ZyXEL Communications eircom D1000, User Manual

Page 1: ...m D1000 modem Wireless N ADSL2 4 port Gateway Version 3 00 Edition 2 9 2014 User s Guide Default Login Details LAN IP Address http 192 168 1 254 User Name admin Password see wireless key on the back l...

Page 2: ...Copyright 2013 ZyXEL Communications Corporation...

Page 3: ......

Page 4: ...THIS GUIDE FOR FUTURE REFERENCE Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system Every effort...

Page 5: ...Configurator 17 2 1 Overview 17 2 1 1 Accessing the Web Configurator 17 2 2 The Web Configurator Layout 20 2 2 1 Title Bar 20 2 2 2 Main Window 20 2 2 3 Navigation Panel 21 Part II Technical Referenc...

Page 6: ...Secure WPA 2 PSK 51 5 2 4 WPA 2 Authentication 52 5 3 The More AP Screen 54 5 3 1 More AP Edit 54 5 4 The MAC Authentication Screen 56 5 5 The WPS Screen 57 5 6 The WDS Screen 59 5 7 The WMM Screen 60...

Page 7: ...Mac OS 10 5 and 10 6 100 6 11 Home Networking Technical Reference 103 6 11 1 LANs WANs and the Device 104 6 11 2 DHCP Setup 104 6 11 3 DNS Server Addresses 104 6 11 4 LAN TCP IP 105 6 11 5 RIP Setup 1...

Page 8: ...s 131 9 6 2 What NAT Does 131 9 6 3 How NAT Works 131 9 6 4 NAT Application 132 9 6 5 NAT Mapping Types 132 Port Isolation 135 10 1 Overview 135 10 1 1 What You Can Do in the Port Isolation Screens 13...

Page 9: ...Security Considerations 160 13 6 4 Triangle Route 160 Parental Control 163 14 1 Overview 163 14 2 The Parental Control Screen 163 14 2 1 Add Edit Parental Control Rule 164 Certificates 167 15 1 Overv...

Page 10: ...mote Management 195 24 1 Overview 195 24 1 1 What You Can Do in the Remote Management Screens 195 24 1 2 What You Need to Know About Remote Management 196 24 2 The WWW Screen 196 24 2 1 Configuring th...

Page 11: ...9 eircom D1000 modem User s Guide 26 3 Internet Access 211 LED Descriptions 213 27 1 LED Descriptions 213 Appendix A Legal Information 215 Index 219...

Page 12: ...10 eircom D1000 modem User s Guide...

Page 13: ...PART I User s Guide 11...

Page 14: ...12...

Page 15: ...nfiguration server used to remotely configure your device 1 3 Good Habits for Managing the Device Do the following things regularly to make the Device more secure and to manage the Device more effecti...

Page 16: ...the filtering feature to block access to specific web sites or Internet applications such as MSN or Yahoo Messenger You can also configure IP MAC filtering rules for incoming or outgoing traffic Use...

Page 17: ...of the Device The WPS WLAN LED should flash while the Device sets up a WPS connection with the other wireless device 4 Once the connection is successfully made the WPS WLAN LED shines green 1 5 The R...

Page 18: ...16 eircom D1000 modem User s Guide...

Page 19: ...s enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 2 1 1 Accessing the Web Configurator 1 Make sure your Device hardware is properly...

Page 20: ...assword It is strongly recommended you change the default password Enter a new password retype it to confirm and click Apply alternatively click Skip to proceed to the next screen if you do not want t...

Page 21: ...rator 19 eircom D1000 modem User s Guide Figure 6 Change Wireless Settings Screen 7 The Connection Status screen appears Figure 7 Connection Status 8 The System Info screen shows You can view the Devi...

Page 22: ...rts A title bar B main window C navigation panel 2 2 1 Title Bar The title bar shows the following icon in the upper right corner Click this icon to log out of the web configurator Click the Help icon...

Page 23: ...2 3 Navigation Panel Use the menu items on the navigation panel to open screens to configure Device features The following table describes each menu item Table 1 Navigation Panel Summary LINK TAB FUN...

Page 24: ...orks UPnP Use this screen to enable the UPnP function IPv6 LAN Setup Use this screen to configure the IPv6 settings on the Device s LAN interface File Sharing Use this screen to set up file sharing Pr...

Page 25: ...evice System Monitor Log Log Use this screen to view the logs for the level that you selected You can export or e mail the logs Traffic Status WAN Use this screen to view the status of all network tra...

Page 26: ...Chapter 2 Introducing the Web Configurator 24 eircom D1000 modem User s Guide...

Page 27: ...PART II Technical Reference 25...

Page 28: ...26...

