ZyXEL Communications VMG1312-B Series, User Manual

Page 1: ...ireless N VDSL2 4 port Gateway with USB IMPORTANT IMPORTANT READ CAREFULLY BEFORE USE Copyright 2012 ZyXEL Communications Corporation Version 1 00 Edition 1 7 2012 Default Login Details LAN IP Address http 192 168 1 1 User Name admin Password 1234 ...

Page 2: ... versions or if you installed updated firmware software for your device Every effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide is designed to help you get up and running right away It contains information on setting up your network and configuring for Internet access Support Disc Refer to the included CD fo...

Page 3: ...ality of Service QoS 167 Network Address Translation NAT 185 Dynamic DNS Setup 201 Interface Group 205 USB Service 211 Firewall 217 MAC Filter 227 Parental Control 229 Scheduler Rules 233 Certificates 235 Log 243 Traffic Status 247 ARP Table 251 Routing Table 253 IGMP Status 255 xDSL Statistics 257 User Account 261 Remote Management 263 TR 069 Client 265 TR 064 267 Time Settings 269 E mail Notific...

Page 4: ...Contents Overview VMG1312 B Series User s Guide 4 Troubleshooting 289 ...

Page 5: ...ss 18 1 4 2 Device s USB Support 19 1 5 LEDs Lights 20 1 6 The RESET Button 21 1 7 Wireless Access 21 1 7 1 Using the WLAN WPS Button 22 Chapter 2 The Web Configurator 23 2 1 Overview 23 2 1 1 Accessing the Web Configurator 23 2 2 Web Configurator Layout 25 2 2 1 Title Bar 25 2 2 2 Main Window 26 2 2 3 Navigation Panel 26 Chapter 3 Quick Start 31 3 1 Overview 31 3 2 Quick Start Setup 31 Chapter 4 ...

Page 6: ... Files From a Computer 54 4 10 Using the Media Server Feature 55 4 10 1 Configuring the Device 55 4 10 2 Using Windows Media Player 55 4 10 3 Using a Digital Media Adapter 58 4 11 Using the Print Server Feature 60 Part II Technical Reference 77 Chapter 5 Network Map and Status Screens 79 5 1 Overview 79 5 2 The Network Map Screen 79 5 3 The Status Screen 80 Chapter 6 Broadband 83 6 1 Overview 83 6...

Page 7: ...rence 125 7 10 1 Wireless Network Overview 125 7 10 2 Additional Wireless Terms 127 7 10 3 Wireless Security Overview 127 7 10 4 Signal Problems 129 7 10 5 BSS 130 7 10 6 MBSSID 130 7 10 7 Preamble Type 131 7 10 8 Wireless Distribution System WDS 131 7 10 9 WiFi Protected Setup WPS 131 Chapter 8 Home Networking 139 8 1 Overview 139 8 1 1 What You Can Do in this Chapter 139 8 1 2 What You Need To K...

Page 8: ...of Service General Screen 169 10 4 The Queue Setup Screen 170 10 4 1 Adding a QoS Queue 172 10 5 The Class Setup Screen 172 10 5 1 Add Edit QoS Class 174 10 6 The QoS Policer Setup Screen 177 10 6 1 Add Edit a QoS Policer 178 10 7 The QoS Monitor Screen 179 10 8 Technical Reference 180 Chapter 11 Network Address Translation NAT 185 11 1 Overview 185 11 1 1 What You Can Do in this Chapter 185 11 1 ...

Page 9: ...oup 205 13 1 Overview 205 13 1 1 What You Can Do in this Chapter 205 13 2 The Interface Group Screen 205 13 2 1 Interface Group Configuration 206 13 2 2 Interface Grouping Criteria 208 Chapter 14 USB Service 211 14 1 Overview 211 14 1 1 What You Can Do in this Chapter 211 14 1 2 What You Need To Know 211 14 2 The File Sharing Screen 212 14 2 1 Before You Begin 213 14 3 The Media Server Screen 214 ...

Page 10: ...Scheduler Rules Screen 233 18 2 1 Add Edit a Schedule 234 Chapter 19 Certificates 235 19 1 Overview 235 19 1 1 What You Can Do in this Chapter 235 19 2 What You Need to Know 235 19 3 The Local Certificates Screen 236 19 3 1 Create Certificate Request 237 19 3 2 Load Signed Certificate 238 19 4 The Trusted CA Screen 239 19 4 1 View Trusted CA Certificate 240 19 4 2 Import Trusted CA Certificate 241...

Page 11: ...le 253 23 1 Overview 253 23 2 The Routing Table Screen 253 Chapter 24 IGMP Status 255 24 1 Overview 255 24 2 The IGMP Group Status Screen 255 Chapter 25 xDSL Statistics 257 25 1 The xDSL Statistics Screen 257 Chapter 26 User Account 261 26 1 Overview 261 26 2 The User Account Screen 261 Chapter 27 Remote Management 263 27 1 Overview 263 27 2 The Remote MGMT Screen 263 Chapter 28 TR 069 Client 265 ...

Page 12: ...Settings Screen 275 32 2 1 Example E mail Log 276 Chapter 33 Firmware Upgrade 279 33 1 Overview 279 33 2 The Firmware Screen 279 Chapter 34 Configuration 281 34 1 Overview 281 34 2 The Configuration Screen 281 34 3 The Reboot Screen 283 Chapter 35 Diagnostic 284 35 1 Overview 284 35 1 1 What You Can Do in this Chapter 284 35 2 What You Need to Know 284 35 3 Ping TraceRoute NsLookup 285 35 4 802 1a...

Page 13: ... USB Device Connection 294 36 6 UPnP 294 Appendix A Setting up Your Computer s IP Address 297 Appendix B IP Addresses and Subnetting 319 Appendix C Pop up Windows JavaScripts and Java Permissions 327 Appendix D Wireless LANs 337 Appendix E IPv6 351 Appendix F Services 359 Appendix G Legal Information 363 Index 367 ...

Page 14: ...Table of Contents VMG1312 B Series User s Guide 14 ...

Page 15: ...15 PART I User s Guide ...

Page 16: ...16 ...

Page 17: ...e following methods to manage the Device Web Configurator This is recommended for everyday management of the Device using a supported web browser TR 069 This is an auto configuration server used to remotely configure your device 1 3 Good Habits for Managing the Device Do the following things regularly to make the Device more secure and to manage the Device more effectively Change the password Use ...

Page 18: ...AN layer 2 interfaces that you configure in the Device Refer to Section 6 2 on page 86 for the Netw ork Setting Broadband screen Computers can connect to the Device s LAN ports or wirelessly Figure 1 Device s Internet Access Application You can also configure IP filtering on the Device for secure Internet access When the IP filter is on all incoming traffic from the Internet to your network is blo...

Page 19: ...a USB hard drive B You can connect one USB hard drive to the Device at a time Use FTP to access the files on the USB device Figure 2 USB File Sharing Application Media Server You can also use the Device as a media server This lets anyone on your network play video music and photos from a USB device B connected to the Device s USB port without having to copy them to another computer Figure 3 USB Me...

Page 20: ...inking Firmware upgrade is in progress ETHERNET 1 4 Green On The Device has a successful 100 Mbps Ethernet connection with a device on the Local Area Network LAN Blinking The Device is sending or receiving data to from the LAN at 100 Mbps Off The Device does not have an Ethernet connection with the LAN WLAN WPS Green On The wireless network is activated Blinking The Device is communicating with ot...

Page 21: ...oint AP for wireless clients such as notebook computers or PDAs and iPads It allows them to connect to the Internet without having to rely on inconvenient Ethernet cables I NTERNET Green On The Device has an IP connection but no traffic Your device has a WAN IP address either static or assigned by a DHCP server PPP negotiation was successfully completed if used and the DSL connection is up Blinkin...

Page 22: ... secure wireless connection between the Device and a WPS compatible client by adding one device at a time To activate WPS 1 Make sure the POW ER LED is on and not blinking 2 Press the W LAN W PS button for five seconds and release it 3 Press the WPS button on another WPS enabled device within range of the Device The W LAN W PS LED flashes orange while the Device sets up a WPS connection with the o...

Page 23: ...e 327 if you need to make sure these functions are allowed in Internet Explorer 2 1 1 Accessing the Web Configurator 1 Make sure your Device hardware is properly connected refer to the Quick Start Guide 2 Launch your web browser If the Device does not automatically re direct you to the login screen go to http 192 168 1 1 3 A password screen displays To access the administrative web configurator an...

Page 24: ...d to the main menu if you do not want to change the password now Figure 7 Change Password Screen 5 The Quick Start W izard screen appears You can configure the Device s time zone basic Internet access and wireless settings See Chapter 3 on page 31 for more information 6 After you finished or closed the Quick Start W izard screen the Netw ork Map page appears Figure 8 Network Map 7 Click Status to ...

Page 25: ...window C navigation panel 2 2 1 Title Bar The title bar provides some icons in the upper right corner The icons provide the following functions B C A Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Quick Start Click this icon to open screens where you can configure the Device s time zone Internet access and wireless settings Logout Click this icon to log out of the web configurato...

Page 26: ... Virtual Device 2 2 3 Navigation Panel Use the menu items on the navigation panel to open screens to configure Device features The following tables describe each menu item Table 3 Navigation Panel Summary LINK TAB FUNCTION Connection Status This screen shows the network status of the Device and computers devices connected to it Network Setting Broadband Broadband Use this screen to view and config...

Page 27: ... devices when they request IP addresses 5th Ethernet Port Use this screen to configure the Ethernet WAN port as a LAN port Routing Static Route Use this screen to view and set up static routes on the Device Policy Forwarding Use this screen to configure policy routing on the Device QoS General Use this screen to enable QoS and traffic prioritizing You can also configure the QoS rules and actions Q...

Page 28: ...g System Log Use this screen to view the status of events that occurred to the Device You can export or e mail the logs Security Log Use this screen to view the login record of the Device You can export or e mail the logs Traffic Status WAN Use this screen to view the status of all network traffic going through the WAN port of the Device LAN Use this screen to view the status of all network traffi...

Page 29: ...Traceroute Nslookup Use this screen to identify problems with the DSL connection You can use Ping TraceRoute or Nslookup to help you identify problems 802 1ag Use this screen to configure CFM Connectivity Fault Management MD maintenance domain and MA maintenance association perform connectivity tests and view test reports OAM Ping Use this screen to view information to help you identify problems w...

Page 30: ...Chapter 2 The Web Configurator VMG1312 B Series User s Guide 30 ...

Page 31: ...e technical reference chapters starting on page 77 for background information on the features in this chapter 3 2 Quick Start Setup 1 The Quick Start Wizard appears automatically after login Or you can click the Click Start icon in the top right corner of the web configurator to open the quick start screens Select the time zone of the Device s location and click Next Figure 11 Time Zone ...

Page 32: ...depending on your current connection type Click Next Click Next Figure 12 Internet Connection 3 Turn the wireless LAN on or off If you keep it on record the security settings so you can configure your wireless clients to connect to the Device Click Save Figure 13 Internet Connection 4 Your Device saves your settings and attempts to connect to the Internet ...

Page 33: ...ed Files From a Computer see page 54 Using the Media Server Feature see page 55 Using the Print Server Feature see page 60 4 2 Setting Up an ADSL PPPoE Connection This tutorial shows you how to set up your Internet connection using the Web Configurator If you connect to the Internet through an ADSL connection use the information from your Internet Service Provider ISP to configure the Device Be su...

Page 34: ...ider 5 Configure this rule as your default Internet connection by selecting the Apply as Default Gatew ay check box Then select DNS as Static and enter the DNS server addresses provided to you such as 1 9 2 1 6 8 5 2 DNS server1 1 9 2 1 6 8 5 1 DNS server2 6 Leave the rest of the fields to the default settings Connection Mode Routing Encapsulation PPPoE IPv6 I Pv4 Mode IPv4 ATM PVC Configuration V...

Page 35: ...Chapter 4 Tutorials VMG1312 B Series User s Guide 35 7 Click Apply to save your settings ...

Page 36: ... can use his notebook to access the Internet In this wireless network the Device serves as an access point AP and the notebook is the wireless client The wireless client can access the Internet through the AP Thomas has to configure the wireless network settings on the Device Then he can set up a wireless network using WPS Section 4 3 2 on page 38 or manual configuration Section 4 3 3 on page 41 4...

Page 37: ...screen using the provided parameters see page 36 Click Apply 2 Go to the W ireless Others screen and select 8 0 2 1 1 b g n Mixed in the 8 0 2 1 1 Mode field Click Apply Thomas can now use the WPS feature to establish a wireless connection between his notebook and the Device see Section 4 3 2 on page 38 He can also use the notebook s wireless client to search for the Device see Section 4 3 3 on pa...

Page 38: ... PIN on the Device A wireless client must also use the same PIN in order to download the wireless network settings from the Device Push Button Configuration PBC 1 Make sure that your Device is turned on and your notebook is within the cover range of the wireless signal 2 Make sure that you have installed the wireless client driver and utility in your notebook 3 In the wireless client utility go to...

Page 39: ...button within two minutes of pressing the first one The Device sends the proper configuration settings to the wireless client This may take up to two minutes The wireless client is then able to communicate with the Device securely The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both Device and wireless client Example WPS Proces...

Page 40: ...PIN number 2 Log into Device s web configurator and go to the Netw ork Setting W ireless W PS screen Enable the WPS function and click Apply 3 Enter the PIN number of the wireless client and click the Register button Activate WPS function on the wireless client utility screen within two minutes The Device authenticates the wireless client and sends the proper configuration settings to the wireless...

