VMG1312-B10C Wireless N VDSL2 4-port Gateway with USB Version 1.00 Edition 1, 10/2014 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://192.168.1.1 Login www.zyxel.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate. Related Documentation • Quick Start Guide The Quick Start Guide shows how to connect the Device and get up and running right away.
Contents Overview Contents Overview User’s Guide .......................................................................................................................................15 Introducing the Device ............................................................................................................................17 The Web Configurator .............................................................................................................................23 Quick Start .............
Contents Overview Diagnostic .............................................................................................................................................265 Troubleshooting ....................................................................................................................................
Table of Contents Table of Contents Contents Overview ..............................................................................................................................3 Table of Contents .................................................................................................................................5 Part I: User’s Guide ......................................................................................... 15 Chapter 1 Introducing the Device ................................
Table of Contents 4.1 Overview ...........................................................................................................................................35 4.2 The Network Map Screen .................................................................................................................35 4.3 The Status Screen .............................................................................................................................36 Chapter 5 Broadband.........................
Table of Contents 6.10.4 Signal Problems ....................................................................................................................91 6.10.5 BSS .......................................................................................................................................91 6.10.6 MBSSID .................................................................................................................................91 6.10.7 Preamble Type ...................................
Table of Contents 9.4 The Queue Setup Screen ...............................................................................................................134 9.4.1 Adding a QoS Queue ...........................................................................................................136 9.5 The Class Setup Screen .................................................................................................................136 9.5.1 Add/Edit QoS Class ..............................................
Table of Contents 12.2 The Interface Group Screen ..........................................................................................................171 12.2.1 Interface Group Configuration .............................................................................................172 12.2.2 Interface Grouping Criteria .................................................................................................174 Chapter 13 USB Service .........................................................
Table of Contents Chapter 18 Certificates ........................................................................................................................................201 18.1 Overview .......................................................................................................................................201 18.1.1 What You Can Do in this Chapter ........................................................................................201 18.2 What You Need to Know ..................
Table of Contents Chapter 22 ARP Table ..........................................................................................................................................229 22.1 Overview .......................................................................................................................................229 22.1.1 How ARP Works ..................................................................................................................229 22.2 ARP Table Screen ................
Table of Contents 30.2 The TR-064 Screen .......................................................................................................................247 Chapter 31 Time Settings ....................................................................................................................................249 31.1 Overview .......................................................................................................................................249 31.2 The Time Screen ...........
Table of Contents 37.3 Internet Access .............................................................................................................................274 37.4 Wireless Internet Access ...............................................................................................................275 37.5 USB Device Connection ................................................................................................................276 37.6 UPnP .............................................
Table of Contents 14 VMG1312-B10C User’s Guide
P ART I User’s Guide 15
C HAPT ER 1 Introducing the Device 1.1 Overview The Device is a wireless VDSL router. It has a DSL port for super-fast Internet access over analog (POTS) telephone lines. The Device supports both Packet Transfer Mode (PTM) and Asynchronous Transfer Mode (ATM). It is backward compatible with ADSL, ADSL2 and ADSL2+ in case VDSL is not available. Only use firmware for your Device’s specific model. Refer to the label on the bottom of your Device.
Chapter 1 Introducing the Device 1.4 Applications for the Device Here are some example uses for which the Device is well suited. 1.4.1 Internet Access Your Device provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack. You can have multiple WAN services over one ADSL or VDSL. The Device cannot work in ADSL and VDSL mode at the same time. Note: The ADSL and VDSL lines share the same WAN (layer-2) interfaces that you configure in the Device.
Chapter 1 Introducing the Device 1.4.2 Device’s USB Support The USB port of the Device is used for file-sharing. File Sharing Use the built-in USB 2.0 port to share files on a USB memory stick or a USB hard drive (B). You can connect one USB hard drive to the Device at a time. Use FTP to access the files on the USB device. Figure 2 USB File Sharing Application B A Media Server You can also use the Device as a media server.
Chapter 1 Introducing the Device 1.5 LEDs (Lights) The following table describes the behavior of the LEDs. None of the LEDs are on if the Device is not receiving power. Table 1 LED Descriptions LED COLOR STATUS DESCRIPTION Green On The Device recognizes a USB connection. Blinking The Device is sending/receiving data to /from the USB device connected to it. Off The Device does not detect a USB connection.
Chapter 1 Introducing the Device 1 Make sure the POWER LED is on (not blinking). 2 To set the device back to the factory default settings, press the RESET button for ten seconds or until the POWER LED begins to blink and then release it. When the POWER LED begins to blink, the defaults have been restored and the device restarts. 1.7 Wireless Access The Device is a wireless Access Point (AP) for wireless clients, such as notebook computers or tablets.
Chapter 1 Introducing the Device 22 VMG1312-B10C User’s Guide
C HAPT ER 2 The Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later versions or Mozilla Firefox 3 and later versions or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: • Web browser pop-up windows from your device.
Chapter 2 The Web Configurator 4 The following screen displays if you have not yet changed your password. It is strongly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Skip to proceed to the main menu if you do not want to change the password now. Figure 6 Change Password Screen 5 The Quick Start Wizard screen appears. You can configure the Device’s time zone, basic Internet access, and wireless settings.
Chapter 2 The Web Configurator 2.2 Web Configurator Layout Figure 8 Screen Layout A B C As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar provides some icons in the upper right corner.
Chapter 2 The Web Configurator The icons provide the following functions. Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Quick Start Click this icon to open screens where you can configure the Device’s time zone Internet access, and wireless settings. Logout Click this icon to log out of the web configurator. 2.2.2 Main Window The main window displays information and configuration fields. It is discussed in the rest of this document.
Chapter 2 The Web Configurator If you click Virtual Device on the System Info screen, a visual graphic appears, showing the connection status of the Device’s ports. The connected ports are in color and disconnected ports are gray. Figure 9 Virtual Device 2.2.3 Navigation Panel Use the menu items on the navigation panel to open screens to configure Device features. The following tables describe each menu item.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK Broadband Wireless Home Networking Routing QoS 28 TAB FUNCTION Broadband Use this screen to view and configure ISP parameters, WAN IP address assignment, and other advanced properties. You can also add new WAN connections. 3G Backup Use this screen to configure 3G WAN connection. Advanced Use this screen to enable or disable PTM over ADSL, Annex M/Annex J, and DSL PhyR functions.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK NAT DNS TAB FUNCTION Port Forwarding Use this screen to make your local servers visible to the outside world. Applications Use this screen to configure servers behind the Device. Port Triggering Use this screen to change your Device’s port triggering settings. DMZ Use this screen to configure a default server which receives packets from ports that are not specified in the Port Forwarding screen.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK TAB FUNCTION IGMP Group Status Use this screen to view the status of all IGMP settings on the Device. xDSL Statistics Use this screen to view the Device’s xDSL traffic statistics. 3G Monitor Use this screen to look at 3G Internet connection status. Maintenance User Account Use this screen to change user password on the Device. Remote MGMT Use this screen to enable specific traffic directions for network services.
C HAPT ER 3 Quick Start 3.1 Overview Use the Quick Start screens to configure the Device’s time zone, basic Internet access, and wireless settings. Note: See the technical reference chapters (starting on page 33) for background information on the features in this chapter. 3.2 Quick Start Setup 1 The Quick Start Wizard appears automatically after login. Or you can click the Click Start icon in the top right corner of the web configurator to open the quick start screens.
Chapter 3 Quick Start 2 Enter your Internet connection information in this screen. The screen and fields to enter may vary depending on your current connection type. Click Next. Click Next. Figure 11 Internet Connection 3 Turn the wireless LAN on or off. If you keep it on, record the security settings so you can configure your wireless clients to connect to the Device. Click Save. Figure 12 Internet Connection 4 32 Your Device saves your settings and attempts to connect to the Internet.
P ART II Technical Reference 33
C HAPT ER 4 Network Map and Status Screens 4.1 Overview After you log into the Web Configurator, the Network Map screen appears. This shows the network connection status of the Device and clients connected to it. You can use the Status screen to look at the current status of the Device, system resources, and interfaces (LAN, WAN, and WLAN). 4.2 The Network Map Screen Use this screen to view the network connection status of the device and its clients.
Chapter 4 Network Map and Status Screens In Icon Mode, if you want to view information about a client, click the client’s name and Info. Click the IP address if you want to change it. If you want to change the name or icon of the client, click Change icon/name. In List Mode, you can also view the client’s information. 4.3 The Status Screen Use this screen to view the status of the Device. Click Status to open this screen.
Chapter 4 Network Map and Status Screens Each field is described in the following table. Table 4 Status Screen LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen. Device Information Host Name This field displays the Device system name. It is used for identification. Model Number This shows the model number of your Device. Firmware Version This is the current version of the firmware inside the Device.
Chapter 4 Network Map and Status Screens Table 4 Status Screen (continued) LABEL DESCRIPTION System Resource 38 CPU Usage This field displays what percentage of the Device’s processing ability is currently used. When this percentage is close to 100%, the Device is running at full load, and the throughput is not going to improve anymore. If you want some applications to have more throughput, you should turn off other applications (for example, using QoS; see Chapter 9 on page 131).
C HAPT ER 5 Broadband 5.1 Overview This chapter discusses the Device’s Broadband screens. Use these screens to configure your Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Chapter 5 Broadband • Use the Advanced screen to enable or disable PTM over ADSL, Annex M/Annex J, and DSL PhyR functions (Section 5.4 on page 55). • Use the 8021x screen to view and configure the IEEE 802.1X settings on the Device (Section 5.5 on page 56).
Chapter 5 Broadband ATM Asynchronous Transfer Mode (ATM) is a WAN networking technology that provides high-speed data transfer. ATM uses fixed-size packets of information called cells. With ATM, a high QoS (Quality of Service) can be guaranteed. ATM uses a connection-oriented model and establishes a virtual circuit (VC) between Finding Out More PTM Packet Transfer Mode (PTM) is packet-oriented and supported by the VDSL2 standard.
Chapter 5 Broadband compose the network address. The prefix length is written as “/x” where x is a number. For example, 2001:db8:1a2b:15::1a2f:0/32 means that the first 32 bits (2001:db8) is the subnet prefix. IPv6 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
Chapter 5 Broadband Table 6 Network Setting > Broadband (continued) LABEL DESCRIPTION IGMP Proxy This shows whether the Device act as an IGMP proxy on this connection. NAT This shows whether NAT is activated or not for this connection. Default Gateway This shows whether the Device use the WAN interface of this connection as the system default gateway. IPv6 This shows whether IPv6 is activated or not for this connection. IPv6 is not available when the connection uses the bridging service.
