VMG4825-B10A Wireless N VDSL2 IAD with USB Version 5.11 Edition 1, 05/2016 Quick Start Guide User’s Guide Default Login Details LAN IP Address Login http://192.168.1.1 www.zyxel.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate. Related Documentation • Quick Start Guide The Quick Start Guide shows how to connect the VMG and access the Web Configurator. • More Information Go to support.zyxel.
Contents Overview Contents Overview User’s Guide .......................................................................................................................................14 Introducing the VMG ...............................................................................................................................15 The Web Configurator .............................................................................................................................22 Quick Start .............
Contents Overview Diagnostic .............................................................................................................................................241 Troubleshooting ....................................................................................................................................246 Appendices ......................................................................................................................................
Table of Contents Table of Contents Contents Overview ..............................................................................................................................3 Table of Contents .................................................................................................................................5 Part I: User’s Guide ......................................................................................... 14 Chapter 1 Introducing the VMG ...................................
Table of Contents 4.3.2 Using WPS ..............................................................................................................................37 4.3.3 Without WPS ...........................................................................................................................41 4.4 Setting Up Multiple Wireless Groups ................................................................................................42 4.5 Configuring Static Route for Routing to Another Network .....
Table of Contents 7.2.2 Basic (WEP Encryption) ..........................................................................................................87 7.2.3 More Secure (WPA(2)-PSK) ....................................................................................................88 7.3 The Guest/More AP Screen ..............................................................................................................90 7.3.1 Edit Guest/More AP ......................................................
Table of Contents 9.2.1 Add/Edit Static Route .............................................................................................................128 9.3 The DNS Route Screen ..................................................................................................................129 9.3.1 The DNS Route Add Screen .................................................................................................130 9.4 The Policy Route Screen .................................................
Table of Contents 11.9.3 How NAT Works ...................................................................................................................165 11.9.4 NAT Application ...................................................................................................................165 Chapter 12 Dynamic DNS Setup .........................................................................................................................168 12.1 Overview ..........................................
Table of Contents 16.3 The Protocol Screen ....................................................................................................................186 16.3.1 Add/Edit a Service ..............................................................................................................187 16.4 The Access Control Screen ..........................................................................................................188 16.4.1 Add/Edit an ACL Rule .......................................
Table of Contents Chapter 22 Traffic Status ....................................................................................................................................209 22.1 Overview .......................................................................................................................................209 22.1.1 What You Can Do in this Chapter ........................................................................................209 22.2 The WAN Status Screen ....................
Table of Contents 29.2 The MGMT Services Screen .........................................................................................................224 29.3 The Trust Domain Screen .............................................................................................................225 29.3.1 The Add Trust Domain Screen ............................................................................................225 Chapter 30 SNMP ................................................................
Table of Contents 36.4 802.1ag .........................................................................................................................................242 36.5 OAM Ping ......................................................................................................................................243 Chapter 37 Troubleshooting................................................................................................................................246 37.
P ART I User’s Guide 14
C HAPT ER 1 Introducing the VMG 1.1 Overview The VMG is a wireless VDSL router and Gigabit Ethernet gateway. It has a DSL port and a Gigabit Ethernet port for super-fast Internet access. The VMG supports both Packet Transfer Mode (PTM) and Asynchronous Transfer Mode (ATM). It is backward compatible with ADSL, ADSL2 and ADSL2+ in case VDSL is not available. Only use firmware for your VMG’s specific model. Refer to the label on the bottom of your VMG.
Chapter 1 Introducing the VMG 1.4 Applications for the VMG Here are some example uses for which the VMG is well suited. 1.4.1 Internet Access Computers can connect to the VMG’s LAN ports (or wirelessly). You can also configure IP filtering on the VMG for secure Internet access. When the IP filter is on, all incoming traffic from the Internet to your network is blocked by default unless it is initiated from your network.
Chapter 1 Introducing the VMG 1.4.1.2 Ethernet WAN If you prefer not to use a DSL line and you have another broadband modem or router (such as ADSL) available, you can convert LAN port number four as a WAN port using the Network Setting > Broadband > Ethernet WAN screen and then connect the LAN port to the broadband modem or router. This way, you can access the Internet via an Ethernet connection and still use the QoS, Firewall and parental control functions on the VMG.
Chapter 1 Introducing the VMG Figure 4 USB Media Server Application B A 1.5 LEDs (Lights) The following graphic displays the labels of the LEDs.
Chapter 1 Introducing the VMG None of the LEDs are on if the VMG is not receiving power. Table 1 LED Descriptions LED COLOR Green Power Red Green DSL1 DSL2 Orange Green STATUS DESCRIPTION On The VMG is receiving power and ready for use. Blinking The VMG is self-testing. On The VMG detected an error while self-testing, or there is a device malfunction. Off The VMG is not receiving power. On The ADSL line is up. Blinking The VMG is initializing the ADSL line. On The VDSL line is up.
Chapter 1 Introducing the VMG 1.6 The RESET Button If you forget your password or cannot access the Web Configurator, you will need to use the RESET button at the back of the device to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the password will be reset to “1234”. 1 Make sure the POWER LED is on (not blinking).
Chapter 1 Introducing the VMG 4 Once the connection is successfully made, the WPS LED shines green. The WPS LED turns off when the wireless network is off.
C HAPT ER 2 The Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy VMG setup and management via Internet browser. Use Internet Explorer 8.0 and later versions or Mozilla Firefox 3 and later versions or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: • Web browser pop-up windows from your VMG.
Chapter 2 The Web Configurator Figure 8 Change Password Screen 5 The Quick Start Wizard screen appears. You can configure basic Internet access, and wireless settings. See Chapter 3 on page 29 for more information. 6 After you finished or closed the Quick Start Wizard screen, the Network Map page appears. Figure 9 Network Map 7 Click Status to display the Status screen, where you can view the VMG’s interface and system information.
Chapter 2 The Web Configurator 2.2 Web Configurator Layout Figure 10 Screen Layout A B C As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar provides some icons in the upper right corner.
Chapter 2 The Web Configurator The icons provide the following functions. Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Language: Select the language you prefer. Quick Start: Click this icon to open screens where you can configure the VMG’s time zone Internet access, and wireless settings. Logout: Click this icon to log out of the web configurator. 2.2.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure VMG features.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK TAB FUNCTION LAN Setup Use this screen to configure LAN TCP/IP settings, and other advanced properties. Static DHCP Use this screen to assign specific IP addresses to individual MAC addresses. UPnP Use this screen to turn UPnP and UPnP NAT-T on or off. Additional Subnet Use this screen to configure IP alias and public static IP.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK TAB FUNCTION General Use this screen to configure the security level of your firewall. Protocol Use this screen to add Internet services and configure firewall rules. Access Control Use this screen to enable specific traffic directions for network services. DoS Use this screen to activate protection against Denial of Service (DoS) attacks.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK TAB FUNCTION System Use this screen to set Device name and Domain name. User Account User Account Use this screen to change user password on the VMG. Remote Management MGMT Services Use this screen to enable specific traffic directions for network services.
C HAPT ER 3 Quick Start 3.1 Overview Use the Quick Start screens to configure the VMG’s time zone, basic Internet access, and wireless settings. Note: See the technical reference chapters (starting on Chapter 4 on page 32) for background information on the features in this chapter. 3.2 Quick Start Setup 1 The Quick Start Wizard appears automatically after login. Or you can click the Quick Start icon in the top right corner of the web configurator to open the quick start screens.
Chapter 3 Quick Start Figure 12 Quick Start - Internet Connection 3 Turn the wireless LAN on or off. If you keep it on, record the security settings so you can configure your wireless clients to connect to the VMG. Click Save. Figure 13 Quick Start - Wireless Setting 4 Your VMG saves your settings and attempts to connect to the Internet. Click Close to complete the setup.
Chapter 3 Quick Start Figure 14 Quick Start - Result Summary VMG4825-B10A User’s Guide 31
C HAPT ER 4 Tutorials 4.1 Overview This chapter shows you how to use the VMG’s various features.
Chapter 4 Tutorials Connection Mode Routing Encapsulation PPPoE IPv6/IPv4 Mode IPv4 ATM PVC Configuration VPI/VCI 36/48 Encapsulation Mode LLC/SNAP-Bridging Service Category UBR without PCR Account Information PPP User Name 1234@DSL-Ex.com PPP Password ABCDEF! PPPoE Service Name MyDSL Static IP Address 192.168.1.
Chapter 4 Tutorials 8 You should see a summary of your new DSL connection setup in the Broadband screen as follows. Try to connect to a website to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens.
Chapter 4 Tutorials 4.3 Setting Up a Secure Wireless Network Thomas wants to set up a wireless network so that he can use his notebook to access the Internet. In this wireless network, the VMG serves as an access point (AP), and the notebook is the wireless client. The wireless client can access the Internet through the AP. Thomas has to configure the wireless network settings on the VMG. Then he can set up a wireless network using WPS (Section 4.3.2 on page 37) or manual configuration (Section 4.3.
Chapter 4 Tutorials 2 Go to the Wireless > Others screen and select 802.11b/g/n Mixed in the 802.11 Mode field. Click Apply.
Chapter 4 Tutorials Thomas can now use the WPS feature to establish a wireless connection between his notebook and the VMG (see Section 4.3.2 on page 37). He can also use the notebook’s wireless client to search for the VMG (see Section 4.3.3 on page 41). 4.3.2 Using WPS This section shows you how to set up a wireless network using WPS. It uses the VMG as the AP and ZyXEL NWD210N as the wireless client which connects to the notebook.
Chapter 4 Tutorials 4 Push and hold the WPS button located on the VMG’s front panel for more than 5 seconds. Alternatively, you may log into VMG’s web configurator and go to the Network Setting > Wireless > WPS screen. Enable the WPS function for method 1 and click Apply. Then click the WPS button. 1 3 2 Note: Your VMG has a WPS button located on its front panel as well as a WPS button in its configuration utility. Both buttons have exactly the same function: you can use one or the other.
Chapter 4 Tutorials Example WPS Process: PBC Method Wireless Client VMG WLAN/ WPS WITHIN 2 MINUTES Press and hold for 5 seconds SECURITY INFO COMMUNICATION PIN Configuration When you use the PIN configuration method, you need to use both the VMG’s web configurator and the wireless client’s utility. 1 Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number.
Chapter 4 Tutorials 1 3 2 3 Enter the PIN number of the wireless client and click the Register button. Activate WPS function on the wireless client utility screen within two minutes. The VMG authenticates the wireless client and sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the VMG securely.
Chapter 4 Tutorials Example WPS Process: PIN Method Wireless Client VMG WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION 4.3.3 Without WPS Use the wireless adapter’s utility installed on the notebook to search for the “Example” SSID. Then enter the “DoNotStealMyWirelessNetwork” pre-shared key to establish an wireless Internet connection. Note: The VMG supports IEEE 802.11b and IEEE 802.11g wireless clients.
Chapter 4 Tutorials 4.4 Setting Up Multiple Wireless Groups Company A wants to create different wireless network groups for different types of users as shown in the following figure. Each group has its own SSID and security mode. Company Guest VIP • Employees in Company A will use a general Company wireless network group. • Higher management level and important visitors will use the VIP group. • Visiting guests will use the Guest group, which has a different SSID and password.
