P-2602HW(L) Series 802.11g Wireless ADSL2+ VoIP IAD P-2602H Series ADSL2+ VoIP IAD User’s Guide Version 3.
P-2602H(W)(L)-DxA Series User’s Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
P-2602H(W)(L)-DxA Series User’s Guide Certifications Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
P-2602H(W)(L)-DxA Series User’s Guide Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks. ONLY qualified service personnel can service the device. Please contact your vendor for further information.
P-2602H(W)(L)-DxA Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
P-2602H(W)(L)-DxA Series User’s Guide Customer Support Please have the following information ready when you contact customer support. • • • • Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONE WEB SITE FAX FTP SITE REGULAR MAIL LOCATION CORPORATE HEADQUARTERS (WORLDWIDE) COSTA RICA CZECH REPUBLIC DENMARK FINLAND SALES E-MAIL support@zyxel.com.
P-2602H(W)(L)-DxA Series User’s Guide METHOD SUPPORT E-MAIL TELEPHONE WEB SITE SALES E-MAIL FAX FTP SITE support@zyxel.no +47-22-80-61-80 www.zyxel.no sales@zyxel.no +47-22-80-61-81 ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway www.pl.zyxel.com ZyXEL Communications ul. Okrzei 1A 03-715 Warszawa Poland www.zyxel.ru ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279 Russia www.zyxel.es ZyXEL Communications Arte, 21 5ª planta 28033 Madrid Spain www.zyxel.
P-2602H(W)(L)-DxA Series User’s Guide Table of Contents Copyright .................................................................................................................. 3 Certifications ............................................................................................................ 4 Safety Warnings ....................................................................................................... 5 ZyXEL Limited Warranty..........................................................
P-2602H(W)(L)-DxA Series User’s Guide 2.2.3 Main Window ............................................................................................55 2.2.4 Status Bar .................................................................................................55 Chapter 3 Internet and Wireless Setup Wizard ..................................................................... 57 3.1 Introduction ........................................................................................................
P-2602H(W)(L)-DxA Series User’s Guide 7.1.4 IP Address Assignment ............................................................................95 7.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation .....................95 7.1.4.2 IP Assignment with RFC 1483 Encapsulation .................................95 7.1.4.3 IP Assignment with ENET ENCAP Encapsulation ..........................95 7.1.5 Nailed-Up Connection (PPP) ....................................................................95 7.1.6 NAT ......
P-2602H(W)(L)-DxA Series User’s Guide 9.2 Wireless Security Overview .............................................................................122 9.2.1 SSID .......................................................................................................122 9.2.2 MAC Address Filter .................................................................................122 9.2.3 User Authentication ................................................................................123 9.2.4 Encryption .......
P-2602H(W)(L)-DxA Series User’s Guide 11.2.1 SIP Identities .........................................................................................151 11.2.1.1 SIP Number .................................................................................151 11.2.1.2 SIP Service Domain ....................................................................152 11.2.2 SIP Call Progression .............................................................................152 11.2.3 SIP Servers ..........................
P-2602H(W)(L)-DxA Series User’s Guide 11.15.3 USA Type Supplementary Services ....................................................170 11.15.3.1 USA Call Hold ............................................................................170 11.15.3.2 USA Call Waiting ......................................................................171 11.15.3.3 USA Call Transfer ......................................................................171 11.15.3.4 USA Three-Way Conference ....................................
P-2602H(W)(L)-DxA Series User’s Guide 13.7 Packet Filtering Vs Firewall ............................................................................191 13.7.1 Packet Filtering: ....................................................................................191 13.7.1.1 When To Use Filtering .................................................................192 13.7.2 Firewall .................................................................................................192 13.7.2.
P-2602H(W)(L)-DxA Series User’s Guide 16.1.1 IPSec ....................................................................................................215 16.1.2 Security Association .............................................................................215 16.1.3 Other Terminology ................................................................................215 16.1.3.1 Encryption ...................................................................................215 16.1.3.2 Data Confidentiality ..
P-2602H(W)(L)-DxA Series User’s Guide 17.18 Telecommuter VPN/IPSec Examples ...........................................................244 17.18.1 Telecommuters Sharing One VPN Rule Example ..............................244 17.18.2 Telecommuters Using Unique VPN Rules Example ...........................245 17.19 VPN and Remote Management ...................................................................247 Chapter 18 Static Route ............................................................................
P-2602H(W)(L)-DxA Series User’s Guide 21.1.3 System Timeout ...................................................................................268 21.2 WWW .............................................................................................................268 21.3 Telnet ..............................................................................................................269 21.4 Configuring Telnet ..........................................................................................
P-2602H(W)(L)-DxA Series User’s Guide 25.4 Firmware Upgrade Screen ...........................................................................302 25.5 Backup and Restore ......................................................................................304 25.5.1 Backup Configuration ..........................................................................305 25.5.2 Restore Configuration ..........................................................................305 25.5.3 Reset to Factory Defaults ......
P-2602H(W)(L)-DxA Series User’s Guide P-2602HWL Series Power Adaptor Specifications................................................. 336 Appendix B Splitters and Microfilters ..................................................................................... 339 Connecting a POTS Splitter ................................................................................... 339 Telephone Microfilters ............................................................................................
P-2602H(W)(L)-DxA Series User’s Guide RADIUS.................................................................................................................. 366 Types of RADIUS Messages ........................................................................... 366 Types of Authentication.......................................................................................... 367 EAP-MD5 (Message-Digest Algorithm 5) ........................................................
P-2602H(W)(L)-DxA Series User’s Guide Internal SPTGEN Overview ................................................................................... 395 The Configuration Text File Format........................................................................ 395 Internal SPTGEN File Modification - Important Points to Remember .............. 395 Internal SPTGEN FTP Download Example............................................................ 396 Internal SPTGEN FTP Upload Example ..............................
P-2602H(W)(L)-DxA Series User’s Guide List of Figures Figure 1 Internet Access Application ................................................................................... 44 Figure 2 Internet Telephony Service Provider Application .................................................. 45 Figure 3 Peer-to-peer Calling .............................................................................................. 45 Figure 4 Firewall Application ................................................................
P-2602H(W)(L)-DxA Series User’s Guide Figure 39 Bandwidth Management Wizard: General Information ....................................... 80 Figure 40 Bandwidth Management Wizard: Service Configuration ..................................... 80 Figure 41 Bandwidth Management Wizard: Complete ........................................................ 81 Figure 42 Status Screen ...................................................................................................... 83 Figure 43 Any IP Table .........
P-2602H(W)(L)-DxA Series User’s Guide Figure 82 Port Forwarding Rule Setup .............................................................................. 148 Figure 83 Network > NAT > ALG ........................................................................................ 149 Figure 84 SIP User Agent ................................................................................................... 153 Figure 85 SIP Proxy Server ...........................................................................
P-2602H(W)(L)-DxA Series User’s Guide Figure 125 Two Phases to Set Up the IPSec SA ................................................................ 234 Figure 126 Advanced VPN Policies .................................................................................... 237 Figure 127 VPN: Manual Key .............................................................................................. 240 Figure 128 VPN: SA Monitor .....................................................................................
P-2602H(W)(L)-DxA Series User’s Guide Figure 168 E-mail Log Example .......................................................................................... 300 Figure 169 Firmware Upgrade ............................................................................................ 303 Figure 170 Firmware Upload In Progress ........................................................................... 303 Figure 171 Network Temporarily Disconnected .............................................................
P-2602H(W)(L)-DxA Series User’s Guide Figure 211 Macintosh OS X: Apple Menu ........................................................................... 350 Figure 212 Macintosh OS X: Network ................................................................................. 351 Figure 213 Peer-to-Peer Communication in an Ad-hoc Network ........................................ 361 Figure 214 Basic Service Set ..............................................................................................
P-2602H(W)(L)-DxA Series User’s Guide List of Tables Table 1 Models Covered .................................................................................................... 37 Table 2 ADSL Standards .................................................................................................... 38 Table 3 IEEE 802.11g ......................................................................................................... 42 Table 4 LEDs .............................................................
P-2602H(W)(L)-DxA Series User’s Guide Table 39 Wireless: WPA(2)-PSK ........................................................................................ 129 Table 40 Wireless: WPA(2) ................................................................................................ 130 Table 41 Wireless LAN: Advanced ..................................................................................... 132 Table 42 Network > Wireless LAN > OTIST ..............................................................
P-2602H(W)(L)-DxA Series User’s Guide Table 82 VPN and NAT ...................................................................................................... 226 Table 83 Local ID Type and Content Fields ....................................................................... 228 Table 84 Peer ID Type and Content Fields ........................................................................ 228 Table 85 Matching ID Type and Content Configuration Example .......................................
P-2602H(W)(L)-DxA Series User’s Guide Table 125 Troubleshooting Starting Up Your Device .......................................................... 319 Table 126 Troubleshooting the LAN ................................................................................... 319 Table 127 Troubleshooting the WAN .................................................................................. 320 Table 128 Troubleshooting Accessing Your Device ...........................................................
P-2602H(W)(L)-DxA Series User’s Guide Table 168 RTP Logs ........................................................................................................... 389 Table 169 FSM Logs: Caller Side ....................................................................................... 389 Table 170 FSM Logs: Callee Side ...................................................................................... 389 Table 171 PSTN Logs ............................................................................
P-2602H(W)(L)-DxA Series User’s Guide 34 List of Tables
P-2602H(W)(L)-DxA Series User’s Guide Preface Congratulations on your purchase of the P-2602H(W)(L)-DxA 802.11g Wireless ADSL 2+ VoIP IAD (the “ZyXEL Device”). Your ZyXEL Device is easy to install and configure. About This User's Guide This manual is designed to guide you through the configuration of your ZyXEL Device for its various applications. Note: Use the web configurator or command interpreter interface to configure your ZyXEL Device.
P-2602H(W)(L)-DxA Series User’s Guide • Mouse action sequences are denoted using a right angle bracket ( > ). For example, “In Windows, click Start > Settings > Control Panel” means first click the Start button, then point your mouse pointer to Settings and then click Control Panel. • “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. • The P-2602H(W)(L)-DxA may be referred to as the ZyXEL Device in this user’s guide.
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 1 Getting To Know the ZyXEL Device This chapter describes the key features and applications of your device. 1.1 Introducing the P-2602H(W)(L)-Dx Series The P-2602H(W)(L)-DxA series are Integrated Access Devices (IADs) that combine an ADSL2+ router with Voice over IP (VoIP) communication capabilities to allow you to use a traditional analog or ISDN telephone to make Internet calls.
P-2602H(W)(L)-DxA Series User’s Guide Models with “3” as the next to the last character (like the P-2602HWL-D3A) denote a device that works over ISDN (Integrated Services Digital Network). Models with “1” or “7” as the next to the last character (like the P-2602HWL-D1A or the P-2602HWL-D7A) denote a device that works over T-ISDN (UR-2). Note: Only use firmware for your ZyXEL Device’s specific model. Refer to the label on the bottom of your ZyXEL Device.
P-2602H(W)(L)-DxA Series User’s Guide PSTN Line (“L” models only) You can connect a PSTN line to your device. You can receive incoming PSTN phone calls even while someone else is making VoIP phone calls. You can dial a (prefix) number to make an outgoing PSTN call. You can still make PSTN phone calls if your device loses power. Note: When the ZyXEL Device does not have power, only the phone connected to the PHONE 1 port can be used for making calls.
P-2602H(W)(L)-DxA Series User’s Guide Network Address Translation (NAT) Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet). Content Filtering Content filtering allows you to block access to Internet web sites that contain key words (that you specify) in the URL.
P-2602H(W)(L)-DxA Series User’s Guide Echo Cancellation You device supports G.168, an ITU-T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk. QoS (Quality of Service) Quality of Service (QoS) mechanisms help to provide better service on a per-flow basis. Your device supports Type of Service (ToS) tagging and Differentiated Services (DiffServ) tagging.
P-2602H(W)(L)-DxA Series User’s Guide Multiple PVC (Permanent Virtual Circuits) Support Your device supports up to 8 Permanent Virtual Circuits (PVC’s). IP Alias IP alias allows you to partition a physical network into logical networks over the same Ethernet interface. Your device supports three logical LAN interfaces via its single physical Ethernet interface with the your device itself as the gateway for each LAN network.
P-2602H(W)(L)-DxA Series User’s Guide Table 3 IEEE 802.11g DATA RATE (MBPS) MODULATION 5.5 / 11 CCK (Complementary Code Keying) 6/9/12/18/24/36/48/54 OFDM (Orthogonal Frequency Division Multiplexing) Note: Your device may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs. IEEE 802.11g+ Wireless LAN Your device supports IEEE 802.
P-2602H(W)(L)-DxA Series User’s Guide 1.4 Applications for the ZyXEL Device Here are some example uses for which the ZyXEL Device is well suited. 1.4.1 Internet Access Your device is the ideal high-speed Internet access solution. It supports the TCP/IP protocol, which the Internet uses exclusively. It is compatible with all major ADSL DSLAM (Digital Subscriber Line Access Multiplexer) providers.
P-2602H(W)(L)-DxA Series User’s Guide Figure 2 Internet Telephony Service Provider Application 1.4.3 Make Peer-to-peer Calls You can call directly to someone’s IP address without using a SIP proxy server. Peer-to-peer calls are also called “Point to Point” or “IP-to-IP” calls. You must know the peer’s IP address in order to do this. The following figure shows a basic example of how you would make a peer-to-peer VoIP call.
P-2602H(W)(L)-DxA Series User’s Guide Figure 4 Firewall Application 1.4.5 LAN to LAN Application You can use your device to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application is shown as follows.
P-2602H(W)(L)-DxA Series User’s Guide 1.4.6 LEDs Figure 6 LEDs The following table describes your device’s LEDs. Table 4 LEDs LED COLOR STATUS DESCRIPTION POWER Green On Your device is receiving power and functioning properly. Blinking Your device is rebooting and performing a self-test. Red On Your device is not ready or there is a malfunction. None Off Your device is not turned on. Green On Your device has a successful Ethernet connection.
P-2602H(W)(L)-DxA Series User’s Guide Table 4 LEDs (continued) LED COLOR STATUS DESCRIPTION DSL Green On Your device has a DSL connection. Blinking Your device is initializing the DSL line. None Off The DSL link is down. Green On Your device has an IP connection but no traffic. Your device has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up.
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 2 Introducing the Web Configurator This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
P-2602H(W)(L)-DxA Series User’s Guide Figure 7 Password Screen 5 The following screen displays if you have not yet changed your password. It is highly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now. Figure 8 Change Password Screen 6 A screen displays to let you choose whether to go to the wizard or the advanced screens.