Page 29: ...ser s Guide 3 The System Info Screen 3 1 Overview After you log into the web configurator the System Info screen shows Use this screen to view the status of the Device 3 2 The System Info Screen Figur...

Page 30: ...e more throughput you should turn off other applications Memory Usage This field displays what percentage of the Device s memory is currently used Usually this percentage should not increase much If m...

Page 31: ...evice is a DHCP server in the LAN It assigns IP addresses to other computers in the LAN Relay The Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote serve...

Page 32: ...List View If you want to view the connection status of the Device and its client s click Icon View in the Viewing mode selection box Figure 12 LAN Device Icon View Click on a client s name to show an...

Page 33: ...on 4 2 on page 32 to configure the WAN settings on the Device for Internet access Use the More Connections screen Section 4 3 on page 36 to set up additional Internet access connections Use the 3G Bac...

Page 34: ...f hosts on the network not everybody and not just one IGMP IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast group it is not used to carry...

Page 35: ...your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP s DHCP server directly If you select Bridge you cannot use Firewall DHCP serv...

Page 36: ...address is a fixed IP that your ISP gives you A dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the Internet Select Obtain an IP Address Automatically if...

Page 37: ...generate an interface ID from the MAC address of the WAN interface WAN Identifier If you selected Manual enter the WAN Identifier in this field The WAN identifier should be unique and 64 bits in hexa...

Page 38: ...sets the average cell rate long term that can be transmitted Type the SCR which must be less than the PCR Note that system default is 0 cells sec Maximum Burst Size Maximum Burst Size MBS refers to th...

Page 39: ...on VPI VCI This field displays the Virtual Path Identifier VPI and Virtual Channel Identifier VCI numbers configured for this WAN connection Encapsulation This field indicates the encapsulation method...

Page 40: ...following table describes the labels in this screen Table 5 Network Setting Broadband More Connections Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to...

Page 41: ...The valid range for the VPI is 0 to 255 Enter the VPI assigned to you VCI The valid range for the VCI is 32 to 65535 0 to 31 is reserved for local management of ATM traffic Enter the VCI assigned to...

Page 42: ...aximum rate at which the sender can send cells Type the PCR here Sustain Cell Rate The Sustain Cell Rate SCR sets the average cell rate long term that can be transmitted Type the SCR which must be les...

Page 43: ...r service provider Password Type the password of up to 64 ASCII printable characters associated with the user name above PIN A PIN Personal Identification Number code is a key to a 3G card Without the...

Page 44: ...ddress assigned by the ISP Secondary DNS server Enter the second DNS server address assigned by the ISP Connection Select Keep Alive if you do not want the connection to time out Select Connect on Dem...

Page 45: ...t of the task Furthermore with NAT all of the LANs computers will have access 4 5 1 3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 AAL5 A PPPoA connection functions like...

Page 46: ...oE Encapsulation If you have a dynamic IP then the IP Address and Gateway IP Address fields are not applicable N A If you have a Static IP Address assigned by your ISP then they should also assign you...

Page 47: ...53 bytes 424 bits so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells sec This rate is not guaranteed because it is dependent on the line speed Sustained Cell Rate SCR is the mean cell ra...

Page 48: ...s that require closely controlled delay and delay variation It also provides a fixed amount of bandwidth a PCR is specified but is only available when data is being sent An example of an VBR RT connec...

Page 49: ...age 54 to set up multiple wireless networks on your Device Use the MAC Authentication screen to allow or deny wireless clients based on their MAC addresses from connecting to the Device Section 5 4 on...

Page 50: ...es in your network support IEEE 802 11g for example What is the most appropriate standard to use What security options do the other wireless devices in your network support WPA PSK for example What is...

Page 51: ...cters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool Client Isolation...

Page 52: ...stations to communicate with the access points without any data encryption or authentication Note If you do not enable any wireless security on your Device your network is accessible to any wireless n...

Page 53: ...bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 128 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A F WEP Encryption Select 64 bi...

Page 54: ...low wireless devices using WPA PSK security mode to connect to your Device The Device supports WPA PSK and WPA2 PSK simultaneously Otherwise select Disable Group Key Update Timer The Group Key Update...

Page 55: ...of the external authentication server You need not change this value unless your network administrator instructs you to do so with additional information Shared Secret Enter a password up to 31 alphan...

Page 56: ...isplays Figure 24 Network Seting Wireless More AP The following table describes the labels in this screen Table 11 Network Setting Wireless More AP LABEL DESCRIPTION This is the index number of each S...

Page 57: ...canning using a site survey tool Client Isolation Select this to keep the wireless clients in this SSID from communicating with each other through the Device MBSSID LAN Isolation Select this to keep t...