Chapter 4 Tutorials 2 Click Network Setting > Wireless > Guest/More AP to open the following screen. Click the Edit icon to configure the second wireless network group. 3 Configure the screen using the provided parameters and click Apply.
Chapter 4 Tutorials 4 In the Guest/More AP screen, click the Edit icon to configure the third wireless network group.Configure the screen using the provided parameters and click Apply.
Chapter 4 Tutorials 5 Check the status of VIP and Guest in the Guest/More AP screen. The yellow bulbs signify that the SSIDs are active and ready for wireless access. 4.5 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the VMG’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings.
Chapter 4 Tutorials In the following figure, router R is connected to the VMG’s LAN. R connects to two networks, N1 (192.168.1.x/24) and N2 (192.168.10.x/24). If you want to send traffic from computer A (in N1 network) to computer B (in N2 network), the traffic is sent to the VMG’s WAN default gateway by default. In this case, B will never receive the traffic. N1 A R N2 B You need to specify a static routing rule on the VMG to specify R as the router in charge of forwarding traffic to N2.
Chapter 4 Tutorials Table 4 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS R’s N1 192.168.1.253 R’s N2 192.168.10.2 B 192.168.10.33 To configure a static route to route traffic from N1 to N2: 1 Log into the VMG’s Web Configurator in advanced mode. 2 Click Network Setting > Routing. 3 Click Add new Static Route in the Static Route screen. 4 Configure the Static Route Setup screen using the following settings: 4a Select the Active check box. Enter the Route Name as R.
Chapter 4 Tutorials Let’s say you are a team leader of a small sales branch office. You want to prioritize e-mail traffic because your task includes sending urgent updates to clients at least twice every hour. You also upload data files (such as logs and e-mail archives) to the FTP server throughout the day. Your colleagues use the Internet for research, as well as chat applications for communicating with other branch offices.
Chapter 4 Tutorials • Interface: WAN • Priority: 1 (High) • Weight: 8 • Rate Limit: 5,000 (kbps) Tutorial: Advanced > QoS > Queue Setup 3 Click Class Setup > Add new Classifier to create a new class. Check Active and follow the settings as shown in the screen below.
Chapter 4 Tutorials Tutorial: Advanced > QoS > Class Setup Class Name Give a class name to this traffic, such as E-mail in this example. From Interface This is the interface from which the traffic will be coming from. Select LAN1 for this example. Ether Type Select IP to identify the traffic source by its IP address or MAC address. IP Address Type the IP address of your computer - 192.168.1.23. Type the IP Subnet Mask if you know it.
Chapter 4 Tutorials This maps e-mail traffic coming from port 25 to the highest priority, which you have created in the previous screen (see the IP Protocol field). This also maps your computer’s IP address and MAC address to the E-mail queue (see the Source fields). 4 Verify that the queue setup works by checking Network Setting > QoS > Monitor. This shows the bandwidth allotted to e-mail traffic compared to other network traffic. 4.
Chapter 4 Tutorials 4.7.2 Configuring DDNS on Your VMG Configure the following settings in the Network Setting > DNS > Dynamic DNS screen. • Select Enable Dynamic DNS. • Select www.DynDNS.com as the service provider. • Type zyxelrouter.dyndns.org in the Host Name field. • Enter the user name (UserName1) and password (12345). Click Apply. 4.7.3 Testing the DDNS Setting Now you should be able to access the VMG from the Internet. To test this: 1 Open a web browser on the computer (using the IP address a.b.
Chapter 4 Tutorials Thomas Josephine 1 Click Security > MAC Filter to open the MAC Filter screen. Select the Enable check box to activate MAC filter function. 2 Select Allow. Then enter the host name and MAC address of Thomas’ computer in this screen. Click Apply. Thomas can also grant access to the computers of other members of his family and friends. However, Josephine and others not listed in this screen will no longer be able to access the Internet through the VMG. 4.
Chapter 4 Tutorials 1 In FileZilla enter the IP address of the VMG (the default is 192.168.1.1), your account’s user name and password and port 21 and click Quickconnect. A screen asking for password authentication appears. File Sharing via Windows Explorer 2 Once you log in the USB device displays in the mnt folder.
P ART II Technical Reference 55
C HAPT ER 5 Network Map and Status Screens 5.1 Overview After you log into the Web Configurator, the Network Map screen appears. This shows the network connection status of the VMG and clients connected to it. You can use the Status screen to look at the current status of the VMG, system resources, and interfaces (LAN, WAN, and WLAN). 5.2 The Network Map Screen Use this screen to view the network connection status of the device and its clients. A warning message appears if there is a connection problem.
Chapter 5 Network Map and Status Screens If you want to view information about a client, click the client’s name and Info. Click the IP address if you want to change it. If you want to change the name or icon of the client, click Change name/ icon. If you prefer to view the status in a list, click List View in the Viewing mode selection box. You can configure how often you want the VMG to update this screen in Refresh interval. Figure 16 Network Map: List View Mode 5.
Chapter 5 Network Map and Status Screens Figure 17 Status Screen Each field is described in the following table. Table 5 Status Screen LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Device Information Host Name This field displays the VMG system name. It is used for identification. Model Number This shows the model number of your VMG. Serial Number This field displays the serial number of the VMG.
Chapter 5 Network Map and Status Screens Table 5 Status Screen (continued) LABEL DHCP DESCRIPTION This field displays whether the WAN interface is using a DHCP IP address or a static IP address. Choices are: Client - The WAN interface can obtain an IP address from a DHCP server. None - The WAN interface is using a static IP address. LAN Information IP Address This is the current IP address of the VMG in the LAN. IP Subnet Mask This is the current subnet mask in the LAN.
Chapter 5 Network Map and Status Screens Table 5 Status Screen (continued) LABEL NAT Session Usage DESCRIPTION This field displays what percentage of the VMG supported NAT sessions are currently being used. This field also displays the number of active NAT sessions and the maximum number of NAT sessions the VMG can support. Interface Status Interface This column displays each interface the VMG has. Status This field indicates the interface’s use status.
C HAPT ER 6 Broadband 6.1 Overview This chapter discusses the VMG’s Broadband screens. Use these screens to configure your VMG for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations. Figure 18 LAN and WAN WAN 6.1.
Chapter 6 Broadband Table 6 WAN Setup Overview LAYER-2 INTERFACE INTERNET CONNECTION CONNECTION DSL LINK TYPE MODE ENCAPSULATION CONNECTION SETTINGS ADSL over ATM EoA Routing PPPoE/PPPoA ATM PVC configuration, PPP information, IPv4/IPv6 IP address, routing feature, DNS server, VLAN, and MTU IPoE/IPoA ATM PVC configuration, IPv4/IPv6 IP address, routing feature, DNS server, VLAN, and MTU Bridge N/A ATM PVC configuration Routing PPPoE PPP user name and password, WAN IPv4/IPv6 IP address, r
Chapter 6 Broadband IPv6 Introduction IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. The VMG can use IPv4/IPv6 dual stack to connect to IPv4 and IPv6 networks, and supports IPv6 rapid deployment (6RD). IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:).
Chapter 6 Broadband Figure 19 IPv6 Rapid Deployment LAN - IPv6 - IPv4 WAN - IPv4 - IPv6 in IPv4 ISP (IPv4) IPv6 in IPv4 IPv6 + IPv4 BR IPv6 Internet IPv4 IPv4 Internet Dual Stack Lite Use Dual Stack Lite when local network computers use IPv4 and the ISP has an IPv6 network. When the VMG has an IPv6 WAN address and you set IPv4/IPv6 Mode to IPv6 Only, you can enable Dual Stack Lite to use IPv4 computers and services.
Chapter 6 Broadband 6.2 The Broadband Screen Use this screen to change your VMG’s Internet access settings. Click Network Setting > Broadband from the menu. The summary table shows you the configured WAN services (connections) on the VMG. Figure 21 Network Setting > Broadband The following table describes the labels in this screen. Table 7 Network Setting > Broadband LABEL DESCRIPTION Add New WAN Interface Click this button to create a new connection. # This is the index number of the entry.
Chapter 6 Broadband 6.2.1.1 Routing Mode Use Routing mode if your ISP give you one IP address only and you want multiple computers to share an Internet account. The following example screen displays when you select the ADSL/VDSL over ATM connection type, Routing mode, and PPPoE encapsulation. The screen varies when you select other interface type, encapsulation, and IPv4/IPv6 mode.
Chapter 6 Broadband The following table describes the labels in this screen. Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) LABEL DESCRIPTION General Name Specify a descriptive name for this connection. Type Select whether it is an ADSL/VDSL over PTM, ADSL over ATM connection or Ethernet. Mode Select Routing if your ISP give you one IP address only and you want multiple computers to share an Internet account.
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION Service Category Select UBR Without PCR or UBR With PCR for applications that are non-time sensitive, such as e-mail. Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select Non Realtime VBR (non real-time Variable Bit Rate) for connections that do not require closely controlled delay and delay variation.
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION Obtain an IP Address Automatically A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not fixed; the ISP assigns you a different one each time you connect to the Internet. Select this if you have a dynamic IP address. DHCP option 60/ Vendor ID This field displays when editing an existing WAN interface.
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION Select Obtain DNS Info Automically if you want the VMG to use the DNS server addresses assigned by your ISP. Select Use Following Static DNS Address if you want the VMG to use the DNS server addresses you configure manually. Primary DNS Server Enter the first DNS server address assigned by the ISP.
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION IPv6 Address (This is available only when you select IPv4 IPv6 DualStack or IPv6 Only in the IPv4/IPv6 Mode field.) Obtain an IPv6 Address Automatically Select Obtain an IPv6 Address Automatically if you want to have the VMG use the IPv6 prefix from the connected router’s Router Advertisement (RA) to generate an IPv6 address.
Chapter 6 Broadband Figure 23 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL/VDSL over PTM Bridge Mode) The following table describes the fields in this screen. Table 9 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL/VDSL over PTM Bridge or Ethernet Mode) LABEL DESCRIPTION General Name Enter a service name of the connection. Type Select ADSL/VDSL over PTM as the interface that you want to configure.
Chapter 6 Broadband Figure 24 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL over ATM-Bridge Mode) The following table describes the fields in this screen. Table 10 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL over ATM-Bridge Mode) LABEL DESCRIPTION General Name Enter a service name of the connection. Type Select ADSL over ATM as the interface that you want to configure. The VMG uses the ADSL technology for data transmission over the DSL port.
Chapter 6 Broadband Table 10 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL over ATM-Bridge Mode) (continued) LABEL DESCRIPTION Service Category Select UBR Without PCR for applications that are non-time sensitive, such as e-mail. Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select Non Realtime VBR (non real-time Variable Bit Rate) for connections that do not require closely controlled delay and delay variation.
Chapter 6 Broadband Figure 25 Network Setting > Broadband > Advanced The following table describes the labels in this screen. Table 12 Network Setting > Broadband > Advanced LABEL DESCRIPTION PhyR US Enable or disable PhyR US (upstream) for upstream transmission to the WAN. PhyR US should be enabled if data being transmitted upstream is sensitive to noise. However, enabling PhyR US can decrease the US line rate. Enabling or disabling PhyR will require the CPE to retrain.