P-2602H(W)(L)-DxA Series User’s Guide Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes. If this happens, log in again. Figure 9 Wizard or Advanced Screen 2.1.2 The RESET Button You can use the RESET button at the back of the device to turn the wireless LAN off or on. You can also use it to activate OTIST in order to assign your wireless security settings to wireless clients.
P-2602H(W)(L)-DxA Series User’s Guide 2.2 Web Configurator Main Screen Figure 10 Main Screen A B C D As illustrated above, the main screen is divided into these parts: • • • • A - title bar B - navigation panel C - main window D - status bar 2.2.1 Title Bar The title bar allows you to change the language and provides some icons in the upper right corner.
P-2602H(W)(L)-DxA Series User’s Guide The icons provide the following functions. Table 5 Web Configurator Icons in the Title Bar ICON DESCRIPTION Help: Click this icon to open up help screens. Wizards: Click this icon to go to the configuration wizards. See Chapter 3 on page 57 for more information. Logout: Click this icon to log out of the web configurator. 2.2.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure ZyXEL Device features.
P-2602H(W)(L)-DxA Series User’s Guide Table 6 Navigation Panel Summary LINK Phone Phone Book PSTN Line (“L” models only) TAB FUNCTION Analog Phone Use this screen to set which phone ports use which SIP accounts. Common Use this screen to configure general phone port settings. Region Use this screen to select your location and call service mode. Incoming Call Policy Use this screen to configure call-forwarding.
P-2602H(W)(L)-DxA Series User’s Guide Table 6 Navigation Panel Summary LINK Remote MGMT UPnP TAB FUNCTION WWW Use this screen to configure through which interface(s) and from which IP address(es) users can use HTTP to manage the ZyXEL Device. Telnet Use this screen to configure through which interface(s) and from which IP address(es) users can use Telnet to manage the ZyXEL Device.
P-2602H(W)(L)-DxA Series User’s Guide 56 Chapter 2 Introducing the Web Configurator
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 3 Internet and Wireless Setup Wizard This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. Note: See the advanced menu chapters for background information on these fields. 3.
P-2602H(W)(L)-DxA Series User’s Guide Figure 12 Wizard Welcome 3 Your ZyXEL device attempts to detect your DSL connection and your connection type. a The following screen appears if a connection is not detected. Check your hardware connections and click Restart the Internet/Wireless Setup Wizard to return to the wizard welcome screen. If you still cannot connect, click Manually configure your Internet connection.
P-2602H(W)(L)-DxA Series User’s Guide Figure 14 Auto-Detection: PPPoE c The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to Section 3.2.1 on page 59 on how to manually configure the ZyXEL Device for Internet access. Figure 15 Auto Detection: Failed 3.2.
P-2602H(W)(L)-DxA Series User’s Guide SIP provider gave it to you. Leave the defaults in any fields for which you were not given information. Figure 16 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 7 Internet Access Wizard Setup: ISP Parameters 60 LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge.
P-2602H(W)(L)-DxA Series User’s Guide Table 7 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Next Click Next to continue to the next wizard screen. The next wizard screen you see depends on what protocol you chose above. Exit Click Exit to close the wizard screen without saving your changes. 2 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 3.
P-2602H(W)(L)-DxA Series User’s Guide Figure 18 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 9 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field. Back Click Back to go back to the previous wizard screen. Next Click Next to continue to the next wizard screen.
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the fields in this screen. Table 10 Internet Connection with ENET ENCAP LABEL DESCRIPTION Obtain an IP Address Automatically A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet. Select Obtain an IP Address Automatically if you have a dynamic IP address.
P-2602H(W)(L)-DxA Series User’s Guide Table 11 Internet Connection with PPPoA (continued) LABEL DESCRIPTION Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. • If the user name and/or password you entered for PPPoE or PPPoA connection are not correct, the screen displays as shown next.
P-2602H(W)(L)-DxA Series User’s Guide 3.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. Figure 23 Connection Test Successful 2 Use this screen to activate the wireless LAN and OTIST. Click Next to continue.
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 12 Wireless LAN Setup Wizard 1 LABEL DESCRIPTION Active Select the check box to turn on the wireless LAN. Enable OTIST Select the check box to enable OTIST if you want to transfer your ZyXEL Device’s SSID and WEP or WPA-PSK security settings to wireless clients that support OTIST and are within transmission range. You must also activate and start OTIST on the wireless client at the same time.
P-2602H(W)(L)-DxA Series User’s Guide Table 13 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Security Select Automatically assign a WPA key (only available if you enable OTIST) if you want OTIST to configure a WPA key for you. Select Manually assign a WPA-PSK key to configure a Pre-Shared Key (WPA-PSK). Choose this option only if your wireless clients support WPA. See Section 3.3.1 on page 67 for more information. Select Manually assign a WEP key to configure a WEP Key. See Section 3.3.
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 14 Manually Assign a WPA key LABEL DESCRIPTION Pre-Shared Key Type from 8 to 63 case-sensitive ASCII characters. You can set up the most secure wireless connection by configuring WPA in the wireless LAN screens. You need to configure an authentication server to do this. Back Click Back to display the previous screen. Next Click Next to proceed to the next screen.
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 15 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. Enter any 5, 13 or 29 ASCII characters or 10, 26 or 58 hexadecimal characters ("0-9", "A-F") for a 64-bit, 128-bit or 256-bit WEP key respectively. Back Click Back to display the previous screen.
P-2602H(W)(L)-DxA Series User’s Guide Figure 29 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct.
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 4 VoIP Wizard And Example This chapter shows you how to configure your SIP account(s) and make a VoIP phone call. 4.1 Introduction The ZyXEL Device has Voice over IP (VoIP) communication capabilities that allow you to use a traditional analog telephone to make Internet calls. You can configure the ZyXEL Device to use up to two SIP based VoIP accounts. This section describes how you can set up your ZyXEL Device to call someone who is also using a VoIP device.
P-2602H(W)(L)-DxA Series User’s Guide Figure 31 Select a Mode 2 Click VOICE OVER INTERNET SETUP to configure your SIP settings.
P-2602H(W)(L)-DxA Series User’s Guide 3 Fill in the VOICE OVER INTERNET SETUP wizard screen with the information provided by your VoIP service provider. Your VoIP service provider supplies you with the following information. When you are finished, click Apply. Table 16 Sample SIP Account Information INFORMATION FROM VOIP SERVICE EXAMPLE VALUES PROVIDER DESCRIPTION SIP account address 11223344@SIPA-Account.com 11223344 is your SIP number.
P-2602H(W)(L)-DxA Series User’s Guide Table 17 VoIP Wizard Configuration LABEL DESCRIPTION SIP Service Domain Enter the SIP service domain name in this field (the domain name that comes after the @ symbol in a SIP account like 11223344@SIPAAccount.com). You can use up to 127 ASCII Extended set characters. User Name This is the name used to register this SIP account with the SIP register server. Type the user name exactly as it was given to you. You can use up to 95 ASCII characters.
P-2602H(W)(L)-DxA Series User’s Guide Figure 35 VoIP Wizard Fail 6 This screen displays if your SIP account registration was successful. Click Return to Wizard Main Page if you want to use another configuration wizard. Click Go to Advanced Setup page or Finish to close the wizard and go to the main web configurator screens. Figure 36 VoIP Wizard Finish 7 To call other VoIP users, you need to follow a similar process to ensure that their SIP account is registered and active.
P-2602H(W)(L)-DxA Series User’s Guide 76 Chapter 4 VoIP Wizard And Example
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 5 Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 5.1 Introduction Bandwidth management allows you to control the amount of bandwidth going out through the ZyXEL Device’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements. This helps keep one service from using all of the available bandwidth and shutting out other users. 5.
P-2602H(W)(L)-DxA Series User’s Guide Table 18 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION NetMeeting (H.323) A multimedia communications product from Microsoft that enables groups to teleconference and videoconference over the Internet. NetMeeting supports VoIP, text chat sessions, a whiteboard, and file transfers and application sharing. NetMeeting uses H.323. H.323 is a standard teleconferencing protocol suite that provides audio, data and video conferencing.
P-2602H(W)(L)-DxA Series User’s Guide Figure 37 Select a Mode 2 Click BANDWIDTH MANAGEMENT SETUP. Figure 38 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the packet size or services.
P-2602H(W)(L)-DxA Series User’s Guide Figure 39 Bandwidth Management Wizard: General Information The following fields describe the label in this screen. Table 19 Bandwidth Management Wizard: General Information LABEL DESCRIPTION Active Select the Active check box to have the ZyXEL Device apply bandwidth management to traffic going out through the ZyXEL Device’s WAN, LAN or WLAN port.
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 20 Bandwidth Management Wizard: Service Configuration LABEL DESCRIPTION Active Select Active to enable bandwidth management for service specified traffic. Select an entry’s Active check box to turn on bandwidth management for the service/ application. Service These fields display the services names.
P-2602H(W)(L)-DxA Series User’s Guide 82 Chapter 5 Bandwidth Management Wizard
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 6 Status Screens Use the Status screens to look at the current status of the device, system resources, interfaces (LAN and WAN), and SIP accounts. You can also register and unregister SIP accounts. The Status screen also provides detailed information from Any IP and DHCP and statistics from VoIP, bandwidth management, and traffic. 6.1 Status Screen Click Status to open this screen.
P-2602H(W)(L)-DxA Series User’s Guide Each field is described in the following table. Table 21 Status Screen LABEL DESCRIPTION Refresh Interval Enter how often you want the ZyXEL Device to update this screen. Apply Click this to update this screen immediately. Device Information Host Name This field displays the ZyXEL Device system name. It is used for identification. You can change this in the Maintenance > System > General screen’s System Name field.
P-2602H(W)(L)-DxA Series User’s Guide Table 21 Status Screen LABEL DESCRIPTION Security Firewall This displays whether or not the ZyXEL Device’s firewall is activated. Click this to go to the screen where you can change it. Content Filter This displays whether or not the ZyXEL Device’s content filtering is activated. Click this to go to the screen where you can change it. System Status System Uptime This field displays how long the ZyXEL Device has been running since it last started up.
P-2602H(W)(L)-DxA Series User’s Guide Table 21 Status Screen LABEL DESCRIPTION Bandwidth Status Click this link to view the ZyXEL Device’s bandwidth usage and allotments. See Section 19.9 on page 262. VPN Status Click this link to view the ZyXEL Device’s current VPN connections. See Section 17.16 on page 242. Packet Statistics Click this link to view port status and packet specific statistics. See Section 6.4 on page 87. VoIP Statistics Click this link to view statistics about your VoIP usage.
P-2602H(W)(L)-DxA Series User’s Guide Each field is described in the following table. Table 22 Any IP Table LABEL DESCRIPTION # This field is a sequential value. It is not associated with a specific entry. IP Address This field displays the IP address of each computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device. MAC Address This field displays the MAC address of the computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device.
P-2602H(W)(L)-DxA Series User’s Guide Figure 45 Packet Statistics The following table describes the fields in this screen. Table 24 Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/Time This field displays your ZyXEL Device’s present date and time. CPU Usage This field specifies the percentage of CPU utilization. Memory Usage This field specifies the percentage of memory utilization.
P-2602H(W)(L)-DxA Series User’s Guide Table 24 Packet Statistics (continued) LABEL DESCRIPTION Up Time This field displays the elapsed time this port has been up. LAN Port Statistics Ethernet This field displays either Ethernet (LAN ports) or Wireless (WLAN port). Status For the LAN ports, this field displays Down (line is down) or Up (line is up or connected). For the WLAN port, it displays the transmission rate when WLAN is enabled or N/A when WLAN is disabled.
P-2602H(W)(L)-DxA Series User’s Guide Each field is described in the following table. Table 25 VoIP Statistics LABEL DESCRIPTION SIP Status Account This column displays each SIP account in the ZyXEL Device. Registration This field displays the current registration status of the SIP account. You can change this in the Status screen. Registered - The SIP account is registered with a SIP server.
P-2602H(W)(L)-DxA Series User’s Guide Table 25 VoIP Statistics LABEL DESCRIPTION Tx B/s This field displays how quickly the ZyXEL Device has transmitted packets in the current call. The rate is the average number of bytes transmitted per second. Rx B/s This field displays how quickly the ZyXEL Device has received packets in the current call. The rate is the average number of bytes transmitted per second.
P-2602H(W)(L)-DxA Series User’s Guide 92 Chapter 6 Status Screens
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 7 WAN Setup This chapter describes how to configure WAN settings. 7.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 7.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods. 7.1.1.1 ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol.
P-2602H(W)(L)-DxA Series User’s Guide By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access. 7.1.1.3 PPPoA PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection functions like a dial-up Internet connection.
P-2602H(W)(L)-DxA Series User’s Guide 7.1.4 IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP. However the encapsulation method assigned influences your choices for IP address and ENET ENCAP gateway. 7.1.4.
P-2602H(W)(L)-DxA Series User’s Guide 7.2 Metric The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1" for directly connected networks. The number must be between "1" and "15"; a number greater than "15" means the link is down. The smaller the number, the lower the "cost".
P-2602H(W)(L)-DxA Series User’s Guide Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again. If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate. The following figure illustrates the relationship between PCR, SCR and MBS.
P-2602H(W)(L)-DxA Series User’s Guide The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An example of an VBR-nRT connection would be non-time sensitive data file transfers. 7.3.1.
P-2602H(W)(L)-DxA Series User’s Guide Figure 48 Internet Access Setup (PPPoE) The following table describes the labels in this screen. Table 26 Internet Access Setup LABEL DESCRIPTION General Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account. Otherwise select Bridge. Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. Choices vary depending on the mode you select in the Mode field.
P-2602H(W)(L)-DxA Series User’s Guide Table 26 Internet Access Setup (continued) LABEL DESCRIPTION VCI The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you. IP Address IP Address This option is available if you select Routing in the Mode field. A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet.
P-2602H(W)(L)-DxA Series User’s Guide Table 26 Internet Access Setup (continued) LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click this button to display the Advanced WAN Setup screen and edit more details of your WAN setup. 7.5.1 Advanced Internet Access Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the Internet Access Setup screen. The screen appears as shown.
P-2602H(W)(L)-DxA Series User’s Guide Table 27 Advanced Internet Access Setup (continued) LABEL DESCRIPTION Peak Cell Rate Divide the DSL line rate (bps) by 424 (the size of an ATM cell) to find the Peak Cell Rate (PCR). This is the maximum rate at which the sender can send cells. Type the PCR here. Sustain Cell Rate The Sustain Cell Rate (SCR) sets the average cell rate (long-term) that can be transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec.
