you can copy and paste the certificate into a text edito...

Page 236: ... the phones connected to the Zyxel Device Use the SIP Service Provider screen Section 22 4 on page 242 to configure the SIP server information QoS for VoIP calls the numbers for certain phone functions and dialing plan Use the Phone Device screen Section 22 5 on page 247 to control which SIP account s each phone uses to handle outgoing and incoming calls Use the Region screen Section 22 6 on page ...

Page 237: ...to call another without involving a SIP service provider However the networking difficulties involved in doing this make it tremendously impractical under normal circumstances Your SIP account provider removes these difficulties by taking care of the call routing and setup figuring out how to get your call to the right place in a way that you and the other person can talk to one another SIP Addres...

Page 238: ...50 VoIP SIP SIP Account Each field is described in the following table 22 3 1 SIP Account Add Edit Use this screen to configure a SIP account and map it to a phone port in the Phone Device screen To access this screen click the Add New Account button or click the Edit icon of an entry in the VoIP SIP SIP Account screen Note You do not necessarily need to use all these fields to set up your account...

Page 239: ...Chapter 22 VoIP EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 239 Figure 151 VoIP SIP SIP Account Add New Account Edit ...

Page 240: ...II Extended set characters URL Type URL Type Select whether or not to include the SIP service domain name when the Zyxel Device sends the SIP address SIP include the SIP service domain name TEL do not include the SIP service domain name Voice Features Primary Compression Type Secondary Compression Type Third Compression Type Select the type of voice coder decoder codec that you want the Zyxel Devi...

Page 241: ...ng calls to the specified phone number if the phone port is busy Specify the phone number in the To Number field on the right If you have call waiting the incoming call is forwarded to the specified phone number if you reject or ignore the second incoming call Enable No Answer Forward Select this if you want the Zyxel Device to forward incoming calls to the specified phone number if the call is un...

Page 242: ...for the e mail address specified below If you select None here e mail notifications will not be sent via e mail You must have configured a mail account already in the Email Notification screen Send Notification to e mail Notifications are sent to the e mail address specified in this field If this field is left blank notifications will not be sent via e mail Missed Call e mail Title Type a title th...

Page 243: ...o see and configure only the fields needed for this feature Table 101 VoIP SIP SIP Service Provider LABEL DESCRIPTION Add New Provider Click this button to add a new SIP service provider This is the index number of the entry SIP Service Provider Name This shows the name of the SIP service provider SIP Proxy Server Address This shows the IP address or domain name of the SIP server REGISTER Server A...

Page 244: ...Chapter 22 VoIP EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 244 Figure 153 VoIP SIP SIP Service Provider Add New Provider Edit ...

Page 245: ...n Enter the SIP service domain name In the full SIP URI this is the part after the symbol You can use up to 127 printable ASCII Extended set characters RFC Support PRACK RFC 3262 Require 100rel PRACK RFC 3262 defines a mechanism to provide reliable transmission of SIP provisional response messages which convey information on the processing progress of the request This uses the option tag 100rel an...

Page 246: ...ice Select AES_CM_128_HMAC_SHA1_80 or AES_CM_128_HMAC_SHA1_32 to enable both data encryption and authentication for voice data Select AES_CM_128_NULL to use 128 bit data encryption but disable data authentication Select NULL_CIPHER_HMAC_SHA1_80 to disable encryption but require authentication using the default 80 bit tag DTMF Mode DTMF Mode Control how the Zyxel Device handles the tones that your ...

Page 247: ...seconds the Zyxel Device lets a SIP session remain idle without traffic before it automatically disconnects the session Min SE Enter the minimum number of seconds the Zyxel Device lets a SIP session remain idle without traffic before it automatically disconnects the session When two SIP devices start a SIP session they must agree on an expiration time for idle sessions This field is the shortest e...

Page 248: ...P Phone Phone Device LABEL DESCRIPTION This displays the index number of the phone device Phone ID This field displays the name of a phone port on the Zyxel Device Internal Number This field displays the internal call prefix of a phone port on the Zyxel Device Incoming SIP Number This field displays the SIP address that you use to receive calls on this phone port Outgoing SIP Number This field dis...

Page 249: ...account if you want to receive phone calls for the selected SIP account on this phone port If you select more than one SIP account for incoming calls there is no way to distinguish between them when you receive phone calls If you do not select a source for incoming calls you cannot receive any calls on this phone port Immediate Dial Enable Select this if you want to use the pound key to tell the Z...

Page 250: ...e a shortcut the speed dial number 01 for example on your phone s keypad to call the phone number Table 105 VoIP Phone Region LABEL DESCRIPTION Region Setting Select the place in which the Zyxel Device is located Call Service Mode Select the mode for supplementary phone services call hold call waiting call transfer and three way conference calls that your VoIP service provider supports Europe Type...

Page 251: ... exceed the maximum value the earliest log of that type will be deleted Click VoIP Call History Call History The following screen displays Table 106 VoIP Call Rule LABEL DESCRIPTION Clear All Speed Dials Click this to erase all the speed dial entries on this screen Keys This field displays the speed dial number you should dial to use this entry Number Enter the SIP address you want the Zyxel Devic...

