P-2608HWL-Dx Series 802.11g Wireless ADSL2+ VoIP IAD User’s Guide Version 3.
P-2608HWL-Dx Series User’s Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
P-2608HWL-Dx Series User’s Guide Certifications Federal Communications Commission (FCC) Interference Statement The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules.
P-2608HWL-Dx Series User’s Guide 第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用 者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現 有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。 前項合法通信,指依電信規定作業之無線電信。低功率射頻電機須忍 受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 本機限在不干擾合法電臺與不受被干擾保障條件下於室內使用。 減少電磁波影響,請妥適使用。 Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device has been designed for the WLAN 2.
P-2608HWL-Dx Series User’s Guide Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device.
P-2608HWL-Dx Series User’s Guide This product is recyclable. Dispose of it properly.
P-2608HWL-Dx Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
P-2608HWL-Dx Series User’s Guide Customer Support Please have the following information ready when you contact customer support. • • • • Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONE WEB SITE FAX FTP SITE REGULAR MAIL LOCATION CORPORATE HEADQUARTERS (WORLDWIDE) COSTA RICA CZECH REPUBLIC DENMARK FINLAND SALES E-MAIL support@zyxel.com.
P-2608HWL-Dx Series User’s Guide METHOD SUPPORT E-MAIL TELEPHONE WEB SITE SALES E-MAIL FAX FTP SITE support@zyxel.no +47-22-80-61-80 www.zyxel.no sales@zyxel.no +47-22-80-61-81 ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway www.pl.zyxel.com ZyXEL Communications ul. Okrzei 1A 03-715 Warszawa Poland www.zyxel.ru ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279 Russia www.zyxel.es ZyXEL Communications Arte, 21 5ª planta 28033 Madrid Spain www.zyxel.
P-2608HWL-Dx Series User’s Guide Table of Contents Copyright .................................................................................................................. 3 Certifications ............................................................................................................ 4 Safety Warnings ....................................................................................................... 6 ZyXEL Limited Warranty...............................................................
P-2608HWL-Dx Series User’s Guide 3.3 Wireless Connection Wizard Setup ....................................................................60 3.3.1 Automatically assign a WPA key ...............................................................63 3.3.2 Manually Assign a WPA key ......................................................................63 3.3.3 Manually Assign a WEP key......................................................................63 Chapter 4 VoIP Wizard And Example ........................
P-2608HWL-Dx Series User’s Guide 7.3 Traffic Shaping ...................................................................................................92 7.3.1 ATM Traffic Classes ..................................................................................93 7.3.1.1 Constant Bit Rate (CBR) .................................................................93 7.3.1.2 Variable Bit Rate (VBR) ...................................................................93 7.3.1.3 Unspecified Bit Rate (UBR) .........
P-2608HWL-Dx Series User’s Guide 9.3 Wireless Performance Overview ......................................................................122 9.3.1 Quality of Service (QoS) .........................................................................122 9.4 Additional Wireless Terms ................................................................................122 9.5 General Wireless LAN Screen ........................................................................123 9.5.1 No Security .......................
P-2608HWL-Dx Series User’s Guide 11.1.4 SIP Call Progression .............................................................................152 11.1.5 SIP Client Server ..................................................................................152 11.1.5.1 SIP User Agent ............................................................................153 11.1.5.2 SIP Proxy Server .........................................................................153 11.1.5.3 SIP Redirect Server .......................
P-2608HWL-Dx Series User’s Guide Chapter 13 Phone Book .......................................................................................................... 177 13.1 Phone Book Overview ....................................................................................177 13.2 Speed Dial Screen .........................................................................................177 13.3 Incoming Call Policy Screen ..........................................................................179 13.
P-2608HWL-Dx Series User’s Guide Chapter 16 Firewall Configuration ......................................................................................... 199 16.1 Access Methods .............................................................................................199 16.2 Firewall Policies Overview ............................................................................199 16.3 Rule Logic Overview .....................................................................................200 16.3.
P-2608HWL-Dx Series User’s Guide 18.1.2 Additional Topics for IKE SA .................................................................226 18.1.2.1 Negotiation Mode ........................................................................226 18.1.2.2 VPN, NAT and NAT Traversal .....................................................226 18.1.3 IPSec SA Overview ..............................................................................227 18.1.3.1 Local Network and Remote Network ..............................
P-2608HWL-Dx Series User’s Guide Chapter 20 Static Route .......................................................................................................... 273 20.1 Static Route .................................................................................................273 20.2 Configuring Static Route ...............................................................................273 20.2.1 Static Route Edit ..................................................................................
P-2608HWL-Dx Series User’s Guide 23.6 Configuring FTP ............................................................................................298 23.7 SNMP .............................................................................................................299 23.7.1 Supported MIBs ....................................................................................300 23.7.2 SNMP Traps .........................................................................................300 23.7.
P-2608HWL-Dx Series User’s Guide 27.5.2 Restore Configuration ..........................................................................335 27.5.3 Reset to Factory Defaults ....................................................................336 27.6 Restart ............................................................................................................337 27.7 Using FTP or TFTP to Back Up Configuration ...............................................337 27.7.
P-2608HWL-Dx Series User’s Guide Windows 95/98/Me................................................................................................. 367 Configuring ...................................................................................................... 369 Verifying Settings ............................................................................................. 370 Windows 2000/NT/XP ............................................................................................
P-2608HWL-Dx Series User’s Guide Log Commands...................................................................................................... 412 Configuring What You Want the ZyXEL Device to Log.................................... 412 Displaying Logs ............................................................................................... 413 Log Command Example......................................................................................... 414 Appendix H Internal SPTGEN .............
P-2608HWL-Dx Series User’s Guide 24 Table of Contents
P-2608HWL-Dx Series User’s Guide List of Figures Figure 1 ZyXEL Device’s VoIP Features ................................................................ 41 Figure 2 Internet Access ....................................................................................... 42 Figure 3 LEDs ........................................................................................................ 42 Figure 4 Password Screen .....................................................................................
P-2608HWL-Dx Series User’s Guide Figure 39 Bandwidth Management Wizard: Complete ........................................... 77 Figure 40 Status Screen ......................................................................................... 79 Figure 41 Any IP Table ........................................................................................... 82 Figure 42 WLAN Status .......................................................................................... 83 Figure 43 Packet Statistics .....
P-2608HWL-Dx Series User’s Guide Figure 82 Edit Address Mapping Rule .................................................................. 148 Figure 83 Network > NAT > ALG ........................................................................... 150 Figure 84 SIP User Agent ...................................................................................... 153 Figure 85 SIP Proxy Server ................................................................................... 153 Figure 86 SIP Redirect Server .
P-2608HWL-Dx Series User’s Guide Figure 125 VPN: Transport and Tunnel Mode Encapsulation ................................ 228 Figure 126 VPN Setup ........................................................................................... 231 Figure 127 Edit VPN Policies ................................................................................ 233 Figure 128 Advanced VPN Policies ....................................................................... 238 Figure 129 VPN: Manual Key ...................
P-2608HWL-Dx Series User’s Guide Figure 168 Configuring UPnP ................................................................................ 308 Figure 169 Add/Remove Programs: Windows Setup: Communication .................. 310 Figure 170 Add/Remove Programs: Windows Setup: Communication: Components 310 Figure 171 Network Connections ........................................................................... 311 Figure 172 Windows Optional Networking Components Wizard ...........................
P-2608HWL-Dx Series User’s Guide Figure 210 Java (Sun) ............................................................................................ 359 Figure 211 WIndows 95/98/Me: Network: Configuration ........................................ 368 Figure 212 Windows 95/98/Me: TCP/IP Properties: IP Address ............................ 369 Figure 213 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ............... 370 Figure 214 Windows XP: Start Menu ...................................................
P-2608HWL-Dx Series User’s Guide Figure 253 Internal SPTGEN FTP Download Example ........................................ 417 Figure 254 Internal SPTGEN FTP Upload Example ..............................................
P-2608HWL-Dx Series User’s Guide 32 List of Figures
P-2608HWL-Dx Series User’s Guide List of Tables Table 1 Models Covered ....................................................................................... 41 Table 2 LEDs ......................................................................................................... 43 Table 3 Web Configurator Icons in the Title Bar .................................................... 49 Table 4 Navigation Panel Summary ......................................................................
P-2608HWL-Dx Series User’s Guide Table 39 Wireless: WPA(2) ................................................................................... 128 Table 40 Wireless LAN: Advanced ........................................................................ 130 Table 41 Network > Wireless LAN > OTIST .......................................................... 131 Table 42 MAC Address Filter ................................................................................ 134 Table 43 Wireless LAN: QoS .............
P-2608HWL-Dx Series User’s Guide Table 82 VPN Example: Mismatching ID Type and Content ................................. 225 Table 83 VPN Setup .............................................................................................. 231 Table 84 Edit VPN Policies .................................................................................... 233 Table 85 Advanced VPN Policies .......................................................................... 238 Table 86 VPN: Manual Key ..................
P-2608HWL-Dx Series User’s Guide Table 123 Configuring UPnP ................................................................................. 309 Table 124 System General Setup ......................................................................... 320 Table 125 System Time Setting ............................................................................. 321 Table 126 View Log ............................................................................................... 326 Table 127 Log Settings ...
P-2608HWL-Dx Series User’s Guide Table 166 CDR Logs ............................................................................................. 406 Table 167 PPP Logs .............................................................................................. 406 Table 168 UPnP Logs ........................................................................................... 407 Table 169 Content Filtering Logs ..........................................................................
P-2608HWL-Dx Series User’s Guide 38 List of Tables
P-2608HWL-Dx Series User’s Guide Preface Congratulations on your purchase of the P-2608HWL-Dx ADSL VoIP IAD with 802.11g Wireless (the “ZyXEL Device”). Your ZyXEL Device is easy to install and configure. About This User's Guide This manual is designed to guide you through the configuration of your ZyXEL Device for its various applications. Note: Use the web configurator or command interpreter interface to configure your ZyXEL Device. Not all features can be configured through all interfaces.
P-2608HWL-Dx Series User’s Guide • The P-2608HWL-Dx series may be referred to as the ”ZyXEL Device” or the “device” in this user’s guide. This refers to all models (ADSL over POTS, ADSL over ISDN and ADSL over T-ISDN) unless specifically identified.
P-2608HWL-Dx Series User’s Guide CHAPTER 1 Getting To Know the ZyXEL Device This chapter introduces the main features and applications of the ZyXEL Device. 1.1 Overview The P-2608HWL-Dx series are Integrated Access Devices (IADs) that combine an ADSL2+ router with Voice over IP (VoIP) communication capabilities. This guide covers the following models. Table 1 Models Covered P-2608HWL-D1 P-2608HWL-D3 P-2608HWL-D7 See Appendix A on page 361 for a complete list of software features. 1.1.
P-2608HWL-Dx Series User’s Guide 1.1.2 DSL Router Your ZyXEL Device is an ideal solution for fast Internet access. Computers can connect to the ZyXEL Device’s LAN ports (or wirelessly) and use it as a gateway to the Internet. Figure 2 Internet Access You can also configure firewall and content filtering on the ZyXEL Device for secure Internet access. When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network.
P-2608HWL-Dx Series User’s Guide The following table describes your device’s LEDs. Table 2 LEDs LIGHT COLOR STATUS DESCRIPTION POWER Green On Your device is receiving power and functioning properly. Blinking Your device is rebooting and performing a self-test. Red On Your device is not receiving enough power. None Off Your device is not ready or has malfunctioned. Green On Your device is ready, but is not sending/receiving data through the wireless LAN.
P-2608HWL-Dx Series User’s Guide 44 Chapter 1 Getting To Know the ZyXEL Device
P-2608HWL-Dx Series User’s Guide CHAPTER 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
P-2608HWL-Dx Series User’s Guide Figure 4 Password Screen 5 The following screen displays if you have not yet changed your password. It is highly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now. Figure 5 Change Password Screen 6 A screen displays to let you change your default factory certificate.
P-2608HWL-Dx Series User’s Guide Figure 6 Factory Default Certificate 7 A screen displays to let you choose whether to go to the wizard or the advanced screens. • Click Go to Wizard setup if you are logging in for the first time or if you want to make basic changes. The wizard selection screen appears after you click Apply. See Chapter 3 on page 53 for more information. • Click Go to Advanced setup if you want to configure features that are not available in the wizards.
P-2608HWL-Dx Series User’s Guide 2.1.2 The RESET Button You can use the RESET button on the side of the device to reboot the device. If you forget your password or cannot access the web configurator, you will need to use the RESET button to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”. 2.1.2.1 Using The Reset Button 1 Make sure the POWER light is on (not blinking). 2 Do one of the following.
P-2608HWL-Dx Series User’s Guide • B - navigation panel • C - main window • D - status bar 2.2.1 Title Bar The title bar provides some icons in the upper right corner. The icons provide the following functions. Table 3 Web Configurator Icons in the Title Bar ICON DESCRIPTION Wizards: Click this icon to go to the configuration wizards. See Chapter 3 on page 53 for more information. Logout: Click this icon to log out of the web configurator. 2.2.
P-2608HWL-Dx Series User’s Guide Table 4 Navigation Panel Summary LINK Wireless LAN NAT TAB FUNCTION General Use this screen to configure the wireless LAN settings and WLAN authentication/security settings. OTIST Use this screen to configure a setup key for OTIST as well as start OTIST on the ZyXEL Device. MAC Filter Use this screen to configure the ZyXEL Device to give exclusive access to specific wireless clients or exclude specific wireless clients from accessing the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide Table 4 Navigation Panel Summary LINK VPN Certificates TAB FUNCTION Setup Use this screen to configure each VPN tunnel. Monitor Use this screen to look at the current status of each VPN tunnel. VPN Global Setting Use this screen to allow NetBIOS traffic through VPN tunnels. My Certificates Use this screen to generate and export self-signed certificates or certification requests and import the ZyXEL Device’s CA-signed certificates.
P-2608HWL-Dx Series User’s Guide Table 4 Navigation Panel Summary LINK Tools Diagnostic TAB FUNCTION Firmware Use this screen to upload firmware to your device. Configuration Use this screen to backup and restore your device’s configuration (settings) or reset the factory default settings. Restart This screen allows you to reboot the ZyXEL Device without turning the power off. General Use this screen to test the connections to other devices.
P-2608HWL-Dx Series User’s Guide CHAPTER 3 Internet and Wireless Setup Wizard This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. Note: See the advanced menu chapters for background information on these fields. 3.
P-2608HWL-Dx Series User’s Guide Figure 10 Wizard Welcome 3 Your ZyXEL Device attempts to detect your DSL connection and your connection type. a The following screen appears if a connection is not detected. Check your hardware connections and click Restart the Internet/Wireless Setup Wizard to return to the wizard welcome screen or click Manually configure your Internet connection if you want to set up the connection manually.
P-2608HWL-Dx Series User’s Guide Figure 12 Auto-Detection: PPPoE c The following screen appears if the ZyXEL Device detects a connection but not the connection type. Click Next and refer to Section 3.2.1 on page 55 on how to manually configure the ZyXEL Device for Internet access. Figure 13 Auto Detection: Failed 3.2.
P-2608HWL-Dx Series User’s Guide Figure 14 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 5 Internet Access Wizard Setup: ISP Parameters 56 LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the encapsulation type your ISP uses from the Encapsulation drop-down list box.