Chapter 6 Broadband Table 12 Network Setting > Broadband > Advanced (continued) LABEL DESCRIPTION G.lite : ITU G.992.2 (better known as G.lite) is an ITU standard for ADSL using discrete multitone modulation. G.lite does not strictly require the use of DSL filters, but like all variants of ADSL generally functions better with splitters. T1.413 : ANSI T1.
Chapter 6 Broadband The following table describes the labels in this screen. Table 13 Network Setting > Broadband > Ethernet WAN LABEL DESCRIPTION Active Select Enable to convert the fourth Ethernet LAN port to the Ethernet WAN port. Otherwise, select Disable. Apply Click Apply to save your changes back to the VMG. Cancel Click Cancel to return to the previous configuration. 6.5 The 802.1x Screen You can view and configure the 802.1X authentication settings in the 802.1x screen.
Chapter 6 Broadband 6.5.1 Modify 802.1X Settings Use this screen to edit 802.1X authentication settings. Click the Edit icon next to the rule you want to edit. The screen shown next appears. Figure 28 Network Setting > Broadband > 802.1x > Modify The following table describes the labels in this screen. Table 15 Network Setting > Broadband > 802.1x: Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate the authentication. Select this to enable the authentication.
Chapter 6 Broadband IP over Ethernet IP over Ethernet (IPoE) is an alternative to PPPoE. IP packets are being delivered across an Ethernet network, without using PPP encapsulation. They are routed between the Ethernet interface and the WAN interface and then formatted so that they can be understood in a bridged environment. For instance, it encapsulates routed Ethernet frames into bridged Ethernet cells. PPP over ATM (PPPoA) PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5).
Chapter 6 Broadband In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc. VC-based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical. LLC-based Multiplexing In this case one VC carries multiple protocols with protocol identifying information being contained in each packet header.
Chapter 6 Broadband ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent. CBR traffic is generally time-sensitive (doesn't tolerate delay). CBR is used for connections that continuously require a specific amount of bandwidth. A PCR is specified and if traffic exceeds this rate, cells may be dropped.
Chapter 6 Broadband VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain. Introduction to IEEE 802.
Chapter 6 Broadband important because without it, you must know the IP address of a computer before you can access it. The VMG can get the DNS server addresses in the following ways. 1 The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields.
C HAPT ER 7 Wireless 7.1 Overview This chapter describes the VMG’s Network Setting > Wireless screens. Use these screens to set up your VMG’s wireless connection. 7.1.1 What You Can Do in this Chapter This section describes the VMG’s Wireless screens. Use these screens to set up your VMG’s wireless connection. • Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode (Section 7.2 on page 85).
Chapter 7 Wireless Finding Out More See Section 7.9 on page 98 for advanced technical information on wireless networks. 7.2 The General Screen Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode. Note: If you are configuring the VMG from a computer connected to the wireless LAN and you change the VMG’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.
Chapter 7 Wireless The following table describes the general wireless LAN labels in this screen. Table 16 Network Setting > Wireless > General LABEL DESCRIPTION Wireless Network Setup Band This shows the wireless band which this radio profile is using. 2.4GHz is the frequency used by IEEE 802.11b/g/n wireless clients while 5GHz is used by IEEE 802.11a/ac wireless clients. Wireless You can Enable or Disable the wireless LAN in this field.
Chapter 7 Wireless 7.2.1 No Security Select No Security to allow wireless stations to communicate with the access points without any data encryption or authentication. Note: If you do not enable any wireless security on your VMG, your network is accessible to any wireless networking device that is within range. Figure 31 Wireless > General: No Security The following table describes the labels in this screen.
Chapter 7 Wireless Figure 32 Wireless > General: Basic (WEP) The following table describes the labels in this screen. Table 18 Wireless > General: Basic (WEP) LABEL DESCRIPTION Security Level Select Basic to enable WEP data encryption. Security Mode This shows WEP when you set Security Level to Basic. Generate password automatically Select this option to have the VMG automatically generate a password. The password field will not be configurable when you select this option.
Chapter 7 Wireless Click Network Setting > Wireless to display the General screen. Select More Secure as the security level. Then select WPA-PSK or WPA2-PSK from the Security Mode list. Figure 33 Wireless > General: More Secure: WPA(2)-PSK The following table describes the labels in this screen. Table 19 Wireless > General: More Secure: WPA(2)-PSK LABEL DESCRIPTION Security Level Select More Secure to enable WPA(2)-PSK data encryption.
Chapter 7 Wireless 7.3 The Guest/More AP Screen This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the VMG. Click Network Setting > Wireless > Guest/More AP. The following screen displays. Figure 34 Network Setting > Wireless > Guest/More AP The following table describes the labels in this screen. Table 20 Network Setting > Wireless > Guest/More AP LABEL DESCRIPTION # This is the index number of the entry. Status This field indicates whether this SSID is active.
Chapter 7 Wireless Figure 35 Network Setting > Wireless > Guest/More AP > Edit The following table describes the fields in this screen. Table 21 Network Setting > Wireless > Guest/More AP > Edit LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in this field. Wireless Network Settings Wireless Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated.
Chapter 7 Wireless Table 21 Network Setting > Wireless > Guest/More AP > Edit (continued) LABEL DESCRIPTION Access Scenario If you select Home Guest, clients connecting to the same SSID can communicate with each other directly. If you select External Guest, clients are blocked from connecting to each other directly. Max. Upstream Bandwidth Specify the maximum rate for upstream wireless traffic to the WAN from this WLAN in kilobits per second (Kbps). Max.
Chapter 7 Wireless Use this screen to view your VMG’s MAC filter settings and add new MAC filter rules. Click Network Setting > Wireless > MAC Authentication. The screen appears as shown. Figure 36 Wireless > MAC Authentication The following table describes the labels in this screen. Table 22 Wireless > MAC Authentication LABEL DESCRIPTION SSID Select the SSID for which you want to configure MAC filter settings.
Chapter 7 Wireless WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices. Both devices must support WPS. See Section 7.9.8.3 on page 107 for more information about WPS. Note: The VMG applies the security settings of the SSID1 profile (see Section 7.2 on page 85). If you want to use the WPS feature, make sure you have set the security mode of SSID1 to WPA2-PSK or No Security.
Chapter 7 Wireless Table 23 Network Setting > Wireless > WPS (continued) LABEL Register DESCRIPTION Enter the PIN of the device that you are setting up a WPS connection with and click Register to authenticate and add the wireless device to your wireless network. You can find the PIN either on the outside of the device, or by checking the device’s settings. Note: You must also activate WPS on that device within two minutes to have it present its PIN to the VMG.
Chapter 7 Wireless Table 24 Network Setting > Wireless > WMM (continued) LABEL DESCRIPTION WMM Automatic Power Save Delivery(APSD) Select this option to extend the battery life of your mobile devices (especially useful for small devices that are running multimedia applications). The VMG goes to sleep mode to save power when it is not transmitting data. The AP buffers the packets sent to the VMG until the VMG "wakes up". The VMG wakes up periodically to check for incoming data.
Chapter 7 Wireless Table 25 Network Setting > Wireless > Others (continued) LABEL DESCRIPTION Output Power Set the output power of the VMG. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs. Select one of the following: 20%, 40%, 60%, 80% or 100%. Beacon Interval When a wirelessly networked device sends a beacon, it includes with it a beacon interval. This specifies the time period before the device sends the beacon again.
Chapter 7 Wireless 7.8 The Channel Status Screen Use the Channel Status screen to scan wireless LAN channel noises and view the results. Click Network Setting > Wireless > Channel Status. The screen appears as shown. Click Scan to scan the wireless LAN channels. You can view the results in the Channel Scan Result section. Note: The Scan button only works when the VMG uses 20MHz for the wireless channel width.
Chapter 7 Wireless • An access point is a radio with a wired connection to a network, which can connect with numerous wireless clients and let them access the network. • A bridge is a radio that relays communications between access points and wireless clients, extending a network’s range. Traditionally, a wireless network operates in one of two ways. • An “infrastructure” type of network has one or more access points and one or more wireless clients. The wireless clients connect to the access points.
Chapter 7 Wireless • Every device in the same wireless network must use security compatible with the AP. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. Radio Channels In the radio spectrum, there are certain frequency bands allocated for unlicensed, civilian use. For the purposes of wireless networking, these bands are divided into numerous channels.
Chapter 7 Wireless people with the code key can understand the information, and only people who have been authenticated are given the code key. These security standards vary in effectiveness. Some can be broken, such as the old Wired Equivalent Protocol (WEP). Using WEP is better than using no security at all, but it will not keep a determined attacker out. Other security standards are secure in themselves but can be broken if a user does not use them properly.
Chapter 7 Wireless 7.9.3.3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before using it. However, every device in the wireless network has to support IEEE 802.1x to do this. For wireless networks, you can store the user names and passwords for each user in a RADIUS server. This is a server used in businesses more than in homes.
Chapter 7 Wireless Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. 7.9.4 Signal Problems Because wireless networks are radio networks, their signals are subject to limitations of distance, interference and absorption. Problems with distance occur when the two radios are too far apart.
Chapter 7 Wireless 7.9.6 MBSSID Traditionally, you need to use different APs to configure different Basic Service Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference. The VMG’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously. You can then assign varying QoS priorities and/or security modes to different SSIDs.
Chapter 7 Wireless 7.9.8.1 Push Button Configuration WPS Push Button Configuration (PBC) is initiated by pressing a button on each WPS-enabled device, and allowing them to connect automatically. You do not need to enter any information. Not every WPS-enabled device has a physical WPS button. Some may have a WPS PBC button in their configuration utilities instead of or in addition to the physical button. Take the following steps to set up WPS using the button.
Chapter 7 Wireless 5 If the client device’s configuration interface has an area for entering another device’s PIN, you can either enter the client’s PIN in the AP, or enter the AP’s PIN in the client - it does not matter which. 6 Start WPS on both devices within two minutes. 7 Use the configuration utility to activate WPS, not the push-button on the device itself. 8 On a computer connected to the wireless client, try to connect to the Internet. If you can connect, WPS was successful.
Chapter 7 Wireless 7.9.8.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role. One device acts as the registrar (the device that supplies network and security settings) and the other device acts as the enrollee (the device that receives network and security settings. The registrar creates a secure EAP (Extensible Authentication Protocol) tunnel and sends the network name (SSID) and the WPA-PSK or WPA2-PSK pre-shared key to the enrollee.
Chapter 7 Wireless connections in which it is involved. If you want a configured AP to act as an enrollee, you must reset it to its factory defaults. 7.9.8.4 Example WPS Network Setup This section shows how security settings are distributed in an example WPS setup. The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee.
Chapter 7 Wireless Figure 47 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 IS EX O GC TIN ION CT E NN AP1 REGISTRAR CLIENT 2 SE CU RIT Y ENROLLEE INF O AP2 7.9.8.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate). It does not work in Ad-Hoc networks (where there is no AP). • When you use WPS, it works between two devices only.
Chapter 7 Wireless access point is the WPS registrar, the enrollee, or was not involved in the WPS handshake; a rogue device must still associate with the access point to gain access to the network. Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP.