Page 252: ...calls originated from you that day Incoming Calls This displays how many calls you received that day Missing Calls This displays how many incoming calls were not answered that day Total Duration hh mm ss This displays how long all calls lasted that day Classify Select the type of the calls The call types are All Incoming Outgoing and Missed Type This displays the type of the calls Date Time This d...

Page 253: ...d telephone networks SIP Identities A SIP account uses an identity sometimes referred to as a SIP address A complete SIP identity is called a SIP URI Uniform Resource Identifier A SIP account s URI identifies the SIP account in a way similar to the way an e mail address identifies an e mail account The format of a SIP identity is SIP Number SIP Service Domain SIP Number The SIP number is the part ...

Page 254: ...the HTTP digest mechanism as detailed in RFC 3261 SIP Session Initiation Protocol SIP Servers SIP is a client server protocol A SIP client is an application program or device that sends SIP requests A SIP server responds to the SIP requests When you use SIP to make a VoIP call it originates at a client and terminates at a server A SIP client could be a computer or a SIP phone One device can act as...

Page 255: ...ice that originally sent the request can send requests to the IP address that it received back from the redirect server Redirect servers do not initiate SIP requests In the following example you want to use client device A to call someone who is using client device C 1 Client device A sends a call invitation for C to the SIP redirect server B 2 The SIP redirect server sends the invitation back to ...

Page 256: ... you make a VoIP call using SIP the RTP Real time Transport Protocol is used to handle voice data transfer See RFC 1889 for details on RTP Pulse Code Modulation Pulse Code Modulation PCM measures analog signal amplitudes at regular time intervals and converts them into bits SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call A calls B Table 1...

Page 257: ...Proxy Servers Usually the SIP UAC sets up a phone call by sending a request to the SIP proxy server Then the proxy server looks up the destination to which the call should be forwarded according to the URI requested by the SIP UAC The request may be forwarded to more than one proxy server before arriving at its destination The response to the request goes to all the proxy servers through which the...

Page 258: ...his is also relayed back to User Agent 1 via Proxy 1 6 User Agent 1 and User Agent 2 exchange RTP packets containing voice data directly without involving the proxies 7 When User Agent 2 hangs up he sends a BYE request 8 User Agent 1 replies with an OK response confirming receipt of the BYE request and the call is terminated Voice Coding A codec coder decoder codes analog voice signals into digita...

Page 259: ...s you know that the line is still connected as total silence could easily be mistaken for a lost connection Echo Cancellation G 168 is an ITU T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk MWI Message Waiting Indication Enable Message Waiting Indication MWI enables your phone to give you a message waiting beeping dial to...

Page 260: ...r phone s keypad and wait for the message that says you are in the configuration menu 2 Press a number from 1301 1308 followed by the key to delete the tone of your choice Press 14 followed by the key if you wish to clear all your custom tones You can continue to add listen to or delete tones or you can hang up the receiver when you are done 22 9 1 Quality of Service QoS Quality of Service QoS ref...

Page 261: ...t so that non DiffServ compliant ToS enabled network device will not conflict with the DSCP mapping Figure 163 DiffServ Differentiated Service Field The DSCP value determines the forwarding behavior the PHB Per Hop Behavior that each packet gets across the DiffServ network Based on the marking rule different kinds of traffic can be marked for different priorities of forwarding Resources can then b...

Page 262: ... before the default sub command timeout 2 seconds expires or issue an invalid sub command the current operation will be aborted European Call Hold Call hold allows you to put a call A on hold by pressing the flash key If you have another call press the flash key and then 2 to switch back and forth between caller A and B by putting either one on hold Press the flash key and then 0 to disconnect the...

Page 263: ...e caller on hold 2 When you hear the dial tone dial 98 followed by the number to which you want to transfer the call 3 After you hear the ring signal or the second party answers it hang up the phone European Three Way Conference Use the following steps to make three way conference calls 1 When you are on the phone talking to someone press the flash key to put the caller on hold and get a dial tone...

Page 264: ...all Transfer Do the following to transfer an incoming call that you have answered to another phone 1 Press the flash key to put the caller on hold 2 When you hear the dial tone dial 98 followed by the number to which you want to transfer the call 3 After you hear the ring signal or the second party answers it hang up the phone USA Three Way Conference Use the following steps to make three way conf...

Page 265: ... Transfer a call to another phone See Section 22 9 2 2 on page 262 Europe type and Section 22 9 2 3 on page 263 USA type 66 Call return Place a call to the last person who called you 95 Enable Do Not Disturb Use these to set your phone not to ring when someone calls you or to turn this function off 95 Disable Do Not Disturb 41 Enable Call Waiting Use these to allow you to put a call on hold when y...

Page 266: ...Errors consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages A syslog enabled device can generate a syslog message and send it to a syslog server Syslo...