Chapter 5 Broadband 5.2.1 Add/Edit Internet Connection Click Add new WAN Interface in the Broadband screen or the Edit icon next to an existing WAN interface to configure a WAN connection. The screen varies depending on the interface type, mode, encapsulation, and IPv6/IPv4 mode you select. 5.2.1.1 Routing Mode Use Routing mode if your ISP give you one IP address only and you want multiple computers to share an Internet account.
Chapter 5 Broadband Table 7 Routing Mode (continued) LABEL DESCRIPTION Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. This option is available only when you select Routing in the Mode field. The choices depend on the connection type you selected. If your connection type is ADSL/ VDSL over PTM, the choices are PPPoE and IPoE. If your connection type is ADSL over ATM, the choices are PPPoE, PPPoA, IPoE and IPoA.
Chapter 5 Broadband Table 7 Routing Mode (continued) LABEL DESCRIPTION Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak rate. Type the MBS, which is less than 65535. This field is available only when you select Non Realtime VBR or Realtime VBR. PPP Information This is available only when you select PPPoE or PPPoA in the Mode field. PPP User Name Enter the user name exactly as your ISP assigned.
Chapter 5 Broadband Table 7 Routing Mode (continued) LABEL DESCRIPTION DNS Select Dynamic if you want the Device use the DNS server addresses assigned by your ISP. Select Static if you want the Device use the DNS server addresses you configure manually. DNS Server 1 Enter the first DNS server address assigned by the ISP. DNS Server 2 Enter the second DNS server address assigned by the ISP. WAN MAC Address Factory Default Select Factory Default to use the factory assigned default MAC address.
Chapter 5 Broadband Table 7 Routing Mode (continued) LABEL DESCRIPTION VLAN These fields appear when the Type is set to ADSL/VDSL over PTM. Active Select this option to add the VLAN tag (specified below) to the outgoing traffic through this connection. 802.1p IEEE 802.1p defines up to 8 separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service. Select the IEEE 802.1p priority level (from 0 to 7) to add to traffic through this connection.
Chapter 5 Broadband The following table describes the fields in this screen. Table 8 Bridge Mode (ADSL/VDSL over PTM) LABEL DESCRIPTION General Active Select this to activate the WAN configuration settings. Name Enter a service name of the connection. Type Select ADSL/VDSL over PTM as the interface that you want to configure. The Device uses the VDSL technology for data transmission over the DSL port.
Chapter 5 Broadband The following table describes the fields in this screen. Table 9 Bridge Mode (ADSL over ATM) LABEL DESCRIPTION General Active Select this to activate the WAN configuration settings. Name Enter a service name of the connection. Type Select ADSL over ATM as the interface for which you want to configure here. The Device uses the ADSL technology for data transmission over the DSL port.
Chapter 5 Broadband Table 9 Bridge Mode (ADSL over ATM) (continued) LABEL DESCRIPTION Sustainable Cell Rate The Sustainable Cell Rate (SCR) sets the average cell rate (long-term) that can be transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec. This field is available only when you select Non Realtime VBR or Realtime VBR. Maximum Burst Size Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak rate.
Chapter 5 Broadband Note: The actual data rate you obtain varies depending the 3G card you use, the signal strength to the service provider’s base station, and so on. Figure 22 Network Setting > Broadband > 3G Backup The following table describes the labels in this screen. Table 10 Network Setting > Broadband > 3G Backup LABEL DESCRIPTION General 3G Backup Select Enable to have the Device use the 3G connection as your WAN or a backup when the wired WAN connection fails.
Chapter 5 Broadband Table 10 Network Setting > Broadband > 3G Backup (continued) LABEL DESCRIPTION Username Type the user name (of up to 64 ASCII printable characters) given to you by your service provider. Password Type the password (of up to 64 ASCII printable characters) associated with the user name above. PIN A PIN (Personal Identification Number) code is a key to a 3G card. Without the PIN code, you cannot use the 3G card.
Chapter 5 Broadband Table 10 Network Setting > Broadband > 3G Backup (continued) LABEL DESCRIPTION Data Budget (Mbytes) Select this and specify how much downstream and/or upstream data (in Mega bytes) can be transmitted via the 3G connection within one month. Select Download/Upload to set a limit on the total traffic in both directions. Select Download to set a limit on the downstream traffic (from the ISP to the Device). Select Upload to set a limit on the upstream traffic (from the Device to the ISP).
Chapter 5 Broadband Table 10 Network Setting > Broadband > 3G Backup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the Device. Cancel Click Cancel to return to the previous configuration. 5.4 The Advanced Screen Use the Advanced screen to enable or disable PTM over ADSL, Annex M, and DSL PhyR functions. The Device supports the PhyR retransmission scheme. PhyR is a retransmission scheme designed to provide protection against noise on the DSL line.
Chapter 5 Broadband 5.5 The 8021x Screen You can view and configure the 802.1X authentication settings in the 8021x screen. Click Network Setting > Broadband > 8021x to display the following screen. Figure 24 Network Setting > Broadband > 8021x The following table describes the labels in this screen. Table 12 Network Setting > Network Setting > 8021x 56 LABEL DESCRIPTION # This is the index number of the entry. Status This field displays whether the authentication is active or not.
Chapter 5 Broadband 5.5.1 Edit 802.1X Settings Use this screen to edit 802.1X authentication settings. Click the Edit icon next to the rule you want to edit. The screen shown next appears. Figure 25 802.1x: Add/Edit The following table describes the labels in this screen. Table 13 802.1x: Add/Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate the authentication. Select this to enable the authentication.
Chapter 5 Broadband Figure 26 Network Setting > Broadband > Ethernet WAN The following table describes the fields in this screen. Table 14 Network Setting > Broadband > Ethernet WAN LABEL DESCRIPTION State Select Enable to use the Ethernet LAN port as a WAN port on the Device. Apply Click Apply to save your changes back to the Device. Cancel Click Cancel to exit this screen without saving. 5.
Chapter 5 Broadband PPP over Ethernet (PPPoE) Point-to-Point Protocol over Ethernet (PPPoE) provides access control and billing functionality in a manner similar to dial-up services using PPP. PPPoE is an IETF standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection. For the service provider, PPPoE offers an access and authentication method that works with existing access control systems (for example RADIUS).
Chapter 5 Broadband Peak Cell Rate (PCR) is the maximum rate at which the sender can send cells. This parameter may be lower (but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec. This rate is not guaranteed because it is dependent on the line speed. Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source.
Chapter 5 Broadband specified) but is only available when data is being sent. An example of an VBR-RT connection would be video conferencing. Video conferencing requires real-time data transfers and the bandwidth requirement varies in proportion to the video image's changing dynamics. The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs.
Chapter 5 Broadband number of 4,096 VLANs. Note that user priority and VLAN ID are independent of each other. A frame with VID (VLAN Identifier) of null (0) is called a priority frame, meaning that only the priority level is significant and the default VID of the ingress port is given as the VID of the frame. Of the 4096 possible VIDs, a VID of 0 is used to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible VLAN configurations are 4,094.
Chapter 5 Broadband • Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be written as 2001:db8:1a2b:15:0:0:1a2f:0. • Any number of consecutive blocks of zeros can be replaced by a double colon. A double colon can only appear once in an IPv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be written as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015, 2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
Chapter 5 Broadband 64 VMG1312-B10C User’s Guide
C HAPT ER 6 Wireless 6.1 Overview This chapter describes the Device’s Network Setting > Wireless screens. Use these screens to set up your Device’s wireless connection. 6.1.1 What You Can Do in this Chapter This section describes the Device’s Wireless screens. Use these screens to set up your Device’s wireless connection. • Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode (Section 6.2 on page 66).
Chapter 6 Wireless 6.1.2 What You Need to Know Wireless Basics “Wireless” is essentially radio communication. In the same way that walkie-talkie radios send and receive information over the airwaves, wireless networking devices exchange information with one another. A wireless networking device is just like a radio that lets your computer exchange information with radios attached to other computers.
Chapter 6 Wireless Click Network Setting > Wireless to open the General screen.
Chapter 6 Wireless The following table describes the general wireless LAN labels in this screen. Table 15 Network Setting > Wireless > General LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in this field. Band This shows the wireless band which this radio profile is using. 2.4GHz is the frequency used by IEEE 802.11b/g/n wireless clients. Channel Set the channel depending on your particular region.
Chapter 6 Wireless Table 15 Network Setting > Wireless > General (continued) LABEL DESCRIPTION Enhanced Multicast Forwarding Select this check box to allow the Device to convert wireless multicast traffic into wireless unicast traffic. Maximum Upstream Bandwidth Specify the maximum rate for upstream wireless traffic to the WAN from this WLAN in kilobits per second (Kbps).
Chapter 6 Wireless 6.2.2 Basic (WEP Encryption) WEP encryption scrambles the data transmitted between the wireless stations and the access points (AP) to keep network communications private. Both the wireless stations and the access points must use the same WEP key. Note: WEP is extremely insecure. Its encryption can be broken by an attacker, using widely-available software. It is strongly recommended that you use a more effective security mechanism.
Chapter 6 Wireless Table 17 Wireless > General: Basic (WEP) (continued) LABEL DESCRIPTION Password 1~4 The password (WEP keys) are used to encrypt data. Both the Device and the wireless stations must use the same password (WEP key) for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F"). If you chose 128-bit WEP, then enter 13 ASCII characters or 26 hexadecimal characters ("0-9", "A-F").
Chapter 6 Wireless The following table describes the labels in this screen. Table 18 Wireless > General: Basic (802.1X) LABEL DESCRIPTION Security Level Select Basic and 802.1X to enable 802.1X data encryption. Generate password automatically Select this option to have the Device automatically generate a password. The password field will not be configurable when you select this option. Password 1~4 The password (WEP key) is used to encrypt data.
Chapter 6 Wireless 6.2.4 More Secure (WPA(2)-PSK) The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the Device and the connecting client share a common password in order to validate the connection. This type of encryption, while robust, is not as strong as WPA, WPA2 or even WPA2-PSK. The WPA2-PSK security mode is a newer, more robust version of the WPA encryption standard.
Chapter 6 Wireless Table 19 Wireless > General: More Secure: WPA(2)-PSK (continued) LABEL DESCRIPTION Encryption Select the encryption type (TKIP, AES or TKIP+AES) for data encryption. Select TKIP if your wireless clients can all use TKIP. Select AES if your wireless clients can all use AES. Select TKIP+AES to allow the wireless clients to use either TKIP or AES. Group Key Update Timer The Group Key Update Timer is the rate at which the RADIUS server sends a new group key out to all clients. 6.2.
