EMG5324-D10A Wireless N GbE VoIP IAD with USB Default Login Details LAN IP Address https://192.168.1.1 User Name Admin account: admin User account: user Password Admin password: 1234 User password: 1234 IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. www.zyxel.com Version 3.00 Edition 1, 4/2012 www.zyxel.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Graphics in this book may differ slightly from the product due to differences in operating systems, operating system versions, or if you installed updated firmware/software for your device. Every effort has been made to ensure that the information in this manual is accurate. Related Documentation • Quick Start Guide The Quick Start Guid shows how to connect the EMG5324-D10A and access the Web Configurator.
Contents Overview Contents Overview User’s Guide .......................................................................................................................................15 Introduction .............................................................................................................................................17 Introducing the Web Configurator ...........................................................................................................23 Tutorials ..............
Contents Overview 4 EMG5324-D10A User’s Guide
Table of Contents Table of Contents Contents Overview ..............................................................................................................................3 Table of Contents .................................................................................................................................5 Part I: User’s Guide ......................................................................................... 15 Chapter 1 Introduction...........................................
Table of Contents 3.5 Using the File Sharing Feature .........................................................................................................42 3.5.1 Set Up File Sharing .................................................................................................................43 3.5.2 Access Your Shared Files From a Computer ..........................................................................44 3.6 Using the Media Server Feature .................................................
Table of Contents 6.2 The Wireless General Screen ..........................................................................................................97 6.2.1 No Security ..............................................................................................................................98 6.2.2 Basic (Static WEP/Shared WEP Encryption) ...........................................................................99 6.2.3 More Secure (WPA(2)-PSK) .................................................
Table of Contents Chapter 9 Quality of Service (QoS)...................................................................................................................149 9.1 Overview .........................................................................................................................................149 9.1.1 What You Can Do in this Chapter ..........................................................................................149 9.1.2 What You Need to Know ..........................
Table of Contents 12.2 The Interface Group Screen ..........................................................................................................175 12.2.1 Interface Group Configuration .............................................................................................176 Chapter 13 Firewall ..............................................................................................................................................177 13.1 Overview ....................................
Table of Contents Chapter 17 VPN ....................................................................................................................................................201 17.1 Overview .......................................................................................................................................201 17.1.1 What You Can Do in the VPN Screens ................................................................................201 17.1.2 What You Need to Know About IPSec VPN ..
Table of Contents Chapter 19 Logs ..................................................................................................................................................243 19.1 Overview ......................................................................................................................................243 19.1.1 What You Can Do in this Chapter ........................................................................................243 19.1.2 What You Need To Know ...............
Table of Contents Chapter 26 Log Setting .......................................................................................................................................263 26.1 Overview ......................................................................................................................................263 26.2 The Log Setting Screen ................................................................................................................263 Chapter 27 Firmware Upgrade ......
Table of Contents Appendix F IPv6 ...............................................................................................................................357 Appendix G Legal Information .........................................................................................................369 Index ..................................................................................................................................................
Table of Contents 14 EMG5324-D10A User’s Guide
P ART I User’s Guide 15
C HAPT ER 1 Introduction 1.1 Overview The Device is an Ethernet integrated access device (IAD), which provides Voice over IP (VoIP) communication capabilities to allow you to use a traditional analog telephone to make Internet calls. By integrating all of these features, you are provided with ease of installation and high-speed, shared Internet access. The Device is also a complete security solution with a robust firewall based on Stateful Packet Inspection (SPI) technology and Denial of Service (DoS).
Chapter 1 Introduction 1.2.2 VoIP Features You can register 1 SIP (Session Initiation Protocol) profile (2 accounts for that profile) and use the Device to make and receive VoIP telephone calls: Figure 2 Device’s VoIP Application PSTN The Device sends your call to a VoIP service provider’s SIP server which forwards your calls to either VoIP or PSTN phones. 1.2.3 Wireless Connection By default, the wireless LAN (WLAN) is enabled on the Device. Once Wireless is enabled, IEEE 802.
Chapter 1 Introduction Turn the Wireless LAN On or Off 1 Make sure the POWER LED is on (not blinking). 2 Press the WLAN ON/OFF button for one second and release it. The WLAN/WPS LED should change from on to off or vice versa. Activate WPS 1 Make sure the POWER LED is on (not blinking). 2 Press the WLAN ON/OFF button for more than five seconds and release it. Press the WPS button on another WPS -enabled device within range of the Device.
Chapter 1 Introduction 1.4 Ways to Manage the Device Use any of the following methods to manage the Device. • Web Configurator. This is recommended for everyday management of the Device using a (supported) web browser. • FTP for firmware upgrades and configuration backup/restore. 1.5 Good Habits for Managing the Device Do the following things regularly to make the Device more secure and to manage the Device more effectively. • Change the password.
Chapter 1 Introduction Table 1 LED Descriptions (continued) LED COLOR PHONE1-2 Green Orange STATUS DESCRIPTION On A SIP account is registered for the phone port. Blinking A telephone connected to the phone port has its receiver off of the hook or there is an incoming call. On A SIP account is registered for the phone port and there is a voice message in the corresponding SIP account.
Chapter 1 Introduction 1.7 The RESET Button If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the device to reload the factory-default configuration file. This means that you will lose all configurations that you had previously and the passwords will be reset to the defaults. 22 1 Make sure the POWER LED is on (not blinking).
C HAPT ER 2 Introducing the Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later versions, Mozilla Firefox 3 and later versions, or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: • Web browser pop-up windows from your device.
Chapter 2 Introducing the Web Configurator Note: For security reasons, the Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. 5 The following screen displays if you have not yet changed your password. It is strongly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Skip to proceed to the main menu if you do not want to change the password now.
Chapter 2 Introducing the Web Configurator 2.2 The Web Configurator Layout Click Connection Status > System Info to show the following screen. Figure 8 Web Configurator Layout B A a b C As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar shows the following icon in the upper right corner. Click this icon to log out of the web configurator.
Chapter 2 Introducing the Web Configurator 2.2.2 Main Window The main window displays information and configuration fields. It is discussed in the rest of this document. After you click System Info on the Connection Status screen, the System Info screen is displayed. See Chapter 4 on page 77 for more information about the System Info screen. If you click LAN Device on the System Info screen (a in Figure 8 on page 25), the Connection Status screen appears.
Chapter 2 Introducing the Web Configurator Table 2 Navigation Panel Summary (continued) LINK TAB FUNCTION General Use this screen to turn the wireless connection on or off, specify the SSID(s) and configure the wireless LAN settings and WLAN authentication/security settings. More AP Use this screen to configure multiple BSSs on the Device. WPS Use this screen to use WPS (Wi-Fi Protected Setup) to establish a wireless connection. WMM Use this screen to enable or disable Wi-Fi MultiMedia (WMM).
Chapter 2 Introducing the Web Configurator Table 2 Navigation Panel Summary (continued) LINK TAB FUNCTION MAC Filter MAC Filter Use this screen to allow specific devices to access the Device. Parental Control Parental Control Use this screen to define time periods and days during which the Device performs parental control and/or block web sites with the specific URL.
Chapter 2 Introducing the Web Configurator Table 2 Navigation Panel Summary (continued) LINK TAB FUNCTION Backup/ Restore Backup/Restore Use this screen to backup and restore your device’s configuration (settings) or reset the factory default settings. Reboot Reboot Use this screen to reboot the Device without turning the power off. Diagnostic Ping/TraceRoute Use this screen to test the connections to other devices.
Chapter 2 Introducing the Web Configurator 30 EMG5324-D10A User’s Guide
C HAPT ER 3 Tutorials 3.1 Overview This chapter contains the following tutorials: • How to Set up a Wireless Network • Setting Up NAT Port Forwarding • How to Make a VoIP Call • Using the File Sharing Feature • Using the Media Server Feature • Using the Print Server Feature • Configuring the MAC Address Filter • Configuring Static Route for Routing to Another Network • Configuring QoS Queue and Class Setup • Access the Device Using DDNS 3.
Chapter 3 Tutorials 3.2.2 Configuring the AP Follow the steps below to configure the wireless settings on your AP. 1 Open the Network Setting > Wireless > General screen in the AP’s web configurator. Tutorial: Network > Wireless LAN > General 32 2 Make sure Enable Wireless LAN is selected. 3 Enter “SSID_Example3” as the SSID and select Auto in the Channel Selection field to have the device search for an available channel. 4 Select 802.11b/g in the Mode Select field.
Chapter 3 Tutorials 6 Click Connection Status > System Info.Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status. Tutorial: Network > Wireless LAN > SecuritOpen the Status screen. Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status Tutorial: Status This finishes the configuration of the AP. 3.2.
Chapter 3 Tutorials point, you must know its Service Set IDentity (SSID) and WPA-PSK pre-shared key. In this example, the SSID is “SSID_Example3” and the pre-shared key is “12MyWPAPSKpresharedkey34”. After you install the ZyXEL utility and then insert the wireless client, follow the steps below to connect to a network using the Site Survey screen. 1 Open the ZyXEL utility and click the Site Survey tab to open the screen shown next.
Chapter 3 Tutorials 4 The Confirm Save window appears. Check your settings and click Save to continue. Tutorial: Confirm Save 5 The ZyXEL utility returns to the Link Info screen while it connects to the wireless network using your settings. When the wireless link is established, the ZyXEL utility icon in the system tray turns green and the Link Info screen displays details of the active connection.
Chapter 3 Tutorials 1 Open the ZyXEL utility and click the Profile tab to open the screen shown next. Click Add to configure a new profile. Tutorial: Profile 2 The Add New Profile screen appears. The wireless client automatically searches for available wireless networks, and displays them in the Scan Info box. Click Scan if you want to search again. You can also configure your profile for a wireless network that is not in the list.
Chapter 3 Tutorials 5 This screen varies depending on the encryption method you selected in the previous screen. Enter the pre-shared key and leave the encryption type at the default setting. Tutorial: Profile Encryption 6 In the next screen, leave both boxes selected. Tutorial: Wireless Protocol Settings. 7 Verify the profile settings in the read-only screen. Click Save to save and go to the next screen. Tutorial: Confirm Save 8 Click Activate Now to use the new profile immediately.
Chapter 3 Tutorials Note: Only one profile can be activated and used at any given time. Tutorial: Activate 9 When you activate the new profile, the ZyXEL utility returns to the Link Info screen while it connects to the AP using your settings. When the wireless link is established, the ZyXEL utility icon in the system tray turns green and the Link Info screen displays details of the active connection. 10 Open your Internet browser, enter http://www.zyxel.
Chapter 3 Tutorials 2 Enter the following values: Service Name Select User Defined. WAN Interface Select the WAN interface through which the Doom service is forwarded. This is the default interface for this example, which is MyDSLConnection. Start/End Ports 666 Translation Start/End Ports 666 Server IP Address Enter the IP address of the Doom server. This is 192.168.1.34 for this example. Protocol Select TCP/UDP. This should be the protocol supported by the Doom server. 3 Click Apply.
Chapter 3 Tutorials The following parameters are used in this example: SIP Service Provider Name ServiceProvider1 SIP Server Address sip.example.com REGISTER Server Address registersip.example.com SIP Service Domain sip.example.com SIP Account Number 12345678 Username ChangeMe Password ThisIsMySIP 3.4.1 VoIP Calls With a Registered SIP Account To use a registered SIP account, you should configure the SIP service provider and applied for a SIP account. 3.4.1.