P-2608HWL-Dx Series User’s Guide 2 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 3.3 on page 60 for wireless connection wizard setup Figure 15 Internet Connection with PPPoE The following table describes the fields in this screen. Table 6 Internet Connection with PPPoE LABEL DESCRIPTION User Name Enter the user name exactly as your ISP assigned.
P-2608HWL-Dx Series User’s Guide The following table describes the fields in this screen. Table 7 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field. Back Click Back to go back to the previous wizard screen. Next Click Next to continue to the next wizard screen. Exit Click Exit to close the wizard screen without saving your changes.
P-2608HWL-Dx Series User’s Guide Table 8 Internet Connection with ENET ENCAP (continued) LABEL DESCRIPTION First DNS Server Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Second DNS Server As above. Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes.
P-2608HWL-Dx Series User’s Guide Figure 19 Connection Test Failed-1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wireless Setup Wizard to verify your Internet access settings. Figure 20 Connection Test Failed-2. 3.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings.
P-2608HWL-Dx Series User’s Guide Figure 21 Connection Test Successful 2 Use this screen to activate the wireless LAN. Click Next to continue. Figure 22 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen. Table 10 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN.
P-2608HWL-Dx Series User’s Guide 3 Configure your wireless settings in this screen. Click Next. Figure 23 Wireless LAN The following table describes the labels in this screen. Table 11 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Network Name(SSID) Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. If you change this field on the ZyXEL Device, make sure all wireless stations use the same SSID in order to access the network.
P-2608HWL-Dx Series User’s Guide 4 This screen varies depending on the security mode you selected in the previous screen. Fill in the field (if available) and click Next. 3.3.1 Automatically assign a WPA key Choose Manually assign a WPA key in the Wireless LAN setup screen to allow the ZyXEL Device to configure a PSK key for you based on the setup key you entered on the previous Wireless LAN setup screen.
P-2608HWL-Dx Series User’s Guide Figure 25 Manually Assign a WEP key The following table describes the labels in this screen. Table 13 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. Enter any 5, 13 or 29 ASCII characters or 10, 26 or 58 hexadecimal characters ("0-9", "A-F") for a 64-bit, 128-bit or 256-bit WEP key respectively.
P-2608HWL-Dx Series User’s Guide Figure 26 Wireless LAN Setup 3 6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard setup. Note: No wireless LAN settings display if you chose not to configure wireless LAN settings. Figure 27 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning.
P-2608HWL-Dx Series User’s Guide 66 Chapter 3 Internet and Wireless Setup Wizard
P-2608HWL-Dx Series User’s Guide CHAPTER 4 VoIP Wizard And Example This chapter shows you how to configure your SIP account(s) and make a VoIP phone call. 4.1 Introduction The ZyXEL Device has Voice over IP (VoIP) communication capabilities that allow you to use a traditional analog telephone to make Internet calls. You can configure the ZyXEL Device to use up to two SIP based VoIP accounts. This section describes how you can set up your ZyXEL Device to call someone who is also using a VoIP device.
P-2608HWL-Dx Series User’s Guide Figure 29 Select a Mode 2 Click VOICE OVER INTERNET SETUP to configure your SIP settings.
P-2608HWL-Dx Series User’s Guide 3 Fill in the VOICE OVER INTERNET SETUP wizard screen with the information provided by your VoIP service provider. Your VoIP service provider supplies you with the following information. When you are finished, click Apply. Table 14 Sample SIP Account Information INFORMATION FROM VOIP SERVICE EXAMPLE VALUES PROVIDER DESCRIPTION SIP account address 11223344@SIPA-Account.com 11223344 is your SIP number.
P-2608HWL-Dx Series User’s Guide Table 15 VoIP Wizard Configuration LABEL DESCRIPTION SIP Service Domain Enter the SIP service domain name in this field (the domain name that comes after the @ symbol in a SIP account like 11223344@SIPAAccount.com). You can use up to 127 ASCII Extended set characters. User Name This is the name used to register this SIP account with the SIP register server. Type the user name exactly as it was given to you. You can use up to 95 ASCII characters.
P-2608HWL-Dx Series User’s Guide Figure 33 VoIP Wizard Fail 6 This screen displays if your SIP account registration was successful. Click Return to Wizard Main Page if you want to use another configuration wizard. Click Go to Advanced Setup page or Finish to close the wizard and go to the main web configurator screens. Figure 34 VoIP Wizard Finish 7 To call other VoIP users, you need to follow a similar process to ensure that their SIP account is registered and active.
P-2608HWL-Dx Series User’s Guide 72 Chapter 4 VoIP Wizard And Example
P-2608HWL-Dx Series User’s Guide CHAPTER 5 Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 5.1 Introduction Bandwidth management allows you to control the amount of bandwidth going out through the ZyXEL Device’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements. This helps keep one service from using all of the available bandwidth and shutting out other users. 5.
P-2608HWL-Dx Series User’s Guide Table 16 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION NetMeeting (H.323) A multimedia communications product from Microsoft that enables groups to teleconference and videoconference over the Internet. NetMeeting supports VoIP, text chat sessions, a whiteboard, and file transfers and application sharing. NetMeeting uses H.323. H.323 is a standard teleconferencing protocol suite that provides audio, data and video conferencing.
P-2608HWL-Dx Series User’s Guide 2 Click BANDWIDTH MANAGEMENT SETUP. Figure 36 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the packet size or services. Figure 37 Bandwidth Management Wizard: General Information The following fields describe the label in this screen.
P-2608HWL-Dx Series User’s Guide Figure 38 Bandwidth Management Wizard: Service Configuration The following table describes the labels in this screen. Table 18 Bandwidth Management Wizard: Service Configuration 76 LABEL DESCRIPTION Active Select Active to enable bandwidth management for service specified traffic. Select an entry’s Active check box to turn on bandwidth management for the service/ application. Service These fields display the services names.
P-2608HWL-Dx Series User’s Guide 5 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration.
P-2608HWL-Dx Series User’s Guide 78 Chapter 5 Bandwidth Management Wizard
P-2608HWL-Dx Series User’s Guide CHAPTER 6 Status Screens Use the Status screens to look at the current status of the device, system resources, interfaces (LAN and WAN), and SIP accounts. You can also register and unregister SIP accounts. The Status screen also provides detailed information from Any IP and DHCP and statistics from VoIP, bandwidth management, and traffic. 6.1 Status Screen Click Status to open this screen.
P-2608HWL-Dx Series User’s Guide Each field is described in the following table. Table 19 Status Screen LABEL DESCRIPTION Refresh Interval Enter how often you want the ZyXEL Device to update this screen. Apply Click this to update this screen immediately. Device Information Host Name This field displays the ZyXEL Device system name. It is used for identification. You can change this in the Maintenance > System > General screen’s System Name field. Model Number This is the model name of your device.
P-2608HWL-Dx Series User’s Guide Table 19 Status Screen LABEL DESCRIPTION Security Firewall This displays whether or not the ZyXEL Device’s firewall is activated. Click this to go to the screen where you can change it. Content Filter This displays whether or not the ZyXEL Device’s content filtering is activated. Click this to go to the screen where you can change it. System Status System Uptime This field displays how long the ZyXEL Device has been running since it last started up.
P-2608HWL-Dx Series User’s Guide Table 19 Status Screen LABEL DESCRIPTION VPN Status Click this link to view the ZyXEL Device’s current VPN connections. See Section 18.6 on page 243. Packet Statistics Click this link to view port status and packet specific statistics. See Section 6.4 on page 83. VoIP Statistics Click this link to view statistics about your VoIP usage. See Section 6.5 on page 85. VoIP Status Account This column displays each SIP account in the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide Each field is described in the following table. Table 20 Any IP Table LABEL DESCRIPTION # This field is a sequential value. It is not associated with a specific entry. IP Address This field displays the IP address of each computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device. MAC Address This field displays the MAC address of the computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide Figure 43 Packet Statistics The following table describes the fields in this screen. Table 22 Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/Time This field displays your ZyXEL Device’s present date and time. CPU Usage This field specifies the percentage of CPU utilization. Memory Usage This field specifies the percentage of memory utilization.
P-2608HWL-Dx Series User’s Guide Table 22 Packet Statistics (continued) LABEL DESCRIPTION Up Time This field displays the elapsed time this port has been up. LAN Port Statistics Interface This field displays either Interface (LAN ports) or Wireless (WLAN port). Status For the LAN ports, this field displays Down (line is down) or Up (line is up or connected). For the WLAN port, it displays the transmission rate when WLAN is enabled or N/A when WLAN is disabled.
P-2608HWL-Dx Series User’s Guide Each field is described in the following table. Table 23 VoIP Statistics LABEL DESCRIPTION SIP Status Account This column displays each SIP account in the ZyXEL Device. Registration This field displays the current registration status of the SIP account. You can change this in the Status screen. Registered - The SIP account is registered with a SIP server.
P-2608HWL-Dx Series User’s Guide Table 23 VoIP Statistics LABEL DESCRIPTION Tx B/s This field displays how quickly the ZyXEL Device has transmitted packets in the current call. The rate is the average number of bytes transmitted per second. Rx B/s This field displays how quickly the ZyXEL Device has received packets in the current call. The rate is the average number of bytes transmitted per second.
P-2608HWL-Dx Series User’s Guide 88 Chapter 6 Status Screens
P-2608HWL-Dx Series User’s Guide CHAPTER 7 WAN Setup This chapter describes how to configure WAN settings. 7.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 7.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods. 7.1.1.1 ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol.
P-2608HWL-Dx Series User’s Guide By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access. 7.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection.
P-2608HWL-Dx Series User’s Guide 7.1.4 IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP. However the encapsulation method assigned influences your choices for IP address and ENET ENCAP gateway. 7.1.4.
P-2608HWL-Dx Series User’s Guide 7.2 Metric The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1" for directly connected networks. The number must be between "1" and "15"; a number greater than "15" means the link is down. The smaller the number, the lower the "cost".
P-2608HWL-Dx Series User’s Guide Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again. If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate. The following figure illustrates the relationship between PCR, SCR and MBS.
P-2608HWL-Dx Series User’s Guide The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An example of an VBR-nRT connection would be non-time sensitive data file transfers. 7.3.1.3 Unspecified Bit Rate (UBR) The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers.
P-2608HWL-Dx Series User’s Guide Figure 46 Internet Access Setup (PPPoE) The following table describes the labels in this screen. Table 24 Internet Access Setup LABEL DESCRIPTION General Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. Choices vary depending on the mode you select in the Mode field.
P-2608HWL-Dx Series User’s Guide Table 24 Internet Access Setup (continued) LABEL DESCRIPTION Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC. Virtual Circuit ID VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit. Refer to the appendix for more information. VPI The valid range for the VPI is 0 to 255. Enter the VPI assigned to you.
P-2608HWL-Dx Series User’s Guide Table 24 Internet Access Setup (continued) LABEL DESCRIPTION Max Idle Timeout Specify an idle time-out in the Max Idle Timeout field when you select Connect on Demand. The default setting is 0, which means the Internet session will not timeout. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click this button to display the Advanced WAN Setup screen and edit more details of your WAN setup. 7.5.
P-2608HWL-Dx Series User’s Guide Table 25 Advanced Internet Access Setup (continued) LABEL DESCRIPTION ATM QoS Type Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time sensitive, such as e-mail. Select VBR-RT (real-time Variable Bit Rate) type for applications with bursty connections that require closely controlled delay and delay variation.
P-2608HWL-Dx Series User’s Guide Figure 48 WAN More Connections The following table describes the labels in this screen. Table 26 WAN More Connections LABEL DESCRIPTION # This is an index number indicating the number of the corresponding connection. Active This field indicates whether the connection is active or not. Name This is the name you gave to the Internet connection.
P-2608HWL-Dx Series User’s Guide Figure 49 WAN More Connections > Modify The following table describes the labels in this screen. Table 27 WAN More Connections > Modify LABEL DESCRIPTION General 100 Active Use this checkbox to activate or deactivate this WAN connection. Name Give a name to this WAN connection. This if for descriptive purposes only. Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge.
P-2608HWL-Dx Series User’s Guide Table 27 WAN More Connections > Modify (continued) LABEL DESCRIPTION Multiplexing Select the method of multiplexing used by your ISP from the drop-down list. Choices are VC or LLC. Virtual Circuit ID VPI (Virtual Path Identifier) and VCI (Virtual Channel Identifier) define a virtual circuit. Refer to the appendix for more information. VPI The valid range for the VPI is 0 to 255. Enter the VPI assigned to you.
P-2608HWL-Dx Series User’s Guide 7.7 Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below. Figure 50 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network.
P-2608HWL-Dx Series User’s Guide Figure 51 Traffic Redirect LAN Setup 7.8 WAN Backup Setup To configure your ZyXEL Device’s WAN backup, click Network > WAN > WAN Backup Setup.
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 28 WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up. Select ICMP to have the ZyXEL Device periodically ping the IP addresses configured in the Check WAN IP Address fields.
P-2608HWL-Dx Series User’s Guide CHAPTER 8 LAN Setup This chapter describes how to configure LAN settings. 8.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses. See Section 8.3 on page 111 to configure the LAN screens. 8.1.
P-2608HWL-Dx Series User’s Guide 8.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. 8.1.2.
P-2608HWL-Dx Series User’s Guide 8.1.4 DNS Server Address Assignment Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. There are two ways that an ISP disseminates the DNS server addresses. • The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up.
P-2608HWL-Dx Series User’s Guide 8.2.1.1 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 — 10.255.255.255 • 172.16.0.0 — 172.31.255.255 • 192.168.0.0 — 192.
P-2608HWL-Dx Series User’s Guide 8.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
P-2608HWL-Dx Series User’s Guide Figure 53 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the ZyXEL Device’s IP address. Note: You must enable NAT/SUA to use the Any IP feature on the ZyXEL Device. 8.2.4.
P-2608HWL-Dx Series User’s Guide 8.3 Configuring LAN IP Click Network > LAN to open the IP screen. See Section 8.1 on page 105 for background information. Figure 54 LAN IP The following table describes the fields in this screen. Table 29 LAN IP LABEL DESCRIPTION TCP/IP IP Address Enter the IP address of your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask assigned to you by your ISP (if given).
P-2608HWL-Dx Series User’s Guide Figure 55 Advanced LAN Setup The following table describes the labels in this screen. Table 30 Advanced LAN Setup LABEL DESCRIPTION RIP & Multicast Setup 112 RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group.
P-2608HWL-Dx Series User’s Guide 8.4 DHCP Setup Click Network > DHCP Setup to open this screen. Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 56 DHCP Setup The following table describes the labels in this screen.
P-2608HWL-Dx Series User’s Guide Table 31 DHCP Setup LABEL DESCRIPTION First DNS Server Second DNS Server Third DNS Server Select Obtained From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address). Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply.
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 32 LAN Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you specify. MAC Address Enter the MAC address of a computer on your LAN. Add Click Add to add a static DHCP entry. # This is the index number of the static IP table entry (row).
P-2608HWL-Dx Series User’s Guide Figure 58 Physical Network & Partitioned Logical Networks Click Network > LAN > IP Alias to open the following screen. Use this screen to change your ZyXEL Device’s IP alias settings. Figure 59 LAN IP Alias The following table describes the labels in this screen. Table 33 LAN IP Alias 116 LABEL DESCRIPTION IP Alias 1, 2 Select the check box to configure another LAN network for the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide Table 33 LAN IP Alias LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None. When set to Both or Out Only, the ZyXEL Device will broadcast its routing table periodically.