Page 58: ...n The following table describes the labels in this screen Table 13 Network Setting Wireless MAC Authentication LABEL DESCRIPTION SSID Select the SSID for which you want to configure MAC filter setting...

Page 59: ...curity without having to configure security settings manually Set up each WPS connection between two devices Both devices must support WPS See Section 5 10 8 3 on page 71 for more information about WP...

Page 60: ...Configuration Summary AP PIN The PIN Personal Identification Number of the Device is shown here Enter this PIN in the configuration utility of the device you want to connect to using WPS The PIN is n...

Page 61: ...describes the labels in this screen Table 15 Network Setting Wireless WDS LABEL DESCRIPTION WDS Security Select the type of the key used to encrypt data between APs All the wireless APs including the...

Page 62: ...of SSID1 4 Determine whether to have the Device automatically give a service a priority level according to the ToS value in the IP header of packets it sends for a wireless network WMM QoS Wifi Multi...

Page 63: ...ay Check the day s you want to turn the wireless LAN on or off Time 24 Hour Format Specify a time frame during which the schedule would apply For example if you set the time range from 12 00 to 23 00...

Page 64: ...th the Device Select 802 11g n to allow either IEEE 802 11g or IEEE 802 11n compliant WLAN devices to associate with the Device The transmission rate of your Device might be reduced Select 802 11b g n...

Page 65: ...between access points and wireless clients extending a network s range Traditionally a wireless network operates in one of two ways An infrastructure type of network has one or more access points and...

Page 66: ...sed in the Device s Web Configurator Table 19 Additional Wireless Terms TERM DESCRIPTION Preamble A preamble affects the timing in your wireless network There are two preamble modes long and short If...

Page 67: ...curity you can set up in the wireless network 5 10 3 1 SSID Normally the Device acts like a beacon and regularly broadcasts the SSID in the area You can hide the SSID instead in which case the Device...

Page 68: ...tion See Section 5 10 3 3 on page 66 for information about this Table 20 Types of Encryption for Each Type of Authentication No Authentication RADIUS Server Weakest No Security WPA Static WEP WPA PSK...

Page 69: ...ch as military or air traffic control communications or from machines that are coincidental emitters such as electric motors or microwaves Problems with absorption occur when physical objects such as...

Page 70: ...ecurity settings of peer sides match one another the connection between devices is made At the time of writing WDS security is not compatible with all access points Refer to your other access point s...

Page 71: ...ou need to make sure that WPS worked check the list of associated wireless clients in the AP s configuration utility If you see the wireless client in the list WPS was successful 5 10 8 2 PIN Configur...

Page 72: ...ither enter the client s PIN in the AP or enter the AP s PIN in the client it does not matter which 6 Start WPS on both devices within two minutes 7 Use the configuration utility to activate WPS not t...

Page 73: ...work and security settings and the other device acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel...

Page 74: ...g network and can act as either enrollee or registrar if it supports both functions If the registrar is unconfigured the security settings it transmits to the enrollee are randomly generated Once a WP...

Page 75: ...order to use the network In this case AP1 must be the registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 F...

Page 76: ...d key from the registrar device to the enrollee devices Whether the network uses WPA PSK or WPA2 PSK depends on the device You can check the configuration interface of the registrar device to discover...

Page 77: ...e or was not involved in the WPS handshake a rogue device must still associate with the access point to gain access to the network Check the MAC addresses of your wireless clients usually printed on a...

Page 78: ...76 eircom D1000 modem User s Guide Chapter 5 Wireless LAN...

Page 79: ...f your Device Section 6 2 on page 79 Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Section 6 3 on page 81 Use the IP Alias...

Page 80: ...e versa The DNS server is extremely important because without it you must know the IP address of a networking device before you can access it 6 1 2 2 About UPnP Identifying UPnP Devices UPnP hardware...

Page 81: ...the Device allows multicast messages on the LAN only All UPnP enabled devices may communicate freely with each other without additional configuration Disable UPnP if this is not your intention Finding...

Page 82: ...er so do not change this field unless you are instructed to do so RIP Version RIP Routing Information Protocol allows a router to exchange routing information with other routers Select the RIP version...

Page 83: ...to 0 0 0 0 UserDefined changes to None after you click Apply If you set a second choice to UserDefined and enter the same IP address the second UserDefined changes to None after you click Apply Select...

Page 84: ...an industry standard that ensures no other adapter has a similar address IP Address This field displays the IP address relative to the field listed above Modify Click the Edit icon to have the IP addr...