Chapter 3 Tutorials 5 Go to the SIP Account screen, click the Edit icon of SIP 1. 6 Select the Active SIP Account check box, then enter the SIP Account Number, Username, and Password. Leave other settings as default. 7 Click Apply to save your settings. 3.4.1.2 SIP Account Registration Follow the steps below to register and activate your SIP account. 1 Click Connection Status > System Info to check if your SIP account has been registered successfully.
Chapter 3 Tutorials 3.4.1.3 Analog Phone Configuration 1 Click VoIP > Phone to open the Phone Device screen. Click the Edit icon next to Analog Phone 1 to configure the first phone port. 2 Select SIP 1 from the SIP Account in the SIP Account to Make Outgoing Call section to have the phone (connected to the first phone port) use the registered SIP 1 account to make outgoing calls.
Chapter 3 Tutorials • Access the shared files of your USB device from a computer 3.5.1 Set Up File Sharing To set up file sharing you need to connect your USB device, enable file sharing and set up your share(s). 3.5.1.1 Activate File Sharing 1 Connect your USB device to one of the USB ports at the back panel of the Device. 2 Click Network Setting > Home Networking > File Sharing. Select Enable and click Apply to activate the file sharing function.
Chapter 3 Tutorials 3 You can add a description for the share or leave it blank. The Add Share Directory screen should look like the following.Click Apply to finish. Tutorial: USB Services > File Sharing > Share Configuration 4 This sets up the file sharing server. You can see the USB storage device listed in the table below. Tutorial: USB Services > File Sharing > Share Configuration (2) 3.5.
Chapter 3 Tutorials This section shows you how the media server feature works using the following media clients: • Microsoft (MS) Windows Media Player Media Server works with Windows Vista and Windows 7. Make sure your computer is able to play media files (music, videos and pictures). • ZyXEL DMA-2500, a digital media adapter You need to set up the DMA-2500 to work with your television (TV). Refer to the DMA-2500 Quick Start Guide for the correct hardware connections.
Chapter 3 Tutorials Windows Vista 1 Open Windows Media Player and click Library > Media Sharing as follows. Tutorial: Media Sharing using Windows Vista 2 Check Find media that others are sharing in the following screen and click OK.
Chapter 3 Tutorials 3 In the Library screen, check the left panel. The Windows Media Player should detect the Device. Tutorial: Media Sharing using Windows Vista (3) The Device displays as a playlist. Clicking on the category icons in the right panel shows you the media files in the USB storage device attached to your Device. Windows 7 1 Open Windows Media Player. It should automatically detect the Device.
Chapter 3 Tutorials 2 Select a category in the left panel and wait for Windows Media Player to connect to the Device. Tutorial: Media Sharing using Windows 7 (2) 3 In the right panel, you should see a list of files available in the USB storage device. Tutorial: Media Sharing using Windows 7 (2) 3.6.3 Using a Digital Media Adapter This section shows you how you can use the Device with a ZyXEL DMA-2500 to play media files stored in the USB storage device in your TV screen.
Chapter 3 Tutorials 1 Connect the DMA-2500 to an available LAN port in your Device. Tutorial: Media Server Setup (Using DMA) USB Storage Device DMA-2500 ZyXEL Device 2 Turn on the TV and wait for the DMA-2500 Home screen to appear. Using the remote control, go to MyMedia to open the following screen. Select the Device as your media server. Tutorial: Media Sharing using DMA-2500 3 The screen shows you the list of available media files in the USB storage device.
Chapter 3 Tutorials 3.7 Using the Print Server Feature In this section you can: • Configure a TCP/IP Printer Port • Add a New Printer Using Windows • Add a New Printer Using Macintosh OS X Configure a TCP/IP Printer Port This example shows how you can configure a TCP/IP printer port. This example is done using the Windows 2000 Professional operating system. Some menu items may look different on your operating system.
Chapter 3 Tutorials 3 Right click on your printer and select Properties. Tutorial: Open Printer Properties 4 Select the Ports tab and click Add Port... Tutorial: Printer Properties Window 5 A Printer Ports window appears. Select Standard TCP/IP Port and click New Port...
Chapter 3 Tutorials 6 Add Standard TCP/IP Printer Port Wizard window opens up. Click Next to start configuring the printer port. Tutorial: Add a Port Wizard 7 Enter the IP address of the Device to which the printer is connected in the Printer Name or IP Address: field. In our example we use the default IP address of the Device, 192.168.1.1. The Port Name field updates automatically to reflect the IP address of the port. Click Next.
Chapter 3 Tutorials 8 Select Custom under Device Type and click Settings. Tutorial: Custom Port Settings 9 Confirm the IP address of the Device in the IP Address field. 10 Select Raw under Protocol. 11 The Port Number is automatically configured as 9100. Click OK.
Chapter 3 Tutorials 12 Continue through the wizard, apply your settings and close the wizard window. Tutorial: Finish Adding the TCP/IP Port 13 Repeat steps 1 to 12 to add this printer to other computers on your network. Add a New Printer Using Windows This example shows how to connect a printer to your Device using the Windows XP Professional operating system. Some menu items may look different on your operating system.
Chapter 3 Tutorials 1 Click Start > Control Panel > Printers and Faxes to open the Printers and Faxes screen. Click Add a Printer. Tutorial: Printers Folder 2 The Add Printer Wizard screen displays. Click Next.
Chapter 3 Tutorials 3 Select Local printer attached to this computer and click Next. Tutorial: Add Printer Wizard: Local or Network Printer 4 Select Create a new port and Standard TCP/IP Port. Click Next.
Chapter 3 Tutorials 5 Add Standard TCP/IP Printer Port Wizard window opens up. Click Next to start configuring the printer port. Tutorial: Add a Port Wizard 6 Enter the IP address of the Device to which the printer is connected in the Printer Name or IP Address: field. In our example we use the default IP address of the Device, 192.168.1.1. The Port Name field updates automatically to reflect the IP address of the port. Click Next.
Chapter 3 Tutorials 7 Select Custom under Device Type and click Settings. Tutorial: Custom Port Settings 8 Confirm the IP address of the Device in the Printer Name or IP Address field. 9 Select Raw under Protocol. 10 The Port Number is automatically configured as 9100. Click OK to go back to the previous screen and click Next.
Chapter 3 Tutorials 11 Click Finish to close the wizard window. Tutorial: Finish Adding the TCP/IP Port 12 Select the make of the printer that you want to connect to the print server in the Manufacturer list of printers. 13 Select the printer model from the list of Printers. 14 If your printer is not displayed in the list of Printers, you can insert the printer driver installation CD/disk or download the driver file to your computer, click Have Disk… and install the new printer driver.
Chapter 3 Tutorials 16 If the following screen displays, select Keep existing driver radio button and click Next if you already have a printer driver installed on your computer and you do not want to change it. Otherwise, select Replace existing driver to replace it with the new driver you selected in the previous screen and click Next. Tutorial: Add Printer Wizard: Use Existing Driver 17 Type a name to identify the printer and then click Next to continue.
Chapter 3 Tutorials 18 The Device is a print server itself and you do not need to have your computer act as a print server by sharing the printer with other users in the same network; just select Do not share this printer and click Next to proceed to the following screen. Tutorial: Add Printer Wizard: Printer Sharing 19 Select Yes and then click the Next button if you want to print a test page. A pop-up screen displays to ask if the test page printed correctly.
Chapter 3 Tutorials 20 The following screen shows your current printer settings. Select Finish to complete adding a new printer. Tutorial: Add Printer Wizard Complete Add a New Printer Using Macintosh OS X Complete the following steps to set up a print server driver on your Macintosh computer. 1 Click the Print Center icon located in the Macintosh Dock (a place holding a series of icons/ shortcuts at the bottom of the desktop). Proceed to step 6 to continue.
Chapter 3 Tutorials 4 Double-click the Utilities folder. Tutorial: Applications Folder 5 Double-click the Print Center icon. Tutorial: Utilities Folder 6 Click the Add icon at the top of the screen. Tutorial: Printer List Folder 7 Set up your printer in the Printer List configuration screen. Select IP Printing from the dropdown list box. 8 In the Printer’s Address field, type the IP address of your Device. 9 Deselect the Use default queue on server check box.
Chapter 3 Tutorials 11 Select your Printer Model from the drop-down list box. If the printer's model is not listed, select Generic. Tutorial: Printer Configuration 12 Click Add to select a printer model, save and close the Printer List configuration screen. Tutorial: Printer Model 13 The Name LP1 on 192.168.1.1 displays in the Printer List field. The default printer Name displays in bold type. Tutorial: Print Server Your Macintosh print server driver setup is complete.
Chapter 3 Tutorials 3.8 Configuring the MAC Address Filter Thomas noticed that his daughter Josephine spends too much time surfing the web and downloading media files. He decided to prevent Josephine from accessing the Internet so that she can concentrate on preparing for her final exams. Josephine’s computer connects wirelessly to the Internet through the Device. Thomas decides to use the Security > MAC Filter screen to grant wireless network access to his computer but not to Josephine’s computer.
Chapter 3 Tutorials 3.9 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the Device’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings. In the following figure, router R is connected to the Device’s LAN. R connects to two networks, N1 (192.168.1.x/24) and N2 (192.168.10.x/24).
Chapter 3 Tutorials You need to specify a static routing rule on the Device to specify R as the router in charge of forwarding traffic to N2. In this case, the Device routes traffic from A to R and then R routes the traffic to B.This tutorial uses the following example IP settings: N1 A R N2 B Table 3 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS The Device’s WAN 172.16.1.1 The Device’s LAN 192.168.1.1 A 192.168.1.34 R’s N1 192.168.1.253 R’s N2 192.168.10.2 B 192.168.10.
Chapter 3 Tutorials • Type 192.168.1.253 (R’s N1 address) in the Gateway IP Address field. Click Apply. The Routing screen should display the route you just added. Now B should be able to receive traffic from A. You may need to additionally configure B’s firewall settings to allow specific traffic to pass through. 3.10 Configuring QoS Queue and Class Setup This section contains tutorials on how you can configure the QoS screen.
Chapter 3 Tutorials Note: QoS is applied to traffic flowing out of the Device. Traffic that does not match this class is assigned a priority queue based on the internal QoS mapping table on the Device. QoS Example ZyXEL Device Your computer IP=192.168.1.23 and/or MAC=AA:FF:AA:FF:AA:FF E-mail: Queue 7 1 DSL 10,000 kbps A colleague’s computer Other traffic: Automatic classifier Click Network Setting > QoS > General and check Active.
Chapter 3 Tutorials 3 Go to Network Setting > QoS > Class Setup. Click Add new Classifier to create a new class. Check Active and follow the settings as shown in the screen below. Then click Apply. Tutorial: Advanced > QoS > Class Setup Class Name Give a class name to this traffic, such as Email in this example. To Queue Link this to a queue created in the QoS > Queue Setup screen, which is the Email queue created in this example.
Chapter 3 Tutorials 4 Verify that the queue setup works by checking Network Setting > QoS > Monitor. This shows the bandwidth allotted to e-mail traffic compared to other network traffic. Tutorial: Advanced > QoS > Monitor 3.11 Access the Device Using DDNS If you connect your Device to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The Device’s WAN IP address changes dynamically.
Chapter 3 Tutorials 3.11.1 Registering a DDNS Account on www.dyndns.org 1 Open a browser and type http://www.dyndns.org. 2 Apply for a user account. This tutorial uses UserName1 and 12345 as the username and password. 3 Log into www.dyndns.org using your account. 4 Add a new DDNS host name. This tutorial uses the following settings as an example. • Hostname: zyxelrouter.dyndns.org • Service Type: Host with IP address • IP Address: Enter the WAN IP address that your Device is currently using.
P ART II Technical Reference The appendices provide general information. Some details may not apply to your Device.