Page 267: ... results according to the severity level you have selected When you select a severity the Zyxel Device searches through all logs of that severity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to save the current list of logs to your computer E mail Log Now Click this to send the log...

Page 268: ... Zyxel Device searches through all logs of that severity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to save the current list of logs to your computer E mail Log Now Click this to send the log file s to the e mail address you specify in the Maintenance E mail Notification screen T...

Page 269: ... Section 24 2 on page 269 Use the LAN screen to view the LAN traffic statistics Section 24 3 on page 270 Use the NAT screen to view the NAT status of the Zyxel Device s client s Section 24 4 on page 271 24 2 WAN Status Click System Monitor Traffic Status to open the WAN screen The figures in this screen show the total number of bytes received and sent through the Zyxel Device s WAN interface s Pac...

Page 270: ...rs transmitted on this interface Drop This indicates the number of outgoing packets dropped on this interface Packets Received Data This indicates the number of received packets on this interface Error This indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface Disabled Interface This shows the name of the ...

Page 271: ...ace Bytes Received This indicates the number of bytes received on this interface Interface This shows the LAN or wireless LAN interfaces on the Zyxel Device Sent Packets Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop This indicates the number of outgoing packets dropped on this interfa...

Page 272: ...ession This displays the number of NAT sessions currently opened for the connected host Total This displays what percentage of NAT sessions the Zyxel Device can support is currently being used by all connected hosts Table 119 System Monitor Traffic Status NAT continued LABEL DESCRIPTION ...

Page 273: ...9 System Monitor VoIP Status The following table describes the fields in this screen Table 120 System Monitor VoIP Status LABEL DESCRIPTION Poll Interval s Enter the number of seconds the Zyxel Device needs to wait before updating this screen and then click Set Interval Click Stop to have the Zyxel Device stop updating this screen SIP Status Account This column displays the index number of each SI...

Page 274: ...he SIP account You can change these in the VoIP SIP SIP Service Provider Add Edit and VoIP SIP SIP Account Add Edit screens Message Waiting This field indicates whether or not there are any new voice messages in the SIP account You have to enable the MWI function in the VoIP SIP SIP Account Add Edit screen and your VoIP service provider should also support the voice mail system and MWI feature Las...

Page 275: ...rt type used to receive the current VoIP call It shows SIP for an Outgoing Call and FXS for an Incoming Call or Internal Call When an Incoming Call s Status is Ringing the phone port type is Unknown Peer Number This field displays the SIP number of the party that is currently engaged in a VoIP call through a phone port It shows for an Internal Call Phone Status This table displays the name and the...

Page 276: ... looks in the ARP Table and if it finds the address sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The device fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the device puts all ones in the target MAC field FF FF FF FF FF F...

Page 277: ...stem Monitor ARP Table Figure 170 System Monitor ARP Table The following table describes the labels in this screen Table 121 System Monitor ARP Table LABEL DESCRIPTION This is the index number of the ARP or neighbor table entry IPv4 IPv6 Address This is the learned IPv4 or IPv6 IP address of a device connected to a port on the Zyxel Device MAC Address This is the MAC address of the device with the...

Page 278: ...nly and the Zyxel Device takes the shortest path to forward a packet 27 2 Routing Table Settings The table below shows IPv4 and IPv6 routing information The IPv4 subnet mask is 255 255 255 255 for a host destination and 0 0 0 0 for the default route The gateway address is written as IPv4 IPv6 if none is set Click System Monitor Routing Table to open the following screen ...

Page 279: ...een Table 122 System Monitor Routing Table LABEL DESCRIPTION IPv4 IPv6 Routing Table Destination This indicates the destination IPv4 address or IPv6 address and prefix of this route Gateway This indicates the IPv4 address or IPv6 address of the gateway that helps forward this route s traffic Subnet Mask This indicates the destination subnet mask of the IPv4 route ...

Page 280: ...mission A router determines the best route for transmission by choosing a path with the lowest cost The smaller the number the lower the cost Interface This indicates the name of the interface through which the route is forwarded brx indicates a LAN interface where x can be 0 3 to represent LAN1 to LAN4 respectively ethx indicates an Ethernet WAN interface using IPoE or in bridge mode ppp0 indicat...

Page 281: ...following table describes the labels in this screen Table 123 System Monitor Multicast Status IGMP Status LABEL DESCRIPTION Refresh Click this button to update the information on this screen Interface This field displays the name of the Zyxel Device interface that belongs to an IGMP multicast group Multicast Group This field displays the address of the IGMP multicast group to which the interface b...

Page 282: ...llowing table describes the labels in this screen Table 124 System Monitor Multicast Status MLD Status LABEL DESCRIPTION Refresh Click this button to update the status on this screen Interface This field displays the name of the Zyxel Device interface that belongs to an MLD multicast group Multicast Group This field displays the address of the MLD multicast group to which the interface belongs Fil...

Page 283: ...ity settings Figure 174 System Monitor WLAN Station Status The following table describes the labels in this screen Table 125 System Monitor WLAN Station Status LABEL DESCRIPTION This is the index number of an associated wireless station MAC Address This field displays the MAC address of an associated wireless station Rate Mbps This field displays the transmission rate of the WiFi traffic between a...