Page 85: ...ias Select Enable to configure a LAN network for the Device IP Address Enter the IP address of your Device in dotted decimal notation IP Subnet Mask Your Device will automatically calculate the subnet...

Page 86: ...PnP Be aware that anyone could use a UPnP application to open the web configurator s login screen without entering the Device s IP address although you must still enter the password to access the web...

Page 87: ...85 eircom D1000 modem User s Guide Chapter 6 Home Networking Figure 45 Network Setting Home Networking IPv6 LAN Setup...

Page 88: ...ecimal form Every 16 bit block should be separated by a colon as in XXXX XXXX XXXX XXXX where X is a hexadecimal character Blocks of zeros can be represented with double colons as in XXXX XXXX XXXX LA...

Page 89: ...t router preference to make this function work Reachable Time ms Enter the time in milliseconds that can elapse before a neighbor is detected Possible values for this field are 0 3600000 Retrans Timer...

Page 90: ...workgroup name when you set up a network Shares When settings are set to default each USB device connected to the Device is given a folder called a share If a USB hard drive connected to the Device ha...

Page 91: ...s for sharing files printers and so on Samba is a free SMB server that runs on most Unix and Unix like systems It provides an implementation of an SMB client and server for use with non Microsoft oper...

Page 92: ...Select Security to require users to log in to access shared files Set up user accounts in the Account Management section Account Management Status This field displays whether a user account is activat...

Page 93: ...characters Only letters and numbers allowed New Password Enter the password used to access the share You can enter up to 15 characters Only letters and numbers are allowed The password is case sensit...

Page 94: ...er such as a process run by your web browser When traffic from the Internet is received on your computer the port number is used to identify which process running on your computer it is intended for I...

Page 95: ...nt server function on the Device Click Network Setting Home Networking Print Server to display the Print Server screen Figure 50 Network Setting Home Networking Print Server The following table descri...

Page 96: ...uide Chapter 6 Home Networking Figure 51 Printers Folder 2 The Add Printer Wizard screen displays Click Next Figure 52 Add Printer Wizard Welcome 3 Select A network printer or a printer attached to an...

Page 97: ...e s LAN IP address use the new IP address in the URL to access the print server Figure 54 Add Printer Wizard Specify a Printer 5 Select the make of the printer that you want to connect to the print se...

Page 98: ...the Next button if you want to use this printer as the default printer on your computer Otherwise select No and then click Next to continue Figure 56 Add Printer Wizard Default Printer 10 The followi...

Page 99: ...printer behind the Device to your computer using Mac OS X v10 4 11 Some menu items may look different on your operating system 11 Click the Finder icon on the Dock a place holding a series of icons sh...

Page 100: ...ns Folder 14 Double click the Printer Setup Utility icon Figure 61 Utilities Folder 15 Click the Add icon at the top of the screen Figure 62 Printer List Add 16 Click the IP Printer tab to set up your...

Page 101: ...r Device Note If you change the Device s LAN IP address use the new IP address in the URL to access the print server Select your printer manufacturer from the Printer Model drop down list and then sel...

Page 102: ...computer using Mac OS X v10 6 2 Some menu items may look different on your operating system 1 Click the Finder icon on the Dock or double click your Mac hard disk icon Mac OS X in this example on your...

Page 103: ...rcom D1000 modem User s Guide Chapter 6 Home Networking Figure 67 Applications Folder 4 Click the Print Fax icon Figure 68 System Preferences 5 Select the Printing tab and click the icon to add a new...

Page 104: ...from the Type drop down list Select Another Device from the Device drop down list In the URL field enter http 192 168 1 254 631 printers USB_PRINTER as the URL to access the print server Device Note I...

Page 105: ...displays in the Printers list Figure 71 Printer List 8 Your print server driver setup is complete You can now use the Device s print server to print from a Mac computer 6 11 Home Networking Technical...

Page 106: ...P server on your LAN or else the computer must be manually configured IP Pool Setup The Device is pre configured with a pool of IP addresses for the DHCP clients DHCP Pool Do not assign static IP addr...

Page 107: ...connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 and you must enable the Network Address Translation NAT feature of th...

Page 108: ...P 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2B and RIP 2M sends the routing data in RIP 2 format the difference being that RIP 2B uses subnet broadc...

Page 109: ...s all directly connected networks to gather group membership After that the Device periodically updates this information IP multicasting can be enabled disabled on the Device LAN and or WAN interfaces...

Page 110: ...10 8 eircom D1000 modem User s Guide Chapter 6 Home Networking...

Page 111: ...from A to the Internet through the Device s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate wi...

Page 112: ...gateway The gateway is a router or switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations Subnet Mask This parameter specifies the I...

