ADSL Router Series P-660HNU-Fx, P-660HN-Fx, P-661HNU-Fx (x stands for 1 or 3) Default Login Details IP Address Admin https://192.168.1.1 User Name: admin Password: 1234 User User Name: user Password: 1234 Firmware Version 3.10 www.zyxel.com Edition 1, 12/2011 www.zyxel.
Videos Videos File Sharing Video Example .................................................................................................................................55 QoS Video Example .............................................................................................................................................
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. This guide is a reference for a series of products. Therefore some features or options in this guide may not be available in your product. Related Documentation • Quick Start Guide The Quick Start Guide is designed to help you get up and running right away.
About This User's Guide • Knowledge Base If you have a specific question about your product, the answer may be here. This is a collection of answers to previously asked questions about ZyXEL products. • Forum This contains discussions on ZyXEL products. Learn from others who use ZyXEL products and share your experiences as well. Customer Support Should problems arise that cannot be solved by the methods listed above, you should contact your vendor.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The P-66xHNU-Fx Series may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide.
Document Conventions Server Firewall Router Switch 6 ADSL Series User’s Guide
Safety Warnings Safety Warnings • • • • • • • • • • • • • • • • • • • • • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. Do NOT expose your device to dampness, dust or corrosive liquids. Do NOT store things on the device. Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. Connect ONLY suitable accessories to the device. Do NOT open the device or unit.
Safety Warnings 8 ADSL Series User’s Guide
Contents Overview Contents Overview User’s Guide .......................................................................................................................................19 Introduction .............................................................................................................................................21 Introducing the Web Configurator ...........................................................................................................27 Tutorials ..............
Contents Overview 10 ADSL Series User’s Guide
Table of Contents Table of Contents About This User's Guide ......................................................................................................................3 Document Conventions .......................................................................................................................5 Safety Warnings....................................................................................................................................7 Contents Overview ......................
Table of Contents 2.3.7 Content Filter ...........................................................................................................................35 2.3.8 Firewall ....................................................................................................................................36 2.3.9 Wireless Security .....................................................................................................................37 2.3.10 WPS .........................................
Table of Contents 5.1.3 Before You Begin .....................................................................................................................88 5.2 The Broadband Screen .....................................................................................................................88 5.2.1 Add/Edit Internet Connection ...................................................................................................89 5.3 Technical Reference ............................................
Table of Contents 7.6.1 The Media Server Screen ......................................................................................................142 7.7 The Print Server Screen ..................................................................................................................143 7.7.1 Before You Begin ...................................................................................................................143 7.8 Technical Reference .............................................
Table of Contents 11.3 The Sessions Screen ....................................................................................................................178 11.4 The ALG Screen ............................................................................................................................179 11.5 Technical Reference ......................................................................................................................180 11.5.1 NAT Definitions ..............................
Table of Contents Chapter 16 VPN ....................................................................................................................................................203 16.1 Overview .......................................................................................................................................203 16.1.1 What You Can Do in the VPN Screens ................................................................................203 16.1.2 What You Need to Know About IPSec VPN ..
Table of Contents Chapter 20 System ...............................................................................................................................................231 20.1 Overview .......................................................................................................................................231 20.1.1 What You Need to Know ......................................................................................................231 20.2 The System Screen .................
Table of Contents Chapter 27 Product Specifications .....................................................................................................................255 Appendix A IP Addresses and Subnetting.......................................................................................263 Appendix B Setting Up Your Computer’s IP Address ......................................................................273 Appendix C Pop-up Windows, Java Script and Java Permissions ..........................
P ART I User’s Guide 19
C HAPT ER 1 Introduction 1.1 Overview The ADSL Router Series includes the P-660HNU-Fx, P-660HN-Fx, P-661HNU-Fx (x stands for 1 or 3). The routers in this series are ADSL2+ 4-Port Security Gateways with rich features and performance that use 802.11N technology to maximize the speed and range of your wireless signal. The ZyXEL Device is also a complete security solution with a robust firewall based on Stateful Packet Inspection (SPI) and Denial of Service (DoS) protection.
Chapter 1 Introduction Figure 1 ZyXEL Device’s Internet Access Application WAN LAN DSL You can also configure the firewall on the ZyXEL Device for secure Internet access. When the firewall is on, all incoming traffic from the Internet to your network is blocked unless it is initiated from your network. This means that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files.
Chapter 1 Introduction Figure 3 USB File Sharing / Print Server Application A B 1.3 The WPS/WLAN Button You can use the WPS button ( ) on the top of the device to turn the wireless LAN off or on. You can also use it to activate WPS in order to quickly set up a wireless network with strong security. Turn the Wireless LAN On or Off 1 Make sure the POWER LED is on (not blinking). 2 Press the WPS button for one second and release it. The WLAN/WPS LED should change from off to on or vice versa.
Chapter 1 Introduction 1.4 Ways to Manage the ZyXEL Device Use any of the following methods to manage the ZyXEL Device. • Web Configurator. This is recommended for everyday management of the ZyXEL Device using a (supported) web browser. • FTP for firmware upgrades and configuration backup/restore.
Chapter 1 Introduction 1.5 Good Habits for Managing the ZyXEL Device Do the following things regularly to make the ZyXEL Device more secure and to manage the ZyXEL Device more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters. • Write down the password and put it in a safe place. • Back up the configuration (and make sure you know how to restore it).
Chapter 1 Introduction 26 ADSL Series User’s Guide
C HAPT ER 2 Introducing the Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later versions, Mozilla Firefox 3 and later versions, or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: • Web browser pop-up windows from your device.
Chapter 2 Introducing the Web Configurator Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. 5 The following screen displays if you have not yet changed your password. It is strongly recommended you change the default password.
Chapter 2 Introducing the Web Configurator 2.2 The Web Configurator Layout Click Connection Status > System Info to show the following screen. Figure 7 Web Configurator Layout Screen A B C As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar shows the following icon in the upper right corner. Click this icon to log out of the web configurator.
Chapter 2 Introducing the Web Configurator 2.2.2 Main Window The main window displays information and configuration fields. It is discussed in the rest of this document. After you click System Info on the Connection Status screen, the System Info screen is displayed. See Chapter 4 on page 84 for more information about the System Info screen. If you click LAN Device on the System Info screen, the Connection Status screen appears.
Chapter 2 Introducing the Web Configurator Table 1 Navigation Panel Summary LINK QoS NAT Dynamic DNS TAB FUNCTION General Use this screen to enable QoS and decide allowable bandwidth using QoS. Queue Setup Use this screen to configure QoS queue assignment. Class Setup Use this screen to set up classifiers to sort traffic into different flows and assign priority and define actions to be performed for a classified traffic flow. Monitor Use this screen to view each queue’s statistics.
Chapter 2 Introducing the Web Configurator Table 1 Navigation Panel Summary LINK TAB FUNCTION Reboot Reboot Use this screen to reboot the ZyXEL Device without turning the power off. Diagnostic Ping Use this screen to test the connections to other devices. DSL Line Use this screen to identify problems with the DSL connection. 2.3 User Mode 2.3.1 Overview The Web Configurator for P-660HNU-Fx and P-660HN-Fx is set to User Mode by default.
Chapter 2 Introducing the Web Configurator • Use the Network Map screen to check if your ZyXEL Device can ping the gateway and whether it is connected to the Internet (Section 2.3.4 on page 33). • Use the Control Panel to configure and enable ZyXEL Device features, including wireless security, wireless scheduling and bandwidth management and so on (Section 2.3.5 on page 34). 2.3.3 Navigation Panel Use this navigation panel to opt out of the User mode.
Chapter 2 Introducing the Web Configurator response from the gateway. The same rule applies to the line connecting the gateway to the Internet. You can also view the devices (represented by icons indicating the kind of network device) connected to the ZyXEL Device, including those connecting wirelessly. Right-click on the ZyXEL Device icon to refresh the network map and go to the Wizard. Right click on the other icons to view information about the device. 2.3.
Chapter 2 Introducing the Web Configurator Disabling the wireless capability lowers the energy consumption of the of the ZyXEL Device. Figure 12 Power Saving The following table describes the labels in this screen. Table 4 Power Saving LABEL DESCRIPTION WLAN Status Select On or Off to specify whether the Wireless LAN is turned on or off (depending on what you selected in the WLAN Status field). This field works in conjunction with the Day and For the following times fields.
Chapter 2 Introducing the Web Configurator Figure 13 Content Filter The following table describes the labels in this screen. Table 5 Content Filter LABEL DESCRIPTION Add Click Add after you have typed a keyword. Repeat this procedure to add other keywords. Up to 64 keywords are allowed. Note: The ZyXEL Device does not recognize wildcard characters as keywords. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request.
Chapter 2 Introducing the Web Configurator 2.3.9 Wireless Security Use this screen to configure security for your the Wireless LAN. You can enter the SSID and select the wireless security mode in the following screen. Figure 15 Wireless Security The following table describes the general wireless LAN labels in this screen. Table 6 Wireless Security LABEL DESCRIPTION Wireless Network Name (SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated.
Chapter 2 Introducing the Web Configurator 2.3.10 WPS Use this screen to add a wireless station to the network using WPS. Click WPS in the Wireless Security to open the following screen. Figure 16 Wireless Security: WPS The following table describes the labels in this screen. Table 7 Wireless Security: WPS LABEL DESCRIPTION Wireless Security Click this to go back to the Wireless Security screen. Enable WPS Select Enable to activate WPS on the ZyXEL Device.
Chapter 2 Introducing the Web Configurator Figure 17 Media Server Click OK to close this screen.
Chapter 2 Introducing the Web Configurator 40 ADSL Series User’s Guide
C HAPT ER 3 Tutorials 3.
Chapter 3 Tutorials 2 You can either modify the default ADSL WAN interface by clicking the Edit icon or create a new WAN interface (if you want to keep the default one). This example creates a new WAN interface. Click Add new WAN Interface. Note: You can create multiple ADSL WAN interfaces, however, only one of them is active at one time. The Default Gateway field in the table indicates the interface is active (Yes) or not (No).
Chapter 3 Tutorials Enter or select these values and click Apply. Ex am pl e This completes your DSL WAN connection setting. 4 You should see a summary of your new DSL connection setup in the Broadband screen as follows. The ADSL WAN interface you just created should be active (Yes in the Default Gateway field).
Chapter 3 Tutorials Try to connect to a website, such as “www.zyxel.com” to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens. 3.3 How to Set up a Wireless Network This section gives you examples of how to connect the Internet wirelessly through the ADSL Device. A wireless network card or USB wireless adapter is referred to as the “wireless client” here.
Chapter 3 Tutorials Tutorial: Network > Wireless LAN > General Ex am pl e 2 Make sure Enable Wireless LAN is selected. 3 Enter “SSID_Example3” as the SSID and select Auto in the Channel Selection field to have the device search for an available channel. 4 Select 802.11b/g in the Mode Select field. 5 Select More Secure as your security level and set security mode to WPA-PSK and enter “ThisismyWPA-PSKpre-sharedkey” in the Pre-Shared Key field. Click Apply. 6 Click Connection Status > System Info.
Chapter 3 Tutorials Tutorial: Status This finishes the configuration of the ADSL Device. 3.3.3 Connecting Wirelessly to your ADSL Device This section describes how to connect wirelessly to your ADSL Device. The connection procedure is shown here using Windows XP as an example. 1 Right-click the wireless adapter icon which appears in the bottom right of your computer monitor. Click View Available Wireless Networks. Tutorial: Network > Wireless LAN > SecuritOpen the Status screen.
Chapter 3 Tutorials Tutorial: Status A 3 You are prompted to enter a password. Enter it (the pre-shared key) and click Connect. Tutorial: Network > Wireless LAN > SecuritOpen the Status screen. Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status Tutorial: Status 4 You may have to wait several minutes while your computer connects to the wireless network.