C HAPT ER 8 Home Networking 8.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses. LAN DSL 8.1.1 What You Can Do in this Chapter • Use the LAN Setup screen to set the LAN IP address, subnet mask, and DHCP settings of your VMG (Section 8.2 on page 113).
Chapter 8 Home Networking 8.1.2 What You Need To Know 8.1.2.1 About LAN IP Address IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet Mask Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Chapter 8 Home Networking • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the Chapter 11 on page 152 for more information on NAT. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments.
Chapter 8 Home Networking 3 Click Apply to save your settings.
Chapter 8 Home Networking The following table describes the fields in this screen. Table 28 Network Setting > Home Networking > LAN Setup LABEL DESCRIPTION Interface Group Group Name Select the interface group name for which you want to configure LAN settings. See Chapter 14 on page 174 for how to create a new interface group. LAN IP Setup IP Address Enter the LAN IPv4 address you want to assign to your VMG in dotted decimal notation, for example, 192.168.1.1 (factory default).
Chapter 8 Home Networking Table 28 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION EUI64 Select this to have the VMG generate an interface ID for the LAN interface’s link-local address using the EUI-64 format. Manual Select this to manually enter an interface ID for the LAN interface’s link-local address. Lan Global Identifier Type EUI64 Select this to have the VMG generate an interface ID using the EUI-64 format for its global address .
Chapter 8 Home Networking Table 28 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION DNS Query Scenario Select how the VMG handles clients’ DNS information requests. • • • • • IPv4/IPv6 DNS Server: The VMG forwards the requests to both the IPv4 and IPv6 DNS servers and sends clients the first DNS information it receives. IPv6 DNS Server Only: The VMG forwards the requests to the IPv6 DNS server and sends clients the DNS information it receives.
Chapter 8 Home Networking If you click Static DHCP Configuration in the Static DHCP screen or the Edit icon next to a static DHCP entry, the following screen displays. Figure 50 Static DHCP: Static DHCP Configuration/Edit The following table describes the labels in this screen. Table 30 Static DHCP: Static DHCP Configuration/Edit LABEL DESCRIPTION Active Select this to activate the connection between the client and the VMG.
Chapter 8 Home Networking Use the following screen to configure the UPnP settings on your VMG. Click Network Setting > Home Networking > UPnP to display the screen shown next. Figure 51 Network Setting > Home Networking > UPnP The following table describes the labels in this screen. Table 31 Network Setting > Home Networking > UPnP LABEL DESCRIPTION UPnP Select Enable to activate UPnP.
Chapter 8 Home Networking 2 Click Change Advanced Sharing Settings. 3 Select Turn on network discovery and click Save Changes. Network discovery allows your computer to find other computers and devices on the network and other computers on the network to find your computer. This makes it easier to share files and printers.
Chapter 8 Home Networking 8.5 The Additional Subnet Screen Use the Additional Subnet screen to configure IP alias and public static IP. IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The VMG supports multiple logical LAN interfaces via its physical Ethernet interface with the VMG itself as the gateway for the LAN network.
Chapter 8 Home Networking Table 32 Network Setting > Home Networking > Additional Subnet (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 8.6 The STB Vendor ID Screen Set Top Box (STB) devices with dynamic IP addresses sometimes don’t renew their IP addresses before the lease time expires. This could lead to IP address conflicts if the STB continues to use an IP address that gets assigned to another device.
Chapter 8 Home Networking The following table describes the labels in this screen. Table 34 Network Setting > Home Networking > Wake on LAN LABEL DESCRIPTION Wake by Address Select Manual and enter the IP address or MAC address of the device to turn it on remotely. The drop-down list also lists the IP addresses that can be found in the VMG’s ARP table. Select an IP address and it will then automatically update the IP address and MAC address in the following fields.
Chapter 8 Home Networking Figure 56 LAN and WAN IP Addresses LAN WAN 8.9.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the VMG as a DHCP server or disable it. When configured as a server, the VMG provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Chapter 8 Home Networking 8.9.4 LAN TCP/IP The VMG has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation.
Chapter 8 Home Networking Note: Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, “Address Allocation for Private Internets” and RFC 1466, “Guidelines for Management of IP Address Space”.
C HAPT ER 9 Routing 9.1 Overview The VMG usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the VMG send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the VMG’s LAN interface. The VMG routes most traffic from A to the Internet through the VMG’s default gateway (R1). You create one static route to connect to services offered by your ISP behind router R2.
Chapter 9 Routing The following table describes the labels in this screen. Table 36 Network Setting > Routing > Static Route LABEL DESCRIPTION Add new static route Click this to configure a new static route. # This is the index number of the entry. Status This field displays whether the static route is active or not. A yellow bulb signifies that this route is active. A gray bulb signifies that this route is not active. Name This is the name that describes or identifies this route.
Chapter 9 Routing The following table describes the labels in this screen. Table 37 Routing: Add/Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Select Enable to activate the static route. Select Disable to deactivate this static route without having to delete the entry. Route Name Enter a descriptive name for the static route. IP Type Select whether your IP type is IPv4 or IPv6.
Chapter 9 Routing Table 38 Network Setting > Routing > DNS Route (continued) LABEL DESCRIPTION Subnet Mask This is the subnet mask of the DNS route entry. Modify Click the Edit icon to modify the DNS route. Click the Delete icon to delete the DNS route. 9.3.1 The DNS Route Add Screen You can manually add the VMG’s DNS route entry. Click Add New DNS Route in the Network Setting > Routing > DNS Route screen. The screen shown next appears.
Chapter 9 Routing The Policy Route screen let you view and configure routing policies on the VMG. Click Network Setting > Routing > Policy Route to open the following screen. Figure 62 Network Setting > Routing > Policy Route The following table describes the labels in this screen. Table 40 Network Setting > Routing >Policy Route LABEL DESCRIPTION Add New Policy Route Click this to create a new policy forwarding rule. # This is the index number of the entry.
Chapter 9 Routing 9.4.1 Add/Edit Policy Route Click Add New Policy Route in the Policy Route screen or click the Edit icon next to a policy. Use this screen to configure the required information for a policy route. Figure 63 Policy Route: Add/Edit The following table describes the labels in this screen. Table 41 Policy Route: Add/Edit LABEL DESCRIPTION Active Select to enable or disable this policy route.
Chapter 9 Routing 9.5 RIP Routing Information Protocol (RIP, RFC 1058 and RFC 1389) allows a device to exchange routing information with other routers. 9.5.1 The RIP Screen Click Network Setting > Routing > RIP to open the RIP screen. Figure 64 RIP The following table describes the labels in this screen. Table 42 RIP LABEL DESCRIPTION # This is the index of the interface in which the RIP setting is used. Interface This is the name of the interface in which the RIP setting is used.
C HAPTER 10 Quality of Service (QoS) 10.1 Overview Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested. This can cause a reduction in network performance and make the network inadequate for time-critical application such as video-ondemand.
Chapter 10 Quality of Service (QoS) 10.2 What You Need to Know The following terms and concepts may help as you read through this chapter. QoS versus Cos QoS is used to prioritize source-to-destination traffic flows. All packets in the same flow are given the same priority. CoS (class of service) is a way of managing traffic in a network by grouping similar types of traffic together and treating each type as a class. You can use CoS to give different priorities to different packet types.
Chapter 10 Quality of Service (QoS) Traffic Policing Traffic policing is the limiting of the input or output transmission rate of a class of traffic on the basis of user-defined criteria. Traffic policing methods measure traffic flows against user-defined criteria and identify it as either conforming, exceeding or violating the criteria.
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 43 Network Setting > QoS > General LABEL DESCRIPTION QoS Select the Enable check box to turn on QoS to improve your network performance. WAN Managed Upstream Bandwidth Enter the amount of upstream bandwidth for the WAN interfaces that you want to allocate using QoS. The recommendation is to set this speed to match the interfaces’ actual transmission speed.
Chapter 10 Quality of Service (QoS) Figure 66 Network Setting > QoS > Queue Setup The following table describes the labels in this screen. Table 44 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Add New Queue Click this button to create a new queue entry. # This is the index number of the entry. Status This field displays whether the queue is active or not. A yellow bulb signifies that this queue is active. A gray bulb signifies that this queue is not active.
Chapter 10 Quality of Service (QoS) 10.4.1 Adding a QoS Queue Click Add New Queue or the edit icon in the Queue Setup screen to configure a queue. Figure 67 Queue Setup: Add The following table describes the labels in this screen. Table 45 Queue Setup: Add LABEL DESCRIPTION Active Select to enable or disable this queue. Name Enter the descriptive name of this queue. Interface Select the interface to which this queue is applied. This field is read-only if you are editing the queue.
Chapter 10 Quality of Service (QoS) 10.5 The Classification Setup Screen Use this screen to add, edit or delete QoS classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming interface. For example, you can configure a classifier to select traffic from the same protocol port (such as Telnet) to form a flow.
Chapter 10 Quality of Service (QoS) Figure 69 Classification Setup: Add/Edit VMG4825-B10A User’s Guide 141
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 47 Classification Setup: Add/Edit LABEL DESCRIPTION Step1: Class Configuration Active Select to enable or disable this classifier. Class Name Enter a descriptive name of up to 15 printable English keyboard characters, not including spaces. Classification Order Select an existing number for where you want to put this classifier to move the classifier to the number you selected after clicking Apply.
Chapter 10 Quality of Service (QoS) Table 47 Classification Setup: Add/Edit (continued) LABEL DESCRIPTION Others Service This field is available only when you select IP in the Ether Type field. This field simplifies classifier configuration by allowing you to select a predefined application. When you select a predefined application, you do not configure the rest of the filter fields. IP Protocol This field is available only when you select IP in the Ether Type field.
Chapter 10 Quality of Service (QoS) Table 47 Classification Setup: Add/Edit (continued) LABEL DESCRIPTION VLAN ID Tag If you select Remark, enter a VLAN ID number with which the VMG replaces the VLAN ID of the frames. If you select Remove, the VMG deletes the VLAN ID of the frames before forwarding them out. If you select Add, the VMG treat all matched traffic untagged and add a second VLAN ID. If you select Unchange, the VMG keep the VLAN ID in the packets.
Chapter 10 Quality of Service (QoS) 10.6.1 Add/Edit a QoS Shaper Click Add New Shaper in the Shaper Setup screen or the Edit icon next to a shaper to show the following screen. Figure 71 Shaper Setup: Add/Edit The following table describes the labels in this screen. Table 49 Shaper Setup: Add/Edit LABEL DESCRIPTION Active Select to enable or disable this shaper.
Chapter 10 Quality of Service (QoS) Table 50 Network Setting > QoS > Policer Setup (continued) LABEL DESCRIPTION Status This field displays whether the policer is active or not. A yellow bulb signifies that this policer is active. A gray bulb signifies that this policer is not active. Name This field displays the descriptive name of this policer.
Chapter 10 Quality of Service (QoS) Table 51 Policer Setup: Add/Edit LABEL DESCRIPTION Meter Type This shows the traffic metering algorithm used in this policer. The Simple Token Bucket algorithm uses tokens in a bucket to control when traffic can be transmitted. Each token represents one byte. The algorithm allows bursts of up to b bytes which is also the bucket size.