P-2602H(W)(L)-DxA Series User’s Guide Figure 50 WAN More Connections The following table describes the labels in this screen. Table 28 Advanced Internet Access Setup LABEL DESCRIPTION # This is an index number indicating the number of the corresponding connection. Active This field indicates whether the connection is active or not. Name This is the name you gave to the Internet connection.
P-2602H(W)(L)-DxA Series User’s Guide Figure 51 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the following figure) and the backup gateway in another subnet (Subnet 2).
P-2602H(W)(L)-DxA Series User’s Guide 7.8 WAN Backup Setup To configure your ZyXEL Device’s WAN backup, click Network > WAN > WAN Backup Setup. The following table describes the labels in this screen. Table 29 WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
P-2602H(W)(L)-DxA Series User’s Guide Table 29 WAN Backup Setup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your ZyXEL Device to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request. The WAN connection is considered "down" after the ZyXEL Device times out the number of times specified in the Fail Tolerance field. Use a higher value in this field if your network is busy or congested.
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 8 LAN Setup This chapter describes how to configure LAN settings. 8.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses. See Section 8.3 on page 113 to configure the LAN screens. 8.1.
P-2602H(W)(L)-DxA Series User’s Guide 8.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured. 8.1.2.
P-2602H(W)(L)-DxA Series User’s Guide 8.1.4 DNS Server Address Assignment Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. There are two ways that an ISP disseminates the DNS server addresses. • The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up.
P-2602H(W)(L)-DxA Series User’s Guide 8.2.1.1 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 — 10.255.255.255 • 172.16.0.0 — 172.31.255.255 • 192.168.0.
P-2602H(W)(L)-DxA Series User’s Guide 8.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
P-2602H(W)(L)-DxA Series User’s Guide Figure 54 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the ZyXEL Device’s IP address. Note: You must enable NAT/SUA to use the Any IP feature on the ZyXEL Device. 8.2.4.
P-2602H(W)(L)-DxA Series User’s Guide After all the routing information is updated, the computer can access the ZyXEL Device and the Internet as if it is in the same subnet as the ZyXEL Device. 8.3 Configuring LAN IP Click Network > LAN to open the IP screen. See Section 8.1 on page 107 for background information. Figure 55 LAN IP The following table describes the fields in this screen.
P-2602H(W)(L)-DxA Series User’s Guide Figure 56 Advanced LAN Setup The following table describes the labels in this screen. Table 31 Advanced LAN Setup LABEL DESCRIPTION RIP & Multicast Setup 114 RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group.
P-2602H(W)(L)-DxA Series User’s Guide 8.4 DHCP Setup Click Network > DHCP Setup to open this screen. Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 57 DHCP Setup The following table describes the labels in this screen.
P-2602H(W)(L)-DxA Series User’s Guide Table 32 DHCP Setup LABEL DESCRIPTION First DNS Server Second DNS Server Third DNS Server Select Obtained From ISP if your ISP dynamically assigns DNS server information (and the ZyXEL Device's WAN IP address). Select User-Defined if you have the IP address of a DNS server. Enter the DNS server's IP address in the field to the right. If you chose User-Defined, but leave the IP address set to 0.0.0.0, User-Defined changes to None after you click Apply.
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 33 LAN Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify. MAC Address Enter the MAC address of a computer on your LAN. Add Click Add to add a static DHCP entry. # This is the index number of the static IP table entry (row).
P-2602H(W)(L)-DxA Series User’s Guide Figure 59 Physical Network & Partitioned Logical Networks Click Network > LAN > IP Alias to open the following screen. Use this screen to change your ZyXEL Device’s IP alias settings. Figure 60 LAN IP Alias The following table describes the labels in this screen. Table 34 LAN IP Alias 118 LABEL DESCRIPTION IP Alias 1, 2 Select the check box to configure another LAN network for the ZyXEL Device.
P-2602H(W)(L)-DxA Series User’s Guide Table 34 LAN IP Alias LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None. When set to Both or Out Only, the ZyXEL Device will broadcast its routing table periodically.
P-2602H(W)(L)-DxA Series User’s Guide 120 Chapter 8 LAN Setup
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 9 Wireless LAN This chapter discusses how to configure the wireless network settings in your ZyXEL Device. See the appendices for more detailed information about wireless networks.This chapter applies to the “W” models only. 9.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 61 Example of a Wireless Network The wireless network is the part in the blue circle.
P-2602H(W)(L)-DxA Series User’s Guide Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information. • Every device in the same wireless network must use security compatible with the AP. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 9.
P-2602H(W)(L)-DxA Series User’s Guide 9.2.3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before they can use it. However, every device in the wireless network has to support IEEE 802.1x to do this. For wireless networks, you can store the user names and passwords for each user in a RADIUS server. This is a server used in businesses more than in homes.
P-2602H(W)(L)-DxA Series User’s Guide When you select WPA2 or WPA2-PSK in your ZyXEL Device, you can also select an option (WPA compatible) to support WPA as well. In this case, if some of the devices support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the ZyXEL Device. Many types of encryption use a key to protect the information in the wireless network.
P-2602H(W)(L)-DxA Series User’s Guide 9.4 Additional Wireless Terms The following table describes wireless network terms and acronyms used in the ZyXEL Device. TERM DESCRIPTION Intra-BSS Traffic This describes direct communication (not through the ZyXEL Device) between two wireless devices within a wireless network. You might disable this kind of communication to enhance security within your wireless network.
P-2602H(W)(L)-DxA Series User’s Guide Figure 62 Wireless LAN: General The following table describes the general wireless LAN labels in this screen. Table 36 Wireless LAN: General LABEL DESCRIPTION Active Wireless Click the check box to activate wireless LAN. LAN Network Name(SSID) (Service Set IDentity) The SSID identifies the Service Set with which a wireless station is associated. Wireless stations associating to the access point (AP) must have the same SSID.
P-2602H(W)(L)-DxA Series User’s Guide Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 63 Wireless: No Security The following table describes the labels in this screen. Table 37 Wireless No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. 9.5.
P-2602H(W)(L)-DxA Series User’s Guide Figure 64 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 38 Wireless: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box. Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate. The ZyXEL Device automatically generates a WEP key. WEP Key The WEP key is used to encrypt data.
P-2602H(W)(L)-DxA Series User’s Guide Figure 65 Wireless: WPA(2)-PSK The following table describes the wireless LAN security labels in this screen. Table 39 Wireless: WPA(2)-PSK LABEL DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK from the drop-down list box. WPA Compatible This field is only available for WPA2-PSK. Select this if you want the ZyXEL Device to support WPA-PSK and WPA2-PSK simultaneously. Pre-Shared Key The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same.
P-2602H(W)(L)-DxA Series User’s Guide 9.5.4 WPA(2) Authentication Screen In order to configure and enable WPA Authentication; click the Wireless LAN link under Network to display the Wireless screen. Select WPA or WPA2 from the Security list. Figure 66 Wireless: WPA(2) The following table describes the wireless LAN security labels in this screen. Table 40 Wireless: WPA(2) LABEL DESCRIPTION Security Mode Choose WPA or WPA2 from the drop-down list box.
P-2602H(W)(L)-DxA Series User’s Guide Table 40 Wireless: WPA(2) LABEL DESCRIPTION Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour).
P-2602H(W)(L)-DxA Series User’s Guide Figure 67 Advanced The following table describes the labels in this screen. Table 41 Wireless LAN: Advanced LABEL DESCRIPTION Wireless Advanced Setup RTS/CTS Threshold Enter a value between 0 and 2432. If you select the G+ Enhanced checkbox a value of 4096 is displayed. Fragmentation Threshold It is the maximum data fragment size that can be sent. Enter a value between 256 and 2432. If you select the G+ Enhanced checkbox a value of 4096 is displayed.
P-2602H(W)(L)-DxA Series User’s Guide 9.6 OTIST Screen Use this screen to set up and start OTIST on the ZyXEL Device in your wireless network.To open this screen, click Network > Wireless LAN > OTIST. Figure 68 Network > Wireless LAN > OTIST The following table describes the labels in this screen. Table 42 Network > Wireless LAN > OTIST LABEL DESCRIPTION Setup Key Type a key (password) 8 ASCII characters long.
P-2602H(W)(L)-DxA Series User’s Guide Figure 69 Example: Wireless Client OTIST Screen To start OTIST in the device, click Start in this screen. Note: You must click Start in the ZyXEL Device and in the wireless device(s) within three minutes of each other. You can start OTIST in the wireless devices and the ZyXEL Device in any order. After you click Start in the ZyXEL Device, the following screen appears (in the ZyXEL Device).
P-2602H(W)(L)-DxA Series User’s Guide Figure 72 OTIST: In Progress on the Wireless Device These screens close when the transfer is complete. 9.6.1 Notes on OTIST 1 If you enable OTIST in a wireless device, you see this screen each time you start the utility. Click Yes to search for an OTIST-enabled AP (in other words, the ZyXEL Device).
P-2602H(W)(L)-DxA Series User’s Guide 9.7 MAC Filter To change your ZyXEL Device’s MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. Figure 74 MAC Address Filter The following table describes the labels in this menu. Table 43 MAC Address Filter 136 LABEL DESCRIPTION Active MAC Filter Select the check box to enable MAC address filtering. Filter Action Define the filter action for the list of MAC addresses in the MAC Address table.
P-2602H(W)(L)-DxA Series User’s Guide Table 43 MAC Address Filter LABEL DESCRIPTION MAC Address Enter the MAC addresses of the wireless station that are allowed or denied access to the ZyXEL Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. 9.
P-2602H(W)(L)-DxA Series User’s Guide Table 44 Wireless LAN: QoS LABEL DESCRIPTION WMM QoS Policy Select Default to have the ZyXEL Device automatically give a service a priority level according to the ToS value in the IP header of packets it sends. Select Application Priority from the drop-down list box to display a table of application names, services, ports and priorities to which you want to apply WMM QoS. This table only appears if you select Application Priority in WMM QoS Policy.
P-2602H(W)(L)-DxA Series User’s Guide See Appendix 31 on page 371 for a list of commonly-used services and destination ports. The following table describes the fields in this screen. Table 45 Application Priority Configuration LABEL DESCRIPTION Application Priority Configuration Name Type a description of the application priority. Service The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list box.
P-2602H(W)(L)-DxA Series User’s Guide 140 Chapter 9 Wireless LAN
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 10 Network Address Translation (NAT) Screens This chapter discusses how to configure NAT on the ZyXEL Device. 10.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 10.1.
P-2602H(W)(L)-DxA Series User’s Guide 10.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
P-2602H(W)(L)-DxA Series User’s Guide 10.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. Figure 78 NAT Application With IP Alias 10.1.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP address.
P-2602H(W)(L)-DxA Series User’s Guide Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these types. Table 47 NAT Mapping Types TYPE IP MAPPING One-to-One ILA1ÅÆ IGA1 Many-to-One (SUA/PAT) ILA1ÅÆ IGA1 ILA2ÅÆ IGA1 … Many-to-Many Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA1 ILA4ÅÆ IGA2 … Many-to-Many No Overload ILA1ÅÆ IGA1 ILA2ÅÆ IGA2 ILA3ÅÆ IGA3 … Server Server 1 IPÅÆ IGA1 Server 2 IPÅÆ IGA1 Server 3 IPÅÆ IGA1 10.
P-2602H(W)(L)-DxA Series User’s Guide Figure 79 NAT General The following table describes the labels in this screen. Table 48 NAT General LABEL DESCRIPTION Active Network Address Translation (NAT) Select this check box to enable NAT. SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device. Full Feature Select this radio button if you have multiple public WAN IP addresses for your ZyXEL Device.
P-2602H(W)(L)-DxA Series User’s Guide You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers.
P-2602H(W)(L)-DxA Series User’s Guide 10.5 Configuring Port Forwarding Note: If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. Click Network > NAT > Port Forwarding to open the following screen. See Appendix F on page 371 for port numbers commonly used for particular services. Figure 81 Port Forwarding The following table describes the fields in this screen.
P-2602H(W)(L)-DxA Series User’s Guide Table 49 Port Forwarding LABEL DESCRIPTION Modify Click the edit icon to go to the screen where you can edit the port forwarding rule. Click the delete icon to delete an existing port forwarding rule. Note that subsequent address mapping rules move up by one when you take this action. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous configuration. 10.5.
P-2602H(W)(L)-DxA Series User’s Guide Table 50 Port Forwarding Rule Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 10.5.2 SIP ALG Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream.
P-2602H(W)(L)-DxA Series User’s Guide 150 Chapter 10 Network Address Translation (NAT) Screens
P-2602H(W)(L)-DxA Series User’s Guide C H A P T E R 11 Voice This chapter provides background information on VoIP and SIP and explains how to configure your device’s voice settings. 11.1 Introduction to VoIP VoIP is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuitswitched telephone network.
P-2602H(W)(L)-DxA Series User’s Guide 11.2.1.2 SIP Service Domain The SIP service domain of the VoIP service provider is the domain name in a SIP URI. For example, if the SIP address is 1122334455@VoIP-provider.com, then “VoIP-provider.com” is the SIP service domain. 11.2.2 SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call. A calls B. Table 52 SIP Call Progression A B 1. INVITE 2. Ringing 3. OK 4. ACK 5.Dialogue (voice traffic) 6. BYE 7.
P-2602H(W)(L)-DxA Series User’s Guide 11.2.3.1 SIP User Agent A SIP user agent can make and receive VoIP telephone calls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol. In the following figure, either A or B can act as a SIP user agent client to initiate a call. A and B can also both act as a SIP user agent to receive the call. Figure 84 SIP User Agent 11.2.3.
P-2602H(W)(L)-DxA Series User’s Guide 11.2.3.3 SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server. Redirect servers do not initiate SIP requests.
P-2602H(W)(L)-DxA Series User’s Guide Figure 87 SIP > SIP Settings Each field is described in the following table. Table 53 SIP > SIP Settings LABEL DESCRIPTION SIP Account Select the SIP account you want to see in this screen. If you change this field, the screen automatically refreshes. SIP Settings Active SIP Account Select this if you want the ZyXEL Device to use this account. Clear it if you do not want the ZyXEL Device to use this account. Number Enter your SIP number.
P-2602H(W)(L)-DxA Series User’s Guide Table 53 SIP > SIP Settings LABEL DESCRIPTION SIP Service Domain Enter the SIP service domain name. In the full SIP URI, this is the part after the @ symbol. You can use up to 127 printable ASCII Extended set characters. Send Caller ID Select this if you want to send identification when you make VoIP phone calls. Clear this if you do not want to send identification.