Chapter 3 Tutorials 3.3.4 Configuring the Wireless Client using the WPS PIN number This section describes how to connect the wireless client to a network using the WPS PIN method. You need to log into the Web Configurator for this. 48 1 Place a WPS-enabled device that supports the WPS PIN configuration method near the ADSL Device. 2 Log into the ADSL Device’s web configurator at http://192.168.1.1 (see Introducing the Web Configurator on page 27 for more details on this).
Chapter 3 Tutorials Note: You must repeat this procedure for every device you want to add to your network using WPS. 3.4 Setting Up NAT Port Forwarding to Allow Access to Network Servers from the Internet In this tutorial, you manage the Doom server on a computer behind the ADSL Device. In order for players on the Internet (like A in the figure below) to communicate with the Doom server, you need to configure the port settings and IP address on the ADSL Device.
Chapter 3 Tutorials 3 The port forwarding settings you configured should appear in the table. Make sure the Status check box for this rule is selected. Click Apply to have the ADSL Device start forwarding port 666 traffic to the computer with IP address 192.168.1.34. Players on the Internet then can have access to your Doom server. 3.
Chapter 3 Tutorials Note: Remember to control physical access to the USB drive so someone doesn’t access files by simply connecting it to a computer. 3.5.1 Set Up File Sharing To set up file sharing you need to connect your USB device, create user account(s) (only if you want to restrict a share’s access to certain users), enable file sharing and set up your share(s). 3.5.1.1 Activate File Sharing 1 Connect your USB device to the USB port at the back panel of the ADSL Device.
Chapter 3 Tutorials 2 Enter a user name. A user name can be any combination of letters and numbers. It must be between 5 and 15 characters long. This examples uses Bob77 as the username. 3 Enter the password that this user name must type when accessing the share. Retype it in the field below for confirmation. A password can be any combination of letters and numbers. It is case sensitive and it must be between 5 and 15 characters long. 3.5.1.
Chapter 3 Tutorials Note: Select the first option on this list to include all files and folders on the USB device. 4 You can add a description for the share or leave it blank. The Add Share Directory screen should look like the following. Leave the Access Level as Public to allow anyone connected to the ADSL Device to access the share. Click Apply. 5 Click Add new share again in the File Sharing screen. This time, you select the Bob_private folder which contains important files.
Chapter 3 Tutorials 8 Because you just want to share the Bob_private and Bob_public folders, you don't need the first share the system created, which shares the whole USB drive with everyone. So click the entry’s Delete icon and confirm the delete action. 9 Finally, click Apply again to save the changes. 3.5.2 Access Your Shared Files From a Computer You can use Windows Explorer to access the file storage devices connected to the ADSL Device.
Chapter 3 Tutorials 3 To access Bob_private, you need to enter the correct user name and password. Once you access Bob_private via your ADSL Device, you do not have to relogin unless you restart your computer. 3.5.3 File Sharing Video Example Use Adobe Reader 9 or later to play this example video. You may need to allow playback in Adobe reader and click play again to get it to start.
Chapter 3 Tutorials 3.6 Using the Print Server Feature In this section you can: • Configure a TCP/IP Printer Port. This allows a printer connected to the ADSL Device to be used by all users in your LAN as if it was directly connected to their computers. • Add a New Printer Using Windows • Add a New Printer Using Macintosh OS X Configure a TCP/IP Printer Port This example shows how you can configure a TCP/IP printer port. This example is done using the Windows 2000 Professional operating system.
Chapter 3 Tutorials documentation for instructions on how to do this or follow the instructions below if you have a Windows 2000/XP operating system. 1 Click Start > Settings, then right click on Printers and select Open. Tutorial: Open Printers Window The Printers folder opens up. First you need to open up the properties windows for the printer you want to configure a TCP/IP port. 2 3 Locate your printer. Right click on your printer and select Properties.
Chapter 3 Tutorials Tutorial: Printer Properties Window 5 A Printer Ports window appears. Select Standard TCP/IP Port and click New Port... Tutorial: Add a Port Window 6 Add Standard TCP/IP Printer Port Wizard window opens up. Click Next to start configuring the printer port. Tutorial: Add a Port Wizard 7 58 Enter the IP address of the ADSL Device to which the printer is connected in the Printer Name or IP Address: field. In our example we use the default IP address of the ADSL Device, 192.168.1.1.
Chapter 3 Tutorials Note: The computer from which you are configuring the TCP/IP printer port must be on the same LAN in order to use the printer sharing function. Tutorial: Enter IP Address of the ADSL Device 8 Select Custom under Device Type and click Settings. Tutorial: Custom Port Settings 9 Confirm the IP address of the ADSL Device in the IP Address field. 10 Select LPR under Protocol. 11 Type the LPR queue name of your printer model in the Queue Name field and click OK.
Chapter 3 Tutorials Tutorial: Custom Port Settings 12 Continue through the wizard, apply your settings and close the wizard window. 13 Repeat steps 1 to 12 to add this printer to other computers on your network. Add a New Printer Using Windows This example shows how to connect a printer to your ADSL Device using the Windows XP Professional operating system. Some menu items may look different on your operating system.
Chapter 3 Tutorials 1 Click Start > Control Panel > Printers and Faxes to open the Printers and Faxes screen. Click Add a Printer. Tutorial: Printers Folder 2 The Add Printer Wizard screen displays. Click Next. Tutorial: Add Printer Wizard: Welcome 3 Select Local printer attached to this computer and click Next.
Chapter 3 Tutorials Tutorial: Add Printer Wizard: Local or Network Printer 4 Select Create a new port and Standard TCP/IP Port. Click Next. Tutorial: Add Printer Wizard: Select the Printer Port 5 Add Standard TCP/IP Printer Port Wizard window opens up. Click Next to start configuring the printer port.
Chapter 3 Tutorials 6 Enter the IP address of the ADSL Device to which the printer is connected in the Printer Name or IP Address: field. In our example we use the default IP address of the ADSL Device, 192.168.1.1. The Port Name field updates automatically to reflect the IP address of the port. Click Next. Note: The computer from which you are configuring the TCP/IP printer port must be on the same LAN in order to use the printer sharing function.
Chapter 3 Tutorials Tutorial: Custom Port Settings 11 Click Finish to close the wizard window. Tutorial: Finish Adding the TCP/IP Port 12 Select the make of the printer that you want to connect to the print server in the Manufacturer list of printers. 13 Select the printer model from the list of Printers.
Chapter 3 Tutorials Tutorial: Add Printer Wizard: Printer Driver 16 If the following screen displays, select Keep existing driver radio button and click Next if you already have a printer driver installed on your computer and you do not want to change it. Otherwise, select Replace existing driver to replace it with the new driver you selected in the previous screen and click Next. Tutorial: Add Printer Wizard: Use Existing Driver 17 Type a name to identify the printer and then click Next to continue.
Chapter 3 Tutorials Tutorial: Add Printer Wizard: Name Your Printer 18 The ADSL Device is a print server itself and you do not need to have your computer act as a print server by sharing the printer with other users in the same network; just select Do not share this printer and click Next to proceed to the following screen. Tutorial: Add Printer Wizard: Printer Sharing 19 Select Yes and then click the Next button if you want to print a test page.
Chapter 3 Tutorials Tutorial: Add Printer Wizard: Print Test Page 20 The following screen shows your current printer settings. Select Finish to complete adding a new printer. Tutorial: Add Printer Wizard Complete Add a New Printer Using Macintosh OS X Complete the following steps to set up a print server driver on your Macintosh computer. 1 Click the Print Center icon located in the Macintosh Dock (a place holding a series of icons/ shortcuts at the bottom of the desktop). Proceed to step 6 to continue.
Chapter 3 Tutorials Tutorial: Macintosh HD folder 4 Double-click the Utilities folder. Tutorial: Applications Folder 5 Double-click the Print Center icon. Tutorial: Utilities Folder 6 Click the Add icon at the top of the screen. Tutorial: Printer List Folder 7 Set up your printer in the Printer List configuration screen. Select IP Printing from the dropdown list box. 8 In the Printer’s Address field, type the IP address of your ADSL Device. 9 Deselect the Use default queue on server check box.
Chapter 3 Tutorials 11 Select your Printer Model from the drop-down list box. If the printer's model is not listed, select Generic. Tutorial: Printer Configuration 12 Click Add to select a printer model, save and close the Printer List configuration screen. Tutorial: Printer Model 13 The Name LP1 on 192.168.1.1 displays in the Printer List field. The default printer Name displays in bold type. Tutorial: Print Server Your Macintosh print server driver setup is complete.
Chapter 3 Tutorials 3.7 Configuring the MAC Address Filter for Restricting Wireless Internet Access Thomas noticed that his daughter Josephine spends too much time surfing the web and downloading media files. He decided to prevent Josephine from accessing the Internet so that she can concentrate on preparing for her final exams. Josephine’s computer connects wirelessly to the Internet through the ADSL Device.
Chapter 3 Tutorials Thomas can also grant access to the computers of other members of his family and friends. However, Josephine and others not listed in this screen will no longer be able to access the Internet through the ADSL Device. 3.8 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the ADSL Device’s LAN. The router may be used to separate two department networks.
Chapter 3 Tutorials You need to specify a static routing rule on the ADSL Device to specify R as the router in charge of forwarding traffic to N2. In this case, the ADSL Device routes traffic from A to R and then R routes the traffic to B.This tutorial uses the following example IP settings: N1 A R N2 B Table 8 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS The ADSL Device’s WAN 172.16.1.1 The ADSL Device’s LAN 192.168.1.1 A 192.168.1.34 R’s N1 192.168.1.253 R’s N2 192.168.10.
Chapter 3 Tutorials Click Apply. The Routing screen should display the route you just added. Now B should be able to receive traffic from A. You may need to additionally configure B’s firewall settings to allow specific traffic to pass through. 3.9 Configuring QoS Queue and Class Setup This section contains tutorials on how you can configure the QoS screen. Note: Voice traffic will not be affected by the user-defined QoS settings on the ADSL Device. It always gets the highest priority.
Chapter 3 Tutorials QoS allows the ADSL Device to group and prioritize application traffic and fine-tune network performance. The ADSL Device assigns each packet a priority and queues the packet according to your configured classifiers. Classifiers define how to sort traffic into different flows, assign priority, and define actions to be performed for classified traffic flows. Note: QoS is applied to traffic flowing out of the ADSL Device.
Chapter 3 Tutorials Class Name Give a class name to this traffic, such as Email in this example. To Queue Link this to a queue created in the QoS > Queue Setup screen, which is the Email queue created in this example. From Interface This is the interface from which the traffic will be coming from. Select Lan. Ether Type Select IP to identify the traffic source by its IP address or MAC address. Source - MAC Address Type the MAC address of your computer - AA:FF:AA:FF:AA:FF.
Chapter 3 Tutorials Tutorial: Advanced > QoS > Monitor 3.9.1 QoS Video Example Use Adobe Reader 9 or later to play this example video. You may need to allow playback in Adobe reader and click play again to get it to start.
Chapter 3 Tutorials 3.10 Access the ADSL Device Using DDNS If you connect your ADSL Device to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The ADSL Device’s WAN IP address changes dynamically. Dynamic DNS (DDNS) allows you to access the ADSL Device using a domain name.
Chapter 3 Tutorials http://zyxelrouter.dyndns.org w.x.y.z a.b.c.d To use this feature, you have to apply for DDNS service at www.dyndns.org. This tutorial shows you how to: • Registering a DDNS Account on www.dyndns.org • Configuring DDNS on Your ADSL Device • Testing the DDNS Setting Note: If you have a private WAN IP address, then you cannot use DDNS. 3.10.1 Registering a DDNS Account on www.dyndns.org 1 Open a browser and type http://www.dyndns.org. 2 Apply for a user account.
