User’s Guide XMG3512-B10A Dual-Band Wireless AC/N VDSL2 Bonding Gateway with USB Default Login Details LAN IP Address Login Password Version 1.10 Edition 1, 11/2016 http://192.168.1.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a system managing a series of products. Not all products support all features. Menushots and graphics in this book may differ slightly from what you see due to differences in release versions or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
Contents Overview Contents Overview User’s Guide ......................................................................................................................................14 Introducing the XMG ............................................................................................................................ 15 The Web Configurator ......................................................................................................................... 23 Quick Start ...................
Contents Overview Diagnostic ........................................................................................................................................... 237 Troubleshooting .................................................................................................................................. 242 Appendices .....................................................................................................................................248 Index ................................
Table of Contents Table of Contents Contents Overview .............................................................................................................................3 Table of Contents .................................................................................................................................5 Part I: User’s Guide.......................................................................................... 14 Chapter 1 Introducing the XMG ....................................
Table of Contents 4.3.1 Configuring the Wireless Network Settings ......................................................................... 36 4.3.2 Using WPS ............................................................................................................................... 38 4.3.3 Without WPS ........................................................................................................................... 41 4.4 Setting Up Multiple Wireless Groups ....................................
Table of Contents 7.2.1 No Security ............................................................................................................................. 86 7.2.2 Basic (WEP Encryption) ......................................................................................................... 86 7.2.3 More Secure (WPA(2)-PSK) .................................................................................................. 87 7.3 The Guest/More AP Screen ..............................................
Table of Contents 9.2.1 Add/Edit Static Route ......................................................................................................... 125 9.3 The DNS Route Screen ................................................................................................................. 126 9.3.1 The DNS Route Add Screen ............................................................................................... 127 9.4 The Policy Route Screen .....................................................
Table of Contents 11.9.3 How NAT Works .................................................................................................................. 162 11.9.4 NAT Application ................................................................................................................ 162 Chapter 12 DNS ....................................................................................................................................................165 12.1 Overview ...............................
Table of Contents 16.3 The Protocol Screen .................................................................................................................. 183 16.3.1 Add/Edit a Service ........................................................................................................... 184 16.4 The Access Control Screen ....................................................................................................... 185 16.4.1 Add/Edit an ACL Rule ............................................
Table of Contents Chapter 22 Traffic Status .....................................................................................................................................206 22.1 Overview ..................................................................................................................................... 206 22.1.1 What You Can Do in this Chapter ................................................................................... 206 22.2 The WAN Status Screen ........................
Table of Contents 29.2 The MGMT Services Screen ....................................................................................................... 220 29.3 The Trust Domain Screen ............................................................................................................ 221 29.3.1 The Add Trust Domain Screen ......................................................................................... 221 Chapter 30 SNMP ...................................................................
Table of Contents 36.4 802.1ag ........................................................................................................................................ 238 36.5 OAM Ping .................................................................................................................................... 239 Chapter 37 Troubleshooting................................................................................................................................242 37.
P ART I User’s Guide 14
CHAPTER 1 Introducing the XMG 1.1 Overview The XMG is an ADSL/VDSL2 bonding and high-performance wireless gateway that provides ultra-speed VDSL Internet access for triple-play services and optimized HD IPTV services at home or office. This model offers a Gigabit Ethernet (GbE) WAN with an interface using Small Form Factor Pluggable (SFP), Ethernet or DSL port. The XMG offers 2.4G and 5G Wi-Fi networks that operate simultaneously, providing a simple and unified network management.
Chapter 1 Introducing the XMG 1.4.1 Internet Access Computers can connect to the XMG’s LAN ports (or wirelessly). You can also configure IP filtering on the XMG for secure Internet access. When the IP filter is on, all incoming traffic from the Internet to your network is blocked by default unless it is initiated from your network. This means that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files. 1.4.1.
Chapter 1 Introducing the XMG Figure 2 XMG’s Internet Access Application: Ethernet WAN WLAN WAN LAN Ethernet WAN 1.4.1.3 SFP If you prefer not to use the Ethernet or DSL line, your XMG also provides shared Internet access by connecting the Small Form-Factor Pluggable (SFP) transceiver. SFP is also known as Fiber Optics interface. The Gigabit Ethernet (GbE) WAN with SFP is a dual-personality design (GbE + Fiber) which enables increased bandwidth and extended coverage.
Chapter 1 Introducing the XMG Figure 4 USB File Sharing Application B A Media Server You can also use the XMG as a media server. This lets anyone on your network play video, music, and photos from a USB device (B) connected to the XMG’s USB port (without having to copy them to another computer). Figure 5 USB Media Server Application B A 1.5 LEDs (Lights) The following graphic displays the labels of the LEDs.
Chapter 1 Introducing the XMG Figure 6 LEDs on the XMG None of the LEDs are on if the XMG is not receiving power. Table 1 LED Descriptions LED COLOR STATUS DESCRIPTION Green On The XMG is receiving power and ready for use. Blinking The XMG is self-testing. On The XMG detected an error while self-testing, or there is a device malfunction. Blinking The XMG is upgrading its firmware. Off The XMG is not receiving power. On The ADSL line is up. Blinking The XMG is initializing the ADSL line.
Chapter 1 Introducing the XMG Table 1 LED Descriptions (continued) LED COLOR STATUS DESCRIPTION Green On The XMG has an IP connection but no traffic. Internet Your device has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up. Blinking The XMG is sending or receiving IP traffic. Off There is no Internet connection or the gateway is in bridged mode.
Chapter 1 Introducing the XMG 2 To set the device back to the factory default settings, press the RESET button for five seconds or until the POWER LED begins to blink and then release it. When the POWER LED begins to blink, the defaults have been restored and the device restarts. 1.7 Wireless Access The XMG is a wireless Access Point (AP) for wireless clients, such as notebook computers or PDAs and iPads. It allows them to connect to the Internet without having to rely on inconvenient Ethernet cables.
Chapter 1 Introducing the XMG 1.8 Wall Mounting You may need screw anchors if mounting on a concrete or brick wall. Table 2 Wall Mounting Information Distance between holes 90 mm M4 Screws Two Screw anchors (optional) Two 5 Select a position free of obstructions on a wall strong enough to hold the weight of the device. 6 Mark two holes on the wall at the appropriate distance apart for the screws.
CHAPTER 2 The Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy XMG setup and management via Internet browser. Use Internet Explorer 8.0 and later versions or Mozilla Firefox 3 and later versions or Safari 2.0 and later versions.* The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: • Web browser pop-up windows from your XMG.
Chapter 2 The Web Configurator Figure 10 5 The Quick Start Wizard screen appears. You can configure basic Internet access, and wireless settings. See Chapter 3 on page 30 for more information. 6 After you finished or closed the Quick Start Wizard screen, the Network Map page appears. Figure 11 7 Click Status to display the Status screen, where you can view the XMG’s interface and system information.
Chapter 2 The Web Configurator 2.2 Web Configurator Layout Figure 12 A B C As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar provides some icons in the upper right corner. The icons provide the following functions. Table 3 Web Configurator Icons in the Title Bar ICON DESCRIPTION Language: Select the language you prefer.
Chapter 2 The Web Configurator Table 3 Web Configurator Icons in the Title Bar ICON DESCRIPTION Quick Start: Click this icon to open screens where you can configure the XMG’s time zone Internet access, and wireless settings. Logout: Click this icon to log out of the web configurator. 2.2.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure XMG features. The following tables describe each menu item.
Chapter 2 The Web Configurator Table 4 Navigation Panel Summary (continued) LINK Routing QoS NAT TAB FUNCTION Static Route Use this screen to view and set up static routes on the XMG. DNS Route Use this screen to forward DNS queries for certain domain names through a specific WAN interface to its DNS server(s). Policy Route Use this screen to configure policy routing on the XMG. RIP Use this screen to configure Routing Information Protocol to exchange routing information with other routers.