Page 41: ...wireless adapter s utility installed on the notebook to search for the Example SSID Then enter the DoNotStealMyWirelessNetwork pre shared key to establish an wireless Internet connection Note The Device supports IEEE 802 11b and IEEE 802 11g wireless clients Make sure that your notebook or computer s wireless adapter supports one of these standards Authentication by PIN SECURITY INFO WITHIN 2 MINU...

Page 42: ...A will use a general Com pany wireless network group Higher management level and important visitors will use the VI P group Visiting guests will use the Guest group which has a lower security mode Company A will use the following parameters to set up the wireless network groups COMPANY VIP GUEST SSI D Company VIP Guest Security Level More Secure More Secure Basic Security Mode WPA2 PSK WPA2 PSK St...

Page 43: ... the General screen Use this screen to set up the company s general wireless network group Configure the screen using the provided parameters and click Apply 2 Click Netw ork Setting W ireless More AP to open the following screen Click the Edit icon to configure the second wireless network group ...

Page 44: ...er 4 Tutorials VMG1312 B Series User s Guide 44 3 Configure the screen using the provided parameters and click Apply 4 In the More AP screen click the Edit icon to configure the third wireless network group ...

Page 45: ...ic Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions you may connect a router to the Device s LAN The router may be used to separate two department networks This tutorial shows how to configure a static routing rule for two network routings In the following figure router R is connected to the Device s LAN R connects to two networks N1 192 ...

Page 46: ...ule on the Device to specify R as the router in charge of forwarding traffic to N2 In this case the Device routes traffic from A to R and then R routes the traffic to B This tutorial uses the following example IP settings Table 4 IP Settings in this Tutorial DEVICE COMPUTER IP ADDRESS The Device s WAN 172 16 1 1 The Device s LAN 192 168 1 1 I P Type I Pv4 Use Interface ADSL atm0 A 192 168 1 34 R s...

Page 47: ...r the Route Nam e as R 4b Set I P Type to I Pv4 4c Type 1 9 2 1 6 8 1 0 0 and subnet mask 2 5 5 2 5 5 2 5 5 0 for the destination N2 4d Select Enable in the Use Gatew ay I P Address field Type 1 9 2 1 6 8 1 2 5 3 R s N1 address in the Gatew ay I P Address field 4e Select ADSL atm 0 as the Use I nterface 4a Click OK Now B should be able to receive traffic from A You may need to additionally configu...

Page 48: ...mission bandwidth of 10 000 kbps For this example you want to configure QoS so that e mail traffic gets the highest priority with at least 5 000 kbps You can do the following Configure a queue to assign the highest priority queue 1 to e mail traffic going to the WAN interface so that e mail traffic would not get delayed when there is network congestion Note the IP address 192 168 1 23 for example ...

Page 49: ... kbps or leave this blank to have the Device automatically determine this figure Click Apply Tutorial Advanced QoS 2 Click Queue Setup Add new Queue to create a new queue In the screen that opens check Active and enter or select the following values Nam e E mail I nterface W AN Priority 1 High W eight 8 Rate Lim it 5 000 kbps Tutorial Advanced QoS Queue Setup ...

Page 50: ...s the interface from which the traffic will be coming from Select LAN1 for this example Ether Type Select I P to identify the traffic source by its IP address or MAC address I P Address Type the IP address of your computer 1 9 2 1 6 8 1 2 3 Type the I P Subnet Mask if you know it MAC Address Type the MAC address of your computer AA FF AA FF AA FF Type the MAC Mask if you know it To Queue I ndex Li...

Page 51: ... domain name To use this feature you have to apply for DDNS service at www dyndns org This tutorial covers Registering a DDNS Account on www dyndns org Configuring DDNS on Your Device Testing the DDNS Setting Note If you have a private WAN IP address then you cannot use DDNS 4 7 1 Registering a DDNS Account on www dyndns org 1 Open a browser and type http w w w dyndns org 2 Apply for a user accoun...

Page 52: ...yxelrouter dyndns org in the Host Nam e field Enter the user name UserNam e1 and password 1 2 3 4 5 Click Apply 4 7 3 Testing the DDNS Setting Now you should be able to access the Device from the Internet To test this 1 Open a web browser on the computer using the IP address a b c d that is connected to the Internet 2 Type http zyxelrouter dyndns org and press Enter 3 The Device s login page shoul...

Page 53: ...rate on preparing for her final exams Josephine s computer connects wirelessly to the Internet through the Device Thomas decides to use the Security MAC Filter screen to grant wireless network access to his computer but not to Josephine s computer 1 Click Security MAC Filter to open the MAC Filter screen Select the Enable check box to activate MAC filter function 2 Select Allow Then enter the host...

Page 54: ...s From a Computer Here is how to use an FTP program to access a file storage device connected to the Device s USB port Note This example uses the FileZilla FTP program to browse your shared files 1 In FileZilla enter the IP address of the Device the default is 192 168 1 1 your account s user name and password and port 21 and click Quickconnect A screen asking for password authentication appears Fi...

Page 55: ...rrect hardware connections Before you begin connect the USB storage device containing the media files you want to play to the USB port of your Device 4 10 1 Configuring the Device Note The Media Server feature is enabled by default To use your Device as a media server click Netw ork Setting Hom e Netw orking Media Server Tutorial USB Services Media Server Check Enable Media Server and click Apply ...

Page 56: ... Windows Vista 1 Open Windows Media Player and click Library Media Sharing as follows Tutorial Media Sharing using Windows Vista 2 Check Find m edia that others are sharing in the following screen and click OK Tutorial Media Sharing using Windows Vista 2 ...

Page 57: ...The Device displays as a playlist Clicking on the category icons in the right panel shows you the media files in the USB storage device attached to your Device Windows 7 1 Open Windows Media Player It should automatically detect the Device Tutorial Media Sharing using Windows 7 1 If you cannot see the Device in the left panel as shown above right click Other Libraries Refresh Other Libraries ...

Page 58: ...ould see a list of files available in the USB storage device Tutorial Media Sharing using Windows 7 2 4 10 3 Using a Digital Media Adapter This section shows you how you can use the Device with a ZyXEL DMA 2500 to play media files stored in the USB storage device in your TV screen Note For this tutorial your DMA 2500 should already be set up with the TV according to the instructions in the DMA 250...

Page 59: ...screen to appear Using the remote control go to MyMedia to open the following screen Select the Device as your media server Tutorial Media Sharing using DMA 2500 3 The screen shows you the list of available media files in the USB storage device Select the file you want to open and push the Play button in the remote control Tutorial Media Sharing using DMA 2500 2 DMA 2500 ZyXEL Device USB Storage D...

Page 60: ... Using Windows Add a New Printer Using Macintosh OS X Configure a TCP IP Printer Port This example shows how you can configure a TCP IP printer port This example is done using the Windows 2000 Professional operating system Some menu items may look different on your operating system The TCP IP port must be configured with the IP address of the Device and must use the RAW protocol to communicate wit...

Page 61: ...on Printers and select Open Tutorial Open Printers Window The Printers folder opens up First you need to open up the properties windows for the printer you want to configure a TCP IP port 2 Locate your printer 3 Right click on your printer and select Properties Tutorial Open Printer Properties ...

Page 62: ...Add Port Tutorial Printer Properties Window 5 A Printer Ports window appears Select Standard TCP I P Port and click New Port Tutorial Add a Port Window 6 Add Standard TCP I P Printer Port W izard window opens up Click Next to start configuring the printer port Tutorial Add a Port Wizard ...

Page 63: ...ort Nam e field updates automatically to reflect the IP address of the port Click Next Note The computer from which you are configuring the TCP IP printer port must be on the same LAN in order to use the printer sharing function Tutorial Enter IP Address of the Device 8 Select Custom under Device Type and click Settings Tutorial Custom Port Settings 9 Confirm the IP address of the Device in the IP...

Page 64: ...wizard apply your settings and close the wizard window Tutorial Finish Adding the TCP IP Port 13 Repeat steps 1 to 12 to add this printer to other computers on your network Add a New Printer Using Windows This example shows how to connect a printer to your Device using the Windows 7 XP Professional operating system Some menu items may look different on your operating system ...

Page 65: ...el Printers and FaxesDevices and Printers to open the Printers and FaxesDevices and Printers screen Click Add a pPrinter Tutorial Printers Folder 2 The Add Printer wWizard screen displays Click NextAdd a netw ork w ireless or Bluetooth printer Tutorial Add Printer Wizard Welcome ...

Page 66: ...Chapter 4 Tutorials VMG1312 B Series User s Guide 66 3 Click The printer that I w ant isn t listed Tutorial Add Printer Wizard Welcome ...

Page 67: ...eb Configurator on the Netw ork Setting USB Service Printer Server screen Click Next Tutorial Add Printer Wizard Welcome 5 Install the printer driver Please check the Windows CD if it includes the printer driver If not please install the driver from the CD included with your printer or by downloading it from the printer vendor s website 6 After the printer driver installs successfully choose if yo...

Page 68: ...s Guide 68 7 Select Local printer attached to this com puter and click Next Tutorial Add Printer Wizard Local or Network Printer 8 Select Create a new port and Standard TCP I P Port Click Next Tutorial Add Printer Wizard Select the Printer Port ...

Page 69: ...ice to which the printer is connected in the Printer Nam e or I P Address field In our example we use the default IP address of the Device 192 168 1 1 The Port Nam e field updates automatically to reflect the IP address of the port Click Next Note The computer from which you are configuring the TCP IP printer port must be on the same LAN in order to use the printer sharing function Tutorial Enter ...

Page 70: ...k Settings Tutorial Custom Port Settings 12 Confirm the IP address of the Device in the Printer Nam e or I P Address field 13 Select Raw under Protocol 14 The Port Num ber is automatically configured as 9 1 0 0 Click OK to go back to the previous screen and click Next Tutorial Custom Port Settings ...

Page 71: ...ct to the print server in the Manufacturer list of printers 17 Select the printer model from the list of Printers 18 If your printer is not displayed in the list of Printers you can insert the printer driver installation CD disk or download the driver file to your computer click Have Disk and install the new printer driver 19 Click Next to continue Tutorial Add Printer Wizard Printer Driver ...

Page 72: ...a printer driver installed on your computer and you do not want to change it Otherwise select Replace existing driver to replace it with the new driver you selected in the previous screen and click Next Tutorial Add Printer Wizard Use Existing Driver 21 Type a name to identify the printer and then click Next to continue Tutorial Add Printer Wizard Name Your Printer ...

Page 73: ...rs in the same network just select Do not share this printer and click Next to proceed to the following screen Tutorial Add Printer Wizard Printer Sharing 23 Select Yes and then click the Next button if you want to print a test page A pop up screen displays to ask if the test page printed correctly Otherwise select No and then click Next to continue Tutorial Add Printer Wizard Print Test Page ...

Page 74: ...et up a print server driver on your Macintosh computer 1 Click the Print Center icon located in the Macintosh Dock a place holding a series of icons shortcuts at the bottom of the desktop Proceed to step 6 to continue If the Print Center icon is not in the Macintosh Dock proceed to the next step 2 On your desktop double click the Macintosh HD icon to open the Macintosh HD window Tutorial Macintosh...

Page 75: ...al Utilities Folder 6 Click the Add icon at the top of the screen Tutorial Printer List Folder 7 Set up your printer in the Printer List configuration screen Select I P Printing from the drop down list box 8 In the Printer s Address field type the IP address of your Device 9 Deselect the Use default queue on server check box 10 Type LP1 in the Queue Nam e field ...

Page 76: ...tion 12 Click Add to select a printer model save and close the Printer List configuration screen Tutorial Printer Model 13 The Nam e LP1 on 1 9 2 1 6 8 1 1 displays in the Printer List field The default printer Nam e displays in bold type Tutorial Print Server Your Macintosh print server driver setup is complete You can now use the Device s print server to print from a Macintosh computer ...

Page 77: ...77 PART II Technical Reference ...

Page 78: ...78 ...

Page 79: ...ent status of the Device system resources and interfaces LAN WAN and WLAN 5 2 The Network Map Screen Use this screen to view the network connection status of the device and its clients A warning message appears if there is a connection problem If you prefer to view the status in a list click List View in the View ing Mode selection box You can configure how often you want the Device to update this...

Page 80: ...lick Change icon nam e In List Mode you can also view the client s information 5 3 The Status Screen Use this screen to view the status of the Device Click Status to open this screen Figure 16 Status Screen Each field is described in the following table Table 5 Status Screen LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen Device Information Host Name T...

Page 81: ... LAN Relay The Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients None The Device is not providing any DHCP services to the LAN MAC Address This shows the LAN Ethernet adapter MAC Media Access Control Address of your Device WLAN Information MAC Address This shows the wireless adapter MAC Media Access Control Address of your Devic...

Page 82: ... applications to have more throughput you should turn off other applications for example using QoS see Chapter 10 on page 167 Memory Usage This field displays what percentage of the Device s memory is currently used Usually this percentage should not increase much If memory usage does get close to 100 the Device is probably becoming unstable and you should restart the device See Section 34 2 on pa...

Page 83: ...mputers in other locations Figure 17 LAN and WAN 3G third generation standards for the sending and receiving of voice video and data in a mobile environment You can attach a 3G wireless adapter to the USB port and set the Device to use this 3G connection as your WAN or a backup when the wired WAN connection fails Figure 18 3G WAN Connection 6 1 1 What You Can Do in this Chapter Use the Broadband s...

Page 84: ...is used by the Device to communicate with other devices in other networks It can be static fixed or dynamically assigned by the ISP each time the Device tries to access the Internet If your ISP assigns you a static WAN IP address they should also assign you the subnet mask and DNS server IP address es ATM Asynchronous Transfer Mode ATM is a WAN networking technology that provides high speed data t...