Chapter 3 Tutorials Click Apply. 3.10.3 Testing the DDNS Setting Now you should be able to access the ADSL Device from the Internet. To test this: 1 Open a web browser on the computer (using the IP address a.b.c.d) that is connected to the Internet. 2 Type http://zyxelrouter.dyndns.org and press [Enter]. 3 The ADSL Device’s login page should appear. You can then log into the ADSL Device and manage it.
Chapter 3 Tutorials 80 ADSL Series User’s Guide
P ART II Technical Reference 81
C HAPT ER 4 Connection Status and System Info Screens 4.1 Overview After you log into the web configurator, the Connection Status screen appears. This shows the network connection status of the ZyXEL Device and clients connected to it. Use the System Info screen to look at the current status of the device, system resources and interfaces (LAN, WAN, WLAN). 4.2 The Connection Status Screen Use this screen to view the network connection status of the device and its clients.
Chapter 4 Connection Status and System Info Screens Figure 19 Connection Status: List View In Icon View, if you want to view information about a client, click the client’s name and then click on Info. If you want to change the name or icon of the client, click the client’s name and then click on Change name/icon. In List View, you can also view the client’s information. 4.3 The System Info Screen Click Connection Status > System Info to open this screen.
Chapter 4 Connection Status and System Info Screens Table 9 System Info Screen LABEL DESCRIPTION Refresh Interval Select how often you want the ZyXEL Device to update this screen from the drop-down list box. Device Information Host Name This field displays the ZyXEL Device system name. It is used for identification. You can change this in the Maintenance > System screen’s Host Name field. Model Name This is the model name of your device.
Chapter 4 Connection Status and System Info Screens LABEL Status DESCRIPTION This field indicates whether or not the ZyXEL Device is using the interface.
C HAPT ER 5 Broadband 5.1 Overview This chapter discusses the ZyXEL Device’s Broadband screens. Use these screens to configure your ZyXEL Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations. Figure 21 LAN and WAN LAN WAN 5.1.
Chapter 5 Broadband WAN IP Address The WAN IP address is an IP address for the ZyXEL Device, which makes it accessible from an outside network. It is used by the ZyXEL Device to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the ZyXEL Device tries to access the Internet. If your ISP assigns you a static WAN IP address, they should also assign you the subnet mask and DNS server IP address(es).
Chapter 5 Broadband The following table describes the fields in this screen. Table 10 Network Setting > Broadband LABEL DESCRIPTION Add new WAN Interface Click this to create a new WAN interface. Internet Setup # This is the index number of the connection. Name This is the service name of the connection. Type This shows the type of interface used by this connection. Mode This shows whether the connection is in routing mode or bridge mode.
Chapter 5 Broadband Figure 23 Broadband Add/Edit: Routing- PPPoE The following table describes the fields in this screen. Table 11 Broadband Add/Edit: Routing- PPPoE Label DESCRIPTION General 90 Name Enter a service name of the connection. Type ADSL: The ZyXEL Device uses the ADSL technology for data transmission over the DSL port. Mode Select Routing (default) from the drop-down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account.
Chapter 5 Broadband Table 11 Broadband Add/Edit: Routing- PPPoE (continued) Label WAN Service Type DESCRIPTION This field is available only when you select Routing in the Mode field. Select the method of encapsulation used by your ISP. • • • PPPoE Passthrough PPP over Ethernet (PPPoE) - PPPoE (Point to Point Protocol over Ethernet) provides access control and billing functionality in a manner similar to dial-up services using PPP. Select this if you have a username and password for Internet access.
Chapter 5 Broadband Table 11 Broadband Add/Edit: Routing- PPPoE (continued) Label DESCRIPTION PPP User Name Enter the user name exactly as your ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. PPP Password Enter the password associated with the user name above. PPPoE Service Name Type the name of your PPPoE service here.
Chapter 5 Broadband Table 11 Broadband Add/Edit: Routing- PPPoE (continued) Label DESCRIPTION Apply Click Apply to save your changes. Back Click Back to return to the previous screen. 5.2.1.2 Routing- IPoE Click the Add new WAN Interface in the Network Setting > Broadband screen or the Edit icon next to the connection you want to configure. Select Routing as the encapsulation mode and IPoE as the WAN service type.
Chapter 5 Broadband The following table describes the fields in this screen. Table 12 Broadband Add/Edit: Routing- IPoE Label DESCRIPTION General Name Enter a service name of the connection. Type ADSL: The ZyXEL Device uses the ADSL technology for data transmission over the DSL port. Mode Select Routing (default) from the drop-down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account.
Chapter 5 Broadband Table 12 Broadband Add/Edit: Routing- IPoE (continued) Label MTU DESCRIPTION The Maximum Transmission Unit (MTU) defines the size of the largest packet allowed on an interface or connection. Enter the MTU in this field. For IPoE, the MTU value is 1500. IP Address This section is available only when you select Routing in the Mode field and IPoE in the WAN Service Type field. Obtain an IP Address Automatically A static IP address is a fixed IP that your ISP gives you.
Chapter 5 Broadband 5.2.1.3 Routing- PPPoA Click the Add new WAN Interface in the Network Setting > Broadband screen or the Edit icon next to the connection you want to configure. Select Routing as the encapsulation mode and PPPoA as the WAN service type. Figure 25 Broadband Add/Edit: Routing- PPPoA The following table describes the fields in this screen. Table 13 Broadband Add/Edit: Routing- PPPoA Label DESCRIPTION General Name 96 Enter a service name of the connection.
Chapter 5 Broadband Table 13 Broadband Add/Edit: Routing- PPPoA Label DESCRIPTION Type ADSL: The ZyXEL Device uses the ADSL technology for data transmission over the DSL port. Mode Select Routing (default) from the drop-down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account. WAN Service Type This field is available only when you select Routing in the Mode field. Select the method of encapsulation used by your ISP.
Chapter 5 Broadband Table 13 Broadband Add/Edit: Routing- PPPoA Label DESCRIPTION PPP Password Enter the password associated with the user name above. Authentication Method The ZyXEL Device supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol). CHAP is more secure than PAP; however, PAP is readily available on more platforms. Use the drop-down list box to select an authentication protocol for outgoing calls.
Chapter 5 Broadband Figure 26 Broadband Add/Edit: Bridge (ADSL) The following table describes the fields in this screen. Table 14 Broadband Add/Edit: Bridge (ADSL) Label DESCRIPTION General Name Enter a service name of the connection. Type Select ADSL as the interface for which you want to configure here. The ZyXEL Device uses the ADSL technology for data transmission over the DSL port.
Chapter 5 Broadband Table 14 Broadband Add/Edit: Bridge (ADSL) (continued) Label DESCRIPTION Encapsulation Mode The encapsulation method of multiplexing used by your is LLC/SNAP-BRIDGING. In LCC encapsulation, bridged PDUs are encapsulated by identifying the type of the bridged media in the SNAP header. Service Category Select UBR Without PCR for applications that are non-time sensitive, such as e-mail. Select CBR (Constant Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic.
Chapter 5 Broadband For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example RADIUS). One of the benefits of PPPoE is the ability to let you access one of multiple network services, a function known as dynamic service selection. This enables the service provider to easily create and offer new IP services for individuals.
Chapter 5 Broadband congestion, which is important for transmission of real time data such as audio and video connections. Peak Cell Rate (PCR) is the maximum rate at which the sender can send cells. This parameter may be lower (but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec. This rate is not guaranteed because it is dependent on the line speed.
Chapter 5 Broadband The VBR-RT (real-time Variable Bit Rate) type is used with bursty connections that require closely controlled delay and delay variation. It also provides a fixed amount of bandwidth (a PCR is specified) but is only available when data is being sent. An example of an VBR-RT connection would be video conferencing. Video conferencing requires real-time data transfers and the bandwidth requirement varies in proportion to the video image's changing dynamics.
Chapter 5 Broadband and is used by IP multicast computers. The address 224.0.0.1 is used for query messages and is assigned to the permanent group of all IP hosts (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group. At start up, the ZyXEL Device queries all directly connected networks to gather group membership. After that, the ZyXEL Device periodically updates this information.
C HAPT ER 6 Wireless 6.1 Overview This chapter describes the ZyXEL Device’s Network Setting > Wireless screens. Use these screens to set up your ZyXEL Device’s wireless connection. 6.1.1 What You Can Do in this Chapter • Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode (Section 6.2 on page 107). • Use the More AP screen to set up multiple wireless networks on your ZyXEL Device (Section 6.3 on page 113).
Chapter 6 Wireless Figure 28 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your ZyXEL Device is the AP. Every wireless network must follow these basic guidelines: • Every device in the same wireless network must use the same SSID. The SSID is the name of the wireless network. It stands for Service Set IDentifier.
Chapter 6 Wireless 6.1.3 Before You Begin Before you start using these screens, ask yourself the following questions. See Section 6.7 on page 119 if some of the terms used here do not make sense to you. • What wireless standards do the other wireless devices support (IEEE 802.
Chapter 6 Wireless The following table describes the labels in this screen. Table 15 Network > Wireless LAN > General LABEL DESCRIPTION Wireless Network Setup Wireless Select the Enable Wireless LAN check box to activate the wireless LAN. Wireless Network Settings Wireless Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated. Wireless devices associating to the access point (AP) must have the same SSID.
Chapter 6 Wireless 6.2.1 No Security Select No Security to allow wireless stations to communicate with the access points without any data encryption or authentication. Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 30 Wireless > General: No Security The following table describes the labels in this screen.
Chapter 6 Wireless Figure 31 Wireless > General: Basic (Static WEP/Shared WEP) The following table describes the labels in this screen. Table 17 Wireless > General: Basic (Static WEP/Shared WEP) LABEL DESCRIPTION Security Mode Choose Static WEP or Shared WEP from the drop-down list box. • • WEP Key Select Static WEP to have the ZyXEL Device allow association with wireless clients that use Open System mode.
Chapter 6 Wireless 6.2.3 More Secure (WPA(2)-PSK) The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the ZyXEL Device and the connecting client share a common password in order to validate the connection. This type of encryption, while robust, is not as strong as WPA, WPA2 or even WPA2-PSK. The WPA2-PSK security mode is a newer, more robust version of the WPA encryption standard.
Chapter 6 Wireless Table 18 Wireless > General: WPA(2)-PSK (continued) LABEL DESCRIPTION WPA-PSK Compatible This field appears when you choose WPA-PSK2 as the Security Mode. Encryption Check this field to allow wireless devices using WPA-PSK security mode to connect to your ZyXEL Device. The ZyXEL Device supports WPA-PSK and WPA2-PSK simultaneously. If the security mode is WPA-PSK, the encryption mode is set to TKIP to enable Temporal Key Integrity Protocol (TKIP) security on your wireless network.
Chapter 6 Wireless The following table describes the labels in this screen. Table 19 Wireless > General: More Secure: WPA(2) LABEL DESCRIPTION Security Level Select More Secure to enable WPA(2)-PSK data encryption. Security Mode Choose WPA or WPA2 from the drop-down list box. Authentication Server IP Address Enter the IP address of the external authentication server in dotted decimal notation. Port Number Enter the port number of the external authentication server. The default port number is 1812.
Chapter 6 Wireless The following table describes the labels in this screen. Table 20 Network Settings > Wireless > More AP LABEL DESCRIPTION # This is the index number of the entry. Active This field indicates whether this SSID is active. A yellow bulb signifies that this SSID is active. A gray bulb signifies that this SSID is not active. SSID An SSID profile is the set of parameters relating to one of the ZyXEL Device’s BSSs.
Chapter 6 Wireless Table 21 Wireless > More AP: Edit LABEL DESCRIPTION Wireless Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated. Wireless devices associating to the access point (AP) must have the same SSID. Enter a descriptive name (up to 32 English keyboard characters) for the wireless LAN.