C HAPT ER 4 Connection Status and System Info 4.1 Overview After you log into the web configurator, the Connection Status screen appears. This shows the network connection status of the Device and clients connected to it. Use the System Info screen to look at the current status of the device, system resources, interfaces (LAN, WAN and WLAN), and SIP accounts. You can also register and unregister SIP accounts.
Chapter 4 Connection Status and System Info If you prefer to view the status in a list, click List View in the Viewing mode selection box. You can configure how often you want the Device to update this screen in Refresh Interval. Figure 10 Connection Status: Icon View Figure 11 Connection Status: List View In Icon View, if you want to view information about a client, click the client’s name and Info. Click the IP address if you want to change it.
Chapter 4 Connection Status and System Info 4.3 The System Info Screen Click Connection Status > System Info to open this screen. Figure 12 System Info Screen Each field is described in the following table. Table 4 System Info Screen LABEL DESCRIPTION Language Select the web configurator language from the drop-down list box. Refresh Interval Select how often you want the Device to update this screen from the drop-down list box.
Chapter 4 Connection Status and System Info Table 4 System Info Screen (continued) LABEL DESCRIPTION Mode This is the method of encapsulation used by your ISP. IP Address This field displays the current IP address of the Device in the WAN. IP Subnet Mask This field displays the current subnet mask in the WAN. LAN Information IP Address This field displays the current IP address of the Device in the LAN. IP Subnet Mask This field displays the current subnet mask in the LAN.
Chapter 4 Connection Status and System Info Table 4 System Info Screen (continued) LABEL DESCRIPTION System Resource CPU Usage This field displays what percentage of the Device’s processing ability is currently used. When this percentage is close to 100%, the Device is running at full load, and the throughput is not going to improve anymore. If you want some applications to have more throughput, you should turn off other applications.
Chapter 4 Connection Status and System Info 80 EMG5324-D10A User’s Guide
C HAPT ER 5 Broadband 5.1 Overview This chapter discusses the Device’s Broadband screens. Use these screens to configure your Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Chapter 5 Broadband 5.1.1 What You Can Do in this Chapter • Use the Broadband screen to view, remove or add a WAN interface. You can also configure the WAN settings on the Device for Internet access (Section 5.2 on page 84). • Use the 3G Backup screen to configure 3G WAN connection (Section 5.3 on page 89). 5.1.2 What You Need to Know The following terms and concepts may help as you read this chapter.
Chapter 5 Broadband IPv6 Introduction IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. The Device can use IPv4/IPv6 dual stack to connect to IPv4 and IPv6 networks, and supports IPv6 rapid deployment (6RD). IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:).
Chapter 5 Broadband Prefix Delegation Prefix delegation enables an IPv6 router to use the IPv6 prefix (network address) received from the ISP (or a connected uplink router) for its LAN. The Device uses the received IPv6 prefix (for example, 2001:db2::/48) to generate its LAN IP address. Through sending Router Advertisements (RAs) regularly by multicast, the Device passes the IPv6 prefix information to LAN hosts. The hosts use the prefix to generate their IPv6 addresses. 5.1.
Chapter 5 Broadband Table 5 Network Setting > Broadband (continued) LABEL DESCRIPTION IGMP Proxy This shows whether IGMP (Internet Group Multicast Protocol) is activated or not for this connection. IGMP is not available when the connection uses the bridging service. NAT This shows whether NAT is activated or not for this connection. NAT is not available when the connection uses the bridging service.
Chapter 5 Broadband The following table describes the fields in this screen. Table 6 Broadband Add/Edit: Routing LABEL DESCRIPTION General Name Enter a service name of the connection. Type The Device transmits data over the Ethernet WAN port. Mode Select Routing (default) from the drop-down list box if your ISP give you one IP address only and you want multiple computers to share an Internet account. WAN Service Type This field is available only when you select Routing in the Mode field.
Chapter 5 Broadband Table 6 Broadband Add/Edit: Routing (continued) LABEL DESCRIPTION Authentication Mode The Device supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol). CHAP is more secure than PAP; however, PAP is readily available on more platforms. Use the drop-down list box to select an authentication protocol for outgoing calls.
Chapter 5 Broadband Table 6 Broadband Add/Edit: Routing (continued) LABEL IPv6 Address DESCRIPTION Enter the static IPv6 address provided by your ISP using colon (:) hexadecimal notation. IPv6 DNS Server Select whether you want to obtain the IPv6 DNS server addresses automatically or configure them manually. Obtain IPv6 DNS info Automatically Select this to have the Device get the IPv6 DNS server addresses from the ISP automatically.
Chapter 5 Broadband Table 7 Broadband Add/Edit: Bridge (continued) LABEL DESCRIPTION Enable VLAN Select this to add the VLAN Tag (specified below) to the outgoing traffic through this connection. Enter 802.1P Priority IEEE 802.1p defines up to 8 separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service. Type the IEEE 802.1p priority level (from 0 to 7) to add to traffic through this connection. The greater the number, the higher the priority level.
Chapter 5 Broadband The following table describes the labels in this screen. Table 8 Network Setting > Broadband > 3G Backup LABEL DESCRIPTION 3G Backup Select Enable 3G Backup to have the Device use the 3G connection as your WAN or a backup when the wired WAN connection fails. Card Description This field displays the manufacturer and model name of your 3G card if you inserted one in the Device. Otherwise, it displays N/A.
Chapter 5 Broadband 5.4 Technical Reference The following section contains additional technical information about the Device features described in this chapter. Encapsulation Be sure to use the encapsulation method required by your ISP. The Device can work in bridge mode or routing mode. When the Device is in routing mode, it supports the following methods. IP over Ethernet IP over Ethernet (IPoE) is an alternative to PPPoE.
Chapter 5 Broadband In Multi-Tenant Unit (MTU) applications, VLAN is vital in providing isolation and security among the subscribers. When properly configured, VLAN prevents one subscriber from accessing the network resources of another on the same LAN, thus a user will not see the printers and hard disks of another user in the same building. VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain.
Chapter 5 Broadband DNS Server Address Assignment Use Domain Name System (DNS) to map a domain name to its corresponding IP address and vice versa, for instance, the IP address of www.zyxel.com is 204.217.0.2. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The Device can get the DNS server addresses in the following ways.
Chapter 5 Broadband 3G Comparison Table See the following table for a comparison between 2G, 2.5G, 2.75G and 3G wireless technologies. Table 9 2G, 2.5G, 2.75G, 3G and 3.5G Wireless Technologies MOBILE PHONE AND DATA STANDARDS NAME DATA SPEED TYPE GSM-BASED CDMA-BASED 2G Circuitswitched GSM (Global System for Mobile Communications), Personal Handy-phone System (PHS), etc. Interim Standard 95 (IS-95), the first CDMAbased digital cellular standard pioneered by Qualcomm.
C HAPT ER 6 Wireless 6.1 Overview This chapter describes the Device’s Network Setting > Wireless screens. Use these screens to set up your Device’s wireless connection. 6.1.1 What You Can Do in this Chapter • Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode (Section 6.2 on page 97). • Use the More AP screen to set up multiple wireless networks on your Device (Section 6.3 on page 103).
Chapter 6 Wireless The following figure provides an example of a wireless network. Figure 19 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your Device is the AP. Every wireless network must follow these basic guidelines. • Every device in the same wireless network must use the same SSID.
Chapter 6 Wireless 6.1.3 Before You Begin Before you start using these screens, ask yourself the following questions. See Section 6.8 on page 109 if some of the terms used here do not make sense to you. • What wireless standards do the other wireless devices support (IEEE 802.
Chapter 6 Wireless The following table describes the labels in this screen. Table 10 Network > Wireless LAN > General LABEL DESCRIPTION Wireless Network Setup Wireless Select the Enable Wireless LAN check box to activate the wireless LAN. Wireless Network Settings Wireless Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated. Wireless devices associating to the access point (AP) must have the same SSID.
Chapter 6 Wireless Note: If you do not enable any wireless security on your Device, your network is accessible to any wireless networking device that is within range. Figure 21 Wireless > General: No Security The following table describes the labels in this screen. Table 11 Wireless > General: No Security LABEL DESCRIPTION Security Level Choose No Security from the sliding bar. 6.2.
Chapter 6 Wireless In order to configure and enable WEP encryption, click Network Settings > Wireless to display the General screen. Select Basic as the security level. Then select Static WEP or Shared WEP from the Security Mode list. Figure 22 Wireless > General: Basic (Static WEP/Shared WEP) The following table describes the labels in this screen. Table 12 Wireless > General: Basic (Static WEP/Shared WEP) LABEL DESCRIPTION Security Mode Choose Static WEP or Shared WEP from the drop-down list box.
Chapter 6 Wireless 6.2.3 More Secure (WPA(2)-PSK) The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the Device and the connecting client share a common password in order to validate the connection. This type of encryption, while robust, is not as strong as WPA, WPA2 or even WPA2-PSK. The WPA2-PSK security mode is a newer, more robust version of the WPA encryption standard.
Chapter 6 Wireless Table 13 Wireless > General: WPA(2)-PSK (continued) LABEL DESCRIPTION WPA-PSK Compatible This field appears when you choose WPA-PSK2 as the Security Mode. Encryption Check this field to allow wireless devices using WPA-PSK security mode to connect to your Device. The Device supports WPA-PSK and WPA2-PSK simultaneously. If the security mode is WPA-PSK, the encryption mode is set to TKIP to enable Temporal Key Integrity Protocol (TKIP) security on your wireless network.
Chapter 6 Wireless The following table describes the labels in this screen. Table 14 Wireless > General: More Secure: WPA(2) LABEL DESCRIPTION Security Level Select More Secure to enable WPA(2)-PSK data encryption. Security Mode Choose WPA or WPA2 from the drop-down list box. Authentication Server IP Address Enter the IP address of the external authentication server in dotted decimal notation. Port Number Enter the port number of the external authentication server. The default port number is 1812.
Chapter 6 Wireless The following table describes the labels in this screen. Table 15 Network Settings > Wireless > More AP LABEL DESCRIPTION # This is the index number of the entry. Active This field indicates whether this SSID is active. A yellow bulb signifies that this SSID is active. A gray bulb signifies that this SSID is not active. SSID An SSID profile is the set of parameters relating to one of the Device’s BSSs.
Chapter 6 Wireless Table 16 Wireless > More AP: Edit (continued) LABEL DESCRIPTION Wireless Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated. Wireless devices associating to the access point (AP) must have the same SSID. Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool.
Chapter 6 Wireless Click Network Setting > Wireless > WPS. The following screen displays. Select Enable and click Apply to activate the WPS function. Then you can configure the WPS settings in this screen. Figure 27 Network Setting > Wireless > WPS The following table describes the labels in this screen. Table 17 Network Setting > Wireless > WPS LABEL DESCRIPTION Enable WPS Select Enable to activate WPS on the Device.
Chapter 6 Wireless Table 17 Network Setting > Wireless > WPS (continued) LABEL AP PIN DESCRIPTION The PIN of the Device is shown here. Enter this PIN in the configuration utility of the device you want to connect to using WPS. The PIN is not necessary when you use WPS push-button method. Click the Generate New PIN button to have the Device create a new PIN.
Chapter 6 Wireless The following table describes the labels in this screen. Table 18 Network Setting > Wireless > WMM LABEL DESCRIPTION Enable WMM of SSID1~4 This enables the Device to automatically give a service a priority level according to the ToS value in the IP header of packets it sends. WMM QoS (Wifi MultiMedia Quality of Service) gives high priority to voice and video, which makes them run more smoothly.