P-2602H(W)(L)-DxA Series User’s Guide 11.6 PSTN Call Setup Signaling Dual-Tone MultiFrequency (DTMF) signaling uses pairs of frequencies (one lower frequency and one higher frequency) to set up calls. It is also known as Touch Tone®. Each of the keys on a DTMF telephone corresponds to a different pair of frequencies. Pulse dialing sends a series of clicks to the local phone office in order to dial numbers.1 11.
P-2602H(W)(L)-DxA Series User’s Guide 4 You can continue to add, listen to, or delete tones, or you can hang up the receiver when you are done. 11.8.0.2 Listening to Custom Tones Do the following to listen to a custom tone: 1 Pick up the phone and press “****” on your phone’s keypad and wait for the message that says you are in the configuration menu. 2 Press a number from 1201~1208 followed by the “#” key to listen to the tone.
P-2602H(W)(L)-DxA Series User’s Guide Figure 88 VoIP > SIP Settings > Advanced Chapter 11 Voice 159
P-2602H(W)(L)-DxA Series User’s Guide Each field is described in the following table. Table 55 VoIP > SIP Settings > Advanced LABEL DESCRIPTION SIP Account This field displays the SIP account you see in this screen. SIP Server Settings URL Type Select whether or not to include the SIP service domain name when the ZyXEL Device sends the SIP number. SIP - include the SIP service domain name. TEL - do not include the SIP service domain name.
P-2602H(W)(L)-DxA Series User’s Guide Table 55 VoIP > SIP Settings > Advanced LABEL DESCRIPTION DTMF Mode Control how the ZyXEL Device handles the tones that your telephone makes when you push its buttons. You should use the same mode your VoIP service provider uses. RFC 2833 - send the DTMF tones in RTP packets. PCM - send the DTMF tones in the voice data stream. This method works best when you are using a codec that does not use compression (like G.711). Codecs that use compression (like G.
P-2602H(W)(L)-DxA Series User’s Guide Table 55 VoIP > SIP Settings > Advanced LABEL DESCRIPTION Back Click this to return to the SIP Settings screen without saving your changes. Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. 11.
P-2602H(W)(L)-DxA Series User’s Guide The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. 11.10.3 VLAN Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks.
P-2602H(W)(L)-DxA Series User’s Guide Table 56 SIP > QoS LABEL DESCRIPTION Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. 11.11 Phone You can configure the volume, echo cancellation and VAD settings for each individual phone port on the ZyXEL Device. You can also select which SIP account to use for making outgoing calls. 11.
P-2602H(W)(L)-DxA Series User’s Guide 11.13 Analog Phone Screen Use this screen to control which SIP accounts and PSTN line each phone uses. To access this screen, click VoIP > Phone > Analog Phone. Figure 91 Phone > Analog Phone Each field is described in the following table. Table 57 Phone > Analog Phone LABEL DESCRIPTION Phone Port Settings Select the phone port you want to see in this screen. If you change this field, the screen automatically refreshes.
P-2602H(W)(L)-DxA Series User’s Guide Table 57 Phone > Analog Phone LABEL DESCRIPTION Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. Advanced Setup Click this to edit the advanced settings for this phone port. The Advanced Analog Phone Setup screen appears. 11.14 Advanced Analog Phone Setup Screen Use this screen to edit advanced settings for each phone port.
P-2602H(W)(L)-DxA Series User’s Guide Table 58 Phone > Analog Phone > Advanced LABEL DESCRIPTION Dialing Interval Select Dialing Interval Select Enter the number of seconds the ZyXEL Device should wait after you stop dialing numbers before it makes the phone call. The value depends on how quickly you dial phone numbers. If you select Active Immediate Dial in VoIP > Phone > Common, you can press the pound key (#) to tell the ZyXEL Device to make the phone call immediately, regardless of this setting.
P-2602H(W)(L)-DxA Series User’s Guide 11.15 Supplementary Phone Services Overview Supplementary services such as call hold, call waiting, call transfer, … are generally available from your VoIP service provider. The ZyXEL Device supports the following services: • Call Hold • Call Waiting • Making a Second Call • Call Transfer • Call Forwarding (see Section 11.19 on page 174) • Three-Way Conference • Internal Calls (see Section 12.
P-2602H(W)(L)-DxA Series User’s Guide Table 60 European Flash Key Commands COMMAND SUB-COMMAND DESCRIPTION Flash 2 1. Switch back and forth between two calls. 2. Put a current call on hold to answer an incoming call. 3. Separate the current three-way conference call into two individual calls (one is on-line, the other is on hold). Flash 3 Create three-way conference connection. Flash *98# Transfer the call to another phone. 11.15.2.
P-2602H(W)(L)-DxA Series User’s Guide 2 When you hear the dial tone, dial “*98#” followed by the number to which you want to transfer the call. to operate the Intercom. 3 After you hear the ring signal or the second party answers it, hang up the phone. 11.15.2.4 European Three-Way Conference Use the following steps to make three-way conference calls. 1 When you are on the phone talking to someone, press the flash key to put the caller on hold and get a dial tone.
P-2602H(W)(L)-DxA Series User’s Guide 11.15.3.2 USA Call Waiting This allows you to place a call on hold while you answer another incoming call on the same telephone (directory) number. If there is a second call to your telephone number, you will hear a call waiting tone. Press the flash key to put the first call on hold and answer the second call. 11.15.3.3 USA Call Transfer Do the following to transfer an incoming call (that you have answered) to another phone.
P-2602H(W)(L)-DxA Series User’s Guide Figure 94 VoIP > Phone > Region Each field is described in the following table. Table 62 VoIP > Phone > Region LABEL DESCRIPTION Region Settings Select the place in which the ZyXEL Device is located. Call Service Mode Select the mode for supplementary phone services (call hold, call waiting, call transfer and three-way conference calls) that your VoIP service provider supports.
P-2602H(W)(L)-DxA Series User’s Guide 11.18 Speed Dial Screen You have to create speed-dial entries if you want to make peer-to-peer calls or call SIP numbers that use letters. You can also create speed-dial entries for frequently-used SIP phone numbers. Use this screen to add, edit, or remove speed-dial numbers for outgoing calls. To access this screen, click VoIP > Phone Book > Speed Dial. Figure 95 Phone Book > Speed Dial Each field is described in the following table.
P-2602H(W)(L)-DxA Series User’s Guide Table 63 Phone Book > Speed Dial LABEL DESCRIPTION Speed Dial Phone Use this section to look at all the speed-dial entries and to erase them. Book Speed Dial This field displays the speed-dial number you should dial to use this entry. Number This field displays the SIP number the ZyXEL Device calls when you dial the speed-dial number. Name This field displays the name of the party you call when you dial the speed-dial number.
P-2602H(W)(L)-DxA Series User’s Guide Figure 96 Phone Book > Incoming Call Policy You can create two sets of call-forwarding rules. Each one is stored in a call-forwarding table. Each field is described in the following table. Table 64 Phone Book > Incoming Call Policy LABEL DESCRIPTION Table Number Select the call-forwarding table you want to see in this screen. If you change this field, the screen automatically refreshes.
P-2602H(W)(L)-DxA Series User’s Guide Table 64 Phone Book > Incoming Call Policy LABEL DESCRIPTION Advanced Setup The ZyXEL Device checks these rules before it checks the rules in the Forward to Number section. # This field is a sequential value, and it is not associated with a specific rule. The sequence is important, however. The ZyXEL Device checks each rule in order, and it only follows the first one that applies. Activate Select this to enable this rule. Clear this to disable this rule.
P-2602H(W)(L)-DxA Series User’s Guide Figure 97 PSTN Line > General Each field is described in the following table. Table 65 PSTN Line > General LABEL DESCRIPTION PSTN Line Pre-fix Number Enter 1 - 7 numbers you dial before you dial the phone number, if you want to make a regular phone call while one of your SIP accounts is registered. These numbers tell the ZyXEL Device that you want to make a regular phone call.
P-2602H(W)(L)-DxA Series User’s Guide 178 Chapter 11 Voice
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 12 Phone Usage This chapter describes how to use a phone connected to your ZyXEL Device for basic tasks. 12.1 Dialing a Telephone Number The PHONE LED turns green when your SIP account is registered. Dial a SIP number like “12345” on your phone’s keypad. Use speed dial entries (see Section 11.17 on page 172) for peer-to-peer calls or SIP numbers that use letters. Dial the speed dial entry on your telephone’s keypad.
P-2602H(W)(L)-DxA Series User’s Guide 12.5 Auto Firmware Upgrade During auto-provisioning, the ZyXEL Device checks to see if there is a newer firmware version. If newer firmware is available, the ZyXEL Device plays a recording when you pick up your phone’s handset. Press “*99#” to upgrade the ZyXEL Device’s firmware. Press “#99#” to not upgrade the ZyXEL Device’s firmware.
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 13 Firewalls This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 13.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
P-2602H(W)(L)-DxA Series User’s Guide 13.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data.
P-2602H(W)(L)-DxA Series User’s Guide • The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service. 13.3.1 Denial of Service Attacks Figure 98 Firewall Application 13.
P-2602H(W)(L)-DxA Series User’s Guide Table 66 Common IP Ports 21 FTP 53 DNS 23 Telnet 80 HTTP 25 SMTP 110 POP3 13.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data. 4 IP Spoofing. 5 "Ping of Death" and "Teardrop" attacks exploit bugs in the TCP/IP implementations of various computer and host systems.
P-2602H(W)(L)-DxA Series User’s Guide Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established. • SYN Attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response.
P-2602H(W)(L)-DxA Series User’s Guide Figure 101 Smurf Attack 13.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 67 ICMP Commands That Trigger Alerts 5 REDIRECT 13 TIMESTAMP_REQUEST 14 TIMESTAMP_REPLY 17 ADDRESS_MASK_REQUEST 18 ADDRESS_MASK_REPLY 13.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.
P-2602H(W)(L)-DxA Series User’s Guide 13.4.2.3 Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints. Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute the firewall gaining knowledge of the network topology inside the firewall. Often, many DoS attacks also employ a technique known as "IP Spoofing" as part of their attack.
P-2602H(W)(L)-DxA Series User’s Guide The previous figure shows the ZyXEL Device’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked. 13.5.1 Stateful Inspection Process In this example, the following sequence of events occurs when a TCP packet leaves the LAN network through the firewall's WAN interface.
P-2602H(W)(L)-DxA Series User’s Guide • Allow certain types of traffic from the Internet to specific hosts on the LAN. • Allow access to a Web server to everyone but competitors. • Restrict use of certain protocols, such as Telnet, to authorized users on the LAN. These custom rules work by evaluating the network traffic’s Source IP address, Destination IP address, IP protocol type, and comparing these to rules set by the administrator. Note: The ability to define firewall rules is a very powerful tool.
P-2602H(W)(L)-DxA Series User’s Guide A similar situation exists for ICMP, except that the ZyXEL Device is even more restrictive. Specifically, only outgoing echoes will allow incoming echo replies, outgoing address mask requests will allow incoming address mask replies, and outgoing timestamp requests will allow incoming timestamp replies. No other ICMP packets are allowed in through the firewall, simply because they are too dangerous and contain too little tracking information.
P-2602H(W)(L)-DxA Series User’s Guide • Encourage your company or organization to develop a comprehensive security plan. Good network administration takes into account what hackers can do and prepares against attacks. The best defense against hackers and crackers is information. Educate all employees about the importance of security and how to minimize risk.
P-2602H(W)(L)-DxA Series User’s Guide 13.7.1.1 When To Use Filtering • To block/allow LAN packets by their MAC addresses. • To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets. • To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the specific inside host/network "A" and outside host/network "B". If the filter blocks the traffic from A to B, it also blocks the traffic from B to A.
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 14 Firewall Configuration This chapter shows you how to enable and configure the ZyXEL Device firewall. 14.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator. CLI commands provide limited configuration options and are only recommended for advanced users. 14.
P-2602H(W)(L)-DxA Series User’s Guide Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: • Block certain types of traffic, such as IRC (Internet Relay Chat), from the LAN to the Internet.
P-2602H(W)(L)-DxA Series User’s Guide 4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules? 6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens.
P-2602H(W)(L)-DxA Series User’s Guide 14.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed nonrestricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN. WAN to LAN Rules The default rule for WAN to LAN traffic blocks all incoming connections (WAN to LAN).
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 70 Firewall: General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated. Bypass Triangle Route Select this check box to have the ZyXEL Device firewall permit the use of triangle route topology on the network.
P-2602H(W)(L)-DxA Series User’s Guide Figure 104 Firewall Rules The following table describes the labels in this screen. Table 71 Firewall Rules LABEL DESCRIPTION Firewall Rules Storage Space in Use This read-only bar shows how much of the ZyXEL Device's memory for recording firewall rules it is currently using. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
P-2602H(W)(L)-DxA Series User’s Guide Table 71 Firewall Rules (continued) LABEL DESCRIPTION Log This field shows you whether a log is created when packets match this rule (Yes) or not (No). Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule. A window displays asking you to confirm that you want to delete the firewall rule. Note that subsequent firewall rules move up by one when you take this action.
P-2602H(W)(L)-DxA Series User’s Guide Figure 105 Firewall: Edit Rule 200 Chapter 14 Firewall Configuration
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 72 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Packet Use the drop-down list box to select whether to discard (Drop), deny and send an ICMP destination-unreachable message to the sender of (Reject) or allow the passage of (Permit) packets that match this rule.
P-2602H(W)(L)-DxA Series User’s Guide 14.6.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. See Appendix F on page 371 for some examples. Click the Edit Customized Services link while editing a firewall rule to configure a custom service port. This displays the following screen. Refer to Section 13.1 on page 181 for more information.
P-2602H(W)(L)-DxA Series User’s Guide Figure 107 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 74 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
P-2602H(W)(L)-DxA Series User’s Guide Figure 108 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8. 4 Click Add to display the firewall rule configuration screen. 5 In the Edit Rule screen, click the Edit Customized Services link to open the Customized Service screen.
P-2602H(W)(L)-DxA Series User’s Guide Figure 110 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box.
P-2602H(W)(L)-DxA Series User’s Guide Figure 111 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
P-2602H(W)(L)-DxA Series User’s Guide Figure 112 Firewall Example: Rules: MyService 14.8 DoS Thresholds For DoS attacks, the ZyXEL Device uses thresholds to determine when to drop sessions that do not become fully established. These thresholds apply globally to all sessions. You can use the default threshold values, or you can change them to values more suitable to your security requirements. Refer to Section 14.8.3 on page 209 to configure thresholds. 14.8.
P-2602H(W)(L)-DxA Series User’s Guide You should make any changes to the threshold values before you continue configuring firewall rules. 14.8.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "halfopen" means that the session has not reached the established state-the TCP three-way handshake has not yet been completed (see Figure 99 on page 184).