Chapter 6 Wireless Figure 36 Network Setting > Wireless > WPS The following table describes the labels in this screen. Table 22 Network Setting > Wireless > WPS LABEL DESCRIPTION Enable WPS Select Enable to activate WPS on the ZyXEL Device. Add a new device with WPS Method Method 1 PBC WPS Use this section to set up a WPS wireless network using Push Button Configuration (PBC).
Chapter 6 Wireless Table 22 Network Setting > Wireless > WPS (continued) LABEL AP PIN DESCRIPTION The PIN of the ZyXEL Device is shown here. Enter this PIN in the configuration utility of the device you want to connect to using WPS. The PIN is not necessary when you use WPS push-button method. Click the Generate New PIN button to have the ZyXEL Device create a new PIN.
Chapter 6 Wireless The following table describes the labels in this screen. Table 23 Network Setting > Wireless > WMM LABEL DESCRIPTION Enable WMM of SSID1~4 This enables the ZyXEL Device to automatically give a service a priority level according to the ToS value in the IP header of packets it sends. WMM QoS (Wifi MultiMedia Quality of Service) gives high priority to voice and video, which makes them run more smoothly.
Chapter 6 Wireless Table 24 Network Setting > Wireless > Scheduling LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 6.7 Technical Reference This section discusses wireless LANs in depth. For more information, see the appendix. 6.7.1 Additional Wireless Terms The following table describes some wireless network terms and acronyms used in the ZyXEL Device’s web configurator.
Chapter 6 Wireless These security standards vary in effectiveness. Some can be broken, such as the old Wired Equivalent Protocol (WEP). Using WEP is better than using no security at all, but it will not keep a determined attacker out. Other security standards are secure in themselves but can be broken if a user does not use them properly.
Chapter 6 Wireless 6.7.2.3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before using it. However, every device in the wireless network has to support IEEE 802.1x to do this. For wireless networks, you can store the user names and passwords for each user in a RADIUS server. This is a server used in businesses more than in homes.
Chapter 6 Wireless Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. 6.7.3 Signal Problems Because wireless networks are radio networks, their signals are subject to limitations of distance, interference and absorption. Problems with distance occur when the two radios are too far apart.
Chapter 6 Wireless 6.7.5.1 Notes on Multiple BSSs • A maximum of eight BSSs are allowed on one AP simultaneously. • You must use different keys for different BSSs. If two wireless devices have different BSSIDs (they are in different BSSs), but have the same keys, they may hear each other’s communications (but not communicate with each other). • MBSSID should not replace but rather be used in conjunction with 802.1x security. 6.7.
Chapter 6 Wireless Use the PIN method instead of the push-button configuration (PBC) method if you want to ensure that the connection is established between the devices you specify, not just the first two devices to activate WPS in range of each other. However, you need to log into the configuration interfaces of both devices to use the PIN method.
Chapter 6 Wireless Figure 40 Example WPS Process: PIN Method ENROLLEE REGISTRAR WPS This device’s WPS PIN: 123456 WPS Enter WPS PIN from other device: WPS START WPS START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION 6.7.6.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role.
Chapter 6 Wireless Figure 41 How WPS works ACTIVATE WPS ACTIVATE WPS WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The next time you use WPS, a different device can be the registrar if necessary. The WPS connection process is like a handshake; only two devices participate in each WPS transaction.
Chapter 6 Wireless Figure 42 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO AP1 CLIENT 1 In step 2, you add another wireless client to the network. You know that Client 1 supports registrar mode, but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network. In this case, AP1 must be the registrar, since it is configured (it already has security information for the network).
Chapter 6 Wireless In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. Figure 44 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 E CO ING T XIS ION CT E NN AP1 REGISTRAR CLIENT 2 SE CU RIT Y ENROLLEE INF O AP2 6.7.6.
Chapter 6 Wireless • When you use the PBC method, there is a short period (from the moment you press the button on one device to the moment you press the button on the other device) when any WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct” enrollee, and cannot differentiate between your enrollee and a rogue device. This is a possible way for a hacker to gain access to a network. You can easily check to see if this has happened.
Chapter 6 Wireless 130 ADSL Series User’s Guide
C HAPT ER 7 Home Networking 7.1 Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is usually located in one immediate area such as a building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses. LAN DSL 7.1.1 What You Can Do in this Chapter • Use the LAN IP screen to set the LAN IP address, subnet mask, and DHCP settings (Section 7.2 on page 134).
Chapter 7 Home Networking Subnet Mask The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise. DHCP DHCP (Dynamic Host Configuration Protocol) allows clients to obtain TCP/IP configuration at startup from a server.
Chapter 7 Home Networking 7.1.2.3 About File Sharing User Account This gives you access to the file sharing server. It includes your user name and password. Workgroup name This is the name given to a set of computers that are connected on a network and share resources such as a printer or files. Windows automatically assigns the workgroup name when you set up a network. Shares When settings are set to default, each USB device connected to the ZyXEL Device is given a folder, called a “share”.
Chapter 7 Home Networking 7.1.2.5 About Printer Server Print Server This is a computer or other device which manages one or more printers, and which sends print jobs to each printer from the computer itself or other devices. Operating System An operating system (OS) is the interface which helps you manage a computer. Common examples are Microsoft Windows, Mac OS or Linux.
Chapter 7 Home Networking Figure 45 Network Setting > Home Networking > LAN Setup The following table describes the fields on this screen. Table 27 Network Setting > Home Networking > LAN Setup LABEL DESCRIPTION LAN IP Setup IP Address Enter the LAN IP address you want to assign to your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). IP Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
Chapter 7 Home Networking Table 27 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION DNS Server 1-3 Select From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address). Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply.
Chapter 7 Home Networking Table 28 Network Setting > Home Networking > Static DHCP (continued) LABEL DESCRIPTION MAC Address The MAC (Media Access Control) or Ethernet address on a LAN (Local Area Network) is unique to your computer (six pairs of hexadecimal notation). A network interface card such as an Ethernet adapter has a hardwired address that is assigned at the factory. This address follows an industry standard that ensures no other adapter has a similar address.
Chapter 7 Home Networking Figure 48 Network Setting > Home Networking > UPnP The following table describes the labels in this screen. Table 30 Network Settings > Home Networking > UPnP LABEL DESCRIPTION UPnP Select Enable to activate UPnP. Be aware that anyone could use a UPnP application to open the web configurator's login screen without entering the ZyXEL Device's IP address (although you must still enter the password to access the web configurator). Apply Click Apply to save your changes. 7.
Chapter 7 Home Networking 7.5.1 Before You Begin Make sure the ZyXEL Device is connected to your network and turned on. 1 Connect the USB device to the ZyXEL Device’s USB port. Make sure the ZyXEL Device is connected to your network. 2 The ZyXEL Device detects the USB device and makes its contents available for browsing. If you are connecting a USB hard drive that comes with an external power supply, make sure it is connected to an appropriate power source that is on.
Chapter 7 Home Networking Table 31 Network Setting > Home Networking > File Sharing LABEL DESCRIPTION Add New User Click this only if you want to define a user name and a password required to access the share - see 7.5.3. Note: By default, everyone connected to the ZyXEL Device can access the share. You only need to create users if you wish to restrict access to the content on the share. Active Select the check box to allow this user to access shares on your network - see 7.5.
Chapter 7 Home Networking Table 32 File Sharing: Add New Share LABEL DESCRIPTION Access Level Select Public to make the share available to all users on your network. This is the default option. Select Security if you wish define usernames and passwords required to access a specific share - see 7.5.3 to create users.
Chapter 7 Home Networking 7.6 The Media Server Screen You can set up your ZyXEL Device to act as a media server to provide media (like video) to DLNAcompliant players, such as Windows Media Player, ZyXEL DMAs (Digital Media Adapters), Xboxes or PS3s. The media server and the clients must have IP addresses in the same subnet. The ZyXEL Device media server enables you to: • Publish all shares for everyone to play media files in the USB storage device connected to the ZyXEL Device.
Chapter 7 Home Networking Each field is described in the following table. Table 34 Network Setting > Home Networking > Media Server LABEL DESCRIPTION Enable Media Server Select this to have the ZyXEL Device function as a DLNA-compliant media server. Apply Click Apply to save your changes back to the ZyXEL Device. 7.7 The Print Server Screen The ZyXEL Device allows you to share a USB printer on your LAN.
Chapter 7 Home Networking Figure 56 Network Setting > Home Networking > Printer Server The following table describes the labels in this menu. Table 35 Network Setting > Home Networking > Print Server LABEL DESCRIPTION Printer Server Select Enable to have the Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. ZyXEL Device share a USB printer. 7.
Chapter 7 Home Networking IP Pool Setup The ZyXEL Device is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool). See the product specifications in the appendices. Do not assign static IP addresses from the DHCP pool to your LAN computers. LAN TCP/IP The ZyXEL Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability.
Chapter 7 Home Networking You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.
Chapter 7 Home Networking Table 36 Compatible USB Printers (continued) BRAND MODEL EPSON Stylus Color 670 HP Deskjet 5550 HP Deskjet 5652 HP Deskjet 830C HP Deskjet 845C HP Deskjet 1125C HP Deskjet 1180C HP Deskjet 1220C HP Deskjet F4185 HP Laserjet 1022 HP Laserjet 1200 HP Laserjet 2200D HP Laserjet 2420 HP Color Laserjet 1500L HP Laserjet 3015 HP Officejet 4255 HP Officejet 5510 HP Officejet 5610 HP Officejet 7210 HP Officejet Pro L7380 HP Photosmart 2610 HP P
Chapter 7 Home Networking Table 36 Compatible USB Printers (continued) BRAND MODEL OKI B4350 SAMSUNG ML-1710 SAMSUNG SCX-4016 7.9 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel. Double-click Add/Remove Programs. 2 Click the Windows Setup tab and select Communication in the Components selection box. Click Details.
Chapter 7 Home Networking Figure 59 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Chapter 7 Home Networking Figure 61 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Figure 62 Networking Services 6 150 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next.
Chapter 7 Home Networking 7.10 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled Network Device 1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway.
Chapter 7 Home Networking Figure 64 Internet Connection Properties 4 152 You may edit or delete the port mappings or click Add to manually add port mappings.
Chapter 7 Home Networking Figure 65 Internet Connection Properties: Advanced Settings Figure 66 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Chapter 7 Home Networking Figure 67 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 68 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. 154 1 Click Start and then Control Panel.
Chapter 7 Home Networking Figure 69 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays.
Chapter 7 Home Networking Figure 70 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device.
C HAPT ER 8 Routing 8.1 Overview The ZyXEL Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ZyXEL Device send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the ZyXEL Device’s LAN interface. The ZyXEL Device routes most traffic from A to the Internet through the ZyXEL Device’s default gateway (R1).
Chapter 8 Routing Figure 73 Network Setting > Routing The following table describes the labels in this screen. Table 37 Network Setting > Routing LABEL DESCRIPTION Add New Static Route Click this to set up a new static route on the ZyXEL Device. # This is the number of an individual static route. Active This indicates whether the rule is active or not. A yellow bulb signifies that this static route is active. A gray bulb signifies that this static route is not active.
Chapter 8 Routing The following table describes the labels in this screen. Table 38 Routing: Add/Edit LABEL DESCRIPTION Active Click this to activate this static route. Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Destination IP Address This parameter specifies the IP network address of the final destination. Routing is always based on network number. If you need to specify a route to a single host, use a subnet mask of 255.255.255.
Chapter 8 Routing 160 ADSL Series User’s Guide
C HAPT ER 9 DNS Route 9.1 Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list.
Chapter 9 DNS Route 9.2 The DNS Route Screen The DNS Route screens let you view and configure DNS routes on the ZyXEL Device. Click Network Setting > DNS Route to open the DNS Route screen. Figure 76 Network Setting > DNS Route The following table describes the labels in this screen. Table 39 Network Setting > DNS Route LABEL DESCRIPTION Add new DNS route Click this to create a new entry. # This is the number of an individual DNS route.