P-2608HWL-Dx Series User’s Guide 118 Chapter 8 LAN Setup
P-2608HWL-Dx Series User’s Guide CHAPTER 9 Wireless LAN This chapter discusses how to configure the wireless network settings in your ZyXEL Device. 9.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 60 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet.
P-2608HWL-Dx Series User’s Guide Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 9.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network. 9.2.1 SSID Normally, the ZyXEL Device acts like a beacon and regularly broadcasts the SSID in the area.
P-2608HWL-Dx Series User’s Guide For wireless networks, you can store the user names and passwords for each user in a RADIUS server. This is a server used in businesses more than in homes. If you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network.
P-2608HWL-Dx Series User’s Guide Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. 9.2.5 One-Touch Intelligent Security Technology (OTIST) With ZyXEL’s OTIST, you set up the SSID and the encryption (WEP or WPA-PSK) on the ZyXEL Device. Then, the ZyXEL Device transfers them to the devices in the wireless networks.
P-2608HWL-Dx Series User’s Guide TERM DESCRIPTION Authentication The process of verifying whether a wireless device is allowed to use the wireless network. Max. Frame Burst Enable this to improve the performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks. Maximum Frame Burst sets the maximum time that the ZyXEL Device transmits IEEE 802.11g wireless traffic only.
P-2608HWL-Dx Series User’s Guide The following table describes the general wireless LAN labels in this screen. Table 35 Wireless LAN: General LABEL DESCRIPTION Active Wireless Click the check box to activate wireless LAN. LAN Network Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID.
P-2608HWL-Dx Series User’s Guide Figure 62 Wireless: No Security The following table describes the labels in this screen. Table 36 Wireless No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. 9.5.2 WEP Encryption Screen In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen. Select Static WEP from the Security Mode list.
P-2608HWL-Dx Series User’s Guide Figure 63 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 37 Wireless: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box. Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The ZyXEL Device automatically generates a WEP key. WEP Key The WEP key is used to encrypt data.
P-2608HWL-Dx Series User’s Guide Figure 64 Wireless: WPA(2)-PSK The following table describes the wireless LAN security labels in this screen. Table 38 Wireless: WPA(2)-PSK LABEL DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK from the drop-down list box. WPA Compatible This field is only available for WPA2-PSK. Select this if you want the ZyXEL Device to support WPA-PSK and WPA2-PSK simultaneously. Pre-Shared Key The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same.
P-2608HWL-Dx Series User’s Guide 9.5.4 WPA(2) Authentication Screen In order to configure and enable WPA Authentication; click the Wireless LAN link under Network to display the Wireless screen. Select WPA or WPA2 from the Security list. Figure 65 Wireless: WPA(2) The following table describes the wireless LAN security labels in this screen. Table 39 Wireless: WPA(2) LABEL DESCRIPTION Security Mode Choose WPA or WPA2 from the drop-down list box. WPA Compatible This field is only available for WPA2.
P-2608HWL-Dx Series User’s Guide Table 39 Wireless: WPA(2) LABEL DESCRIPTION Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour).
P-2608HWL-Dx Series User’s Guide Figure 66 Advanced The following table describes the labels in this screen. Table 40 Wireless LAN: Advanced LABEL DESCRIPTION Wireless Advanced Setup RTS/CTS Threshold Enter a value between 0 and 2432. If you select the G+ Enhanced checkbox a value of 4096 is displayed. Fragmentation Threshold It is the maximum data fragment size that can be sent. Enter a value between 256 and 2432. If you select the G+ Enhanced checkbox a value of 4096 is displayed.
P-2608HWL-Dx Series User’s Guide Figure 67 Network > Wireless LAN > OTIST The following table describes the labels in this screen. Table 41 Network > Wireless LAN > OTIST LABEL DESCRIPTION Setup Key Type a key (password) 8 ASCII characters long. Note: If you change the OTIST setup key in the ZyXEL Device, you must change it on the wireless devices too. Yes! Select this if you want the ZyXEL Device to automatically generate a preshared key for the wireless network.
P-2608HWL-Dx Series User’s Guide Figure 68 Example: Wireless Client OTIST Screen To start OTIST in the device, click Start in this screen. Note: You must click Start in the ZyXEL Device and in the wireless device(s) within three minutes of each other. You can start OTIST in the wireless devices and the ZyXEL Device in any order. After you click Start in the ZyXEL Device, the following screen appears (in the ZyXEL Device).
P-2608HWL-Dx Series User’s Guide The following screen appears on the wireless client. Figure 71 OTIST: In Progress on the Wireless Device These screens close when the transfer is complete. 9.6.1 Notes on OTIST 1 If you enable OTIST in a wireless device, you see this screen each time you start the utility. Click Yes to search for an OTIST-enabled AP (in other words, the ZyXEL Device).
P-2608HWL-Dx Series User’s Guide 9.7 MAC Filter To change your ZyXEL Device’s MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. Figure 73 MAC Address Filter The following table describes the labels in this menu. Table 42 MAC Address Filter LABEL DESCRIPTION Active MAC Filter Select the check box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
P-2608HWL-Dx Series User’s Guide Table 42 MAC Address Filter LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. 9.8 QoS Screen The QoS screen by default allows you to automatically give a service a priority level. Click Network > Wireless LAN > QoS. The following screen displays. Wireless LAN: QoS The following table describes the fields in this screen.
P-2608HWL-Dx Series User’s Guide Table 43 Wireless LAN: QoS LABEL DESCRIPTION Name This field displays a description given to an application entry. Service This field displays either FTP, WWW, E-mail or a User Defined service to which you want to apply WMM QoS. Dest Port This field displays the destination port number to which the application sends traffic. Priority This field displays the WMM QoS priority for traffic bandwidth.
P-2608HWL-Dx Series User’s Guide Table 44 Application Priority Configuration LABEL DESCRIPTION Service The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list box. • FTP File Transfer Program enables fast transfer of files, including large files that may not be possible by e-mail. FTP uses port number 21. • E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals.
P-2608HWL-Dx Series User’s Guide 138 Chapter 9 Wireless LAN
P-2608HWL-Dx Series User’s Guide CHAPTER 10 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the ZyXEL Device. 10.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 10.1.
P-2608HWL-Dx Series User’s Guide 10.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
P-2608HWL-Dx Series User’s Guide 10.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. Figure 76 NAT Application With IP Alias 10.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address.
P-2608HWL-Dx Series User’s Guide Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these types. Table 46 NAT Mapping Types TYPE IP MAPPING One-to-One ILA1ÅÆ IGA1 Many-to-One (SUA/PAT) ILA1ÅÆ IGA1 ILA2ÅÆ IGA1 … Many-to-Many Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA1 ILA4ÅÆ IGA2 … Many-to-Many No Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 … Server Server 1 IPÅÆ IGA1 Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1 10.
P-2608HWL-Dx Series User’s Guide Figure 77 NAT General The following table describes the labels in this screen. Table 47 NAT General LABEL DESCRIPTION Active Network Address Translation (NAT) Select this check box to enable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device. Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL Device.
P-2608HWL-Dx Series User’s Guide You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers.
P-2608HWL-Dx Series User’s Guide 10.5 Configuring Port Forwarding Note: If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. Click Network > NAT > Port Forwarding to open the following screen. See Appendix D on page 387 for port numbers commonly used for particular services. Figure 79 Port Forwarding The following table describes the fields in this screen.
P-2608HWL-Dx Series User’s Guide Table 48 Port Forwarding LABEL DESCRIPTION Modify Click the edit icon to go to the screen where you can edit the port forwarding rule. Click the delete icon to delete an existing port forwarding rule. Note that subsequent address mapping rules move up by one when you take this action. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous configuration. 10.5.
P-2608HWL-Dx Series User’s Guide Table 49 Port Forwarding Rule Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 10.6 Address Mapping Note: The Address Mapping screen is available only when you select Full Feature in the NAT > General screen. Ordering your rules is important because the ZyXEL Device applies the rules in the order that you specify.
P-2608HWL-Dx Series User’s Guide Table 50 Address Mapping Rules (continued) LABEL DESCRIPTION Local End IP This is the end Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This field is N/A for One-to-one and Server mapping types. Global Start IP This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP.
P-2608HWL-Dx Series User’s Guide The following table describes the fields in this screen. Table 51 Edit Address Mapping Rule LABEL DESCRIPTION Type Choose the port mapping type from one of the following. • One-to-One: One-to-One mode maps one local IP address to one global IP address. Note that port numbers do not change for One-to-one NAT mapping type. • Many-to-One: Many-to-One mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e.
P-2608HWL-Dx Series User’s Guide Figure 83 Network > NAT > ALG Each field is described in the following table. Table 52 Network > NAT > ALG 150 LABEL DESCRIPTION Enable SIP ALG Select this to make sure SIP (VoIP) works correctly with port-forwarding and address-mapping rules. Apply Click this to save your changes and to apply them to the ZyXEL Device. Reset Click this to return to previously saved configuration.
P-2608HWL-Dx Series User’s Guide C H A P T E R 11 SIP Use these screens to set up your SIP accounts and to configure QoS settings. 11.1 SIP Overview 11.1.1 Introduction to VoIP VoIP (Voice over IP) is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit-switched telephone network. You can also use servers to run telephone service applications like PBX services and voice mail.
P-2608HWL-Dx Series User’s Guide 11.1.3.2 SIP Service Domain The SIP service domain of the VoIP service provider (the company that lets you make phone calls over the Internet) is the domain name in a SIP URI. For example, if the SIP address is 1122334455@VoIP-provider.com, then “VoIP-provider.com” is the SIP service domain. 11.1.4 SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call. A calls B. Table 53 SIP Call Progression A B 1. INVITE 2.
P-2608HWL-Dx Series User’s Guide 11.1.5.1 SIP User Agent A SIP user agent can make and receive VoIP telephone calls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol. In the following figure, either A or B can act as a SIP user agent client to initiate a call. A and B can also both act as a SIP user agent to receive the call. Figure 84 SIP User Agent 11.1.5.
P-2608HWL-Dx Series User’s Guide 11.1.5.3 SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server. Redirect servers do not initiate SIP requests.
P-2608HWL-Dx Series User’s Guide 11.1.7 NAT and SIP The ZyXEL Device must register its public IP address with a SIP register server. If there is a NAT router between the ZyXEL Device and the SIP register server, the ZyXEL Device probably has a private IP address. The ZyXEL Device lists its IP address in the SIP message that it sends to the SIP register server. NAT does not translate this IP address in the SIP message.
P-2608HWL-Dx Series User’s Guide Figure 87 STUN 11.1.7.4 Outbound Proxy Your VoIP service provider may host a SIP outbound proxy server to handle all of the ZyXEL Device’s VoIP traffic. This allows the ZyXEL Device to work with any type of NAT router and eliminates the need for STUN or a SIP ALG. Turn off a SIP ALG on a NAT router in front of the ZyXEL Device to keep it from retranslating the IP address (since this is already handled by the outbound proxy server). 11.1.
P-2608HWL-Dx Series User’s Guide 11.1.10 MWI (Message Waiting Indication) Enable Message Waiting Indication (MWI) enables your phone to give you a message– waiting (beeping) dial tone when you have a voice message(s). Your VoIP service provider must have a messaging system that sends message waiting status SIP packets as defined in RFC 3842. 11.1.11 Custom Tones (IVR) IVR (Interactive Voice Response) is a feature that allows you to use your telephone to interact with the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide 1 Pick up the phone and press “****” on your phone’s keypad and wait for the message that says you are in the configuration menu. 2 Press a number from 1301~1308 followed by the “#” key to delete the tone of your choice. Press 14 followed by the “#” key if you wish to clear all your custom tones. You can continue to add, listen to, or delete tones, or you can hang up the receiver when you are done. 11.1.
P-2608HWL-Dx Series User’s Guide The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. 11.1.12.4 VLAN Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks.
P-2608HWL-Dx Series User’s Guide Figure 89 VoIP > SIP > SIP Settings Each field is described in the following table. Table 55 VoIP > SIP > SIP Settings LABEL DESCRIPTION SIP Account Select the SIP account you want to see in this screen. If you change this field, the screen automatically refreshes. SIP Settings Active SIP Account Select this if you want the ZyXEL Device to use this account. Clear it if you do not want the ZyXEL Device to use this account. Number Enter your SIP number.
P-2608HWL-Dx Series User’s Guide Table 55 VoIP > SIP > SIP Settings LABEL DESCRIPTION Send Caller ID Select this if you want to send identification when you make VoIP phone calls. Clear this if you do not want to send identification. Authentication User Name Enter the user name for registering this SIP account, exactly as it was given to you. You can use up to 95 printable ASCII characters. Password Enter the user name for registering this SIP account, exactly as it was given to you.
P-2608HWL-Dx Series User’s Guide Figure 90 VoIP > SIP > SIP Settings > Advanced Each field is described in the following table. Table 56 VoIP > SIP Settings > Advanced LABEL DESCRIPTION SIP Account This field displays the SIP account you see in this screen.
P-2608HWL-Dx Series User’s Guide Table 56 VoIP > SIP Settings > Advanced LABEL DESCRIPTION URL Type Select whether or not to include the SIP service domain name when the ZyXEL Device sends the SIP number. SIP - include the SIP service domain name TEL - do not include the SIP service domain name Expiration Duration Enter the number of seconds your SIP account is registered with the SIP register server before it is deleted.
P-2608HWL-Dx Series User’s Guide Table 56 VoIP > SIP Settings > Advanced LABEL DESCRIPTION Enable Select this if your VoIP service provider has a SIP outbound server to handle voice calls. This allows the ZyXEL Device to work with any type of NAT router and eliminates the need for STUN or a SIP ALG. Turn off any SIP ALG on a NAT router in front of the ZyXEL Device to keep it from retranslating the IP address (since this is already handled by the outbound proxy server).
P-2608HWL-Dx Series User’s Guide 11.2.3 SIP QoS Screen Use this screen to maintain ToS and VLAN settings for the ZyXEL Device. To access this screen, click VoIP > SIP > QoS. Figure 91 VoIP > SIP > QoS Each field is described in the following table. Table 57 VoIP > SIP > QoS LABEL DESCRIPTION SIP TOS Priority Setting Enter the priority for SIP voice transmissions. The ZyXEL Device creates Type of Service priority tags with this priority to voice traffic that it transmits.
P-2608HWL-Dx Series User’s Guide 166 Chapter 11 SIP
P-2608HWL-Dx Series User’s Guide CHAPTER 12 Phone Use these screens to configure the phones you use to make phone calls. 12.1 Phone Overview You can configure the volume, echo cancellation and VAD settings for each individual phone port on the ZyXEL Device. You can also select which SIP account to use for making outgoing calls. 12.1.1 Voice Activity Detection/Silence Suppression/Comfort Noise Voice Activity Detection (VAD) detects whether or not speech is present.
P-2608HWL-Dx Series User’s Guide Note: To take full advantage of the supplementary phone services available though the ZyXEL Device's phone ports, you may need to subscribe to the services from your VoIP service provider. 12.1.3.1 The Flash Key Flashing means to press the hook for a short period of time (a few hundred milliseconds) before releasing it. On newer telephones, there should be a "flash" key (button) that generates the signal electronically.