Chapter 2 The Web Configurator Table 4 Navigation Panel Summary (continued) LINK TAB FUNCTION System Log Use this screen to view the status of events that occurred to the XMG. You can export or e-mail the logs. Security Log Use this screen to view all security related events. You can select level and category of the security events in their proper drop-down list window.
Chapter 2 The Web Configurator Table 4 Navigation Panel Summary (continued) LINK TAB FUNCTION Backup/Restore Backup/Restore Use this screen to backup and restore your XMG’s configuration (settings) or reset the factory default settings. Reboot Reboot Use this screen to reboot the XMG without turning the power off. Diagnostic Ping&Traceroute &Nslookup Use this screen to identify problems with the DSL connection. You can use Ping, TraceRoute, or Nslookup to help you identify problems. 802.
CHAPTER 3 Quick Start 3.1 Overview Use the Quick Start screens to configure the XMG’s time zone, basic Internet access, and wireless settings. Note: See the technical reference chapters (starting on Chapter 4 on page 33) for background information on the features in this chapter. 3.2 Quick Start Setup 1 The Quick Start Wizard appears automatically after login. Or you can click the Quick Start icon in the top right corner of the web configurator to open the quick start screens.
Chapter 3 Quick Start Figure 14 Quick Start - Internet Connection 3 Turn the wireless LAN on or off. If you keep it on, record the security settings so you can configure your wireless clients to connect to the XMG. Click Save. Figure 15 Quick Start - Wireless Setting 4 Your XMG saves your settings and attempts to connect to the Internet. Click Close to complete the setup.
Chapter 3 Quick Start Figure 16 Quick Start - Result Summary XMG3512-B10A User’s Guide 32
CHAPTER 4 Tutorials 4.1 Overview This chapter shows you how to use the XMG’s various features.
Chapter 4 Tutorials IPv6/IPv4 Mode IPv4 ATM PVC Configuration VPI/VCI 36/48 Encapsulation Mode LLC/SNAP-Bridging Service Category UBR Without PCR Account Information PPP User Name 1234@DSL-Ex.com PPP Password ABCDEF! PPPoE Service Name MyDSL Static IP Address 192.168.1.32 Others Authentication Method: AUTO PPPoE Passthrough: Disabled NAT: Enabled IGMP Multicast Proxy: Enabled Apply as Default Gateway: Enabled VLAN: Disabled 3 Select the Active check box.
Chapter 4 Tutorials 8 You should see a summary of your new DSL connection setup in the Broadband screen as follows. Try to connect to a website to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens.
Chapter 4 Tutorials 4.3 Setting Up a Secure Wireless Network Thomas wants to set up a wireless network so that he can use his notebook to access the Internet. In this wireless network, the XMG serves as an access point (AP), and the notebook is the wireless client. The wireless client can access the Internet through the AP. Thomas has to configure the wireless network settings on the XMG. Then he can set up a wireless network using WPS (Section 4.3.2 on page 38) or manual configuration (Section 4.3.
Chapter 4 Tutorials 2 Go to the Wireless > Others screen and select 802.11b/g/n Mixed in the 802.11 Mode field. Click Apply. Thomas can now use the WPS feature to establish a wireless connection between his notebook and the XMG (see Section 4.3.2 on page 38). He can also use the notebook’s wireless client to search for the XMG (see Section 4.3.3 on page 41).
Chapter 4 Tutorials 4.3.2 Using WPS This section shows you how to set up a wireless network using WPS. It uses the XMG as the AP and Zyxel NWD210N as the wireless client which connects to the notebook. Note: The wireless client must be a WPS-aware device (for example, a WPS USB adapter or PCMCIA card). There are two WPS methods to set up the wireless client settings: • Push Button Configuration (PBC) - simply press a button. This is the easier of the two methods.
Chapter 4 Tutorials The XMG sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the XMG securely. The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both XMG and wireless client.
Chapter 4 Tutorials 1 3 2 3 Enter the PIN number of the wireless client and click the Register button. Activate WPS function on the wireless client utility screen within two minutes. The XMG authenticates the wireless client and sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the XMG securely.
Chapter 4 Tutorials Example WPS Process: PIN Method Wireless Client VMG WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION 4.3.3 Without WPS Use the wireless adapter’s utility installed on the notebook to search for the “Example” SSID. Then enter the “DoNotStealMyWirelessNetwork” pre-shared key to establish an wireless Internet connection. Note: The XMG supports IEEE 802.11b and IEEE 802.11g wireless clients.
Chapter 4 Tutorials 4.4 Setting Up Multiple Wireless Groups Company A wants to create different wireless network groups for different types of users as shown in the following figure. Each group has its own SSID and security mode. Company Guest VIP • Employees in Company A will use a general Company wireless network group. • Higher management level and important visitors will use the VIP group. • Visiting guests will use the Guest group, which has a different SSID and password.
Chapter 4 Tutorials 2 Click Network Setting > Wireless > Guest/More AP to open the following screen. Click the Edit icon to configure the second wireless network group. 3 Configure the screen using the provided parameters and click OK.
Chapter 4 Tutorials 4 In the Guest/More AP screen, click the Edit icon to configure the third wireless network group.Configure the screen using the provided parameters and click Apply.
Chapter 4 Tutorials 5 Check the status of VIP and Guest in the Guest/More AP screen. The yellow bulbs signify that the SSIDs are active and ready for wireless access. 4.5 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the XMG’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings.
Chapter 4 Tutorials In the following figure, router R is connected to the XMG’s LAN. R connects to two networks, N1 (192.168.1.x/24) and N2 (192.168.10.x/24). If you want to send traffic from computer A (in N1 network) to computer B (in N2 network), the traffic is sent to the XMG’s WAN default gateway by default. In this case, B will never receive the traffic. N1 A R N2 B You need to specify a static routing rule on the XMG to specify R as the router in charge of forwarding traffic to N2.
Chapter 4 Tutorials Table 5 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS R’s N2 192.168.10.2 B 192.168.10.33 To configure a static route to route traffic from N1 to N2: 1 Log into the XMG’s Web Configurator in advanced mode. 2 Click Network Setting > Routing. 3 Click Add new Static Route in the Static Route screen. 4 Configure the Static Route Setup screen using the following settings: 4a Select the Active check box. Enter the Route Name as R. 4b Set IP Type to IPv4.
Chapter 4 Tutorials Let’s say you are a team leader of a small sales branch office. You want to prioritize e-mail traffic because your task includes sending urgent updates to clients at least twice every hour. You also upload data files (such as logs and e-mail archives) to the FTP server throughout the day. Your colleagues use the Internet for research, as well as chat applications for communicating with other branch offices.
Chapter 4 Tutorials • Priority: 1 (High) • Weight: 8 • Rate Limit: 5,000 (kbps) Tutorial: Advanced > QoS > Queue Setup 3 Click Classification Setup > Add new Classification to create a new class. Check Active and follow the settings as shown in the screen below.
Chapter 4 Tutorials Tutorial: Advanced > QoS > Class Setup Class Name Give a class name to this traffic, such as E-mail in this example. From Interface This is the interface from which the traffic will be coming from. Select LAN1 for this example. Ether Type Select IP to identify the traffic source by its IP address or MAC address. IP Address Type the IP address of your computer - 192.168.1.23. Type the IP Subnet Mask if you know it.
Chapter 4 Tutorials 4 Verify that the queue setup works by checking Network Setting > QoS > Monitor. This shows the bandwidth allotted to e-mail traffic compared to other network traffic. 4.7 Access the XMG Using DDNS If you connect your XMG to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The XMG’s WAN IP address changes dynamically. Dynamic DNS (DDNS) allows you to access the XMG using a domain name. http://zyxelrouter.dyndns.
Chapter 4 Tutorials • Select Enable Dynamic DNS. • Select www.DynDNS.com as the service provider. • Type zyxelrouter.dyndns.org in the Host Name field. • Enter the user name (UserName1) and password (12345). Click Apply. 4.7.3 Testing the DDNS Setting Now you should be able to access the XMG from the Internet. To test this: 1 Open a web browser on the computer (using the IP address a.b.c.d) that is connected to the Internet. 2 Type http://zyxelrouter.dyndns.org and press [Enter].