Chapter 6 Wireless Table 19 Network Setting > Wireless > Scheduling (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 6.7 The Channel Status Screen Use the Channel Status screen to scan wireless LAN channel noises and view the results. Click Network Setting > Wireless > Channel Status. The screen appears as shown. Click Scan to scan the wireless LAN channels. You can view the results in the Channel Scan Result section.
Chapter 6 Wireless 6.8.1 Additional Wireless Terms The following table describes some wireless network terms and acronyms used in the Device’s web configurator. Table 20 Additional Wireless Terms TERM DESCRIPTION RTS/CTS Threshold In a wireless network which covers a large area, wireless devices are sometimes not aware of each other’s presence. This may cause them to send information to the AP at the same time and result in information colliding and not getting through.
Chapter 6 Wireless and does not include real words. For example, if your mother owns a 1970 Dodge Challenger and her favorite movie is Vanishing Point (which you know was made in 1971) you could use “70dodchal71vanpoi” as your security key. The following sections introduce different types of wireless security you can set up in the wireless network. 6.8.2.1 SSID Normally, the Device acts like a beacon and regularly broadcasts the SSID in the area.
Chapter 6 Wireless 6.8.2.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of authentication. (See Section 6.8.2.3 on page 111 for information about this.
Chapter 6 Wireless 6.8.4 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS traffic blocking is disabled, wireless station A and B can access the wired network and communicate with each other.
Chapter 6 Wireless 6.8.5.1 Push Button Configuration WPS Push Button Configuration (PBC) is initiated by pressing a button on each WPS-enabled device, and allowing them to connect automatically. You do not need to enter any information. Not every WPS-enabled device has a physical WPS button. Some may have a WPS PBC button in their configuration utilities instead of or in addition to the physical button. Take the following steps to set up WPS using the button.
Chapter 6 Wireless 5 If the client device’s configuration interface has an area for entering another device’s PIN, you can either enter the client’s PIN in the AP, or enter the AP’s PIN in the client - it does not matter which. 6 Start WPS on both devices within two minutes. 7 Use the configuration utility to activate WPS, not the push-button on the device itself. 8 On a computer connected to the wireless client, try to connect to the Internet. If you can connect, WPS was successful.
Chapter 6 Wireless 6.8.5.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role. One device acts as the registrar (the device that supplies network and security settings) and the other device acts as the enrollee (the device that receives network and security settings. The registrar creates a secure EAP (Extensible Authentication Protocol) tunnel and sends the network name (SSID) and the WPA-PSK or WPA2-PSK pre-shared key to the enrollee.
Chapter 6 Wireless connections in which it is involved. If you want a configured AP to act as an enrollee, you must reset it to its factory defaults. 6.8.5.4 Example WPS Network Setup This section shows how security settings are distributed in an example WPS setup. The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee.
Chapter 6 Wireless In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. Figure 36 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 E CO ING T XIS ION CT E NN AP1 REGISTRAR CLIENT 2 SE CU RIT Y ENROLLEE INF O AP2 6.8.5.
Chapter 6 Wireless • When you use the PBC method, there is a short period (from the moment you press the button on one device to the moment you press the button on the other device) when any WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct” enrollee, and cannot differentiate between your enrollee and a rogue device. This is a possible way for a hacker to gain access to a network. You can easily check to see if this has happened.
Chapter 6 Wireless 120 EMG5324-D10A User’s Guide
C HAPT ER 7 Home Networking 7.1 Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is usually located in one immediate area such as a building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses. LAN WAN 7.1.1 What You Can Do in this Chapter • Use the LAN Setup screen to set the LAN IP address, subnet mask, and DHCP settings (Section 7.2 on page 124).
Chapter 7 Home Networking Subnet Mask The subnet mask specifies the network number portion of an IP address. Your Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the Device unless you are instructed to do otherwise. DHCP DHCP (Dynamic Host Configuration Protocol) allows clients to obtain TCP/IP configuration at startup from a server.
Chapter 7 Home Networking 7.1.2.3 About File Sharing Workgroup name This is the name given to a set of computers that are connected on a network and share resources such as a printer or files. Windows automatically assigns the workgroup name when you set up a network. Shares When settings are set to default, each USB device connected to the Device is given a folder, called a “share”. If a USB hard drive connected to the Device has more than one partition, then each partition will be allocated a share.
Chapter 7 Home Networking Supported OSs Your operating system must support TCP/IP ports for printing and be compatible with the RAW (port 9100) protocol. The following OSs support Device’s printer sharing feature. • Microsoft Windows 95, Windows 98 SE (Second Edition), Windows Me, Windows NT 4.0, Windows 2000, Windows XP or Macintosh OS X. 7.2 The LAN Setup Screen Click Network Setting > Home Networking to open the LAN Setup screen.
Chapter 7 Home Networking Table 22 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION DHCP Select Enable to have your Device assign IP addresses, an IP default gateway and DNS servers to LAN computers and other devices that are DHCP clients. If you select Disable, you need to manually configure the IP addresses of the computers and other devices on your LAN. When DHCP is used, the following fields need to be set.
Chapter 7 Home Networking Use this screen to change your Device’s static DHCP settings. Click Network Setting > Home Networking > Static DHCP to open the following screen. Figure 38 Network Setting > Home Networking > Static DHCP The following table describes the labels in this screen. Table 23 Network Setting > Home Networking > Static DHCP LABEL DESCRIPTION Add new static lease Click this to add a new static DHCP entry. # This is the index number of the entry.
Chapter 7 Home Networking Table 24 Static DHCP: Add (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Back Click Back to exit this screen without saving. 7.4 The UPnP Screen Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Chapter 7 Home Networking The following figure is an overview of the Device’s file server feature. Computers A and B can access files on a USB device (C) which is connected to the Device. Figure 41 File Sharing Overview B C A The Device will not be able to join the workgroup if your local area network has restrictions set up that do not allow devices to join a workgroup. In this case, contact your network administrator. 7.5.
Chapter 7 Home Networking Each field is described in the following table. Table 26 Network Setting > Home Networking > File Sharing LABEL DESCRIPTION Server Configuration File Sharing Services (SMB) Select Enable to activate file sharing through the Device. Add new share Click this to set up a new share on the Device. # Select the check box to make the share available to the network. Otherwise, clear this. Status This shows whether or not the share is available for sharing.
Chapter 7 Home Networking 7.6 The Media Server Screen The media server feature lets anyone on your network play video, music, and photos from the USB storage device connected to your Device (without having to copy them to another computer). The Device can function as a DLNA-compliant media server. The Device streams files to DLNA-compliant media clients (like Windows Media Player).
Chapter 7 Home Networking 7.7 The Printer Server Screen The Device allows you to share a USB printer on your LAN. You can do this by connecting a USB printer to one of the USB ports on the Device and then configuring a TCP/IP port on the computers connected to your network. Figure 45 Sharing a USB Printer 7.7.1 Before You Begin To configure the print server you need the following: • Your Device must be connected to your computer and any other devices on your network.
Chapter 7 Home Networking The following table describes the labels in this menu. Table 29 Network Setting > Home Networking > Print Server LABEL DESCRIPTION Printer Server Select Enable to have the Device share a USB printer. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 7.8 Technical Reference This section provides some technical background information about the topics covered in this chapter.
Chapter 7 Home Networking LAN TCP/IP The Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. Where you obtain your network number depends on your particular situation.
Chapter 7 Home Networking Device Print Server Compatible USB Printers The following is a list of USB printer models compatible with the Device print server.
Chapter 7 Home Networking Table 30 Compatible USB Printers (continued) BRAND MODEL HP Deskjet 1220C HP Deskjet F4185 HP Laserjet 1022 HP Laserjet 1200 HP Laserjet 2200D HP Laserjet 2420 HP Color Laserjet 1500L HP Laserjet 3015 HP Officejet 4255 HP Officejet 5510 HP Officejet 5610 HP Officejet 7210 HP Officejet Pro L7380 HP Photosmart 2610 HP Photosmart 3110 HP Photosmart 7150 HP Photosmart 7830 HP Photosmart C5280 HP Photosmart D5160 HP PSC 1350 HP PSC 1410 IBM
Chapter 7 Home Networking 7.9 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. Installing UPnP in Windows Me Follow the steps below to install the UPnP in Windows Me. 1 Click Start and Control Panel. Double-click Add/Remove Programs. 2 Click the Windows Setup tab and select Communication in the Components selection box. Click Details.
Chapter 7 Home Networking 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 49 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections.
Chapter 7 Home Networking 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Figure 51 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box.
Chapter 7 Home Networking 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 7.10 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the Device. Make sure the computer is connected to a LAN port of the Device. Turn on your computer and the Device. Auto-discover Your UPnP-enabled Network Device 1 Click Start and Control Panel.
Chapter 7 Home Networking 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created.
Chapter 7 Home Networking 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 55 Internet Connection Properties: Advanced Settings Figure 56 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Chapter 7 Home Networking 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. Figure 57 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 58 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Device without finding out the IP address of the Device first. This comes helpful if you do not know the IP address of the Device.
Chapter 7 Home Networking 3 Select My Network Places under Other Places. Figure 59 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network.
Chapter 7 Home Networking 5 Right-click on the icon for your Device and select Invoke. The web configurator login screen displays. Figure 60 Network Connections: My Network Places 6 Right-click on the icon for your Device and select Properties. A properties window displays with basic information about the Device.
C HAPT ER 8 Routing 8.1 Overview The Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the Device send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the Device’s LAN interface. The Device routes most traffic from A to the Internet through the Device’s default gateway (R1).
Chapter 8 Routing 8.2 Configuring Static Route Use this screen to view and configure IP static routes on the Device. Click Network Setting > Static Route to open the following screen. Figure 63 Network Setting > Static Route The following table describes the labels in this screen. Table 31 Network Setting > Static Route LABEL DESCRIPTION Add New Static Route Click this to set up a new static route on the Device. # This is the number of an individual static route.
Chapter 8 Routing 8.2.1 Add/Edit Static Route Click add new Static Route in the Routing screen or click the Edit icon next to a rule. The following screen appears. Use this screen to configure the required information for a static route. Figure 64 Routing: Add/Edit The following table describes the labels in this screen. Table 32 Routing: Add/Edit LABEL DESCRIPTION Active Click this to activate this static route. Route Name Enter the name of the IP static route.
Chapter 8 Routing 148 EMG5324-D10A User’s Guide
C HAPT ER 9 Quality of Service (QoS) 9.1 Overview This chapter discusses the Device’s QoS screens. Use these screens to set up your Device to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. QoS allows the Device to group and prioritize application traffic and fine-tune network performance.
Chapter 9 Quality of Service (QoS) QoS versus Cos QoS is used to prioritize source-to-destination traffic flows. All packets in the same flow are given the same priority. CoS (class of service) is a way of managing traffic in a network by grouping similar types of traffic together and treating each type as a class. You can use CoS to give different priorities to different packet types. CoS technologies include IEEE 802.1p layer 2 tagging and DiffServ (Differentiated Services or DS). IEEE 802.
Chapter 9 Quality of Service (QoS) The following table describes the labels in this screen. Table 33 Network Setting > QoS > General LABEL DESCRIPTION Active QoS Select the check box to turn on QoS to improve your network performance. You can give priority to traffic that the Device forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly.
Chapter 9 Quality of Service (QoS) The following table describes the labels in this screen. Table 34 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Add new Queue Click this to create a new entry. # This is the index number of this entry. Status This indicates whether the queue is active or not. A yellow bulb signifies that this queue is active. A gray bulb signifies that this queue is not active. Name This shows the descriptive name of this queue.