Page 85: ...038 IP addresses The Device can use IPv4 IPv6 dual stack to connect to IPv4 and IPv6 networks and supports IPv6 rapid deployment 6RD IPv6 Addressing The 128 bit IPv6 address is written as eight 16 bit hexadecimal blocks separated by colons This is an example IPv6 address 2001 0db8 1a2b 0015 0000 0000 1a2f 0000 IPv6 addresses can be abbreviated in two ways Leading zeros in a block can be omitted So...

Page 86: ...adband LABEL DESCRIPTION Add new WAN I nterface Click this button to create a new connection This is the index number of the entry Name This is the service name of the connection Type This shows whether it is an ATM PTM or Ethernet connection Mode This shows whether the connection is in routing or bridge mode Encapsulation This is the method of encapsulation used by this connection 802 1p This ind...

Page 87: ...iple computers to share an Internet account The following example screen displays when you select the ADSL over ATM connection type Routing mode and PPPoE encapsulation The screen varies when you select other interface type encapsulation and IPv6 IPv4 mode Figure 20 Routing Mode MLD Proxy This shows whether Multicast Listener Discovery MLD is activated or not for this connection MLD is not availab...

Page 88: ...Encapsulation field EoA Ethernet over ATM uses an Ethernet header in the packet so that you can have multiple services connections over one PVC You can set each connection to have its own MAC address or all connections share one MAC address but use different VLAN I Ds for different services EoA supports ENET ENCAP IPoE PPPoE and RFC1483 2684 bridging encapsulation methods PPPoA PPP over ATM allows...

Page 89: ...rm user domain where domain identifies a service name then enter both components exactly as given PPP Password Enter the password associated with the user name above PPP Auto Connect Select this option if you do not want the connection to time out IDLE Timeout This value specifies the time in minutes that elapses before the router automatically disconnects from the PPPoE server This field is not c...

Page 90: ... Pv6 I Pv4 Mode field I Pv6 Address Select Autom atic if you want to have the Device use the IPv6 prefix from the connected router s Router Advertisement RA to generate an IPv6 address Select the Get I Pv6 Address From DHCPv6 Server checkbox if you want to obtain an IPv6 address from a DHCPv6 server The IP address assigned by a DHCPv6 server has priority over the IP address automatically generated...

Page 91: ... when the Type is set to ADSL VDSL over PTM Active Select this option to add the VLAN tag specified below to the outgoing traffic through this connection 802 1p IEEE 802 1p defines up to 8 separate traffic types by inserting a tag into a MAC layer frame that contains bits to define class of service Select the IEEE 802 1p priority level from 0 to 7 to add to traffic through this connection The grea...

Page 92: ...I f you select Bridge you cannot use routing functions such as QoS Firewall DHCP server and NAT on traffic from the selected LAN port s VLAN This section is available only when you select ADSL VDSL over PTM in the Type field Active Select this to add the VLAN Tag specified below to the outgoing traffic through this connection 802 1p IEEE 802 1p defines up to 8 separate traffic types by inserting a...

Page 93: ...ions such as QoS Firewall DHCP server and NAT on traffic from the selected LAN port s ATM PVC Configuration These fields appear when the Type is set to ADSL over ATM VPI The valid range for the VPI is 0 to 255 Enter the VPI assigned to you VCI The valid range for the VCI is 32 to 65535 0 to 31 is reserved for local management of ATM traffic Enter the VCI assigned to you DSL Link Type This field is...

Page 94: ...elect UBR W ithout PCR or UBR W ith PCR for applications that are non time sensitive such as e mail Select CBR Continuous Bit Rate to specify fixed always on bandwidth for voice or data traffic Select Non Realtim e VBR non real time Variable Bit Rate for connections that do not require closely controlled delay and delay variation Select Realtim e VBR real time Variable Bit Rate for applications wi...

Page 95: ...ou want the Device to ping check the connection status of your WAN You can configure the frequency of the ping check and number of consecutive failures before triggering 3G backup Check Cycle Enter the frequency of the ping check in this field Consecutive Fail Enter how many consecutive failures are required before 3G backup is triggered Ping Default Gateway Select this to have the Device ping the...

Page 96: ...onnection up all the time and specify an idle time out in the Max I dle Tim eout field Max Idle Timeout This value specifies the time in minutes that elapses before the Device automatically disconnects from the ISP Obtain an IP Address Automatically Select this option If your ISP did not assign you a fixed IP address Use the following static I P address Select this option If the ISP assigned a fix...

Page 97: ...monthly budget restart so if you configured the time and data budget counters to reset on the second day of the month and you use this button on the first the time and data budget counters will still reset on the second Actions before over budget Specify the actions the Device takes before the time or data limit exceeds Enable of time budget data budget Mbytes data budget kPackets Select Enable an...

Page 98: ...pply to save your changes back to the Device Cancel Click Cancel to return to the previous configuration Table 11 Network Setting Broadband 3G Backup continued LABEL DESCRIPTION Table 12 Network Setting Network Setting Broadband LABEL DESCRIPTION PTM over ADSL Select Enable to use PTM over ADSL Since PTM has less overhead than ATM some ISPs use PTM over ADSL for better performance Annex M Annex J ...

Page 99: ...e 13 Network Setting Network Setting 8021x LABEL DESCRIPTION This is the index number of the entry Status This field displays whether the authentication is active or not A yellow bulb signifies that this authentication is active A gray bulb signifies that this authentication is not active I nterface This is the interface that uses the authentication This displays N A when there is no interface ass...

Page 100: ...entication Select this to enable the authentication Clear this to disable this authentication without having to delete the entry EAP Identity Enter the EAP identity of the authentication EAP method This is the EAP method used for this authentication Enable Bidirectional Authentication Select this to allow bidirectional authentication Certificate Select the certificate you want to assign to the aut...

Page 101: ...ctionality in a manner similar to dial up services using PPP PPPoE is an IETF standard RFC 2516 specifying how a personal computer PC interacts with a broadband modem DSL cable wireless etc connection For the service provider PPPoE offers an access and authentication method that works with existing access control systems for example RADIUS One of the benefits of PPPoE is the ability to let you acc...

Page 102: ...rier and the subscriber to regulate the average rate and fluctuations of data transmission over an ATM network This agreement helps eliminate congestion which is important for transmission of real time data such as audio and video connections Peak Cell Rate PCR is the maximum rate at which the sender can send cells This parameter may be lower but not higher than the maximum line speed 1 ATM cell i...

Page 103: ...BR RT or non real time VBR nRT connections The VBR RT real time Variable Bit Rate type is used with bursty connections that require closely controlled delay and delay variation It also provides a fixed amount of bandwidth a PCR is specified but is only available when data is being sent An example of an VBR RT connection would be video conferencing Video conferencing requires real time data transfe...

Page 104: ...o a specific broadcast domain Introduction to IEEE 802 1Q Tagged VLAN A tagged VLAN uses an explicit tag VLAN ID in the MAC header to identify the VLAN membership of a frame across bridges they are not confined to the switch on which they were created The VLANs can be created statically by hand or dynamically through GVRP The VLAN ID associates a frame with a specific VLAN and provides the informa...

Page 105: ...DNS to map a domain name to its corresponding IP address and vice versa for instance the IP address of www zyxel com is 204 217 0 2 The DNS server is extremely important because without it you must know the IP address of a computer before you can access it The Device can get the DNS server addresses in the following ways 1 The ISP tells you the DNS server addresses usually in the form of an inform...

Page 106: ...and VMG1312 B Series User s Guide 106 compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means that the first 32 bits 2001 db8 is the subnet prefix ...

Page 107: ...ntication screen to allow or deny wireless clients based on their MAC addresses from connecting to the Device Section 7 4 on page 117 Use the W PS screen to enable or disable WPS view or generate a security PIN Personal Identification Number Section 7 5 on page 118 Use the W MM screen to enable Wi Fi MultiMedia WMM to ensure quality of service in wireless networks for multimedia applications Secti...

Page 108: ...require a license to use However wireless networking is different from that of most traditional radio communications in that there a number of wireless networking standards available with different methods of data encryption Finding Out More See Section 7 10 on page 125 for advanced technical information on wireless networks 7 2 The General Screen Use this screen to enable the Wireless LAN enter t...

Page 109: ...e channel may help Try to use a channel that is as many channels away from any channels used by neighboring APs as possible The channel number which the Device is currently using then displays next to this field more less Click m ore to show more information Click less to hide them Bandwidth Select whether the Device uses a wireless channel width of 2 0 MHz or 4 0 MHz A standard 20MHz channel offe...

Page 110: ...me SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool Client Isolation Select this to keep the wireless clients in this SSID from communicating with each other through the Device MBSSID LAN Isolation Select ...

Page 111: ...on can be broken by an attacker using widely available software It is strongly recommended that you use a more effective security mechanism Use the strongest security mechanism that all the wireless devices in your network support For example use WPA PSK or WPA2 PSK if all your wireless devices support it or use WPA or WPA2 if your wireless devices support it and you have a RADIUS server If your w...

Page 112: ...ill not be configurable when you select this option Password 1 4 The password WEP keys are used to encrypt data Both the Device and the wireless stations must use the same password WEP key for data transmission If you chose 6 4 bit WEP then enter any 5 ASCII characters or 10 hexadecimal characters 0 9 A F If you chose 1 2 8 bit WEP then enter 13 ASCII characters or 26 hexadecimal characters 0 9 A ...

Page 113: ...en Table 18 Wireless General More Secure WPA 2 PSK LABEL DESCRIPTION Security Level Select More Secure to enable WPA 2 PSK data encryption Security Mode Select W PA PSK or W PA2 PSK from the drop down list box Generate password automatically Select this option to have the Device automatically generate a password The password field will not be configurable when you select this option Password The e...

Page 114: ...etw ork Setting W ireless to display the General screen Select More Secure as the security level Then select W PA or W PA2 from the Security Mode list Figure 33 Wireless General More Secure WPA 2 The following table describes the labels in this screen Encryption Select the encryption type AES or TKI P AES for data encryption Select AES if your wireless clients can all use AES Select TKI P AES to a...

Page 115: ...ess to hide them WPA Compatible This field is only available for WPA2 Select this if you want the Device to support WPA and WPA2 simultaneously Encryption Select the encryption type AES or TKI P AES for data encryption Select AES if your wireless clients can all use AES Select TKI P AES to allow the wireless clients to use either TKI P or AES WPA2 Pre Authentication This field is available only wh...

Page 116: ...that this SSID is active A gray bulb signifies that this SSID is not active SSID An SSID profile is the set of parameters relating to one of the Device s BSSs The SSID Service Set IDentifier identifies the Service Set with which a wireless device is associated This field displays the name of the wireless profile on the network When a wireless client scans for an AP to associate with this is the na...

Page 117: ...ireless Network Name SSID The SSID Service Set IDentity identifies the service set with which a wireless device is associated Wireless devices associating to the access point AP must have the same SSID Enter a descriptive name up to 32 English keyboard characters for the wireless LAN Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID t...

Page 118: ...ettings MAC Restrict Mode Define the filter action for the list of MAC addresses in the MAC Address table Select Disable to turn off MAC filtering Select Deny to block access to the Device MAC addresses not listed will be allowed to access the Device Select Allow to permit access to the Device MAC addresses not listed will be denied access to the Device Add new MAC address Click this if you want t...

Page 119: ...onnect Click this button to add another WPS enabled wireless device within wireless range of the Device to your wireless network This button may either be a physical button on the outside of device or a menu button similar to the Connect button on this screen Note You must press the other wireless device s WPS button within two minutes of pressing this button Method 2 Use this section to set up a ...

Page 120: ...ly to save your changes Cancel Click Cancel to restore your previously saved settings Table 23 Network Setting Wireless WPS continued LABEL DESCRIPTION Table 24 Network Setting Wireless WMM LABEL DESCRIPTION WMM Select On to have the Device automatically give a service a priority level according to the ToS value in the IP header of packets it sends WMM QoS Wifi MultiMedia Quality of Service gives ...

Page 121: ...ts Note At the time of writing WDS is compatible with other ZyXEL APs only Not all models support WDS links Check your other AP s documentation Click Netw ork Setting W ireless W DS The following screen displays Figure 39 Network Setting Wireless WDS The following table describes the labels in this screen Table 25 Network Setting Wireless WDS LABEL DESCRIPTION Wireless Bridge Setup AP Mode Select ...

Page 122: ...Click the Edit icon and type the MAC address of the peer device in a valid MAC address format six hexadecimal character pairs for example 12 34 56 78 9a bc Click the Delete icon to remove this entry Scan Click the Scan icon to search and display the available APs within range Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings Table 25 Network Setti...

Page 123: ...cify the interval in minutes for how often the Device scans for the best channel Enter 0 to disable the periodical scan Output Power Set the output power of the Device If there is a high density of APs in an area decrease the output power to reduce interference with other APs Select one of the following 2 0 4 0 6 0 8 0 or 1 0 0 Beacon Interval When a wirelessly networked device sends a beacon it i...

Page 124: ...rate of your Device might be reduced 802 11 Protection Enabling this feature can help prevent collisions in mixed mode networks networks with both IEEE 802 11b and IEEE 802 11g traffic Select Auto to have the wireless devices transmit data after a RTS CTS handshake This helps improve IEEE 802 11g performance Select Off to disable 802 11 protection The transmission rate of your Device might be redu...

Page 125: ...10 Technical Reference This section discusses wireless LANs in depth For more information see Appendix D on page 337 7 10 1 Wireless Network Overview Wireless networks consist of wireless clients access points and bridges A wireless client is a radio connected to a user s computer An access point is a radio with a wired connection to a network which can connect with numerous wireless clients and l...

Page 126: ...s the AP Every wireless network must follow these basic guidelines Every device in the same wireless network must use the same SSID The SSID is the name of the wireless network It stands for Service Set IDentifier If two wireless networks overlap they should use a different channel Like radio stations or television channels each wireless network uses a specific channel or frequency to send and rec...