Chapter 6 Wireless The following table describes the labels in this screen. Table 20 Wireless > General: More Secure: WPA(2) LABEL DESCRIPTION Security Level Select More Secure to enable WPA(2)-PSK data encryption. Security Mode Choose WPA or WPA2 from the drop-down list box. Authentication Server IP Address Enter the IP address of the external authentication server in dotted decimal notation. Port Number Enter the port number of the external authentication server. The default port number is 1812.
Chapter 6 Wireless Click Network Setting > Wireless > More AP. The following screen displays. Figure 34 Network Setting > Wireless > More AP The following table describes the labels in this screen. Table 21 Network Setting > Wireless > More AP LABEL DESCRIPTION # This is the index number of the entry. Status This field indicates whether this SSID is active. A yellow bulb signifies that this SSID is active. A gray bulb signifies that this SSID is not active.
Chapter 6 Wireless 6.3.1 Edit More AP Use this screen to edit an SSID profile. Click the Edit icon next to an SSID in the More AP screen. The following screen displays. Figure 35 More AP: Edit The following table describes the fields in this screen. Table 22 More AP: Edit LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in this field. Passphrase Type Passphrase type cannot be changed. The default is None.
Chapter 6 Wireless Table 22 More AP: Edit (continued) LABEL DESCRIPTION Wireless Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated. Wireless devices associating to the access point (AP) must have the same SSID. Max clients Specify the maximum number of clients that can connect to this network at the same time.
Chapter 6 Wireless Use this screen to view your Device’s MAC filter settings and add new MAC filter rules. Click Network Setting > Wireless > MAC Authentication. The screen appears as shown. Figure 36 Wireless > MAC Authentication The following table describes the labels in this screen. Table 23 Wireless > MAC Authentication LABEL DESCRIPTION SSID Select the SSID for which you want to configure MAC filter settings.
Chapter 6 Wireless Note: The Device applies the security settings of the SSID1 profile (see Section 6.2 on page 66). If you want to use the WPS feature, make sure you have set the security mode of SSID1 to WPA2-PSK or No Security. Click Network Setting > Wireless > WPS. The following screen displays. Select Enable and click Apply to activate the WPS function. Then you can configure the WPS settings in this screen.
Chapter 6 Wireless Table 24 Network Setting > Wireless > WPS (continued) LABEL DESCRIPTION Method 3 Use this section to set up a WPS wireless network by entering the PIN of the Device into the client. Release Configuration The default WPS status is configured. Generate New PIN Number The PIN (Personal Identification Number) of the Device is shown here. Enter this PIN in the configuration utility of the device you want to connect to using WPS.
Chapter 6 Wireless 6.7 The WDS Screen An AP using the Wireless Distribution System (WDS) can function as a wireless network bridge allowing you to wirelessly connect two wired network segments. The WDS screen allows you to configure the Device to connect to two or more APs wirelessly when WDS is enabled. Use this screen to set up your WDS (Wireless Distribution System) links between the Device and other wireless APs. You need to know the MAC address of the peer device.
Chapter 6 Wireless Table 26 Network Setting > Wireless > WDS (continued) LABEL DESCRIPTION Remote Bridge MAC Address You can enter the MAC address of the peer device by clicking the Edit icon under Modify. # This is the index number of the entry. MAC Address This shows the MAC address of the peer device. You can connect to up to 4 peer devices.
Chapter 6 Wireless 6.8 The Others Screen Use this screen to configure advanced wireless settings. Click Network Setting > Wireless > Others. The screen appears as shown. See Section 6.10.2 on page 88 for detailed definitions of the terms listed in this screen. Figure 41 Network Setting > Wireless > Others The following table describes the labels in this screen.
Chapter 6 Wireless Table 28 Network Setting > Wireless > Others (continued) LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the Device. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the Device. Select 802.11n Only to allow only IEEE 802.11n compliant WLAN devices to associate with the Device. Select 802.11b/g Mixed to allow either IEEE 802.11b or IEEE 802.
Chapter 6 Wireless 6.9 The Channel Status Screen Use the Channel Status screen to scan wireless LAN channel noises and view the results. Click Network Setting > Wireless > Channel Status. The screen appears as shown. Click Scan to scan the wireless LAN channels. You can view the results in the Channel Scan Result section. Figure 42 Network Setting > Wireless > Channel Status 6.10 Technical Reference This section discusses wireless LANs in depth. 6.10.
Chapter 6 Wireless Traditionally, a wireless network operates in one of two ways. • An “infrastructure” type of network has one or more access points and one or more wireless clients. The wireless clients connect to the access points. • An “ad-hoc” type of network is one in which there is no access point. Wireless clients connect to one another in order to exchange information. The following figure provides an example of a wireless network.
Chapter 6 Wireless Radio Channels In the radio spectrum, there are certain frequency bands allocated for unlicensed, civilian use. For the purposes of wireless networking, these bands are divided into numerous channels. This allows a variety of networks to exist in the same place without interfering with one another. When you create a network, you must select a channel to use. Since the available unlicensed spectrum varies from one country to another, the number of available channels also varies. 6.10.
Chapter 6 Wireless user does not use them properly. For example, the WPA-PSK security standard is very secure if you use a long key which is difficult for an attacker’s software to guess - for example, a twenty-letter long string of apparently random numbers and letters - but it is not very secure if you use a short key which is very easy to guess - for example, a three-letter word from the dictionary.
Chapter 6 Wireless For wireless networks, you can store the user names and passwords for each user in a RADIUS server. This is a server used in businesses more than in homes. If you do not have a RADIUS server, you cannot set up user names and passwords for your users. Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network.
Chapter 6 Wireless 6.10.4 Signal Problems Because wireless networks are radio networks, their signals are subject to limitations of distance, interference and absorption. Problems with distance occur when the two radios are too far apart. Problems with interference occur when other radio waves interrupt the data signal.
Chapter 6 Wireless MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously. You can then assign varying QoS priorities and/or security modes to different SSIDs. Wireless devices can use different BSSIDs to associate with the same AP. 6.10.6.1 Notes on Multiple BSSs • A maximum of eight BSSs are allowed on one AP simultaneously. • You must use different keys for different BSSs.
Chapter 6 Wireless establish a WDS link with access point AP 2, which has a wired Internet connection. When AP 1 has a WDS link with AP 2, the notebook computer can access the Internet through AP 2. Figure 45 WDS Link Example WDS A AP 1 AP 2 6.10.9 WiFi Protected Setup (WPS) Your Device supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance.
Chapter 6 Wireless 6.10.9.2 PIN Configuration Each WPS-enabled device has its own PIN (Personal Identification Number). This may either be static (it cannot be changed) or dynamic (in some devices you can generate a new PIN by clicking on a button in the configuration interface).
Chapter 6 Wireless The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method. Figure 46 Example WPS Process: PIN Method ENROLLEE REGISTRAR WPS This device’s WPS PIN: 123456 WPS Enter WPS PIN from other device: WPS START WPS START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION 6.10.9.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role.
Chapter 6 Wireless The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. Figure 47 How WPS works ACTIVATE WPS ACTIVATE WPS WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The next time you use WPS, a different device can be the registrar if necessary.
Chapter 6 Wireless is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information. Figure 48 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO AP1 CLIENT 1 In step 2, you add another wireless client to the network.
Chapter 6 Wireless In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. Figure 50 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 IS EX O GC TIN ION CT E NN AP1 REGISTRAR CLIENT 2 SE CU RIT Y ENROLLEE INF O AP2 6.10.9.
Chapter 6 Wireless • When you use the PBC method, there is a short period (from the moment you press the button on one device to the moment you press the button on the other device) when any WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct” enrollee, and cannot differentiate between your enrollee and a rogue device. This is a possible way for a hacker to gain access to a network. You can easily check to see if this has happened.
Chapter 6 Wireless 100 VMG1312-B10C User’s Guide
C HAPT ER 7 Home Networking 7.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses. LAN DSL 7.1.1 What You Can Do in this Chapter • Use the LAN Setup screen to set the LAN IP address, subnet mask, and DHCP settings of your Device (Section 7.2 on page 103).
Chapter 7 Home Networking 7.1.2 What You Need To Know 7.1.2.1 About LAN IP Address IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet Mask Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Chapter 7 Home Networking • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the Chapter 10 on page 149 for more information on NAT. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments.
Chapter 7 Home Networking 3 Click Apply to save your settings. Figure 51 Network Setting > Home Networking > LAN Setup The following table describes the fields in this screen. Table 31 Network Setting > Home Networking > LAN Setup LABEL DESCRIPTION Interface Group Group Name Select the interface group name for which you want to configure LAN settings. See Chapter 12 on page 171 for how to create a new interface group.
Chapter 7 Home Networking Table 31 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION IGMP Mode Select Standard Mode to have the Device forward multicast packets to a port that joins the multicast group and broadcast unknown multicast packets from the WAN to all LAN ports. Select Blocking Mode to have the Device block all unknown multicast packets from the WAN. DHCP Server State DHCP Select Enable to have the Device act as a DHCP server or DHCP relay agent.
Chapter 7 Home Networking Table 31 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION IPv6 Address If you select static IPv6 address, enter the IPv6 address prefix that the Device uses for the LAN IPv6 address. Prefix Length If you select static IPv6 address, enter the IPv6 prefix length that the Device uses to generate the LAN IPv6 address. An IPv6 prefix length specifies how many most significant bits (starting from the left) in the address compose the network address.
Chapter 7 Home Networking 7.3 The Static DHCP Screen This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Use this screen to change your Device’s static DHCP settings.
Chapter 7 Home Networking The following table describes the labels in this screen. Table 33 Static DHCP: Add/Edit LABEL DESCRIPTION Active Select this to activate the connection between the client and the Device. Group Name Select the interface group name for which you want to configure static DHCP settings. See Chapter 12 on page 171 for how to create a new interface group.
Chapter 7 Home Networking The following table describes the labels in this screen. Table 34 Network Setting > Home Networking > UPnP LABEL DESCRIPTION UPnP Select Enable to activate UPnP. Be aware that anyone could use a UPnP application to open the web configurator's login screen without entering the Device's IP address (although you must still enter the password to access the web configurator).
Chapter 7 Home Networking 2 Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box.
Chapter 7 Home Networking 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Chapter 7 Home Networking 5 In the Networking Services window, select the Universal Plug and Play check box. Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 7.6 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Device. Make sure the computer is connected to a LAN port of the Device.