Chapter 4 Tutorials Thomas Josephine 1 Click Security > MAC Filter to open the MAC Filter screen. Select the Enable check box to activate MAC filter function. 2 Select Active. Then enter the host name and MAC address of Thomas’ computer in this screen. Click Apply. Thomas can also grant access to the computers of other members of his family and friends. However, Josephine and others not listed in this screen will no longer be able to access the Internet through the XMG. 4.
Chapter 4 Tutorials Note: This example uses the FileZilla FTP program to browse your shared files. 1 In FileZilla enter the IP address of the XMG (the default is 192.168.1.1), your account’s user name and password and port 21 and click Quickconnect. A screen asking for password authentication appears. File Sharing via Windows Explorer 2 Once you log in the USB device displays in the mnt folder.
P ART II Technical Reference 55
CHAPTER 5 Network Map and Status Screens 5.1 Overview After you log into the Web Configurator, the Network Map screen appears. This shows the network connection status of the XMG and clients connected to it. You can use the Status screen to look at the current status of the XMG, system resources, and interfaces (LAN, WAN, and WLAN). 5.2 The Network Map Screen Use this screen to view the network connection status of the device and its clients. A warning message appears if there is a connection problem.
Chapter 5 Network Map and Status Screens Figure 17 If you want to view information about a client, click the client’s name and Info. Click the IP address if you want to change it. If you want to change the name or icon of the client, click Change name/icon. If you prefer to view the status in a list, click List View in the Viewing mode selection box. You can configure how often you want the XMG to update this screen in Refresh interval.
Chapter 5 Network Map and Status Screens 5.3 The Status Screen Use this screen to view the status of the XMG. Click Status to open this screen. Figure 19 Each field is described in the following table. Table 6 Status Screen LABEL DESCRIPTION Refresh Interval Select how often you want the XMG to update this screen. Device Information Host Name This field displays the XMG system name. It is used for identification. Model Number This shows the model number of your XMG.
Chapter 5 Network Map and Status Screens Table 6 Status Screen (continued) LABEL DESCRIPTION Secondary DNS server This field displays the second DNS server address assigned by the ISP. DHCP This field displays whether the WAN interface is using a DHCP IP address or a static IP address. Choices are: Client - The WAN interface can obtain an IP address from a DHCP server. None - The WAN interface is using a static IP address.
Chapter 5 Network Map and Status Screens Table 6 Status Screen (continued) LABEL NAT Session Usage DESCRIPTION This field displays what percentage of the XMG supported NAT sessions are currently being used. This field also displays the number of active NAT sessions and the maximum number of NAT sessions the XMG can support. Interface Status Interface This column displays each interface the XMG has. Status This field indicates the interface’s use status.
CHAPTER 6 Broadband 6.1 Overview This chapter discusses the XMG’s Broadband screens. Use these screens to configure your XMG for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations. Figure 20 LAN and WAN WAN 6.1.
Chapter 6 Broadband Table 7 WAN Setup Overview LAYER-2 INTERFACE INTERNET CONNECTION CONNECTION DSL LINK TYPE MODE ENCAPSULATION CONNECTION SETTINGS ADSL over ATM EoA Routing PPPoE/PPPoA ATM PVC configuration, PPP information, IPv4/IPv6 IP address, routing feature, DNS server, VLAN, and MTU IPoE/IPoA ATM PVC configuration, IPv4/IPv6 IP address, routing feature, DNS server, VLAN, and MTU Bridge N/A ATM PVC configuration Routing PPPoE PPP user name and password, WAN IPv4/IPv6 IP address, r
Chapter 6 Broadband IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be written as 2001:db8:1a2b:15:0:0:1a2f:0. • Any number of consecutive blocks of zeros can be replaced by a double colon.
Chapter 6 Broadband Figure 21 IPv6 Rapid Deployment LAN - IPv6 - IPv4 WAN - IPv4 - IPv6 in IPv4 ISP (IPv4) IPv6 in IPv4 IPv6 + IPv4 BR IPv6 Internet IPv4 IPv4 Internet Dual Stack Lite Use Dual Stack Lite when local network computers use IPv4 and the ISP has an IPv6 network. When the XMG has an IPv6 WAN address and you set IPv4/IPv6 Mode to IPv6 Only, you can enable Dual Stack Lite to use IPv4 computers and services.
Chapter 6 Broadband 6.2 The Broadband Screen Use this screen to change your XMG’s Internet access settings. Click Network Setting > Broadband from the menu. The summary table shows you the configured WAN services (connections) on the XMG. Figure 23 Network Setting > Broadband The following table describes the labels in this screen. Table 8 Network Setting > Broadband LABEL DESCRIPTION Add New WAN Interface Click this button to create a new connection. # This is the index number of the entry.
Chapter 6 Broadband 6.2.1.1 Routing Mode Use Routing mode if your ISP give you one IP address only and you want multiple computers to share an Internet account. The following example screen displays when you select the ADSL/VDSL over ATM connection type, Routing mode, and IPoE encapsulation. The screen varies when you select other interface type, encapsulation, and IPv4/IPv6 mode.
Chapter 6 Broadband Table 9 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION Type Select whether it is an ADSL/VDSL over PTM, ADSL over ATM connection or Ethernet. Mode Select Routing if your ISP give you one IP address only and you want multiple computers to share an Internet account. Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box.
Chapter 6 Broadband Table 9 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DHCP option 43 Enable Static IP Address DESCRIPTION This field displays when editing an existing WAN interface. Type the vender specific information you want the XMG to add in the DHCP Offer packets. The information is used, for example, for configuring an ACS’s (Auto Configuration Server) URL.
Chapter 6 Broadband Table 9 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION 6RD The 6RD (IPv6 rapid deployment) fields display when you set the IPv6/IPv4 Mode field to IPv4 Only. See IPv6 Rapid Deployment on page 63 for more information. 6RD Select Enable to tunnel IPv6 traffic from the local network through the ISP’s IPv4 network. Select Manually Configured if you have the IPv4 address of the relay server.
Chapter 6 Broadband Table 9 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION IPv6 DNS Server This is available only when you select IPv4 IPv6 DualStack or IPv6 Only in the IPv4/IPv6 Mode field. Configure the IPv6 DNS server in the following section. Obtain IPv6 DNS Info Automatically Select Obtain IPv6 DNS Info Automatically to have the XMG get the IPv6 DNS server addresses from the ISP automatically.
Chapter 6 Broadband The following table describes the fields in this screen. Table 10 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL/VDSL over PTM -Bridge or Ethernet Mode) LABEL DESCRIPTION General Name Enter a service name of the connection. Type Select ADSL/VDSL over PTM as the interface that you want to configure. The XMG uses the VDSL technology for data transmission over the DSL port.
Chapter 6 Broadband Table 11 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL over ATM-Bridge Mode) LABEL DESCRIPTION Type Select ADSL over ATM as the interface that you want to configure. The XMG uses the ADSL technology for data transmission over the DSL port. Mode Select Bridge when your ISP provides you more than one IP address and you want the connected computers to get individual IP address from ISP’s DHCP server directly.
Chapter 6 Broadband ITU-T G.993.2 standard defines a wide range of settings for various parameters, some of which are encompassed in profiles as shown in the next table. Table 12 VDSL Profiles PROFILE BANDWIDTH (MHZ) NUMBER OF DOWNSTREAM CARRIERS CARRIER BANDWIDTH (KHZ) POWER (DBM) MAX. DOWNSTREAM THROUGHPUT (MBIT/S) 8a 8.832 2048 4.3125 17.5 50 8b 8.832 2048 4.3125 20.5 50 8c 8.5 1972 4.3125 11.5 50 8d 8.832 2048 4.3125 14.5 50 12a 12 2783 4.3125 14.