P-2608HWL-Dx Series User’s Guide Press the flash key and then “0” to disconnect the call presently on hold and keep the current call on line. Press the flash key and then “1” to disconnect the current call and resume the call on hold. If you hang up the phone but a caller is still on hold, there will be a remind ring. 12.1.3.2.2 European Call Waiting This allows you to place a call on hold while you answer another incoming call on the same telephone (directory) number.
P-2608HWL-Dx Series User’s Guide 12.1.3.3 USA Type Supplementary Services This section describes how to use supplementary phone services with the USA Type Call Service Mode. Commands for supplementary services are listed in the table below. After pressing the flash key, if you do not issue the sub-command before the default subcommand timeout (2 seconds) expires or issue an invalid sub-command, the current operation will be aborted.
P-2608HWL-Dx Series User’s Guide 1 When you are on the phone talking to someone, place the flash key to put the caller on hold and get a dial tone. 2 Dial a phone number directly to make another call. 3 When the second call is answered, press the flash key, wait for the sub-command tone and press “3” to create a three-way conversation. 4 Hang up the phone to drop the connection.
P-2608HWL-Dx Series User’s Guide Figure 92 VoIP > Phone > Analog Phone Each field is described in the following table. Table 60 VoIP > Phone > Analog Phone LABEL DESCRIPTION Phone Port Settings Select the phone port you want to see in this screen. If you change this field, the screen automatically refreshes. Outgoing Call Use SIP1 ... SIP8 Select which SIP accounts you want to use for outgoing calls.
P-2608HWL-Dx Series User’s Guide Figure 93 VoIP > Phone > Analog Phone > Advanced Each field is described in the following table. Table 61 VoIP > Phone > Analog Phone > Advanced LABEL DESCRIPTION Analog Phone This field displays the phone port you see in this screen. Voice Volume Control Speaking Volume Enter the loudness that the ZyXEL Device uses for speech that it sends to the peer device. -1 is the quietest, and 1 is the loudest.
P-2608HWL-Dx Series User’s Guide 12.2.3 Common Phone Settings Screen Use this screen to activate and deactivate immediate dialing. To access this screen, click VoIP > Phone > Common. Figure 94 VoIP > Phone > Common Each field is described in the following table.
P-2608HWL-Dx Series User’s Guide Figure 95 VoIP > Phone > Region Each field is described in the following table. Table 63 VoIP > Phone > Region LABEL DESCRIPTION Region Settings Select the place in which the ZyXEL Device is located. Call Service Mode Select the mode for supplementary phone services (call hold, call waiting, call transfer and three-way conference calls) that your VoIP service provider supports.
P-2608HWL-Dx Series User’s Guide 176 Chapter 12 Phone
P-2608HWL-Dx Series User’s Guide CHAPTER 13 Phone Book Use these screens to maintain call-forwarding rules and speed-dial settings. 13.1 Phone Book Overview Speed dial provides shortcuts for dialing frequently used (VoIP) phone numbers. It is also required if you want to make peer-to-peer calls. In peer-to-peer calls, you call another VoIP device directly without going through a SIP server. In the ZyXEL Device, you must set up a speed dial entry in the phone book in order to do this.
P-2608HWL-Dx Series User’s Guide Figure 96 Phone Book > Speed Dial Each field is described in the following table. Table 64 Phone Book > Speed Dial LABEL DESCRIPTION Speed Dial Use this section to create or edit speed-dial entries. Speed Dial Select the speed-dial number you want to use for this phone number. Number Enter the SIP number you want the ZyXEL Device to call when you dial the speeddial number. Name Enter a name to identify the party you call when you dial the speed-dial number.
P-2608HWL-Dx Series User’s Guide Table 64 Phone Book > Speed Dial LABEL DESCRIPTION Destination This field is blank, if the speed-dial entry uses one of your SIP accounts. Otherwise, this field shows the IP address or domain name of the SIP server or other party. (This field corresponds with the Type field in the Speed Dial section.) Modify Use this field to edit or erase the speed-dial entry.
P-2608HWL-Dx Series User’s Guide Figure 97 Phone Book > Incoming Call Policy You can create two sets of call-forwarding rules. Each one is stored in a call-forwarding table. Each field is described in the following table. Table 65 Phone Book > Incoming Call Policy 180 LABEL DESCRIPTION Table Number Select the call-forwarding table you want to see in this screen. If you change this field, the screen automatically refreshes.
P-2608HWL-Dx Series User’s Guide Table 65 Phone Book > Incoming Call Policy LABEL DESCRIPTION Advanced Setup The ZyXEL Device checks these rules before it checks the rules in the Forward to Number section. # This field is a sequential value, and it is not associated with a specific rule. The sequence is important, however. The ZyXEL Device checks each rule in order, and it only follows the first one that applies. Activate Select this to enable this rule. Clear this to disable this rule.
P-2608HWL-Dx Series User’s Guide Figure 98 Phone Book > Group Ring Each field is described in the following table. Table 66 Phone Book > Group Ring 182 LABEL DESCRIPTION Active Select this if you want to activate the group ring feature. You also have to enable individual entries. Test the Ring Use the drop down list box to select the ring tone you would like to hear (A-H). Test Click this to listen to the ring. All the phones connected to the ZyXEL Device ring when you click this button.
P-2608HWL-Dx Series User’s Guide Table 66 Phone Book > Group Ring LABEL DESCRIPTION Name Type a name for the associated telephone number. TEL Type the telephone number you want to add to a group. Group Select a group for the telephone number you entered. You can select Family, Workmate, Friend or VIP. SIP1-SIP8 You can also assign special rings for the different SIP accounts you have configured on your ZyXEL Device. Select a ring type for each of your configured SIP accounts.
P-2608HWL-Dx Series User’s Guide 184 Chapter 13 Phone Book
P-2608HWL-Dx Series User’s Guide CHAPTER 14 PSTN Line This chapter applies to P-2608HWL-Dx models only. Use this screen to set up the PSTN line used to make regular phone calls. These phone calls do not use the Internet. 14.1 PSTN Line Overview With the Public Switched Telephone Network (PSTN) line, you can make and receive regular phone calls. Use a prefix number to make a regular call. When the ZyXEL Device does not have power, you can make regular calls without dialing a prefix number.
P-2608HWL-Dx Series User’s Guide Figure 99 VoIP > PSTN Line > General Each field is described in the following table. Table 67 VoIP > PSTN Line > General 186 LABEL DESCRIPTION PSTN Line Pre-fix Number Enter 1 - 7 telephone keys (0 - 9, #, *) you dial before you dial the phone number, if you want to make a regular phone call while one of your SIP accounts is registered. These numbers tell the ZyXEL Device that you want to make a regular phone call.
P-2608HWL-Dx Series User’s Guide CHAPTER 15 Firewalls This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 15.1 Firewall Overview The networking term “firewall” is a system or group of systems that enforces an accesscontrol policy between two networks. It may also be defined as a mechanism used to protect a trusted network from an untrusted network. Of course, firewalls cannot solve every security problem.
P-2608HWL-Dx Series User’s Guide 15.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data.
P-2608HWL-Dx Series User’s Guide • The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service. 15.3.1 Denial of Service Attacks Figure 100 Firewall Application 15.
P-2608HWL-Dx Series User’s Guide Table 68 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 15.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing. 5 "Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of various computer and host systems.
P-2608HWL-Dx Series User’s Guide Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established. • SYN Attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response.
P-2608HWL-Dx Series User’s Guide Figure 103 Smurf Attack 15.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 69 ICMP Commands That Trigger Alerts 5 REDIRECT 13 TIMESTAMP_REQUEST 14 TIMESTAMP_REPLY 17 ADDRESS_MASK_REQUEST 18 ADDRESS_MASK_REPLY 15.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.
P-2608HWL-Dx Series User’s Guide 15.4.2.3 Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints. Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute the firewall gaining knowledge of the network topology inside the firewall. Often, many DoS attacks also employ a technique known as "IP Spoofing" as part of their attack.
P-2608HWL-Dx Series User’s Guide The previous figure shows the ZyXEL Device’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked. 15.5.1 Stateful Inspection Process In this example, the following sequence of events occurs when a TCP packet leaves the LAN network through the firewall's WAN interface.
P-2608HWL-Dx Series User’s Guide • Allow certain types of traffic from the Internet to specific hosts on the LAN. • Allow access to a Web server to everyone but competitors. • Restrict use of certain protocols, such as Telnet, to authorized users on the LAN. These custom rules work by evaluating the network traffic’s Source IP address, Destination IP address, IP protocol type, and comparing these to rules set by the administrator. Note: The ability to define firewall rules is a very powerful tool.
P-2608HWL-Dx Series User’s Guide A similar situation exists for ICMP, except that the ZyXEL Device is even more restrictive. Specifically, only outgoing echoes will allow incoming echo replies, outgoing address mask requests will allow incoming address mask replies, and outgoing timestamp requests will allow incoming timestamp replies. No other ICMP packets are allowed in through the firewall, simply because they are too dangerous and contain too little tracking information.
P-2608HWL-Dx Series User’s Guide • Encourage your company or organization to develop a comprehensive security plan. Good network administration takes into account what hackers can do and prepares against attacks. The best defense against hackers and crackers is information. Educate all employees about the importance of security and how to minimize risk.
P-2608HWL-Dx Series User’s Guide 15.7.1.1 When To Use Filtering • To block/allow LAN packets by their MAC addresses. • To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets. • To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the specific inside host/network "A" and outside host/network "B". If the filter blocks the traffic from A to B, it also blocks the traffic from B to A.
P-2608HWL-Dx Series User’s Guide CHAPTER 16 Firewall Configuration This chapter shows you how to enable and configure the ZyXEL Device firewall. 16.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator. CLI commands provide limited configuration options and are only recommended for advanced users. 16.
P-2608HWL-Dx Series User’s Guide Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: • Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet.
P-2608HWL-Dx Series User’s Guide 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules? 6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens. 16.
P-2608HWL-Dx Series User’s Guide 16.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed nonrestricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN. WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN).
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 72 Firewall: General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Route Select this check box to have the ZyXEL Device firewall permit the use of triangle route topology on the network.
P-2608HWL-Dx Series User’s Guide Figure 106 Firewall Rules The following table describes the labels in this screen. Table 73 Firewall Rules LABEL DESCRIPTION Firewall Rules Storage Space in Use This read-only bar shows how much of the ZyXEL Device's memory for recording firewall rules it is currently using. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
P-2608HWL-Dx Series User’s Guide Table 73 Firewall Rules (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule. A window displays asking you to confirm that you want to delete the firewall rule. Note that subsequent firewall rules move up by one when you take this action. Order Click the Move icon to display the Move the rule to field.
P-2608HWL-Dx Series User’s Guide Figure 107 Firewall: Edit Rule 206 Chapter 16 Firewall Configuration
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 74 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Packet Use the drop-down list box to select what the firewall is to do with packets that match this rule. Select Drop to silently discard the packets without sending a TCP reset packet or an ICMP destination-unreachable message to the sender.
P-2608HWL-Dx Series User’s Guide Table 74 Firewall: Edit Rule (continued) LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. 16.6.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. See Appendix D on page 387 for some examples.
P-2608HWL-Dx Series User’s Guide 16.6.3 Configuring A Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one. This action displays the following screen. Refer to Section 15.1 on page 187 for more information. Figure 109 Firewall: Configure Customized Services The following table describes the labels in this screen.
P-2608HWL-Dx Series User’s Guide 2 Select WAN to LAN in the Packet Direction field. Figure 110 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8. 4 Click Add to display the firewall rule configuration screen. 5 In the Edit Rule screen, click the Edit Customized Services link to open the Customized Service screen.
P-2608HWL-Dx Series User’s Guide Figure 112 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box.
P-2608HWL-Dx Series User’s Guide Figure 113 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
P-2608HWL-Dx Series User’s Guide Figure 114 Firewall Example: Rules: MyService 16.8 DoS Thresholds For DoS attacks, the ZyXEL Device uses thresholds to determine when to drop sessions that do not become fully established. These thresholds apply globally to all sessions. You can use the default threshold values, or you can change them to values more suitable to your security requirements. Refer to Section 16.8.3 on page 215 to configure thresholds. 16.8.
P-2608HWL-Dx Series User’s Guide You should make any changes to the threshold values before you continue configuring firewall rules. 16.8.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "halfopen" means that the session has not reached the established state-the TCP three-way handshake has not yet been completed (see Figure 101 on page 190).
P-2608HWL-Dx Series User’s Guide 16.8.3 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall, and Threshold to bring up the next screen. Figure 115 Firewall: Threshold The following table describes the labels in this screen.
P-2608HWL-Dx Series User’s Guide Table 77 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES Maximum Incomplete Low This is the number of existing half-open 80 existing half-open sessions. sessions that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number.
P-2608HWL-Dx Series User’s Guide CHAPTER 17 Content Filtering This chapter covers how to configure content filtering. 17.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL. You can set a schedule for when the ZyXEL Device performs content filtering.
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 78 Content Filter: Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature. Block Websites that contain This box contains the list of all the keywords that you have configured the these keywords in the URL: ZyXEL Device to block. Delete Highlight a keyword in the box and click Delete to remove it. Clear All Click Clear All to remove all of the keywords from the list.
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 79 Content Filter: Schedule LABEL DESCRIPTION Schedule Select Active Everyday to Block to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active. Active Select the check box to have the content filtering to be active on the selected day.
P-2608HWL-Dx Series User’s Guide 220 Chapter 17 Content Filtering
P-2608HWL-Dx Series User’s Guide CHAPTER 18 IPSec VPN This chapter explains how tos set up and maintain IPSec VPNs in the ZyXEL Device. 18.1 IPSec VPN Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
P-2608HWL-Dx Series User’s Guide Figure 120 VPN: IKE SA and IPSec SA In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks. Between routers X and Y, the data is protected by the tunneling, encryption, and authentication of the IPSec SA. The IPSec SA is established securely using the IKE SA that routers X and Y established first.
P-2608HWL-Dx Series User’s Guide 18.1.1.2 IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, authentication algorithm, and Diffie-Hellman (DH) key group that the ZyXEL Device and remote IPSec router use in the IKE SA. In main mode, this is done in steps 1 and 2, as illustrated below. Figure 121 IKE SA: Main Negotiation Mode, Steps 1 - 2: IKE SA Proposal The ZyXEL Device sends one or more proposals to the remote IPSec router.
P-2608HWL-Dx Series User’s Guide 18.1.1.4 Authentication Before the ZyXEL Device and remote IPSec router establish an IKE SA, they have to verify each other’s identity. This process is based on pre-shared keys and router identities. In main mode, the ZyXEL Device and remote IPSec router authenticate each other in steps 5 and 6, as illustrated below. Their identities are encrypted using the encryption algorithm and encryption key the ZyXEL Device and remote IPSec router selected in previous steps.
P-2608HWL-Dx Series User’s Guide In the following example, the authentication fails, so they cannot establish an IKE SA. Table 82 VPN Example: Mismatching ID Type and Content ZYXEL DEVICE REMOTE IPSEC ROUTER Local ID type: E-mail Local ID type: IP Local ID content: tom@yourcompany.com Local ID content: 1.1.1.2 Peer ID type: IP Peer ID type: E-mail Peer ID content: 1.1.1.15 Peer ID content: tom@yourcompany.