Chapter 9 DNS Route The following table describes the labels in this screen. Table 40 DNS Route: Add/Edit LABEL DESCRIPTION Active Select this to activate this DNS route. Domain Name Enter the domain name you want to resolve. You can use the wildcard character, an “*” (asterisk) as the left most part of a domain name, such as *.example.com. The ZyXEL Device forwards DNS queries for any domain name ending in example.com to the WAN interface specified in this route.
Chapter 9 DNS Route 164 ADSL Series User’s Guide
C HAPTER 10 Quality of Service (QoS) 10.1 Overview This chapter discusses the ZyXEL Device’s QoS screens. Use these screens to set up your ZyXEL Device to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. QoS allows the ZyXEL Device to group and prioritize application traffic and fine-tune network performance.
Chapter 10 Quality of Service (QoS) CoS technologies include IEEE 802.1p layer 2 tagging and DiffServ (Differentiated Services or DS). IEEE 802.1p tagging makes use of three bits in the packet header, while DiffServ is a new protocol and defines a new DS field, which replaces the eight-bit ToS (Type of Service) field in the IP header. Tagging and Marking In a QoS class, you can configure whether to add or change the DSCP (DiffServ Code Point) value, IEEE 802.
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 41 Network Setting > QoS > General LABEL DESCRIPTION Active QoS Select the check box to turn on QoS to improve your network performance. You can give priority to traffic that the ZyXEL Device forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly.
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 42 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Add new Queue Click this to create a new entry. # This is the index number of this entry. Status Select the check box to enable the queue. Name This shows the descriptive name of this queue. Interface This shows the name of the ZyXEL Device’s interface through which traffic in this queue passes.
Chapter 10 Quality of Service (QoS) Table 43 Queue Setup: Add/Edit LABEL DESCRIPTION Priority Select the priority level (from 1 to 7) of this queue. The larger the number, the higher the priority level. Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if the network is congested. Weight Select the weight (from 1 to 15) of this queue.
Chapter 10 Quality of Service (QoS) Table 44 Network Setting > QoS > Class Setup (continued) LABEL DESCRIPTION To Queue This is the name of the queue in which traffic of this classifier is put. Modify Click the Edit icon to edit the classifier. Click the Delete icon to delete an existing classifier. Note that subsequent rules move up by one when you take this action. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 10.4.
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 45 Class Setup: Add/Edit LABEL DESCRIPTION Class Configuration Active Select to enable this classifier. Class Name Enter a descriptive name of up to 32 printable English keyboard characters, including spaces. Classification Order Select an existing number for where you want to put this classifier to move the classifier to the number you selected after clicking Apply.
Chapter 10 Quality of Service (QoS) Table 45 Class Setup: Add/Edit (continued) LABEL MAC Mask DESCRIPTION Type the mask for the specified MAC address to determine which bits a packet’s MAC address should match. Enter “f” for each bit of the specified source MAC address that the traffic’s MAC address should match. Enter “0“ for the bit(s) of the matched traffic’s MAC address, which can be of any hexadecimal character(s).
Chapter 10 Quality of Service (QoS) 10.5 The QoS Monitor Screen To view the ZyXEL Device’s QoS packet statistics, click Network Setting > QoS > Monitor. The screen appears as shown. Figure 83 Network Setting > QoS > Monitor The following table describes the labels in this screen. Table 46 Network Setting > QoS > Monitor LABEL DESCRIPTION Monitor Refresh Interval Select how often you want the ZyXEL Device to update this screen. Select No Refresh to stop refreshing statistics.
Chapter 10 Quality of Service (QoS) 10.6.1 IP Precedence Similar to IEEE 802.1p prioritization at layer-2, you can use IP precedence to prioritize packets in a layer-3 network. IP precedence uses three bits of the eight-bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest. 10.6.2 DiffServ QoS is used to prioritize source-to-destination traffic flows.
C HAPTER 11 Network Address Translation (NAT) 11.1 Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 11.1.1 What You Can Do in this Chapter • Use the Port Forwarding screen to configure forward incoming service requests to the server(s) on your local network (Section 11.2 on page 176).
Chapter 11 Network Address Translation (NAT) Port Forwarding A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world. Finding Out More See Section 11.5 on page 180 for advanced technical information on NAT. 11.
Chapter 11 Network Address Translation (NAT) 11.2.1 The Port Forwarding Screen Click Network Setting > NAT to open the Port Forwarding screen. See Appendix E on page 331 for port numbers commonly used for particular services. Figure 85 Network Setting > NAT > Port Forwarding The following table describes the fields in this screen. Table 47 Network Setting > NAT > Port Forwarding LABEL DESCRIPTION Add new rule Click this to add a new port forwarding rule. # This is the index number of the entry.
Chapter 11 Network Address Translation (NAT) Figure 86 Port Forwarding: Add/Edit The following table describes the labels in this screen. Table 48 Port Forwarding: Add/Edit LABEL DESCRIPTION Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on). WAN Interface Select the WAN interface through which the service is forwarded. You must have already configured a WAN connection with NAT enabled. Start Port Enter the original destination port for the packets.
Chapter 11 Network Address Translation (NAT) Figure 87 Network Setting > NAT > Sessions The following table describes the fields in this screen. Table 49 Network Setting > NAT > Sessions LABEL DESCRIPTION MAX NAT Sessions Use this field to set a common limit to the number of concurrent NAT sessions each client computer can have. If only a few clients use peer to peer applications, you can raise this number to improve their performance.
Chapter 11 Network Address Translation (NAT) 11.5 Technical Reference This section provides some technical background information about the topics covered in this chapter. 11.5.1 NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Chapter 11 Network Address Translation (NAT) Address) is the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN. NAT maps private (local) IP addresses to globally unique ones required for communication with hosts on other networks.
Chapter 11 Network Address Translation (NAT) 182 ADSL Series User’s Guide
C HAPTER 12 Dynamic DNS 12.1 Overview This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in applications such as NetMeeting and CU-SeeMe). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.
Chapter 12 Dynamic DNS Figure 90 Network Setting > DNS The following table describes the fields in this screen. Table 52 Network Setting > DNS LABEL DESCRIPTION Dynamic DNS Configuration Active Dynamic DNS Select this check box to use dynamic DNS. Service Provider Select the name of your Dynamic DNS service provider. Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.
C HAPTER 13 Firewall 13.1 Overview Use the ZyXEL Device firewall screens to enable and configure the firewall that protects your ZyXEL Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: • allows traffic that originates from your LAN and WLAN computers to go to all other networks. • blocks traffic that originates on other networks from going to the LAN and WLAN. The following figure illustrates the default firewall action.
Chapter 13 Firewall It is designed to protect against Denial of Service (DoS) attacks when activated. The ZyXEL Device's purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet. The ZyXEL Device can be used to prevent theft, destruction and modification of data, as well as log events, which may be important to the security of your network. The ZyXEL Device is installed between the LAN/WLAN and a broadband modem connecting to the Internet.
Chapter 13 Firewall 13.3 The Services Screen Use this screen to enable service blocking and to maintain the list of services you want to block. To access this screen, click Security > Firewall > Services. Note: These rules specify which computers on the LAN can access which computers or services on the WAN. Figure 93 Security > Firewall > Services Each field is described in the following table.
Chapter 13 Firewall Table 54 Security > Firewall > Services (continued) LABEL DESCRIPTION Delete Select a service in the Blocked Services, and click this to remove the service from the list. Clear All Click this to remove all the services in the Blocked Services list. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 13.
Chapter 13 Firewall 4 Does this rule conflict with any existing rules? Once these questions have been answered, adding rules is simply a matter of entering the information into the correct fields in the web configurator screens.
Chapter 13 Firewall 190 ADSL Series User’s Guide
C HAPTER 14 MAC Filter 14.1 Overview This chapter discusses MAC address filtering. You can configure the ZyXEL Device to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. 14.1.1 What You Need to Know Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Chapter 14 MAC Filter The following table describes the labels in this menu. Table 55 Security > MAC Filter LABEL DESCRIPTION MAC Address Filter Select Enable to activate MAC address filtering. Set This is the index number of the MAC address. Allow Select Allow to permit access to the ZyXEL Device. MAC addresses not listed will be denied access to the ZyXEL Device. If you clear this, the MAC Address field for this set clears.
C HAPTER 15 Certificates 15.1 Overview The ZyXEL Device can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 15.1.1 What You Can Do in this Chapter • Use the Local Certificate screens to view and import the ZyXEL Device’s CA-signed certificates (Section 15.2 on page 196).
Chapter 15 Certificates The ZyXEL Device uses certificates based on public-key cryptology to authenticate users attempting to establish a connection. The method used to secure the data that you send through an established connection depends on the type of connection. For example, a VPN tunnel might use the triple DES encryption algorithm. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority’s public key to verify the certificates.
Chapter 15 Certificates 15.1.3 Verifying a Certificate Before you import a trusted CA or trusted remote host certificate into the ZyXEL Device, you should verify that you have the actual certificate. This is especially true of trusted CA certificates since the ZyXEL Device also trusts any valid certificate signed by any of the imported trusted CA certificates. You can use a certificate’s fingerprint to verify it. A certificate’s fingerprint is a message digest calculated using the MD5 or SHA1 algorithms.
Chapter 15 Certificates 15.2 Local Certificates Use this screen to view the ZyXEL Device’s summary list of certificates and certification requests. You can import the following certificates to your ZyXEL Device: • Web Server - This certificate secures HTTP connections. • SSH/SCP/SFTP - This certificate secures remote connections. Click Security > Certificates to open the Local Certificates screen.
Chapter 15 Certificates Table 56 Security > Certificates > Local Certificates (continued) LABEL DESCRIPTION Browse Click Browse to find the certificate file you want to upload. Current File This field displays the name used to identify this certificate. It is recommended that you give each certificate a unique name. Key Type This field applies to the SSH/SCP/SFTP certificate. This shows the file format of the current certificate.
Chapter 15 Certificates 15.2.2 Trusted CA Import Click Import Certificate in the Trusted CAs screen to open the Import Certificate screen. You can save a trusted certification authority’s certificate to the ZyXEL Device. Note: You must remove any spaces from the certificate’s filename before you can import the certificate. Figure 99 Trusted CA > Import The following table describes the labels in this screen.
Chapter 15 Certificates Figure 100 Trusted CA: View The following table describes the labels in this screen. Table 59 Trusted CA: View LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces). Certificate Detail This read-only text box displays the certificate or certification request in Privacy Enhanced Mail (PEM) format.
Chapter 15 Certificates The following table describes the labels in this screen. Table 60 Security > Certificates > VPN Certificates LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority that you trust to the ZyXEL Device. Name This field displays the name used to identify this certificate.
Chapter 15 Certificates Figure 102 Security > Certificates > VPN Certificates The following table describes the labels in this screen. Table 61 VPN Certificates > Import LABEL DESCRIPTION Name Type a name for this certificate Public Key The value provided by a designated authority, which combined with a private key, can be used to encrypt messages. Write the key between BEGIN CERTIFICATE and END CERTIFICATE Private Key This is the key known only to the parties that exchange information.
Chapter 15 Certificates 202 ADSL Series User’s Guide
C HAPTER 16 VPN 16.1 Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Chapter 16 VPN Figure 104 VPN: IKE SA and IPSec SA B A IPSec SA X IKE SA Y In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks. Between routers X and Y, the data is protected by tunneling, encryption, authentication, and other security features of the IPSec SA. The IPSec SA is established securely using the IKE SA that routers X and Y established first.