Chapter 6 Broadband The following table describes the labels in this screen. Table 13 Network Setting > Broadband > Advanced LABEL DESCRIPTION PhyR US Enable or disable PhyR US (upstream) for upstream transmission to the WAN. PhyR US should be enabled if data being transmitted upstream is sensitive to noise. However, enabling PhyR US can decrease the US line rate. Enabling or disabling PhyR will require the CPE to retrain. For PhyR to function, the DSLAM must also support PhyR and have it enabled.
Chapter 6 Broadband Table 13 Network Setting > Broadband > Advanced (continued) LABEL DESCRIPTION 8a, 8b, 8c, 8d, 12a, 12b, 17a, 30a, US0 The G.993.2 VDSL standard defines a wide range of profiles that can be used in different VDSL deployment settings, such as in a central office, a street cabinet or a building. Apply Click Apply to save your changes back to the XMG. Cancel Click Cancel to return to the previous configuration. The XMG must comply with at least one profile specified in G.993.2.
Chapter 6 Broadband 6.5 The 802.1x Screen You can view and configure the 802.1X authentication settings in the 802.1x screen. Click Network Setting > Broadband > 802.1x to display the following screen. Figure 29 Network Setting > Broadband > 802.1x The following table describes the labels in this screen. Table 15 Network Setting > Broadband > 802.1x LABEL DESCRIPTION # This is the index number of the entry. Status This field displays whether the authentication is active or not.
Chapter 6 Broadband 6.5.1 Modify 802.1X Settings Use this screen to edit 802.1X authentication settings. Click the Edit icon next to the rule you want to edit. The screen shown next appears. Figure 30 Network Setting > Broadband > 802.1x > Modify The following table describes the labels in this screen. Table 16 Network Setting > Broadband > 802.1x: Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate the authentication. Select this to enable the authentication.
Chapter 6 Broadband IP over Ethernet IP over Ethernet (IPoE) is an alternative to PPPoE. IP packets are being delivered across an Ethernet network, without using PPP encapsulation. They are routed between the Ethernet interface and the WAN interface and then formatted so that they can be understood in a bridged environment. For instance, it encapsulates routed Ethernet frames into bridged Ethernet cells. PPP over ATM (PPPoA) PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5).
Chapter 6 Broadband LLC-based Multiplexing In this case one VC carries multiple protocols with protocol identifying information being contained in each packet header. Despite the extra bandwidth and processing overhead, this method may be advantageous if it is not practical to have a separate VC for each carried protocol, for example, if charging heavily depends on the number of simultaneous VCs.
Chapter 6 Broadband continuously require a specific amount of bandwidth. A PCR is specified and if traffic exceeds this rate, cells may be dropped. Examples of connections that need CBR would be high-resolution video and voice. Variable Bit Rate (VBR) The Variable Bit Rate (VBR) ATM traffic class is used with bursty connections. Connections that use the Variable Bit Rate (VBR) traffic class can be grouped into real time (VBR-RT) or non-real time (VBR-nRT) connections.
Chapter 6 Broadband Introduction to IEEE 802.1Q Tagged VLAN A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created. The VLANs can be created statically by hand or dynamically through GVRP. The VLAN ID associates a frame with a specific VLAN and provides the information that switches need to process the frame across the network.
Chapter 6 Broadband 2 If your ISP dynamically assigns the DNS server IP addresses (along with the XMG’s WAN IP address), set the DNS server fields to get the DNS server address from the ISP. IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted.
CHAPTER 7 Wireless 7.1 Overview This chapter describes the XMG’s Network Setting > Wireless screens. Use these screens to set up your XMG’s wireless connection. 7.1.1 What You Can Do in this Chapter This section describes the XMG’s Wireless screens. Use these screens to set up your XMG’s wireless connection. • Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode (Section 7.2 on page 84).
Chapter 7 Wireless 7.2 The General Screen Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode. Note: If you are configuring the XMG from a computer connected to the wireless LAN and you change the XMG’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the XMG’s new settings. Click Network Setting > Wireless to open the General screen.
Chapter 7 Wireless The following table describes the general wireless LAN labels in this screen. Table 17 Network Setting > Wireless > General LABEL DESCRIPTION Wireless Network Setup Band This shows the wireless band which this radio profile is using. 2.4GHz is the frequency used by IEEE 802.11b/g/n wireless clients while 5GHz is used by IEEE 802.11a/ac wireless clients. Wireless You can Enable or Disable the wireless LAN in this field.
Chapter 7 Wireless 7.2.1 No Security Select No Security to allow wireless stations to communicate with the access points without any data encryption or authentication. Note: If you do not enable any wireless security on your XMG, your network is accessible to any wireless networking device that is within range. Figure 33 Wireless > General: No Security The following table describes the labels in this screen.
Chapter 7 Wireless Figure 34 Wireless > General: Basic (WEP) The following table describes the labels in this screen. Table 19 Wireless > General: Basic (WEP) LABEL DESCRIPTION Security Level Select Basic to enable WEP data encryption. Security Mode This shows WEP when you set Security Level to Basic. Generate password automatically Select this option to have the XMG automatically generate a password. The password field will not be configurable when you select this option.
Chapter 7 Wireless Click Network Setting > Wireless to display the General screen. Select More Secure as the security level. Then select WPA-PSK or WPA2-PSK from the Security Mode list. Figure 35 Wireless > General: More Secure: WPA(2)-PSK The following table describes the labels in this screen. Table 20 Wireless > General: More Secure: WPA(2)-PSK LABEL DESCRIPTION Security Level Select More Secure to enable WPA(2)-PSK data encryption.
Chapter 7 Wireless Figure 36 Network Setting > Wireless > Guest/More AP The following table describes the labels in this screen. Table 21 Network Setting > Wireless > Guest/More AP LABEL DESCRIPTION # This is the index number of the entry. Status This field indicates whether this SSID is active. A yellow bulb signifies that this SSID is active. A gray bulb signifies that this SSID is not active. SSID An SSID profile is the set of parameters relating to one of the XMG’s BSSs.
Chapter 7 Wireless Figure 37 Network Setting > Wireless > Guest/More AP > Edit The following table describes the fields in this screen. Table 22 Network Setting > Wireless > Guest/More AP > Edit LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in this field. Wireless Network Settings Wireless Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated.
Chapter 7 Wireless Table 22 Network Setting > Wireless > Guest/More AP > Edit (continued) LABEL DESCRIPTION Max. Upstream Bandwidth Specify the maximum rate for upstream wireless traffic to the WAN from this WLAN in kilobits per second (Kbps). Max. Downstream Bandwidth Specify the maximum rate for downstream wireless traffic to this WLAN from the WAN in kilobits per second (Kbps). BSSID This shows the MAC address of the wireless interface on the XMG when wireless LAN is enabled.
Chapter 7 Wireless Use this screen to view your XMG’s MAC filter settings and add new MAC filter rules. Click Network Setting > Wireless > MAC Authentication. The screen appears as shown. Figure 38 Wireless > MAC Authentication The following table describes the labels in this screen. Table 23 Wireless > MAC Authentication LABEL DESCRIPTION SSID Select the SSID for which you want to configure MAC filter settings.
Chapter 7 Wireless Note: The XMG applies the security settings of the SSID1 profile (see Section 7.2 on page 84). If you want to use the WPS feature, make sure you have set the security mode of SSID1 to WPA2-PSK or No Security. Click Network Setting > Wireless > WPS. The following screen displays. Select Enable and click Apply to activate the WPS function. Then you can configure the WPS settings in this screen.
Chapter 7 Wireless Table 24 Network Setting > Wireless > WPS (continued) LABEL DESCRIPTION Release Configuration The default WPS status is configured. Generate New PIN Number If this method has been enabled, the PIN (Personal Identification Number) of the XMG is shown here. Enter this PIN in the configuration utility of the device you want to connect to using WPS. Click this button to remove all configured wireless and wireless security settings for WPS connections on the XMG.
Chapter 7 Wireless 7.7 The Others Screen Use this screen to configure advanced wireless settings. Click Network Setting > Wireless > Others. The screen appears as shown. See Section 7.9.2 on page 99 for detailed definitions of the terms listed in this screen. Figure 41 Network Setting > Wireless > Others The following table describes the labels in this screen.