P-2608HWL-Dx Series User’s Guide 18.1.2 Additional Topics for IKE SA This section provides more information about IKE SA. 18.1.2.1 Negotiation Mode There are two negotiation modes: main mode and aggressive mode. Main mode provides better security, while aggressive mode is faster. Main mode takes six steps to establish an IKE SA. Steps 1-2: The ZyXEL Device sends its proposals to the remote IPSec router. The remote IPSec router selects an acceptable proposal and sends it back to the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide Figure 124 VPN/NAT Example If router A does NAT, it might change IP addresses (source or destination), port numbers (source or destination), or any combination of these. If router X and router Y try to establish a VPN tunnel, the authentication fails because authentication depends on the original IP addresses and port numbers. Most routers that support NAT (like router A) have an IPSec pass-through feature.
P-2608HWL-Dx Series User’s Guide 18.1.3.1 Local Network and Remote Network In IPSec SA terminology, the local network, the one(s) connected to the ZyXEL Device, may be called the local policy. Similarly, the remote network, the one(s) connected to the remote IPSec router, may be called the remote policy. 18.1.3.2 Active Protocol The active protocol controls the format of each packet. It also specifies how much of each packet is protected by the encryption and authentication algorithms.
P-2608HWL-Dx Series User’s Guide In transport mode, the IP header is the original IP header, and the encapsulation depends on the active protocol. If the active protocol is AH, the ZyXEL Device includes part of the IP header when it encapsulates the packet. If the active protocol is ESP, the ZyXEL Device does not include the original IP header when it encapsulates the packet, in which case it is not possible to verify the integrity of the source IP address.
P-2608HWL-Dx Series User’s Guide 18.1.4.1.1 IPSec SA Proposal using Manual Keys In IPSec SAs using manual keys, you can only specify one encryption algorithm and one authentication algorithm. You cannot specify several proposals. There is no DH key exchange, so you have to provide the encryption key and the authentication key the ZyXEL Device and remote IPSec router use. Note: The ZyXEL Device and remote IPSec router must use the same encryption key and authentication key. 18.1.4.1.
P-2608HWL-Dx Series User’s Guide Figure 126 VPN Setup The following table describes the fields in this screen. Table 83 VPN Setup LABEL DESCRIPTION No. This is the VPN policy index number. Click a number to edit VPN policies. Active This field displays whether the VPN policy is active or not. A Yes signifies that this VPN policy is active. No signifies that this VPN policy is not active. Name This field displays the identification name for this VPN policy.
P-2608HWL-Dx Series User’s Guide Table 83 VPN Setup LABEL DESCRIPTION Remote Address This is the IP address(es) of computer(s) on the remote network behind the remote IPSec router. This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In this case only the remote IPSec router can initiate the VPN. The same (static) IP address is displayed twice when the Remote Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Single.
P-2608HWL-Dx Series User’s Guide Figure 127 Edit VPN Policies The following table describes the fields in this screen. Table 84 Edit VPN Policies LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select either Yes or No from the drop-down list box.
P-2608HWL-Dx Series User’s Guide Table 84 Edit VPN Policies LABEL DESCRIPTION NAT Traversal This function is available if the VPN protocol is ESP. Select this check box if you want to set up a VPN tunnel when there are NAT routers between the ZyXEL Device and remote IPSec router. The remote IPSec router must also enable NAT traversal, and the NAT routers have to forward UDP port 500 packets to the remote IPSec router behind the NAT router. Name Type up to 32 characters to identify this VPN policy.
P-2608HWL-Dx Series User’s Guide Table 84 Edit VPN Policies LABEL DESCRIPTION Remote Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0. In this case only the remote IPSec router can initiate the VPN. Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both.
P-2608HWL-Dx Series User’s Guide Table 84 Edit VPN Policies LABEL DESCRIPTION Peer ID Type Select IP to identify the remote IPSec router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address. Content The configuration of the peer content depends on the peer ID type. For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.
P-2608HWL-Dx Series User’s Guide Table 84 Edit VPN Policies LABEL DESCRIPTION Encryption Select DES, 3DES, AES or NULL from the drop-down list box. Algorithm When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code. The DES encryption algorithm uses a 56-bit key.
P-2608HWL-Dx Series User’s Guide Figure 128 Advanced VPN Policies The following table describes the fields in this screen. Table 85 Advanced VPN Policies LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol. Enable Replay As a VPN setup is processing intensive, the system is vulnerable to Denial of Detection Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks.
P-2608HWL-Dx Series User’s Guide Table 85 Advanced VPN Policies LABEL DESCRIPTION Negotiation Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation.
P-2608HWL-Dx Series User’s Guide Table 85 Advanced VPN Policies LABEL DESCRIPTION Authentication Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and Algorithm SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for maximum security. SA Life Time Define the length of time before an IKE SA automatically renegotiates in this field.
P-2608HWL-Dx Series User’s Guide Figure 129 VPN: Manual Key The following table describes the fields in this screen. Table 86 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. IPSec Key Mode Select IKE or Manual from the drop-down list box.
P-2608HWL-Dx Series User’s Guide Table 86 VPN: Manual Key (continued) LABEL DESCRIPTION DNS Server (for IPSec VPN) If there is a private DNS server that services the VPN, type its IP address here. The ZyXEL Device assigns this additional DNS server to the ZyXEL Device 's DHCP clients that have IP addresses in this IPSec rule's range of local addresses. A DNS server allows clients on the VPN to find other computers and servers on the VPN by their (private) domain names.
P-2608HWL-Dx Series User’s Guide Table 86 VPN: Manual Key (continued) LABEL DESCRIPTION My IP Address Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The ZyXEL Device uses the current ZyXEL Device WAN IP address (static or dynamic) to set up the VPN tunnel.
P-2608HWL-Dx Series User’s Guide When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. See Section 18.1.3 on page 227 on keep alive to have the ZyXEL Device renegotiate an IPSec SA when the SA lifetime expires, even if there is no traffic. Figure 130 VPN: SA Monitor The following table describes the fields in this screen.
P-2608HWL-Dx Series User’s Guide 18.7 Configuring Global Setting To change your ZyXEL Device’s global settings, click VPN and then Global Setting. The screen appears as shown. Figure 131 VPN: Global Setting The following table describes the fields in this screen. Table 88 VPN: Global Setting LABEL DESCRIPTION Windows Networking NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that (NetBIOS over TCP/IP) enable a computer to find other computers.
P-2608HWL-Dx Series User’s Guide Figure 132 Telecommuters Sharing One VPN Rule Example Table 89 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS My IP Address: 0.0.0.0 (dynamic IP address assigned Public static IP address by the ISP) Secure Gateway IP Address: Public static IP address 0.0.0.0 With this IP address only the telecommuter can initiate the IPSec tunnel. Local IP Address: Telecommuter A: 192.168.2.12 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 192.168.1.
P-2608HWL-Dx Series User’s Guide Figure 133 Telecommuters Using Unique VPN Rules Example Table 90 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules: All Headquarters Rules: My IP Address 0.0.0.0 My IP Address: bigcompanyhq.com Secure Gateway Address: bigcompanyhq.com Local IP Address: 192.168.1.10 Remote IP Address: 192.168.1.10 Local ID Type: E-mail Peer ID Type: E-mail Local ID Content: bob@bigcompanyhq.com Peer ID Content: bob@bigcompanyhq.
P-2608HWL-Dx Series User’s Guide 18.9 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Advanced > Remote Management) to allow access for that service.
P-2608HWL-Dx Series User’s Guide CHAPTER 19 Certificates This chapter gives background information about public-key certificates and explains how to use them. 19.1 Certificates Overview The ZyXEL Device can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.
P-2608HWL-Dx Series User’s Guide A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has expired or been revoked. Certification authorities maintain directory servers with databases of valid and revoked certificates. A directory of certificates that have been revoked before the scheduled expiration is called a CRL (Certificate Revocation List).
P-2608HWL-Dx Series User’s Guide Use the My Certificates screens to generate and export self-signed certificates or certification requests and import the ZyXEL Device’s CA-signed certificates. Use the Trusted CAs screens to save CA certificates to the ZyXEL Device. Use the Trusted Remote Hosts screens to import self-signed certificates. Use the Directory Servers screen to configure a list of addresses of directory servers (that contain lists of valid and revoked certificates). 19.
P-2608HWL-Dx Series User’s Guide Table 91 My Certificates (continued) 252 LABEL DESCRIPTION # This field displays the certificate index number. The certificates are listed in alphabetical order. Name This field displays the name used to identify this certificate. It is recommended that you give each certificate a unique name. Type This field displays what kind of certificate this is. REQ represents a certification request and is not yet a valid certificate.
P-2608HWL-Dx Series User’s Guide 19.5 My Certificate Import Click Security > Certificates > My Certificates and then Import to open the My Certificate Import screen. Follow the instructions in this screen to save an existing certificate to the ZyXEL Device. Note: You can only import a certificate that matches a corresponding certification request that was generated by the ZyXEL Device. The certificate you import replaces the corresponding request in the My Certificates screen.
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 92 My Certificate Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click Browse to find the certificate file you want to upload. Back Click Back to return to the previous screen. Apply Click Apply to save the certificate on the ZyXEL Device. Cancel Click Cancel to clear your settings. 19.
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 93 My Certificate Create LABEL DESCRIPTION Certificate Name Type up to 31 ASCII characters (not including spaces) to identify this certificate. Subject Information Use these fields to record information that identifies the owner of the certificate. You do not have to fill in every field, although the Common Name is mandatory.
P-2608HWL-Dx Series User’s Guide Table 93 My Certificate Create (continued) LABEL DESCRIPTION Enrollment Protocol Select the certification authority’s enrollment protocol from the drop-down list box. Simple Certificate Enrollment Protocol (SCEP) is a TCP-based enrollment protocol that was developed by VeriSign and Cisco. Certificate Management Protocol (CMP) is a TCP-based enrollment protocol that was developed by the Public Key Infrastructure X.
P-2608HWL-Dx Series User’s Guide Figure 138 My Certificate Details Chapter 19 Certificates 257
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 94 My Certificate Details 258 LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certificate. You may use any character (not including spaces). Property Default self-signed certificate which signs the imported remote host certificates.
P-2608HWL-Dx Series User’s Guide Table 94 My Certificate Details (continued) LABEL DESCRIPTION Key Algorithm This field displays the type of algorithm that was used to generate the certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). Subject Alternative Name This field displays the certificate owner‘s IP address (IP), domain name (DNS) or e-mail address (EMAIL).
P-2608HWL-Dx Series User’s Guide Figure 139 Trusted CAs The following table describes the labels in this screen. Table 95 Trusted CAs 260 LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device’s PKI storage space that is currently in use. The bar turns from green to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
P-2608HWL-Dx Series User’s Guide Table 95 Trusted CAs (continued) LABEL DESCRIPTION Import Click Import to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the ZyXEL Device. Refresh Click this button to display the current validity status of the certificates. 19.9 Trusted CA Import Click Security > Certificates > Trusted CAs to open the Trusted CAs screen and then click Import to open the Trusted CA Import screen.
P-2608HWL-Dx Series User’s Guide 19.10 Trusted CA Details Click Security > Certificates > Trusted CAs to open the Trusted CAs screen. Click the details icon to open the Trusted CA Details screen. Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyXEL Device to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 97 Trusted CA Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
P-2608HWL-Dx Series User’s Guide Table 97 Trusted CA Details (continued) LABEL DESCRIPTION Key Algorithm This field displays the type of algorithm that was used to generate the certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). Subject Alternative Name This field displays the certificate’s owner‘s IP address (IP), domain name (DNS) or e-mail address (EMAIL).
P-2608HWL-Dx Series User’s Guide Figure 142 Trusted Remote Hosts The following table describes the labels in this screen. Table 98 Trusted Remote Hosts LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the ZyXEL Device’s PKI storage space that is currently in use. The bar turns from green to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
P-2608HWL-Dx Series User’s Guide 19.12 Verifying a Trusted Remote Host’s Certificate Certificates issued by certification authorities have the certification authority’s signature for you to check. Self-signed certificates only have the signature of the host itself. This means that you must be very careful when deciding to import (and thereby trust) a remote host’s selfsigned certificate. 19.12.
P-2608HWL-Dx Series User’s Guide Verify (over the phone for example) that the remote host has the same information in the Thumbprint Algorithm and Thumbprint fields. 19.13 Trusted Remote Hosts Import Click Security > Certificates > Trusted Remote Hosts to open the Trusted Remote Hosts screen and then click Import to open the Trusted Remote Host Import screen. Follow the instructions in this screen to save a trusted host’s certificate to the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide Figure 146 Trusted Remote Host Details 268 Chapter 19 Certificates
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 100 Trusted Remote Host Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
P-2608HWL-Dx Series User’s Guide Table 100 Trusted Remote Host Details (continued) LABEL DESCRIPTION MD5 Fingerprint This is the certificate’s message digest that the ZyXEL Device calculated using the MD5 algorithm. You cannot use this value to verify that this is the remote host’s actual certificate because the ZyXEL Device has signed the certificate; thus causing this value to be different from that of the remote hosts actual certificate. See Section 19.
P-2608HWL-Dx Series User’s Guide Figure 147 Directory Servers The following table describes the labels in this screen. Table 101 Directory Servers LABEL DESCRIPTION PKI Storage Space This bar displays the percentage of the ZyXEL Device’s PKI storage space that is in Use currently in use. The bar turns from green to red when the maximum is being approached. When the bar is red, you should consider deleting expired or unnecessary certificates before adding more certificates.
P-2608HWL-Dx Series User’s Guide Figure 148 Directory Server Add The following table describes the labels in this screen. Table 102 Directory Server Add LABEL DESCRIPTION Directory Service Setting Name Type up to 31 ASCII characters (spaces are not permitted) to identify this directory server. Access Protocol Use the drop-down list box to select the access protocol used by the directory server.
P-2608HWL-Dx Series User’s Guide CHAPTER 20 Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 20.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
P-2608HWL-Dx Series User’s Guide Figure 150 Static Route The following table describes the labels in this screen. Table 103 Static Route LABEL DESCRIPTION # This is the number of an individual static route. Active This field shows whether this static route is active (Yes) or not (No). Name This is the name that describes or identifies this route. Destination This parameter specifies the IP network address of the final destination. Routing is always based on network number.
P-2608HWL-Dx Series User’s Guide Figure 151 Static Route Edit The following table describes the labels in this screen. Table 104 Static Route Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Destination IP Address This parameter specifies the IP network address of the final destination. Routing is always based on network number.
P-2608HWL-Dx Series User’s Guide 276 Chapter 20 Static Route
P-2608HWL-Dx Series User’s Guide CHAPTER 21 Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 21.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
P-2608HWL-Dx Series User’s Guide The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 152 Subnet-based Bandwidth Management Example 21.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.
P-2608HWL-Dx Series User’s Guide 21.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 21.
P-2608HWL-Dx Series User’s Guide 21.6.2 Maximize Bandwidth Usage Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each bandwidth class’s bandwidth budget. The classes are set up based on subnets. The interface is set to 10240 kbps. Each subnet is allocated 2048 kbps. The unbudgeted 2048 kbps allows traffic not defined in any of the bandwidth filters to go out when you do not select the maximize bandwidth option.
P-2608HWL-Dx Series User’s Guide • Research requires more bandwidth but only gets its budgeted 2048 kbps because all of the unbudgeted and unused bandwidth goes to the higher priority sales and marketing classes. 21.6.2.2 Fairness-based Allotment of Unused & Unbudgeted Bandwidth The following table shows the amount of bandwidth that each class gets.