Chapter 7 Home Networking 2 Right-click the icon and select Properties. Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
Chapter 7 Home Networking 4 You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray.
Chapter 7 Home Networking 7 Double-click on the icon to display your current Internet connection status. Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Device without finding out the IP address of the Device first. This comes helpful if you do not know the IP address of the Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections.
Chapter 7 Home Networking 3 Select My Network Places under Other Places. Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your Device and select Invoke. The web configurator login screen displays.
Chapter 7 Home Networking 6 Right-click on the icon for your Device and select Properties. A properties window displays with basic information about the Device.
Chapter 7 Home Networking 7.7 The Additional Subnet Screen Use the Additional Subnet screen to configure IP alias and public static IP. IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The Device supports multiple logical LAN interfaces via its physical Ethernet interface with the Device itself as the gateway for the LAN network.
Chapter 7 Home Networking Table 35 Network Setting > Home Networking > Additional Subnet (continued) LABEL DESCRIPTION Offer Public IP by DHCP Select the check box to enable the Device to provide public IP addresses by DHCP server. Enable ARP Proxy Select the check box to enable the ARP (Address Resolution Protocol) proxy. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 7.
Chapter 7 Home Networking 7.9 The LAN VLAN Screen Click Network Setting > Home Networking > LAN VLAN to open this screen. Use this screen to control the VLAN ID and IEEE 802.1p priority tags of traffic sent out through individual LAN ports. Figure 57 Network Setting > Home Networking > LAN VLAN The following table describes the labels in this screen. Table 37 Network Setting > Home Networking > LAN VLAN LABEL DESCRIPTION Lan Port These represent the Device’s LAN ports.
Chapter 7 Home Networking 7.10.1 LANs, WANs and the Device The actual physical connection determines whether the Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 58 LAN and WAN IP Addresses LAN WAN 7.10.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server.
Chapter 7 Home Networking • Some ISPs choose to disseminate the DNS server addresses using the DNS server extensions of IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The Device supports the IPCP DNS server extensions through the DNS proxy feature. Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions.
Chapter 7 Home Networking You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks. On the other hand, if you are part of a much larger organization, you should consult your network administrator for the appropriate IP addresses.
Chapter 7 Home Networking 124 VMG1312-B10C User’s Guide
C HAPT ER 8 Routing 8.1 Overview The Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the Device send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the Device’s LAN interface. The Device routes most traffic from A to the Internet through the Device’s default gateway (R1).
Chapter 8 Routing 8.2 The Routing Screen Use this screen to view and configure the static route rules on the Device. Click Network Setting > Routing > Static Route to open the following screen. Figure 60 Network Setting > Routing > Static Route The following table describes the labels in this screen. Table 38 Network Setting > Routing > Static Route LABEL DESCRIPTION Add new static route Click this to configure a new static route. # This is the index number of the entry.
Chapter 8 Routing 8.2.1 Add/Edit Static Route Use this screen to add or edit a static route. Click Add new static route in the Routing screen or the Edit icon next to the static route you want to edit. The screen shown next appears. Figure 61 Routing: Add/Edit The following table describes the labels in this screen. Table 39 Routing: Add/Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Select this to enable the static route.
Chapter 8 Routing You can use source-based policy forwarding to direct traffic from different users through different connections or distribute traffic among multiple paths for load sharing. The Policy Forwarding screen let you view and configure routing policies on the Device. Click Network Setting > Routing > Policy Forwarding to open the following screen. Figure 62 Network Setting > Routing > Policy Forwarding The following table describes the labels in this screen.
Chapter 8 Routing 8.3.1 Add/Edit Policy Forwarding Click Add new Policy Forward Rule in the Policy Forwarding screen or click the Edit icon next to a policy. Use this screen to configure the required information for a policy route. Figure 63 Policy Forwarding: Add/Edit The following table describes the labels in this screen. Table 41 Policy Forwarding: Add/Edit LABEL DESCRIPTION Policy Name Enter a descriptive name of up to 8 printable English keyboard characters, not including spaces.
Chapter 8 Routing 8.4.1 The RIP Screen Click Network Setting > Routing > RIP to open the RIP screen. Figure 64 RIP The following table describes the labels in this screen. Table 42 RIP LABEL DESCRIPTION # This is the index of the interface in which the RIP setting is used. Interface This is the name of the interface in which the RIP setting is used.
C HAPT ER 9 Quality of Service (QoS) 9.1 Overview Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested. This can cause a reduction in network performance and make the network inadequate for time-critical application such as video-ondemand.
Chapter 9 Quality of Service (QoS) 9.2 What You Need to Know The following terms and concepts may help as you read through this chapter. QoS versus Cos QoS is used to prioritize source-to-destination traffic flows. All packets in the same flow are given the same priority. CoS (class of service) is a way of managing traffic in a network by grouping similar types of traffic together and treating each type as a class. You can use CoS to give different priorities to different packet types.
Chapter 9 Quality of Service (QoS) Traffic Policing Traffic policing is the limiting of the input or output transmission rate of a class of traffic on the basis of user-defined criteria. Traffic policing methods measure traffic flows against user-defined criteria and identify it as either conforming, exceeding or violating the criteria.
Chapter 9 Quality of Service (QoS) The following table describes the labels in this screen. Table 43 Network Setting > QoS > General LABEL DESCRIPTION QoS Select the Enable check box to turn on QoS to improve your network performance. WAN Managed Upstream Bandwidth Enter the amount of upstream bandwidth for the WAN interfaces that you want to allocate using QoS. The recommendation is to set this speed to match the interfaces’ actual transmission speed.
Chapter 9 Quality of Service (QoS) Use this screen to configure QoS queue assignment. Figure 66 Network Setting > QoS > Queue Setup The following table describes the labels in this screen. Table 44 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Add new Queue Click this button to create a new queue entry. # This is the index number of the entry. Status This field displays whether the queue is active or not. A yellow bulb signifies that this queue is active.
Chapter 9 Quality of Service (QoS) 9.4.1 Adding a QoS Queue Click Add new Queue or the edit icon in the Queue Setup screen to configure a queue. Figure 67 Queue Setup: Add The following table describes the labels in this screen. Table 45 Queue Setup: Add LABEL DESCRIPTION Active Select to enable or disable this queue. Name Enter the descriptive name of this queue. Interface Select the interface to which this queue is applied. This field is read-only if you are editing the queue.
Chapter 9 Quality of Service (QoS) destination port number or incoming interface. For example, you can configure a classifier to select traffic from the same protocol port (such as Telnet) to form a flow. You can give different priorities to traffic that the Device forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly. Similarly, give low priority to many large file downloads so that they do not reduce the quality of other applications.
Chapter 9 Quality of Service (QoS) 9.5.1 Add/Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to a classifier to open the following screen.
Chapter 9 Quality of Service (QoS) The following table describes the labels in this screen. Table 47 Class Setup: Add/Edit LABEL DESCRIPTION Active Select this to enable this classifier. Class Name Enter a descriptive name of up to 15 printable English keyboard characters, not including spaces. Classification Order Select an existing number for where you want to put this classifier to move the classifier to the number you selected after clicking Apply.
Chapter 9 Quality of Service (QoS) Table 47 Class Setup: Add/Edit (continued) LABEL Service DESCRIPTION This field is available only when you select IP in the Ether Type field. This field simplifies classifier configuration by allowing you to select a predefined application. When you select a predefined application, you do not configure the rest of the filter fields. IP Protocol This field is available only when you select IP in the Ether Type field.
Chapter 9 Quality of Service (QoS) Table 47 Class Setup: Add/Edit (continued) LABEL DESCRIPTION To Queue Index Select a queue that applies to this class. You should have configured a queue in the Queue Setup screen already. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 9.6 The QoS Policer Setup Screen Use this screen to configure QoS policers that allow you to limit the transmission rate of incoming traffic.
Chapter 9 Quality of Service (QoS) 9.6.1 Add/Edit a QoS Policer Click Add new Policer in the Policer Setup screen or the Edit icon next to a policer to show the following screen. Figure 71 Policer Setup: Add/Edit The following table describes the labels in this screen. Table 49 Policer Setup: Add/Edit LABEL DESCRIPTION Active Select the check box to activate this policer. Name Enter the descriptive name of this policer. Meter Type This shows the traffic metering algorithm used in this policer.
Chapter 9 Quality of Service (QoS) Table 49 Policer Setup: Add/Edit LABEL DESCRIPTION Conforming Action Specify what the Device does for packets within the committed rate and burst size (greenmarked packets). • • Pass: Send the packets without modification. DSCP Mark: Change the DSCP mark value of the packets. Enter the DSCP mark value to use. NonConforming Action Specify what the Device does for packets that exceed the excess burst size or peak rate and burst size (red-marked packets).
Chapter 9 Quality of Service (QoS) Table 50 Network Setting > QoS > Monitor (continued) LABEL DESCRIPTION Name This shows the name of the interface on the Device. Pass Rate This shows how many packets forwarded to this interface are transmitted successfully. Drop Rate This shows how many packets forwarded to this interface are dropped. Queue Monitor # This is the index number of the entry. Name This shows the name of the queue.
Chapter 9 Quality of Service (QoS) DiffServ QoS is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types. DiffServ (Differentiated Services) is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow.
Chapter 9 Quality of Service (QoS) The following table shows you the internal layer-2 and layer-3 QoS mapping on the Device. On the Device, traffic assigned to higher priority queues gets through faster while traffic in lower index queues is dropped if the network is congested. Table 52 Internal Layer2 and Layer3 QoS Mapping LAYER 2 LAYER 3 PRIORITY QUEUE IEEE 802.
Chapter 9 Quality of Service (QoS) • If there are no tokens in the bucket, the Device stops transmitting until enough tokens are generated. • If not enough tokens are available, the Device treats the packet in either one of the following ways: In traffic shaping: • Holds it in the queue until enough tokens are available in the bucket. In traffic policing: • Drops it. • Transmits it but adds a DSCP mark. The Device may drop these marked packets if the network is overloaded.
Chapter 9 Quality of Service (QoS) on the guaranteed and maximum bandwidth respectively as negotiated between a service provider and client. The trTCM evaluates incoming packets and marks them with one of three colors which refer to packet loss priority levels. High packet loss priority level is referred to as red, medium is referred to as yellow and low is referred to as green. The trTCM is based on the token bucket filter and has two token buckets (Committed Burst Size (CBS) and Peak Burst Size (PBS)).