P-2602H(W)(L)-DxA Series User’s Guide 14.8.3 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall, and Threshold to bring up the next screen. Figure 113 Firewall: Threshold The following table describes the labels in this screen.
P-2602H(W)(L)-DxA Series User’s Guide Table 75 Firewall: Threshold (continued) LABEL DESCRIPTION DEFAULT VALUES Maximum Incomplete Low This is the number of existing half-open 80 existing half-open sessions. sessions that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number.
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 15 Content Filtering This chapter covers how to configure content filtering. 15.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL. You can set a schedule for when the ZyXEL Device performs content filtering.
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 76 Content Filter: Keyword LABEL DESCRIPTION Active Keyword Blocking Select this check box to enable this feature. Block Websites that contain This box contains the list of all the keywords that you have configured the these keywords in the URL: ZyXEL Device to block. Delete Highlight a keyword in the box and click Delete to remove it.
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 77 Content Filter: Schedule LABEL DESCRIPTION Schedule Select Block Everyday to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active. Active Select the check box to have the content filtering to be active on the selected day.
P-2602H(W)(L)-DxA Series User’s Guide 214 Chapter 15 Content Filtering
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 16 Introduction to IPSec This chapter introduces the basics of IPSec VPNs. 16.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
P-2602H(W)(L)-DxA Series User’s Guide Figure 117 Encryption and Decryption 16.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 16.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission. 16.1.3.4 Data Origin Authentication The IPSec receiver can verify the source of IPSec packets. This service depends on the data integrity service. 16.1.
P-2602H(W)(L)-DxA Series User’s Guide Figure 118 IPSec Architecture 16.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
P-2602H(W)(L)-DxA Series User’s Guide Figure 119 Transport and Tunnel Mode IPSec Encapsulation 16.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
P-2602H(W)(L)-DxA Series User’s Guide NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted. A NAT device in between the IPSec endpoints will rewrite either the source or destination address with one of its own choosing.
P-2602H(W)(L)-DxA Series User’s Guide 220 Chapter 16 Introduction to IPSec
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 17 VPN Screens This chapter introduces the VPN screens. See Chapter 24 on page 295 for information on viewing logs and the appendix for IPSec log descriptions. 17.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections. 17.2 IPSec Algorithms The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an IPSec VPN.
P-2602H(W)(L)-DxA Series User’s Guide Table 80 AH and ESP ESP AH DES (default) MD5 (default) Data Encryption Standard (DES) is a widely MD5 (Message Digest 5) produces a 128-bit used method of data encryption using a digest to authenticate packet data. private (secret) key. DES applies a 56-bit key to each 64-bit block of data.
P-2602H(W)(L)-DxA Series User’s Guide 17.4 Secure Gateway Address Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router (secure gateway). If the remote secure gateway has a static WAN IP address, enter it in the Secure Gateway Address field. You may alternatively enter the remote secure gateway’s domain name (if it has one) in the Secure Gateway Address field.
P-2602H(W)(L)-DxA Series User’s Guide Figure 121 VPN Setup The following table describes the fields in this screen. Table 81 VPN Setup 224 LABEL DESCRIPTION No. This is the VPN policy index number. Click a number to edit VPN policies. Active This field displays whether the VPN policy is active or not. A Yes signifies that this VPN policy is active. No signifies that this VPN policy is not active. Name This field displays the identification name for this VPN policy.
P-2602H(W)(L)-DxA Series User’s Guide Table 81 VPN Setup LABEL DESCRIPTION Remote Address This is the IP address(es) of computer(s) on the remote network behind the remote IPSec router. This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In this case only the remote IPSec router can initiate the VPN. The same (static) IP address is displayed twice when the Remote Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Single.
P-2602H(W)(L)-DxA Series User’s Guide 17.7 VPN, NAT, and NAT Traversal NAT is incompatible with the AH protocol in both transport and tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet, but a NAT device between the IPSec endpoints rewrites the source or destination address.
P-2602H(W)(L)-DxA Series User’s Guide Y* - This is supported in the ZyXEL Device if you enable NAT traversal. 17.8 Remote DNS Server In cases where you want to use domain names to access Intranet servers on a remote network that has a DNS server, you must identify that DNS server.
P-2602H(W)(L)-DxA Series User’s Guide Regardless of the ID type and content configuration, the ZyXEL Device does not allow you to save multiple active rules with overlapping local and remote IP addresses. With main mode (seeSection 17.12.1 on page 235), the ID type and content are encrypted to provide identity protection. In this case the ZyXEL Device can only distinguish between up to 12 different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP addresses.
P-2602H(W)(L)-DxA Series User’s Guide 17.9.1 ID Type and Content Examples Two IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. The two ZyXEL Devices in this example can complete negotiation and establish a VPN tunnel. Table 85 Matching ID Type and Content Configuration Example ZYXEL DEVICE A ZYXEL DEVICE B Local ID type: E-mail Local ID type: IP Local ID content: tom@yourcompany.com Local ID content: 1.1.1.
P-2602H(W)(L)-DxA Series User’s Guide Figure 124 Edit VPN Policies The following table describes the fields in this screen. Table 87 Edit VPN Policies LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall. Keep Alive Select either Yes or No from the drop-down list box.
P-2602H(W)(L)-DxA Series User’s Guide Table 87 Edit VPN Policies LABEL DESCRIPTION NAT Traversal This function is available if the VPN protocol is ESP. Select this check box if you want to set up a VPN tunnel when there are NAT routers between the ZyXEL Device and remote IPSec router. The remote IPSec router must also enable NAT traversal, and the NAT routers have to forward UDP port 500 packets to the remote IPSec router behind the NAT router. Name Type up to 32 characters to identify this VPN policy.
P-2602H(W)(L)-DxA Series User’s Guide Table 87 Edit VPN Policies LABEL DESCRIPTION Remote Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0. In this case only the remote IPSec router can initiate the VPN. Two active SAs cannot have the local and remote IP address(es) both the same.
P-2602H(W)(L)-DxA Series User’s Guide Table 87 Edit VPN Policies LABEL DESCRIPTION Peer ID Type Select IP to identify the remote IPSec router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address. Content The configuration of the peer content depends on the peer ID type. For IP, type the IP address of the computer with which you will make the VPN connection. If you configure this field to 0.0.0.
P-2602H(W)(L)-DxA Series User’s Guide Table 87 Edit VPN Policies LABEL DESCRIPTION Encryption Select DES, 3DES, AES or NULL from the drop-down list box. Algorithm When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code. The DES encryption algorithm uses a 56-bit key.
P-2602H(W)(L)-DxA Series User’s Guide • • • • Choose an encryption algorithm. Choose an authentication algorithm. Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2). Set the IKE SA lifetime. This field allows you to determine how long an IKE SA should stay up before it times out. An IKE SA times out when the IKE SA lifetime period expires. If an IKE SA times out when an IPSec SA is already established, the IPSec SA stays connected.
P-2602H(W)(L)-DxA Series User’s Guide 17.12.2 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA setup to establish session keys. 768-bit (Group 1 - DH1) and 1024-bit (Group 2 – DH2) Diffie-Hellman groups are supported. Upon completion of the Diffie-Hellman exchange, the two peers have a shared secret, but the IKE SA is not authenticated.
P-2602H(W)(L)-DxA Series User’s Guide Figure 126 Advanced VPN Policies The following table describes the fields in this screen. Table 88 Advanced VPN Policies LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
P-2602H(W)(L)-DxA Series User’s Guide Table 88 Advanced VPN Policies LABEL DESCRIPTION Negotiation Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation.
P-2602H(W)(L)-DxA Series User’s Guide Table 88 Advanced VPN Policies LABEL DESCRIPTION Authentication Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and Algorithm SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for maximum security. SA Life Time Define the length of time before an IKE SA automatically renegotiates in this field.
P-2602H(W)(L)-DxA Series User’s Guide Figure 127 VPN: Manual Key The following table describes the fields in this screen. Table 89 VPN: Manual Key LABEL DESCRIPTION IPSec Setup 240 Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. IPSec Key Mode Select IKE or Manual from the drop-down list box.
P-2602H(W)(L)-DxA Series User’s Guide Table 89 VPN: Manual Key (continued) LABEL DESCRIPTION DNS Server (for IPSec VPN) If there is a private DNS server that services the VPN, type its IP address here. The ZyXEL Device assigns this additional DNS server to the ZyXEL Device 's DHCP clients that have IP addresses in this IPSec rule's range of local addresses. A DNS server allows clients on the VPN to find other computers and servers on the VPN by their (private) domain names.
P-2602H(W)(L)-DxA Series User’s Guide Table 89 VPN: Manual Key (continued) LABEL DESCRIPTION My IP Address Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The ZyXEL Device uses the current ZyXEL Device WAN IP address (static or dynamic) to set up the VPN tunnel.
P-2602H(W)(L)-DxA Series User’s Guide When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. SeeSection 17.6 on page 225on keep alive to have the ZyXEL Device renegotiate an IPSec SA when the SA lifetime expires, even if there is no traffic. Figure 128 VPN: SA Monitor The following table describes the fields in this screen.
P-2602H(W)(L)-DxA Series User’s Guide 17.17 Configuring Global Setting To change your ZyXEL Device’s global settings, click VPN and then Global Setting. The screen appears as shown. Figure 129 VPN: Global Setting The following table describes the fields in this screen. Table 91 VPN: Global Setting LABEL DESCRIPTION Windows Networking NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that (NetBIOS over TCP/IP) enable a computer to find other computers.
P-2602H(W)(L)-DxA Series User’s Guide Figure 130 Telecommuters Sharing One VPN Rule Example Table 92 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS My IP Address: 0.0.0.0 (dynamic IP address assigned Public static IP address by the ISP) Secure Gateway IP Address: Public static IP address 0.0.0.0 With this IP address only the telecommuter can initiate the IPSec tunnel. Local IP Address: Telecommuter A: 192.168.2.12 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 192.168.1.
P-2602H(W)(L)-DxA Series User’s Guide Figure 131 Telecommuters Using Unique VPN Rules Example Table 93 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules: All Headquarters Rules: My IP Address 0.0.0.0 My IP Address: bigcompanyhq.com Secure Gateway Address: bigcompanyhq.com Local IP Address: 192.168.1.10 Remote IP Address: 192.168.1.10 Local ID Type: E-mail Peer ID Type: E-mail Local ID Content: bob@bigcompanyhq.com Peer ID Content: bob@bigcompanyhq.
P-2602H(W)(L)-DxA Series User’s Guide 17.19 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote Management) to allow access for that service.
P-2602H(W)(L)-DxA Series User’s Guide 248 Chapter 17 VPN Screens
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 18 Static Route This chapter shows you how to configure static routes for your ZyXEL Device. 18.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
P-2602H(W)(L)-DxA Series User’s Guide Figure 133 Static Route The following table describes the labels in this screen. Table 94 Static Route LABEL DESCRIPTION # This is the number of an individual static route. Active This field shows whether this static route is active (Yes) or not (No). Name This is the name that describes or identifies this route. Destination This parameter specifies the IP network address of the final destination. Routing is always based on network number.
P-2602H(W)(L)-DxA Series User’s Guide Figure 134 Static Route Edit The following table describes the labels in this screen. Table 95 Static Route Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Destination IP Address This parameter specifies the IP network address of the final destination. Routing is always based on network number.
P-2602H(W)(L)-DxA Series User’s Guide 252 Chapter 18 Static Route
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 19 Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 19.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
P-2602H(W)(L)-DxA Series User’s Guide The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 135 Subnet-based Bandwidth Management Example 19.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application. The following example table shows bandwidth allocations for application specific traffic from separate LAN subnets.
P-2602H(W)(L)-DxA Series User’s Guide 19.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 19.
P-2602H(W)(L)-DxA Series User’s Guide 19.6.2 Maximize Bandwidth Usage Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each bandwidth class’s bandwidth budget. The classes are set up based on subnets. The interface is set to 10240 kbps. Each subnet is allocated 2048 kbps. The unbudgeted 2048 kbps allows traffic not defined in any of the bandwidth filters to go out when you do not select the maximize bandwidth option.
P-2602H(W)(L)-DxA Series User’s Guide • Research requires more bandwidth but only gets its budgeted 2048 kbps because all of the unbudgeted and unused bandwidth goes to the higher priority sales and marketing classes. 19.6.2.2 Fairness-based Allotment of Unused and Unbudgeted Bandwidth The following table shows the amount of bandwidth that each class gets.
P-2602H(W)(L)-DxA Series User’s Guide Enable bandwidth management on an interface and set the maximum allowed bandwidth for that interface. Figure 136 Bandwidth Management: Summary The following table describes the labels in this screen. Table 101 Media Bandwidth Management: Summary LABEL DESCRIPTION Interface These read-only labels represent the physical interfaces. Select an interface’s check box to enable bandwidth management on that interface.
P-2602H(W)(L)-DxA Series User’s Guide Table 101 Media Bandwidth Management: Summary (continued) LABEL DESCRIPTION Max Bandwidth Usage Select this check box to have the ZyXEL Device divide up all of the interface’s unallocated and/or unused bandwidth among the bandwidth classes that require bandwidth. Do not select this if you want to reserve bandwidth for traffic that does not match a bandwidth class or you want to limit the transmission speed of this interface (see the Speed field description).
P-2602H(W)(L)-DxA Series User’s Guide Table 102 Bandwidth Management: Rule Setup (continued) LABEL DESCRIPTION Bandwidth (kbps) Specify the maximum bandwidth allowed for the rule in kbps. The recommendation is a setting between 20 kbps and 20000 kbps for an individual rule. If you want to leave some bandwidth for traffic that does not match a bandwidth filter, make sure that the interface’s root class has more bandwidth than the sum of the bandwidths of the interface’s bandwidth management rules.
P-2602H(W)(L)-DxA Series User’s Guide See Appendix F on page 371 for a list of commonly-used services. The following table describes the labels in this screen. Table 103 Bandwidth Management Rule Configuration LABEL DESCRIPTION Rule Configuration Rule Name Use the auto-generated name or enter a descriptive name of up to 20 alphanumeric characters, including spaces. BW Budget Specify the maximum bandwidth allowed for the rule in kbps.
P-2602H(W)(L)-DxA Series User’s Guide Table 103 Bandwidth Management Rule Configuration (continued) LABEL DESCRIPTION Source Subnet Netmask Enter the destination subnet mask. This field is N/A if you do not specify a Source Address. Refer to the appendix for more information on IP subnetting. A blank source port means any source port number. Source Port Enter the port number of the source. See Appendix 31 on page 371 for some common services and port numbers.
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 20 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 20.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.