Chapter 9 Quality of Service (QoS) Table 35 Queue Setup: Add/Edit (continued) LABEL DESCRIPTION Priority Select the priority level (from 1 to 7) of this queue. The larger the number, the higher the priority level. Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if the network is congested. Weight Select the weight (from 1 to 15) of this queue.
Chapter 9 Quality of Service (QoS) The following table describes the labels in this screen. Table 36 Network Setting > QoS > Class Setup LABEL DESCRIPTION Add new Classifier Click this to create a new classifier. Order This field displays the order number of the classifier. Status This indicates whether the classifier is active or not. A yellow bulb signifies that this classifier is active. A gray bulb signifies that this classifier is not active. Class Name This is the name of the classifier.
Chapter 9 Quality of Service (QoS) 9.4.1 Add/Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to an existing classifier to configure it. Figure 69 Class Setup: Add/Edit The following table describes the labels in this screen. Table 37 Class Setup: Add/Edit LABEL DESCRIPTION Class Configuration Active EMG5324-D10A User’s Guide Select to enable this classifier.
Chapter 9 Quality of Service (QoS) Table 37 Class Setup: Add/Edit (continued) LABEL DESCRIPTION Class Name Enter a descriptive name of up to 32 printable English keyboard characters, including spaces. Classification Order Select an existing number for where you want to put this classifier to move the classifier to the number you selected after clicking Apply. Select Last to put this rule in the back of the classifier list.
Chapter 9 Quality of Service (QoS) Table 37 Class Setup: Add/Edit (continued) LABEL DESCRIPTION IP Address If you select IP in the Ether Type field, select the check box and enter the source IP address in dotted decimal notation. A blank source IP address means any source IP address. IP Subnet Mask Enter the source subnet mask. IPv6 Address If you select IPv6 in the Ether Type field, enter the source’s IPv6 address. Prefix length Enter the source prefix length.
Chapter 9 Quality of Service (QoS) Table 37 Class Setup: Add/Edit (continued) LABEL TCP ACK DESCRIPTION This field is available only when you select IP in the Ether Type field. If you select this option, the matched TCP packets must contain the ACK (Acknowledge) flag. DHCP This field is available only when you select IP in the Ether Type field, and UDP in the IP Protocol field. Select this option and select a DHCP option.
Chapter 9 Quality of Service (QoS) The following table describes the labels in this screen. Table 38 Network Setting > QoS > Monitor LABEL DESCRIPTION Monitor Refresh Interval Select how often you want the Device to update this screen. Select No Refresh to stop refreshing statistics. Status # This is the index number of the entry. Name This shows the name of the WAN interface on the Device. Pass Rate (bps) This shows how much traffic (bps) forwarded to this interface are transmitted successfully.
Chapter 9 Quality of Service (QoS) Table 39 IEEE 802.1p Priority Level and Traffic Type (continued) PRIORITY LEVEL TRAFFIC TYPE Level 1 This is typically used for non-critical “background” traffic such as bulk transfers that are allowed but that should not affect other applications and users. Level 0 Typically used for best-effort traffic. 9.6.2 IP Precedence Similar to IEEE 802.1p prioritization at layer-2, you can use IP precedence to prioritize packets in a layer-3 network.
C HAPTER 10 Network Address Translation (NAT) 10.1 Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 10.1.1 What You Can Do in this Chapter • Use the Port Forwarding screen to configure forward incoming service requests to the server(s) on your local network (Section 10.2 on page 162).
Chapter 10 Network Address Translation (NAT) Port Forwarding A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world. Finding Out More See Section 10.7 on page 168 for advanced technical information on NAT. 10.
Chapter 10 Network Address Translation (NAT) 10.2.1 The Port Forwarding Screen Click Network Setting > NAT to open the Port Forwarding screen. See Appendix E on page 353 for port numbers commonly used for particular services. Figure 72 Network Setting > NAT > Port Forwarding The following table describes the fields in this screen. Table 40 Network Setting > NAT > Port Forwarding LABEL DESCRIPTION Add new rule Click this to add a new port forwarding rule. # This is the index number of the entry.
Chapter 10 Network Address Translation (NAT) 10.2.2 The Port Forwarding Edit Screen This screen lets you create or edit a port forwarding rule. Click Add new rule in the Port Forwarding screen or the Edit icon next to an existing rule to open the following screen. Figure 73 Port Forwarding: Add/Edit The following table describes the labels in this screen. Table 41 Port Forwarding: Add/Edit LABEL DESCRIPTION Enable This is available only in the Edit screen. Clear the check box to disable the rule.
Chapter 10 Network Address Translation (NAT) 10.3 The DMZ Screen In addition to the servers for specified services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in the NAT Port Forwarding Setup screen. Figure 74 Network Setting > NAT > DMZ The following table describes the fields in this screen.
Chapter 10 Network Address Translation (NAT) The following table describes the fields in this screen. Table 43 Network Setting > NAT > Sessions LABEL DESCRIPTION MAX NAT Session Use this field to set a common limit to the number of concurrent NAT sessions each client computer can have. If only a few clients use peer to peer applications, you can raise this number to improve their performance.
Chapter 10 Network Address Translation (NAT) Table 44 Network Setting > NAT > Address Mapping (continued) LABEL DESCRIPTION Type This is the address mapping type. One-to-One: This mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. Many-to-One: This mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e.
Chapter 10 Network Address Translation (NAT) Table 45 Address Mapping: Add/Edit (continued) LABEL DESCRIPTION Global Start IP Enter the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. You can only do this for the Many-to-One mapping type. Global End IP Enter the ending Inside Global IP Address (IGA). This field is blank for One-to-One and Many-to-One mapping types.
Chapter 10 Network Address Translation (NAT) Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side. Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host used in a packet.
Chapter 10 Network Address Translation (NAT) Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. The following figure illustrates this. Figure 79 How NAT Works NAT Table LAN Inside Local IP Address 192.168.1.10 192.168.1.11 192.168.1.12 192.168.1.13 192.168.1.13 192.168.1.12 SA SA 192.168.1.10 IGA1 Inside Local Address (ILA) 192.168.1.
C HAPTER 11 DNS Route 11.1 Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list.
Chapter 11 DNS Route 11.2 The DNS Route Screen The DNS Route screens let you view and configure DNS routes on the Device. Click Network Setting > DNS Route to open the DNS Route screen. Figure 81 Network Setting > DNS Route The following table describes the labels in this screen. Table 48 Network Setting > DNS Route LABEL DESCRIPTION Add new DNS route Click this to create a new entry. # This is the number of an individual DNS route.
Chapter 11 DNS Route The following table describes the labels in this screen. Table 49 DNS Route: Add/Edit LABEL DESCRIPTION Active Select this to activate this DNS route. Domain Name Enter the domain name you want to resolve. You can use the wildcard character, an “*” (asterisk) as the left most part of a domain name, such as *.example.com. The Device forwards DNS queries for any domain name ending in example.com to the WAN interface specified in this route.
Chapter 11 DNS Route 174 EMG5324-D10A User’s Guide
C HAPTER 12 Interface Group 12.1 Overview By default, all LAN and WAN interfaces on the Device are in the same group and can communicate with each other. Create interface groups to have the Device assign the IP addresses in different domains to different groups. Each group acts as an independent network on the Device. This lets devices connected to an interface group’s LAN interfaces communicate through the interface group’s WAN or LAN interfaces but not other WAN or LAN interfaces. 12.
Chapter 12 Interface Group 12.2.1 Interface Group Configuration Click the Add New Interface Group button in the Interface Group screen to open the following screen. Use this screen to create a new interface group. Note: An interface can belong to only one group at a time. Figure 84 Interface Group Configuration The following table describes the fields in this screen. Table 51 Interface Group Configuration LABEL DESCRIPTION Group Name Enter a name to identify this group.
C HAPTER 13 Firewall 13.1 Overview Use the Device firewall screens to enable and configure the firewall that protects your Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: • Allows traffic that originates from your LAN and WLAN computers to go to all other networks. • Blocks traffic that originates on other networks from going to the LAN and WLAN. The following figure illustrates the default firewall action.
Chapter 13 Firewall 13.1.2 What You Need to Know Firewall The Device’s firewall feature physically separates the LAN/WLAN and the WAN and acts as a secure gateway for all data passing between the networks. It is designed to protect against Denial of Service (DoS) attacks when activated. The Device's purpose is to allow a private Local Area Network (LAN) to be securely connected to the Internet.
Chapter 13 Firewall Click Security > Firewall to display the General screen. Figure 86 Security > Firewall > General The following table describes the labels in this screen. Table 52 Security > Firewall > General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the Device. Easy Select Easy to allow LAN to WAN and WAN to LAN packet directions. Medium Select Medium to allow LAN to WAN but deny WAN to LAN packet directions.
Chapter 13 Firewall Click Security > Firewall > Service to display the following screen. Figure 87 Security > Firewall > Services Each field is described in the following table. Table 53 Security > Firewall > Services LABEL DESCRIPTION Add New Service Entry Click this to add a new service. Name This is the name of your customized service. Type This shows the IP protocol typr. Port Number This is the port number or range of ports that defines your customized service.
Chapter 13 Firewall Table 54 Service: Add/Edit (continued) LABEL DESCRIPTION Protocol Number This field is displayed if you select Other as the protocol. Enter the protocol number of your customized port. Source/ These fields are displayed if you select TCP or UDP as the IP port. Destination Port Select Single to specify one port only or Range to specify a span of ports that define your customized service. If you select Any, the service is applied to all ports.
Chapter 13 Firewall 13.4.1 Add/Edit an ACL Rule Click Add new ACL rule or the Edit icon next to an existing ACL rule in the Access Control screen. The following screen displays. Figure 90 Access Control: Add/Edit The following table describes the labels in this screen. Table 56 Access Control: Add/Edit LABEL DESCRIPTION Filter Name Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes. Source Address Type Select the type of source address.
Chapter 13 Firewall Table 56 Access Control: Add/Edit (continued) LABEL DESCRIPTION Source/ These fields are displayed if you select TCP or UDP as the IP port. Destination Port Select Single to specify one port only or Range to specify a span of ports that define your customized service. If you select Any, the service is applied to all ports. Type a single port number or the range of port numbers that define your customized service.
Chapter 13 Firewall 13.6.1 Guidelines For Enhancing Security With Your Firewall 1 Change the default password via web configurator. 2 Think about access control before you connect to the network in any way. 3 Limit who can access your Device. 4 Don't enable any local service (such as Telnet or FTP) that you don't use. Any enabled service could present a potential security risk.
C HAPTER 14 MAC Filter 14.1 Overview This chapter discusses MAC address filtering. You can configure the Device to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. 14.1.1 What You Need to Know Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Chapter 14 MAC Filter The following table describes the labels in this menu. Table 58 Security > MAC Filter LABEL DESCRIPTION MAC Address Filter Select Enable to activate MAC address filtering. Set This is the index number of the MAC address. Allow Select Allow to permit access to the Device. MAC addresses not listed will be denied access to the Device. If you clear this, the MAC Address field for this set clears.
C HAPTER 15 Parental Control 15.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the Device performs parental control on a specific user. 15.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules. Click Security > Parental Control to open the following screen. Figure 93 Security > Parental Control The following table describes the fields in this screen.
Chapter 15 Parental Control Table 59 Parental Control > Parental Control (continued) LABEL DESCRIPTION Network Service This shows whether the network service is configured. If not, None will be shown. Website Block This shows whether the website block is configured. If not, None will be shown. Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Delete icon to delete an existing rule. Add Click Add to create a new schedule.