Chapter 16 VPN Finding Out More See Section 16.6 on page 212 for advanced technical information on IPSec VPN. 16.1.3 Before You Begin If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote MGMT) to allow access for that service. 16.2 VPN Setup Screen The following figure helps explain the main fields in the web configurator.
Chapter 16 VPN The following table describes the fields in this screen. Table 62 Security > VPN > Setup LABEL DESCRIPTION Add New Tunnel Click this button to set up VPN policies for a new tunnel # This is the VPN policy index number. Click a number to edit VPN policies. Active This field displays whether the VPN policy is active or not. A Yes signifies that this VPN policy is active. No signifies that this VPN policy is not active.
Chapter 16 VPN Figure 107 Security > VPN > Setup > Edit The following table describes the fields in this screen. Table 63 Security > VPN > Setup > Edit LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall. NAT Traversal Select this check box if you want to set up a VPN tunnel when there are NAT routers between the ZyXEL Device and remote IPSec router.
Chapter 16 VPN Table 63 Security > VPN > Setup > Edit LABEL DESCRIPTION Local Specify the IP addresses of the devices behind the ZyXEL Device that can use the VPN tunnel. The local IP addresses must correspond to the remote IPSec router's configured remote IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both.
Chapter 16 VPN Table 63 Security > VPN > Setup > Edit LABEL DESCRIPTION Content When you select IP in the Local ID Type field, type the IP address of your computer in the local Content field. The ZyXEL Device automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the local Content field to 0.0.0.0 or leave it blank. It is recommended that you type an IP address other than 0.0.0.
Chapter 16 VPN Table 63 Security > VPN > Setup > Edit LABEL DESCRIPTION Advanced Setup Click Advanced Setup to configure more detailed settings of your IKE key management. Apply Click Apply to save your changes back to the ZyXEL Device. Back Click Back to return to the previous screen. 16.4 Configuring Advanced Settings Click Advanced Setup in the VPN Setup-Edit screen to open this screen.
Chapter 16 VPN Table 64 Security > VPN > Setup > Edit > Advanced Setup (continued) LABEL DESCRIPTION Authentication Algorithm Select MD5, SHA1, SHA2-256 or SHA2-512 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) and SHA2 are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for more security.
Chapter 16 VPN 16.5 Viewing SA Monitor Click Security > VPN > Monitor to open the screen as shown. Use this screen to display and manage active VPN connections. A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections. Use Refresh to display active VPN connections. This screen is read-only. The following table describes the fields in this tab.
Chapter 16 VPN Figure 110 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Chapter 16 VPN IPSec using ESP in Tunnel mode encapsulates the entire original packet (including headers) in a new IP packet. The new IP packet's source address is the outbound address of the sending VPN gateway, and its destination address is the inbound address of the VPN device at the receiving end. When using ESP protocol with authentication, the packet contents (in this case, the entire original packet) are encrypted.
Chapter 16 VPN • Set the NAT router to forward UDP port 500 to IPSec router A. Finally, NAT is compatible with ESP in tunnel mode because integrity checks are performed over the combination of the "original header plus original payload," which is unchanged by a NAT device. The compatibility of AH and ESP with NAT in tunnel and transport modes is summarized in the following table.
Chapter 16 VPN 16.6.5 IKE Phases There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSec. Figure 113 Two Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm.
Chapter 16 VPN 16.6.6 Negotiation Mode The phase 1 Negotiation Mode you select determines how the Security Association (SA) will be established for each connection through IKE negotiations. • Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation, Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number).
Chapter 16 VPN 16.6.8 ID Type and Content With aggressive negotiation mode (seeSection 16.6.6 on page 217), the ZyXEL Device identifies incoming SAs by ID type and content since this identifying information is not encrypted. This enables the ZyXEL Device to distinguish between multiple rules for SAs that connect from remote IPSec routers that have dynamic WAN IP addresses.
Chapter 16 VPN 16.6.8.1 ID Type and Content Examples Two IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. The two ZyXEL Devices in this example can complete negotiation and establish a VPN tunnel. Table 70 Matching ID Type and Content Configuration Example ZYXEL DEVICE A ZYXEL DEVICE B Local ID type: E-mail Local ID type: IP Local ID content: tom@yourcompany.com Local ID content: 1.1.1.2 Peer ID type: IP Peer ID type: E-mail Peer ID content: 1.1.1.
Chapter 16 VPN WAN IP addresses of their IPSec routers. The telecommuters must all use the same IPSec parameters but the local IP addresses (or ranges of addresses) should not overlap. Figure 115 Telecommuters Sharing One VPN Rule Example LAN A 192.168.2.12 LAN HQ B LAN 192.168.1.10 192.168.3.2 LAN C 192.168.4.15 Table 72 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS HEADQUARTERS My IP Address: 0.0.0.
Chapter 16 VPN Figure 116 Telecommuters Using Unique VPN Rules Example LAN A HQ 192.168.2.12 LAN B LAN 192.168.1.10 192.168.3.2 LAN C 192.168.4.15 Table 73 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules: All Headquarters Rules: 0.0.0.0 My IP Address: bigcompanyhq.com Secure Gateway Address: bigcompanyhq.com Local IP Address: 192.168.1.10 Remote IP Address: 192.168.1.
Chapter 16 VPN 222 ADSL Series User’s Guide
C HAPTER 17 System Monitor 17.1 Overview Use the System Monitor screens to look at network traffic status and statistics of the WAN, LAN interfaces and NAT. 17.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 17.2 on page 223). • Use the LAN screen to view the LAN traffic statistics (Section 17.3 on page 224). • Use the NAT screen to view the NAT status of the ZyXEL Device’s client(s) (Section 17.4 on page 225). 17.
Chapter 17 System Monitor Table 74 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Packets Sent Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface. Drop This indicates the number of outgoing packets dropped on this interface. Packets Received Data This indicates the number of received packets on this interface.
Chapter 17 System Monitor Table 75 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Received (Packet) Data This indicates the number of received packets on this interface. Error This indicates the number of frames with errors received on this interface. Drop This indicates the number of received packets dropped on this interface. 17.4 The NAT Status Screen Click System Monitor > Traffic Status > NAT to open the following screen.
Chapter 17 System Monitor 226 ADSL Series User’s Guide
C HAPTER 18 User Account 18.1 Overview You can configure system password for different user accounts in the User Account screen. 18.2 The User Account Screen Use the User Account screen to configure system password. Click Maintenance > User Account to open the following screen. Figure 120 Maintenance > User Account The following table describes the labels in this screen. Table 77 Maintenance > User Account LABEL DESCRIPTION User Name You can configure the password for the admin or user account.
Chapter 18 User Account 228 ADSL Series User’s Guide
C HAPTER 19 Remote MGMT 19.1 Overview Remote MGMT allows you to manage your ZyXEL Device from a remote location through the following interfaces: • LAN and WLAN • WAN only Note: The ZyXEL Device is managed using the web configurator. 19.1.1 What You Need to Know The following terms and concepts may help as you read this chapter TR-064 TR-064 is a LAN-Side DSL CPE Configuration protocol defined by the DSL Forum. TR-064 is built on top of UPnP.
Chapter 19 Remote MGMT Figure 121 Maintenance > Remote MGMT The following table describes the fields in this screen. Table 78 Maintenance > Remote MGMT 230 LABEL DESCRIPTION Services This is the service you may use to access the ZyXEL Device. LAN/WLAN Select the Enable check box for the corresponding services that you want to allow access to the ZyXEL Device from the LAN and WLAN.
C HAPTER 20 System 20.1 Overview You can configure system settings, including the host name, domain name and the inactivity timeout interval in the System screen. 20.1.1 What You Need to Know The following terms and concepts may help as you read this chapter. Domain Name This is a network address that identifies the owner of a network connection. For example, in the network address “www.zyxel.com/support/files”, the domain name is “www.zyxel.com”. 20.
Chapter 20 System The following table describes the labels in this screen. Table 79 Maintenance > System LABEL DESCRIPTION Host Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. Domain Name Enter the domain name (if you know it) here.
C HAPTER 21 Time Setting 21.1 Overview You can configure the system’s time and date in the Time Setting screen. 21.2 The Time Setting Screen To change your ZyXEL Device’s time and date, click Maintenance > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 123 Maintenance > Time Setting The following table describes the fields in this screen.
Chapter 21 Time Setting Table 80 Maintenance > Time Setting (continued) LABEL DESCRIPTION Time Server Address Enter the IP address or URL (up to 20 extended ASCII characters in length) of your time server. Check with your ISP/network administrator if you are unsure of this information. Time Zone Choose the time zone of your location. This will set the time difference between your time zone and Greenwich Mean Time (GMT).
C HAPTER 22 Log Setting 22.1 Overview You can configure where the ZyXEL Device sends logs and which logs and/or immediate alerts the ZyXEL Device records in the Log Setting screen. 22.2 The Log Setting Screen To change your ZyXEL Device’s log settings, click Maintenance > Log Setting. The screen appears as shown.
Chapter 22 Log Setting The following table describes the fields in this screen. Table 81 Maintenance > Log Setting LABEL DESCRIPTION Syslog Logging The ZyXEL Device sends a log to an external syslog server. Select the Enable check box to enable syslog logging. Syslog Server Enter the server name or IP address of the syslog server that will log the selected categories of logs. UDP Port Enter the port number used by the syslog server.
C HAPTER 23 Firmware Upgrade 23.1 Overview This chapter explains how to upload new firmware to your ZyXEL Device. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your ZyXEL Device. 23.2 The Firmware Screen Click Maintenance > Firmware Upgrade to open the following screen.
Chapter 23 Firmware Upgrade Figure 126 Firmware Uploading The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 127 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, an error screen will appear. Click OK to go back to the Firmware Upgrade screen.
C HAPTER 24 Backup/Restore 24.1 Overview The Backup/Restore screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 24.2 The Backup/Restore Screen Click Maintenance > Backup/Restore. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Chapter 24 Backup/Restore Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 83 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click this to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 24 Backup/Restore 24.3 The Reboot Screen System restart allows you to reboot the ZyXEL Device remotely without turning the power off. You may need to do this if the ZyXEL Device hangs, for example. Click Maintenance > Reboot. Click the Reboot button to have the ZyXEL Device reboot. This does not affect the ZyXEL Device's configuration.
Chapter 24 Backup/Restore 242 ADSL Series User’s Guide
C HAPTER 25 Diagnostic 25.1 Overview You can use different diagnostic methods to test a connection and see the detailed information. These read-only screens display information to help you identify problems with the ZyXEL Device. 25.1.1 What You Can Do in this Chapter • Use the Ping screen to ping an IP address and see the ping statistics (Section 25.2 on page 243). • Use the DSL Line screen to check or reset your DSL connection (Section 25.3 on page 244). 25.
Chapter 25 Diagnostic 25.3 The DSL Line Screen Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 133 Maintenance > Diagnostic > DSL Line The following table describes the fields in this screen. Table 85 Maintenance > Diagnostic > DSL Line ITEM DESCRIPTION ATM Status Click this button to view your DSL connection’s Asynchronous Transfer Mode (ATM) statistics. ATM is a networking technology that provides high-speed data transfer.
Chapter 25 Diagnostic Table 85 Maintenance > Diagnostic > DSL Line ITEM DESCRIPTION DSL Line Status Click this button to view statistics about the DSL connections. 1. noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the ZyXEL Device from the ISP). It is measured in decibels. The higher the number the more signal and less noise there is. 2.
Chapter 25 Diagnostic 246 ADSL Series User’s Guide
C HAPTER 26 Troubleshooting 26.1 Overview This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • ZyXEL Device Access and Login • Internet Access • Wireless Internet Access • USB Device Connection • UPnP 26.2 Power, Hardware Connections, and LEDs The ZyXEL Device does not turn on. None of the LEDs turn on. 1 Make sure the ZyXEL Device is turned on.