Chapter 10 Quality of Service (QoS) IEEE 802.1p specifies the user priority field and defines up to eight separate traffic types. The following table describes the traffic types defined in the IEEE 802.1d standard (which incorporates the 802.1p). Table 52 IEEE 802.1p Priority Level and Traffic Type PRIORITY LEVEL TRAFFIC TYPE Level 7 Typically used for network control traffic such as router configuration messages.
Chapter 10 Quality of Service (QoS) IP Precedence Similar to IEEE 802.1p prioritization at layer-2, you can use IP precedence to prioritize packets in a layer-3 network. IP precedence uses three bits of the eight-bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest.
Chapter 10 Quality of Service (QoS) Token Bucket The token bucket algorithm uses tokens in a bucket to control when traffic can be transmitted. The bucket stores tokens, each of which represents one byte. The algorithm allows bursts of up to b bytes which is also the bucket size, so the bucket can hold up to b tokens. Tokens are generated and added into the bucket at a constant rate.
Chapter 10 Quality of Service (QoS) • If there are not enough tokens in the CBS bucket, the VMG checks the EBS bucket. The packet is marked yellow if there are sufficient tokens in the EBS bucket. Otherwise, the packet is marked red. No tokens are removed if the packet is dropped.
C HAPTER 11 Network Address Translation (NAT) 11.1 Overview This chapter discusses how to configure NAT on the VMG. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 11.1.
Chapter 11 Network Address Translation (NAT) NAT In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Chapter 11 Network Address Translation (NAT) Figure 74 Multiple Servers Behind NAT Example A=192.168.1.33 WAN LAN B=192.168.1.34 192.168.1.1 IP Address assigned by ISP C=192.168.1.3 D=192.168.1.36 Click Network Setting > NAT > Port Forwarding to open the following screen. See Appendix D on page 280 for port numbers commonly used for particular services. Figure 75 Network Setting > NAT > Port Forwarding The following table describes the fields in this screen.
Chapter 11 Network Address Translation (NAT) 11.2.1 Add/Edit Port Forwarding Click Add New Rule in the Port Forwarding screen or click the Edit icon next to an existing rule to open the following screen. Figure 76 Port Forwarding: Add/Edit The following table describes the labels in this screen. Table 55 Port Forwarding: Add/Edit LABEL DESCRIPTION Active Select to enable or disable the rule. Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on).
Chapter 11 Network Address Translation (NAT) Table 55 Port Forwarding: Add/Edit (continued) LABEL DESCRIPTION End Port Enter the last port of the original destination port range. To forward only one port, enter the port number in the Start Port field above and then enter it again in this field. To forward a series of ports, enter the last port number in a series that begins with the port number in the Start Port field above.
Chapter 11 Network Address Translation (NAT) 11.3.1 Add New Application This screen lets you create new NAT application rules. Click Add New Application in the Applications screen to open the following screen. Figure 78 Network Setting > NAT > Applications: Add The following table describes the labels in this screen. Table 57 Network Setting > NAT > Applications: Add LABEL DESCRIPTION WAN Interface Select the WAN interface that you want to apply this NAT rule to.
Chapter 11 Network Address Translation (NAT) WAN to request a service with a specific port number and protocol (a "trigger" port). When the VMG's WAN port receives a response with a specific port number and protocol ("open" port), the VMG forwards the traffic to the LAN IP address of the computer that sent the request. After that computer’s connection for that service closes, another computer on the LAN can use the service in the same manner.
Chapter 11 Network Address Translation (NAT) Table 58 Network Setting > NAT > Port Triggering (continued) LABEL DESCRIPTION Trigger Start Port The trigger port is a port (or a range of ports) that causes (or triggers) the VMG to record the IP address of the LAN computer that sent the traffic to a server on the WAN. This is the first port number that identifies a service. Trigger End Port This is the last port number that identifies a service. Trigger Proto.
Chapter 11 Network Address Translation (NAT) Table 59 Port Triggering: Configuration Add/Edit (continued) LABEL DESCRIPTION Trigger End Port Type a port number or the ending port number in a range of port numbers. Trigger Protocol Select the transport layer protocol from TCP, UDP, or TCP/UDP. Open Start Port The open port is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service.
Chapter 11 Network Address Translation (NAT) 11.6 The ALG Screen Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream. When the VMG registers with the SIP register server, the SIP ALG translates the VMG’s private IP address inside the SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your VMG is behind a SIP ALG.
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 62 Network Setting > NAT > Address Mapping LABEL DESCRIPTION Add new rule Click this to create a new rule. Set This is the index number of the address mapping set. Local Start IP This is the starting Inside Local IP Address (ILA). Local End IP This is the ending Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 63 Address Mapping: Add/Edit LABEL DESCRIPTION Type Choose the IP/port mapping type from one of the following. One-to-One: This mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. Many-to-One: This mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e.
Chapter 11 Network Address Translation (NAT) 11.9 Technical Reference This part contains more information regarding NAT. 11.9.1 NAT Definitions Inside/outside denotes where a host is located relative to the VMG, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Chapter 11 Network Address Translation (NAT) 11.9.3 How NAT Works Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN.
Chapter 11 Network Address Translation (NAT) Figure 88 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also refer to the Supporting CD for more examples and details on port forwarding and NAT.
Chapter 11 Network Address Translation (NAT) third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 89 Multiple Servers Behind NAT Example A=192.168.1.33 192.168.1.1 B=192.168.1.34 IP address assigned by ISP C=192.168.1.35 D=192.168.1.
C HAPTER 12 Dynamic DNS Setup 12.1 Overview DNS DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list.
Chapter 12 Dynamic DNS Setup If you have a private WAN IP address, then you cannot use Dynamic DNS. 12.2 The DNS Entry Screen Use this screen to view and configure DNS routes on the VMG. Click Network Setting > DNS to open the DNS Entry screen. Figure 90 Network Setting > DNS > DNS Entry The following table describes the fields in this screen. Table 67 Network Setting > DNS > DNS Entry LABEL DESCRIPTION Add New DNS Entry Click this to create a new DNS entry. # This is the index number of the entry.
Chapter 12 Dynamic DNS Setup The following table describes the labels in this screen. Table 68 DNS Entry: Add/Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry. IPv4 Address Enter the IPv4 address of the DNS entry. OK Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. 12.3 The Dynamic DNS Screen Use this screen to change your VMG’s DDNS. Click Network Setting > DNS > Dynamic DNS. The screen appears as shown.
Chapter 12 Dynamic DNS Setup Table 69 Network Setting > DNS > > Dynamic DNS (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
C HAPTER 13 VLAN Group 13.1 Overview Virtual LAN IDs are used to identify different traffic types over the same physical link. In the following example, the VMG (DSL) can use VLAN IDs (VID) 100 and 200 to identify Video-onDemand and IPTV traffic respectively coming from the two VoD and IPTV multicast servers. The VMG (DSL) can also tag outgoing requests to these servers with these VLAN IDs. Figure 93 VLAN Group Example 13.1.
Chapter 13 VLAN Group The following table describes the fields in this screen. Table 70 Network Setting > Vlan Group LABEL DESCRIPTION Add New Vlan Group Click this button to create a new VLAN group. # This is the index number of the VLAN group. Group Name This shows the descriptive name of the VLAN group. VLAN ID This shows the unique ID number that identifies the VLAN group.
C HAPTER 14 Interface Grouping 14.1 Overview By default, all LAN and WAN interfaces on the VMG are in the same group and can communicate with each other. Create interface groups to have the VMG assign the IP addresses in different domains to different groups. Each group acts as an independent network on the VMG. This lets devices connected to an interface group’s LAN interfaces communicate through the interface group’s WAN or LAN interfaces but not other WAN or LAN interfaces. 14.1.
Chapter 14 Interface Grouping Figure 96 Interface Grouping Application Default: ETH 2~4 192.168.1.x/24 eth10.0 Internet VDSL_PoE/ppp0.1 192.168.2.x/24 DHCP Vendor ID option: MSFT 5.0 Click Network Setting > Interface Grouping to open the following screen. Figure 97 Network Setting > Interface Grouping The following table describes the fields in this screen. Table 72 Network Setting > Interface Grouping LABEL DESCRIPTION Add New Interface Group Click this button to create a new interface group.
Chapter 14 Interface Grouping Figure 98 Interface Group Configuration The following table describes the fields in this screen. Table 73 Interface Group Configuration LABEL DESCRIPTION Group Name Enter a name to identify this group. You can enter up to 30 characters. You can use letters, numbers, hyphens (-) and underscores (_). Spaces are not allowed. WAN Interfaces used in the grouping Select the WAN interface this group uses.
Chapter 14 Interface Grouping Table 73 Interface Group Configuration (continued) LABEL DESCRIPTION Automatically Add Clients With the following DHCP Vendor IDs Click Add to identify LAN hosts to add to the interface group by criteria such as the type of the hardware or firmware. See Section 14.2.2 on page 177 for more information. # This shows the index number of the rule. Filter Criteria This shows the filtering criteria.
Chapter 14 Interface Grouping Table 74 Interface Grouping Criteria (continued) LABEL DESCRIPTION DHCP Option 125 Select this and enter vendor specific information of the matched traffic. Enterprise Number Enter the vendor’s 32-bit enterprise number registered with the IANA (Internet Assigned Numbers Authority). Manufactur er OUI Specify the vendor’s OUI (Organization Unique Identifier). It is usually the first three bytes of the MAC address. Serial Number Enter the serial number of the device.
C HAPTER 15 USB Service 15.1 Overview You can share files on a USB memory stick or hard drive connected to your VMG with users on your network. The following figure is an overview of the VMG’s file server feature. Computers A and B can access files on a USB device (C) which is connected to the VMG. Figure 100 File Sharing Overview B C A The VMG will not be able to join the workgroup if your local area network has restrictions set up that do not allow devices to join a workgroup.
Chapter 15 USB Service 15.1.2.1 About File Sharing Workgroup name This is the name given to a set of computers that are connected on a network and share resources such as a printer or files. Windows automatically assigns the workgroup name when you set up a network. Shares When settings are set to default, each USB device connected to the VMG is given a folder, called a “share”. If a USB hard drive connected to the VMG has more than one partition, then each partition will be allocated a share.
Chapter 15 USB Service Figure 101 Network Setting > USB Service > File Sharing Each field is described in the following table. Table 75 Network Setting > USB Service > File Sharing LABEL DESCRIPTION Information Volume This is the volume name the VMG gives to an inserted USB device. Capacity This is the total available memory size (in megabytes) on the USB device. Used Space This is the memory size (in megabytes) already used on the USB device.
Chapter 15 USB Service Figure 102 Network Setting > USB Service > File Sharing > Add new user Each field is described in the following table. Table 76 Network Setting > USB Service > File Sharing > Add new user LABEL DESCRIPTION User Name Enter a user name. You can enter up to 16 characters. Only letters and numbers allowed. New Password Enter the password used to access the secured share. The password must be 5 to 15 characters long. Only letters and numbers are allowed.
Chapter 15 USB Service Figure 103 Network Setting > USB Service > Media Server The following table describes the labels in this menu. Table 77 Network Setting > USB Service > Media Server LABEL DESCRIPTION Media Server Select Enable to have the VMG function as a DLNA-compliant media server. Enable the media server to let (DLNA-compliant) media clients on your network play media files located in the shares. Interface Select an interface on which you want to enable the media server function.