Chapter 7 Wireless Table 26 Network Setting > Wireless > Others (continued) LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the XMG. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the XMG. Select 802.11n Only to allow only IEEE 802.11n compliant WLAN devices to associate with the XMG. Select 802.11b/g Mixed to allow either IEEE 802.11b or IEEE 802.
Chapter 7 Wireless Figure 42 Network Setting > Wireless > Channel Status 7.9 Technical Reference This section discusses wireless LANs in depth. For more information, see Appendix B on page 255. 7.9.1 Wireless Network Overview Wireless networks consist of wireless clients, access points and bridges. • A wireless client is a radio connected to a user’s computer.
Chapter 7 Wireless The following figure provides an example of a wireless network. Figure 43 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your XMG is the AP. Every wireless network must follow these basic guidelines. • Every device in the same wireless network must use the same SSID.
Chapter 7 Wireless 7.9.2 Additional Wireless Terms The following table describes some wireless network terms and acronyms used in the XMG’s Web Configurator. Table 27 Additional Wireless Terms TERM DESCRIPTION RTS/CTS Threshold In a wireless network which covers a large area, wireless devices are sometimes not aware of each other’s presence. This may cause them to send information to the AP at the same time and result in information colliding and not getting through.
Chapter 7 Wireless Vanishing Point (which you know was made in 1971) you could use “70dodchal71vanpoi” as your security key. The following sections introduce different types of wireless security you can set up in the wireless network. 7.9.3.1 SSID Normally, the XMG acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the XMG does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess.
Chapter 7 Wireless 7.9.3.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of authentication. (See Section 7.9.3.3 on page 100 for information about this.
Chapter 7 Wireless 7.9.5 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS traffic blocking is disabled, wireless station A and B can access the wired network and communicate with each other.
Chapter 7 Wireless 7.9.7 Preamble Type Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet. Short preamble increases performance as less time sending preamble means more time for sending data. All IEEE 802.11 compliant wireless adapters support long preamble, but not all support short preamble.
Chapter 7 Wireless 4 Within two minutes, press the button on the other device. The registrar sends the network name (SSID) and security key through an secure connection to the enrollee. If you need to make sure that WPS worked, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. 7.9.8.2 PIN Configuration Each WPS-enabled device has its own PIN (Personal Identification Number).
Chapter 7 Wireless Figure 45 Example WPS Process: PIN Method ENROLLEE REGISTRAR WPS This device’s WPS PIN: 123456 WPS Enter WPS PIN from other device: WPS WPS START START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION 7.9.8.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role.
Chapter 7 Wireless Figure 46 How WPS works ACTIVATE WPS ACTIVATE WPS WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The next time you use WPS, a different device can be the registrar if necessary. The WPS connection process is like a handshake; only two devices participate in each WPS transaction.
Chapter 7 Wireless Figure 47 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO AP1 CLIENT 1 In step 2, you add another wireless client to the network. You know that Client 1 supports registrar mode, but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network. In this case, AP1 must be the registrar, since it is configured (it already has security information for the network).
Chapter 7 Wireless Figure 49 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 IS EX O GC TIN ION CT E NN AP1 REGISTRAR CLIENT 2 SE CU RIT Y ENROLLEE INF O AP2 7.9.8.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate). It does not work in Ad-Hoc networks (where there is no AP). • When you use WPS, it works between two devices only.
Chapter 7 Wireless point is the WPS registrar, the enrollee, or was not involved in the WPS handshake; a rogue device must still associate with the access point to gain access to the network. Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP.
CHAPTER 8 Home Networking 8.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses. LAN DSL 8.1.1 What You Can Do in this Chapter • Use the LAN Setup screen to set the LAN IP address, subnet mask, and DHCP settings of your XMG (Section 8.2 on page 112).
Chapter 8 Home Networking 8.1.2 What You Need To Know 8.1.2.1 About LAN IP Address IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet Mask Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Chapter 8 Home Networking • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the for more information on NAT. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments.
Chapter 8 Home Networking 3 Click Apply to save your settings.
Chapter 8 Home Networking The following table describes the fields in this screen. Table 29 Network Setting > Home Networking > LAN Setup LABEL DESCRIPTION Interface Group Group Name Select the interface group name for which you want to configure LAN settings. See Chapter 14 on page 171 for how to create a new interface group. LAN IP Setup IP Address Enter the LAN IPv4 address you want to assign to your XMG in dotted decimal notation, for example, 192.168.1.1 (factory default).
Chapter 8 Home Networking Table 29 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION LAN IPv6 Mode Setup IPv6 Active Select Enable to activate the IPv6 mode and configure IPv6 settings on the XMG. Link Local Address Type EUI64 Select this to have the XMG generate an interface ID for the LAN interface’s link-local address using the EUI-64 format. Manual Select this to manually enter an interface ID for the LAN interface’s link-local address.
Chapter 8 Home Networking Table 29 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION DNS Query Scenario Select how the XMG handles clients’ DNS information requests. • • • • • IPv4/IPv6 DNS Server: The XMG forwards the requests to both the IPv4 and IPv6 DNS servers and sends clients the first DNS information it receives. IPv6 DNS Server Only: The XMG forwards the requests to the IPv6 DNS server and sends clients the DNS information it receives.
Chapter 8 Home Networking If you click Static DHCP Configuration in the Static DHCP screen or the Edit icon next to a static DHCP entry, the following screen displays. Figure 52 Static DHCP: Static DHCP Configuration/Edit The following table describes the labels in this screen. Table 31 Static DHCP: Static DHCP Configuration/Edit LABEL DESCRIPTION Active Select Enable to activate the connection between the client and the XMG.
Chapter 8 Home Networking Use the following screen to configure the UPnP settings on your XMG. Click Network Setting > Home Networking > UPnP to display the screen shown next. Figure 53 Network Setting > Home Networking > UPnP The following table describes the labels in this screen. Table 32 Network Setting > Home Networking > UPnP LABEL DESCRIPTION UPnP State UPnP Select Enable to activate UPnP.
Chapter 8 Home Networking 2 Click Change Advanced Sharing Settings. 3 Select Turn on network discovery and click Save Changes. Network discovery allows your computer to find other computers and devices on the network and other computers on the network to find your computer. This makes it easier to share files and printers.
Chapter 8 Home Networking 8.5 The Additional Subnet Screen Use the Additional Subnet screen to configure IP alias and public static IP. IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The XMG supports multiple logical LAN interfaces via its physical Ethernet interface with the XMG itself as the gateway for the LAN network.
Chapter 8 Home Networking Table 33 Network Setting > Home Networking > Additional Subnet (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 8.6 The STB Vendor ID Screen Set Top Box (STB) devices with dynamic IP addresses sometimes don’t renew their IP addresses before the lease time expires. This could lead to IP address conflicts if the STB continues to use an IP address that gets assigned to another device.
Chapter 8 Home Networking The following table describes the labels in this screen. Table 35 Network Setting > Home Networking > Wake on LAN LABEL DESCRIPTION Wake by Address Select Manual and enter the IP address or MAC address of the device to turn it on remotely. The drop-down list also lists the IP addresses that can be found in the XMG’s ARP table. Select an IP address and it will then automatically update the IP address and MAC address in the following fields.
Chapter 8 Home Networking Figure 58 LAN and WAN IP Addresses LAN WAN 8.9.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the XMG as a DHCP server or disable it. When configured as a server, the XMG provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.
CHAPTER 9 Routing 9.1 Overview The XMG usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the XMG send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the XMG’s LAN interface. The XMG routes most traffic from A to the Internet through the XMG’s default gateway (R1). You create one static route to connect to services offered by your ISP behind router R2.
Chapter 9 Routing The following table describes the labels in this screen. Table 37 Network Setting > Routing > Static Route LABEL DESCRIPTION Add new static route Click this to configure a new static route. # This is the index number of the entry. Status This field displays whether the static route is active or not. A yellow bulb signifies that this route is active. A gray bulb signifies that this route is not active. Name This is the name that describes or identifies this route.