Chapter 26 Troubleshooting 4 Turn the ZyXEL Device off and on. 5 If the problem continues, contact the vendor. 26.3 ZyXEL Device Access and Login I forgot the IP address for the ZyXEL Device. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Chapter 26 Troubleshooting 4 Reset the device to its factory defaults, and try to access the ZyXEL Device with the default IP address. See Section 1.6 on page 25. 5 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the ZyXEL Device using another service, such as Telnet.
Chapter 26 Troubleshooting 26.4 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and page 255. 2 Make sure you entered your ISP account information correctly. These fields are case-sensitive, so make sure [Caps Lock] is not on. 3 If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP.
Chapter 26 Troubleshooting 3 If the problem continues, contact your ISP. The Internet connection is slow or intermittent. 1 There might be a lot of traffic on the network. Look at the LEDs, and check page 255. If the ZyXEL Device is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications. 2 Turn the ZyXEL Device off, wait for one minute and turn it back on.
Chapter 26 Troubleshooting • Position the antennas for best reception. If the AP is placed on a table or floor, point the antennas upwards. If the AP is placed at a high position, point the antennas downwards. Try pointing the antennas in different directions and check which provides the strongest signal to the wireless clients. What wireless security modes does my ZyXEL Device support? Wireless security is vital to your network.
Chapter 26 Troubleshooting 1 If the USB device is connected to the ZyXEL Device, it won’t be listed directly under My Computer in Windows. To access the USB device - see Section 3.5.2 on page 54. 2 If you still cannot see the specific share you are trying to access, open the Web Configurator and go to Network Setting > File Sharing. Make sure that the share has a check below the symbol “#”. This means that the USB Device is enabled for sharing - see Section 3.5.1 on page 51.
Chapter 26 Troubleshooting 254 ADSL Series User’s Guide
C HAPTER 27 Product Specifications The following tables summarize the ZyXEL Device’s hardware and firmware features. LEDs (Lights) The following table describes the LEDs. None of the LEDs are on if the ZyXEL Device is not receiving power. Table 86 LED Descriptions LED NAME COLOR STATUS DESCRIPTION POWER Green On The ZyXEL Device is receiving power and ready for use. Blinking The ZyXEL Device is self-testing.
Chapter 27 Product Specifications Table 86 LED Descriptions LED NAME COLOR STATUS DESCRIPTION USB Green On The ZyXEL Device recognizes a USB connection but there is no traffic. Blinking The ZyXEL Device is sending/receiving data to/from the USB device connected to it. Off The ZyXEL Device does not detect a USB connection. Table 87 Hardware Specifications Power Specification 12V 1.
Chapter 27 Product Specifications Table 88 Firmware Specifications (continued) Network Address Translation (NAT) Each computer on your network must have its own unique IP address. Use NAT to convert your public IP address(es) to multiple private IP addresses for the computers on your network. Port Forwarding If you have a server (mail or web server for example) on your network, you can use this feature to let people access it from the Internet.
Chapter 27 Product Specifications Table 88 Firmware Specifications (continued) ADSL Standards Other Protocol Support ANSI T1.413 Issue 2 ETSI ADSL over ISDN ITU G.dmt (G.992.1) Annex A,B ITU G.dmt.bis (G.992.3) (ADSL2) Annex A, B, I, J, L, M ITU G.dmt.plus (G.992.5) (ADSL2+) Annex A, B, I, J RE-ADSL (Reach-Extended ADSL) SRA (Seamless Rate Adaption) Auto-negotiating rate adaption EOC specified in ITU-T G.992.1 Support 7 PVC I.
Chapter 27 Product Specifications Table 89 Wireless Features WPA2 WPA 2 is a wireless security standard that defines stronger encryption, authentication and key management than WPA. WPS Wi-Fi Protected Setup Other Wireless Features IEEE 802.11b/g/n Compliance Frequency Range: 2.4 GHz ISM Band Operating Frequency: • • 2.412G~2.462GHz: (FCC) North America (CH1~CH11) 2.412G~2.472GHz: (ETSI/TELEC) EU/Japan (CH1~CH13) Advanced Orthogonal Frequency Division Multiplexing (OFDM) Data Rates: • 802.11n: 6.
Chapter 27 Product Specifications Table 90 Standards Supported (continued) STANDARD DESCRIPTION IEEE 802.11 Also known by the brand Wi-Fi, denotes a set of Wireless LAN/WLAN standards developed by working group 11 of the IEEE LAN/MAN Standards Committee (IEEE 802) IEEE 802.11b Uses the 2.4 gigahertz (GHz) band IEEE 802.11g Uses the 2.4 gigahertz (GHz) band IEEE 802.11n Uses the 2.4 gigahertz (GHz) band IEEE 802.
Chapter 27 Product Specifications 5 Align the holes on the back of the ZyXEL Device with the screws on the wall. Hang the ZyXEL Device on the screws. Figure 134 Wall-mounting Example The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm).
Chapter 27 Product Specifications 262 ADSL Series User’s Guide
A PPENDIX A IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (such as computers, servers, routers, and printers) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix A IP Addresses and Subnetting Figure 136 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “sub-network”. A subnet mask has 32 bits.
Appendix A IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 92 Subnet Masks BINARY DECIMAL 1ST OCTET 2ND OCTET 3RD OCTET 4TH OCTET 8-bit mask 11111111 00000000 00000000 00000000 255.0.0.0 16-bit mask 11111111 11111111 00000000 00000000 255.255.0.0 24-bit mask 11111111 11111111 11111111 00000000 255.255.255.
Appendix A IP Addresses and Subnetting Table 94 Alternative Subnet Mask Notation (continued) SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.252 /30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub-networks.
Appendix A IP Addresses and Subnetting Figure 138 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address.
Appendix A IP Addresses and Subnetting Table 96 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 Table 97 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1.
Appendix A IP Addresses and Subnetting Table 99 Eight Subnets (continued) SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 100 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.128 (/25) 2 126 2 255.255.255.192 (/26) 4 62 3 255.255.255.
Appendix A IP Addresses and Subnetting Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established.
Appendix A IP Addresses and Subnetting Conflicting Computer IP Addresses Example More than one device can not use the same IP address. In the following example computer A has a static (or fixed) IP address that is the same as the IP address that a DHCP server assigns to computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address automatically.
Appendix A IP Addresses and Subnetting Figure 141 Conflicting Computer and Router IP Addresses Example 272 ADSL Series User’s Guide
A PPENDIX B Setting Up Your Computer’s IP Address Note: Your specific ZyXEL Device may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported. This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network.
Appendix B Setting Up Your Computer’s IP Address Figure 142 Windows XP: Start Menu 2 In the Control Panel, click the Network Connections icon. Figure 143 Windows XP: Control Panel 3 Right-click Local Area Connection and then select Properties.
Appendix B Setting Up Your Computer’s IP Address 4 On the General tab, select Internet Protocol (TCP/IP) and then click Properties. Figure 145 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens.
Appendix B Setting Up Your Computer’s IP Address Figure 146 Windows XP: Internet Protocol (TCP/IP) Properties 6 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix B Setting Up Your Computer’s IP Address Windows Vista This section shows screens from Windows Vista Professional. 1 Click Start > Control Panel. Figure 147 Windows Vista: Start Menu 2 In the Control Panel, click the Network and Internet icon. Figure 148 Windows Vista: Control Panel 3 Click the Network and Sharing Center icon. Figure 149 Windows Vista: Network And Internet 4 Click Manage network connections.
Appendix B Setting Up Your Computer’s IP Address Figure 150 Windows Vista: Network and Sharing Center 5 Right-click Local Area Connection and then select Properties. Figure 151 Windows Vista: Network and Sharing Center Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. 6 278 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix B Setting Up Your Computer’s IP Address Figure 152 Windows Vista: Local Area Connection Properties 7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.
Appendix B Setting Up Your Computer’s IP Address Figure 153 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 8 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix B Setting Up Your Computer’s IP Address Windows 7 This section shows screens from Windows 7 Enterprise. 1 Click Start > Control Panel. Figure 154 Windows 7: Start Menu 2 In the Control Panel, click View network status and tasks under the Network and Internet category. Figure 155 Windows 7: Control Panel 3 Click Change adapter settings. Figure 156 Windows 7: Network And Sharing Center 4 Double click Local Area Connection and then select Properties.
Appendix B Setting Up Your Computer’s IP Address Figure 157 Windows 7: Local Area Connection Status Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. 5 282 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix B Setting Up Your Computer’s IP Address Figure 158 Windows 7: Local Area Connection Properties 6 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens.
Appendix B Setting Up Your Computer’s IP Address Figure 159 Windows 7: Internet Protocol Version 4 (TCP/IPv4) Properties 7 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix B Setting Up Your Computer’s IP Address Figure 160 Windows 7: Internet Protocol Version 4 (TCP/IPv4) Properties Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. 1 Click Apple > System Preferences. Figure 161 Mac OS X 10.4: Apple Menu 2 In the System Preferences window, click the Network icon.
Appendix B Setting Up Your Computer’s IP Address Figure 162 Mac OS X 10.4: System Preferences 3 When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure. Figure 163 Mac OS X 10.4: Network Preferences 4 286 For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab.
Appendix B Setting Up Your Computer’s IP Address Figure 164 Mac OS X 10.4: Network Preferences > TCP/IP Tab. 5 For statically assigned settings, do the following: • From the Configure IPv4 list, select Manually. • In the IP Address field, type your IP address. • In the Subnet Mask field, type your subnet mask. • In the Router field, type the IP address of your device.
Appendix B Setting Up Your Computer’s IP Address Figure 165 Mac OS X 10.4: Network Preferences > Ethernet 6 Click Apply Now and close the window. Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab. Figure 166 Mac OS X 10.4: Network Utility Mac OS X: 10.5 The screens in this section are from Mac OS X 10.5.
Appendix B Setting Up Your Computer’s IP Address 1 Click Apple > System Preferences. Figure 167 Mac OS X 10.5: Apple Menu 2 In System Preferences, click the Network icon. Figure 168 Mac OS X 10.5: Systems Preferences 3 When the Network preferences pane opens, select Ethernet from the list of available connection types.
Appendix B Setting Up Your Computer’s IP Address Figure 169 Mac OS X 10.5: Network Preferences > Ethernet 4 From the Configure list, select Using DHCP for dynamically assigned settings. 5 For statically assigned settings, do the following: • From the Configure list, select Manually. • In the IP Address field, enter your IP address. • In the Subnet Mask field, enter your subnet mask. • In the Router field, enter the IP address of your ZyXEL Device.
Appendix B Setting Up Your Computer’s IP Address Figure 170 Mac OS X 10.5: Network Preferences > Ethernet 6 Click Apply and close the window. Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab.
Appendix B Setting Up Your Computer’s IP Address Figure 171 Mac OS X 10.5: Network Utility Linux: Ubuntu 8 (GNOME) This section shows you how to configure your computer’s TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default Ubuntu 8 installation.
Appendix B Setting Up Your Computer’s IP Address Figure 173 Ubuntu 8: Network Settings > Connections 3 In the Authenticate window, enter your admin account name and password then click the Authenticate button. Figure 174 Ubuntu 8: Administrator Account Authentication 4 In the Network Settings window, select the connection that you want to configure, then click Properties.
Appendix B Setting Up Your Computer’s IP Address Figure 175 Ubuntu 8: Network Settings > Connections 5 The Properties dialog box opens. Figure 176 Ubuntu 8: Network Settings > Properties • In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address. • In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields.
Appendix B Setting Up Your Computer’s IP Address Figure 177 Ubuntu 8: Network Settings > DNS 8 Click the Close button to apply the changes. Verifying Settings Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices tab. The Interface Statistics column shows data if your connection is working properly.