Page 127: ... the old Wired Equivalent Protocol WEP Using WEP is better than using no security at all but it will not keep a determined attacker out Other security standards are secure in themselves but can be broken if a user does not use them properly For example the WPA PSK security standard is very secure if you use a long key which is difficult for an attacker s software to guess for example a twenty lett...

Page 128: ...e 00A0C5000002 or 00 A0 C5 00 00 02 To get the MAC address for each device in the wireless network see the device s User s Guide or other documentation You can use the MAC address filter to tell the Device which devices are allowed or not allowed to use the wireless network If a device is allowed to use the wireless network it still has to have the correct information SSID channel and security If ...

Page 129: ...commended that wireless networks use W PA PSK W PA or stronger encryption The other types of encryption are better than none at all but it is still possible for unauthorized wireless devices to figure out the original information pretty quickly When you select W PA2 or W PA2 PSK in your Device you can also select an option W PA com patible to support WPA as well In this case if some of the devices...

Page 130: ...mmunicate with each other When Intra BSS traffic blocking is enabled wireless station A and B can still access the wired network but cannot communicate with each other Figure 44 Basic Service set 7 10 6 MBSSID Traditionally you need to use different APs to configure different Basic Service Sets BSSs As well as the cost of buying extra APs there is also the possibility of channel interference The D...

Page 131: ...rt preamble when all wireless devices on the network support it otherwise the Device uses long preamble Note The wireless devices MUST use the same preamble mode in order to communicate 7 10 8 Wireless Distribution System WDS The Device can act as a wireless network bridge and establish WDS Wireless Distribution System links with other APs You need to know the MAC addresses of the APs you want to ...

Page 132: ...or the Device see Section 7 6 on page 120 3 Press the button on one of the devices it doesn t matter which For the Device you must press the WPS button for more than three seconds 4 Within two minutes press the button on the other device The registrar sends the network name SSID and security key through an secure connection to the enrollee If you need to make sure that WPS worked check the list of...

Page 133: ... PIN in the AP s configuration interface 5 If the client device s configuration interface has an area for entering another device s PIN you can either enter the client s PIN in the AP or enter the AP s PIN in the client it does not matter which 6 Start WPS on both devices within two minutes 7 Use the configuration utility to activate WPS not the push button on the device itself 8 On a computer con...

Page 134: ...device acts as the enrollee the device that receives network and security settings The registrar creates a secure EAP Extensible Authentication Protocol tunnel and sends the network name SSID and the WPA PSK or WPA2 PSK pre shared key to the enrollee Whether WPA PSK or WPA2 PSK is used depends on the standards supported by the devices If the registrar is already part of a network it sends the exis...

Page 135: ...that it is not part of an existing network and can act as either enrollee or registrar if it supports both functions If the registrar is unconfigured the security settings it transmits to the enrollee are randomly generated Once a WPS enabled device has connected to another device using WPS it becomes configured A configured wireless client can still act as enrollee or registrar in subsequent WPS ...

Page 136: ...rk You know that Client 1 supports registrar mode but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network In this case AP1 must be the registrar since it is configured it already has security information for the network AP1 supplies the existing security information to Client 2 Figure 49 WPS Example Network...

Page 137: ...two enrollees and one registrar you must set up the first enrollee by pressing the WPS button on the registrar and the first enrollee for example then check that it successfully enrolled then set up the second device in the same way WPS works only with other WPS enabled devices However you can still add non WPS devices to a network you already set up using WPS WPS works by automatically issuing a ...

Page 138: ... if this has happened WPS works between only two devices simultaneously so if another device has enrolled your device will be unable to enroll and will not have access to the network If this happens open the access point s configuration interface and look at the list of associated clients usually displayed by MAC address It does not matter if the access point is the WPS registrar the enrollee or w...

Page 139: ... 8 2 on page 141 Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses Section 8 3 on page 144 Use the UPnP screen to enable UPnP and UPnP NAT traversal on the Device Section 8 4 on page 146 Use the Additional Subnet screen to configure IP alias and public static IP Section 8 5 on page 147 Use the STB Vendor I D screen to have th...

Page 140: ...e you can access it RADVD Router Advertisement Daemon When an IPv6 host sends a Router Solicitation RS request to discover the available routers RADVD with Router Advertisement RA messages in response to the request It specifies the minimum and maximum intervals of RA broadcasts RA messages containing the address prefix IPv6 hosts can be generated with the IPv6 prefix an IPv6 address 8 1 2 2 About...

Page 141: ...chieved UPnP certification from the Universal Plug and Play Forum UPnP Implementers Corp UIC ZyXEL s UPnP implementation supports Internet Gateway Device IGD 1 0 See Section 8 5 on page 147 for examples of installing and using UPnP Finding Out More See Section 8 10 on page 157 for technical background information on LANs 8 1 3 Before You Begin Find out the MAC addresses of your network devices if ...

Page 142: ...ork in dotted decimal notation for example 255 255 255 0 factory default Your Device automatically computes the subnet mask based on the IP Address you enter so do not change this field unless you are instructed to do so I GMP Snooping Status Select the Enable I GMP Snooping checkbox to allows the Device to passively learn multicast group IGMP Mode Select Standard Mode to have the Device forward m...

Page 143: ...ave the Static DNS service DNS Server 1 DNS Server 2 Enter the first and second DNS Domain Name System server IP address the Device passes to the DHCP clients LAN IPv6 Mode Setup I Pv6 State Select Enable to activate the IPv6 mode and configure IPv6 settings on the Device LAN I Pv6 Address Setup Delegate prefix from WAN Select this option to automatically obtain an IPv6 network prefix from the ser...

Page 144: ...er and pass IPv6 addresses DNS server and domain name information to DHCPv6 clients stateful DHCPv6 relay The Device uses IPv6 stateful autoconfiguration DHCPv6 Relay is enabled to have the Device relay client DHCPv6 requests DHCPv6 Configuration DHCPv6 State This shows the status of the DHCPv6 I Pv6 DNS Values I Pv6 DNS Server 1 3 Select From I SP if your ISP dynamically assigns IPv6 DNS server i...

Page 145: ...nected to the Device MAC Address The MAC Media Access Control or Ethernet address on a LAN Local Area Network is unique to your computer six pairs of hexadecimal notation A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory This address follows an industry standard that ensures no other adapter has a similar address I P Address This field dis...

Page 146: ... have the MAC Address and IP Address auto detected MAC Address I f you select Manual I nput enter the MAC address of a computer on your LAN I P Address I f you select Manual I nput enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Tabl...

Page 147: ... install the UPnP in Windows Me 1 Click Start and Control Panel Double click Add Rem ove Program s 2 Click on the W indow s Setup tab and select Com m unication in the Com ponents selection box Click Details Add Remove Programs Windows Setup Communication Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 33 Network Setting Home Networking UPnP cont...

Page 148: ... Components 4 Click OK to go back to the Add Rem ove Program s Properties window and click Next 5 Restart the computer when prompted Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP 1 Click Start and Control Panel 2 Double click Netw ork Connections 3 In the Netw ork Connections window click Advanced in the main menu and select Optional Netw orking Com ponents...

Page 149: ...ional Networking Components Wizard 5 In the Netw orking Services window select the Universal Plug and Play check box Networking Services 6 Click OK to go back to the W indow s Optional Netw orking Com ponent W izard window and click Next 8 6 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP You must already have UPnP installed in Windows XP and UPnP ...

Page 150: ...o discover Your UPnP enabled Network Device 1 Click Start and Control Panel Double click Netw ork Connections An icon displays under Internet Gateway 2 Right click the icon and select Properties Network Connections 3 In the I nternet Connection Properties window click Settings to see the port mappings there were automatically created Internet Connection Properties ...

Page 151: ...s Internet Connection Properties Advanced Settings Internet Connection Properties Advanced Settings Add 5 When the UPnP enabled device is disconnected from your computer all port mappings will be deleted automatically 6 Select Show icon in notification area w hen connected option and click OK An icon displays in the system tray System Tray Icon ...

Page 152: ...tion Status Web Configurator Easy Access With UPnP you can access the web based configurator on the Device without finding out the IP address of the Device first This comes helpful if you do not know the IP address of the Device Follow the steps below to access the web configurator 1 Click Start and then Control Panel 2 Double click Netw ork Connections ...

Page 153: ...rk Places under Other Places Network Connections 4 An icon with the description for each UPnP enabled device displays under Local Netw ork 5 Right click on the icon for your Device and select I nvoke The web configurator login screen displays Network Connections My Network Places ...

Page 154: ...g VMG1312 B Series User s Guide 154 6 Right click on the icon for your Device and select Properties A properties window displays with basic information about the Device Network Connections My Network Places Properties Example ...

Page 155: ...ure 55 Network Setting Home Networking Additional Subnet The following table describes the labels in this screen Table 34 Network Setting Home Networking Additional Subnet LABEL DESCRIPTION IP Alias Setup Group Name Select the interface group name for which you want to configure the IP alias settings See Chapter 13 on page 205 for how to create a new interface group Active Select the checkbox to c...

Page 156: ... Vendor I D to open this screen Figure 56 Network Setting Home Networking STB Vendor ID The following table describes the labels in this screen Offer Public IP by DHCP Select the checkbox to enable the Device to provide public IP addresses by DHCP server Enable ARP Proxy Select the checkbox to enable the ARP Address Resolution Protocol proxy Apply Click Apply to save your changes Cancel Click Canc...

Page 157: ...tags of downstream traffic before sending it out through this LAN port Unchange Don t do anything to the traffic s VLAN ID and priority tags Add Add VLAN ID and priority tags to untagged traffic Rem ove Delete one tag from tagged traffic If the frame has double tags this removes the outer tag This does not affect untagged traffic Rem ark Change the value of the outer VLAN ID and priority tags 802 ...

Page 158: ...computer must be manually configured IP Pool Setup The Device is pre configured with a pool of IP addresses for the DHCP clients DHCP Pool See the product specifications in the appendices Do not assign static IP addresses from the DHCP pool to your LAN computers 8 10 3 DNS Server Addresses DNS Domain Name System maps a domain name to its corresponding IP address and vice versa The DNS server is ex...

Page 159: ...connection is established If this is the case it is recommended that you select a network number from 192 168 0 0 to 192 168 255 0 and you must enable the Network Address Translation NAT feature of the Device The Internet Assigned Number Authority IANA reserved this block of addresses specifically for private use please do not use any other number unless you are told otherwise Let s say you select...

Page 160: ...he Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Note Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Pr...

Page 161: ... routes most traffic from A to the Internet through the Device s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the LAN Figure 59 Example of Routing Topology 9 1 1 What You Can Do in this Chapter Use the Static Route screen to view and s...

Page 162: ...s active A gray bulb signifies that this route is not active Name This is the name that describes or identifies this route Destination IP This parameter specifies the IP network address of the final destination Routing is always based on network number Subnet Mask This parameter specifies the IP network subnet mask of the final destination Gateway This is the IP address of the gateway The gateway ...

Page 163: ...te deactivate this static route Select this to enable the static route Clear this to disable this static route without having to delete the entry Route Name Enter a descriptive name for the static route I P Type Select whether your IP type is I Pv4 or I Pv6 Destination IP Address Enter the IPv4 or IPv6 network address of the final destination IP Subnet Mask If you are using IPv4 and need to specif...

Page 164: ...labels in this screen Table 39 Network Setting Routing Policy Forwarding LABEL DESCRIPTION Add new Policy Forward Rule Click this to create a new policy forwarding rule This is the index number of the entry Policy Name This is the name of the rule Source IP This is the source IP address Source Subnet Mask his is the source subnet mask address Protocol This is the transport layer protocol Source Po...

Page 165: ...dit LABEL DESCRIPTION Policy Name Enter a descriptive name of up to 8 printable English keyboard characters not including spaces Source IP Enter the source IP address Source Subnet Mask Enter the source subnet mask address Protocol Select the transport layer protocol TCP or UDP Source Port Enter the source port number Source MAC Enter the source MAC address WAN Select a WAN interface through which...

Page 166: ...Chapter 9 Routing VMG1312 B Series User s Guide 166 ...

Page 167: ...ackets assigned a high priority are processed more quickly than those with low priority if there is congestion allowing time sensitive applications to flow more smoothly Time sensitive applications include both those that require a low level of latency delay and a low level of jitter variations in delay such as Voice over IP VoIP or Internet gaming and those for which jitter alone is a problem suc...

Page 168: ...ile DiffServ is a new protocol and defines a new DS field which replaces the eight bit ToS Type of Service field in the IP header Tagging and Marking In a QoS class you can configure whether to add or change the DSCP DiffServ Code Point value IEEE 802 1p priority level and VLAN ID number in a matched packet When the packet passes through a compatible network the networking device such as a backbon...

Page 169: ...g algorithms Token Bucket Filter TBF Single Rate Two Color Maker srTCM and Two Rate Two Color Marker trTCM You can specify actions which are performed on the colored packets See Section 10 8 on page 180 for more information on each metering algorithm 10 3 The Quality of Service General Screen Click Netw ork Setting QoS General to open the screen as shown next Use this screen to enable or disable Q...

Page 170: ...m bandwidth for the LAN interfaces including WLAN that you want to allocate using QoS The recommendation is to set this speed to match the WAN interfaces actual transmission speed For example set the LAN managed downstream bandwidth to 100000 kbps if you use a 100 Mbps wired Ethernet WAN connection You can also set this number lower than the WAN interfaces actual transmission speed This will cause...

Page 171: ...this queue is not active Name This shows the descriptive name of this queue I nterface This shows the name of the Device s interface through which traffic in this queue passes Priority This shows the priority of this queue Weight This shows the weight of this queue Buffer Management This shows the queue management algorithm used for this queue Queue management algorithms determine how the Device s...