Page 113: ...k Setting Static Route IPv6 Static Route to open the IPv6 Static Route screen Figure 76 Network Setting Static Route IPv6 Static Route The following table describes the labels in this screen Table 32...

Page 114: ...always based on network number If you need to specify a route to a single host use a prefix length of 128 in the prefix length field to force the network number to be identical to the host ID IPv6 Pre...

Page 115: ...time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Voice...

Page 116: ...ilar types of traffic together and treating each type as a class You can use 802 1p to give different priorities to different packet types Tagging and Marking In a QoS class you can configure whether...

Page 117: ...cket size Smaller packets get higher priority since control signaling VoIP internet gaming or other real time packets are usually small while larger packets are usually best effort data packets like f...

Page 118: ...ue Name Enter the descriptive name of this queue Interface Select the interface to which this queue is applied This field is read only if you are editing the queue Priority Select the priority level f...

Page 119: ...DESCRIPTION Add new Classifier Click this to create a new classifier Index This is the index number of the entry Status This field displays whether the classifier is active or not A yellow bulb signif...

Page 120: ...Chapter 8 Quality of Service QoS 118 eircom D1000 modem User s Guide Figure 83 QoS Class Setup Add Edit...

Page 121: ...ox and enter the source IP address in dotted decimal notation A blank IP address means any source IP address Subnet Netmask Source Prefix Length Enter the source subnet mask if you select IPv4 as the...

Page 122: ...you select IPv4 or IPv6 in the Ether Type field Select this option and enter the minimum and maximum packet length from 46 to 1500 in the fields provided IPP DS Field Select IPP TOS to specify an IP...

Page 123: ...LAN ID field with which the Device replaces the IEEE 802 1p priority field and VLAN ID of the frames If you select Remove the Device deletes the VLAN ID of the frames before forwarding them out If you...

Page 124: ...traffic such as router configuration messages Level 6 Typically used for voice traffic that is especially sensitive to jitter jitter is the variations in delay Level 5 Typically used for video that co...

Page 125: ...QoS mapping on the Device On the Device traffic assigned to higher priority queues gets through faster while traffic in lower index queues is dropped if the network is congested Table 41 Internal Laye...

Page 126: ...Chapter 8 Quality of Service QoS 124 eircom D1000 modem User s Guide...

Page 127: ...ALG in the Device Section 9 5 on page 130 9 1 2 What You Need To Know About NAT Inside Outside Inside outside denotes where a host is located relative to the Device for example the computers of your...

Page 128: ...check box to enable NAT Max NAT Firewall Session Per User When computers use peer to peer applications such as file sharing applications they need to establish NAT sessions If you do not limit the nu...

Page 129: ...s a Web or FTP server from your location Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location If you are unsure refer to your I...

Page 130: ...local network Internal Start Port This is the starting port number that the device translates for the service in your local network Internal End Port This is the ending port number that the device tra...

Page 131: ...pen Start Port Enter the first port number here to which you want the device to translate the incoming port For a range of ports you only need to enter the first number of the range to which you want...

Page 132: ...reen Some NAT routers may include a SIP Application Layer Gateway ALG A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream When the Devi...

Page 133: ...received from a subscriber the inside local address to another the inside global address before forwarding the packet to the WAN side When the response comes back NAT translates the destination addres...

Page 134: ...ide Local IP Address 192 168 1 10 192 168 1 11 192 168 1 12 192 168 1 13 Inside Global IP Address IGA 1 IGA 2 IGA 3 IGA 4 SA IGA1 WAN 192 168 1 11 192 168 1 10 Inside Local Address ILA Inside Global A...

Page 135: ...to Many No Overload mode the Device maps each local IP address to a unique global IP address Server This type allows you to specify inside servers of different services behind the NAT to be accessibl...

Page 136: ...134 eircom D1000 modem User s Guide Chapter 9 Network Address Translation NAT...

Page 137: ...rent ATM QoS settings can be specified for each WAN PVC to meet bandwidth requirements for the type of traffic to be transferred For example three port isolation groups could be created on the device...

Page 138: ...s Use the Port Isolation Summary screen Section 10 3 1 on page 137 to view configured port isolation groups 10 2 The Port Isolation General Screen Use this screen to activate port isolation and set up...

Page 139: ...include in the port isolation group Each ATM VC can only be bound to one group Ethernet Select the Ethernet Eth ports to include in the port isolation group Each Ethernet port can only be bound to on...

Page 140: ...ort Isolation Port Isolation Summary The following table describes the labels in this screen Table 51 Network Setting Port Isolation Port Isolation Summary LABEL DESCRIPTION Group ID This field displa...

Page 141: ...ndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key 11 1 1 What You...