Page 284: ... number which represents the strength of the WiFi signal between an associated wireless station and the Zyxel Device The Zyxel Device uses the RSSI and SNR values to determine the strength of the WiFi signal 5 means the Zyxel Device is receiving an excellent WiFi signal 4 means the Zyxel Device is receiving a very good WiFi signal 3 means the Zyxel Device is receiving a weak WiFi signal 2 means th...

Page 285: ...nternet connection status By default a cellular WAN connection is used as a backup for the wired DSL Ethernet WAN connections 30 2 Cellular Statistics Settings To open this screen click System Monitor Cellular Statistics Cellular information is available on this screen only when you insert a compatible cellular dongle in the USB port on the Zyxel Device Figure 175 System Monitor Cellular Statistic...

Page 286: ... Downlink Packet Access 3 5G HSUPA High Speed Uplink Packet Access 3 75G HSPA HSDPA HSUPA 3 75G Service Provider This field displays the name of the service provider Signal Strength This field displays the strength of the signal in dBm Connection Uptime This field displays the time the connection has been up Cellular Card Manufacturer This field displays the manufacturer of the cellular card Cellu...

Page 287: ...en Assign a unique name to the Zyxel Device so it can be easily recognized on your network You can use up to 30 characters including spaces Figure 176 Maintenance System The following table describes the labels in this screen Table 127 Maintenance System LABEL DESCRIPTION Host Name Type a host name for your Zyxel Device Enter a descriptive name of up to 16 alphanumeric characters not including spa...

Page 288: ... Figure 177 Maintenance User Account The following table describes the labels in this screen Table 128 Maintenance User Account LABEL DESCRIPTION Add New Account Click this button to add a new user account This is the index number of the user account Active This field indicates whether the user account is active or not Clear the check box to disable the user account Select the check box to enable ...

Page 289: ...ys whether this user has Administrator or User privileges Modify Click the Edit icon to configure the entry Click the Delete icon to remove the entry Cancel Click Cancel to restore your previously saved settings Apply Click Apply to save your changes Table 128 Maintenance User Account continued LABEL DESCRIPTION Table 129 Maintenance User Account Add Edit LABEL DESCRIPTION Active Select Enable or ...

Page 290: ...Lock Period Enter the length of time a user must wait before attempting to log in again after a number if consecutive wrong passwords have been entered as defined in Retry Times Group Specify whether this user will have Administrator or User privileges The following menu items will only display when you log in as an Administrator Quick Start Wizard Network Setting Security settings Maintenance Sys...

Page 291: ...ely from a WAN and or LAN connection Section 33 2 on page 291 Use the Trust Domain screen to enable users to permit access from local management services by entering specific IP addresses Section 33 3 on page 293 Note The Zyxel Device is managed using the Web Configurator 33 2 MGMT Services Use this screen to configure through which interface s each service can access the Zyxel Device You can also...

Page 292: ...on way of communication between two devices TELNET provides a way to control your Zyxel Device remotely SSH prevents leakage of data during remote management Additionally it can encrypt all transmitted data SNMP is a management system that monitors devices connected to the Internet PING is a diagnostic tool that can check if your Zyxel Device is connected to the Internet LAN WLAN Select the Enable...

Page 293: ...is screen 33 3 1 Add Trust Domain Use this screen to configure a public IP address which is allowed to access the Zyxel Device Click the Add Trust Domain button in the Maintenance Remote Management Trust Domain screen to open the following screen Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote mana...

Page 294: ...creen Table 132 Maintenance Remote Management Trust Domain Add Trust Domain LABEL DESCRIPTION IP Address Enter a public IP address which is allowed to access the service on the Zyxel Device from the WAN You can enter an IPv4 or IPv6 address and subnet mask or prefix length Cancel Click Cancel to exit this screen without saving any changes OK Click OK to save your changes back to the Zyxel Device ...

Page 295: ... An SNMP managed network consists of two main types of components agents and a manager An agent is a management software module that resides in a managed device the Zyxel Device An agent translates the local management information from the managed device into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes...

Page 296: ...the manager to retrieve the next object variable from a table or list within an agent In SNMPv1 when a manager wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations Set Allows the manager to set values for object variables within an agent Trap Used by the agent to inform the manager of some events 34 2 SNMP Settings Click Ma...

Page 297: ... password for the incoming Get and GetNext requests from the management station Set Community Enter the Set Community which is the password for the incoming Set requests from the management station Trap Community Enter the Trap Community which is the password sent with each trap to the SNMP manager The default is public and allows all requests System Name Enter the SNMP system name System Location...

Page 298: ... 35 2 Time For effective scheduling and logging the Zyxel Device system time must be accurate Use this screen to configure the Zyxel Device s time based on your local time zone You can enter a time server address select the time zone where the Zyxel Device is physically located and configure Daylight Savings settings if needed Click Maintenance Time to open the following screen ...