C HAPTER 16 Firewall 16.1 Overview This chapter shows you how to enable and configure the VMG’s security settings. Use the firewall to protect your VMG and network from attacks by hackers on the Internet and control access to it. By default the firewall: • allows traffic that originates from your LAN computers to go to all other networks. • blocks traffic that originates on other networks from going to the LAN. The following figure illustrates the default firewall action.
Chapter 16 Firewall 16.1.2 What You Need to Know SYN Attack A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYNACKs are moved off the queue only when an ACK comes back or when an internal timer terminates the three-way handshake.
Chapter 16 Firewall Figure 105 Security > Firewall > General The following table describes the labels in this screen. Table 78 Security > Firewall > General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the VMG. Easy Select Easy to allow LAN to WAN and WAN to LAN packet directions. Medium Select Medium to allow LAN to WAN but deny WAN to LAN packet directions. High Select High to deny LAN to WAN and WAN to LAN packet directions.
Chapter 16 Firewall The following table describes the labels in this screen. Table 79 Security > Firewall > Protocol LABEL DESCRIPTION Add New Protocol Entry Click this to add a new service. Name This is the name of your customized service. Description This is the description of your customized service. Ports/Protocol Number This shows the IP protocol (TCP, UDP, ICMP, or TCP/UDP) and the port number or range of ports that defines your customized service.
Chapter 16 Firewall Table 80 Security > Firewall > Protocol: Add/Edit (continued) LABEL DESCRIPTION ICMPv6 Type This field is displayed if you select ICMPv6 as the protocol. Enter the type value for the ICMPv6 messages. OK Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. 16.4 The Access Control Screen Click Security > Firewall > Access Control to display the following screen. This screen displays a list of the configured incoming or outgoing filtering rules.
Chapter 16 Firewall Figure 109 Access Control: Add/Edit The following table describes the labels in this screen. Table 82 Access Control: Add/Edit LABEL DESCRIPTION Filter Name Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes. You must enter the filter name to add an ACL rule. This field is read-only if you are editing the ACL rule. Order Select the order of the ACL rule.
Chapter 16 Firewall Table 82 Access Control: Add/Edit (continued) LABEL DESCRIPTION Custom This field is displayed only when you select Specific Protocol in Select Protocol. Destination Port Enter a single port number or the range of port numbers of the destination. Policy Use the drop-down list box to select whether to discard (DROP), deny and send an ICMP destination-unreachable message to the sender of (REJECT) or allow the passage of (ACCEPT) packets that match this rule.
C HAPTER 17 MAC Filter 17.1 Overview You can configure the VMG to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. 17.
Chapter 17 MAC Filter The following table describes the labels in this screen. Table 84 Security > MAC Filter LABEL DESCRIPTION MAC Address Filter Select Enable to activate the MAC filter function. MAC Restrict Mode Select Allow to only permit the listed MAC addresses access to the VMG. Select Deny to permit anyone access to the VMG except the listed MAC addresses. Set This is the index number of the MAC address. Active Select Active to enable the MAC filter rule. .
C HAPTER 18 Parental Control 18.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the VMG performs parental control on a specific user. 18.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules. Click Security > Parental Control to open the following screen. Figure 112 Security > Parental Control The following table describes the fields in this screen.
Chapter 18 Parental Control Table 85 Security > Parental Control (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Delete icon to delete an existing rule. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 18.2.1 Add/Edit a Parental Control Profile Click Add New PCP in the Parental Control screen to add a new rule or click the Edit icon next to an existing rule to edit it.
Chapter 18 Parental Control Figure 114 Parental Control Rule: Add/Edit Rule > Add Service Figure 115 Parental Control Rule: Add/Edit Rule > Add Keyword The following table describes the fields in this screen. Table 86 Parental Control Rule: Add/Edit LABEL DESCRIPTION General Active Select to enable or disable this parental control rule. Parental Control Profile Name Enter a descriptive name for the rule.
Chapter 18 Parental Control Table 86 Parental Control Rule: Add/Edit (continued) LABEL DESCRIPTION Add New Service Click this to show a screen in which you can add a new service rule. You can configure the Service Name, Protocol, and Name of the new rule. # This shows the index number of the rule. Service Name This shows the name of the rule. Protocol:Port This shows the protocol and the port of the rule. Modify Click the Edit icon to go to the screen where you can edit the rule.
C HAPTER 19 Scheduler Rule 19.1 Overview You can define time periods and days during which the VMG performs scheduled rules of certain features (such as Firewall Access Control) in the Scheduler Rule screen. 19.2 The Scheduler Rule Screen Use this screen to view, add, or edit time schedule rules. Click Security > Scheduler Rule to open the following screen. Figure 117 Security > Scheduler Rule The following table describes the fields in this screen.
Chapter 19 Scheduler Rule Figure 118 Scheduler Rule: Add/Edit The following table describes the fields in this screen. Table 88 Scheduler Rule: Add/Edit LABEL DESCRIPTION Rule Name Enter a name (up to 31 printable English keyboard characters, not including spaces) for this schedule. Day Select check boxes for the days that you want the VMG to perform this scheduler rule. Time if Day Range Enter the time period of each day, in 24-hour format, during which the rule will be enforced.
C HAPTER 20 Certificates 20.1 Overview The VMG can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 20.1.1 What You Can Do in this Chapter • Use the Local Certificates screen to generate certification requests and import the VMG's CAsigned certificates (Section 20.4 on page 203).
Chapter 20 Certificates The following table describes the labels in this screen. Table 89 Security > Certificates > Local Certificates LABEL DESCRIPTION Private Key is protected by a password Select the checkbox and enter the private key into the text box to store it on the VMG. The private key should not exceed 63 ASCII characters (not including spaces). Choose File Click this to find the certificate file you want to upload.
Chapter 20 Certificates Figure 120 Create Certificate Request The following table describes the labels in this screen. Table 90 Create Certificate Request LABEL DESCRIPTION Certificate Name Type up to 63 ASCII characters (not including spaces) to identify this certificate. Common Name Select Auto to have the VMG configure this field automatically. Or select Customize to enter it manually. Type the IP address (in dotted decimal notation), domain name or e-mail address in the field provided.
Chapter 20 Certificates Figure 121 Certificate Request Created 20.3.2 Load Signed Certificate After you create a certificate request and have it signed by a Certificate Authority, in the Local Certificates screen click the certificate request’s Load Signed icon to import the signed certificate into the VMG. Note: You must remove any spaces from the certificate’s filename before you can import it.
Chapter 20 Certificates The following table describes the labels in this screen. Table 91 Load Signed Certificate LABEL DESCRIPTION Certificate Name This is the name of the signed certificate. Certificate Copy and paste the signed certificate into the text box to store it on the VMG. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 20.4 The Trusted CA Screen Click Security > Certificates > Trusted CA to open the following screen.
Chapter 20 Certificates Figure 124 Trusted CA: View The following table describes the fields in this screen. Table 93 Trusted CA: View LABEL DESCRIPTION Name This field displays the identifying name of this certificate. Type This field displays general information about the certificate. ca means that a Certification Authority signed the certificate.
Chapter 20 Certificates Figure 125 Trusted CA: Import Certificate The following table describes the fields in this screen. Table 94 Trusted CA: Import Certificate LABEL DESCRIPTION Certificate File Path Type in the location of the certificate you want to upload in this field or click Choose File to find it. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
C HAPTER 21 Log 21.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the VMG log and then display the logs or have the VMG send them to an administrator (as e-mail) or to a syslog server. 21.1.1 What You Can Do in this Chapter • Use the System Log screen to see the system logs (Section 21.2 on page 207). • Use the Security Log screen to see the security-related logs for the categories that you select (Section 21.3 on page 207). 21.1.
Chapter 21 Log Table 95 Syslog Severity Levels CODE SEVERITY 5 Notice: There is a normal but significant condition on the system. 6 Informational: The syslog contains an informational message. 7 Debug: The message is intended for debug-level purposes. 21.2 The System Log Screen Use the System Log screen to see the system logs. Click System Monitor > Log to open the System Log screen. Figure 126 System Monitor > Log > System Log The following table describes the fields in this screen.
Chapter 21 Log Figure 127 System Monitor > Log > Security Log The following table describes the fields in this screen. Table 97 System Monitor > Log > Security Log LABEL DESCRIPTION Level Select a severity level from the drop-down list box. This filters search results according to the severity level you have selected. When you select a severity, the VMG searches through all logs of that severity or higher. Category Select the type of logs to display. Clear Log Click this to delete all the logs.
C HAPTER 22 Traffic Status 22.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN, LAN interfaces and NAT. 22.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 22.2 on page 209). • Use the LAN screen to view the LAN traffic statistics (Section 22.3 on page 210). • Use the NAT screen to view the NAT status of the VMG’s client(s) (Section 22.4 on page 211) 22.
Chapter 22 Traffic Status The following table describes the fields in this screen. Table 98 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Connected Interface This shows the name of the WAN interface that is currently connected. Packets Sent Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface.
Chapter 22 Traffic Status The following table describes the fields in this screen. Table 99 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Interface This shows the LAN or WLAN interface. Bytes Sent This indicates the number of bytes transmitted on this interface. Bytes Received This indicates the number of bytes received on this interface. Interface This shows the LAN or WLAN interfaces.
C HAPTER 23 ARP Table 23.1 Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The ARP Table maintains an association between each MAC address and its corresponding IP address. 23.1.
Chapter 23 ARP Table The following table describes the labels in this screen. Table 101 System Monitor > ARP Table LABEL DESCRIPTION # This is the ARP table entry number. IPv4/IPv6 Address This is the learned IPv4 or IPv6 address of a device connected to a port. MAC Address This is the MAC address of the device with the listed IP address. Device This is the type of interface used by the device.
C HAPTER 24 Routing Table 24.1 Overview Routing is based on the destination address only and the VMG takes the shortest path to forward a packet. 24.2 The Routing Table Screen Click System Monitor > Routing Table to open the following screen. Figure 132 System Monitor > Routing Table The following table describes the labels in this screen.
Chapter 24 Routing Table Table 102 System Monitor > Routing Table (continued) LABEL DESCRIPTION Flag This indicates the route status. U-Up: The route is up. !-Reject: The route is blocked and will force a route lookup to fail. G-Gateway: The route uses a gateway to forward traffic. H-Host: The target of the route is a host. R-Reinstate: The route is reinstated for dynamic routing. D-Dynamic (redirect): The route is dynamically installed by a routing daemon or redirect.
C HAPTER 25 Multicast Status 25.1 Overview Use the Multicast Status screens to look at IGMP/MLD group status and traffic statistics. 25.2 The IGMP Status Screen Use this screen to look at the current list of multicast groups the VMG has joined and which ports have joined it. To open this screen, click System Monitor > Multicast Status > IGMP Status. Figure 133 System Monitor > Multicast Status > IGMP Status The following table describes the labels in this screen.
Chapter 25 Multicast Status Figure 134 System Monitor > Multicast Status > MLD Status The following table describes the labels in this screen. Table 104 System Monitor > Multicast Status > MLD Status LABEL DESCRIPTION Refresh Click this button to update the status on this screen. Interface This field displays the name of an interface on the VMG that belongs to an MLD multicast group. Multicast Group This field displays the name of the MLD multicast group to which the interface belongs.