C HAPTER 10 Network Address Translation (NAT) 10.1 Overview This chapter discusses how to configure NAT on the Device. NAT (Network Address Translation NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 10.1.
Chapter 10 Network Address Translation (NAT) WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host. Port Forwarding A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.
Chapter 10 Network Address Translation (NAT) third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 73 Multiple Servers Behind NAT Example A=192.168.1.33 LAN WAN B=192.168.1.34 192.168.1.1 IP Address assigned by ISP C=192.168.1.3 D=192.168.1.36 Click Network Setting > NAT > Port Forwarding to open the following screen.
Chapter 10 Network Address Translation (NAT) Table 53 Network Setting > NAT > Port Forwarding (continued) LABEL DESCRIPTION Translation End Port This is the last internal port number that identifies a service. Protocol This shows the IP protocol supported by this virtual server, whether it is TCP, UDP, or TCP/ UDP. Modify/Delete Click the Edit icon to edit this rule. Click the Delete icon to delete an existing rule. 10.2.
Chapter 10 Network Address Translation (NAT) Table 54 Port Forwarding: Add/Edit (continued) LABEL DESCRIPTION WAN IP Enter the WAN IP address for which the incoming service is destined. If the packet’s destination IP address doesn’t match the one specified here, the port forwarding rule will not be applied. Start Port Enter the original destination port for the packets. To forward only one port, enter the port number again in the End Port field.
Chapter 10 Network Address Translation (NAT) The following table describes the labels in this screen. Table 55 Network Setting > NAT > Applications LABEL DESCRIPTION Add new application Click this to add a new NAT application rule. Application Forwarded This field shows the type of application that the service forwards. WAN Interface This field shows the WAN interface through which the service is forwarded. Server IP Address This field displays the destination IP address for the service.
Chapter 10 Network Address Translation (NAT) 10.4 The Port Triggering Screen Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address.
Chapter 10 Network Address Translation (NAT) Click Network Setting > NAT > Port Triggering to open the following screen. Use this screen to view your Device’s trigger port settings. Figure 79 Network Setting > NAT > Port Triggering The following table describes the labels in this screen. Table 57 Network Setting > NAT > Port Triggering LABEL DESCRIPTION Add new rule Click this to create a new rule. # This is the index number of the entry.
Chapter 10 Network Address Translation (NAT) 10.4.1 Add/Edit Port Triggering Rule This screen lets you create new port triggering rules. Click Add new rule in the Port Triggering screen or click a rule’s Edit icon to open the following screen. Figure 80 Port Triggering: Add/Edit The following table describes the labels in this screen. Table 58 Port Triggering: Configuration Add/Edit LABEL DESCRIPTION Active Select the check box to enable this rule.
Chapter 10 Network Address Translation (NAT) 10.5 The DMZ Screen In addition to the servers for specified services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in the NAT Port Forwarding Setup screen. Figure 81 Network Setting > NAT > DMZ The following table describes the fields in this screen.
Chapter 10 Network Address Translation (NAT) The following table describes the fields in this screen. Table 60 Network Setting > NAT > ALG LABEL DESCRIPTION NAT ALG Enable this to make sure applications such as FTP and file transfer in IM applications work correctly with port-forwarding and address-mapping rules. SIP ALG Enable this to make sure SIP (VoIP) works correctly with port-forwarding and addressmapping rules. Apply Click Apply to save your changes.
Chapter 10 Network Address Translation (NAT) Table 61 Network Setting > NAT > Address Mapping (continued) LABEL DESCRIPTION Type This is the address mapping type. One-to-One: This mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. Many-to-One: This mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e.
Chapter 10 Network Address Translation (NAT) Table 62 Address Mapping: Add/Edit (continued) LABEL DESCRIPTION Local End IP Enter the ending Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This field is blank for One-to-One mapping types. Global Start IP Enter the starting Inside Global IP Address (IGA). Enter 0.0.0.
Chapter 10 Network Address Translation (NAT) Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside host when the packet is on the WAN side. The following table summarizes this information.
Chapter 10 Network Address Translation (NAT) 10.8.3 How NAT Works Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN.
Chapter 10 Network Address Translation (NAT) 10.8.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the Device can communicate with three distinct WAN networks. Figure 86 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers.
Chapter 10 Network Address Translation (NAT) Port Forwarding Example Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 87 Multiple Servers Behind NAT Example A=192.168.1.33 192.168.1.1 B=192.168.1.
Chapter 10 Network Address Translation (NAT) 166 VMG1312-B10C User’s Guide
C HAPTER 11 Dynamic DNS Setup 11.1 Overview DNS DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list.
Chapter 11 Dynamic DNS Setup 11.1.2 What You Need To Know DYNDNS Wildcard Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname. If you have a private WAN IP address, then you cannot use Dynamic DNS. 11.2 The DNS Entry Screen Use this screen to view and configure DNS routes on the Device.
Chapter 11 Dynamic DNS Setup 11.2.1 Add/Edit DNS Entry You can manually add or edit the Device’s DNS name and IP address entry. Click Add new DNS entry in the DNS Entry screen or the Edit icon next to the entry you want to edit. The screen shown next appears. Figure 89 DNS Entry: Add/Edit The following table describes the labels in this screen. Table 66 DNS Entry: Add/Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry. IP Address Enter the IP address of the DNS entry.
Chapter 11 Dynamic DNS Setup The following table describes the fields in this screen. Table 67 Network Setting > DNS > > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Select Enable to use dynamic DNS. Service Provider Select your Dynamic DNS service provider from the drop-down list box. Hostname Type the domain name assigned to your Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (","). 170 Username Type your user name.
C HAPTER 12 Interface Group 12.1 Overview By default, all LAN and WAN interfaces on the Device are in the same group and can communicate with each other. Create interface groups to have the Device assign the IP addresses in different domains to different groups. Each group acts as an independent network on the Device. This lets devices connected to an interface group’s LAN interfaces communicate through the interface group’s WAN or LAN interfaces but not other WAN or LAN interfaces. 12.1.
Chapter 12 Interface Group In the following example, the client that sends packets with the DHCP Vendor ID option set to MSFT 5.0 (meaning it is a Windows 2000 DHCP client) is assigned the IP address 192.168.2.2 and uses the WAN VDSL_PoE/ppp0.1 interface. Figure 91 Interface Grouping Application Default: ETH 2~4 192.168.1.x/24 eth10.0 Internet VDSL_PoE/ppp0.1 192.168.2.x/24 DHCP Vendor ID option: MSFT 5.0 Click Network Setting > Interface Group to open the following screen.
Chapter 12 Interface Group Note: An interface can belong to only one group at a time. Figure 93 Interface Group Configuration The following table describes the fields in this screen. Table 69 Interface Group Configuration LABEL DESCRIPTION Group Name Enter a name to identify this group. You can enter up to 30 characters. You can use letters, numbers, hyphens (-) and underscores (_). Spaces are not allowed. WAN Interface used in the grouping Select the WAN interface this group uses.
Chapter 12 Interface Group Table 69 Interface Group Configuration (continued) LABEL DESCRIPTION Filter Criteria This shows the filtering criteria. The LAN interface on which the matched traffic is received will belong to this group automatically. WildCard Support This shows if wildcard on DHCP option 60 is enabled. Remove Click the Remove icon to delete this rule from the Device. Apply Click Apply to save your changes back to the Device. Cancel Click Cancel to exit this screen without saving.
Chapter 12 Interface Group Table 70 Interface Grouping Criteria (continued) LABEL DESCRIPTION IAID Enter the Identity Association Identifier (IAID) of the device, for example, the WAN connection index number. DUID type Select DUID-LLT (DUID Based on Link-layer Address Plus Time) to enter the hardware type, a time value and the MAC address of the device. Select DUID-EN (DUID Assigned by Vendor Based upon Enterprise Number) to enter the vendor’s registered enterprise number.
Chapter 12 Interface Group 176 VMG1312-B10C User’s Guide
C HAPTER 13 USB Service 13.1 Overview The Device has a USB port used to share files via a USB memory stick or a USB hard drive. In the USB Service screens, you can enable file-sharing server, media server, and printer server. 13.1.1 What You Can Do in this Chapter • Use the File Sharing screen to enable file-sharing server (Section 13.2 on page 178). • Use the Media Server screen to enable or disable the sharing of media files (Section 13.3 on page 180).
Chapter 13 USB Service protocol is supported on Microsoft Windows, Linux Samba and other operating systems (refer to your systems specifications for CIFS compatibility). 13.1.2.2 About Printer Server Print Server This is a computer or other device which manages one or more printers, and which sends print jobs to each printer from the computer itself or other devices. Operating System An operating system (OS) is the interface which helps you manage a computer.
Chapter 13 USB Service The following figure is an overview of the Device’s file server feature. Computers A and B can access files on a USB device (C) which is connected to the Device. Figure 95 File Sharing Overview B C A The Device will not be able to join the workgroup if your local area network has restrictions set up that do not allow devices to join a workgroup. In this case, contact your network administrator. 13.2.
Chapter 13 USB Service Each field is described in the following table. Table 71 Network Setting > Home Networking > File Sharing LABEL DESCRIPTION File Sharing Services Select Enable to activate file sharing through the Device. Host Name Enter the host name on the share. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 13.
Chapter 13 USB Service The following table describes the labels in this menu. Table 72 Network Setting > USB Service > Media Server LABEL DESCRIPTION Media Server Select Enable to have the Device function as a DLNA-compliant media server. Enable the media server to let (DLNA-compliant) media clients on your network play media files located in the shares. Interface Select the interface on which you want to enable the media server function.
Chapter 13 USB Service To access this screen, click Network Setting > USB Service > Printer Server. Figure 99 Network Setting > USB Service > Printer Server The following table describes the labels in this menu. Table 73 Network Setting > USB Service > Print Server 182 LABEL DESCRIPTION Printer Server Select Enable to have the Device share a USB printer. Printer Name Enter the name of the printer. Make and model Enter the manufacturer and model number of the printer.
C HAPTER 14 Firewall 14.1 Overview This chapter shows you how to enable and configure the Device’s security settings. Use the firewall to protect your Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: • allows traffic that originates from your LAN computers to go to all other networks. • blocks traffic that originates on other networks from going to the LAN. The following figure illustrates the default firewall action.
Chapter 14 Firewall 14.1.2 What You Need to Know SYN Attack A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYNACKs are moved off the queue only when an ACK comes back or when an internal timer terminates the three-way handshake.