P-2608HWL-Dx Series User’s Guide 21.7 Over Allotment of Bandwidth You can set the bandwidth management speed for an interface higher than the interface’s actual transmission speed. Higher priority traffic gets to use up to its allocated bandwidth, even if it takes up all of the interface’s available bandwidth. This could stop lower priority traffic from being sent. The following is an example.
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 111 Media Bandwidth Management: Summary LABEL DESCRIPTION Interface These read-only labels represent the physical interfaces. Select an interface’s check box to enable bandwidth management on that interface. Bandwidth management applies to all traffic flowing out of the router through the interface, regardless of the traffic’s source.
P-2608HWL-Dx Series User’s Guide Figure 154 Bandwidth Management: Rule Setup The following table describes the labels in this screen. Table 112 Bandwidth Management: Rule Setup 284 LABEL DESCRIPTION Direction Select LAN to apply bandwidth management to traffic that the ZyXEL Device forwards to the LAN. Select WAN to apply bandwidth management to traffic that the ZyXEL Device forwards to the WAN. Select WLAN to apply bandwidth management to traffic that the ZyXEL Device forwards to the WLAN.
P-2608HWL-Dx Series User’s Guide Table 112 Bandwidth Management: Rule Setup (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing rule. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 21.9.1 Rule Configuration Click the Edit icon or User define in the Service field to configure a bandwidth management rule.
P-2608HWL-Dx Series User’s Guide Table 113 Bandwidth Management Rule Configuration (continued) LABEL DESCRIPTION Rule Name Use the auto-generated name or enter a descriptive name of up to 20 alphanumeric characters, including spaces. BW Budget Specify the maximum bandwidth allowed for the rule in kbps. The recommendation is a setting between 20 kbps and 20000 kbps for an individual rule. Priority Select a priority from the drop down list box. Choose High, Mid or Low.
P-2608HWL-Dx Series User’s Guide Table 113 Bandwidth Management Rule Configuration (continued) LABEL DESCRIPTION Protocol Select the protocol (TCP or UDP) or select User defined and enter the protocol (service type) number. 0 means any protocol number. Back Click Back to go to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 21.
P-2608HWL-Dx Series User’s Guide 288 Chapter 21 Bandwidth Management
P-2608HWL-Dx Series User’s Guide CHAPTER 22 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 22.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.
P-2608HWL-Dx Series User’s Guide Figure 157 Dynamic DNS The following table describes the fields in this screen. Table 114 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.
P-2608HWL-Dx Series User’s Guide Table 114 Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS server auto detect IP Address Select this option only when there are one or more NAT routers between the ZyXEL Device and the DDNS server. This feature has the DDNS server automatically detect and use the IP address of the NAT router that has a public IP address.
P-2608HWL-Dx Series User’s Guide 292 Chapter 22 Dynamic DNS Setup
P-2608HWL-Dx Series User’s Guide CHAPTER 23 Remote Management Configuration This chapter provides information on configuring remote management. 23.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. Note: When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
P-2608HWL-Dx Series User’s Guide • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately. • There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. • There is a firewall rule that blocks it. 23.1.
P-2608HWL-Dx Series User’s Guide 2 HTTP connection requests from a web browser go to port 80 (by default) on the ZyXEL Device’s WS (web server). Figure 158 HTTPS Implementation Note: If you disable HTTP Server Access (Disable) in the REMOTE MGMT WWW screen, then the ZyXEL Device blocks all HTTP connection attempts. 23.3 WWW To change your ZyXEL Device’s World Wide Web settings, click Advanced > Remote MGMT to display the WWW screen.
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 115 Remote Management: WWW LABEL DESCRIPTION WWW Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
P-2608HWL-Dx Series User’s Guide Figure 160 Telnet Configuration on a TCP/IP Network 23.5 Configuring Telnet Click Advanced > Remote MGMT > Telnet tab to display the screen as shown. Figure 161 Remote Management: Telnet The following table describes the labels in this screen. Table 116 Remote Management: Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
P-2608HWL-Dx Series User’s Guide 23.6 Configuring FTP You can upload and download the ZyXEL Device’s firmware and configuration files using FTP, please see Chapter 27 on page 331 for details. To use this feature, your computer must have an FTP client. To change your ZyXEL Device’s FTP settings, click Advanced > Remote MGMT > FTP tab. The screen appears as shown. Figure 162 Remote Management: FTP The following table describes the labels in this screen.
P-2608HWL-Dx Series User’s Guide 23.7 SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. SNMP is a member of the TCP/IP protocol suite. Your ZyXEL Device supports SNMP agent functionality, which allows a manager station to manage and monitor the ZyXEL Device through the network. The ZyXEL Device supports SNMP version one (SNMPv1) and version two (SNMPv2). The next figure illustrates an SNMP management operation.
P-2608HWL-Dx Series User’s Guide • GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. • Set - Allows the manager to set values for object variables within an agent. • Trap - Used by the agent to inform the manager of some events. 23.7.
P-2608HWL-Dx Series User’s Guide Figure 164 Remote Management: SNMP The following table describes the labels in this screen. Table 119 Remote Management: SNMP LABEL DESCRIPTION SNMP Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
P-2608HWL-Dx Series User’s Guide 23.8 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to Chapter 8 on page 105 for background information. To change your ZyXEL Device’s DNS settings, click Advanced > Remote MGMT > DNS. The screen appears as shown. Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s DNS settings.
P-2608HWL-Dx Series User’s Guide If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed.
P-2608HWL-Dx Series User’s Guide 23.10 TR-069 TR-069 is a protocol that defines how your ZyXEL Device can be managed via a management server such as ZyXEL’s Vantage CNM Access. An administrator can use CNM Access to remotely set up the ZyXEL Device, modify settings, perform firmware upgrades as well as monitor and diagnose the ZyXEL Device. All you have to do is enable the device to be managed by CNM Access and specify the CNM Access IP address or domain name and username and password.
P-2608HWL-Dx Series User’s Guide Table 122 TR-069 Commands Root Command or Subdirectory Command Description periodicEnable [0:Disable/ 1:Enable] Whether or not the device must periodically send information to CNM Access. It is recommended to set this value to 1 in order for the ZyXEL Device to send information to CNM Access. informInterval [sec] The duration in seconds of the interval for which the device MUST attempt to connect with CNM Access to send information and check for configuration updates.
P-2608HWL-Dx Series User’s Guide 306 Chapter 23 Remote Management Configuration
P-2608HWL-Dx Series User’s Guide CHAPTER 24 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 24.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
P-2608HWL-Dx Series User’s Guide 24.1.3 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages on the LAN only.
P-2608HWL-Dx Series User’s Guide The following table describes the fields in this screen. Table 123 Configuring UPnP LABEL DESCRIPTION Active the Universal Plug and Select this check box to activate UPnP. Be aware that anyone could use Play (UPnP) Feature a UPnP application to open the web configurator's login screen without entering the ZyXEL Device's IP address (although you must still enter the password to access the web configurator).
P-2608HWL-Dx Series User’s Guide Figure 169 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 170 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
P-2608HWL-Dx Series User’s Guide Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 171 Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details.
P-2608HWL-Dx Series User’s Guide Figure 173 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 24.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide Figure 174 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
P-2608HWL-Dx Series User’s Guide 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 176 Internet Connection Properties: Advanced Settings Figure 177 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
P-2608HWL-Dx Series User’s Guide Figure 178 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 179 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel.
P-2608HWL-Dx Series User’s Guide Figure 180 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays.
P-2608HWL-Dx Series User’s Guide Figure 181 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide 318 Chapter 24 Universal Plug-and-Play (UPnP)
P-2608HWL-Dx Series User’s Guide CHAPTER 25 System Use this screen to configure the ZyXEL Device’s time and date settings. 25.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". • In Windows 95/98 click Start, Settings, Control Panel, Network.
P-2608HWL-Dx Series User’s Guide Figure 183 System General Setup The following table describes the labels in this screen. Table 124 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted.
P-2608HWL-Dx Series User’s Guide 25.2 Time Setting To change your ZyXEL Device’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 184 System Time Setting The following table describes the fields in this screen. Table 125 System Time Setting LABEL DESCRIPTION Current Time Current Time This field displays the time of your ZyXEL Device.
P-2608HWL-Dx Series User’s Guide Table 125 System Time Setting (continued) LABEL DESCRIPTION New Time (hh:mm:ss) This field displays the last updated time from the time server or the last time configured manually. When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply. New Date (yyyy/mm/dd) This field displays the last updated date from the time server or the last date configured manually.
P-2608HWL-Dx Series User’s Guide Table 125 System Time Setting (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time.
P-2608HWL-Dx Series User’s Guide 324 Chapter 25 System
P-2608HWL-Dx Series User’s Guide CHAPTER 26 Logs This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for example log message explanations. 26.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server. 26.1.
P-2608HWL-Dx Series User’s Guide Figure 185 View Log The following table describes the fields in this screen. Table 126 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.
P-2608HWL-Dx Series User’s Guide Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many emails being sent. Figure 186 Log Settings The following table describes the fields in this screen. Table 127 Log Settings LABEL DESCRIPTION E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below.
P-2608HWL-Dx Series User’s Guide Table 127 Log Settings LABEL DESCRIPTION Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail. Send Alerts to Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs. Enter the E-mail address where the alert messages will be sent.
P-2608HWL-Dx Series User’s Guide 26.4 SMTP Error Messages If there are difficulties in sending e-mail the following error message appears. “SMTP action request failed. ret= ??". The “??"are described in the following table. Table 128 SMTP Error Messages -1 means ZyXEL Device out of socket -2 means tcp SYN fail -3 means smtp server OK fail -4 means HELO fail -5 means MAIL FROM fail -6 means RCPT TO fail -7 means DATA fail -8 means mail data send fail 26.4.
P-2608HWL-Dx Series User’s Guide Figure 187 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy |forward | 09:54:17 |UDP src port:00520 dest port:00520 |<1,00> | 3|Apr 7 00 |From:192.168.1.6 To:10.10.10.
P-2608HWL-Dx Series User’s Guide CHAPTER 27 Tools This chapter explains how to upload new firmware, manage configuration files and restart your ZyXEL Device. Note: Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR ZyXEL Device. 27.1 Introduction Use the instructions in this chapter to change the device’s configuration file or upgrade its firmware. After you configure your device, you can backup the configuration file to a computer.
P-2608HWL-Dx Series User’s Guide This is a sample FTP session saving the current configuration to the computer file “config.cfg”. If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the ZyXEL Device only recognizes “rom-0” and “ras”. Be sure you keep unaltered copies of both files for later use. The following table is a summary.
P-2608HWL-Dx Series User’s Guide Figure 188 Firmware Upgrade The following table describes the labels in this screen. Table 130 Firmware Upgrade LABEL DESCRIPTION Current Firmware This is the present Firmware version and the date created. Version File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.
P-2608HWL-Dx Series User’s Guide Figure 190 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen. Figure 191 Error Message 27.5 Backup and Restore See Section 27.7 on page 337 and Section 27.8 on page 340 for transferring configuration files using FTP/TFTP commands. Click Maintenance > Tools > Configuration.
P-2608HWL-Dx Series User’s Guide Figure 192 Configuration 27.5.1 Backup Configuration Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
P-2608HWL-Dx Series User’s Guide After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. Figure 193 Configuration Upload Successful The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
P-2608HWL-Dx Series User’s Guide Figure 196 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to Section 2.1.2 on page 48 for more information on the RESET button. 27.6 Restart System restart allows you to reboot the ZyXEL Device without turning the power off. Click Maintenance > Tools > Restart. Click Restart to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration.
P-2608HWL-Dx Series User’s Guide 4 Enter your password as requested (the default is “1234”). 5 Enter “bin” to set transfer mode to binary. 6 Use “get” to transfer files from the ZyXEL Device to the computer, for example, “get rom-0 config.rom” transfers the configuration file on the ZyXEL Device to your computer and renames it “config.rom”. See earlier in this chapter for more information on filename conventions. 7 Enter “quit” to exit the ftp prompt. 27.7.
P-2608HWL-Dx Series User’s Guide 27.7.4 Backup Configuration Using TFTP The ZyXEL Device supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. To use TFTP, your computer must have both telnet and TFTP clients. To backup the configuration file, follow the procedure shown next. 1 Use telnet from your computer to connect to the ZyXEL Device and log in.
P-2608HWL-Dx Series User’s Guide 27.7.6 Configuration Backup Using GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 133 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyXEL Device. 192.168.1.1 is the ZyXEL Device’s default IP address when shipped. Send/Fetch Use “Send” to upload the file to the ZyXEL Device and “Fetch” to back up the file on your computer.
P-2608HWL-Dx Series User’s Guide 27.8.1 Restore Using FTP Session Example Figure 199 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec. ftp>quit Refer to Section 27.3 on page 332 to read about configurations that disallow TFTP and FTP over WAN. 27.
P-2608HWL-Dx Series User’s Guide 27.9.2 FTP Session Example of Firmware File Upload Figure 200 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit More commands (found in GUI-based FTP clients) are listed earlier in this chapter. Refer to Section 27.
P-2608HWL-Dx Series User’s Guide 27.9.4 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.bin ras Where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the device’s IP address, “put” transfers the file source on the computer (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the device).
P-2608HWL-Dx Series User’s Guide 344 Chapter 27 Tools
P-2608HWL-Dx Series User’s Guide CHAPTER 28 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 28.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 201 Diagnostic: General The following table describes the fields in this screen. Table 134 Diagnostic: General LABEL DESCRIPTION TCP/IP Address Type the IP address of a computer that you want to ping in order to test a connection.
P-2608HWL-Dx Series User’s Guide Figure 202 Diagnostic: DSL Line The following table describes the fields in this screen. Table 135 Diagnostic: DSL Line LABEL 346 DESCRIPTION ATM Status Click this button to view your DSL connection’s Asynchronous Transfer Mode (ATM) statistics. ATM is a networking technology that provides high-speed data transfer. ATM uses fixed-size packets of information called cells. With ATM, a high QoS (Quality of Service) can be guaranteed.
P-2608HWL-Dx Series User’s Guide Table 135 Diagnostic: DSL Line (continued) LABEL DESCRIPTION DSL Line Status Click this button to view statistics about the DSL connections. noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the ZyXEL Device from the ISP). It is measured in decibels. The higher the number the more signal and less noise there is.
P-2608HWL-Dx Series User’s Guide 348 Chapter 28 Diagnostic
P-2608HWL-Dx Series User’s Guide CHAPTER 29 Troubleshooting This chapter covers potential problems and the corresponding remedies. 29.1 Problems Starting Up the ZyXEL Device Table 136 Troubleshooting Starting Up Your Device PROBLEM CORRECTIVE ACTION None of the lights turn on when I turn on the ZyXEL Device. Make sure that the ZyXEL Device’s power adaptor is connected to the ZyXEL Device and plugged in to an appropriate power source.
P-2608HWL-Dx Series User’s Guide 29.3 Problems with the WAN Table 138 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL light is off. Check the telephone wire and connections between the ZyXEL Device DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service. Reset your ADSL line to reinitialize your link to the DSLAM. For details, refer to Section 28.2 on page 345. 350 I cannot get a WAN IP address from the ISP.