Chapter 15 Parental Control Table 60 Add/Edit Parental Control Rule (continued) LABEL DESCRIPTION Parental Control Profile Name Enter a descriptive name for the rule. Home Network User Select the LAN user that you want to apply this rule to from the drop-down list box. If you select Custom, enter the LAN user’s MAC address. If you select All, the rule applies to all LAN users. Internet Access Schedule Day Select check boxes for the days that you want the Device to perform parental control.
Chapter 15 Parental Control 190 EMG5324-D10A User’s Guide
C HAPTER 16 Certificates 16.1 Overview The Device can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 16.1.1 What You Can Do in this Chapter • Use the Local Certificates screen to view and import the Device’s CA-signed certificates (Section 16.2 on page 193).
Chapter 16 Certificates The Device uses certificates based on public-key cryptology to authenticate users attempting to establish a connection. The method used to secure the data that you send through an established connection depends on the type of connection. For example, a VPN tunnel might use the triple DES encryption algorithm. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority’s public key to verify the certificates.
Chapter 16 Certificates You can use a certificate’s fingerprint to verify it. A certificate’s fingerprint is a message digest calculated using the MD5 or SHA1 algorithms. The following procedure describes how to check a certificate’s fingerprint to verify that you have the actual certificate. 1 Browse to where you have the certificate saved on your computer. 2 Make sure that the certificate has a “.cer” or “.crt” file name extension.
Chapter 16 Certificates • SIP TLS - This certificate secures VoIP connections. • SSH/SCP/SFTP - This certificate secures remote connections. Click Security > Certificates to open the Local Certificates screen. Figure 97 Security > Certificates > Local Certificates The following table describes the labels in this screen. Table 61 Security > Certificates > Local Certificates LABEL DESCRIPTION WebServer Click Browse... to find the certificate file you want to upload.
Chapter 16 Certificates 16.3 Trusted CA Use this screen to view a summary list of certificates of the certification authorities that you have set the Device to accept as trusted. The Device accepts any valid certificate signed by a certification authority on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certification authorities. Click Security > Certificates > Trusted CA to open the Trusted CA screen.
Chapter 16 Certificates Note: You must remove any spaces from the certificate’s filename before you can import the certificate. Figure 99 Trusted CA > Import The following table describes the labels in this screen. Table 63 Security > Certificates > Trusted CA > Import LABEL DESCRIPTION Certificate File Path Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click Browse to find the certificate file you want to upload.
Chapter 16 Certificates Click Security > Certificates > Trusted CA to open the Trusted CA screen. Click the View icon to open the View Certificate screen. Figure 100 Trusted CA: View The following table describes the labels in this screen. Table 64 Trusted CA: View LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Chapter 16 Certificates The following table describes the labels in this screen. Table 65 Security > Certificates > VPN Certificates LABEL DESCRIPTION Import Certificate Click this button to open a screen where you can save the certificate of a certification authority that you trust to the Device. Name This field displays the name used to identify this certificate.
Chapter 16 Certificates Figure 102 Security > Certificates > VPN Certificates The following table describes the labels in this screen. Table 66 VPN Certificates > Import LABEL DESCRIPTION Name Type a name for this certificate Public Key The value provided by a designated authority, which combined with a private key, can be used to encrypt messages. Write the key between BEGIN CERTIFICATE and END CERTIFICATE. Private Key This is the key known only to the parties that exchange information.
Chapter 16 Certificates 200 EMG5324-D10A User’s Guide
C HAPTER 17 VPN 17.1 Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Chapter 17 VPN the Device and remote IPSec router can send data between computers on the local network and remote network. The following figure illustrates this. Figure 104 VPN: IKE SA and IPSec SA B A IPSec SA X IKE SA Y In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks.
Chapter 17 VPN The Secure Gateway IP Address may be configured as 0.0.0.0 only when using IKE key management and not Manual key management. Finding Out More See Section 17.6 on page 210 for advanced technical information on IPSec VPN. 17.1.3 Before You Begin If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote MGMT) to allow access for that service. 17.2 VPN Setup Screen The following figure helps explain the main fields in the web configurator.
Chapter 17 VPN The following table describes the fields in this screen. Table 67 Security > VPN > Setup LABEL DESCRIPTION Add New Tunnel Click this button to set up VPN policies for a new tunnel # This is the VPN policy index number. Click a number to edit VPN policies. Active This field displays whether the VPN policy is active or not. A Yes signifies that this VPN policy is active. No signifies that this VPN policy is not active.
Chapter 17 VPN 17.3 The VPN Edit Screen Click on Add New Tunnel in the VPN Setup screen or click on the Edit icon to edit VPN policies. Both commands share the same screen. Figure 107 Security > VPN > Setup > Edit The following table describes the fields in this screen. Table 68 Security > VPN > Setup > Edit LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall.
Chapter 17 VPN Table 68 Security > VPN > Setup > Edit (continued) LABEL DESCRIPTION Local Specify the IP addresses of the devices behind the Device that can use the VPN tunnel. The local IP addresses must correspond to the remote IPSec router's configured remote IP addresses. Two active SAs cannot have the local and remote IP address(es) both the same. Two active SAs can have the same local or remote IP address, but not both.
Chapter 17 VPN Table 68 Security > VPN > Setup > Edit (continued) LABEL DESCRIPTION Content When you select IP in the Local ID Type field, type the IP address of your computer in the local Content field. The Device automatically uses the IP address in the My IP Address field (refer to the My IP Address field description) if you configure the local Content field to 0.0.0.0 or leave it blank. It is recommended that you type an IP address other than 0.0.0.
Chapter 17 VPN Table 68 Security > VPN > Setup > Edit (continued) LABEL DESCRIPTION Advanced Setup Click Advanced Setup to configure more detailed settings of your IKE key management. Apply Click Apply to save your changes back to the Device. Back Click Back to return to the previous screen. 17.4 Configuring Advanced Settings Click Advanced Setup in the VPN Setup-Edit screen to open this screen.
Chapter 17 VPN Table 69 Security > VPN > Setup > Edit > Advanced Setup (continued) LABEL DESCRIPTION Authentication Algorithm Select MD5, SHA1, SHA2-256 or SHA2-512 from the drop-down list box. MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) and SHA2 are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for more security.
Chapter 17 VPN 17.5 Viewing SA Monitor Click Security > VPN > Monitor to open the screen as shown. Use this screen to display and manage active VPN connections. A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections. Use Refresh to display active VPN connections. This screen is read-only. The following table describes the fields in this tab.
Chapter 17 VPN 17.6.1 IPSec Architecture The overall IPSec architecture is shown as follows. Figure 110 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Chapter 17 VPN incoming packet by computing its own hash value, and complain that the hash value appended to the received packet doesn't match. The VPN device at the receiving end doesn't know about the NAT in the middle, so it assumes that the data has been maliciously altered. IPSec using ESP in Tunnel mode encapsulates the entire original packet (including headers) in a new IP packet.
Chapter 17 VPN • Use ESP security protocol (in either transport or tunnel mode). • Use IKE keying mode. • Enable NAT traversal on both IPSec endpoints. • Set the NAT router to forward UDP port 500 to IPSec router A. Finally, NAT is compatible with ESP in tunnel mode because integrity checks are performed over the combination of the "original header plus original payload," which is unchanged by a NAT device.
Chapter 17 VPN 17.6.5 IKE Phases There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and the second one uses that SA to negotiate SAs for IPSec. Figure 113 Two Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm.
Chapter 17 VPN 17.6.6 Negotiation Mode The phase 1 Negotiation Mode you select determines how the Security Association (SA) will be established for each connection through IKE negotiations. • Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1). It uses 6 messages in three round trips: SA negotiation, Diffie-Hellman exchange and an exchange of nonces (a nonce is a random number).
Chapter 17 VPN 17.6.8 ID Type and Content With aggressive negotiation mode (seeSection 17.6.6 on page 215), the Device identifies incoming SAs by ID type and content since this identifying information is not encrypted. This enables the Device to distinguish between multiple rules for SAs that connect from remote IPSec routers that have dynamic WAN IP addresses. Telecommuters can use separate passwords to simultaneously connect to the Device from IPSec routers with dynamic IP addresses (seeSection 17.6.
Chapter 17 VPN The two Devices in this example can complete negotiation and establish a VPN tunnel. Table 75 Matching ID Type and Content Configuration Example DEVICE A DEVICE B Local ID type: E-mail Local ID type: IP Local ID content: tom@yourcompany.com Local ID content: 1.1.1.2 Peer ID type: IP Peer ID type: E-mail Peer ID content: 1.1.1.2 Peer ID content: tom@yourcompany.
Chapter 17 VPN addresses of their IPSec routers. The telecommuters must all use the same IPSec parameters but the local IP addresses (or ranges of addresses) should not overlap. Figure 115 Telecommuters Sharing One VPN Rule Example LAN A 192.168.2.12 LAN HQ B LAN 192.168.1.10 192.168.3.2 LAN C 192.168.4.15 Table 77 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS HEADQUARTERS My IP Address: 0.0.0.
Chapter 17 VPN The Device at headquarters can also initiate VPN connections to the telecommuters since it can find the telecommuters by resolving their domain names. Figure 116 Telecommuters Using Unique VPN Rules Example LAN A HQ 192.168.2.12 LAN B LAN 192.168.1.10 192.168.3.2 LAN C 192.168.4.15 Table 78 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS HEADQUARTERS All Telecommuter Rules: All Headquarters Rules: 0.0.0.0 My IP Address: bigcompanyhq.
Chapter 17 VPN 220 EMG5324-D10A User’s Guide
C HAPTER 18 VoIP 18.1 Overview Use this chapter to: • Connect an analog phone to the Device. • Make phone calls over the Internet, as well as the regular phone network. • Configure settings such as speed dial. • Configure network settings to optimize the voice quality of your phone calls. 18.1.1 What You Can Do in this Chapter These screens allow you to configure your Device to make phone calls over the Internet and your regular phone line, and to set up the phones you connect to the Device.
Chapter 18 VoIP SIP SIP stands for Session Initiation Protocol. SIP is a signalling standard that lets one network device (like a computer or the Device) send messages to another. In VoIP, these messages are about phone calls over the network. For example, when you dial a number on your Device, it sends a SIP message over the network asking the other device (the number you dialed) to take part in the call. SIP Accounts A SIP account is a type of VoIP account.
Chapter 18 VoIP • You should have the information your VoIP service provider gave you ready, before you start to configure the Device. 18.2 The SIP Service Provider Screen Use this screen to configure the SIP server information, QoS for VoIP calls, the numbers for certain phone functions and dialing plan. Click VoIP > SIP to open the SIP Service Provider screen. Note: Click more... to see all the fields in the screen. You don’t necessarily need to use all these fields to set up your account.
Chapter 18 VoIP The following table describes the labels in this screen. Table 79 VoIP > SIP > SIP Service Provider LABEL DESCRIPTION SIP Service Provider Selection Service Provider Selection Select the SIP service provider profile you want to use for the SIP account you configure in this screen. If you change this field, the screen automatically refreshes. General SIP Service Provider Select this if you want the Device to use this SIP provider.
Chapter 18 VoIP Table 79 VoIP > SIP > SIP Service Provider (continued) LABEL DESCRIPTION RTP Port Range Start Port End Port Enter the listening port number(s) for RTP traffic, if your VoIP service provider gave you this information. Otherwise, keep the default values. To enter one port number, enter the port number in the Start Port and End Port fields. To enter a range of ports, • • DTMF Mode enter the port number at the beginning of the range in the Start Port field.
Chapter 18 VoIP Table 79 VoIP > SIP > SIP Service Provider (continued) LABEL DESCRIPTION Dialing Interval Selection Dialing Interval Selection Enter the number of seconds the Device should wait after you stop dialing numbers before it makes the phone call. The value depends on how quickly you dial phone numbers. Phone Key Config Specify the key combinations for certain functions of the SIP phone.