Chapter 14 Firewall 14.2 The Firewall Screen Use this screen to set the security level of the firewall on the Device. Firewall rules are grouped based on the direction of travel of packets to which they apply. Click Security > Firewall to display the General screen. Figure 101 Security > Firewall > General The following table describes the labels in this screen. Table 74 Security > Firewall > General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the Device.
Chapter 14 Firewall Click Security > Firewall > Service to display the following screen. Figure 102 Security > Firewall > Service The following table describes the labels in this screen. Table 75 Security > Firewall > Service LABEL DESCRIPTION Add new service entry Click this to add a new service. Name This is the name of your customized service. Description This is the description of your customized service.
Chapter 14 Firewall 14.3.1 Add/Edit a Service Use this screen to add a customized service rule that you can use in the firewall’s ACL rule configuration. Click Add new service entry or the edit icon next to an existing service rule in the Service screen to display the following screen. Figure 103 Service: Add/Edit The following table describes the labels in this screen.
Chapter 14 Firewall Table 76 Service: Add/Edit (continued) LABEL DESCRIPTION Service Name Enter a unique name (up to 32 printable English keyboard characters, including spaces) for your customized port. Service Description Enter a description for your customized port. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 14.4 The Access Control Screen Click Security > Firewall > Access Control to display the following screen.
Chapter 14 Firewall 14.4.1 Add/Edit an ACL Rule Click Add new ACL rule or the Edit icon next to an existing ACL rule in the Access Control screen. The following screen displays. Figure 105 Access Control: Add/Edit The following table describes the labels in this screen. Table 78 Access Control: Add/Edit LABEL DESCRIPTION Filter Name Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes. You must enter the filter name to add an ACL rule.
Chapter 14 Firewall Table 78 Access Control: Add/Edit (continued) LABEL DESCRIPTION IP Type Select whether your IP type is IPv4 or IPv6. Select Protocol Select the transport layer protocol that defines your customized port from the drop-down list box. The specific protocol rule sets you add in the Security > Firewall > Service > Add screen display in this list. If you want to configure a customized protocol, select Specific Service.
Chapter 14 Firewall The following table describes the labels in this screen. Table 79 Security > Firewall > DoS LABEL DESCRIPTION DoS Protection Blocking Select Enable to enable protection against DoS attacks. Deny Ping Response Select Enable to block ping request packets. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
Chapter 14 Firewall 192 VMG1312-B10C User’s Guide
C HAPTER 15 MAC Filter 15.1 Overview You can configure the Device to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. 15.
Chapter 15 MAC Filter The following table describes the labels in this screen. Table 80 Security > MAC Filter LABEL DESCRIPTION MAC Address Filter Select Enable to activate the MAC filter function. Set This is the index number of the MAC address. Allow Select Allow to permit access to the Device. MAC addresses not listed will be denied access to the Device. If you clear this, the MAC Address field for this set clears.
C HAPTER 16 Parental Control 16.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the Device performs parental control on a specific user. 16.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules. Click Security > Parental Control to open the following screen. Figure 108 Security > Parental Control The following table describes the fields in this screen.
Chapter 16 Parental Control Table 81 Security > Parental Control (continued) LABEL DESCRIPTION Home Network User (MAC) This shows the MAC address of the LAN user’s computer to which this rule applies. Internet Access Schedule This shows the day(s) and time on which parental control is enabled. Network Service This shows whether the network service is configured. If not, None will be shown. Website Block This shows whether the website block is configured. If not, None will be shown.
Chapter 16 Parental Control The following table describes the fields in this screen. Table 82 Parental Control Rule: Add/Edit LABEL DESCRIPTION General Active Select the checkbox to activate this parental control rule. Parental Control Profile Name Enter a descriptive name for the rule. Home Network User Select the LAN user that you want to apply this rule to from the drop-down list box. If you select Custom, enter the LAN user’s MAC address. If you select All, the rule applies to all LAN users.
Chapter 16 Parental Control 198 VMG1312-B10C User’s Guide
C HAPTER 17 Scheduler Rule 17.1 Overview You can define time periods and days during which the Device performs scheduled rules of certain features (such as Firewall Access Control) in the Scheduler Rule screen. 17.2 The Scheduler Rule Screen Use this screen to view, add, or edit time schedule rules. Click Security > Scheduler Rule to open the following screen. Figure 110 Security > Scheduler Rule The following table describes the fields in this screen.
Chapter 17 Scheduler Rule 17.2.1 Add/Edit a Schedule Click the Add button in the Scheduler Rule screen or click the Edit icon next to a schedule rule to open the following screen. Use this screen to configure a restricted access schedule. Figure 111 Scheduler Rule: Add/Edit The following table describes the fields in this screen. Table 84 Scheduler Rule: Add/Edit 200 LABEL DESCRIPTION Rule Name Enter a name (up to 31 printable English keyboard characters, not including spaces) for this schedule.
C HAPTER 18 Certificates 18.1 Overview The Device can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 18.1.1 What You Can Do in this Chapter • The Local Certificates screen lets you generate certification requests and import the Device's CA-signed certificates (Section 18.4 on page 205).
Chapter 18 Certificates 18.3 The Local Certificates Screen Click Security > Certificates to open the Local Certificates screen. This is the Device’s summary list of certificates and certification requests. Figure 112 Security > Certificates > Local Certificates The following table describes the labels in this screen.
Chapter 18 Certificates 18.3.1 Create Certificate Request Click Security > Certificates > Local Certificates and then Create Certificate Request to open the following screen. Use this screen to have the Device generate a certification request. Figure 113 Create Certificate Request The following table describes the labels in this screen. Table 86 Create Certificate Request LABEL DESCRIPTION Certificate Name Type up to 63 ASCII characters (not including spaces) to identify this certificate.
Chapter 18 Certificates Figure 114 Certificate Request Created 18.3.2 Load Signed Certificate After you create a certificate request and have it signed by a Certificate Authority, in the Local Certificates screen click the certificate request’s Load Signed icon to import the signed certificate into the Device.
Chapter 18 Certificates Note: You must remove any spaces from the certificate’s filename before you can import it. Figure 115 Load Signed Certificate The following table describes the labels in this screen. Table 87 Load Signed Certificate LABEL DESCRIPTION Certificate Name This is the name of the signed certificate. Certificate Copy and paste the signed certificate into the text box to store it on the Device. Apply Click Apply to save your changes.
Chapter 18 Certificates being trustworthy; thus you do not need to import any certificate that is signed by one of these certification authorities. Figure 116 Security > Certificates > Trusted CA The following table describes the fields in this screen. Table 88 Security > Certificates > Trusted CA LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority that you trust to the Device. # This is the index number of the entry.
Chapter 18 Certificates The following table describes the fields in this screen. Table 89 Trusted CA: View LABEL DESCRIPTION Name This field displays the identifying name of this certificate. The read-only text box displays the certificate in Privacy Enhanced Mail (PEM) format. PEM uses base 64 to convert the binary certificate into a printable form.
Chapter 18 Certificates 208 VMG1312-B10C User’s Guide
C HAPTER 19 VPN 19.1 Overview A virtual private network (VPN) provides secure communications over the the Internet. Internet Protocol Security (IPSec) is a standards-based VPN that provides confidentiality, data integrity, and authentication. This chapter shows you how to configure the Device’s VPN settings. 19.2 IPSec VPN 19.2.1 The General Screen Use this screen to view and manage your VPN tunnel policies. The following figure helps explain the main fields in the web configurator.
Chapter 19 VPN This screen contains the following fields: Table 91 IPSec VPN LABEL DESCRIPTION Add new connection Click this button to add an item to the list. Enable This displays if the VPN policy is enabled. Connection Name The name of the VPN connection. Remote Gateway This is the IP address of the remote IPSec router in the IKE SA. Local Addresses This displays the IP address(es) on the LAN behind your Device.
Chapter 19 VPN Figure 121 IPSec VPN: Add VMG1312-B10C User’s Guide 211
Chapter 19 VPN This screen contains the following fields: Table 92 IPSec VPN: Add LABEL DESCRIPTION IPSec Setup IPSec Connection Name Enter the name of the VPN connection. Tunnel Mode Select which protocol you want to use in the IPSec SA. Choices are: AH (RFC 2402) - provides integrity, authentication, sequence integrity (replay resistance), and non-repudiation but not encryption. If you select AH, you must select an Authentication algorithm.
Chapter 19 VPN Table 92 IPSec VPN: Add LABEL Pre-Shared Key DESCRIPTION Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0-9", "A-F") characters. You must precede a hexadecimal key with a "0x” (zero x), which is not counted as part of the 16 to 62 character range for the key.
Chapter 19 VPN Table 92 IPSec VPN: Add LABEL DESCRIPTION Phase 2 Encryption Algorithm Select which key size and encryption algorithm to use in the IKE SA.
Chapter 19 VPN Table 92 IPSec VPN: Add LABEL Authentication Key DESCRIPTION Enter the authentication key, which depends on the authentication algorithm. MD5 - type a unique key 32 hexadecimal characters long SHA1 - type a unique key 40 hexadecimal characters long SPI Type a unique SPI (Security Parameter Index) in hexadecimal characters. The SPI is used to identify the Device during authentication. The Device and remote IPSec router must use the same SPI. Apply Click Apply to save your changes.
Chapter 19 VPN The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms. The Authentication Algorithms, HMAC-MD5 (RFC 2403) and HMAC-SHA-1 (RFC 2404, provide an authentication mechanism for the AH and ESP protocols. Key Management Key management allows you to determine whether to use IKE (ISAKMP) or manual key configuration in order to set up a VPN. 19.3.
Chapter 19 VPN • Inside header: The inside IP header contains the destination IP address of the final system behind the VPN gateway. The security protocol appears after the outer IP header and before the inside IP header. 19.3.3 IKE Phases There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSec.
Chapter 19 VPN 19.3.4 Negotiation Mode The phase 1 Negotiation Mode you select determines how the Security Association (SA) will be established for each connection through IKE negotiations. • Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation, Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number).
Chapter 19 VPN 19.3.6 VPN, NAT, and NAT Traversal NAT is incompatible with the AH protocol in both transport and tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet, but a NAT device between the IPSec endpoints rewrites the source or destination address.
Chapter 19 VPN 19.3.8 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA setup to establish session keys. Upon completion of the Diffie-Hellman exchange, the two peers have a shared secret, but the IKE SA is not authenticated. For authentication, use pre-shared keys.
C HAPTER 20 Log 20.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the Device log and then display the logs or have the Device send them to an administrator (as e-mail) or to a syslog server. 20.1.1 What You Can Do in this Chapter • Use the System Log screen to see the system logs (Section 20.2 on page 222). • Use the Security Log screen to see the security-related logs for the categories that you select (Section 20.3 on page 223). 20.1.