P-2602H(W)(L)-DxA Series User’s Guide Figure 140 Dynamic DNS The following table describes the fields in this screen. Table 104 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider.
P-2602H(W)(L)-DxA Series User’s Guide Table 104 Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS server auto detect IP Address Select this option only when there are one or more NAT routers between the ZyXEL Device and the DDNS server. This feature has the DDNS server automatically detect and use the IP address of the NAT router that has a public IP address.
P-2602H(W)(L)-DxA Series User’s Guide 266 Chapter 20 Dynamic DNS Setup
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 21 Remote Management Configuration This chapter provides information on configuring remote management. 21.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. Note: When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
P-2602H(W)(L)-DxA Series User’s Guide • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately. • There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. • There is a firewall rule that blocks it. 21.1.
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 105 Remote Management: WWW LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
P-2602H(W)(L)-DxA Series User’s Guide Figure 143 Remote Management: Telnet The following table describes the labels in this screen. Table 106 Remote Management: Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
P-2602H(W)(L)-DxA Series User’s Guide Figure 144 Remote Management: FTP The following table describes the labels in this screen. Table 107 Remote Management: FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
P-2602H(W)(L)-DxA Series User’s Guide Figure 145 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP. The manager is the console through which network administrators perform network management functions.
P-2602H(W)(L)-DxA Series User’s Guide 21.6.2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs: Table 108 SNMP Traps TRAP NAME DESCRIPTION 0 coldStart (defined in RFC-1215) A trap is sent after booting (power on). 1 warmStart (defined in RFC-1215) A trap is sent after booting (software reboot).
P-2602H(W)(L)-DxA Series User’s Guide Figure 146 Remote Management: SNMP The following table describes the labels in this screen. Table 109 Remote Management: SNMP LABEL DESCRIPTION SNMP Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
P-2602H(W)(L)-DxA Series User’s Guide 21.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to Chapter 8 on page 107 for background information. To change your ZyXEL Device’s DNS settings, click Advanced > Remote MGMT > DNS. The screen appears as shown. Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s DNS settings.
P-2602H(W)(L)-DxA Series User’s Guide If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed.
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 22 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 22.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
P-2602H(W)(L)-DxA Series User’s Guide 22.1.3 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. When a UPnP device joins a network, it announces its presence with a multicast message. For security reasons, the ZyXEL Device allows multicast messages on the LAN only.
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the fields in this screen. Table 112 Configuring UPnP LABEL DESCRIPTION Active the Universal Plug and Select this check box to activate UPnP. Be aware that anyone could use Play (UPnP) Feature a UPnP application to open the web configurator's login screen without entering the ZyXEL Device's IP address (although you must still enter the password to access the web configurator).
P-2602H(W)(L)-DxA Series User’s Guide Figure 150 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 151 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
P-2602H(W)(L)-DxA Series User’s Guide Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 152 Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details.
P-2602H(W)(L)-DxA Series User’s Guide Figure 154 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 22.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device.
P-2602H(W)(L)-DxA Series User’s Guide Figure 155 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
P-2602H(W)(L)-DxA Series User’s Guide 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 157 Internet Connection Properties: Advanced Settings Figure 158 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
P-2602H(W)(L)-DxA Series User’s Guide Figure 159 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 160 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator.
P-2602H(W)(L)-DxA Series User’s Guide Figure 161 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays.
P-2602H(W)(L)-DxA Series User’s Guide Figure 162 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device.
P-2602H(W)(L)-DxA Series User’s Guide 288 Chapter 22 Universal Plug-and-Play (UPnP)
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 23 System Use this screen to configure the ZyXEL Device’s time and date settings. 23.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name". • In Windows 95/98 click Start, Settings, Control Panel, Network.
P-2602H(W)(L)-DxA Series User’s Guide Figure 164 System General Setup The following table describes the labels in this screen. Table 113 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted.
P-2602H(W)(L)-DxA Series User’s Guide 23.2 Time Setting To change your ZyXEL Device’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 165 System Time Setting The following table describes the fields in this screen. Table 114 System Time Setting LABEL DESCRIPTION Current Time and Date Current Time This field displays the time of your ZyXEL Device.
P-2602H(W)(L)-DxA Series User’s Guide Table 114 System Time Setting (continued) LABEL DESCRIPTION New Time (hh:mm:ss) This field displays the last updated time from the time server or the last time configured manually. When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply. New Date (yyyy/mm/dd) This field displays the last updated date from the time server or the last date configured manually.
P-2602H(W)(L)-DxA Series User’s Guide Table 114 System Time Setting (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time.
P-2602H(W)(L)-DxA Series User’s Guide 294 Chapter 23 System
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 24 Logs This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for example log message explanations. 24.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server. 24.1.
P-2602H(W)(L)-DxA Series User’s Guide Figure 166 View Log The following table describes the fields in this screen. Table 115 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.
P-2602H(W)(L)-DxA Series User’s Guide Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many emails being sent. Figure 167 Log Settings The following table describes the fields in this screen.
P-2602H(W)(L)-DxA Series User’s Guide Table 116 Log Settings LABEL DESCRIPTION Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyXEL Device sends. Not all ZyXEL Device models have this field. Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail.
P-2602H(W)(L)-DxA Series User’s Guide 24.4 SMTP Error Messages If there are difficulties in sending e-mail the following error message appears. “SMTP action request failed. ret= ??". The “??"are described in the following table. Table 117 SMTP Error Messages -1 means ZyXEL Device out of socket -2 means tcp SYN fail -3 means smtp server OK fail -4 means HELO fail -5 means MAIL FROM fail -6 means RCPT TO fail -7 means DATA fail -8 means mail data send fail 24.4.
P-2602H(W)(L)-DxA Series User’s Guide Figure 168 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy |forward | 09:54:17 |UDP src port:00520 dest port:00520 |<1,00> | 3|Apr 7 00 |From:192.168.1.6 To:10.10.10.
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 25 Tools This chapter explains how to upload new firmware, manage configuration files and restart your ZyXEL Device. Note: Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR ZyXEL Device. 25.1 Introduction Use the instructions in this chapter to change the device’s configuration file or upgrade its firmware. After you configure your device, you can backup the configuration file to a computer.
P-2602H(W)(L)-DxA Series User’s Guide This is a sample FTP session saving the current configuration to the computer file “config.cfg”. If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the ZyXEL Device only recognizes “rom-0” and “ras”. Be sure you keep unaltered copies of both files for later use. The following table is a summary.
P-2602H(W)(L)-DxA Series User’s Guide Figure 169 Firmware Upgrade The following table describes the labels in this screen. Table 119 Firmware Upgrade LABEL DESCRIPTION Current Firmware This is the present Firmware version and the date created. Version File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.
P-2602H(W)(L)-DxA Series User’s Guide The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 171 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen. Figure 172 Error Message 25.
P-2602H(W)(L)-DxA Series User’s Guide Figure 173 Configuration 25.5.1 Backup Configuration Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
P-2602H(W)(L)-DxA Series User’s Guide After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. Figure 174 Configuration Upload Successful The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
P-2602H(W)(L)-DxA Series User’s Guide 25.5.3 Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears. Figure 177 Reset Warning Message Figure 178 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to Section 2.1.2 on page 51 for more information on the RESET button. 25.
P-2602H(W)(L)-DxA Series User’s Guide 25.7 Using FTP or TFTP to Back Up Configuration This section covers how to use FTP or TFTP to save your device’s configuration file to your computer. 25.7.1 Using the FTP Commands to Back Up Configuration 1 Launch the FTP client on your computer. 2 Enter “open”, followed by a space and the IP address of your ZyXEL Device. 3 Press [ENTER] when prompted for a username. 4 Enter your password as requested (the default is “1234”).
P-2602H(W)(L)-DxA Series User’s Guide 25.7.3 Configuration Backup Using GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 121 General Commands for GUI-based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server. Login Type Anonymous. This is when a user I.D. and password is automatically supplied to the server for anonymous access.
P-2602H(W)(L)-DxA Series User’s Guide 25.7.5 TFTP Command Configuration Backup Example The following is an example TFTP command: tftp [-i] host get rom-0 config.rom where “i” specifies binary image transfer mode (use this mode when transferring binary files), “host” is the ZyXEL Device IP address, “get” transfers the file source on the ZyXEL Device (rom-0, name of the configuration file on the ZyXEL Device) to the file destination on the computer and renames it config.rom. 25.7.
P-2602H(W)(L)-DxA Series User’s Guide Note: WARNING! Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR device. When the Restore Configuration process is complete, the device will automatically restart. 25.8.1 Restore Using FTP Session Example Figure 181 Restore Using FTP Session Example ftp> put config.rom rom-0 200 Port command okay 150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.
P-2602H(W)(L)-DxA Series User’s Guide 0 config.rom” transfers the configuration file on the device to your computer and renames it “config.rom.” See earlier in this chapter for more information on filename conventions. 7 Enter “quit” to exit the ftp prompt. 25.9.2 FTP Session Example of Firmware File Upload Figure 182 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.
P-2602H(W)(L)-DxA Series User’s Guide Note that the telnet connection must be active and the device in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For UNIX, use “get” to transfer from the device to the computer, “put” the other way around, and “binary” to set binary transfer mode. 25.9.4 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.
P-2602H(W)(L)-DxA Series User’s Guide 314 Chapter 25 Tools
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 26 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 26.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 183 Diagnostic: General The following table describes the fields in this screen. Table 123 Diagnostic: General LABEL DESCRIPTION TCP/IP Address Type the IP address of a computer that you want to ping in order to test a connection.
P-2602H(W)(L)-DxA Series User’s Guide Figure 184 Diagnostic: DSL Line The following table describes the fields in this screen. Table 124 Diagnostic: DSL Line LABEL 316 DESCRIPTION ATM Status Click this button to view your DSL connection’s Asynchronous Transfer Mode (ATM) statistics. ATM is a networking technology that provides high-speed data transfer. ATM uses fixed-size packets of information called cells. With ATM, a high QoS (Quality of Service) can be guaranteed.
P-2602H(W)(L)-DxA Series User’s Guide Table 124 Diagnostic: DSL Line (continued) LABEL DESCRIPTION DSL Line Status Click this button to view statistics about the DSL connections. noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the ZyXEL Device from the ISP). It is measured in decibels. The higher the number the more signal and less noise there is.
P-2602H(W)(L)-DxA Series User’s Guide 318 Chapter 26 Diagnostic
P-2602H(W)(L)-DxA Series User’s Guide CHAPTER 27 Troubleshooting This chapter covers potential problems and the corresponding remedies. 27.1 Problems Starting Up the ZyXEL Device Table 125 Troubleshooting Starting Up Your Device PROBLEM CORRECTIVE ACTION None of the lights turn on when I turn on the ZyXEL Device. Make sure that the ZyXEL Device’s power adaptor is connected to the ZyXEL Device and plugged in to an appropriate power source.
P-2602H(W)(L)-DxA Series User’s Guide 27.3 Problems with the WAN Table 127 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL light is off. Check the telephone wire and connections between the ZyXEL Device DSL port and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service. Reset your DSL line to reinitialize your link to the DSLAM. For details, refer to Section 26.2 on page 315. 320 I cannot get a WAN IP address from the ISP.
P-2602H(W)(L)-DxA Series User’s Guide 27.4 Problems Accessing the ZyXEL Device Table 128 Troubleshooting Accessing Your Device PROBLEM CORRECTIVE ACTION I cannot The username is “admin”. The default password is “1234”. The Password and access the Username fields are case-sensitive. Make sure that you enter the correct password ZyXEL Device. and username using the proper casing. If you have changed the password and have now forgotten it, you will need to upload the default configuration file.
P-2602H(W)(L)-DxA Series User’s Guide • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. 27.4.1.1 Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address. 27.4.1.1.
P-2602H(W)(L)-DxA Series User’s Guide Figure 186 Internet Options 3 Click Apply to save this setting. 27.4.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
P-2602H(W)(L)-DxA Series User’s Guide Figure 187 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites.
P-2602H(W)(L)-DxA Series User’s Guide Figure 188 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 27.4.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
P-2602H(W)(L)-DxA Series User’s Guide Figure 189 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
P-2602H(W)(L)-DxA Series User’s Guide Figure 190 Security Settings - Java Scripting 27.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
P-2602H(W)(L)-DxA Series User’s Guide Figure 191 Security Settings - Java 27.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for
P-2602H(W)(L)-DxA Series User’s Guide Figure 192 Java (Sun) 27.5 Telephone Problems Table 129 Troubleshooting Telephone PROBLEM CORRECTIVE ACTION The telephone port won’t work or the telephone lacks a dial tone. Check the telephone connections and telephone wire. Make sure you have the VoIP SIP Settings screen properly configured. I can access the Internet, but cannot make VoIP calls. Make sure you have the VoIP SIP Settings screen properly configured. One of the PHONE lights should come on.
P-2602H(W)(L)-DxA Series User’s Guide 27.6 Problems With Multiple SIP Accounts You can set up two SIP accounts on your ZyXEL Device and your ZyXEL Device is equipped with two phone ports. By default your ZyXEL Device uses SIP account 1 with both phone ports for outgoing calls, and it uses SIP accounts 1 and 2 for incoming calls. With this setting, you always use SIP account 1 for your outgoing calls and you cannot distinguish which SIP account the calls are coming in through.
P-2602H(W)(L)-DxA Series User’s Guide 27.6.2 Incoming Calls The following example shows the default behavior of your ZyXEL Device for incoming calls when two SIP accounts are configured and you are using two phones. When a call comes in from your SIP account 1, the phones connected to both phone port 1 and phone port 2 ring. Similarly, when a call comes in from your SIP account 2, the phones connected to both phone port 1 and phone port 2 ring.
P-2602H(W)(L)-DxA Series User’s Guide 332 Chapter 27 Troubleshooting
P-2602H(W)(L)-DxA Series User’s Guide APPENDIX A Product Specifications See also Chapter 1 on page 37 for a general overview of the key features. Specification Tables Table 130 Device Specifications Default IP Address 192.168.1.1 Default Subnet Mask 255.255.255.0 (24 bits) Default Password 1234 DHCP Server IP Pool 192.168.1.32 to 192.168.1.
P-2602H(W)(L)-DxA Series User’s Guide Table 131 Firmware Specifications 334 ADSL Standards Support ITU G.992.1 G.dmt (Annex B, U-R2) EOC specified in ITU-T G.992.1 ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL 2/2+ AnnexM ADSL2+ (G.992.