Chapter 18 VoIP 18.3.1 Add/Edit SIP Account You can configure a new SIP account or edit one. To access this screen, click Add new SIP Account in the SIP Account screen or Edit icon next to an existing account. Figure 119 SIP Account Add/Edit Each field is described in the following table. Table 81 SIP Account Edit LABEL DESCRIPTION SIP Service Provider Selection Service Provider Selection Select the SIP service provider profile you want to use for the SIP account you configure in this screen.
Chapter 18 VoIP Table 81 SIP Account Edit (continued) LABEL DESCRIPTION SIP Account Selection This shows the SIP account you are configuring. General SIP Account Select the Active SIP Account check box if you want to use this account. Clear it if you do not want to use this account. SIP Account Number Enter your SIP number. In the full SIP URI, this is the part before the @ symbol. You can use up to 127 printable ASCII characters.
Chapter 18 VoIP Table 81 SIP Account Edit (continued) LABEL DESCRIPTION Active Call Waiting Select this to enable call waiting on the Device. This allows you to place a call on hold while you answer another incoming call on the same telephone (directory) number. Active Call Waiting Reject Time Specify a time of seconds that the Device waits before rejecting the second call if you do not answer it.
Chapter 18 VoIP 18.5 Phone Screen Use this screen to control which SIP accounts and PSTN line each phone uses. Click VoIP > Phone to access the Phone Device screen. Figure 120 VoIP > Phone > Phone Device The following table describes the labels in this screen. Table 82 VoIP > Phone > Phone Device LABEL DESCRIPTION # This is the index number of the entry. Phone ID This is the phone device number. Outgoing SIP Number This is the outgoing SIP number of the phone device.
Chapter 18 VoIP The following table describes the labels in this screen. Table 83 Phone Device: Edit LABEL DESCRIPTION SIP Account to Make Outgoing Call SIP Account Select the SIP account you want to use when making outgoing calls with the analog phone connected to this phone port. SIP Number This shows the SIP account number. SIP Account(s) to Receive Incoming Call SIP Account Select a SIP account if you want to receive phone calls for the selected SIP account on this phone port.
Chapter 18 VoIP 18.7 The Call Rule Screen Use this screen to add, edit, or remove speed-dial numbers for outgoing calls. Speed dial provides shortcuts for dialing frequently-used (VoIP) phone numbers. You also have to create speed-dial entries if you want to call SIP numbers that contain letters. Once you have configured a speed dial rule, you can use a shortcut (the speed dial number, #01 for example) on your phone's keypad to call the phone number. To access this screen, click VoIP > Call Rule.
Chapter 18 VoIP Table 85 VoIP > Call Rule (continued) LABEL DESCRIPTION Modify Use this field to edit or erase the speed-dial entry. Click the Edit icon to copy the information for this speed-dial entry into the Speed Dial section, where you can change it. Click Add when you finish editing to change the configurations. Click the Delete icon to erase this speed-dial entry. Clear Click this to erase all the speed-dial entries.
Chapter 18 VoIP SIP Service Domain The SIP service domain of the VoIP service provider is the domain name in a SIP URI. For example, if the SIP address is 1122334455@VoIP-provider.com, then “VoIP-provider.com” is the SIP service domain. SIP Registration Each Device is an individual SIP User Agent (UA). To provide voice service, it has a public IP address for SIP and RTP protocols to communicate with other servers.
Chapter 18 VoIP either A or B can act as a SIP user agent client to initiate a call. A and B can also both act as a SIP user agent to receive the call. Figure 124 SIP User Agent B A SIP Proxy Server A SIP proxy server receives requests from clients and forwards them to another server. In the following example, you want to use client device A to call someone who is using client device C. 1 The client device (A in the figure) sends a call invitation to the SIP proxy server B.
Chapter 18 VoIP 1 Client device A sends a call invitation for C to the SIP redirect server B. 2 The SIP redirect server sends the invitation back to A with C’s IP address (or domain name). 3 Client device A then sends the call invitation to client device C. Figure 126 SIP Redirect Server 1 2 A 3 B C SIP Register Server A SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register.
Chapter 18 VoIP Table 86 SIP Call Progression (continued) A B 5.Dialogue (voice traffic) 6. BYE 7. OK 1 A sends a SIP INVITE request to B. This message is an invitation for B to participate in a SIP telephone call. 2 B sends a response indicating that the telephone is ringing. 3 B sends an OK response after the call is answered. 4 A then sends an ACK message to acknowledge that B has answered the call. 5 Now A and B exchange voice media (talk).
Chapter 18 VoIP MWI (Message Waiting Indication) Enable Message Waiting Indication (MWI) enables your phone to give you a message–waiting (beeping) dial tone when you have a voice message(s). Your VoIP service provider must have a messaging system that sends message waiting status SIP packets as defined in RFC 3842. 18.8.
Chapter 18 VoIP VLAN Tagging Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical networks. Only stations within the same group can communicate with each other. Your Device can add IEEE 802.1Q VLAN ID tags to voice frames that it sends to the network. This allows the Device to communicate with a SIP server that is a member of the same VLAN group. Some ISPs use the VLAN tag to identify voice traffic and give it priority over other traffic. 18.8.
Chapter 18 VoIP After pressing the flash key, if you do not issue the sub-command before the default sub-command time-out (2 seconds) expires or issue an invalid sub-command, the current operation will be aborted. Table 87 European Flash Key Commands COMMAND SUB-COMMAND Flash DESCRIPTION Put a current call on hold to place a second call. Switch back to the call (if there is no second call). Flash 0 Drop the call presently on hold or reject an incoming call which is waiting for answer.
Chapter 18 VoIP European Call Transfer Do the following to transfer a call (that you have answered) to another phone number. 1 Press the flash key to put the caller on hold. 2 When you hear the dial tone, dial “*98#” followed by the number to which you want to transfer the call. to operate the Intercom. 3 After you hear the ring signal or the second party answers it, hang up the phone. European Three-Way Conference Use the following steps to make three-way conference calls.
Chapter 18 VoIP 242 EMG5324-D10A User’s Guide
C HAPTER 19 Logs 19.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the Device log and then display the logs or have the Device send them to an administrator (as e-mail) or to a syslog server. 19.1.1 What You Can Do in this Chapter • Use the System Log screen to see the system logs for the categories that you select (Section 19.2 on page 244). • Use the Phone Log screen to view phone logs and alert messages (Section 19.3 on page 245).
Chapter 19 Logs Table 88 Syslog Severity Levels CODE SEVERITY 3 Error: There is an error condition on the system. 4 Warning: There is a warning condition on the system. 5 Notice: There is a normal but significant condition on the system. 6 Informational: The syslog contains an informational message. 7 Debug: The message is intended for debug-level purposes. 19.2 The System Log Screen Click System Monitor > Log to open the System Log screen.
Chapter 19 Logs 19.3 The Phone Log Screen Click System Monitor > Log to open the Phone Log screen. Use this screen to view phone logs and alert messages. You can select the type of log and level of severity to display. Figure 129 System Monitor > Log > Phone Log The following table describes the fields in this screen. Table 90 System Monitor > Log > Phone Log LABEL DESCRIPTION Select a category of logs to view from the drop-down list box. select All Logs to view all logs.
Chapter 19 Logs The following table describes the fields in this screen. Table 91 System Monitor > Log > VoIP Call History LABEL DESCRIPTION Select a category of call records to view from the drop-down list box. select All Call History to view all call records. 246 Refresh Click this to renew the log screen. Clear Logs Click this to delete all the logs. # This field is a sequential value and is not associated with a specific entry. Time This field displays the time the call was recorded.
C HAPTER 20 Traffic Status 20.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN, LAN interfaces and NAT. 20.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 20.2 on page 247) . • Use the LAN screen to view the LAN traffic statistics (Section 20.3 on page 248). • Use the NAT screen to view the NAT status of the Device’s client(s) (Section 20.4 on page 249).
Chapter 20 Traffic Status Table 92 System Monitor > Traffic Status > WAN (continued) LABEL DESCRIPTION Connected Interface This shows the name of the WAN interface that is currently connected. Packets Sent Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface. Drop This indicates the number of outgoing packets dropped on this interface.
Chapter 20 Traffic Status Table 93 System Monitor > Traffic Status > LAN (continued) LABEL DESCRIPTION Error This indicates the number of frames with errors transmitted on this interface. Drop This indicates the number of outgoing packets dropped on this interface. Received (Packet) Data This indicates the number of received packets on this interface. Error This indicates the number of frames with errors received on this interface.
Chapter 20 Traffic Status 20.5 The 3G Backup Status Screen Click System Monitor > Traffic Status > 3G Backup to open the following screen. You can view the 3G connection traffic statistics in this screen. Figure 134 System Monitor > Traffic Status > 3G Backup The following table describes the fields in this screen. Table 95 System Monitor > Traffic Status > 3G backup LABEL DESCRIPTION Status This shows the number of bytes received and sent through the 3G interface of the Device.
Chapter 20 Traffic Status 20.6 The VoIP Status Screen Click System Monitor > VoIP Status to open the following screen. You can view the VoIP traffic statistics in this screen. Figure 135 System Monitor > VoIP Status The following table describes the fields in this screen. Table 96 System Monitor > VoIP Status LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen from the drop-down list box. SIP Status Account This column displays each SIP account in the Device.
Chapter 20 Traffic Status Table 96 System Monitor > VoIP Status (continued) LABEL DESCRIPTION Status This field displays the current state of the phone call. Idle - There are no current VoIP calls, incoming calls or outgoing calls being made. Dial - The callee’s phone is ringing. Ring - The phone is ringing for an incoming VoIP call. Process - There is a VoIP call in progress. DISC - The callee’s line is busy, the callee hung up or your phone was left off the hook.
C HAPTER 21 User Account 21.1 Overview You can configure system password for different user accounts in the User Account screen. 21.2 The User Account Screen Use the User Account screen to configure system password. Click Maintenance > User Account to open the following screen. Figure 136 Maintenance > User Account The following table describes the labels in this screen. Table 97 Maintenance > User Account LABEL DESCRIPTION User Name You can configure the password for the Admin and User accounts.
Chapter 21 User Account 254 EMG5324-D10A User’s Guide
C HAPTER 22 Remote MGMT 22.1 Overview Remote MGMT allows you to manage your Device from a remote location through the following interfaces: • LAN and WLAN • WAN only Note: The Device is managed using the web configurator. 22.1.1 What You Need to Know The following terms and concepts may help as you read this chapter TR-064 TR-064 is a LAN-Side DSL CPE Configuration protocol defined by the DSL Forum. TR-064 is built on top of UPnP.
Chapter 22 Remote MGMT 22.2 The Remote MGMT Screen Use this screen to decide what services you may use to access which Device interface. Click Maintenance > Remote MGMT to open the following screen. Figure 137 Maintenance > Remote MGMT The following table describes the fields in this screen. Table 98 Maintenance > Remote MGMT 256 LABEL DESCRIPTION Services This is the service you may use to access the Device.
C HAPTER 23 The SNMP Screen Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Your Device supports SNMP agent functionality, which allows a manager station to manage and monitor the Device through the network. The Device supports SNMP version one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation.
Chapter 23 The SNMP Screen • GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations. • Set - Allows the manager to set values for object variables within an agent. • Trap - Used by the agent to inform the manager of some events.