Page 172: ...field is read only if you are editing the queue Priority Select the priority level from 1 to 7 of this queue The smaller the number the higher the priority level Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if the network is congested Weight Select the weight from 1 to 8 of this queue If two queues have the same priority level the...

Page 173: ... whether the classifier is active or not A yellow bulb signifies that this classifier is active A gray bulb signifies that this classifier is not active Class Name This is the name of the classifier Classification Criteria This shows criteria specified in this classifier for example the interface from which traffic of this class should come and the source MAC address of traffic that matches this c...

Page 174: ...f Service QoS VMG1312 B Series User s Guide 174 10 5 1 Add Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to a classifier to open the following screen Figure 68 Class Setup Add Edit ...

Page 175: ... Mask Type the mask for the specified MAC address to determine which bits a packet s MAC address should match Enter f for each bit of the specified source MAC address that the traffic s MAC address should match Enter 0 for the bit s of the matched traffic s MAC address which can be of any hexadecimal character s For example if you set the MAC address to 00 13 49 00 00 00 and the mask to ff ff ff 0...

Page 176: ...the Ether Type field Select this option and select a priority level between 0 and 7 from the drop down list box 0 is the lowest priority level and 7 is the highest VLAN ID This field is available only when you select 8 0 2 1 Q in the Ether Type field Select this option and specify a VLAN ID number TCP ACK This field is available only when you select I P in the Ether Type field If you select this o...

Page 177: ...LABEL DESCRIPTION Add new Policer Click this to create a new entry This is the index number of the entry Status This field displays whether the policer is active or not A yellow bulb signifies that this policer is active A gray bulb signifies that this policer is not active Name This field displays the descriptive name of this policer Regulated Classes This field displays the name of a QoS classif...

Page 178: ...d on the token bucket filter and identifies packets by comparing them to the Committed Information Rate CIR and the Peak Information Rate PIR Committed Rate Specify the committed rate When the incoming traffic rate of the member QoS classes is less than the committed rate the device applies the conforming action to the traffic Committed Burst Size Specify the committed burst size for packet bursts...

Page 179: ...ave your changes Cancel Click Cancel to exit this screen without saving Table 47 Policer Setup Add Edit LABEL DESCRIPTION Table 48 Network Setting QoS Monitor LABEL DESCRIPTION Refresh Interval Enter how often you want the Device to update this screen Select No Refresh to stop refreshing statistics I nterface Monitor This is the index number of the entry Name This shows the name of the interface o...

Page 180: ... allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going DSCP and Per Hop Behavior DiffServ defines a new Differentiated Services ...

Page 181: ...the IP header There are eight classes of services ranging from zero to seven in IP precedence Zero is the lowest priority level and seven is the highest Automatic Priority Queue Assignment If you enable QoS on the Device the Device can automatically base on the IEEE 802 1p priority level IP precedence and or packet length to assign priority to traffic which does not match a class The following tab...

Page 182: ...tokens are available in the bucket In traffic policing Drops it Transmits it but adds a DSCP mark The Device may drop these marked packets if the network is overloaded Configure the bucket size to be equal to or less than the amount of the bandwidth that the interface can support It does not help if you set it to a bucket size over the interface s capability The smaller the bucket size the lower t...

Page 183: ...fined in RFC 2698 is a type of traffic policing that identifies packets by comparing them to two user defined rates the Committed Information Rate CIR and the Peak Information Rate PIR The CIR specifies the average rate at which packets are admitted to the network The PIR is greater than or equal to the CIR CIR and PIR values are based on the guaranteed and maximum bandwidth respectively as negoti...

Page 184: ...Chapter 10 Quality of Service QoS VMG1312 B Series User s Guide 184 ...

Page 185: ... to configure a default server Section 11 5 on page 193 Use the ALG screen to enable and disable the NAT and SIP VoIP ALG in the Device Section 11 6 on page 194 Use the Address Mapping screen to configure the Device s address mapping settings Section 11 7 on page 194 11 1 2 What You Need To Know Inside Outside Inside outside denotes where a host is located relative to the Device for example the co...

Page 186: ...d server The port number identifies a service for example web service is on port 80 and FTP on port 21 In some cases such as for unknown services or where one server can support more than one service for example both FTP and web service it might be better to specify a range of port numbers You can allocate a server IP address that corresponds to a port or a range of ports The most often used port ...

Page 187: ...mber of the entry Status This field displays whether the NAT rule is active or not A yellow bulb signifies that this rule is active A gray bulb signifies that this rule is not active Service Name This shows the service s name WAN Interface This shows the WAN interface through which the service is forwarded WAN IP This field displays the incoming packet s destination IP address Server IP Address Th...

Page 188: ... Port Forwarding Add Edit LABEL DESCRIPTION Active Clear the checkbox to disable the rule Select the check box to enable it Service Name Enter a name to identify this rule using keyboard characters A Z a z 1 2 and so on WAN Interface Select the WAN interface through which the service is forwarded You must have already configured a WAN connection with NAT enabled WAN IP Enter the WAN IP address for...

Page 189: ...shows the port number to which you want the Device to translate the incoming port For a range of ports enter the first number of the range to which you want the incoming ports translated Translation End Port This shows the last port of the translated port range Server IP Address Enter the inside IP address of the virtual server here Protocol Select the protocol supported by this virtual server Cho...

Page 190: ...vice records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol a trigger port When the Device s WAN port receives a response with a specific port number and protocol open port the Device forwards the traffic to the LAN IP address of the computer that sent the request After that computer s connection for that service closes ...

Page 191: ...se this screen to view your Device s trigger port settings Figure 78 Network Setting NAT Port Triggering The following table describes the labels in this screen Table 55 Network Setting NAT Port Triggering LABEL DESCRIPTION Add new rule Click this to create a new rule This is the index number of the entry Status This field displays whether the port triggering rule is active or not A yellow bulb si...

Page 192: ...n Proto This is the open transport layer protocol Modify Click the Edit icon to edit this rule Click the Delete icon to delete an existing rule Table 55 Network Setting NAT Port Triggering continued LABEL DESCRIPTION Table 56 Port Triggering Configuration Add Edit LABEL DESCRIPTION Active Select the check box to enable this rule Service Name Enter a name to identify this rule using keyboard charac...

Page 193: ... number or the starting port number in a range of port numbers Open End Port Type a port number or the ending port number in a range of port numbers Open Protocol Select the transport layer protocol from TCP UDP or TCP UDP OK Click OK to save your changes Cancel Click Cancel to exit this screen without saving Table 56 Port Triggering Configuration Add Edit continued LABEL DESCRIPTION Table 57 Netw...

Page 194: ... Network Setting NAT ALG The following table describes the fields in this screen 11 7 The Address Mapping Screen Ordering your rules is important because the Device applies the rules in the order that you specify When a rule matches the current packet the Device takes the corresponding action and the remaining rules are ignored Click Netw ork Setting NAT Address Mapping to display the following sc...

Page 195: ...s Global Start IP This is the starting Inside Global IP Address IGA Enter 0 0 0 0 here if you have a dynamic IP address from your ISP You can only do this for the Many to One mapping type Global End IP This is the ending Inside Global IP Address IGA This field is blank for One to One and Many to One mapping types Type This is the address mapping type One to One This mode maps one local IP address ...

Page 196: ... do not change for the One to one NAT mapping type Many to One This mode maps multiple local IP addresses to one global IP address This is equivalent to SUA i e PAT port address translation the Device s Single User Account feature that previous routers supported only Many to Many This mode maps multiple local IP addresses to shared global IP addresses Local Start IP Enter the starting Inside Local...

Page 197: ...the inside local address before forwarding it to the original inside host Note that the IP address either local or global of an outside host is never changed The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP In addition you can designate servers for example a web server and a telnet server on your local network and make them accessible to the outs...

Page 198: ...quired for communication with hosts on other networks It replaces the original IP source address and TCP or UDP source port numbers for Many to One and Many to Many Overload NAT mapping in each packet and then forwards it to the Internet The Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored The following figure illustrat...

Page 199: ...mbers are shown in the following table Please refer to RFC 1700 for further information about port numbers Please also refer to the Supporting CD for more examples and details on port forwarding and NAT Table 62 Services and Port Numbers SERVICES PORT NUMBER ECHO 7 FTP File Transfer Protocol 21 SMTP Simple Mail Transfer Protocol 25 DNS Domain Name System 53 Finger 79 HTTP Hyper Text Transfer proto...

Page 200: ...e port 80 to another B in the example and assign a default server IP address of 192 168 1 35 to a third C in the example You assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 86 Multiple Servers Behind NAT Example D 192 168 1 36 192 168 1 1 IP address assigned by ISP A 192 168 1 33 B 192 168 1 34 C 192 168 1 35 ...

Page 201: ...outing table Dynamic DNS Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you in NetMeeting CU SeeMe etc You can also access your FTP server or Web site on your own computer using a domain name for instance myhost dhs org where myhost is a name of your choice that will never change instead of using an IP address that ...

Page 202: ...Dynamic DNS 12 2 The DNS Entry Screen Use this screen to view and configure DNS routes on the Device Click Netw ork Setting DNS to open the DNS Entry screen Figure 87 Network Setting DNS DNS Entry The following table describes the fields in this screen Table 63 Network Setting DNS DNS Entry LABEL DESCRIPTION Add new DNS entry Click this to create a new DNS entry This is the index number of the ent...

Page 203: ... 88 DNS Entry Add Edit The following table describes the labels in this screen 12 3 The Dynamic DNS Screen Use this screen to change your Device s DDNS Click Netw ork Setting DNS Dynam ic DNS The screen appears as shown Figure 89 Network Setting DNS Dynamic DNS Table 64 DNS Entry Add Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry I P Address Enter the IP address of the DNS e...

Page 204: ...he domain name assigned to your Device by your Dynamic DNS provider You can specify up to two host names in the field separated by a comma Username Type your user name Password Type the password assigned to you Email If you select TZO in the Service Provider field enter the user name you used to register for this service Key If you select TZO in the Service Provider field enter the password you us...

Page 205: ...u create multiple networks on the Device Section 13 2 on page 205 13 2 The Interface Group Screen You can manually add a LAN interface to a new group Alternatively you can have the Device automatically add the incoming traffic and the LAN interface on which traffic is received to an interface group when its DHCP Vendor ID option information matches one listed for the interface group Use the LAN sc...

Page 206: ...guration Click the Add New I nterface Group button in the I nterface Group screen to open the following screen Use this screen to create a new interface group Table 66 Network Setting Interface Group LABEL DESCRIPTION Add New I nterface Group Click this button to create a new interface group Group Name This shows the descriptive name of the group WAN Interface This shows the WAN interfaces in the ...

Page 207: ...I nterfaces Available LAN I nterfaces Select one or more LAN interfaces Ethernet LAN HPNA or wireless LAN in the Available LAN I nterfaces list and use the left arrow to move them to the Grouped LAN I nterfaces list to add the interfaces to this group To remove a LAN or wireless LAN interface from the Grouped LAN I nterfaces use the right facing arrow Automatically Add Clients With the following D...

Page 208: ...ble 67 Interface Group Configuration continued LABEL DESCRIPTION Table 68 Interface Grouping Criteria LABEL DESCRIPTION Source MAC Address Enter the source MAC address of the packet DHCP Option 60 Select this option and enter the Vendor Class Identifier Option 60 of the matched traffic such as the type of the hardware or firmware Enable wildcard on DHCP option 60 option Select this option to be ab...

Page 209: ...entifies the device in the DUID field DHCP Option 125 Select this and enter vendor specific information of the matched traffic Enterprise Number Enter the vendor s 32 bit enterprise number registered with the IANA I nternet Assigned Numbers Authority Manufactur er OUI Specify the vendor s OUI Organization Unique Identifier I t is usually the first three bytes of the MAC address Product Class Enter...

Page 210: ...Chapter 13 Interface Group VMG1312 B Series User s Guide 210 ...

Page 211: ...t are connected on a network and share resources such as a printer or files Windows automatically assigns the workgroup name when you set up a network Shares When settings are set to default each USB device connected to the Device is given a folder called a share If a USB hard drive connected to the Device has more than one partition then each partition will be allocated a share You can also confi...

Page 212: ...rotocol is a set of communications protocols that most of the Internet runs on Port A port maps a network service such as http to a process running on your computer such as a process run by your web browser When traffic from the Internet is received on your computer the port number is used to identify which process running on your computer it is intended for Supported OSs Your operating system mus...

Page 213: ...ure the Device is connected to your network and turned on 1 Connect the USB device to one of the Device s USB port Make sure the Device is connected to your network 2 The Device detects the USB device and makes its contents available for browsing If you are connecting a USB hard drive that comes with an external power supply make sure it is connected to an appropriate power source that is on Note ...

Page 214: ...h all shares for everyone to play media files in the USB storage device connected to the Device Use hardware based media clients like the DMA 2500 to play the files Note Anyone on your network can play the media files in the published shares No user name and password or other form of security is used The media server is enabled by default with the video photo and music shares published To change y...

Page 215: ...alled on your computer See Section 4 11 on page 60 for instructions on adding a printer on your computer The computers on your network must have the printer software already installed before they can create a TCP IP port for printing via the network Follow your printer manufacturers instructions on how to install the printer software on your computer Note Your printer s installation instructions m...

Page 216: ...ing table describes the labels in this menu Table 71 Network Setting USB Service Print Server LABEL DESCRIPTION Printer Server Select Enable to have the Device share a USB printer Printer Name Enter the name of the printer Make and model Enter the manufacturer and model number of the printer Apply Click Apply to save your changes Cancel Click Cancel to restore your previously saved settings ...