Chapter 9 Routing The following table describes the labels in this screen. Table 38 Routing: Add/Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Select Enable to activate the static route. Select Disable to deactivate this static route without having to delete the entry. Route Name Enter a descriptive name for the static route. IP Type Select whether your IP type is IPv4 or IPv6.
Chapter 9 Routing Table 39 Network Setting > Routing > DNS Route (continued) LABEL DESCRIPTION Subnet Mask This is the subnet mask of the DNS route entry. Modify Click the Edit icon to modify the DNS route. Click the Delete icon to delete the DNS route. 9.3.1 The DNS Route Add Screen You can manually add the XMG’s DNS route entry. Click Add New DNS Route in the Network Setting > Routing > DNS Route screen. The screen shown next appears.
Chapter 9 Routing The Policy Route screen let you view and configure routing policies on the XMG. Click Network Setting > Routing > Policy Route to open the following screen. Figure 64 Network Setting > Routing > Policy Route The following table describes the labels in this screen. Table 41 Network Setting > Routing >Policy Route LABEL DESCRIPTION Add New Policy Route Click this to create a new policy forwarding rule. # This is the index number of the entry.
Chapter 9 Routing 9.4.1 Add/Edit Policy Route Click Add New Policy Route in the Policy Route screen or click the Edit icon next to a policy. Use this screen to configure the required information for a policy route. Figure 65 Policy Route: Add/Edit The following table describes the labels in this screen. Table 42 Policy Route: Add/Edit LABEL DESCRIPTION Active Select to enable or disable this policy route.
Chapter 9 Routing 9.5.1 The RIP Screen Click Network Setting > Routing > RIP to open the RIP screen. Figure 66 RIP The following table describes the labels in this screen. Table 43 RIP LABEL DESCRIPTION # This is the index of the interface in which the RIP setting is used. Interface This is the name of the interface in which the RIP setting is used.
C H A P T E R 10 Quality of Service (QoS) 10.1 Overview Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested. This can cause a reduction in network performance and make the network inadequate for time-critical application such as video-on-demand.
Chapter 10 Quality of Service (QoS) 10.2 What You Need to Know The following terms and concepts may help as you read through this chapter. QoS versus Cos QoS is used to prioritize source-to-destination traffic flows. All packets in the same flow are given the same priority. CoS (class of service) is a way of managing traffic in a network by grouping similar types of traffic together and treating each type as a class. You can use CoS to give different priorities to different packet types.
Chapter 10 Quality of Service (QoS) Traffic Policing Traffic policing is the limiting of the input or output transmission rate of a class of traffic on the basis of user-defined criteria. Traffic policing methods measure traffic flows against user-defined criteria and identify it as either conforming, exceeding or violating the criteria.
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 44 Network Setting > QoS > General LABEL DESCRIPTION QoS Select the Enable check box to turn on QoS to improve your network performance. WAN Managed Upstream Bandwidth Enter the amount of upstream bandwidth for the WAN interfaces that you want to allocate using QoS. The recommendation is to set this speed to match the interfaces’ actual transmission speed.
Chapter 10 Quality of Service (QoS) Figure 68 Network Setting > QoS > Queue Setup The following table describes the labels in this screen. Table 45 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Add New Queue Click this button to create a new queue entry. # This is the index number of the entry. Status This field displays whether the queue is active or not. A yellow bulb signifies that this queue is active. A gray bulb signifies that this queue is not active.
Chapter 10 Quality of Service (QoS) 10.4.1 Adding a QoS Queue Click Add New Queue or the edit icon in the Queue Setup screen to configure a queue. Figure 69 Queue Setup: Add The following table describes the labels in this screen. Table 46 Queue Setup: Add LABEL DESCRIPTION Active Select to enable or disable this queue. Name Enter the descriptive name of this queue. Interface Select the interface to which this queue is applied. This field is read-only if you are editing the queue.
Chapter 10 Quality of Service (QoS) 10.5 The Classification Setup Screen Use this screen to add, edit or delete QoS classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming interface. For example, you can configure a classifier to select traffic from the same protocol port (such as Telnet) to form a flow.
Chapter 10 Quality of Service (QoS) Figure 71 Classification Setup: Add/Edit XMG3512-B10A User’s Guide 138
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 48 Classification Setup: Add/Edit LABEL DESCRIPTION Step1: Class Configuration Active Select to enable or disable this classifier. Class Name Enter a descriptive name of up to 15 printable English keyboard characters, not including spaces. Classification Order Select an existing number for where you want to put this classifier to move the classifier to the number you selected after clicking Apply.
Chapter 10 Quality of Service (QoS) Table 48 Classification Setup: Add/Edit (continued) LABEL Service DESCRIPTION This field is available only when you select IP in the Ether Type field. This field simplifies classifier configuration by allowing you to select a predefined application. When you select a predefined application, you do not configure the rest of the filter fields. IP Protocol This field is available only when you select IP in the Ether Type field.
Chapter 10 Quality of Service (QoS) Table 48 Classification Setup: Add/Edit (continued) LABEL DESCRIPTION Step4: Class Routing Forward to Interface Select a WAN interface through which traffic of this class will be forwarded out. If you select Unchange, the XMG forward traffic of this class according to the default routing table. Step5: Outgoing Queue Selection To Queue Index Select a queue that applies to this class. You should have configured a queue in the Queue Setup screen already.
Chapter 10 Quality of Service (QoS) 10.6.1 Add/Edit a QoS Shaper Click Add New Shaper in the Shaper Setup screen or the Edit icon next to a shaper to show the following screen. Figure 73 Shaper Setup: Add/Edit The following table describes the labels in this screen. Table 50 Shaper Setup: Add/Edit LABEL DESCRIPTION Active Select to enable or disable this shaper.
Chapter 10 Quality of Service (QoS) Table 51 Network Setting > QoS > Policer Setup (continued) LABEL DESCRIPTION Status This field displays whether the policer is active or not. A yellow bulb signifies that this policer is active. A gray bulb signifies that this policer is not active. Name This field displays the descriptive name of this policer.
Chapter 10 Quality of Service (QoS) Table 52 Policer Setup: Add/Edit LABEL DESCRIPTION Meter Type This shows the traffic metering algorithm used in this policer. The Simple Token Bucket algorithm uses tokens in a bucket to control when traffic can be transmitted. Each token represents one byte. The algorithm allows bursts of up to b bytes which is also the bucket size.
Chapter 10 Quality of Service (QoS) IEEE 802.1p specifies the user priority field and defines up to eight separate traffic types. The following table describes the traffic types defined in the IEEE 802.1d standard (which incorporates the 802.1p). Table 53 IEEE 802.1p Priority Level and Traffic Type PRIORITY LEVEL TRAFFIC TYPE Level 7 Typically used for network control traffic such as router configuration messages.
Chapter 10 Quality of Service (QoS) IP Precedence Similar to IEEE 802.1p prioritization at layer-2, you can use IP precedence to prioritize packets in a layer-3 network. IP precedence uses three bits of the eight-bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest.
Chapter 10 Quality of Service (QoS) Token Bucket The token bucket algorithm uses tokens in a bucket to control when traffic can be transmitted. The bucket stores tokens, each of which represents one byte. The algorithm allows bursts of up to b bytes which is also the bucket size, so the bucket can hold up to b tokens. Tokens are generated and added into the bucket at a constant rate.
Chapter 10 Quality of Service (QoS) • If there are not enough tokens in the CBS bucket, the XMG checks the EBS bucket. The packet is marked yellow if there are sufficient tokens in the EBS bucket. Otherwise, the packet is marked red. No tokens are removed if the packet is dropped.
C H A P T E R 11 Network Address Translation (NAT) 11.1 Overview This chapter discusses how to configure NAT on the XMG. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 11.1.