Appendix B Setting Up Your Computer’s IP Address Figure 178 Ubuntu 8: Network Tools Linux: openSUSE 10.3 (KDE) This section shows you how to configure your computer’s TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.3 Linux distribution. The procedure, screens and file locations may vary depending on your specific distribution, release version, and individual configuration. The following screens use the default openSUSE 10.3 installation.
Appendix B Setting Up Your Computer’s IP Address Figure 179 openSUSE 10.3: K Menu > Computer Menu 2 When the Run as Root - KDE su dialog opens, enter the admin password and click OK. Figure 180 openSUSE 10.3: K Menu > Computer Menu 3 When the YaST Control Center window opens, select Network Devices and then click the Network Card icon.
Appendix B Setting Up Your Computer’s IP Address Figure 181 openSUSE 10.3: YaST Control Center 4 When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. Figure 182 openSUSE 10.
Appendix B Setting Up Your Computer’s IP Address Figure 183 openSUSE 10.3: Network Card Setup 6 Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields. 7 Click Next to save the changes and close the Network Card Setup window.
Appendix B Setting Up Your Computer’s IP Address Figure 184 openSUSE 10.3: Network Settings 9 Click Finish to save your settings and close the window. Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information. Figure 185 openSUSE 10.3: KNetwork Manager When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly.
Appendix B Setting Up Your Computer’s IP Address Figure 186 openSUSE: Connection Status - KNetwork Manager ADSL Series User’s Guide 301
Appendix B Setting Up Your Computer’s IP Address 302 ADSL Series User’s Guide
A PPENDIX C Pop-up Windows, Java Script and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScript (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix C Pop-up Windows, Java Script and Java Permissions Figure 188 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 304 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Appendix C Pop-up Windows, Java Script and Java Permissions Figure 189 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites.
Appendix C Pop-up Windows, Java Script and Java Permissions 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 191 Internet Options: Security 306 2 Click the Custom Level... button. 3 Scroll down to Scripting.
Appendix C Pop-up Windows, Java Script and Java Permissions Figure 192 Security Settings - Java Scripting Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Appendix C Pop-up Windows, Java Script and Java Permissions Figure 193 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Appendix C Pop-up Windows, Java Script and Java Permissions Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, JavaScript and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 195 Mozilla Firefox: Tools > Options Click Content.to show the screen below. Select the check boxes as shown in the following screen.
Appendix C Pop-up Windows, Java Script and Java Permissions 310 ADSL Series User’s Guide
A PPENDIX D Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix D Wireless LANs Figure 198 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Appendix D Wireless LANs Figure 199 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
Appendix D Wireless LANs Figure 200 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
Appendix D Wireless LANs Preamble Type Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet. Short preamble increases performance as less time sending preamble means more time for sending data. All IEEE 802.11 compliant wireless adapters support long preamble, but not all support short preamble.
Appendix D Wireless LANs The following figure shows the relative effectiveness of these wireless security methods available on your ZyXEL Device. Table 103 Wireless Security Levels SECURITY LEVEL Least Secure SECURITY TYPE Unique SSID (Default) Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption IEEE802.
Appendix D Wireless LANs RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access.
Appendix D Wireless LANs EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses.
Appendix D Wireless LANs If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen. You may still configure and store keys, but they will not be used while dynamic WEP is enabled. Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption.
Appendix D Wireless LANs called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is never used twice.
Appendix D Wireless LANs WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system. 1 The AP passes the wireless client's authentication request to the RADIUS server.
Appendix D Wireless LANs 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. Figure 202 WPA(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type.
Appendix D Wireless LANs Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.11a) is needed to communicate efficiently in a wireless LAN Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage area. Antenna Gain Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width.
Appendix D Wireless LANs WiFi Protected Setup Your ZyXEL Device supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Each WPS connection works between two devices. Both devices must support WPS (check each device’s documentation to make sure).
Appendix D Wireless LANs 1 Decide which device you want to be the registrar (usually the AP) and which you want to be the enrollee (usually the client). 2 Look for the enrollee’s WPS PIN; it may be displayed on the device. If you don’t see it, log into the enrollee’s configuration interface and locate the PIN. Select the PIN connection mode (not PBC connection mode). See the device’s User’s Guide for how to do this - for the ZyXEL Device, see Section 6.4 on page 115.
Appendix D Wireless LANs Figure 203 Example WPS Process: PIN Method ENROLLEE REGISTRAR WPS This device’s WPS PIN: 123456 WPS Enter WPS PIN from other device: WPS START WPS START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION How WPS Works When two WPS-enabled devices connect, each device must assume a specific role.
Appendix D Wireless LANs Figure 204 How WPS works ACTIVATE WPS ACTIVATE WPS WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The next time you use WPS, a different device can be the registrar if necessary. The WPS connection process is like a handshake; only two devices participate in each WPS transaction.
Appendix D Wireless LANs Figure 205 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO AP1 CLIENT 1 In step 2, you add another wireless client to the network. You know that Client 1 supports registrar mode, but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network. In this case, AP1 must be the registrar, since it is configured (it already has security information for the network).
Appendix D Wireless LANs Figure 207 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 E CO ING T XIS ION CT E NN AP1 REGISTRAR CLIENT 2 SE CU RIT Y ENROLLEE INF O AP1 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate). It does not work in Ad-Hoc networks (where there is no AP). • When you use WPS, it works between two devices only.
Appendix D Wireless LANs access point is the WPS registrar, the enrollee, or was not involved in the WPS handshake; a rogue device must still associate with the access point to gain access to the network. Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP.
A PPENDIX E Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service.
Appendix E Common Services Table 106 Commonly Used Services (continued) 332 NAME PROTOCOL PORT(S) DESCRIPTION HTTP TCP 80 Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce. ICMP User-Defined 1 Internet Control Message Protocol is often used for diagnostic or routing purposes. ICQ UDP 4000 This is a popular Internet chat program.
Appendix E Common Services Table 106 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SNMP TCP/UDP 161 Simple Network Management Program. SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP (RFC:1215).
Appendix E Common Services 334 ADSL Series User’s Guide
A PPENDIX F Open Software Announcements End-User License Agreement for “P-661HNU-Fx” WARNING: ZyXEL Communications Corp. IS WILLING TO LICENSE THE SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS LICENSE AGREEMENT. PLEASE READ THE TERMS CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM.
Appendix F Open Software Announcements The Software and Documentation contain material that is protected by international copyright law, trade secret law, international treaty provisions, and the applicable national laws of each respective country. All rights not granted to you herein are expressly reserved by ZyXEL. You may not remove any proprietary notice of ZyXEL or any of its licensors from any copy of the Software or Documentation. 4.
Appendix F Open Software Announcements THIRTY (30) DAYS FROM THE DATE OF PURCHASE OF THE SOFTWARE, AND NO WARRANTIES SHALL APPLY AFTER THAT PERIOD. 7.
Appendix F Open Software Announcements Agreement shall only be effective if it is in writing and signed by both parties hereto. If any part of this License Agreement is found invalid or unenforceable by a court of competent jurisdiction, the remainder of this License Agreement shall be interpreted so as to reasonably effect the intention of the parties.
Appendix F Open Software Announcements authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price.
Appendix F Open Software Announcements 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
Appendix F Open Software Announcements operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4.
Appendix F Open Software Announcements "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10.
Appendix F Open Software Announcements The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS ORIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
Appendix F Open Software Announcements This Product includes Mini_httpd under the license by ACME Labs Freeware ACME Labs Freeware License All the free software available on the ACME Labs web site has a copyright notice like this one: Copyright © 2000 by Jef Poskanzer . All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1.
Appendix F Open Software Announcements Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.
Appendix F Open Software Announcements Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.
Appendix F Open Software Announcements "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope.
Appendix F Open Software Announcements accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.
Appendix F Open Software Announcements distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system.
Appendix F Open Software Announcements 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13.
Appendix F Open Software Announcements /* ============================================================= ======= * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2.
Appendix F Open Software Announcements * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.
Appendix F Open Software Announcements Original SSLeay License ----------------------- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to.
Appendix F Open Software Announcements * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3.
Appendix F Open Software Announcements ADSL Series User’s Guide 355
Appendix F Open Software Announcements 356 ADSL Series User’s Guide
A PPENDIX G Legal Information Copyright Copyright © 2011 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix G Legal Information 1 Reorient or relocate the receiving antenna. 2 Increase the separation between the equipment and the receiver. 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. 4 Consult the dealer or an experienced radio/TV technician for help. FCC Radiation Exposure Statement • Simultaneous transmission by using the 3g dongle is intended for this device. • IEEE 802.11b or 802.11g or 802.
Appendix G Legal Information warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall deem necessary to restore the product or components to proper operating condition.
Appendix G Legal Information 360 ADSL Series User’s Guide
Index Index A Broadband 87 AAL5 258 BSS 122, 311 example 122 activation SIP ALG 179 SSID 114 wireless LAN scheduling 118 adding a printer example 61 administrator password 27 Advanced Encryption Standard, see AES broadcast 103 C CA 193, 318 CBR (Constant Bit Rate) 91, 94, 97, 100 AES 319 certificate factory default 196 AH 213 Certificate Authority, see CA algorithms 213 certificates 193 CA 193 replacing 196 storage space 196 thumbprint algorithms 195 thumbprints 195 trusted CAs 197, 198 verifyi
Index D F data fragment threshold 119 File Sharing 138 default LAN IP address 27 file sharing 22 Denial of Service, see DoS filters MAC address 120 DH 219 DHCP 85, 132, 144, 145, 183 diagnostic 243 Differentiated Services, see DiffServ Diffie-Hellman key groups 219 DiffServ (Differentiated Services) marking rule 174 disclaimer 357 firewalls 185 configuration 187 security 188 firmware 237 fragmentation threshold 119, 314 frequency range 259 FTP 176 DNS 132, 161 DNS Server for VPN host 217 H DNS
Index intended audience 3 Internet access 21 Internet Assigned Numbers Authority See IANA M MAC 85, 191 Internet Assigned Numbers Authority, see IANA MAC address 137 filter 120 Internet Key Exchange 216 MAC address filtering 191 Internet Protocol Security, see IPSec MAC filter 191 Internet Service Provider, see ISP managing the device good habits 25 using FTP. See FTP.
Index O Quality of Service, see QoS Quick Start Guide 27 operation humidity 256 operation temperature 256 outside header 215 R P RADIUS 316 message types 317 messages 317 shared secret key 317 Pairwise Master Key (PMK) 320, 321 passphrase 110 passwords 27 PBC 123 PCR 91, 94, 97, 100 Peak Cell Rate (PCR) 102 Peak Cell Rate, see PCR PHB 174 PIN, WPS 123 example 125 power adaptor 259 power specifications 256 PPP over Ethernet, see PPPoE PPPoE 87, 101, 257 Benefits 101 preamble 119 preamble mode 315 pre-
Index Service Set 37, 108, 115 Service Set IDentification 37 U SIP ALG 179 activation 179 unicast 103 SSID 37, 120 activation 114 MBSSID 122 upgrading firmware 237 Universal Plug and Play, see UPnP stateful inspection 257 UPnP 137 forum 132 security issues 132 static route 157 USB features 22 status 83 USB printer 22 storage humidity 256 storage temperature 256 subnet 263 subnet mask 145, 264 subnetting 266 V Sustained Cell Rate (SCR) 102 version firmware version 85 syntax conventions 5 V
Index wireless client configuration 46 security 315 tutorial 44 wireless client WPA supplicants 320 wireless LAN 105 authentication 119, 121 BSS 122 example 122 channel 106 encryption 121 example 105 fragmentation threshold 119 limitations 122 MAC address filter 120, 258 MBSSID 122 preamble 119 RADIUS server 121 RTS/CTS threshold 119 scheduling 118 security 119 SSID 120 activation 114 WEP 121 WPA 121 WPA-PSK 121 WPS 123, 125 example 126 limitations 128 PIN 123 push button 123 with RADIUS application examp