Page 217: ...nitiate an IM Instant Messaging session from the LAN to the WAN 1 Return traffic for this session is also allowed 2 However other traffic initiated from the WAN is blocked 3 and 4 Figure 99 Default Firewall Action 15 1 1 What You Can Do in this Chapter Use the General screen to configure the security level of the firewall on the Device Section 15 2 on page 219 Use the Service screen to add or remo...

Page 218: ...k resources The ZyXEL Device is pre configured to automatically detect and thwart all known DoS attacks DDoS A DDoS attack is one in which multiple compromised systems attack a single target thereby causing denial of service for users of the targeted system LAND Attack In a LAND attack hackers flood SYN packets into the network with a spoofed source IP address of the target system This makes it ap...

Page 219: ...ervices and port numbers in the Service screen For a comprehensive list of port numbers and services visit the IANA Internet Assigned Number Authority website See Appendix F on page 359 for some examples Table 72 Security Firewall General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the Device Easy Select Easy to allow LAN to WAN and WAN to LAN packet directions Med...

Page 220: ...ule in the Service screen to display the following screen Figure 102 Service Add Edit Table 73 Security Firewall Service LABEL DESCRIPTION Add new service entry Click this to add a new service Name This is the name of your customized service Description This is the description of your customized service Ports Protocol Number This shows the IP protocol TCP UDP I CMP or TCP UDP and the port number o...

Page 221: ...ice If you select Any the service is applied to all ports Type a single port number or the range of port numbers that define your customized service Protocol Number This field is displayed if you select Other as the protocol Enter the protocol number of your customized port Add Click this to add the protocol to the Rule List below Rule List Protocol This is the I P port TCP UDP I CMP or Other that...

Page 222: ...ce IP addresses to which this rule applies Please note that a blank source address is equivalent to Any Dst IP This displays the destination IP addresses to which this rule applies Please note that a blank destination address is equivalent to Any Service This displays the transport layer protocol that defines the service and the direction of traffic to which this rule applies Action This field dis...

Page 223: ...s not including spaces underscores and dashes You must enter the filter name to add an ACL rule This field is read only if you are editing the ACL rule Order Select the order of the ACL rule Select Source Device Select the source device to which the ACL rule applies If you select Specific I P Address enter the source IP address in the field below Source IP Address Enter the source IP address Selec...

Page 224: ...t This field is displayed only when you select Specific Protocol in Select Protocol Enter a single port number or the range of port numbers of the source Custom Destination Port This field is displayed only when you select Specific Protocol in Select Protocol Enter a single port number or the range of port numbers of the destination Policy Use the drop down list box to select whether to discard DR...

Page 225: ...n this screen Table 77 Security Firewall DoS LABEL DESCRIPTION DoS Protection Blocking Select Enable to enable protection against DoS attacks Deny Ping Response Select Enable to block ping request packets Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving ...

Page 226: ...Chapter 15 Firewall VMG1312 B Series User s Guide 226 ...

Page 227: ...rnet device has a unique MAC Media Access Control address The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters for example 00 A0 C5 00 00 02 You need to know the MAC addresses of the devices to configure this screen 16 2 The MAC Filter Screen Use this screen to allow wireless and LAN clients access to the Device Click Security MAC Filter The screen appears...

Page 228: ...d will be denied access to the Device If you clear this the MAC Address field for this set clears Host name Enter the host name of the wireless or LAN clients that are allowed access to the Device MAC Address Enter the MAC addresses of the wireless or LAN clients that are allowed access to the Device in these address fields Enter the MAC addresses in a valid MAC address format that is six hexadeci...

Page 229: ...ng screen Figure 107 Security Parental Control The following table describes the fields in this screen Table 79 Security Parental Control LABEL DESCRIPTION Parental Control Select Enable to activate parental control Add new PCP Click this if you want to configure a new parental control rule This shows the index number of the rule Status This indicates whether the rule is active or not A yellow bul...

Page 230: ...Parental Control Rule Add Edit I nternet Access Schedule This shows the day s and time on which parental control is enabled Network Service This shows whether the network service is configured If not None will be shown Website Block This shows whether the website block is configured If not None will be shown Modify Click the Edit icon to go to the screen where you can edit the rule Click the Delet...

Page 231: ...etting If you select Block the Device prohibits the users from viewing the Web sites with the URLs listed below If you select Allow the Device blocks access to all URLs except ones listed below Add new service Click this to show a screen in which you can add a new service rule You can configure the Service Nam e Protocol and Nam e of the new rule This shows the index number of the rule Select the ...

Page 232: ...Chapter 17 Parental Control VMG1312 B Series User s Guide 232 ...

Page 233: ...creen Figure 109 Security Scheduler Rules The following table describes the fields in this screen Table 81 Security Scheduler Rules LABEL DESCRIPTION Add new rule Click this to create a new rule This is the index number of the entry Rule Name This shows the name of the rule Day This shows the day s on which this rule is enabled Time This shows the period of time on which this rule is enabled Descr...

Page 234: ...table describes the fields in this screen Table 82 Scheduler Rules Add Edit LABEL DESCRIPTION Rule Name Enter a name up to 31 printable English keyboard characters not including spaces for this schedule Day Select check boxes for the days that you want the Device to perform this scheduler rule Time if Day Range Enter the time period of each day in 24 hour format during which parental control will ...

Page 235: ...u save the certificates of trusted CAs to the Device Section 19 4 on page 239 19 2 What You Need to Know The following terms and concepts may help as you read through this chapter Certification Authority A Certification Authority CA issues certificates and guarantees the identity of each certificate owner There are commercial certification authorities like CyberTrust or VeriSign and government cer...

Page 236: ...nded that you give each certificate a unique name Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Issuer This field displays identifying information about the certificate s issuing certification...

Page 237: ... identify this certificate Common Name Select Auto to have the Device configure this field automatically Or select Custom ize to enter it manually Type the IP address in dotted decimal notation domain name or e mail address in the field provided The domain name or e mail address can be up to 63 ASCII characters The domain name or e mail address is for identification purposes only and can be any st...

Page 238: ... you create a certificate request and have it signed by a Certificate Authority in the Local Certificates screen click the certificate request s Load Signed icon to import the signed certificate into the Device Note You must remove any spaces from the certificate s filename before you can import it Figure 114 Load Signed Certificate ...

Page 239: ... Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 86 Security Certificates Trusted CA LABEL DESCRIPTION I mport Certificate Click this button to open a screen where you can save the certificate of a certification authority that you trust to the Device This is the index number of the entry Name This field displays the name used to identify this certifica...

Page 240: ...ut the certificate ca means that a Certification Authority signed the certificate Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C Certificate This read only text box displays the certificate in Privacy Enhanced Mail PEM format PEM uses base 64 to convert the binary certificate into a pri...

Page 241: ... Table 88 Trusted CA Import Certificate LABEL DESCRIPTION Certificate File Path Type in the location of the certificate you want to upload in this field or click Brow se to find it Enable Trusted CA for 802 1x Authentication If you select this checkbox the trusted CA will be used for 802 1x authentication The selected trusted CA will be displayed in the Netw ork Setting Broadband 8 0 2 1 x Edit sc...

Page 242: ...Chapter 19 Certificates VMG1312 B Series User s Guide 242 ...

Page 243: ... consist of both logs and alerts You may differentiate them by their color in the View Log screen Alerts display in red and logs display in black Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages A syslog enabled device can generate a syslog message and send it to a syslog server Syslog is d...

Page 244: ...ty level you have selected When you select a severity the Device searches through all logs of that severity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintenance...

Page 245: ...ugh all logs of that severity or higher Category Select the type of logs to display Clear Log Click this to delete all the logs Refresh Click this to renew the log screen Export Log Click this to export the selected log s Email Log Now Click this to send the log file s to the E mail address you specify in the Maintenance Logs Setting screen This field is a sequential value and is not associated wi...

Page 246: ...Chapter 20 Log VMG1312 B Series User s Guide 246 ...

Page 247: ...u Can Do in this Chapter Use the W AN screen to view the WAN traffic statistics Section 21 2 on page 247 Use the LAN screen to view the LAN traffic statistics Section 21 3 on page 249 21 2 The WAN Status Screen Click System Monitor Traffic Status to open the W AN screen The figure in this screen shows the number of bytes received and sent on the Device Figure 120 System Monitor Traffic Status WAN ...

Page 248: ... indicates the number of frames with errors received on this interface Drop This indicates the number of received packets dropped on this interface more hide more Click m ore to show more information Click hide m ore to hide them Disabled I nterface This shows the name of the WAN interface that is currently disconnected Packets Sent Data This indicates the number of transmitted packets on this int...

Page 249: ...or WLAN interface Bytes Sent This indicates the number of bytes transmitted on this interface more hide more Click m ore to show more information Click hide m ore to hide them I nterface This shows the LAN or WLAN interface Sent Packets Data This indicates the number of transmitted packets on this interface Error This indicates the number of frames with errors transmitted on this interface Drop Th...

Page 250: ...Chapter 21 Traffic Status VMG1312 B Series User s Guide 250 ...

Page 251: ...ts own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the device puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast address The replying device which is either the IP address of the device being sought or the router that knows the way replaces the broadcast address with the target...

Page 252: ...C Address This is the MAC address of the device with the listed IP address Device This is the type of interface used by the device You can click on the device type to go to its configuration screen Table 94 System Monitor ARP Table continued LABEL DESCRIPTION ...

Page 253: ...ateway that helps forward this route s traffic Subnet Mask This indicates the destination subnet mask of this route Flag This indicates the route status U Up The route is up Reject The route is blocked and will force a route lookup to fail G Gatew ay The route uses a gateway to forward traffic H Host The target of the route is a host R Reinstate The route is reinstated for dynamic routing D Dynam ...

Page 254: ...o forward the route I nterface This indicates the name of the interface through which the route is forwarded br0 indicates the LAN interface ptm 0 indicates the WAN interface using IPoE or in bridge mode ppp0 indicates the WAN interface using PPPoE Table 95 System Monitor Routing Table continued LABEL DESCRIPTION ...

Page 255: ...96 System Monitor IGMP Group Status LABEL DESCRIPTION I nterface This field displays the name of an interface on the Device that belongs to an IGMP multicast group Multicast Group This field displays the name of the IGMP multicast group to which the interface belongs Filter Mode I NCLUDE means that only the IP addresses in the Source List get to receive the multicast group s traffic EXCLUDE means ...

Page 256: ...Chapter 24 IGMP Status VMG1312 B Series User s Guide 256 ...

Page 257: ... Guide 257 CHAPTER 25 xDSL Statistics 25 1 The xDSL Statistics Screen Use this screen to view detailed DSL statistics Click System Monitor xDSL Statistics to open the following screen Figure 125 System Monitor xDSL Statistics ...

Page 258: ... This is the upstream and downstream interleave delay It is the wait in milliseconds that determines the size of a single block of data to be interleaved assembled and then transmitted Interleave delay is used when transmission error correction Reed Solomon is necessary due to a less than ideal telephone line The bigger the delay the bigger the data block size allowing better error correction to b...

Page 259: ...edundancy Checks ES This is the number of Errored Seconds meaning the number of seconds containing at least one errored block or at least one defect SES This is the number of Severely Errored Seconds meaning the number of seconds containing 30 or more errored blocks or at least one defect This is a subset of ES UAS This is the number of UnAvailable Seconds LOS This is the number of Loss Of Signal ...

Page 260: ...Chapter 25 xDSL Statistics VMG1312 B Series User s Guide 260 ...

Page 261: ...t LABEL DESCRIPTION User Name This field displays the name of the account that you used to log in the system Old Password Type the default password or the existing password you use to access the system in this field New Password Type your new system password up to 30 characters Note that as you type a password the screen displays a for each character you type After you change the password use the ...

Page 262: ...Chapter 26 User Account VMG1312 B Series User s Guide 262 ...

Page 263: ...ocation through the following interfaces LAN WAN Trust Domain Note The Device is managed using the Web Configurator 27 2 The Remote MGMT Screen Use this screen to configure through which interface s users can use which service s to manage the Device Click Maintenance Rem ote MGMT to open the following screen Figure 127 Maintenance Remote MGMT ...

Page 264: ...heck box for the corresponding services that you want to allow access to the Device from the WAN Trust Domain Select the Enable check box for the corresponding services that you want to allow access to the Device from the Trust Domain Port You may change the server port number for a service if needed however you must use the same port number in order to use that service for remote management Certi...

Page 265: ...ocedure Calls RPCs between an ACS and a client device RPCs are sent in Extensible Markup Language XML format over HTTP or HTTPS An administrator can use an ACS to remotely set up the Device modify settings perform firmware upgrades as well as monitor and diagnose the Device You have to enable the device to be managed by the ACS and specify the ACS IP address or domain name and username and passwor...

Page 266: ...he pre configured WAN connection s Display SOAP messages on serial console Select Enable to show the SOAP messages on the console Connection Request Authentication Select this option to enable authentication when there is a connection request from the ACS Connection Request User Name Enter the connection request user name When the ACS makes a connection request to the Device this user name is used...

Page 267: ...R 064 compliant CPE management application on their computers from the LAN to discover the CPE and configure user specific parameters such as the username and password Click Maintenance TR 0 6 4 to open the following screen Figure 129 Maintenance TR 064 The following table describes the fields in this screen Table 101 Maintenance TR 064 LABEL DESCRIPTION State Select Enable to activate management ...

Page 268: ...Chapter 29 TR 064 VMG1312 B Series User s Guide 268 ...

Page 269: ...lated settings such as system time password name the domain name and the inactivity timeout interval 30 2 The Time Screen To change your Device s time and date click Maintenance Tim e The screen appears as shown Use this screen to configure the Device s time based on your local time zone Figure 130 Maintenance Time Setting ...

Page 270: ... the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States set the day to Second Sunday the month to March and the time to 2 in the Hour field Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Tim...