Chapter 11 Network Address Translation (NAT) NAT In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Chapter 11 Network Address Translation (NAT) Figure 76 Multiple Servers Behind NAT Example A=192.168.1.33 WAN LAN B=192.168.1.34 192.168.1.1 IP Address assigned by ISP C=192.168.1.3 D=192.168.1.36 Click Network Setting > NAT > Port Forwarding to open the following screen. See Appendix C on page 268 for port numbers commonly used for particular services. Figure 77 Network Setting > NAT > Port Forwarding The following table describes the fields in this screen.
Chapter 11 Network Address Translation (NAT) 11.2.1 Add/Edit Port Forwarding Click Add New Rule in the Port Forwarding screen or click the Edit icon next to an existing rule to open the following screen. Figure 78 Port Forwarding: Add/Edit The following table describes the labels in this screen. Table 56 Port Forwarding: Add/Edit LABEL DESCRIPTION Active Select to enable or disable the rule. Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on).
Chapter 11 Network Address Translation (NAT) Table 56 Port Forwarding: Add/Edit (continued) LABEL DESCRIPTION End Port Enter the last port of the original destination port range. To forward only one port, enter the port number in the Start Port field above and then enter it again in this field. To forward a series of ports, enter the last port number in a series that begins with the port number in the Start Port field above.
Chapter 11 Network Address Translation (NAT) Table 57 Network Setting > NAT > Applications (continued) LABEL DESCRIPTION Server IP Address This field displays the destination IP address for the service. Modify Click the Delete icon to delete the rule. 11.3.1 Add New Application This screen lets you create new NAT application rules. Click Add New Application in the Applications screen to open the following screen.
Chapter 11 Network Address Translation (NAT) from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address.
Chapter 11 Network Address Translation (NAT) The following table describes the labels in this screen. Table 59 Network Setting > NAT > Port Triggering LABEL DESCRIPTION Add New Rule Click this to create a new rule. # This is the index number of the entry. Status This field displays whether the port triggering rule is active or not. A yellow bulb signifies that this rule is active. A gray bulb signifies that this rule is not active.
Chapter 11 Network Address Translation (NAT) The following table describes the labels in this screen. Table 60 Port Triggering: Configuration Add/Edit LABEL DESCRIPTION Active Select to enable or disable this rule. Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on). WAN Interface Select a WAN interface for which you want to configure port triggering rules.
Chapter 11 Network Address Translation (NAT) 11.6 The ALG Screen Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream. When the XMG registers with the SIP register server, the SIP ALG translates the XMG’s private IP address inside the SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your XMG is behind a SIP ALG.
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 63 Network Setting > NAT > Address Mapping LABEL DESCRIPTION Add new rule Click this to create a new rule. Set This is the index number of the address mapping set. Local Start IP This is the starting Inside Local IP Address (ILA). Local End IP This is the ending Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 64 Address Mapping: Add/Edit LABEL DESCRIPTION Rule Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on). Type Choose the IP/port mapping type from one of the following. One-to-One: This mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type.
Chapter 11 Network Address Translation (NAT) 11.9 Technical Reference This part contains more information regarding NAT. 11.9.1 NAT Definitions Inside/outside denotes where a host is located relative to the XMG, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Chapter 11 Network Address Translation (NAT) 11.9.3 How NAT Works Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN.
Chapter 11 Network Address Translation (NAT) Figure 90 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also refer to the Supporting CD for more examples and details on port forwarding and NAT.
Chapter 11 Network Address Translation (NAT) example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 91 Multiple Servers Behind NAT Example A=192.168.1.33 192.168.1.1 B=192.168.1.34 IP address assigned by ISP C=192.168.1.35 D=192.168.1.
C H A P T E R 12 DNS 12.1 Overview DNS DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list.
Chapter 12 DNS If you have a private WAN IP address, then you cannot use Dynamic DNS. 12.2 The DNS Entry Screen Use this screen to view and configure DNS routes on the XMG. Click Network Setting > DNS to open the DNS Entry screen. Figure 92 Network Setting > DNS > DNS Entry The following table describes the fields in this screen. Table 68 Network Setting > DNS > DNS Entry LABEL DESCRIPTION Add New DNS Entry Click this to create a new DNS entry. # This is the index number of the entry.
Chapter 12 DNS The following table describes the labels in this screen. Table 69 DNS Entry: Add/Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry. IPv4 Address Enter the IPv4 address of the DNS entry. OK Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. 12.3 The Dynamic DNS Screen Use this screen to change your XMG’s DDNS. Click Network Setting > DNS > Dynamic DNS. The screen appears as shown.
Chapter 12 DNS Table 70 Network Setting > DNS > > Dynamic DNS (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
C H A P T E R 13 VLAN Group 13.1 Overview Virtual LAN IDs are used to identify different traffic types over the same physical link. In the following example, the XMG (DSL) can use VLAN IDs (VID) 100 and 200 to identify Video-onDemand and IPTV traffic respectively coming from the two VoD and IPTV multicast servers. The XMG (DSL) can also tag outgoing requests to these servers with these VLAN IDs. Figure 95 VLAN Group Example 13.1.
Chapter 13 VLAN Group Table 71 Network Setting > Vlan Group (continued) LABEL DESCRIPTION Group Name This shows the descriptive name of the VLAN group. VLAN ID This shows the unique ID number that identifies the VLAN group. Interfaces This shows the LAN ports included in the VLAN group and if traffic leaving the port will be tagged with the VLAN ID. Modify Click the Edit icon to change an existing VLAN group setting or click the Delete icon to remove the VLAN group. 13.2.
C H A P T E R 14 Interface Grouping 14.1 Overview By default, all LAN and WAN interfaces on the XMG are in the same group and can communicate with each other. Create interface groups to have the XMG assign the IP addresses in different domains to different groups. Each group acts as an independent network on the XMG. This lets devices connected to an interface group’s LAN interfaces communicate through the interface group’s WAN or LAN interfaces but not other WAN or LAN interfaces. 14.1.
Chapter 14 Interface Grouping Click Network Setting > Interface Grouping to open the following screen. Figure 99 Network Setting > Interface Grouping The following table describes the fields in this screen. Table 73 Network Setting > Interface Grouping LABEL DESCRIPTION Add New Interface Group Click this button to create a new interface group. Group Name This shows the descriptive name of the group. WAN Interface This shows the WAN interfaces in the group.
Chapter 14 Interface Grouping Figure 100 Interface Group Configuration The following table describes the fields in this screen. Table 74 Interface Group Configuration LABEL DESCRIPTION Group Name Enter a name to identify this group. You can enter up to 30 characters. You can use letters, numbers, hyphens (-) and underscores (_). Spaces are not allowed. WAN Interfaces used in the grouping Select the WAN interface this group uses.
Chapter 14 Interface Grouping Table 74 Interface Group Configuration (continued) LABEL DESCRIPTION Automatically Add Clients With the following DHCP Vendor IDs Click Add to identify LAN hosts to add to the interface group by criteria such as the type of the hardware or firmware. See Section 14.2.2 on page 174 for more information. # This shows the index number of the rule. Filter Criteria This shows the filtering criteria.
Chapter 14 Interface Grouping Table 75 Interface Grouping Criteria (continued) LABEL DESCRIPTION Enterprise Number Enter the vendor’s 32-bit enterprise number registered with the IANA (Internet Assigned Numbers Authority). Manufactur er OUI Specify the vendor’s OUI (Organization Unique Identifier). It is usually the first three bytes of the MAC address. Serial Number Enter the serial number of the device. Product Class Enter the product class of the device.
C H A P T E R 15 USB Service 15.1 Overview You can share files on a USB memory stick or hard drive connected to your XMG with users on your network. The following figure is an overview of the XMG’s file server feature. Computers A and B can access files on a USB device (C) which is connected to the XMG. Figure 102 File Sharing Overview B C A The XMG will not be able to join the workgroup if your local area network has restrictions set up that do not allow devices to join a workgroup.
Chapter 15 USB Service 15.1.2.1 About File Sharing Workgroup name This is the name given to a set of computers that are connected on a network and share resources such as a printer or files. Windows automatically assigns the workgroup name when you set up a network. Shares When settings are set to default, each USB device connected to the XMG is given a folder, called a “share”. If a USB hard drive connected to the XMG has more than one partition, then each partition will be allocated a share.