Chapter 20 Log Table 95 Syslog Severity Levels CODE SEVERITY 5 Notice: There is a normal but significant condition on the system. 6 Informational: The syslog contains an informational message. 7 Debug: The message is intended for debug-level purposes. 20.2 The System Log Screen Use the System Log screen to see the system logs. Click System Monitor > Log to open the System Log screen. Figure 126 System Monitor > Log > System Log The following table describes the fields in this screen.
Chapter 20 Log 20.3 The Security Log Screen Use the Security Log screen to see the security-related logs for the categories that you select. Click System Monitor > Log > Security Log to open the following screen. Figure 127 System Monitor > Log > Security Log The following table describes the fields in this screen. Table 97 System Monitor > Log > Security Log LABEL DESCRIPTION Level Select a severity level from the drop-down list box.
Chapter 20 Log 224 VMG1312-B10C User’s Guide
C HAPTER 21 Traffic Status 21.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN and LAN interfaces. 21.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 21.2 on page 225). • Use the LAN screen to view the LAN traffic statistics (Section 21.3 on page 227). 21.2 The WAN Status Screen Click System Monitor > Traffic Status to open the WAN screen.
Chapter 21 Traffic Status The following table describes the fields in this screen. Table 98 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Connected Interface This shows the name of the WAN interface that is currently connected. Packets Sent Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface. Drop This indicates the number of outgoing packets dropped on this interface.
Chapter 21 Traffic Status 21.3 The LAN Status Screen Click System Monitor > Traffic Status > LAN to open the following screen. The figure in this screen shows the interface that is currently connected on the Device. Figure 129 System Monitor > Traffic Status > LAN The following table describes the fields in this screen. Table 99 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen.
Chapter 21 Traffic Status 21.4 The NAT Status Screen Click System Monitor > Traffic Status > NAT to open the following screen. The figure in this screen shows the NAT statistics for hosts that are currently connected on the Device. Figure 130 System Monitor > Traffic Status > NAT The following table describes the fields in this screen. Table 100 System Monitor > Traffic Status > NAT 228 LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen.
C HAPTER 22 ARP Table 22.1 Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The ARP Table maintains an association between each MAC address and its corresponding IP address. 22.1.
Chapter 22 ARP Table Table 101 System Monitor > ARP Table (continued) LABEL 230 DESCRIPTION MAC Address This is the MAC address of the device with the listed IP address. Device This is the type of interface used by the device. You can click on the device type to go to its configuration screen.
C HAPTER 23 Routing Table 23.1 Overview Routing is based on the destination address only and the Device takes the shortest path to forward a packet. 23.2 The Routing Table Screen Click System Monitor > Routing Table to open the following screen. Figure 132 System Monitor > Routing Table The following table describes the labels in this screen. Table 102 System Monitor > Routing Table LABEL DESCRIPTION Destination This indicates the destination IP address of this route.
Chapter 23 Routing Table Table 102 System Monitor > Routing Table (continued) LABEL DESCRIPTION Service This indicates the name of the service used to forward the route. Interface This indicates the name of the interface through which the route is forwarded. br0 indicates the LAN interface. ptm0 indicates the WAN interface using IPoE or in bridge mode. ppp0 indicates the WAN interface using PPPoE.
C HAPTER 24 IGMP Status 24.1 Overview Use the IGMP Status screens to look at IGMP group status and traffic statistics. 24.2 The IGMP Group Status Screen Use this screen to look at the current list of multicast groups the Device has joined and which ports have joined it. To open this screen, click System Monitor > IGMP Group Status. Figure 133 System Monitor > IGMP Group Status The following table describes the labels in this screen.
Chapter 24 IGMP Status 234 VMG1312-B10C User’s Guide
C HAPTER 25 xDSL Statistics 25.1 The xDSL Statistics Screen Use this screen to view detailed DSL statistics. Click System Monitor > xDSL Statistics to open the following screen.
Chapter 25 xDSL Statistics The following table describes the labels in this screen. Table 104 Status > xDSL Statistics LABEL DESCRIPTION Refresh Interval Select the time interval for refreshing statistics. Line Select which DSL line’s statistics you want to display. xDSL Training Status This displays the current state of setting up the DSL connection. Mode This displays the ITU standard used for this connection.
Chapter 25 xDSL Statistics Table 104 Status > xDSL Statistics (continued) LABEL DESCRIPTION Downstream These are the statistics for the traffic direction coming into the port from the service provider. Upstream These are the statistics for the traffic direction going out from the port to the service provider. FEC This is the number of Far End Corrected blocks. CRC This is the number of Cyclic Redundancy Checks.
Chapter 25 xDSL Statistics 238 VMG1312-B10C User’s Guide
C HAPTER 26 3G Statistics 26.1 Overview Use the 3G Statistics screens to look at 3G Internet connection status. 26.2 The 3G Statistics Screen To open this screen, click System Monitor > 3G Statistics. Figure 135 System Monitor > 3G Statistics The following table describes the labels in this screen. Table 105 System Monitor > 3G Statistics LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen. Select No Refresh to stop refreshing.
Chapter 26 3G Statistics Table 105 System Monitor > 3G Statistics (continued) 240 LABEL DESCRIPTION Connection Uptime This field displays the time the connection has been up. 3G Card Manufacturer This field displays the manufacturer of the 3G card. 3G Card Model This field displays the model name of the 3G card. 3G Card F/W Version This field displays the firmware version of the 3G card.
C HAPTER 27 User Account 27.1 Overview In the Users Account screen, you can change the password of the user account that you used to log in the Device. 27.2 The User Account Screen Click Maintenance > User Account to open the following screen. Figure 136 Maintenance > User Account The following table describes the labels in this screen. Table 106 Maintenance > User Account LABEL DESCRIPTION User Name This field displays the name of the account that you used to log in the system.
Chapter 27 User Account 242 VMG1312-B10C User’s Guide
C HAPTER 28 Remote Management 28.1 Overview Remote Management allows you to manage your Device from a remote location through the following interfaces: • LAN • WAN • Trust Domain Note: The Device is managed using the Web Configurator. 28.2 The Remote MGMT Screen Use this screen to configure through which interface(s) users can use which service(s) to manage the Device. Click Maintenance > Remote MGMT to open the following screen.
Chapter 28 Remote Management The following table describes the fields in this screen. Table 107 Maintenance > Remote MGMT LABEL DESCRIPTION Trust Domain Status This field displays whether the Trust Domain is active or not. IP Address Enter the Trust Domain IP address. Services This is the service you may use to access the Device. LAN/WLAN Select the Enable check box for the corresponding services that you want to allow access to the Device from the LAN/WLAN.
C HAPTER 29 TR-069 Client 29.1 Overview This chapter explains how to configure the Device’s TR-069 auto-configuration settings. 29.2 The TR-069 Client Screen TR-069 defines how Customer Premise Equipment (CPE), for example your Device, can be managed over the WAN by an Auto Configuration Server (ACS). TR-069 is based on sending Remote Procedure Calls (RPCs) between an ACS and a client device. RPCs are sent in Extensible Markup Language (XML) format over HTTP or HTTPS.
Chapter 29 TR-069 Client The following table describes the fields in this screen. Table 108 Maintenance > TR-069 Client 246 LABEL DESCRIPTION Inform Select Enable for the Device to send periodic inform via TR-069 on the WAN. Otherwise, select Disable. Inform Interval Enter the time interval (in seconds) at which the Device sends information to the autoconfiguration server. ACS URL Enter the URL or IP address of the auto-configuration server.
C HAPTER 30 TR-064 30.1 Overview This chapter explains how to configure the Device’s TR-064 auto-configuration settings. 30.2 The TR-064 Screen TR-064 is a LAN-Side DSL CPE Configuration protocol defined by the DSL Forum. TR-064 is built on top of UPnP. It allows the users to use a TR-064 compliant CPE management application on their computers from the LAN to discover the CPE and configure user-specific parameters, such as the username and password.
Chapter 30 TR-064 248 VMG1312-B10C User’s Guide
C HAPTER 31 Time Settings 31.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 31.2 The Time Screen To change your Device’s time and date, click Maintenance > Time. The screen appears as shown. Use this screen to configure the Device’s time based on your local time zone.
Chapter 31 Time Settings The following table describes the fields in this screen. Table 110 Maintenance > Time Setting LABEL DESCRIPTION Current Date/Time Current Time This field displays the time of your Device. Each time you reload this page, the Device synchronizes the time with the time server. Current Date This field displays the date of your Device. Each time you reload this page, the Device synchronizes the date with the time server.
Chapter 31 Time Settings Table 110 Maintenance > Time Setting (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
Chapter 31 Time Settings 252 VMG1312-B10C User’s Guide
C HAPTER 32 E-mail Notification 32.1 Overview A mail server is an application or a computer that runs such an application to receive, forward and deliver e-mail messages. To have the Device send reports, logs or notifications via e-mail, you must specify an e-mail server and the e-mail addresses of the sender and receiver. 32.2 The Email Notification Screen Click Maintenance > Email Notification to open the Email Notification screen.
Chapter 32 E-mail Notification 32.2.1 Email Notification Edit Click the Add button in the Email Notification screen. Use this screen to configure the required information for sending e-mail via a mail server. Figure 142 Email Notification > Add The following table describes the labels in this screen. Table 112 Email Notification > Add LABEL DESCRIPTION Mail Server Address Enter the server name or the IP address of the mail server for the e-mail address specified in the Account Email Address field.
C HAPTER 33 Logs Setting 33.1 Overview You can configure where the Device sends logs and which logs and/or immediate alerts the Device records in the Logs Setting screen.
Chapter 33 Logs Setting 33.2 The Log Settings Screen To change your Device’s log settings, click Maintenance > Logs Setting. The screen appears as shown. Figure 143 Maintenance > Logs Setting The following table describes the fields in this screen. Table 113 Maintenance > Logs Setting LABEL DESCRIPTION Syslog Setting Syslog Logging The Device sends a log to an external syslog server. Select Enable to enable syslog logging. Mode Select the syslog destination from the drop-down list box.
Chapter 33 Logs Setting Table 113 Maintenance > Logs Setting (continued) LABEL DESCRIPTION Syslog Server Enter the server name or IP address of the syslog server that will log the selected categories of logs. UDP Port Enter the port number used by the syslog server. E-mail Log Settings Mail Server Enter the server name or the IP address of the mail server for the e-mail addresses specified below. If this field is left blank, logs and alert messages will not be sent via E-mail.