Page 271: ... 30 Time Settings VMG1312 B Series User s Guide 271 Apply Click Apply to save your changes Cancel Click Cancel to exit this screen without saving Table 102 Maintenance Time Setting continued LABEL DESCRIPTION ...

Page 272: ...Chapter 30 Time Settings VMG1312 B Series User s Guide 272 ...

Page 273: ...remove and add mail server information on the Device Figure 131 Maintenance Email Notification The following table describes the labels in this screen Table 103 Maintenance Email Notification LABEL DESCRIPTION Add New Email Click this button to create a new entry Mail Server Address This field displays the server name or the IP address of the mail server Username This field displays the user name ...

Page 274: ...d If this field is left blank reports logs or notifications will not be sent via e mail Authentication Username Enter the user name up to 32 characters This is usually the user name of a mail account you specified in the Account Em ail Address field Authentication Password Enter the password associated with the user name above Account Email Address Enter the e mail address that you want to be in t...

Page 275: ...onfigure where the Device sends logs and which logs and or immediate alerts the Device records in the Logs Setting screen 32 2 The Log Settings Screen To change your Device s log settings click Maintenance Logs Setting The screen appears as shown Figure 133 Maintenance Logs Setting ...

Page 276: ...sent via E mail System Log Mail Subject Type a title that you want to be in the subject line of the system log e mail message that the Device sends Security Log Mail Subject Type a title that you want to be in the subject line of the security log e mail message that the Device sends Send Log to The Device sends logs to the e mail address specified in this field If this field is left blank the Devi...

Page 277: ...rom 192 168 1 131 To 192 168 1 255 default policy forward 09 54 17 UDP src port 00520 dest port 00520 1 00 3 Apr 7 00 From 192 168 1 6 To 10 10 10 10 match forward 09 54 19 UDP src port 03516 dest port 00053 1 01 snip snip 126 Apr 7 00 From 192 168 1 1 To 192 168 1 255 match forward 10 05 00 UDP src port 00520 dest port 00520 1 02 127 Apr 7 00 From 192 168 1 131 To 192 168 1 255 match forward 10 0...

Page 278: ...Chapter 32 Logs Setting VMG1312 B Series User s Guide 278 ...

Page 279: ...tocol and may take up to two minutes After a successful upload the system will reboot Do NOT turn off the Device while firmware upload is in progress Figure 135 Maintenance Firmware Upgrade The following table describes the labels in this screen Table 106 Maintenance Firmware Upgrade LABEL DESCRIPTION Current Firmware Version This is the present Firmware version and the date created File Path Type...

Page 280: ...ly restarts in this time causing a temporary network disconnect In some operating systems you may see the following icon on your desktop Figure 137 Network Temporarily Disconnected After two minutes log in again and check your new firmware version in the Status screen If the upload was not successful the following screen will appear Click OK to go back to the Firm w are Upgrade screen Figure 138 E...

Page 281: ...oring configuration appears in this screen as shown next Figure 139 Maintenance Configuration Backup Configuration Backup Configuration allows you to back up save the Device s current configuration to a file on your computer Once your Device is configured and functioning properly it is highly recommended that you back up your configuration file before making configuration changes The backup config...

Page 282: ... Temporarily Disconnected If you uploaded the default configuration file you may need to change the IP address of your computer to be in the same subnet as that of the default device IP address 192 168 1 1 See Appendix A on page 297 for details on how to set up your computer s IP address If the upload was not successful the following screen will appear Click OK to go back to the Configuration scre...

Page 283: ...n Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your Device Refer to Section 1 6 on page 21 for more information on the RESET button 34 3 The Reboot Screen System restart allows you to reboot the Device remotely without turning the power off You may need to do this if the Device hangs for example Click Maintenance Reboot Click Reboot to have...

Page 284: ... OAM Ping Test screen lets you send an ATM OAM Operation Administration and Maintenance packet to verify the connectivity of a specific PVC Section 35 5 on page 287 35 2 What You Need to Know The following terms and concepts may help as you read through this chapter How CFM Works A Maintenance Association MA defines a VLAN and associated Maintenance End Point MEP ports on the device under a Mainte...

Page 285: ...es the fields in this screen Table 108 Maintenance Diagnostic Ping TraceRoute NsLookup LABEL DESCRIPTION URL or IP Address Type the IP address of a computer that you want to perform ping traceroute or nslookup in order to test a connection Ping Click this to ping the IP address that you entered TraceRoute Click this button to perform the traceroute function This determines the path a packet takes ...

Page 286: ... Device performs a CFM loopback test 802 1Q VLAN I D Type a VLAN I D 0 4095 for this MA VDSL Traffic Type This shows whether the VDSL traffic is activated Loopback Message LBM This shows how many Loop Back Messages LBMs are sent and if there is any inorder or outorder Loop Back Response LBR received from a remote MEP Linktrace Message LTM This shows the destination MAC address in the Link Trace Re...

Page 287: ...irtual channel VC level F4 cells use the same VPI as the user data cells on VP connections but use different predefined VCI values F5 cells use the same VPI and VCI as the user data cells on the VC connections and are distinguished from data cells by a predefinded Payload Type Identifier PTI in the cell header Both F4 flows and F5 flows are bidirectional and have two types segment F4 flows VCI 3 e...

Page 288: ...he fields in this screen Table 110 Maintenance Diagnostic OAM Ping Test LABEL DESCRIPTION Select a PVC on which you want to perform the loopback test F4 segment Press this to perform an OAM F4 segment loopback test F4 end end Press this to perform an OAM F4 end to end loopback test F5 segment Press this to perform an OAM F5 segment loopback test F5 end end Press this to perform an OAM F5 end to en...

Page 289: ...urn on 1 Make sure the Device is turned on 2 Make sure you are using the power adaptor or cord included with the Device 3 Make sure the power adaptor or cord is connected to the Device and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the Device off and on 5 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sur...

Page 290: ...tion 1 6 on page 21 I forgot the password 1 The default admin password is 1 2 3 4 2 If this does not work you have to reset the device to its factory defaults See Section 1 6 on page 21 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address Section 8 2 on page 141 use the n...

Page 291: ...I cannot log in to the Device 1 Make sure you have entered the password correctly The default admin password is 1 2 3 4 The field is case sensitive so make sure Caps Lock is not on 2 You cannot log in to the web configurator while someone is using Telnet to access the Device Log out of the Device in the other session or ask the person who is logged in to log out 3 Turn the Device off and on 4 If t...

Page 292: ...ave the DSL W AN port connected to a telephone jack or the DSL or modem jack on a splitter if you have one 2 Make sure you configured a proper DSL WAN interface Netw ork Setting Broadband screen with the Internet account information provided by your ISP and that it is enabled 3 Check that the LAN interface you are connected to is in the same interface group as the DSL connection Netw ork Setting I...

Page 293: ...he signal strength is low Reduce wireless interference that may be caused by other wireless networks or surrounding wireless electronics such as cordless phones Place the AP where there are minimum obstacles such as walls and ceilings between the AP and the wireless client Reduce the number of wireless clients connecting to the same AP simultaneously or add additional APs if necessary Try closing ...

Page 294: ... is mostly used in business networks W EP Wired Equivalent Privacy WEP encryption scrambles the data transmitted between the wireless stations and the access points to keep network communications private 36 5 USB Device Connection The Device fails to detect my USB device 1 Disconnect the USB device 2 Reboot the Device 3 If you are connecting a USB hard drive that comes with an external power suppl...

Page 295: ...roubleshooting VMG1312 B Series User s Guide 295 I cannot open special applications such as white board file transfer and video when I use the MSN messenger 1 Wait more than three minutes 2 Restart the applications ...

Page 296: ...Chapter 36 Troubleshooting VMG1312 B Series User s Guide 296 ...

Page 297: ... IP application package TCP IP should already be installed on computers using Windows NT 2000 XP Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP addresses that place t...

Page 298: ...w click Add 2 Select Protocol and then click Add 3 Select Microsoft from the list of m anufacturers 4 Select TCP I P from the list of network protocols and then click OK If you need Client for Microsoft Networks 1 Click Add 2 Select Client and then click Add 3 Select Microsoft from the list of manufacturers 4 Select Client for Microsoft Netw orks from the list of network clients and then click OK ...

Page 299: ...I P Address and Subnet Mask fields Figure 150 Windows 95 98 Me TCP IP Properties IP Address 3 Click the DNS Configuration tab If you do not know your DNS information select Disable DNS If you know your DNS information select Enable DNS and type the information in the fields below you may not need to fill them all in Figure 151 Windows 95 98 Me TCP IP Properties DNS Configuration ...

Page 300: ...o close the Netw ork window Insert the Windows CD if prompted 7 Turn on your Device and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and then click OK to open the I P Configuration window 3 Select your network adapter You should see your computer s IP address subnet mask and default gateway Windows 2000 NT XP The following exam...

Page 301: ...e 301 2 In the Control Panel double click Netw ork Connections Netw ork and Dial up Connections in Windows 2000 NT Figure 153 Windows XP Control Panel 3 Right click Local Area Connection and then click Properties Figure 154 Windows XP Control Panel Network Connections Properties ...

Page 302: ... Properties Figure 155 Windows XP Local Area Connection Properties 5 The I nternet Protocol TCP I P Properties window opens the General tab in Windows XP If you have a dynamic IP address click Obtain an I P address autom atically If you have a static IP address click Use the follow ing I P Address and fill in the I P address Subnet m ask and Default gatew ay fields ...

Page 303: ... addresses click Add In TCP I P Address type an IP address in I P address and a subnet mask in Subnet m ask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the I P Settings tab by clicking Add in Default gatew ays In TCP I P Gatew ay Address type the IP address of the default gateway in Gatew ay To manually configure a defa...

Page 304: ...perties 7 In the I nternet Protocol TCP I P Properties window the General tab in Windows XP Click Obtain DNS server address autom atically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the follow ing DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields ...

Page 305: ... the Local Area Connection Properties window 10 Close the Netw ork Connections window Netw ork and Dial up Connections in Windows 2000 NT 11 Turn on your Device and restart your computer if prompted Verifying Settings 1 Click Start All Program s Accessories and then Com m and Prom pt 2 In the Com m and Prom pt window type ipconfig and then press ENTER You can also open Netw ork Connections right c...

Page 306: ...ser s Guide 306 1 Click the Start icon Control Panel Figure 159 Windows Vista Start Menu 2 In the Control Panel double click Netw ork and I nternet Figure 160 Windows Vista Control Panel 3 Click Netw ork and Sharing Center Figure 161 Windows Vista Network And Internet ...

Page 307: ...rk connections Figure 162 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then click Properties Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue Figure 163 Windows Vista Network and Sharing Center ...

Page 308: ...igure 164 Windows Vista Local Area Connection Properties 7 The I nternet Protocol Version 4 TCP I Pv4 Properties window opens the General tab If you have a dynamic IP address click Obtain an I P address autom atically If you have a static IP address click Use the follow ing I P address and fill in the I P address Subnet m ask and Default gatew ay fields ...

Page 309: ...ab in IP addresses click Add In TCP I P Address type an IP address in I P address and a subnet mask in Subnet m ask and then click Add Repeat the above two steps for each IP address you want to add Configure additional default gateways in the I P Settings tab by clicking Add in Default gatew ays In TCP I P Gatew ay Address type the IP address of the default gateway in Gatew ay To manually configur...

Page 310: ...roperties 9 In the I nternet Protocol Version 4 TCP I Pv4 Properties window the General tab Click Obtain DNS server address autom atically if you do not know your DNS server IP address es If you know your DNS server IP address es click Use the follow ing DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields ...

Page 311: ... Protocol Version 4 TCP I Pv4 Properties window 11 Click Close to close the Local Area Connection Properties window 12 Close the Netw ork Connections window 13 Turn on your Device and restart your computer if prompted Verifying Settings 1 Click Start All Program s Accessories and then Com m and Prom pt 2 In the Com m and Prom pt window type ipconfig and then press ENTER You can also open Netw ork ...

Page 312: ...ng up Your Computer s IP Address VMG1312 B Series User s Guide 312 Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP I P to open the TCP I P Control Panel Figure 168 Macintosh OS 8 9 Apple Menu ...

Page 313: ... P Address box Type your subnet mask in the Subnet m ask box Type the IP address of your Device in the Router address box 5 Close the TCP I P Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your Device and restart your computer if prompted Verifying Settings Check your TCP IP properties in the TCP I P Control Panel window Macintosh OS X 1 Click the Apple menu...

Page 314: ...71 Macintosh OS X Network 4 For statically assigned settings do the following From the Configure box select Manually Type your IP address in the I P Address box Type your subnet mask in the Subnet m ask box Type the IP address of your Device in the Router address box 5 Click Apply Now and close the window 6 Turn on your Device and restart your computer if prompted Verifying Settings Check your TCP...

Page 315: ...ile location may vary depending on your Linux distribution and release version Note Make sure you are logged in as the root administrator Using the K Desktop Environment KDE Follow the steps below to configure your computer IP address using the KDE 1 Click the Red Hat button located on the bottom left corner select System Setting and click Netw ork Figure 172 Red Hat 9 0 KDE Network Configuration ...

Page 316: ...ain I P address settings w ith and select dhcp from the drop down list If you have a static IP address click Statically set I P Addresses and fill in the Address Subnet m ask and Default Gatew ay Address fields 3 Click OK to save the changes and close the Ethernet Device General screen 4 If you know your DNS server IP address es click the DNS tab in the Netw ork Configuration screen Enter the DNS ...

Page 317: ...eth0 is the name of the Ethernet card Open the configuration file with any plain text editor If you have a dynamic IP address enter dhcp in the BOOTPROTO field The following figure shows an example Figure 176 Red Hat 9 0 Dynamic IP Address Setting in ifconfig eth0 If you have a static IP address enter static in the BOOTPROTO field Type IPADDR followed by the IP address in dotted decimal notation a...