P-2602H(W)(L)-DxA Series User’s Guide Table 131 Firmware Specifications (continued) Wireless (“W” models only) IEEE 802.11g Compliance Frequency Range: 2.4 GHz ISM Band Advanced Orthogonal Frequency Division Multiplexing (OFDM) Data Rates: 54Mbps, 11Mbps, 5.5Mbps, 2Mbps, and 1 Mbps Auto Fallback Turn on-off WLAN by reset button (press 1s on reset button to turn on or turn off the WLAN; 5s for OTIST; 10s to reset back to factory default) WPA2 WMM IEEE 802.11i IEEE 802.
P-2602H(W)(L)-DxA Series User’s Guide Table 131 Firmware Specifications (continued) Voice Features SIP version 2 (Session Initiating Protocol RFC 3261) SDP (Session Description Protocol RFC 2327) RTP (RFC 1889) RTCP (RFC 1890) Voice codecs (coder/decoders) G.711, G.729 G.
P-2602H(W)(L)-DxA Series User’s Guide Table 132 P-2602HWL Series Power Adaptor Specifications (continued) Input Power AC 100~240Volts/50/60Hz/0.5A AC 100~240Volts/50/60Hz/0.6A Output Power DC 18Volts/1A DC 18Volts/1A Power Consumption 12 Watt max 12 Watt max Safety Standards TUV, CE(EN 60950 -1 ) TUV, CE(EN 60950-1) AC Power Adapter Model ADS18B-D 180100 MU18-2180100-B2 Input Power AC 100~240Volts/50/60Hz/0.5A AC 100~240Volts/50/60Hz/0.
P-2602H(W)(L)-DxA Series User’s Guide 338 Appendix A Product Specifications
P-2602H(W)(L)-DxA Series User’s Guide APPENDIX B Splitters and Microfilters This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals. This allows simultaneous Internet access and telephone service on the same line.
P-2602H(W)(L)-DxA Series User’s Guide 1 Connect a phone cable from the wall jack to the single jack end of the Y- Connector. 2 Connect a cable from the double jack end of the Y-Connector to the “wall side” of the microfilter. 3 Connect another cable from the double jack end of the Y-Connector to the ZyXEL Device. 4 Connect the “phone side” of the microfilter to your telephone as shown in the following figure.
P-2602H(W)(L)-DxA Series User’s Guide APPENDIX C Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer. Windows 3.1 requires the purchase of a third-party TCP/IP application package.
P-2602H(W)(L)-DxA Series User’s Guide Figure 200 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add. 2 Select Adapter and then click Add. 3 Select the manufacturer and model of your network adapter and then click OK. If you need TCP/IP: 1 In the Network window, click Add.
P-2602H(W)(L)-DxA Series User’s Guide 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK. 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab. • • If your IP address is dynamic, select Obtain an IP address automatically.
P-2602H(W)(L)-DxA Series User’s Guide Figure 202 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • If you do not know your gateway’s IP address, remove previously installed gateways. If you have a gateway IP address, type it in the New gateway field and click Add. 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted.
P-2602H(W)(L)-DxA Series User’s Guide Figure 203 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 204 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties.
P-2602H(W)(L)-DxA Series User’s Guide Figure 205 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 206 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • 346 If you have a dynamic IP address click Obtain an IP address automatically.
P-2602H(W)(L)-DxA Series User’s Guide • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. Figure 207 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK.
P-2602H(W)(L)-DxA Series User’s Guide 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them.
P-2602H(W)(L)-DxA Series User’s Guide Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 209 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list.
P-2602H(W)(L)-DxA Series User’s Guide Figure 210 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box. Type the IP address of your ZyXEL Device in the Router address box. 5 Close the TCP/IP Control Panel.
P-2602H(W)(L)-DxA Series User’s Guide 2 Click Network in the icon bar. • • • Select Automatic from the Location list. Select Built-in Ethernet from the Show list. Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 212 Macintosh OS X: Network 4 For statically assigned settings, do the following: • • • • From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box.
P-2602H(W)(L)-DxA Series User’s Guide 352 Appendix C Setting up Your Computer’s IP Address
P-2602H(W)(L)-DxA Series User’s Guide APPENDIX D IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. You use subnet masks to subdivide a network into smaller logical networks. Introduction to IP Addresses An IP address has two parts: the network number and the host ID. Routers use the network number to send packets to the correct network, while the host ID identifies a single device on the network.
P-2602H(W)(L)-DxA Series User’s Guide The following table shows the network number and host ID arrangement for classes A, B and C. Table 133 Classes of IP Addresses IP ADDRESS OCTET 1 OCTET 2 OCTET 3 OCTET 4 Class A Network number Host ID Host ID Host ID Class B Network number Network number Host ID Host ID Class C Network number Network number Network number Host ID An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 for example).
P-2602H(W)(L)-DxA Series User’s Guide Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID.
P-2602H(W)(L)-DxA Series User’s Guide Table 136 Alternative Subnet Mask Notation (continued) SUBNET MASK SUBNET MASK “1” BITS LAST OCTET BIT VALUE DECIMAL 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.252 /30 1111 1100 252 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used. Example: Two Subnets As an example, you have a class “C” address 192.168.1.
P-2602H(W)(L)-DxA Series User’s Guide Table 138 Subnet 1 (continued) IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 LAST OCTET BIT VALUE Table 139 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 128 IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask 255.255.255. 128 Subnet Mask (Binary) 11111111.11111111.11111111.
P-2602H(W)(L)-DxA Series User’s Guide Table 140 Subnet 1 (continued) LAST OCTET BIT VALUE IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62 Table 141 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.
P-2602H(W)(L)-DxA Series User’s Guide The following table shows class C IP address last octet values for each subnet. Table 144 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 The following table is a summary for class “C” subnet planning. Table 145 Class C Subnet Planning NO.
P-2602H(W)(L)-DxA Series User’s Guide The following table is a summary for class “B” subnet planning. Table 146 Class B Subnet Planning 360 NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.128.0 (/17) 2 32766 2 255.255.192.0 (/18) 4 16382 3 255.255.224.0 (/19) 8 8190 4 255.255.240.0 (/20) 16 4094 5 255.255.248.0 (/21) 32 2046 6 255.255.252.0 (/22) 64 1022 7 255.255.254.0 (/23) 128 510 8 255.255.255.0 (/24) 256 254 9 255.255.255.
P-2602H(W)(L)-DxA Series User’s Guide APPENDIX E Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C).
P-2602H(W)(L)-DxA Series User’s Guide Figure 214 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
P-2602H(W)(L)-DxA Series User’s Guide Figure 215 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
P-2602H(W)(L)-DxA Series User’s Guide Figure 216 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
P-2602H(W)(L)-DxA Series User’s Guide A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
P-2602H(W)(L)-DxA Series User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: • User based identification that allows for roaming.
P-2602H(W)(L)-DxA Series User’s Guide • Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another AccessRequest message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting.
P-2602H(W)(L)-DxA Series User’s Guide EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created. This makes user identity vulnerable to passive attacks.
P-2602H(W)(L)-DxA Series User’s Guide For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types.
P-2602H(W)(L)-DxA Series User’s Guide The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
P-2602H(W)(L)-DxA Series User’s Guide APPENDIX F Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.
P-2602H(W)(L)-DxA Series User’s Guide Table 150 Examples of Services (continued) NAME PROTOCOL PORT(S) HTTP TCP 80 Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce. User-Defined 1 Internet Control Message Protocol is often used for diagnostic purposes. UDP 4000 User-Defined 2 Internet Group Multicast Protocol is used when sending packets to a specific group of hosts.
P-2602H(W)(L)-DxA Series User’s Guide Table 150 Examples of Services (continued) NAME PROTOCOL PORT(S) RCMD TCP 512 Remote Command Service. REAL_AUDIO TCP 7070 A streaming audio service that enables real time sound over the web. REXEC TCP 514 Remote Execution Daemon. RLOGIN TCP 513 Remote Login. TCP/UDP 1026 This is an ISP that provides services mainly for cable modems. TCP 107 Remote Telnet.
P-2602H(W)(L)-DxA Series User’s Guide Table 150 Examples of Services (continued) 374 NAME PROTOCOL PORT(S) TFTP UDP 69 VDOLIVE TCP UDP 7000 userdefined DESCRIPTION Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). A videoconferencing solution. The UDP port number is specified in the application.
P-2602H(W)(L)-DxA Series User’s Guide APPENDIX G Firewall Commands Sys Firewall Commands The following describes the firewall commands. See the Command Interpreter appendix for information on the command structure. Each of these commands must be preceded by sys firewall when you use them. For example, type sys firewall active yes to turn on the firewall. Table 151 Sys Firewall Commands Command Description acl active disp Displays ACLs or a specific ACL set # and rule #.
P-2602H(W)(L)-DxA Series User’s Guide 376 Appendix G Firewall Commands
P-2602H(W)(L)-DxA Series User’s Guide APPENDIX H Triangle Route The Ideal Setup When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks. Figure 217 Ideal Setup The “Triangle Route” Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices.
P-2602H(W)(L)-DxA Series User’s Guide Figure 218 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface. Your ZyXEL Device supports up to three logical LAN interfaces with the ZyXEL Device being the gateway for each logical network.
P-2602H(W)(L)-DxA Series User’s Guide Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your ZyXEL Device to your LAN. Therefore your LAN is protected.
P-2602H(W)(L)-DxA Series User’s Guide 380 Appendix H Triangle Route
P-2602H(W)(L)-DxA Series User’s Guide APPENDIX I Log Descriptions This appendix provides descriptions of example log messages. Table 152 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information from the time server. Time calibration failed The router failed to get information from the time server. WAN interface gets IP: %s A WAN interface got a new IP address from the DHCP, PPPoE, PPTP or dial-up server.
P-2602H(W)(L)-DxA Series User’s Guide Table 152 System Maintenance Logs (continued) LOG MESSAGE DESCRIPTION Successful HTTPS login Someone has logged on to the router's web configurator interface using HTTPS protocol. HTTPS login failed Someone has failed to log on to the router's web configurator interface using HTTPS protocol. Table 153 System Error Logs LOG MESSAGE DESCRIPTION %s exceeds the max.
P-2602H(W)(L)-DxA Series User’s Guide Table 155 TCP Reset Logs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was under a SYN flood attack (the TCP incomplete count is per destination host.) Exceed TCP MAX incomplete, sent TCP RST The router sent a TCP reset packet when the number of TCP incomplete connections exceeded the user configured threshold. (the TCP incomplete count is per destination host.
P-2602H(W)(L)-DxA Series User’s Guide Table 157 ICMP Logs (continued) LOG MESSAGE DESCRIPTION Triangle route packet forwarded: ICMP The firewall allowed a triangle route session to pass through. Packet without a NAT table entry blocked: ICMP The router blocked a packet that didn’t have a corresponding NAT table entry. Unsupported/out-of-order ICMP: ICMP The firewall does not support this kind of ICMP packets or the ICMP packets are out of order.
P-2602H(W)(L)-DxA Series User’s Guide Table 160 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can pass through the firewall. Table 161 Content Filtering Logs LOG MESSAGE DESCRIPTION %s: block keyword The content of a requested web page matched a user defined keyword. %s The system forwarded web content. For type and code details, see Table 165 on page 387.
P-2602H(W)(L)-DxA Series User’s Guide Table 162 Attack Logs (continued) LOG MESSAGE DESCRIPTION ip spoofing - no routing entry ICMP (type:%d, code:%d) The firewall classified an ICMP packet with no source routing entry as an IP spoofing attack. vulnerability ICMP (type:%d, code:%d) The firewall detected an ICMP vulnerability attack. traceroute ICMP (type:%d, code:%d) The firewall detected an ICMP traceroute attack. Table 163 802.1X Logs LOG MESSAGE DESCRIPTION Local User Database accepts user.
P-2602H(W)(L)-DxA Series User’s Guide Table 163 802.1X Logs (continued) LOG MESSAGE DESCRIPTION No Server to authenticate user. There is no authentication server to authenticate a user. Local User Database does not find user`s credential. A user was not authenticated by the local user database because the user is not listed in the local user database. Table 164 ACL Setting Notes PACKET DIRECTION DIRECTION DESCRIPTION (L to W) LAN to WAN ACL set for packets traveling from the LAN to the WAN.
P-2602H(W)(L)-DxA Series User’s Guide Table 165 ICMP Notes (continued) TYPE CODE DESCRIPTION Time Exceeded 11 0 Time to live exceeded in transit 1 Fragment reassembly time exceeded Parameter Problem 12 0 Pointer indicates the error Timestamp 13 0 Timestamp request message Timestamp Reply 14 0 Timestamp reply message Information Request 15 0 Information request message Information Reply 16 0 Information reply message Table 166 Syslog Logs LOG MESSAGE DESCRIPTION Mon
P-2602H(W)(L)-DxA Series User’s Guide Table 168 RTP Logs LOG MESSAGE DESCRIPTION Error, RTP init fail The initialization of an RTP session failed. Error, Call fail: RTP connect fail A VoIP phone call failed because the RTP session could not be established. Error, RTP connection cannot close The termination of an RTP session failed.
P-2602H(W)(L)-DxA Series User’s Guide The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to RFC 2408 for detailed information on each type.
P-2602H(W)(L)-DxA Series User’s Guide Figure 222 Displaying Log Parameters Example ras> sys logs category access Usage: [0:none/1:log/2:alert/3:both] ras> 4 Use sys logs category followed by a log category and a parameter to decide what to record. Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Not every parameter is available with every category.
P-2602H(W)(L)-DxA Series User’s Guide Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. Figure 223 Log Command Example ras> sys ras> sys ras> sys ras> sys # .time logs logs logs logs load category access 3 save display access source destination notes message 7|01/01/2000 09:40:13 |192.168.1.1:3 |192.168.1.33:1 RWARD Router reply ICMP packet: ICMP(type:3, code:1) 8|01/01/2000 09:40:07 |192.168.1.1:3 |192.168.1.
P-2602H(W)(L)-DxA Series User’s Guide APPENDIX J Command Interpreter The following describes how to use the command interpreter. Telnet to the ZyXEL Device and enter the password to use the commands. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable. Command Syntax • • • • • The command keywords are in courier new font.
P-2602H(W)(L)-DxA Series User’s Guide 394 Appendix J Command Interpreter
P-2602H(W)(L)-DxA Series User’s Guide APPENDIX K Internal SPTGEN Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual screens for each ZyXEL Device.
P-2602H(W)(L)-DxA Series User’s Guide Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 224 on page 395), then you disable every field in this menu. If you enter a parameter that is invalid in the Input column, the ZyXEL Device will not save the configuration and the command line will display the Field Identification Number.
P-2602H(W)(L)-DxA Series User’s Guide Figure 227 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) Note: You can rename your “rom-t” file when you save it to your computer but it must be named “rom-t” when you upload it to your ZyXEL Device.