Chapter 33 Logs Setting • "End of Log" message shows that a complete log has been sent. Figure 144 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy |forward | 09:54:17 |UDP src port:00520 dest port:00520 |<1,00> | 3|Apr 7 00 |From:192.168.1.
C HAPTER 34 Firmware Upgrade 34.1 Overview This chapter explains how to upload new firmware to your Device. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your Device. 34.2 The Firmware Screen Click Maintenance > Firmware Upgrade to open the following screen.
Chapter 34 Firmware Upgrade After you see the firmware updating screen, wait two minutes before logging into the Device again. Figure 146 Firmware Uploading The Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 147 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.
C HAPTER 35 Configuration 35.1 Overview The Configuration screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 35.2 The Configuration Screen Click Maintenance > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Chapter 35 Configuration Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your Device. Table 115 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click this to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 35 Configuration Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the Device to its factory defaults. The following warning screen appears. Figure 152 Reset Warning Message Figure 153 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your Device. Refer to Section 1.6 on page 20 for more information on the RESET button. 35.
Chapter 35 Configuration 264 VMG1312-B10C User’s Guide
C HAPTER 36 Diagnostic 36.1 Overview The Diagnostic screens display information to help you identify problems with the Device. The route between a CO VDSL switch and one of its CPE may go through switches owned by independent organizations. A connectivity fault point generally takes time to discover and impacts subscriber’s network access. In order to eliminate the management and maintenance efforts, IEEE 802.
Chapter 36 Diagnostic 36.3 Ping & TraceRoute & NsLookup Use this screen to ping, traceroute, or nslookup an IP address. Click Maintenance > Diagnostic > Ping & TraceRoute & NsLookup to open the screen shown next. Figure 155 Maintenance > Diagnostic > Ping & TraceRoute & NsLookup The following table describes the fields in this screen.
Chapter 36 Diagnostic 36.4 802.1ag Click Maintenance > Diagnostic > 8.2.1ag to open the following screen. Use this screen to perform CFM actions. Figure 156 Maintenance > Diagnostic > 802.1ag The following table describes the fields in this screen. Table 117 Maintenance > Diagnostic > 802.1ag LABEL DESCRIPTION 802.1ag Connectivity Fault Management Maintenance Domain (MD) Level Select a level (0-7) under which you want to create an MA.
Chapter 36 Diagnostic 36.5 OAM Ping Click Maintenance > Diagnostic > OAM Ping to open the screen shown next. Use this screen to perform an OAM (Operation, Administration and Maintenance) F4 or F5 loopback test on a PVC. The Device sends an OAM F4 or F5 packet to the DSLAM or ATM switch and then returns it to the Device. The test result then displays in the text box. ATM sets up virtual circuits over which end systems communicate.
Chapter 36 Diagnostic Note: This screen is available only when you configure an ATM layer-2 interface. Figure 158 Maintenance > Diagnostic > OAM Ping The following table describes the fields in this screen. Table 118 Maintenance > Diagnostic > OAM Ping LABEL DESCRIPTION Select a PVC on which you want to perform the loopback test. F4 segment Press this to perform an OAM F4 segment loopback test. F4 end-end Press this to perform an OAM F4 end-to-end loopback test.
Chapter 36 Diagnostic 270 VMG1312-B10C User’s Guide
C HAPTER 37 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • Device Access and Login • Internet Access • Wireless Internet Access • USB Device Connection • UPnP 37.1 Power, Hardware Connections, and LEDs The Device does not turn on. None of the LEDs turn on. 1 Make sure the Device is turned on.
Chapter 37 Troubleshooting 5 If the problem continues, contact the vendor. 37.2 Device Access and Login I forgot the IP address for the Device. 1 The default LAN IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Chapter 37 Troubleshooting 5 Reset the device to its factory defaults, and try to access the Device with the default IP address. See Section 1.6 on page 20. 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Make sure you have logged out of any earlier management sessions using the same user account even if they were through a different interface or using a different browser.
Chapter 37 Troubleshooting 37.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page 20. 2 Make sure you entered your ISP account information correctly in the Network Setting > Broadband screen. These fields are case-sensitive, so make sure [Caps Lock] is not on.
Chapter 37 Troubleshooting 2 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page 20. 3 Turn the Device off and on. 4 If the problem continues, contact your ISP. 37.4 Wireless Internet Access What factors may cause intermittent or unstabled wireless connection? How can I solve this problem? The following factors may cause interference: • Obstacles: walls, ceilings, furniture, and so on.
Chapter 37 Troubleshooting 37.5 USB Device Connection The Device fails to detect my USB device. 1 Disconnect the USB device. 2 Reboot the Device. 3 If you are connecting a USB hard drive that comes with an external power supply, make sure it is connected to an appropriate power source that is on. 4 Re-connect your USB device to the Device. 37.6 UPnP When using UPnP and the Device reboots, my computer cannot detect UPnP and refresh My Network Places > Local Network.
A PPENDIX A Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional websites are listed below (see also http://www.zyxel.com/ about_zyxel/zyxel_worldwide.shtml). Please have the following information ready when you contact an office. Required Information • Product model and serial number. • Warranty Information.
Appendix A Customer Support Korea • ZyXEL Korea Corp. • http://www.zyxel.kr Malaysia • ZyXEL Malaysia Sdn Bhd. • http://www.zyxel.com.my Pakistan • ZyXEL Pakistan (Pvt.) Ltd. • http://www.zyxel.com.pk Philippines • ZyXEL Philippines • http://www.zyxel.com.ph Singapore • ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.
Appendix A Customer Support Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland • ZyXEL Communications • http://www.zyxel.fi France • ZyXEL France • http://www.zyxel.fr Germany • ZyXEL Deutschland GmbH • http://www.zyxel.
Appendix A Customer Support Lithuania • ZyXEL Lithuania • http://www.zyxel.com/lt/lt/homepage.shtml Netherlands • ZyXEL Benelux • http://www.zyxel.nl Norway • ZyXEL Communications • http://www.zyxel.no Poland • ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Spain • http://www.zyxel.
Appendix A Customer Support Turkey • ZyXEL Turkey A.S. • http://www.zyxel.com.tr UK • ZyXEL Communications UK Ltd. • http://www.zyxel.co.uk Ukraine • ZyXEL Ukraine • http://www.ua.zyxel.com Latin America Argentina • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Ecuador • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Middle East Egypt • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml Middle East • ZyXEL Communication Corporation • http://www.zyxel.
Appendix A Customer Support Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.
A PPENDIX B Legal Information Copyright Copyright © 2014 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix B Legal Information Viewing Certifications Go to http://www.zyxel.com to view this product’s documentation and certifications. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in material or workmanship for a specific period (the Warranty Period) from the date of purchase. The Warranty Period varies by region.
Appendix B Legal Information [Polish] Niniejszym ZyXEL oświadcza, że sprzęt jest zgodny z zasadniczymi wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC. [Portuguese] ZyXEL declara que este equipamento está conforme com os requisitos essenciais e outras disposições da Directiva 1999/5/EC. [Slovenian] ZyXEL izjavlja, da je ta oprema v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 1999/5/EC.
Appendix B Legal Information Questo prodotto è conforme alla specifiche di Interfaccia Radio Nazionali e rispetta il Piano Nazionale di ripartizione delle frequenze in Italia. Se non viene installato all 'interno del proprio fondo, l'utilizzo di prodotti Wireless LAN richiede una “Autorizzazione Generale”. Consultare http://www.sviluppoeconomico.gov.it/ per maggiori dettagli. Latvia The outdoor usage of the 2.4 GHz band requires an authorization from the Electronic Communications Office.
Appendix B Legal Information Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately.
Appendix B Legal Information 288 VMG1312-B10C User’s Guide
Index Index A Canonical Format Indicator See CFI ACL rule 189 certificate factory default 202 ACS 245 activation firewalls 185 media server 181 SIP ALG 159 SSID 76 Address Resolution Protocol 229 administrator password 24 AH 215 algorithms 215 applications Internet access 18 media server 180 activation 181 iTunes server 180 applications, NAT 164 ARP Table 229, 231 authentication 88, 89 RADIUS server 90 Auto Configuration Server, see ACS 245 CCMs 265 certificates 201 authentication 201 CA creating 203
Index customer support 277 encapsulation 40, 216 RFC 1483 59 encryption 90 D ESP 215 Extended Service Set IDentification 68, 78 data fragment threshold 84, 88 DDoS 184 default server address 158 F Denials of Service, see DoS DH 220 FCC interference statement 283 DHCP 102, 121 File Sharing 178 Differentiated Services, see DiffServ 145 file sharing 19 Diffie-Hellman key groups 220 filters MAC address 78, 89 DiffServ 145 marking rule 145 digital IDs 201 disclaimer 283 DLNA 180 DMZ 158 DNS 102, 1
Index I IEEE 802.
Index multicast 62 Peak Cell Rate (PCR) 60 Multiple BSS, see MBSSID Per-Hop Behavior, see PHB 145 multiplexing 59 LLC-based 59 VC-based 59 PHB 145 multiprotocol encapsulation 59 Ping of Death 184 PIN, WPS 94 example 95 Point-to-Point Tunneling Protocol 164 POP3 164 N port forwarding 150 ports 20 NAT 149, 151, 161, 162 applications 164 IP alias 164 example 163 global 162 IGA 162 ILA 162 inside 162 IPSec 218 local 162 outside 162 port forwarding 150 port number 164 services 164 SIP ALG 158 activat
Index registration product 284 configuration 57, 127, 169 example 125 related documentation 2 static VLAN remote management TR-069 245 status 35 firmware version 37 LAN 37 WAN 37 wireless LAN 37 Remote Procedure Calls, see RPCs 245 reset 20, 263 restart 263 restoring configuration 262 RFC 1058. See RIP. RFC 1389. See RIP. RFC 1483 59 RFC 3164 221 RIP 129 router features 18 Routing Information Protocol.
Index tunnel mode 216 WEP 90 Two Rate Three Color Marker, see trTCM WEP Encryption 70, 72, 73 WEP encryption 70 WEP key 70 U unicast 62 Universal Plug and Play, see UPnP upgrading firmware 259 UPnP 108 cautions 103 example 109 installation 109 NAT traversal 102 USB features 19 V VID Virtual Circuit (VC) 59 Virtual Local Area Network See VLAN VLAN 61 Introduction 61 number of possible VIDs priority frame static VLAN ID 61 VLAN Identifier See VID VLAN tag 61 W Wireless Distribution System, see WDS wir