Page 299: ...Chapter 35 Time Settings EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 299 Figure 184 Maintenance Time ...

Page 300: ...most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States set the day to Second Sunday the month to March and the time to 2 in the Hour field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylig...

Page 301: ...een to view remove and add e mail account information on the Zyxel Device This account can be set to receive e mail notifications for logs Note The default port number of the mail server is 25 Figure 185 Maintenance E mail Notification The following table describes the labels in this screen Table 135 Maintenance E mail Notification LABEL DESCRIPTION Add New e mail Click this button to create a new...

Page 302: ... Account e mail Address field If this field is left blank reports logs or notifications will not be sent via e mail Port Enter the same port number here as is on the mail server for mail traffic Authentication User name Enter the user name up to 32 characters This is usually the user name of a mail account you specified in the Account e mail Address field Authentication Password Enter the password...

Page 303: ...7501 B0 PX7501 B0 User s Guide 303 Cancel Click this button to exit this screen without saving any changes OK Click this button to save your changes and return to the previous screen Table 136 E mail Notification Add continued LABEL DESCRIPTION ...

Page 304: ... screen appears as shown If you have a LAN client on your network or a remote server that is running a syslog utility you can also save its log files by enabling Syslog Logging selecting Remote or Local File and Remote in the Mode field and entering the IP address of the LAN client in the Syslog Server field Remote allows you to store logs on a syslog server while Local File allows you to store th...

Page 305: ...g When the switch goes to the right the function is enabled Otherwise it is not Mode Select the syslog destination from the drop down list box If you select Remote the log s will be sent to a remote syslog server If you select Local File the log s will be saved in a local file If you want to send the log s to a remote syslog server and save it in a local file select Local File and Remote Syslog Se...

Page 306: ...log e mail message that the Zyxel Device sends Security Log Mail Subject Type a title that you want to be in the subject line of the security log e mail message that the Zyxel Device sends Send Log to The Zyxel Device sends logs to the e mail address specified in this field If this field is left blank the Zyxel Device does not send logs via e mail Send Alarm to Alerts are real time notifications t...

Page 307: ... 168 1 255 default policy forward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 7 00 From 192 168 1 6 To 10 10 10 10 match forward 09 54 19 UDP src port 03516 dest port 00053 1 01 snip snip 126 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 00 UDP src port 00520 dest port 00520 1 02 127 Apr 7 00 From 192 168 1 131 To 192 168 1 255 match forward 10 05 17 UDP src port 00520 ...

Page 308: ... s specific model Refer to the label on the bottom of your Zyxel Device 38 2 Firmware Upgrade Settings Click Maintenance Firmware Upgrade to open the following screen Download the latest firmware file from the Zyxel website and upload it to your Zyxel Device using this screen The upload process uses HTTP Hypertext Transfer Protocol and may take up to two minutes After a successful upload the Zyxel...

Page 309: ... Upgrade screen Table 138 Maintenance Firmware Upgrade LABEL DESCRIPTION Upgrade Firmware Restore Default Settings After Firmware Upgrade Select the check box to have the Zyxel Device automatically reset itself after the new firmware is uploaded Current Firmware Version This is the present Firmware version and the date created File Path Type the location of the file you want to upload in this fiel...

Page 310: ...B0 User s Guide 310 Figure 191 Error Message Note that the Zyxel Device automatically restarts during the upload causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Network Temporarily Disconnected ...

Page 311: ...store device configurations You can also reset your device settings back to the factory default 39 2 Backup Restore Settings Click Maintenance Backup Restore Information related to factory default settings and backup configuration are shown in this screen You can also use this to restore previous device configurations Figure 192 Maintenance Backup Restore ...

Page 312: ...the Zyxel Device configuration has been restored successfully the login screen appears Login again to restart the Zyxel Device The Zyxel Device automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 193 Network Temporarily Disconnected If you uploaded the default configuration file you may need to c...

Page 313: ...ser entered configuration information and return the Zyxel Device to its factory defaults The following warning screen appears Figure 195 Reset Warning Message Figure 196 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your Zyxel Device Refer to Section 1 5 4 on page 26 for more information on the RESET button ...

Page 314: ...oot allows you to reboot the Zyxel Device remotely without turning the power off You may need to do this if the Zyxel Device hangs for example Click Maintenance Reboot Click Reboot to have the Zyxel Device reboot This does not affect the Zyxel Device s configuration Figure 197 Maintenance Reboot ...

Page 315: ... page 316 The 802 1ag screen lets you perform CFM actions Section 40 4 on page 316 The 802 3ah screen lets you configure link OAM port parameters Section 40 5 on page 318 40 2 What You Need to Know The following terms and concepts may help as you read through this chapter How CFM Works A Maintenance Association MA defines a VLAN and associated Maintenance End Point MEP ports on the device under a ...