P-2602H(W)(L)-DxA Series User’s Guide This section covers ZyXEL Device Internal SPTGEN screens. Table 173 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING FIN Field Identification Number FN Field Name PVA Parameter Values Allowed INPUT An example of what you may enter * Applies to the ZyXEL Device. The following are the Internal SPTGEN menus.
P-2602H(W)(L)-DxA Series User’s Guide Table 175 Menu 3 30100014 = Output device filters Set 2 = 256 30100015 = Output device filters Set 3 = 256 30100016 = Output device filters Set 4 = 256 / Menu 3.2 TCP/IP and DHCP Ethernet Setup FIN FN PVA INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> = 0 30200002 = Client IP Pool Starting Address = 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server = 0.0.0.0 30200005 = Secondary DNS Server = 0.0.0.
P-2602H(W)(L)-DxA Series User’s Guide Table 175 Menu 3 30201006 = IP Alias #1 Incoming protocol filters Set 1 = 256 30201007 = IP Alias #1 Incoming protocol filters Set 2 = 256 30201008 = IP Alias #1 Incoming protocol filters Set 3 = 256 30201009 = IP Alias #1 Incoming protocol filters Set 4 = 256 30201010 = IP Alias #1 Outgoing protocol filters Set 1 = 256 30201011 = IP Alias #1 Outgoing protocol filters Set 2 = 256 30201012 = IP Alias #1 Outgoing protocol filters Set 3 = 256 30201013
P-2602H(W)(L)-DxA Series User’s Guide Table 175 Menu 3 30500002 = Hide ESSID <0(No) | 1(Yes)> = 0 30500003 = Channel ID <1|2|3|4|5|6|7 = 1 |8|9|10|11|12| 13> 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG.
P-2602H(W)(L)-DxA Series User’s Guide Table 176 Menu 4 Internet Access Setup (continued) 402 40000000 = Configured <0(No) | 1(Yes)> = 1 40000001 = ISP <0(No) | 1(Yes)> = 1 40000002 = Active <0(No) | 1(Yes)> = 1 40000003 = ISP's Name 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483)| 4(PPPoA )| 5(ENET ENCAP)> = 2 40000005 = Multiplexing <1(LLC-based) | 2(VC-based) = 1 40000006 = VPI # = 0 40000007 = VCI # = 35 40000008 = Service Name = any 40000009 = My Login =
P-2602H(W)(L)-DxA Series User’s Guide Table 176 Menu 4 Internet Access Setup (continued) 40000031= RIP Direction <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> = 0 40000032= RIP Version <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> = 0 40000033= Nailed-up Connection <0(No) |1(Yes)> = 0 Table 177 Menu 12 / Menu 12.1.
P-2602H(W)(L)-DxA Series User’s Guide Table 177 Menu 12 (continued) 120103005 = IP Static Route set #3, Gateway = 0.0.0.0 120103006 = IP Static Route set #3, Metric = 0 120103007 = IP Static Route set #3, Private <0(No) |1(Yes)> = 0 / Menu 12.1.4 IP Static Route Setup FIN FN PVA INPUT 120104001 = IP Static Route set #4, Name = 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)> = 0 120104003 = IP Static Route set #4, Destination IP address = 0.0.0.
P-2602H(W)(L)-DxA Series User’s Guide Table 177 Menu 12 (continued) 120107003 = IP Static Route set #7, Destination IP address = 0.0.0.0 120107004 = IP Static Route set #7, Destination IP subnetmask = 0 120107005 = IP Static Route set #7, Gateway = 0.0.0.0 120107006 = IP Static Route set #7, Metric = 0 120107007 = IP Static Route set #7, Private <0(No) |1(Yes)> = 0 / Menu 12.1.
P-2602H(W)(L)-DxA Series User’s Guide Table 177 Menu 12 (continued) 120111001 = IP Static Route set #11, Name = 120111002 = IP Static Route set #11, Active <0(No) |1(Yes)> = 0 120111003 = IP Static Route set #11, Destination IP address = 0.0.0.0 120111004 = IP Static Route set #11, Destination IP subnetmask = 0 120111005 = IP Static Route set #11, Gateway = 0.0.0.
P-2602H(W)(L)-DxA Series User’s Guide Table 177 Menu 12 (continued) */ Menu 12.1.15 IP Static Route Setup FIN FN PVA INPUT 120115001 = IP Static Route set #15, Name = 120115002 = IP Static Route set #15, Active <0(No) |1(Yes)> = 0 120115003 = IP Static Route set #15, Destination IP address = 0.0.0.0 120115004 = IP Static Route set #15, Destination IP subnetmask = 0 120115005 = IP Static Route set #15, Gateway = 0.0.0.
P-2602H(W)(L)-DxA Series User’s Guide Table 178 Menu 15 SUA Server Setup (continued) 150000011 = SUA Server #3 Local IP address 150000012 = SUA Server #4 Active <0(No) | 1(Yes)> = 0 150000013 = SUA Server #4 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000014 = SUA Server #4 Port Start = 0 150000015 = SUA Server #4 Port End = 0 150000016 = SUA Server #4 Local IP address = 0.0.0.
P-2602H(W)(L)-DxA Series User’s Guide Table 178 Menu 15 SUA Server Setup (continued) 150000045 = SUA Server #10 Port End = 0 150000046 = SUA Server #10 Local IP address = 0.0.0.0 150000047 = SUA Server #11 Active <0(No) | 1(Yes)> = 0 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000049 = SUA Server #11 Port Start = 0 150000050 = SUA Server #11 Port End = 0 150000051 = SUA Server #11 Local IP address = 0.0.0.
P-2602H(W)(L)-DxA Series User’s Guide Table 179 Menu 21.1 Filter Set #1 (continued) 210101013 = IP Filter Set 1,Rule 1 Act Match <1(check next)|2(forward)| 3(drop)> = 3 210101014 = IP Filter Set 1,Rule 1 Act Not Match <1(check next)|2(forward)| 3(drop)> = 1 / Menu 21.1.1.
P-2602H(W)(L)-DxA Series User’s Guide Table 179 Menu 21.1 Filter Set #1 (continued) 210103009 = IP Filter Set 1,Rule 3 Src Subnet Mask = 0 210103010 = IP Filter Set 1,Rule 3 Src Port = 0 210103011 = IP Filter Set 1,Rule 3 Src Port Comp <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0 210103013 = IP Filter Set 1,Rule 3 Act Match <1(check next)|2(forward)| 3(drop) = 3 210103014 = IP Filter Set 1,Rule 3 Act Not Match <1(check next)|2(forward)| 3(drop) = 1 / Menu 21.1.1.
P-2602H(W)(L)-DxA Series User’s Guide Table 179 Menu 21.1 Filter Set #1 (continued) 210105006 = IP Filter Set 1,Rule 5 Dest Port = 138 210105007 = IP Filter Set 1,Rule 5 Dest Port Comp 210105008 = IP Filter Set 1,Rule 5 Src IP Address = 0.0.0.
P-2602H(W)(L)-DxA Series User’s Guide Table 180 Menu 21.1 Filer Set #2, / Menu 21.1 filter set #2, FIN FN PVA INPUT 210200001 = Filter Set 2, Nam = NetBIOS_WAN INPUT / Menu 21.1.2.1 Filter set #2, rule #1 FIN FN PVA 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/IP)> = 2 210201002 = IP Filter Set 2, Rule 1 Active <0(No)|1(Yes)> 210201003 = IP Filter Set 2, Rule 1 Protocol = 6 210201004 = IP Filter Set 2, Rule 1 Dest IP address = 0.0.0.
P-2602H(W)(L)-DxA Series User’s Guide Table 180 Menu 21.1 Filer Set #2, (continued) 210202007 = IP Filter Set 2, Rule 2 Dest Port Comp <0(none)|1(equal)|2 = 1 (not equal)|3(less)|4(gr eater)> 210202008 = IP Filter Set 2, Rule 2 Src IP address = 0.0.0.
P-2602H(W)(L)-DxA Series User’s Guide Table 180 Menu 21.1 Filer Set #2, (continued) 210203014 = IP Filter Set 2,Rule 3 Act Not Match <1(check = 1 next)|2(forward)|3( drop)> / Menu 21.1.2.4 Filter set #2, rule #4 FIN FN PVA INPUT 210204001 = IP Filter Set 2, Rule 4 Type <0(none)|2(TCP/IP)> = 2 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes )> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP address = 0.0.0.
P-2602H(W)(L)-DxA Series User’s Guide Table 180 Menu 21.1 Filer Set #2, (continued) 210205007 = IP Filter Set 2, Rule 5 Dest Port Comp <0(none)|1(equal)|2 = 1 (not equal)|3(less)|4(gr eater)> 210205008 = IP Filter Set 2, Rule 5 Src IP address = 0.0.0.
P-2602H(W)(L)-DxA Series User’s Guide Table 180 Menu 21.1 Filer Set #2, (continued) 210206014 = IP Filter Set 2,Rule 6 Act Not Match <1(check = 2 next)|2(forward)|3( drop)> 241100005 = FTP Server Access <0(all)|1(none)|2(L = 0 an)|3(Wan)> 241100006 = FTP Server Secured IP address = 0.0.0.0 241100007 = WEB Server Port = 80 241100008 = WEB Server Access 241100009 = WEB Server Secured IP address <0(all)|1(none)|2(L = 0 an) |3(Wan)> = 0.0.0.0 Table 181 Menu 23 System Menus */ Menu 23.
P-2602H(W)(L)-DxA Series User’s Guide Table 181 Menu 23 System Menus (continued) 230400003 = Idle Timeout (in second) = 999 230400004 = Authentication Databases <0(Local User Database Only) |1(RADIUS Only) |2(Local,RADIUS) |3(RADIUS,Local)> = 1 230400005 = Key Management Protocol <0(8021x) |1(WPA) |2(WPAPSK)> = 0 230400006 = Dynamic WEP Key Exchange <0(Disable) |1(64bit WEP) |2(128-bit WEP)> = 0 230400007 = PSK = 230400008 = WPA Mixed Mode 230400009 = Data Privacy for Broadcast/ Multica
P-2602H(W)(L)-DxA Series User’s Guide Command Examples The following are example Internal SPTGEN screens associated with the ZyXEL Device’s command interpreter commands. Table 183 Command Examples FIN FN PVA INPUT /ci command (for annex a): wan adsl opencmd FIN FN PVA INPUT 990000001 = ADSL OPMD <0(glite)|1(t1.
P-2602H(W)(L)-DxA Series User’s Guide 420 Appendix K Internal SPTGEN
P-2602H(W)(L)-DxA Series User’s Guide Index A AAL5 334 AbS 156 ACK Message 152 Address Assignment 109 Address Resolution Protocol (ARP) 112 ADSL standards 38 ADSL2 334 AH 217 AH Protocol 221 ALG 41, 149 alternative subnet mask notation 355 Analysis-by-Synthesis 156 Antenna 333 Any IP 39, 111 How it works 112 note 112 Any IP Setup 114 AP (Access Point) 363 Application Layer Gateway 41, 149 Application-level Firewalls 182 Applications Internet access 44 Asynchronous Transfer Mode 316 ATM AAL5 334 ATM Adaptat
P-2602H(W)(L)-DxA Series User’s Guide CoS 162 CTS (Clear to Send) 364 Custom Ports Creating/Editing 202 Customized Services 202 Customized services 202 D Data Confidentiality 216 Data Integrity 216 Data Origin Authentication 216 DBPSK 42 Default 307 Default LAN IP Address 49 Denial of Service 182, 183, 208 Destination Address 195 DH 236 DHCP 41, 108, 109, 263, 289 DHCP Client 41 DHCP Relay 41 DHCP Server 41 diagnostic 315 Differential Binary Phase Shift Keyed Modulation 42 Differential Quadrature Phase Sh
P-2602H(W)(L)-DxA Series User’s Guide Custom Ports 202 Enabling 196 Firewall Vs Filters 191 Guidelines For Enhancing Security 190 Introduction 182 LAN to WAN Rules 196 Policies 193 Rule Checklist 194 Rule Logic 194 Rule Security Ramifications 194 Types 181 When To Use 192 Firmware 301 firmware 301 upload 302 upload error 304 Flash Key 168 Flashing 168 Fragmentation Threshold 364 Frame Relay 44 Frequency Range 335 FTP 146, 267, 270 File Upload 311 FTP Restrictions 267, 302 Full Rate 339 G G.
P-2602H(W)(L)-DxA Series User’s Guide IPSec 215 IPSec Algorithms 217, 221 IPSec and NAT 218 IPSec Architecture 216 IPSec Passthrough 335 IPSec Standard 39 IPSec VPN Capability 39 ISDN (Integrated Services Digital Network) 38 ITSP 44 ITU-T 164 ITU-T G.992.
P-2602H(W)(L)-DxA Series User’s Guide P Packet Filtering 191 Packet filtering When to use 192 Packet Filtering Firewalls 181 Pairwise Master Key (PMK) 369 PCM 156 Peak Cell Rate (PCR) 96, 102 Peer to Peer Calls 45 Peer-to-peer Calls 45 Perfect Forward Secrecy 236 Per-Hop Behavior 162 Permanent Virtual Circuits 334 PFS 236 PHB (Per-Hop Behavior) 163 Phone 164 Ping of Death 184 Point to Point Calls 45 Point to Point Protocol over ATM Adaptation Layer 5 (AAL5) 94 Point-to-point Calls 336 POP3 183, 184 Port Fo
P-2602H(W)(L)-DxA Series User’s Guide S SA 215 Safety Warnings 5 Saving the State 187 Scheduler 254 SDP 336 Seamless Rate Adaptation 334 Secure Gateway Address 223 Security Association 215 Security In General 190 Security Parameter Index 239 Security Parameters 370 Security Ramifications 194 Server 143, 144, 292 Service 195 Service Set 126 Service Type 203, 320 Services 146 Session Description Protocol 336 Session Initiating Protocol 336 Session Initiation Protocol 151 Silence Suppression 40, 164, 336 Sing
P-2602H(W)(L)-DxA Series User’s Guide TFTP and FTP over WAN 302 TFTP Restrictions 267, 302 Three-Way Conference 170, 171 Three-Way Handshake 184 Threshold Values 207 TLS 335 ToS 162 Traceroute 187 Traffic Redirect 103, 104 Traffic redirect 103, 106 Traffic shaping 96 Transparent Bridging 334 Transport Mode 218 Triangle 377 Triangle Route Solutions 378 TTLS 335 Tunnel Mode 218 Type Of Service 162 U UBR (Unspecified Bit Rate) 101 UDP/ICMP Security 189 Uniform Resource Identifier 151 Universal Plug and Play