Page 142: ...ynamic DNS Service Provider This is the website of your Dynamic DNS service p rovider Host Name Type the domain name assigned to your Device by your Dynamic DNS provider You can specify up to two host...

Page 143: ...143 to create IPv6 and MAC filter rules 12 1 2 What You Need to Know About Filtering URL The URL Uniform Resource Locator identifies and helps locates resources on a network On the Internet the URL is...

Page 144: ...Select the index number of the filter rule Active Use this field to enable or disable the filter rule Interface Select the PVC to which to apply the filter Direction Apply the filter to Incoming or Ou...

Page 145: ...t the index number of the filter set from the drop down list box This is the index number of the rule in a filter set Active This field shows whether the rule is activated Interface This is the interf...

Page 146: ...terface Select the PVC to which to apply the filter Direction Apply the filter to Incoming or Outgoing traffic direction Rule Type Select IP or MAC type to configure the rule Use the IP Filter to bloc...

Page 147: ...ment 135 Neighbor Solicitation 136 Neighbor Advertisement 137 Redirect Redirect message Protocol This is the upper layer protocol that defines the service to which this rule applies By default it is I...

Page 148: ...146 eircom D1000 modem User s Guide Chapter 12 Filter...

Page 149: ...nt Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 99 Default Firewall Action LAN A...

Page 150: ...y causing denial of service for users of the targeted system LAND Attack In a Local Area Network Denial LAND attack hackers flood SYN packets into the network with a spoofed source IP address of the t...

Page 151: ...lds For DoS attacks the Device uses thresholds to determine when to drop sessions that do not become fully established These thresholds apply globally to all sessions You can use the default threshold...

Page 152: ...set the default action that the firewall takes on packets that do not match any of the firewall rules Click Security Firewall Default Action to display the following screen Figure 101 Security Firewa...

Page 153: ...elect 6 your new rule becomes number 7 and the previous rule 7 if there is one becomes rule 8 The following read only fields summarize the rules you have created that apply to traffic traveling in the...

Page 154: ...can edit the rule Click the Remove icon to delete an existing firewall rule A window displays asking you to confirm that you want to delete the firewall rule Note that subsequent firewall rules move...

Page 155: ...discard Drop deny and send an ICMP destination unreachable message to the sender of Reject or allow the passage of Permit packets that match this rule IP Version Type Select the IP version IPv4 or IP...

Page 156: ...uivalent to any Destination Interface Specify a destination interface to which this firewall rule applies This is the interface through which the traffic is destined to leave the Device Please note th...

Page 157: ...ngs 13 4 3 Customized Service Add Edit Use this screen to add a customized rule or edit an existing rule Click Add or the Edit icon next to a rule number in the Firewall Customized Services screen to...

Page 158: ...13 5 1 The DoS Advanced Screen For DoS attacks the Device uses thresholds to determine when to start dropping sessions that do not become fully established half open sessions These thresholds apply g...

Page 159: ...mum capacity of server backlog in your LAN network 3 The CPU power of servers in your LAN network 4 Network bandwidth 5 Type of traffic for certain servers Reduce the threshold values if your network...

Page 160: ...rect attacks An ICMP redirect attack is one where forged ICMP redirect messages can force the client device to route packets for certain connections through an attacker s host DoS Log Log Level DEBUG...

Page 161: ...ng ones but please exercise extreme caution in doing so For example you may create rules to Block certain types of traffic such as IRC Internet Relay Chat from the LAN to the Internet Allow certain ty...

Page 162: ...locked for all users will a rule that blocks just certain users be more effective 3 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability For example if...

Page 163: ...ffic from the WAN can go directly to a LAN computer without passing through the Device and its firewall protection Another solution is to use IP alias IP alias allows you to partition your network int...

Page 164: ...162 eircom D1000 modem User s Guide Chapter 13 Firewall Figure 111 IP Alias LAN 1 4 Subnet 1 WAN ISP 1 2 3 A Subnet 2 ISP 2...

Page 165: ...s screen Table 63 Security Parental Control LABEL DESCRIPTION Parental Control Use this field to activate or deactivate parental control Add new PCP Click this to create a new parental control rule Th...

Page 166: ...e Delete icon to delete an existing rule Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings 14 2 1 Add Edit Parental Control Rule Click Add new PCP in...

Page 167: ...er is allowed access Network Service Network Service Setting If you select Block the Device prohibits the users from viewing the Web sites with the URLs listed below If you select Access the Device bl...

Page 168: ...Chapter 14 Parental Control 166 eircom D1000 modem User s Guide...

Page 169: ...ertificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities The certification...