Page 318: ...ngs Enter ifconfig in a terminal screen to check your TCP IP properties Figure 180 Red Hat 9 0 Checking TCP IP Properties nameserver 172 23 5 1 nameserver 172 23 5 2 root localhost init d network restart Shutting down interface eth0 OK Shutting down loopback interface OK Setting network parameters OK Bringing up loopback interface OK Bringing up interface eth0 OK root localhost ifconfig eth0 Link ...

Page 319: ...mber and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on t...

Page 320: ...n the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist of a continuous seq...

Page 321: ...ple As these two IP addresses cannot be used for individual hosts calculate the maximum number of possible hosts in a network as follows Notation Since the mask is always a continuous number of ones beginning from the left followed by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usuall...

Page 322: ...ng a maximum of 28 2 or 254 possible hosts The following figure shows the company network before subnetting Figure 182 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168...

Page 323: ...168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask i...

Page 324: ...st ID 192 168 1 126 Table 117 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE I P Address 192 168 1 128 I P Address Binary 11000000 10101000 00000001 1 0 000000 Subnet Mask Binary 11111111 11111111 11111111 1 1 000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 118 Subnet 4 IP SUBNET MASK NETWORK NUMBER L...

Page 325: ...T MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 121 16 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382 3 255 255 ...

Page 326: ... Your Device will compute the subnet mask automatically based on the IP address that you entered You don t need to change the subnet mask computed by the Device unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any ...

Page 327: ... Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 184 Pop up Blocker ...

Page 328: ...n of the screen This disables any web pop up blockers you may have enabled Figure 185 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools I nternet Options and then the Privacy tab ...

Page 329: ...312 B Series User s Guide 329 2 Select Settings to open the Pop up Blocker Settings screen Figure 186 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 ...

Page 330: ...ck Add to move the IP address to the list of Allow ed sites Figure 187 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScripts are allowed ...

Page 331: ...xplorer click Tools I nternet Options and then the Security tab Figure 188 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default ...

Page 332: ...ick OK to close the window Figure 189 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools I nternet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java perm issions make sure that a safety level is selected ...

Page 333: ...ns VMG1312 B Series User s Guide 333 5 Click OK to close the window Figure 190 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools I nternet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected ...

Page 334: ...lick OK to close the window Figure 191 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary You can enable Java Javascripts and pop ups in one screen Click Tools then click Options in the screen that appears Figure 192 Mozilla Firefox Tools Options ...

Page 335: ...up Windows JavaScripts and Java Permissions VMG1312 B Series User s Guide 335 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 193 Mozilla Firefox Content Security ...

Page 336: ...Appendix C Pop up Windows JavaScripts and Java Permissions VMG1312 B Series User s Guide 336 ...

Page 337: ...ich is commonly referred to as an ad hoc network or Independent Basic Service Set IBSS The following diagram shows an example of notebook computers using wireless adapters to form an ad hoc wireless LAN Figure 194 Peer to Peer Communication in an Ad hoc Network BSS A Basic Service Set BSS exists when all communications between wireless clients or between a wireless client and a wired network clien...

Page 338: ...et ESS consists of a series of overlapping BSSs each containing an access point with each access point connected together by a wired network This wired connection between APs is called a Distribution System DS This type of wireless LAN topology is called an Infrastructure WLAN The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the i...

Page 339: ...reduce interference Interference occurs when radio signals from different access points overlap causing interference and degrading performance Adjacent channels partially overlap however To avoid interference due to overlap your AP should be on a channel at least five channels away from a channel that an adjacent AP is using For example if your region has 11 channels and an adjacent AP is using ch...

Page 340: ...rves and confirms with the requesting station the time frame for the requested transmission Stations can send frames smaller than the specified RTS CTS directly to the AP without the RTS Request To Send CTS Clear to Send handshake You should only configure RTS CTS if the possibility of hidden nodes exists on your network and the cost of resending large frames is more than the extra network overhea...

Page 341: ...n wireless clients access points and the wired network Wireless security methods available on the Device are data encryption wireless client authentication restricting access by device MAC address and hiding the Device identity The following figure shows the relative effectiveness of these wireless security methods available on your Device Note You must enable the same wireless security settings o...

Page 342: ...t and the server is the RADIUS server The RADIUS server handles the following tasks Authentication Determines the identity of the users Authorization Determines the network services available to authenticated users once they are connected to the network Accounting Keeps track of the client s network activity RADIUS is a simple package exchange in which your AP acts as a message relay between the w...

Page 343: ...s and a CA issues certificates and guarantees the identity of each certificate owner EAP MD5 Message Digest Algorithm 5 MD5 authentication is the simplest one way authentication method The authentication server sends a challenge to the wireless client The wireless client proves that it knows the password by encrypting the password with the challenge and sends back the information Password is not s...

Page 344: ...nge The AP maps a unique key that is generated with the RADIUS server This key expires when the wireless connection times out disconnects or reauthentication times out A new WEP key is generated each time reauthentication is performed If this feature is enabled it is not necessary to configure a default encryption key in the wireless security configuration screen You may still configure and store ...

Page 345: ...stributed by the authentication server AES Advanced Encryption Standard is a block cipher that uses a 256 bit mathematical algorithm called Rijndael They both include a per packet key mixing function a Message Integrity Check MIC named Michael an extended initialization vector IV with sequencing rules and a re keying mechanism WPA and WPA2 regularly change and rotate the encryption keys so that th...

Page 346: ...ation process again Pre authentication enables fast roaming by allowing the wireless client already connecting to an AP to perform IEEE 802 1x authentication with another AP before connecting to it Wireless Client WPA Supplicants A wireless client supplicant is the software that runs on an operating system instructing the wireless client how to use WPA At the time of writing the most widely availa...

Page 347: ...l passwords into the AP and all wireless clients The Pre Shared Key PSK must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters including spaces and symbols 2 The AP checks each wireless client s password and allows it to join the network only if the password matches 3 The AP and wireless clients generate a common PMK Pairwise Master Key The key itself is not sent over the n...

Page 348: ... or 5GHz IEEE 802 11a is needed to communicate efficiently in a wireless LAN Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna s coverage area Antenna Gain Antenna gain measured in dB decibel is the increase in coverage within the RF beam width Higher antenna gain improves the range of the signal for better communications For an indoor site ea...

Page 349: ...sible to make circular overlapping coverage areas with multiple access points Directional antennas concentrate the RF signal in a beam like a flashlight does with the light from its bulb The angle of the beam determines the width of the coverage pattern Angles typically range from 20 degrees very directional to 120 degrees less directional Directional antennas are ideal for hallways and outdoor po...

Page 350: ...Appendix D Wireless LANs VMG1312 B Series User s Guide 350 ...

Page 351: ...2f 0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix lengt...

Page 352: ...hosts in a multicast group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 127 Predefined Multicast Address MULTICAST ADDRESS...

Page 353: ...example Identity Association An Identity Association IA is a collection of addresses assigned to a DHCP client through which the server and client can manage a set of related IP addresses Each IA must be associated with exactly one interface The DHCP client uses the IA assigned to an interface to obtain configuration from a DHCP server for that interface Each IA consists of a unique IAID and assoc...

Page 354: ...the relay agent restarts Prefix Delegation Prefix delegation enables an IPv6 router to use the IPv6 prefix network address received from the ISP or a connected uplink router for its LAN The Device uses the received IPv6 prefix for example 2001 db2 48 to generate its LAN IP address Through sending Router Advertisements RAs regularly by multicast the Device passes the IPv6 prefix information to its ...

Page 355: ...directly without passing through a router If the address is unlink the address is considered as the next hop Otherwise the Device determines the next hop from the default router list or routing table Once the next hop IP address is known the Device looks into the neighbor cache to get the link layer address and sends the packet when the neighbor is reachable If the Device cannot find an entry in t...

Page 356: ... your network uses DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on yo...

Page 357: ...from a DHCPv6 server Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Netw ork and Sharing Center Local Area Connection 2 Select the I nternet Protocol Version 6 TCP I Pv6 checkbox to enable it 3 Click OK to save the change ...

Page 358: ... your dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 16...

Page 359: ...type of IP protocol used by the service If this is TCP UDP then the service uses the same port number with TCP and UDP If this is USER DEFI NED the Port s is the IP protocol number not the port number Port s This value depends on the Protocol If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanati...

Page 360: ...col a program to enable fast transfer of files including large files that may not be possible by e mail H 323 TCP 1720 NetMeeting uses this protocol HTTP TCP 80 Hyper Text Transfer Protocol a client server protocol for the world wide web HTTPS TCP 443 HTTPS is a secured http session often used in e commerce ICMP User Defined 1 Internet Control Message Protocol is often used for diagnostic purposes...

Page 361: ...EL GRE User Defined 47 PPTP Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the data channel RCMD TCP 512 Remote Command Service REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web REXEC TCP 514 Remote Execution Daemon RLOGIN TCP 513 Remote Login ROADRUNNER TCP UDP 1026 This is an ISP that provides services mainly f...

Page 362: ...P 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host...

Page 363: ...ommission FCC Interference Statement The device complies with Part 15 of FCC rules Operation is subject to the following two conditions This device may not cause harmful interference This device must accept any interference received including interference that may cause undesired operations This device has been tested and found to comply with the limits for a Class B digital device pursuant to Par...

Page 364: ...機設備之干擾 本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用 減少電磁波影響 請妥適使用 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This device has been designed for the WLAN 2 4 GHz network throughout the EC region and Switzerland with restrictions in France Ce produit est conçu pour les bandes de fréquences 2 4 GHz et ou 5 GHz...

Page 365: ...from country to country Registration Register your product online to receive e mail notices of firmware upgrades and information at www zyxel com for global products or at www us zyxel com for North American products Safety Warnings Do NOT use this product near water for example in a wet basement or near a swimming pool Do NOT expose your device to dampness dust or corrosive liquids Do NOT store t...

Page 366: ... the included antenna s Only use the included antenna s Your product is marked with this symbol which is known as the WEEE mark WEEE stands for Waste Electronics and Electrical Equipment It means that used electrical and electronic products should not be mixed with general waste Used electrical and electronic equipment should be treated separately ...

Page 367: ... Server see ACS 265 B backup configuration 281 Basic Service Set See BSS 337 Basic Service Set see BSS blinking LEDs 20 Broadband 83 broadcast 105 BSS 130 337 example 130 C CA 235 343 Canonical Format Indicator See CFI CCMs 284 certificate factory default 236 Certificate Authority See CA certificates 235 authentication 235 CA creating 237 public key 235 replacing 236 storage space 236 Certificatio...

Page 368: ...NS DoS 218 DS field 180 DS dee differentiated services DSCP 180 dynamic DNS 201 wildcard 202 Dynamic Host Configuration Protocol see DHCP dynamic WEP key exchange 344 DYNDNS wildcard 202 E EAP Authentication 343 ECHO 199 e mail log example 276 Encapsulation 101 MER 101 PPP over Ethernet 101 encapsulation 84 RFC 1483 101 encryption 129 345 ESS 338 Extended Service Set IDentification 110 117 Extende...

Page 369: ... Address Assignment 104 IP alias NAT applications 199 IPv6 85 351 addressing 85 105 351 EUI 64 353 global address 352 interface ID 353 link local address 351 Neighbor Discovery Protocol 351 ping 351 prefix 85 105 351 prefix delegation 86 prefix length 85 105 351 unspecified address 352 ISP 84 iTunes server 214 L LAN 139 and USB printer 215 client list 144 DHCP 140 158 DNS 140 158 IP address 140 14...

Page 370: ...4 activation 194 NAT example 200 Network Address Translation see NAT Network Address Translation see NAT Network Map 79 network map 26 NNTP 199 P Pairwise Master Key PMK 345 347 passwords 23 24 PBC 132 Peak Cell Rate PCR 102 Per Hop Behavior see PHB 181 PHB 181 PIN WPS 132 example 134 Ping of Death 218 Point to Point Tunneling Protocol 199 POP3 199 port forwarding 186 ports 20 PPP over Ethernet se...

Page 371: ...99 setup firewalls 219 static route 100 163 203 Single Rate Three Color Marker see srTCM SIP ALG 194 activation 194 SMTP 199 SNMP 199 SNMP trap 199 SPI 218 srTCM 182 SSID 128 activation 116 MBSSID 130 static route 161 273 configuration 100 163 203 example 161 static VLAN status 79 firmware version 81 LAN 81 WAN 81 wireless LAN 81 status indicators 20 subnet 319 subnet mask 140 159 320 subnetting 3...

Page 372: ... 121 example 131 web configurator 23 login 23 passwords 23 24 WEP 129 WEP Encryption 112 113 WEP encryption 111 WEP key 111 Wi Fi Protected Access 345 wireless client WPA supplicants 346 Wireless Distribution System see WDS wireless LAN 107 125 authentication 127 128 BSS 130 example 130 channel 126 encryption 129 example 126 fragmentation threshold 123 127 limitations 129 MAC address filter 117 12...

Page 373: ...icant 346 with RADIUS application example 346 WPA2 345 user authentication 346 vs WPA2 PSK 345 wireless client supplicant 346 with RADIUS application example 346 WPA2 Pre Shared Key 345 WPA2 PSK 345 application example 347 WPA PSK 129 345 application example 347 WPS 131 134 example 135 limitations 137 PIN 132 example 134 push button 22 132 ...

Page 374: ...VMG1312 B Series User s Guide 374 Index ...

Page 375: ...Index VMG1312 B Series User s Guide 375 ...

Page 376: ...VMG1312 B Series User s Guide 376 Index ...