P-2608HWL-Dx Series User’s Guide 29.4 Problems Accessing the ZyXEL Device Table 139 Troubleshooting Accessing Your Device PROBLEM CORRECTIVE ACTION I cannot The username is “admin”. The default password is “1234”. The Password and access the Username fields are case-sensitive. Make sure that you enter the correct password ZyXEL Device. and username using the proper casing. If you have changed the password and have now forgotten it, you will need to upload the default configuration file.
P-2608HWL-Dx Series User’s Guide • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. 29.4.1.1 Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address. 29.4.1.1.
P-2608HWL-Dx Series User’s Guide Figure 204 Internet Options 3 Click Apply to save this setting. 29.4.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
P-2608HWL-Dx Series User’s Guide Figure 205 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites.
P-2608HWL-Dx Series User’s Guide Figure 206 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 29.4.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
P-2608HWL-Dx Series User’s Guide Figure 207 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
P-2608HWL-Dx Series User’s Guide Figure 208 Security Settings - Java Scripting 29.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
P-2608HWL-Dx Series User’s Guide Figure 209 Security Settings - Java 29.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for
P-2608HWL-Dx Series User’s Guide Figure 210 Java (Sun) 29.5 Telephone Problems Table 140 Troubleshooting Telephone PROBLEM CORRECTIVE ACTION The telephone port won’t work or the telephone lacks a dial tone. Check the telephone connections and telephone wire. Make sure you have the VoIP SIP Settings screen properly configured. I can access the Internet, but cannot make VoIP calls. Make sure you have the VoIP SIP Settings screen properly configured. One of the PHONE lights should come on.
P-2608HWL-Dx Series User’s Guide 360 Chapter 29 Troubleshooting
P-2608HWL-Dx Series User’s Guide APPENDIX A Product Specifications See also Chapter 1 on page 41 for a general overview of the key features. Specification Tables Table 141 Device Specifications Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Server IP Pool 192.168.1.32 to 192.168.1.
P-2608HWL-Dx Series User’s Guide Table 142 Firmware Features 362 FEATURE DESCRIPTION IEEE 802.11b/g Wireless LAN The ZyXEL Device can serve as an IEEE 802.11g wireless access point. Expand your network by allowing IEEE 802.11g and IEEE 802.11b devices to connect to your network. Wireless Security The ZyXEL Device supports WEP encryption for basic security as well as WPA and WPA2 security standards.
P-2608HWL-Dx Series User’s Guide Table 142 Firmware Features FEATURE DESCRIPTION TR-069 TR-069 is a protocol that defines how your ZyXEL Device can be managed via a management server such as ZyXEL’s Vantage CNM Access. The management server can securely manage and update configuration changes in ZyXEL Devices. Firewall Your device has a stateful inspection firewall with DoS (Denial of Service) protection.
P-2608HWL-Dx Series User’s Guide Table 143 Firmware Specifications 364 ADSL Standards Support ITU G.992.1 G.dmt (Annex B, U-R2) EOC specified in ITU-T G.992.1 ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL 2/2+ AnnexM ADSL2+ (G.992.
P-2608HWL-Dx Series User’s Guide Table 143 Firmware Specifications (continued) Wireless IEEE 802.11g Compliance Frequency Range: 2.4 GHz ISM Band Advanced Orthogonal Frequency Division Multiplexing (OFDM) Data Rates: 54Mbps, 11Mbps, 5.5Mbps, 2Mbps, and 1 Mbps Auto Fallback WPA/WPA2 security WMM IEEE 802.11i IEEE 802.11e Wired Equivalent Privacy (WEP) Data Encryption 64/128/256 bit.
P-2608HWL-Dx Series User’s Guide Table 143 Firmware Specifications (continued) Voice Features SIP version 2 (Session Initiating Protocol RFC 3261) SDP (Session Description Protocol RFC 2327) RTP (RFC 1889) RTCP (RFC 1890) Voice codecs (coder/decoders) G.711, G.729 G.
P-2608HWL-Dx Series User’s Guide APPENDIX B Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
P-2608HWL-Dx Series User’s Guide Figure 211 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: 1 In the Network window, click Add.
P-2608HWL-Dx Series User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • • If your IP address is dynamic, select Obtain an IP address automatically.
P-2608HWL-Dx Series User’s Guide Figure 213 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • If you do not know your gateway’s IP address, remove previously installed gateways. If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted.
P-2608HWL-Dx Series User’s Guide Figure 214 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 215 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
P-2608HWL-Dx Series User’s Guide Figure 216 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 217 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • 372 If you have a dynamic IP address click Obtain an IP address automatically.
P-2608HWL-Dx Series User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 218 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
P-2608HWL-Dx Series User’s Guide • • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them.
P-2608HWL-Dx Series User’s Guide Figure 220 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 221 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list.
P-2608HWL-Dx Series User’s Guide • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window.
P-2608HWL-Dx Series User’s Guide Figure 223 Macintosh OS X: Network 4 For statically assigned settings, do the following: • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your ZyXEL Device in the Router address box. 5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window.
P-2608HWL-Dx Series User’s Guide 378 Appendix B Setting up Your Computer’s IP Address
P-2608HWL-Dx Series User’s Guide APPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. You use subnet masks to subdivide a network into smaller logical networks. Introduction to IP Addresses An IP address has two parts: the network number and the host ID. Routers use the network number to send packets to the correct network, while the host ID identifies a single device on the network.
P-2608HWL-Dx Series User’s Guide The following table shows the network number and host ID arrangement for classes A, B and C. Table 145 Classes of IP Addresses IP ADDRESS OCTET 1 OCTET 2 OCTET 3 OCTET 4 Class A Network number Host ID Host ID Host ID Class B Network number Network number Host ID Host ID Class C Network number Network number Network number Host ID An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 for example).
P-2608HWL-Dx Series User’s Guide Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID.
P-2608HWL-Dx Series User’s Guide Table 148 Alternative Subnet Mask Notation (continued) SUBNET MASK SUBNET MASK “1” BITS LAST OCTET BIT VALUE DECIMAL 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.252 /30 1111 1100 252 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used. Example: Two Subnets As an example, you have a class “C” address 192.168.1.0 with subnet mask of 255.
P-2608HWL-Dx Series User’s Guide Table 150 Subnet 1 (continued) IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 LAST OCTET BIT VALUE Table 151 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 128 IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask 255.255.255. 128 Subnet Mask (Binary) 11111111.11111111.11111111.
P-2608HWL-Dx Series User’s Guide Table 152 Subnet 1 (continued) LAST OCTET BIT VALUE IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62 Table 153 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.
P-2608HWL-Dx Series User’s Guide The following table shows class C IP address last octet values for each subnet. Table 156 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 The following table is a summary for class “C” subnet planning. Table 157 Class C Subnet Planning NO.
P-2608HWL-Dx Series User’s Guide The following table is a summary for class “B” subnet planning. Table 158 Class B Subnet Planning 386 NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.128.0 (/17) 2 32766 2 255.255.192.0 (/18) 4 16382 3 255.255.224.0 (/19) 8 8190 4 255.255.240.0 (/20) 16 4094 5 255.255.248.0 (/21) 32 2046 6 255.255.252.0 (/22) 64 1022 7 255.255.254.0 (/23) 128 510 8 255.255.255.0 (/24) 256 254 9 255.255.255.
P-2608HWL-Dx Series User’s Guide Appendix D Common Services The commonly used services and port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Next to the name of the service, two fields appear in brackets. The first field indicates the IP protocol type (TCP, UDP, or ICMP). The second field indicates the IP port number that defines the service. (Note that there may be more than one IP protocol type. For example, look at the DNS service.
P-2608HWL-Dx Series User’s Guide Table 159 Commonly Used Services 388 SERVICE DESCRIPTION NFS(UDP:2049) Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments. NNTP(TCP:119) Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. PING(ICMP:0) Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.
P-2608HWL-Dx Series User’s Guide APPENDIX E Importing Certificates This appendix shows importing certificates examples using Internet Explorer 5. Import Prestige Certificates into Netscape Navigator In Netscape Navigator, you can permanently trust the Prestige’s server certificate by importing it into your operating system as a trusted certification authority. Select Accept This Certificate Permanently in the following screen to do this.
P-2608HWL-Dx Series User’s Guide Figure 225 Login Screen 2 Click Install Certificate to open the Install Certificate wizard. Figure 226 Certificate General Information before Import 3 Click Next to begin the Install Certificate wizard.
P-2608HWL-Dx Series User’s Guide Figure 227 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next. Figure 228 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard.
P-2608HWL-Dx Series User’s Guide Figure 229 Certificate Import Wizard 3 6 Click Yes to add the Prestige certificate to the root store.
P-2608HWL-Dx Series User’s Guide Figure 231 Certificate General Information after Import Enrolling and Importing SSL Client Certificates The SSL client needs a certificate if Authenticate Client Certificates is selected on the Prestige. You must have imported at least one trusted CA to the Prestige in order for the Authenticate Client Certificates to be active (see the Certificates chapter for details).
P-2608HWL-Dx Series User’s Guide Figure 232 Prestige Trusted CA Screen The CA sends you a package containing the CA’s trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). Installing the CA’s Certificate 1 Double click the CA’s trusted certificate to produce a screen similar to the one shown next. Figure 233 CA Certificate Example 2 Click Install Certificate and follow the wizard as shown earlier in this appendix.
P-2608HWL-Dx Series User’s Guide Installing Your Personal Certificate(s) You need a password in advance. The CA may issue the password or you may have to specify it during the enrollment. Double-click the personal certificate given to you by the CA to produce a screen similar to the one shown next 1 Click Next to begin the wizard. Figure 234 Personal Certificate Import Wizard 1 2 The file name and path of the certificate you double-clicked should automatically appear in the File name text box.
P-2608HWL-Dx Series User’s Guide Figure 236 Personal Certificate Import Wizard 3 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. Figure 237 Personal Certificate Import Wizard 4 5 Click Finish to complete the wizard and begin the import process.
P-2608HWL-Dx Series User’s Guide Figure 238 Personal Certificate Import Wizard 5 6 You should see the following screen when the certificate is correctly installed on your computer. Figure 239 Personal Certificate Import Wizard 6 Using a Certificate When Accessing the Prestige Example Use the following procedure to access the Prestige via HTTPS. 1 Enter ‘https://Prestige IP Address/ in your browser’s web address field.
P-2608HWL-Dx Series User’s Guide Figure 241 SSL Client Authentication 3 You next see the Prestige login screen.
P-2608HWL-Dx Series User’s Guide APPENDIX F Triangle Route The Ideal Setup When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks. Figure 243 Ideal Setup The “Triangle Route” Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices.
P-2608HWL-Dx Series User’s Guide Figure 244 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your ZyXEL Device supports up to three logical LAN interfaces with the ZyXEL Device being the gateway for each logical network.
P-2608HWL-Dx Series User’s Guide Figure 245 IP Alias Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your ZyXEL Device to your LAN. Therefore your LAN is protected.
P-2608HWL-Dx Series User’s Guide 402 Appendix F Triangle Route
P-2608HWL-Dx Series User’s Guide APPENDIX G Log Descriptions This appendix provides descriptions of example log messages. Table 160 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information from the time server. Time calibration failed The router failed to get information from the time server. WAN interface gets IP: %s A WAN interface got a new IP address from the DHCP, PPPoE, PPTP or dial-up server.
P-2608HWL-Dx Series User’s Guide Table 160 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Successful HTTPS login Someone has logged on to the router's web configurator interface using HTTPS protocol. HTTPS login failed Someone has failed to log on to the router's web configurator interface using HTTPS protocol. Table 161 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max.
P-2608HWL-Dx Series User’s Guide Table 163 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was under a SYN flood attack (the TCP incomplete count is per destination host.) Exceed TCP MAX incomplete, sent TCP RST The router sent a TCP reset packet when the number of TCP incomplete connections exceeded the user configured threshold. (the TCP incomplete count is per destination host.
P-2608HWL-Dx Series User’s Guide Table 165 ICMP Logs (continued) LOG MESSAGE DESCRIPTION Triangle route packet forwarded: ICMP The firewall allowed a triangle route session to pass through. Packet without a NAT table entry blocked: ICMP The router blocked a packet that didn’t have a corresponding NAT table entry. Unsupported/out-of-order ICMP: ICMP The firewall does not support this kind of ICMP packets or the ICMP packets are out of order.
P-2608HWL-Dx Series User’s Guide Table 168 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall. Table 169 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: block keyword The content of a requested web page matched a user defined keyword. %s The system forwarded web content. For type and code details, see Table 173 on page 409.
P-2608HWL-Dx Series User’s Guide Table 170 Attack Logs (continued) LOG MESSAGE DESCRIPTION ip spoofing - no routing entry ICMP (type:%d, code:%d) The firewall classified an ICMP packet with no source routing entry as an IP spoofing attack. vulnerability ICMP (type:%d, code:%d) The firewall detected an ICMP vulnerability attack. traceroute ICMP (type:%d, code:%d) The firewall detected an ICMP traceroute attack. Table 171 802.1X Logs LOG MESSAGE DESCRIPTION Local User Database accepts user.
P-2608HWL-Dx Series User’s Guide Table 171 802.1X Logs (continued) LOG MESSAGE DESCRIPTION No Server to authenticate user. There is no authentication server to authenticate a user. Local User Database does not find user`s credential. A user was not authenticated by the local user database because the user is not listed in the local user database. Table 172 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN.
P-2608HWL-Dx Series User’s Guide Table 173 ICMP Notes (continued) TYPE CODE DESCRIPTION Time Exceeded 11 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded Parameter Problem 12 0 Pointer indicates the error Timestamp 13 0 Timestamp request message Timestamp Reply 14 0 Timestamp reply message Information Request 15 0 Information request message Information Reply 16 0 Information reply message Table 174 Syslog Logs LOG MESSAGE DESCRIPTION Mon dd hr
P-2608HWL-Dx Series User’s Guide Table 176 RTP Logs LOG MESSAGE DESCRIPTION Error, RTP init fail The initialization of an RTP session failed. Error, Call fail: RTP connect fail A VoIP phone call failed because the RTP session could not be established. Error, RTP connection cannot close The termination of an RTP session failed.
P-2608HWL-Dx Series User’s Guide The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to RFC 2408 for detailed information on each type.
P-2608HWL-Dx Series User’s Guide Figure 248 Displaying Log Parameters Example ras> sys logs category access Usage: [0:none/1:log/2:alert/3:both] ras> 4 Use sys logs category followed by a log category and a parameter to decide what to record. Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Not every parameter is available with every category.
P-2608HWL-Dx Series User’s Guide Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. Figure 249 Log Command Example ras> sys ras> sys ras> sys ras> sys # .time logs logs logs logs load category access 3 save display access source destination notes message 7|01/01/2000 09:40:13 |192.168.1.1:3 |192.168.1.33:1 RWARD Router reply ICMP packet: ICMP(type:3, code:1) 8|01/01/2000 09:40:07 |192.168.1.1:3 |192.168.1.
P-2608HWL-Dx Series User’s Guide APPENDIX H Internal SPTGEN Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual screens for each ZyXEL Device.
P-2608HWL-Dx Series User’s Guide Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 250 on page 415), then you disable every field in this menu. If you enter a parameter that is invalid in the Input column, the ZyXEL Device will not save the configuration and the command line will display the Field Identification Number.