C HAPTER 26 xDSL Statistics 26.1 The xDSL Statistics Screen Use this screen to view detailed DSL statistics. Click System Monitor > xDSL Statistics to open the following screen. Figure 135 System Monitor > xDSL Statistics The following table describes the labels in this screen. Table 105 Status > xDSL Statistics LABEL DESCRIPTION Refresh Interval Select the time interval for refreshing statistics. Line Select which DSL line’s statistics you want to display.
Chapter 26 xDSL Statistics Table 105 Status > xDSL Statistics (continued) LABEL DESCRIPTION Link Uptime This displays how long the port has been running (or connected) since the last time it was started. xDSL Port Details Upstream These are the statistics for the traffic direction going out from the port to the service provider. Downstream These are the statistics for the traffic direction coming into the port from the service provider.
Chapter 26 xDSL Statistics Table 105 Status > xDSL Statistics (continued) LABEL DESCRIPTION SES This is the number of Severely Errored Seconds meaning the number of seconds containing 30% or more errored blocks or at least one defect. This is a subset of ES. UAS This is the number of UnAvailable Seconds. LOS This is the number of Loss Of Signal seconds. LOF This is the number of Loss Of Frame seconds. LOM This is the number of Loss of Margin seconds.
C HAPTER 27 System 27.1 Overview In the System screen, you can name your VMG (Host) and give it an associated domain name for identification purposes. 27.2 The System Screen Click Maintenance > System to open the following screen. Figure 136 Maintenance > System The following table describes the labels in this screen. Table 106 Maintenance > System LABEL DESCRIPTION Host Name Type a hostname for your VMG.
C HAPTER 28 User Account 28.1 Overview In the User Account screen, you can view the settings of the “admin” and other user accounts that you used to log in the VMG. 28.2 The User Account Screen Click Maintenance > User Account to open the following screen. Figure 137 Maintenance > User Account The following table describes the labels in this screen. Table 107 Maintenance > User Account LABEL DESCRIPTION Add New Account Click this button to add a new user account.
Chapter 28 User Account Figure 138 Maintenance > User Account > Add/Edit The following table describes the labels in this screen. Table 108 Maintenance > User Account > Add/Edit LABEL DESCRIPTION User Name Enter a new name for the account. This field displays the name of an existing account. Old Password Type the default password or the existing password used to access the VMG web configurator. Password/New Password Type your new system password (up to 256 characters).
C HAPTER 29 Remote Management 29.1 Overview Remote management controls through which interface(s), which services can access the VMG. Note: The VMG is managed using the Web Configurator. 29.2 The MGMT Services Screen Use this screen to configure through which interface(s), which services can access the VMG. You can also specify the port numbers the services must use to connect to the VMG. Click Maintenance > Remote Management > MGMT Services to open the following screen.
Chapter 29 Remote Management Table 109 Maintenance > Remote Management > MGMT Services (continued) LABEL DESCRIPTION WAN Select the Enable check box for the corresponding services that you want to allow access to the VMG from all WAN connections. Trust Domain Select the Enable check box for the corresponding services that you want to allow access to the VMG from the trusted hosts configured in the Maintenance > Remote MGMT > Trust Domain screen.
Chapter 29 Remote Management Figure 141 Maintenance > Remote Management > Trust Domain > Add Trust Domain The following table describes the fields in this screen. Table 111 Maintenance > Remote Management > Trust Domain > Add Trust Domain LABEL DESCRIPTION IP Address Enter a public IPv4 IP address which is allowed to access the service on the VMG from the WAN. OK Click OK to save your changes back to the VMG. Cancel Click Cancel to exit this screen without saving.
C HAPTER 30 SNMP 30.1 Overview This chapter explains how to configure the SNMP settings on the VMG. 30.2 The SNMP Screen Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Your VMG supports SNMP agent functionality, which allows a manager station to manage and monitor the VMG through the network. The VMG supports SNMP version one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation.
Chapter 30 SNMP SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: • Get - Allows the manager to retrieve an object variable from the agent. • GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent.
C HAPTER 31 Time Settings 31.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 31.2 The Time Screen To change your VMG’s time and date, click Maintenance > Time. The screen appears as shown. Use this screen to configure the VMG’s time based on your local time zone. Figure 144 Maintenance > Time The following table describes the fields in this screen.
Chapter 31 Time Settings Table 113 Maintenance > Time (continued) LABEL DESCRIPTION Time and Date Setup First ~ Fifth Time Server Address Select an NTP time server from the drop-down list box. Otherwise, select Other and enter the IP address or URL (up to 29 extended ASCII characters in length) of your time server. Select None if you don’t want to configure the time server. Check with your ISP/network administrator if you are unsure of this information.
C HAPTER 32 E-mail Notification 32.1 Overview A mail server is an application or a computer that runs such an application to receive, forward and deliver e-mail messages. To have the VMG send reports, logs or notifications via e-mail, you must specify an e-mail server and the e-mail addresses of the sender and receiver. 32.2 The E-mail Notification Screen Click Maintenance > E-mail Notification to open the E-mail Notification screen.
Chapter 32 E-mail Notification Figure 146 Email Notification > Add The following table describes the labels in this screen. Table 115 Email Notification > Add LABEL DESCRIPTION Mail Server Address Enter the server name or the IP address of the mail server for the e-mail address specified in the Account Email Address field. If this field is left blank, reports, logs or notifications will not be sent via e-mail. Port Enter the same port number here as is on the mail server for mail traffic.
C HAPTER 33 Log Setting 33.1 Overview You can configure where the VMG sends logs and which logs and/or immediate alerts the VMG records in the Logs Setting screen. 33.2 The Log Settings Screen To change your VMG’s log settings, click Maintenance > Logs Setting. The screen appears as shown.
Chapter 33 Log Setting The following table describes the fields in this screen. Table 116 Maintenance > Logs Setting LABEL DESCRIPTION Syslog Setting Syslog Logging The VMG sends a log to an external syslog server. Select Enable to enable syslog logging. Mode Select the syslog destination from the drop-down list box. If you select Remote, the log(s) will be sent to a remote syslog server. If you select Local File, the log(s) will be saved in a local file.
Chapter 33 Log Setting Figure 148 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy |forward | 09:54:17 |UDP src port:00520 dest port:00520 |<1,00> | 3|Apr 7 00 |From:192.168.1.6 To:10.10.10.
C HAPTER 34 Firmware Upgrade 34.1 Overview This chapter explains how to upload new firmware to your VMG. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your VMG. 34.2 The Firmware Screen Click Maintenance > Firmware Upgrade to open the following screen.
Chapter 34 Firmware Upgrade Table 117 Maintenance > Firmware Upgrade LABEL DESCRIPTION Choose File Click this to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click this to begin the upload process. This process may take up to two minutes. Figure 150 Firmware Uploading The VMG automatically restarts in this time causing a temporary network disconnect.
C HAPTER 35 Backup/Restore 35.1 Overview The Backup/Restore screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 35.2 The Backup/Restore Screen Click Maintenance > Backup/Restore. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Chapter 35 Backup/Restore Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your VMG. Table 118 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Choose File to find it. Choose File Click this to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 35 Backup/Restore Figure 155 Reset Warning Message Figure 156 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your VMG. Refer to Section 1.6 on page 20 for more information on the RESET button. 35.3 The Reboot Screen System restart allows you to reboot the VMG remotely without turning the power off. You may need to do this if the VMG hangs, for example. Click Maintenance > Reboot. Click Reboot to have the VMG reboot.
C HAPTER 36 Diagnostic 36.1 Overview The Diagnostic screens display information to help you identify problems with the VMG. The route between a CO VDSL switch and one of its CPE may go through switches owned by independent organizations. A connectivity fault point generally takes time to discover and impacts subscriber’s network access. In order to eliminate the management and maintenance efforts, IEEE 802.
Chapter 36 Diagnostic 36.3 Ping & TraceRoute & NsLookup Use this screen to ping, traceroute, or nslookup an IP address. Click Maintenance > Diagnostic > Ping&TraceRoute&NsLookup to open the screen shown next. Figure 158 Maintenance > Diagnostic > Ping &TraceRoute&NsLookup The following table describes the fields in this screen.
Chapter 36 Diagnostic Figure 159 Maintenance > Diagnostic > 802.1ag The following table describes the fields in this screen. Table 120 Maintenance > Diagnostic > 802.1ag LABEL DESCRIPTION 802.1ag Connectivity Fault Management Maintenance Domain (MD) Level Select a level (0-7) under which you want to create an MA. Destination MAC Address Enter the target device’s MAC address to which the VMG performs a CFM loopback test. 802.1Q VLAN ID Type a VLAN ID (0-4095) for this MA.
Chapter 36 Diagnostic ATM sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel (VC) Logical connections between ATM devices • Virtual Path (VP) A bundle of virtual channels • Virtual Circuits A series of virtual paths between circuit end points Figure 160 Virtual Circuit Topology Think of a virtual path as a cable that contains a bundle of wires.
Chapter 36 Diagnostic Figure 161 Maintenance > Diagnostic > OAM Ping The following table describes the fields in this screen. Table 121 Maintenance > Diagnostic > OAM Ping LABEL DESCRIPTION Select a PVC on which you want to perform the loopback test. F4 segment Press this to perform an OAM F4 segment loopback test. F4 end-end Press this to perform an OAM F4 end-to-end loopback test. F5 segment Press this to perform an OAM F5 segment loopback test.
C HAPTER 37 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • VMG Access and Login • Internet Access • Wireless Internet Access • USB Device Connection • UPnP 37.1 Power, Hardware Connections, and LEDs The VMG does not turn on. None of the LEDs turn on. 1 Make sure the VMG is turned on.
Chapter 37 Troubleshooting 5 If the problem continues, contact the vendor. 37.2 VMG Access and Login I forgot the IP address for the VMG. 1 The default LAN IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the VMG by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Chapter 37 Troubleshooting 5 Reset the device to its factory defaults, and try to access the VMG with the default IP address. See Section 1.6 on page 20. 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Make sure you have logged out of any earlier management sessions using the same user account even if they were through a different interface or using a different browser.
Chapter 37 Troubleshooting 37.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page 18. 2 Make sure you entered your ISP account information correctly in the Network Setting > Broadband screen. These fields are case-sensitive, so make sure [Caps Lock] is not on.
Chapter 37 Troubleshooting 2 Make sure you converted LAN port number four as WAN. Click Enable in Network Setting > Broadband > Ethernet WAN screen. 3 Make sure you configured a proper Ethernet WAN interface (Network Setting > Broadband screen) with the Internet account information provided by your ISP and that it is enabled. 4 Check that the LAN interface you are connected to is in the same interface group as the Ethernet WAN connection (Network Setting > Interface Grouping).
Chapter 37 Troubleshooting • Try closing some programs that use the Internet, especially peer-to-peer applications. If the wireless client is sending or receiving a lot of information, it may have too many programs open that use the Internet. What is a Server Set ID (SSID)? An SSID is a name that uniquely identifies a wireless network. The AP and all the clients within a wireless network must use the same SSID. 37.5 USB Device Connection The VMG fails to detect my USB device.
P ART III Appendices Appendices contain general information. Some information may not apply to your device.