Page 170: ...ificate have unique subject information Issuer This field displays identifying information about the certificate s issuing certification authority such as a common name organizational unit or departme...

Page 171: ...tes Trusted CA The following table describes the fields in this screen Table 66 Security Certificates Trusted CA LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can s...

Page 172: ...ick Browse to find the certificate file you want to upload Apply Click Apply to save the certificate on the Device Back Click Back to return to the previous screen 15 6 View Certificate Use this scree...

Page 173: ...ny character not including spaces Certificate Detail This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses 64 ASCII characters to conve...

Page 174: ...Chapter 15 Certificates 172 eircom D1000 modem User s Guide...

Page 175: ...ew Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect...

Page 176: ...g LABEL DESCRIPTION Level Select a severity level from the drop down list box This filters search results according to the severity level you have selected When you select a severity the Device search...

Page 177: ...stem Monitor Traffic Status to open the WAN screen You can view the WAN traffic statistics in this screen Figure 119 System Monitor Traffic Status WAN The following table describes the fields in this...

Page 178: ...ace 17 3 The LAN Status Screen Click System Monitor Traffic Status LAN to open the following screen You can view the LAN traffic statistics in this screen Figure 120 System Monitor Traffic Status LAN...

Page 179: ...interface 17 4 The NAT Screen Click System Monitor Traffic Status NAT to open the following screen You can view the NAT status of the Device s client s in this screen Figure 121 System Monitor Traffi...

Page 180: ...178 eircom D1000 modem User s Guide Chapter 17 Traffic Status...

Page 181: ...ON User Name You can configure the password for the Power User and Admin accounts Old Password Type the default password or the existing password you use to access the system in this field New Passwor...

Page 182: ...180 eircom D1000 modem User s Guide Chapter 18 User Account...

Page 183: ...scribes the labels in this screen Table 75 Maintenance System LABEL DESCRIPTION Administrator Inactivity Timer Type how many seconds a management session either via the web configurator can be left id...

Page 184: ...182 eircom D1000 modem User s Guide Chapter 19 System Setting...

Page 185: ...ur Device s time and date click Maintenance System Time The screen appears as shown Figure 124 Maintenance System Time Setting The following table describes the fields in this screen Table 76 Maintena...

Page 186: ...ime when Daylight Saving Time starts if you selected Enable Daylight Saving The o clock field uses the 24 hour format Here are a couple of examples Daylight Saving Time starts in most parts of the Uni...

Page 187: ...185 eircom D1000 modem User s Guide Chapter 20 Time Setting...

Page 188: ...Chapter 20 Time Setting 186 eircom D1000 modem User s Guide...

Page 189: ...verview You can configure where the Device sends logs the Device records in the Log Setting screen 21 2 The Log Setting Screen To change your Device s log settings click Maintenance Log Setting The sc...

Page 190: ...nt to be in the subject line of the system log e mail message that the Device sends From Specify where the logs are sent from To The Device sends logs to the e mail address specified in this field If...

Page 191: ...ful upload the system will reboot Do NOT turn off the Device while firmware upload is in progress Figure 126 Maintenance Firmware Upgrade The following table describes the labels in this screen Table...

Page 192: ...twork disconnect In some operating systems you may see the following icon on your desktop Figure 128 Network Temporarily Disconnected After two minutes log in again and check your new firmware version...

Page 193: ...ing configuration appears in this screen as shown next Figure 130 Maintenance Backup Restore Backup Configuration Backup Configuration allows you to back up save the Device s current configuration to...

Page 194: ...n appears Login again to restart the Device The Device automatically restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your deskt...

Page 195: ...ot Screen System restart allows you to reboot the Device remotely without turning the power off You may need to do this if the Device hangs for example Click Maintenance Reboot Click the Reboot button...

Page 196: ...Chapter 23 Backup Restore 194 eircom D1000 modem User s Guide...

Page 197: ...Device from a remote location via Internet WAN only LAN only LAN and WAN None Disable To disable remote management of a service select Disable in the corresponding Service Access field 24 1 1 What You...

Page 198: ...nd from which IP address es users can use SSH to manage the Device 24 1 2 What You Need to Know About Remote Management Remote Management Limitations Remote management does not work when You have not...

Page 199: ...e allowing WAN access even temporarily to change the default password in Maintenance User Account To allow access from the WAN you will need to configure a WAN to Router firewall rule See Section 3 7...

Page 200: ...ect the interface s through which a computer may access the Device using this service Note It is recommended if you are allowing WAN access even temporarily to change the default password in Maintenan...

Page 201: ...service port number for accessing the Device If the number is grayed out it is not editable Server Access Select the interface s through which a computer may access the Device using this service Secu...