Chapter 15 USB Service Figure 103 Network Setting > USB Service > File Sharing Each field is described in the following table. Table 76 Network Setting > USB Service > File Sharing LABEL DESCRIPTION Information Volume This is the volume name the XMG gives to an inserted USB device. Capacity This is the total available memory size (in megabytes) on the USB device. Used Space This is the memory size (in megabytes) already used on the USB device.
Chapter 15 USB Service Figure 104 Network Setting > USB Service > File Sharing > Add new user Each field is described in the following table. Table 77 Network Setting > USB Service > File Sharing > Add new user LABEL DESCRIPTION User Name Enter a user name. You can enter up to 16 characters. Only letters and numbers allowed. New Password Enter the password used to access the secured share. The password must be 5 to 15 characters long. Only letters and numbers are allowed.
Chapter 15 USB Service Figure 105 Network Setting > USB Service > Media Server The following table describes the labels in this menu. Table 78 Network Setting > USB Service > Media Server LABEL DESCRIPTION Media Server Select Enable to have the XMG function as a DLNA-compliant media server. Enable the media server to let (DLNA-compliant) media clients on your network play media files located in the shares. Interface Select an interface on which you want to enable the media server function.
C H A P T E R 16 Firewall 16.1 Overview This chapter shows you how to enable and configure the XMG’s security settings. Use the firewall to protect your XMG and network from attacks by hackers on the Internet and control access to it. By default the firewall: • allows traffic that originates from your LAN computers to go to all other networks. • blocks traffic that originates on other networks from going to the LAN. The following figure illustrates the default firewall action.
Chapter 16 Firewall 16.1.2 What You Need to Know SYN Attack A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYNACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYN-ACKs are moved off the queue only when an ACK comes back or when an internal timer terminates the three-way handshake.
Chapter 16 Firewall Figure 107 Security > Firewall > General The following table describes the labels in this screen. Table 79 Security > Firewall > General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the XMG. Low Select Low to allow LAN to WAN and WAN to LAN packet directions. Medium Select Medium to allow LAN to WAN but deny WAN to LAN packet directions. High Select High to deny LAN to WAN and WAN to LAN packet directions.
Chapter 16 Firewall The following table describes the labels in this screen. Table 80 Security > Firewall > Protocol LABEL DESCRIPTION Add New Protocol Entry Click this to add a new service. Name This is the name of your customized service. Description This is the description of your customized service. Ports/Protocol Number This shows the IP protocol (TCP, UDP, ICMP, or TCP/UDP) and the port number or range of ports that defines your customized service.
Chapter 16 Firewall Table 81 Security > Firewall > Protocol: Add/Edit (continued) LABEL DESCRIPTION ICMPv6 Type This field is displayed if you select ICMPv6 as the protocol. Enter the type value for the ICMPv6 messages. OK Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. 16.4 The Access Control Screen Click Security > Firewall > Access Control to display the following screen. This screen displays a list of the configured incoming or outgoing filtering rules.
Chapter 16 Firewall Figure 111 Access Control: Add/Edit The following table describes the labels in this screen. Table 83 Access Control: Add/Edit LABEL DESCRIPTION Filter Name Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes. You must enter the filter name to add an ACL rule. This field is read-only if you are editing the ACL rule. Order Select the order of the ACL rule.
Chapter 16 Firewall Table 83 Access Control: Add/Edit (continued) LABEL DESCRIPTION Custom Source Port This field is displayed only when you select Specific Protocol in Select Protocol. Custom Destination Port This field is displayed only when you select Specific Protocol in Select Protocol.
C H A P T E R 17 MAC Filter 17.1 Overview You can configure the XMG to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. 17.
Chapter 17 MAC Filter The following table describes the labels in this screen. Table 85 Security > MAC Filter LABEL DESCRIPTION MAC Address Filter Select Enable to activate the MAC filter function. MAC Restrict Mode Select Allow to only permit the listed MAC addresses access to the XMG. Select Deny to permit anyone access to the XMG except the listed MAC addresses. Set This is the index number of the MAC address. Active Select Active to enable the MAC filter rule. .
C H A P T E R 18 Parental Control 18.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the XMG performs parental control on a specific user. 18.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules. Click Security > Parental Control to open the following screen. Figure 114 Security > Parental Control The following table describes the fields in this screen.
Chapter 18 Parental Control Table 86 Security > Parental Control (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Delete icon to delete an existing rule. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 18.2.1 Add/Edit a Parental Control Profile Click Add New PCP in the Parental Control screen to add a new rule or click the Edit icon next to an existing rule to edit it.
Chapter 18 Parental Control The following table describes the fields in this screen. Table 87 Parental Control Rule: Add/Edit LABEL DESCRIPTION General Active Select to enable or disable this parental control rule. Parental Control Profile Name Enter a descriptive name for the rule. Home Network User Select the LAN user that you want to apply this rule to from the drop-down list box. If you select Custom, enter the LAN user’s MAC address. If you select All, the rule applies to all LAN users.
Chapter 18 Parental Control Table 87 Parental Control Rule: Add/Edit (continued) LABEL DESCRIPTION Redirect blocked site to Zyxel Family Safety page Select this to redirect users who access any blocked websites listed above to the Zyxel Family Safety page as shown next. OK Click OK to save your changes. Cancel Click Cancel to to exit this screen without saving.
Chapter 18 Parental Control Table 88 Parental Control Rule: Add/Edit Rule > Add New Service LABEL DESCRIPTION OK Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. Click Security > Parental Control > Add/Edit Rule > Add Keyword to open the following screen. Figure 118 Parental Control Rule: Add/Edit Rule > Add Keyword The following table describes the fields in this screen.
C H A P T E R 19 Scheduler Rule 19.1 Overview You can define time periods and days during which the XMG performs scheduled rules of certain features (such as Firewall Access Control) in the Scheduler Rule screen. 19.2 The Scheduler Rule Screen Use this screen to view, add, or edit time schedule rules. Click Security > Scheduler Rule to open the following screen. Figure 119 Security > Scheduler Rule The following table describes the fields in this screen.
Chapter 19 Scheduler Rule Figure 120 Scheduler Rule: Add/Edit The following table describes the fields in this screen. Table 91 Scheduler Rule: Add/Edit LABEL DESCRIPTION Rule Name Enter a name (up to 31 printable English keyboard characters, not including spaces) for this schedule. Day Select check boxes for the days that you want the XMG to perform this scheduler rule. Time of Day Range Enter the time period of each day, in 24-hour format, during which the rule will be enforced.
CHAPTER 20 Certificates 20.1 Overview The XMG can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 20.1.1 What You Can Do in this Chapter • Use the Local Certificates screen to generate certification requests and import the XMG's CA-signed certificates (Section 20.4 on page 200).
Chapter 20 Certificates The following table describes the labels in this screen. Table 92 Security > Certificates > Local Certificates LABEL DESCRIPTION Private Key is protected by a password Select the checkbox and enter the private key into the text box to store it on the XMG. The private key should not exceed 63 ASCII characters (not including spaces). Choose File Click this to find the certificate file you want to upload.
Chapter 20 Certificates The following table describes the labels in this screen. Table 93 Create Certificate Request LABEL DESCRIPTION Certificate Name Type up to 63 ASCII characters (not including spaces) to identify this certificate. Common Name Select Auto to have the XMG configure this field automatically. Or select Customize to enter it manually. Type the IP address (in dotted decimal notation), domain name or e-mail address in the field provided.
Chapter 20 Certificates Note: You must remove any spaces from the certificate’s filename before you can import it. Figure 124 Load Signed Certificate The following table describes the labels in this screen. Table 94 Load Signed Certificate LABEL DESCRIPTION Certificate Name This is the name of the signed certificate. Certificate Copy and paste the signed certificate into the text box to store it on the XMG. Apply Click Apply to save your changes.