P-2608HWL-Dx Series User’s Guide Figure 253 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) Note: You can rename your “rom-t” file when you save it to your computer but it must be named “rom-t” when you upload it to your ZyXEL Device.
P-2608HWL-Dx Series User’s Guide Table 181 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING PVA Parameter Values Allowed INPUT An example of what you may enter * Applies to the ZyXEL Device. The following are the Internal SPTGEN menus.
P-2608HWL-Dx Series User’s Guide Table 183 Menu 3 FIN FN PVA INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> = 0 30200002 = Client IP Pool Starting Address = 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server = 0.0.0.0 30200005 = Secondary DNS Server = 0.0.0.0 30200006 = Remote DHCP Server = 0.0.0.0 30200008 = IP Address = 172.21.2.
P-2608HWL-Dx Series User’s Guide Table 183 Menu 3 30201008 = IP Alias #1 Incoming protocol filters Set 3 = 256 30201009 = IP Alias #1 Incoming protocol filters Set 4 = 256 30201010 = IP Alias #1 Outgoing protocol filters Set 1 = 256 30201011 = IP Alias #1 Outgoing protocol filters Set 2 = 256 30201012 = IP Alias #1 Outgoing protocol filters Set 3 = 256 30201013 = IP Alias #1 Outgoing protocol filters Set 4 = 256 30201014 = IP Alias 2 <0(No) | 1(Yes)> = 0 30201015 = IP Address = 0.0.0.
P-2608HWL-Dx Series User’s Guide Table 183 Menu 3 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = WEP <0(DISABLE) | 1(64-bit WEP) | 2(128-bit WEP)> = 0 30500007 = Default Key 30500008 = WEP Key1 = 30500009 = WEP Key2 = 30500010 = WEP Key3 = 30500011 = WEP Key4 30500012 = Wlan Active <1|2|3|4> = 0 = <0(Disable) | 1(Enable)> = 0 */ MENU 3.5.
P-2608HWL-Dx Series User’s Guide Table 184 Menu 4 Internet Access Setup (continued) 422 40000002 = Active <0(No) | 1(Yes)> = 1 40000003 = ISP's Name 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> = 2 40000005 = Multiplexing <1(LLC-based) | 2(VC-based) = 1 40000006 = VPI # = 0 40000007 = VCI # = 35 40000008 = Service Name = any 40000009 = My Login = test@pqa 40000010 = My Password = 1234 40000011 = Single User Account <0(No) |
P-2608HWL-Dx Series User’s Guide Table 184 Menu 4 Internet Access Setup (continued) 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 40000033= Nailed-up Connection <0(No) |1(Yes)> = 0 Table 185 Menu 12 / Menu 12.1.1 IP Static Route Setup FIN FN PVA INPUT 120101001 = IP Static Route set #1, Name = 120101002 = IP Static Route set #1, Active <0(No) |1(Yes)> = 0 120101003 = IP Static Route set #1, Destination IP address = 0.0.0.
P-2608HWL-Dx Series User’s Guide Table 185 Menu 12 (continued) / Menu 12.1.4 IP Static Route Setup FIN FN PVA INPUT 120104001 = IP Static Route set #4, Name = 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)> = 0 120104003 = IP Static Route set #4, Destination IP address = 0.0.0.0 120104004 = IP Static Route set #4, Destination IP subnetmask = 0 120104005 = IP Static Route set #4, Gateway = 0.0.0.
P-2608HWL-Dx Series User’s Guide Table 185 Menu 12 (continued) 120107006 = IP Static Route set #7, Metric 120107007 = IP Static Route set #7, Private = 0 <0(No) |1(Yes)> = 0 / Menu 12.1.8 IP Static Route Setup FIN FN PVA INPUT 120108001 = IP Static Route set #8, Name = 120108002 = IP Static Route set #8, Active <0(No) |1(Yes)> = 0 120108003 = IP Static Route set #8, Destination IP address = 0.0.0.
P-2608HWL-Dx Series User’s Guide Table 185 Menu 12 (continued) 120111004 = IP Static Route set #11, Destination IP subnetmask = 0 120111005 = IP Static Route set #11, Gateway = 0.0.0.0 120111006 = IP Static Route set #11, Metric = 0 120111007 = IP Static Route set #11, Private <0(No) |1(Yes)> = 0 */ Menu 12.1.
P-2608HWL-Dx Series User’s Guide Table 185 Menu 12 (continued) 120115002 = IP Static Route set #15, Active <0(No) |1(Yes)> = 0 120115003 = IP Static Route set #15, Destination IP address = 0.0.0.0 120115004 = IP Static Route set #15, Destination IP subnetmask = 0 120115005 = IP Static Route set #15, Gateway = 0.0.0.0 120115006 = IP Static Route set #15, Metric = 0 120115007 = IP Static Route set #15, Private <0(No) |1(Yes)> = 0 */ Menu 12.1.
P-2608HWL-Dx Series User’s Guide Table 186 Menu 15 SUA Server Setup (continued) 150000014 = SUA Server #4 Port Start = 0 150000015 = SUA Server #4 Port End = 0 150000016 = SUA Server #4 Local IP address = 0.0.0.0 150000017 = SUA Server #5 Active <0(No) | 1(Yes)> = 0 150000018 = SUA Server #5 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000019 = SUA Server #5 Port Start = 0 150000020 = SUA Server #5 Port End = 0 150000021 = SUA Server #5 Local IP address = 0.0.0.
P-2608HWL-Dx Series User’s Guide Table 186 Menu 15 SUA Server Setup (continued) 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000049 = SUA Server #11 Port Start = 0 150000050 = SUA Server #11 Port End = 0 150000051 = SUA Server #11 Local IP address = 0.0.0.
P-2608HWL-Dx Series User’s Guide Table 187 Menu 21.1 Filter Set #1 (continued) / Menu 21.1.1.2 set #1, rule #2 FIN FN PVA INPUT 210102001 = IP Filter Set 1,Rule 2 Type <2(TCP/IP)> = 2 210102002 = IP Filter Set 1,Rule 2 Active <0(No)|1(Yes)> = 1 210102003 = IP Filter Set 1,Rule 2 Protocol = 6 210102004 = IP Filter Set 1,Rule 2 Dest IP address = 0.0.0.
P-2608HWL-Dx Series User’s Guide Table 187 Menu 21.1 Filter Set #1 (continued) 210103013 = IP Filter Set 1,Rule 3 Act Match <1(check next)|2(forward)| 3(drop) = 3 210103014 = IP Filter Set 1,Rule 3 Act Not Match <1(check next)|2(forward)| 3(drop) = 1 / Menu 21.1.1.
P-2608HWL-Dx Series User’s Guide Table 187 Menu 21.1 Filter Set #1 (continued) 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask = 0 210105010 = IP Filter Set 1,Rule 5 Src Port = 0 210105011 = IP Filter Set 1,Rule 5 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0 210105013 = IP Filter Set 1,Rule 5 Act Match <1(check next)|2(forward)| 3(drop)> = 3 210105014 = IP Filter Set 1,Rule 5 Act Not Match <1(Check Next) |2(Forward)|3(Dro p)> = 1 / Menu 21.1.1.
P-2608HWL-Dx Series User’s Guide Table 188 Menu 21.1 Filer Set #2, (continued) / Menu 21.1.2.1 Filter set #2, rule #1 FIN FN PVA INPUT 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/IP)> = 2 210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)> 210201003 = IP Filter Set 2, Rule 1 Protocol = 6 210201004 = IP Filter Set 2, Rule 1 Dest IP address = 0.0.0.
P-2608HWL-Dx Series User’s Guide Table 188 Menu 21.1 Filer Set #2, (continued) 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask = 0 210202010 = IP Filter Set 2,Rule 2 Src Port = 0 210202011 = IP Filter Set 2, Rule 2 Src Port Comp <0(none)|1(equal)|2 = 0 (not equal)|3(less)|4(gr eater)> 210202013 = IP Filter Set 2, Rule 2 Act Match <1(check = 3 next)|2(forward)|3( drop)> 210202014 = IP Filter Set 2, Rule 2 Act Not Match <1(check = 1 next)|2(forward)|3( drop)> / Menu 21.1.2.
P-2608HWL-Dx Series User’s Guide Table 188 Menu 21.1 Filer Set #2, (continued) 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes )> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP address = 0.0.0.0 210204005 = IP Filter Set 2, Rule 4 Dest Subnet Mask = 0 210204006 = IP Filter Set 2, Rule 4 Dest Port 210204007 = IP Filter Set 2, Rule 4 Dest Port Comp 210204008 = IP Filter Set 2, Rule 4 Src IP address = 0.0.0.
P-2608HWL-Dx Series User’s Guide Table 188 Menu 21.1 Filer Set #2, (continued) 210205011 = IP Filter Set 2, Rule 5 Src Port Comp <0(none)|1(equal)|2 = 0 (not equal)|3(less)|4(gr eater)> 210205013 = IP Filter Set 2, Rule 5 Act Match <1(check = 3 next)|2(forward)|3( drop)> 210205014 = IP Filter Set 2, Rule 5 Act Not Match <1(check = 1 next)|2(forward)|3( drop)> / Menu 21.1.2.
P-2608HWL-Dx Series User’s Guide Table 189 Menu 23 System Menus */ Menu 23.1 System Password Setup FIN FN PVA 230000000 = System Password INPUT = 1234 */ Menu 23.2 System security: radius server FIN FN PVA INPUT 230200001 = Authentication Server Configured <0(No) | 1(Yes)> = 1 230200002 = Authentication Server Active <0(No) | 1(Yes)> = 1 230200003 = Authentication Server IP Address = 192.168.1.
P-2608HWL-Dx Series User’s Guide Table 189 Menu 23 System Menus (continued) 230400008 = WPA Mixed Mode 230400009 = Data Privacy for Broadcast/ Multicast packets 230400010 = WPA Broadcast/Multicast Key Update Timer <0(Disable) |1(Enable)> <0(TKIP) |1(WEP)> = 0 = 0 = 0 Table 190 Menu 24.11 Remote Management Control / Menu 24.11 Remote Management Control FIN FN PVA INPUT 241100001 = TELNET Server Port 241100002 = TELNET Server Access 241100003 = TELNET Server Secured IP address = 0.0.0.
P-2608HWL-Dx Series User’s Guide Table 191 Command Examples (continued) FIN FN PVA INPUT FIN FN PVA INPUT 990000001 = ADSL OPMD <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> = 3 Appendix H Internal SPTGEN 439
P-2608HWL-Dx Series User’s Guide 440 Appendix H Internal SPTGEN
P-2608HWL-Dx Series User’s Guide Index A B AAL5 364 AbS 156 active protocol 228 AH 228 and encapsulation 228 ESP 228 Address Resolution Protocol (ARP) 110 administrator password 320 ADSL2 364 AH 228 and transport mode 229 alerts 326 alerts, and firewall 202 alerts, types of logs 325 ALG 149 alternative subnet mask notation 381 Analysis-by-Synthesis, codec 156 Antenna 361 anti-probing ICMP 303 any IP 109 and NAT 110 example 110 how it works 110 setup 112 application UPnP 307 application based bandwidth ma
P-2608HWL-Dx Series User’s Guide and cryptology 249 and directory servers 250, 270 and IKE SA 225 and public-key cryptology 249 and public-private keys 249 and remote hosts 264 and remote management 294 creating 254 file formats 253 generating requests 249 importing 253 remote hosts 267 replacing 251 revoked 250 storage space 251 trusted CAs 259, 261 verifying 266 Certification Authority (CA) 249 certifications 4 notices 5 viewing 5 change password at login 46 channel ID 124 circuit-switched telephone netw
P-2608HWL-Dx Series User’s Guide Domain Name System, See DNS domain name, and ISPs 319 domain name, of system 319 DoS 189 types 190 DoS (Denial of Service) basics 189 DoS thresholds, and firewall 213 DoS, attacks 190 DS Field 158 DS field 158 DSCPs 158 DSL line diagnostics 345 DTMF 156 DTMF Detection and Generation 366 Dual-Tone Multi-Frequency 156 dynamic DNS 289, 290 and DHCP 289 and ISPs 289 and services 289 and WAN 289 configuration 290 wildcard feature 289 Dynamic Jitter Butter 366 E EAP-MD5 365 Echo
P-2608HWL-Dx Series User’s Guide and Smurf attack 191 and SYN attack 191 and SYN Flood 190 and TCP/IP 190 and Teardrop 190 and three-way-handshake 190 and upper layer protocols 196 application level 188 denial of service 188 guidelines for enhancing security 196 introduction, ZyXEL 188 packet filtering 187 upper layer protocols 195 when to use 198 firewalls vs. filters 197 firmware 331 and FTP 332 and HTTP 332 upload 332, 341 upload error 334 upload example 331 uploading 331 version 332 firmware.
P-2608HWL-Dx Series User’s Guide password 225 peer identity 224 pre-shared key 224 proposal 223 user name 225 IKE SA. See also VPN.
P-2608HWL-Dx Series User’s Guide schedule 327 settings 326 sorting 325 syslog server 325 viewing 325 M MAC address filter action 134 MAC filter 134 Management Information Base (MIB) 299 Management Information Base, See MIB management software, SNMP 299 management tools 331 mapping rules, and NAT 148 maximizing bandwidth usage 279 Maximum Burst Size (MBS) 93, 98 max-incomplete high, and firewall 214 metric 92 metric, as a cost of transmission 92 MIB and SNMP 299 supported by ZyXEL Device 300 MIB (Managemen
P-2608HWL-Dx Series User’s Guide pop-ups, browser settings 351 Port Forwarding 365 port forwarding 144 and servers 144 configuration 145 example 144 Power Adaptor 366 Power Adaptor Specifications 366 PPP (Point-to-Point Protocol) Link Layer Protocol 364 PPP over ATM AAL5 364 PPP over Ethernet 364 PPPoE 89 benefits 89 PPPoE (Point-to-Point Protocol over Ethernet) 89 priority based bandwidth management 278 private keys, and remote management 294 problems hardware 349 LAN 349 lights 349 powering up 349 WAN 35
P-2608HWL-Dx Series User’s Guide RFC 2684 364 RFC 3261 366 RFC 3489 155 RIP 108 direction 108 version 108 RIP (Routing Information Protocol) 108 romfile, configuration file 331 root class, and bandwidth management 280 router features 42 routing, static route 273 RTCP 366 RTP 154, 366 rules LAN to WAN 202 rules, and bandwidth management 283 rules, and firewall 200 S safety warnings 6 saving the state, and stateful inspection 193 scheduler, and bandwidth management 278 scheduling bandwidth management 278 sc
P-2608HWL-Dx Series User’s Guide configuration 274 example 273 reaching other networks 273 Storage Humidity 361 Storage Temperature 361 STUN 155 how it works 155 SUA 142 SUA (Single User Account) 142 SUA vs.
P-2608HWL-Dx Series User’s Guide VBR-nRT 98 VBR-RT 98 VCI (Virtual Channel Identifier) 90 Virtual Channel Identifier (VCI) 90 virtual circuit (VC), and multiplexing 90 Virtual Local Area Network 159 Virtual Path Identifier (VPI) 90 virtual private networks. See VPN.
P-2608HWL-Dx Series User’s Guide Z zero configuration Internet access 94 ZyNOS 332 ZyNOS (ZyXEL Network Operating System) 331 ZyNOS firmware version 332 ZyXEL’s firewall introduction 188 Index 451