Page 316: ...nance Diagnostic 802 1ag to open the following screen Use this screen to configure and perform Connectivity Fault Management CFM actions as defined by the IEEE 802 1ag standard CFM protocols include Continuity Check Protocol CCP Link Trace LT and Loopback LB Table 140 Maintenance Diagnostic LABEL DESCRIPTION Address Type the IP address of a computer that you want to perform ping traceroute or nslo...

Page 317: ...tch to enable or disable Y 1731 which monitors Ethernet performance When the switch goes to the right the function is enabled Otherwise it is not Interface Select the interface on which you want to enable the IEE 802 1ag CFM Maintenance Domain MD Level Select a level 0 7 under which you want to create an MA MD Name Enter a descriptive name for the MD Maintenance Domain This field only appears if t...

Page 318: ... will always process it whether CCM is enabled or not Remote MEP ID Enter the remote Maintenance Endpoint Identifier 1 8191 Test the connection to another Maintenance End Point MEP Destination MAC Address Enter the target device s MAC address to which the Zyxel Device performs a CFM loopback and linktrace test Test Result Loopback Message LBM This shows Pass if a Loop Back Messages LBMs responses ...

Page 319: ...is enabled Otherwise it is not Features Select Variable Retrieval so the Zyxel Device can respond to requests for information such as requests for Ethernet counters and statistics about link events Select Link Events so the Zyxel Device can interpret link events such as link fault and dying asp Link events are set in event notification PDUs Protocol Data Units and indicate when the number of error...

Page 320: ...320 PART III Troubleshooting and Appendices Appendices contain general information Some information may not apply to your Zyxel Device ...

Page 321: ...EDs turn on 1 Make sure the Zyxel Device is turned on 2 Make sure you are using the power adapter included with the Zyxel Device 3 Make sure the power adapter is connected to the Zyxel Device and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the Zyxel Device off and on 5 If the problem continues contact the vendor One of the LEDs does not behave as expect...

Page 322: ...gin names and associated passwords 2 If those do not work you have to reset the device to its factory defaults See Section 1 5 4 on page 26 I cannot see or access the Login screen in the Web Configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 8 2 on page 126 use the new IP address If you changed the IP address an...

Page 323: ...ake sure you have entered the password correctly See the cover page for the default login names and associated passwords The field is case sensitive so make sure Caps Lock is not on 2 You cannot log in to the Web Configurator while someone is using Telnet to access the Zyxel Device Log out of the Zyxel Device in the other session or ask the person who is logged in to log out 3 Turn the Zyxel Devic...

Page 324: ...ible SFP transceiver installed with a fiber optic cable connected to it PX7501 B0 Make sure you have the Fiber port connected to a fiber optic cable 2 Make sure you configured a proper Ethernet WAN interface Network Setting Broadband screen with the Internet account information provided by your ISP and that it is enabled 3 Check that the WAN interface you are connected to is in the same interface ...

Page 325: ...tronics such as cordless phones Place the AP where there are minimum obstacles such as walls and ceilings between the AP and the wireless client Reduce the number of wireless clients connecting to the same AP simultaneously or add additional APs if necessary Try closing some programs that use the Internet especially peer to peer applications If the wireless client is sending or receiving a lot of ...

Page 326: ...appears in the screen Restart your computer 41 6 IP Address Setup I need to set the computer s IP address to be in the same subnet as the Zyxel Device 1 In Windows 10 open the Control Panel 2 Click Network and Internet this field may be missing in your version Network and Sharing Center 3 Click Change adapter settings ...

Page 327: ...7 4 Right click the Ethernet icon and then select Properties 5 Click Internet Protocol Version 4 TCP IPv4 and then click Properties 6 Select Use the following IP address and enter an IP address from 192 168 1 2 to 192 168 1 254 The Subnet mask will be entered automatically ...

Page 328: ...Chapter 41 Troubleshooting EX5501 B0 AX7501 B0 PX7501 B0 User s Guide 328 7 Click OK when you are done and close all windows ...

Page 329: ...information Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan Zyxel Communications Corporation http www zyxel com Asia China Zyxel Communications Shanghai Corp Zy...

Page 330: ...om pk Philippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation https www zyxel com tw zh Thailand Zyxel Thailand Co Ltd https www zyxel com th th Vietnam Zyxel Communications Corporation Vietnam Office https www zyxel com vn vi Europe Belarus Zyxel BY https www zyxel by Belgium Zyxel Communications B V https...

Page 331: ...cz cs Denmark Zyxel Communications A S https www zyxel com dk da Estonia Zyxel Estonia https www zyxel com ee et Finland Zyxel Communications https www zyxel com fi fi France Zyxel France https www zyxel fr Germany Zyxel Deutschland GmbH https www zyxel com de de Hungary Zyxel Hungary SEE https www zyxel com hu hu Italy Zyxel Communications Italy https www zyxel com it it Latvia Zyxel Latvia https...

Page 332: ...no no Poland Zyxel Communications Poland https www zyxel com pl pl Romania Zyxel Romania https www zyxel com ro ro Russia Zyxel Russia https www zyxel com ru ru Slovakia Zyxel Communications Czech s r o organizacna zlozka https www zyxel com sk sk Spain Zyxel Communications ES Ltd https www zyxel com es es Sweden Zyxel Communications https www zyxel com se sv Switzerland Studerus AG https www zyxe...