Page 202: ...The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed devices The managed devices contain objec...

Page 203: ...th an IP address in the range that you specify to access the Device using this service Get Community Enter the Get Community which is the password for the incoming Get and GetNext requests from the ma...

Page 204: ...queries to the Device Choose Range to just allow the computer s with an IP address in the range that you specify to send DNS queries to the Device Apply Click this to save your changes Cancel Click t...

Page 205: ...lowed to send Ping requests to the Device Select All to allow any computer to send Ping requests to the Device Choose Range to just allow the computer s with an IP address in the range that you specif...

Page 206: ...WAN access even temporarily to change the default password in Maintenance User Account To allow access from the WAN you will need to configure a WAN to Router firewall rule See Section 3 7 on page 34...

Page 207: ...the DSL line statistics and reset the ADSL line 25 2 The General Screen Use this screen to ping an IP address Click Maintenance Diagnostic Ping to open the screen shown next Figure 142 Maintenance Di...

Page 208: ...s between the Device to the IPv6 address that you entered TracerouteV4 Click this to display the route path and transmission delays between the Device to the IPv4 address that you entered 25 3 The DSL...

Page 209: ...ooting problems with the DSLAM and ATM network DSL Line Status Click this to view statistics about the DSL connections noise margin downstream is the signal to noise ratio for the downstream part of t...

Page 210: ...Chapter 25 Diagnostic 208 eircom D1000 modem User s Guide...

Page 211: ...you are using the power adaptor or cord included with the Device 3 Make sure the power adaptor or cord is connected to the Device and plugged in to an appropriate power source Make sure the power sou...

Page 212: ...n be found on the cover of this User s Guide 2 If this does not work you have to reset the device to its factory defaults See Section 1 5 on page 15 I cannot see or access the Login screen for the web...

Page 213: ...the Device in the other session or ask the person who is logged in to log out 3 Turn the Device off and on 4 If this does not work you have to reset the device to its factory defaults See Section 1 5...

Page 214: ...ted 2 Turn the Device off and on 3 If the problem continues contact your ISP The Internet connection is slow or intermittent 1 There might be a lot of traffic on the network Look at the LEDs and check...

Page 215: ...the LAN Off The Device does not have an Ethernet connection with the LAN WiFi Green On The wireless network is activated Blinking The Device is communicating with other wireless clients Orange Blinkin...

Page 216: ...214 eircom D1000 modem User s Guide Chapter 27 LED Descriptions...

Page 217: ...proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warrant...

Page 218: ...imi zahtevami in ostalimi relevantnimi dolo ili direktive 1999 5 EC Slovak ZyXEL t mto vyhlasuje e zariadenia sp a z kladn po iadavky a v etky pr slu n ustanovenia Smernice 1999 5 EC Finnish ZyXEL vak...

Page 219: ...rieur dans la bande 2454 2483 5 MHz Il n y a pas de restrictions pour des utilisations en int rieur ou dans d autres parties de la bande 2 4 GHz Consultez http www arcep fr pour de plus amples d tails...

Page 220: ...device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe...

Page 221: ...up configuration 191 Basic Service Set see BSS broadcast 32 BSS 67 example 67 C CA 167 CBR 36 40 46 certificate factory default 168 certificates 167 authentication 167 CA public key 167 replacing 168...

Page 222: ...nfiguration Protocol see DHCP DYNDNS wildcard 139 activation 140 E encapsulation 31 33 39 ENET ENCAP 42 PPPoA 43 PPPoE 43 RFC 1483 43 encryption 66 ENET ENCAP 33 39 42 Extended Service Set IDentificat...

Page 223: ...lias 83 configuration 83 MAC address 82 multicast 80 106 RIP 106 subnet mask 78 105 LAND attack 148 limitations wireless LAN 67 WPS 74 Local Area Network see LAN login passwords 17 logout 17 automatic...

Page 224: ...ctivation 128 configuration 127 rules 128 port isolation 135 PPPoA 33 39 43 PPPoE 33 39 43 preamble 62 64 printer sharing 91 and LAN 93 requirements 92 private IP address 105 probing firewalls 149 pro...

Page 225: ...s 207 WPS 58 subnet mask 78 105 Sustain Cell Rate see SCR SYN attack 148 syslog protocol 173 severity levels 173 system 181 firmware 189 passwords 17 reset 15 status 27 time 183 System Info 27 T three...

Page 226: ...ption 50 WEP key 50 Wide Area Network see WAN WiFi Protected Setup see WPS Wireless Distribution System see WDS wireless LAN 47 63 authentication 64 66 BSS 67 example 67 channel 64 encryption 66 examp...