A PPENDIX A Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/homepage.shtml and also http://www.zyxel.com/about_zyxel/zyxel_worldwide.shtml for the latest information. Please have the following information ready when you contact an office. Required Information • Product model and serial number.
Appendix A Customer Support Korea • ZyXEL Korea Corp. • http://www.zyxel.kr Malaysia • ZyXEL Malaysia Sdn Bhd. • http://www.zyxel.com.my Pakistan • ZyXEL Pakistan (Pvt.) Ltd. • http://www.zyxel.com.pk Philippines • ZyXEL Philippines • http://www.zyxel.com.ph Singapore • ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com/tw/zh/ Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.
Appendix A Customer Support Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ • http://www.zyxel.com/be/fr/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech Republic • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland • ZyXEL Communications • http://www.zyxel.fi France • ZyXEL France • http://www.zyxel.
Appendix A Customer Support Latvia • ZyXEL Latvia • http://www.zyxel.com/lv/lv/homepage.shtml Lithuania • ZyXEL Lithuania • http://www.zyxel.com/lt/lt/homepage.shtml Netherlands • ZyXEL Benelux • http://www.zyxel.nl Norway • ZyXEL Communications • http://www.zyxel.no Poland • ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.
Appendix A Customer Support • http://www.zyxel.ch/ Turkey • ZyXEL Turkey A.S. • http://www.zyxel.com.tr UK • ZyXEL Communications UK Ltd. • http://www.zyxel.co.uk Ukraine • ZyXEL Ukraine • http://www.ua.zyxel.com Latin America Argentina • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Brazil • ZyXEL Communications Brasil Ltda. • https://www.zyxel.com/br/pt/ Ecuador • ZyXEL Communication Corporation • http://www.zyxel.
Appendix A Customer Support North America USA • ZyXEL Communications, Inc. - North America Headquarters • http://www.zyxel.com/us/en/ Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.
A PPENDIX B Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix B Wireless LANs Figure 163 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Appendix B Wireless LANs Figure 164 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
Appendix B Wireless LANs Figure 165 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
Appendix B Wireless LANs IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows: Table 122 IEEE 802.
Appendix B Wireless LANs • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients. RADIUS RADIUS is based on a client-server model that supports authentication, authorization and accounting.
Appendix B Wireless LANs shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.
Appendix B Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco.
Appendix B Wireless LANs WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2.
Appendix B Wireless LANs pre-authentication. These two features are optional and may not be supported in all wireless devices. Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.
Appendix B Wireless LANs Figure 166 WPA(2) with RADIUS Application Example WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). 2 The AP checks each wireless client's password and allows it to join the network only if the password matches.
Appendix B Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 125 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTIO METHOD/ KEY MANAGEMENT PROTOCOL N METHOD ENTER MANUAL KEY IEEE 802.
Appendix B Wireless LANs 2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a range increase of approximately 5%. Actual results may vary depending on the network environment. Antenna gain is sometimes specified in dBi, which is how much the antenna increases the signal power compared to using an isotropic antenna. An isotropic antenna is a theoretical perfect antenna that sends out radio signals equally well in all directions.
A PPENDIX C IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted.
Appendix C IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address. It is similar to “0.0.0.0” in IPv4. Loopback Address A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to “127.0.0.1” in IPv4.
Appendix C IPv6 Table 128 Reserved Multicast Address (continued) MULTICAST ADDRESS FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
Appendix C IPv6 the time T2 is reached and the server does not respond, the client sends a Rebind message to any available server (S2). For an IA_TA, the client may send a Renew or Rebind message at the client's discretion. T2 T1 Renew Renew to S1 to S1 Renew Renew to S1 to S1 Renew to S1 Renew to S1 Rebind to S2 Rebind to S2 DHCP Relay Agent A DHCP relay agent is on the same network as the DHCP clients and helps forward messages between the DHCP server and clients.
Appendix C IPv6 • Neighbor advertisement: A response from a node to announce its link-layer address. • Router solicitation: A request from a host to locate a router that can act as the default router and forward packets. • Router advertisement: A response to a router solicitation or a periodical multicast advertisement from a router to advertise its presence and other parameters. IPv6 Cache An IPv6 host is required to have a neighbor cache, destination cache, prefix list and default router list.
Appendix C IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses. C:\>ipv6 install Installing... Succeeded. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific IP Address. . . . . Subnet Mask . . . . IP Address. . . . .
Appendix C IPv6 5 Click Start and then OK. 6 Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer. To enable IPv6 in Windows 7: 1 Select Control Panel > Network and Sharing Center > Local Area Connection. 2 Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. 3 Click OK to save the change.
Appendix C IPv6 4 Click Close to exit the Local Area Connection Status screen. 5 Select Start > All Programs > Accessories > Command Prompt. 6 Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS IPv6 Address. . . . . . Link-local IPv6 Address IPv4 Address. . . . . . Subnet Mask . . . . . . Default Gateway .
A PPENDIX D Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.
Appendix D Services Table 129 Examples of Services NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service. AIM TCP 5190 AOL’s Internet Messenger service. AUTH TCP 113 Authentication protocol used by some servers. BGP TCP 179 Border Gateway Protocol. BOOTP_CLIENT UDP 68 DHCP Client. BOOTP_SERVER UDP 67 DHCP Server.
Appendix D Services Table 129 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION NFS UDP 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments. NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. PING User-Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.
Appendix D Services Table 129 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server. TACACS UDP 49 Login Host Protocol used for (Terminal Access Controller Access Control System). TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.
A PPENDIX E Legal Information Copyright Copyright © 2016 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix E Legal Information The following information applies if you use the product within the European Union. Declaration of Conformity with Regard to EU Directive 1999/5/EC (R&TTE Directive) Compliance information for 2.
Appendix E Legal Information Ce produit peut être utilisé dans tous les pays de l’UE (et dans tous les pays ayant transposés la directive 1999/5/CE) sans aucune limitation, excepté pour les pays mentionnés ci-dessous: Questo prodotto è utilizzabile in tutte i paesi EU (ed in tutti gli altri paesi che seguono le direttiva 1999/5/EC) senza nessuna limitazione, eccetto per i paesii menzionati di seguito: Das Produkt kann in allen EU Staaten ohne Einschränkungen eingesetzt werden (sowie in anderen Staaten die
Appendix E Legal Information List of national codes COUNTRY ISO 3166 2 LETTER CODE COUNTRY ISO 3166 2 LETTER CODE Austria AT Liechtenstein LI Belgium BE Lithuania LT Bulgaria BG Luxembourg LU Croatia HR Malta MT Cyprus CY Netherlands NL Czech Republic CZ Norway NO Denmark DK Poland PL Estonia EE Portugal PT Finland FI Romania RO France FR Serbia RS Germany DE Slovakia SK Greece GR Slovenia SI Hungary HU Spain ES Iceland IS Switzerland CH Ireland
Appendix E Legal Information European Union - Disposal and Recycling Information The symbol below means that according to local regulations your product and/or its battery shall be disposed of separately from domestic waste. If this product is end of life, take it to a recycling station designated by local authorities. At the time of disposal, the separate collection of your product and/or its battery will help save natural resources and ensure that the environment is sustainable development.
Appendix E Legal Information Environmental Product Declaration VMG4825-B10A User’s Guide 289
Appendix E Legal Information 台灣 以下訊息僅適用於產品具有無線功能且銷售至台灣地區 第十二條 經型式認證合格之低功率射頻電機,非經許可,公司,商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應立即停用,並改善至無干擾時方得繼續使用。 前項合法通信,指依電信法規定作業之無線電通信。 低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 無線資訊傳輸設備忍受合法通信之干擾且不得干擾合法通信;如造成干擾,應立即停用, 俟無干擾之虞,始得繼續使用。 無線資訊傳設備的製造廠商應確保頻率穩定性,如依製造廠商使用手冊上所述正常操作, 發射的信號應維持於操作頻帶中 以下訊息僅適用於產品操作於 5.25-5.35 秭赫頻帶內並銷售至台灣地區 • 在 5.25-5.
Appendix E Legal Information Open Source Licenses This product contains in part some free software distributed under GPL license terms and/or GPL like licenses. Open source licenses are provided with the firmware package. You can download the latest firmware at www.zyxel.com. To obtain the source code covered under those Licenses, please contact support@zyxel.com.tw to get it.
Index Index example 103 A ACL rule 188 activation firewalls 185 media server 183 SIP ALG 161 SSID 90 C CA 199, 265 Canonical Format Indicator See CFI CCMs 241 Address Resolution Protocol 212 certificate factory default 200 administrator password 22 antenna directional 271 gain 270 omni-directional 271 Certificate Authority See CA.
Index restoring 239 static route 78, 128, 130, 169 E Connectivity Check Messages, see CCMs EAP Authentication 265 copyright 284 ECHO 166 CoS 148 e-mail log example 234 CoS technologies 135 creating certificates 200 Encapsulation 78 MER 79 PPP over Ethernet 79 CTS (Clear to Send) 262 CTS threshold 96, 100 encapsulation RFC 1483 79 encryption 102, 267 D ESS 260 Extended Service Set IDentification 86, 91 data fragment threshold 96, 100 Extended Service Set, See ESS 260 DDoS 185 default server
Index unspecified address 273 H iTunes server 182 hidden node 261 HTTP 166 L LAN 111 client list 117 DHCP 112, 124 DNS 112, 124 IP address 112, 113, 125 MAC address 117 status 59 subnet mask 112, 113, 125 I IBSS 259 IEEE 802.11g 263 IEEE 802.
Index MBSSID 104 PBC 105 MD 241 Peak Cell Rate (PCR) 80 media server 182 activation 183 iTunes server 182 Per-Hop Behavior, see PHB 148 PHB 148 MEP 241 PIN, WPS 105 example 106 MSCHAP 68 Ping of Death 185 MTU (Multi-Tenant Unit) 81 Point-to-Point Tunneling Protocol, see PPTP multicast 82 POP3 166 Multiple BSS, see MBSSID port forwarding 153 multiplexing 79 LLC-based 80 VC-based 79 ports 19 multiprotocol encapsulation 79 PPTP 166 PPPoE 79 Benefits 79 preamble 97, 100 preamble mode 104 N
Index RFC 1389. See RIP. RFC 3164 206 static route 127, 133, 231 configuration 78, 128, 130, 169 example 127 RIP 133 static VLAN router features 16 status 56 firmware version 58 LAN 59 WAN 58 wireless LAN 59 RFC 1483 79 Routing Information Protocol.
Index wireless LAN 84, 98 authentication 100, 102 BSS 103 example 103 channel 100 encryption 102 example 99 fragmentation threshold 96, 100 limitations 103 MAC address filter 92, 101 MBSSID 104 preamble 97, 100 RADIUS server 102 RTS/CTS threshold 96, 100 security 100 SSID 101 activation 90 status 59 WEP 102 WPA 102 WPA-PSK 102 WPS 104, 107 example 108 limitations 109 PIN 105 push button 105 U unicast 82 Universal Plug and Play, see UPnP upgrading firmware 236 UPnP 118 cautions 113 NAT traversal 112 USB fe
Index WPA-PSK 102, 267 application example 269 WPS 104, 107 example 108 limitations 109 PIN 105 example 106 push button 105 Z ZyXEL Family Safety page 196 VMG4825-B10A User’s Guide 298