Page 333: ... South America Argentina Zyxel Communications Corporation https www zyxel com co es Brazil Zyxel Communications Brasil Ltda https www zyxel com br pt Colombia Zyxel Communications Corporation https www zyxel com co es Ecuador Zyxel Communications Corporation https www zyxel com co es South America Zyxel Communications Corporation https www zyxel com co es Middle East Israel Zyxel Communications Co...

Page 334: ...xel Communications Corporation https www zyxel com me en North America USA Zyxel Communications Inc North America Headquarters https www zyxel com us en Oceania Australia Zyxel Communications Corporation https www zyxel com au en Africa South Africa Nology Pty Ltd https www zyxel com za en ...

Page 335: ...000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 ...

Page 336: ... prefix of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 144 Predefined Multicast Address MULTICAST ADDRESS DESCRIPTION FF01 0 0 0 0 0 0 1 All hosts on a local node FF01 0 0 0 0 0 0 2 All routers on a local node FF02 0 0 0 0 0 0 1 All hosts o...

Page 337: ...ity Association IA is a collection of addresses assigned to a DHCP client through which the server and client can manage a set of related IP addresses Each IA must be associated with exactly one interface The DHCP client uses the IA assigned to an interface to obtain configuration from a DHCP server for that interface Each IA consists of a unique IAID and associated IP information The IA type is t...

Page 338: ...ice uses the received IPv6 prefix for example 2001 db2 48 to generate its LAN IP address Through sending Router Advertisements RAs regularly by multicast the Zyxel Device passes the IPv6 prefix information to its LAN hosts The hosts then can use the prefix to generate their IPv6 addresses ICMPv6 Internet Control Message Protocol for IPv6 ICMPv6 or ICMP for IPv6 is defined in RFC 4443 ICMPv6 has a ...

Page 339: ...s is considered as the next hop Otherwise the Zyxel Device determines the next hop from the default router list or routing table Once the next hop IP address is known the Zyxel Device looks into the neighbor cache to get the link layer address and sends the packet when the neighbor is reachable If the Zyxel Device cannot find an entry in the neighbor cache or the state for the neighbor is not reac...

Page 340: ...k uses DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on your computer ...

Page 341: ...v6 server Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 checkbox to enable it 3 Click OK to save the change ...

Page 342: ...heck your dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 17...

Page 343: ...is the type of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFINED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief exp...

Page 344: ...er of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used in e commerce ICMP User Defined 1 Internet Control Message Protocol is often used for diagnostic purposes ICQ UDP 4000 This is a popular Int...

Page 345: ... the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login ROADRUNNER TCP UDP 1026 This is an ISP that provides services mainly for cable modems RTELNET TCP 107 Remote Telnet RTSP TCP UDP 554 The Real Time Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 The Simple File Transfer Protocol is an old way of transferring files betwee...

Page 346: ... the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems VDOLIVE TCP UDP 7000 user defined A videoconferencing solution The UDP port number is specified in the application Table 146 Examples of Services continued NAME PROTOCOL PORT S DESCRIPTION ...

Page 347: ...e This product has been tested and complies with the specifications for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This device generates uses and can radiate radio frequency energy and if not installed and used according to the instructions may cause harmful inte...

Page 348: ...vantes Les dispositifs fonctionnant dans la bande de 5 150 à 5 250 MHz sont réservés uniquement pour une utilisation à l intérieur afin de réduire les risques de brouillage préjudiciable aux systèmes de satellites mobiles utilisant les mêmes canaux Pour les dispositifs munis d antennes amovibles le gain maximal d antenne permis pour les dispositifs utilisant la bande de 5 725 à 5 850 MHz doit être...

Page 349: ...xigences essentielles et aux autres dispositions pertinentes de la directive 2014 53 UE Hrvatski Croatian Zyxel ovime izjavljuje da je radijska oprema tipa u skladu s Direktivom 2014 53 UE Íslenska Icelandic Hér með lýsir Zyxel því yfir að þessi búnaður er í samræmi við grunnkröfur og önnur viðeigandi ákvæði tilskipunar 2014 53 UE Italiano Italian Con la presente Zyxel dichiara che questo attrezza...

Page 350: ...e product where anyone can walk on the power adaptor or cord Please use the provided or designated connection cables power cables adaptors Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe If the power adaptor or cord is damaged it might cause electrocution Remove it from the device and the power source repairing the power adapter or cord is prohibite...

Page 351: ...tandby power consumption 8W and or Off mode power consumption 0 5W and or Standby mode power consumption 0 5W Wireless setting please refer to the chapter about wireless settings for more detail European Union Disposal and Recycling Information The symbol below means that according to local regulations your product and or its battery shall be disposed of separately from domestic waste If this prod...

Page 352: ...切勿接觸灰塵 污物 沙土 食物或其他不合適的材料 雷雨天氣時 不要安裝 使用或維修此設備 有遭受電擊的風險 切勿重摔或撞擊設備 並勿使用不正確的電源變壓器 若接上不正確的電源變壓器會有爆炸的風險 請勿隨意更換產品內的電池 如果更換不正確之電池型式 會有爆炸的風險 請依製造商說明書處理使用過之電池 請將廢電池丟棄在適當的電器或電子設備回收處 請勿將設備解體 請勿阻礙設備的散熱孔 空氣對流不足將會造成設備損害 請插在正確的電壓供給插座 如 北美 台灣電壓 110V AC 歐洲是 230V AC 假若電源變壓器或電源變壓器的纜線損壞 請從插座拔除 若您還繼續插電使用 會有觸電死亡的風險 請勿試圖修理電源變壓器或電源變壓器的纜線 若有毀損 請直接聯絡您購買的店家 購買一個新的電源變壓器 請勿將此設備安裝於室外 此設備僅適合放置於室內 請勿隨一般垃圾丟棄 請參閱產品背貼上的設備額定功率 請參考產品型...

Page 353: ...epair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose Zyxel shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty...

Page 354: ...7 ATM 77 authentication 113 115 RADIUS server 115 B backup configuration 312 bandwidth capacity cable type 18 Basic Service Set see BSS blinking LEDs 22 bottom panel buttons 24 Zyxel device 24 Bridge mode 85 broadband 76 Broadband screen overview 76 broadcast 93 BSS 115 example 116 button power 25 reset 25 WLAN 25 WPS 25 BYE request 257 C CA 229 cable type Ethernet 18 call history 251 call hold 26...

Page 355: ...113 customer support 329 D data fragment threshold 109 113 DDNS access the Zyxel Device example 59 configure on Zyxel Device example 60 DDNS account register 59 DDNS setup testing 60 DDoS 210 default server address 180 Denials of Service see DoS DHCP 125 141 differentiated services 261 Differentiated Services see DiffServ 167 DiffServ 167 marking rule 167 DiffServ Differentiated Services 260 code ...

Page 356: ...attack 210 firmware 308 version 66 flash key 262 flashing 262 forwarding ports 172 fragmentation threshold 109 113 FTP 21 172 187 G G 168 259 guest WiFi settings configuring 69 H HTTP 187 I ICMPv6 192 icon Language 35 layout 64 Logout 35 Restart 35 Theme 35 Wizard 35 IEEE 802 11ax 96 IEEE 802 1Q 92 IGA 184 IGMP 93 multicast group list 192 281 282 version 93 IGMP Fast Leave 192 IGMPv2 192 IGMPv3 19...

Page 357: ...7 ITU T 259 J Java permission 27 JavaScript 27 K key combinations 265 keypad 265 L LAN 124 client list 130 DHCP 125 141 DNS 125 142 IP address 124 126 142 MAC address 131 status 67 72 subnet mask 125 126 142 LAN setup 71 LAN to LAN multicast 194 LAND attack 210 Language icon 35 layout icon 75 LBR 315 LED 2 4G WiFi 23 5G WiFi 23 INTERNET 23 POWER 22 WPS 24 LED description 22 LED indicators 22 limit...

Page 358: ...ocal 185 outside 185 port forwarding 172 port number 187 services 187 SIP ALG 180 activation 181 NAT example 187 navigation panel 31 Network Address Translation see NAT network map 31 64 NNTP 187 non proxy calls 250 O OK response 257 258 P Packet Transfer Mode 77 parental control define schedule 75 schedule setup 74 setup 72 parental control profile create 74 password 27 PBC 117 WPS 43 peer to pee...

Page 359: ...oring configuration 312 RFC 1058 See RIP RFC 1389 See RIP RFC 1889 256 RFC 3164 266 RIP 151 router features 18 Routing Information Protocol See RIP RTP 256 RTS threshold 109 113 S screen order change 64 screen resolution recommended 27 security WiFi 113 Security Log 268 Security Parameter Index see SPI service access control 291 Service Set 98 103 services port forwarding 187 Session Initiation Pr...

Page 360: ...tion 65 T Theme icon 35 three way conference 263 264 thresholds data fragment 109 113 RTS CTS 109 113 time 298 time zone set 36 top panel LED indicators 22 ToS 260 TPID 92 transmission speed cable type 18 trTCM 170 Two Rate Three Color Marker see trTCM TWT Target Wakeup Time 96 Type of Service see ToS U unicast 93 Uniform Resource Identifier 253 Universal Plug and Play see UPnP upgrading firmware ...

Page 361: ... security 113 SSID 114 activation 101 status 67 WPS 117 119 example 120 limitations 122 PIN 118 push button 117 WiFi overview 95 WiFi setting configuration 68 WiFi standards comparison table 96 WiFi6 introduction 96 wireless basics 95 wireless group multiple setup 48 wireless network secure setup 41 wireless tutorial 43 Wizard icon 35 Wizard setup Internet 36 WLAN button 25 WPA 99 WPA2 99 WPA2 PSK...