C HAPTER 24 System 24.1 Overview You can configure system settings, including the host name, domain name and the inactivity timeout interval in the System screen. 24.1.1 What You Need to Know The following terms and concepts may help as you read this chapter. Domain Name This is a network address that identifies the owner of a network connection. For example, in the network address “www.zyxel.com/support/files”, the domain name is “www.zyxel.com”. 24.
Chapter 24 System The following table describes the labels in this screen. Table 100 Maintenance > System LABEL DESCRIPTION Host Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name” in this field. This name can be up to 30 alphanumeric characters long. Spaces are not allowed, but dashes “-” and underscores "_" are accepted. Domain Name Enter the domain name (if you know it) here.
C HAPTER 25 Time Setting 25.1 Overview You can configure the system’s time and date in the Time Setting screen. 25.2 The Time Setting Screen To change your Device’s time and date, click Maintenance > Time. The screen appears as shown. Use this screen to configure the Device’s time based on your local time zone. Figure 141 Maintenance > Time Setting The following table describes the fields in this screen.
Chapter 25 Time Setting Table 101 Maintenance > System > Time Setting (continued) LABEL DESCRIPTION Daylight Savings Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.Select this option if you use Daylight Saving Time. Start Date Configure the day and time when Daylight Saving Time starts if you selected Daylight Savings. The o'clock field uses the 24 hour format.
C HAPTER 26 Log Setting 26.1 Overview You can configure where the Device sends logs and which logs and/or immediate alerts the Device records in the Log Setting screen. 26.2 The Log Setting Screen To change your Device’s log settings, click Maintenance > Log Setting. The screen appears as shown.
Chapter 26 Log Setting The following table describes the fields in this screen. Table 102 Maintenance > Log Setting LABEL DESCRIPTION Syslog Setting Syslog Logging The Device sends a log to an external syslog server. Select the Enable check box to enable syslog logging. Syslog Server Enter the server name or IP address of the syslog server that will log the selected categories of logs. UDP Port Enter the port number used by the syslog server.
C HAPTER 27 Firmware Upgrade 27.1 Overview This chapter explains how to upload new firmware to your Device. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your Device. 27.2 The Firmware Upgrade Screen Click Maintenance > Firmware Upgrade to open the following screen.
Chapter 27 Firmware Upgrade After you see the firmware updating screen, wait a few minutes before logging into the Device again. Figure 144 Firmware Uploading The Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 145 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.
C HAPTER 28 Backup/Restore 28.1 Overview The Backup/Restore screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 28.2 The Backup/Restore Screen Click Maintenance > Backup/Restore. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Chapter 28 Backup/Restore Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your Device. Table 104 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click this to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 28 Backup/Restore Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the Device to its factory defaults. The following warning screen appears. Figure 149 Reset Warning Message Figure 150 Reset In Process Message You can also press the RESET button on the back panel to reset the factory defaults of your Device. Refer to Section 1.7 on page 22 for more information on the RESET button. 28.
Chapter 28 Backup/Restore 270 EMG5324-D10A User’s Guide
C HAPTER 29 Diagnostic 29.1 Overview You can use different diagnostic methods to test a connection and see the detailed information. These read-only screens display information to help you identify problems with the Device. 29.2 The Ping/TraceRoute Screen Ping and traceroute help check availability of remote hosts and also help troubleshoot network or Internet connections. Click Maintenance > Diagnostic to open the Ping/TraceRoute screen shown next.
Chapter 29 Diagnostic 29.3 The DSL Line Screen Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Figure 152 Maintenance > Diagnostic > DSL Line The following table describes the fields in this screen.
C HAPTER 30 Troubleshooting 30.1 Overview This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • Device Access and Login • Internet Access • Wireless Internet Access • Phone Calls and VoIP • USB Device Connection • UPnP 30.2 Power, Hardware Connections, and LEDs The Device does not turn on. None of the LEDs turn on. 1 Make sure the Device is turned on.
Chapter 30 Troubleshooting 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Turn the Device off and on. 5 If the problem continues, contact the vendor. 30.3 Device Access and Login I forgot the IP address for the Device. 1 The default IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the Device by looking up the IP address of the default gateway for your computer.
Chapter 30 Troubleshooting 4 Reset the device to its factory defaults, and try to access the Device with the default IP address. See Section 1.7 on page 22. 5 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Try to access the Device using another service, such as Telnet. If you can access the Device, check the remote management settings and firewall rules to find out why the Device does not respond to HTTP.
Chapter 30 Troubleshooting 30.4 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.6 on page 20. 2 Make sure you entered your ISP account information correctly. These fields are case-sensitive, so make sure [Caps Lock] is not on. 3 If you are trying to access the Internet wirelessly, make sure the wireless settings in the wireless client are the same as the settings in the AP.
Chapter 30 Troubleshooting 3 If the problem continues, contact your ISP. The Internet connection is slow or intermittent. 1 There might be a lot of traffic on the network. Look at the LEDs, and check Section 1.6 on page 20. If the Device is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications. 2 Turn the Device off and on.
Chapter 30 Troubleshooting What wireless security modes does my Device support? Wireless security is vital to your network. It protects communications between wireless stations, access points and the wired network. The available security modes in your ZyXEL device are as follows: • WPA2-PSK: (recommended) This uses a pre-shared key with the WPA2 standard. • WPA-PSK: This has the device use either WPA-PSK or WPA2-PSK depending on which security mode the wireless client uses. • WPA2: WPA2 (IEEE 802.
Chapter 30 Troubleshooting 30.7 USB Device Connection The Device fails to detect my USB device. 1 Disconnect the USB device. 2 Reboot the Device. 3 If you are connecting a USB hard drive that comes with an external power supply, make sure it is connected to an appropriate power source that is on. 4 Re-connect your USB device to the Device. 30.8 UPnP When using UPnP and the Device reboots, my computer cannot detect UPnP and refresh My Network Places > Local Network.
Chapter 30 Troubleshooting 280 EMG5324-D10A User’s Guide
C HAPTER 31 Wall-mounting Instructions Do the following to hang your Device on a wall. Note: See Table 155 on page 282 for the size of screws to use and how far apart to place them. 1 Align the holes on the back of the supplied wall-mounting bracket with the screws. on the wall. 2 Locate a high position on a wall that is free of obstructions. Use a sturdy wall. 3 Drill two holes on the wall with screws inserted in the wall-mounting bracket. The distance between the screws is 132.3mm.
Chapter 31 Wall-mounting Instructions 5 Mount the Device on the wall-mounting bracket, which is already installed on the wall. Make sure that the Device is firmly attached to the bracket so it does not fall off. Figure 154 Wall-mounting -2 The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm).
A PPENDIX A IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (such as computers, servers, routers, and printers) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix A IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 156 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Appendix A IP Addresses and Subnetting Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks.
Appendix A IP Addresses and Subnetting The following table shows some possible subnet masks using both notations. Table 109 Alternative Subnet Mask Notation SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.0 /24 0000 0000 0 255.255.255.128 /25 1000 0000 128 255.255.255.192 /26 1100 0000 192 255.255.255.224 /27 1110 0000 224 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.
Appendix A IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two subnetworks, A and B. Figure 158 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.
Appendix A IP Addresses and Subnetting Table 110 Subnet 1 (continued) IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62 LAST OCTET BIT VALUE Table 111 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.
Appendix A IP Addresses and Subnetting The following table shows IP address last octet values for each subnet. Table 114 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number.
Appendix A IP Addresses and Subnetting Table 116 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 13 255.255.255.248 (/29) 8192 6 14 255.255.255.252 (/30) 16384 2 15 255.255.255.254 (/31) 32768 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation.
Appendix A IP Addresses and Subnetting IP Address Conflicts Each device on a network must have a unique IP address. Devices with duplicate IP addresses on the same network will not be able to access the Internet or other resources. The devices may also be unreachable through the network. Conflicting Computer IP Addresses Example More than one device can not use the same IP address.
Appendix A IP Addresses and Subnetting Conflicting Computer and Router IP Addresses Example More than one device can not use the same IP address. In the following example, the computer and the router’s LAN port both use 192.168.1.1 as the IP address. The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router’s LAN port.
A PPENDIX B Setting Up Your Computer’s IP Address Note: Your specific Device may not support all of the operating systems described in this appendix. See the product specifications for more information about which operating systems are supported. This appendix shows you how to configure the IP settings on your computer in order for it to be able to communicate with the other devices on your network.
Appendix B Setting Up Your Computer’s IP Address 1 Click Start > Control Panel. Figure 162 Windows XP: Start Menu 2 In the Control Panel, click the Network Connections icon.
Appendix B Setting Up Your Computer’s IP Address 3 Right-click Local Area Connection and then select Properties. Figure 164 Windows XP: Control Panel > Network Connections > Properties 4 On the General tab, select Internet Protocol (TCP/IP) and then click Properties.
Appendix B Setting Up Your Computer’s IP Address 5 The Internet Protocol TCP/IP Properties window opens. Figure 166 Windows XP: Internet Protocol (TCP/IP) Properties 6 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix B Setting Up Your Computer’s IP Address Windows Vista This section shows screens from Windows Vista Professional. 1 Click Start > Control Panel. Figure 167 Windows Vista: Start Menu 2 In the Control Panel, click the Network and Internet icon. Figure 168 Windows Vista: Control Panel 3 Click the Network and Sharing Center icon.
Appendix B Setting Up Your Computer’s IP Address 4 Click Manage network connections. Figure 170 Windows Vista: Network and Sharing Center 5 Right-click Local Area Connection and then select Properties. Figure 171 Windows Vista: Network and Sharing Center Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
Appendix B Setting Up Your Computer’s IP Address 6 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix B Setting Up Your Computer’s IP Address 7 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. Figure 173 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 8 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically.
Appendix B Setting Up Your Computer’s IP Address Windows 7 This section shows screens from Windows 7 Enterprise. 1 Click Start > Control Panel. Figure 174 Windows 7: Start Menu 2 In the Control Panel, click View network status and tasks under the Network and Internet category. Figure 175 Windows 7: Control Panel 3 Click Change adapter settings.
Appendix B Setting Up Your Computer’s IP Address 4 Double click Local Area Connection and then select Properties. Figure 177 Windows 7: Local Area Connection Status Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
Appendix B Setting Up Your Computer’s IP Address 5 Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
Appendix B Setting Up Your Computer’s IP Address 6 The Internet Protocol Version 4 (TCP/IPv4) Properties window opens. Figure 179 Windows 7: Internet Protocol Version 4 (TCP/IPv4) Properties 7 Select Obtain an IP address automatically if your network administrator or ISP assigns your IP address dynamically. Select Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields if you have a static IP address that was assigned to you by your network administrator or ISP.
Appendix B Setting Up Your Computer’s IP Address 3 The IP settings are displayed as follows. Figure 180 Windows 7: Internet Protocol Version 4 (TCP/IPv4) Properties Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. 1 Click Apple > System Preferences. Figure 181 Mac OS X 10.
Appendix B Setting Up Your Computer’s IP Address 2 In the System Preferences window, click the Network icon. Figure 182 Mac OS X 10.4: System Preferences 3 When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure. Figure 183 Mac OS X 10.
Appendix B Setting Up Your Computer’s IP Address 4 For dynamically assigned settings, select Using DHCP from the Configure IPv4 list in the TCP/IP tab. Figure 184 Mac OS X 10.4: Network Preferences > TCP/IP Tab. 5 For statically assigned settings, do the following: • From the Configure IPv4 list, select Manually. • In the IP Address field, type your IP address. • In the Subnet Mask field, type your subnet mask.
Appendix B Setting Up Your Computer’s IP Address • In the Router field, type the IP address of your device. Figure 185 Mac OS X 10.4: Network Preferences > Ethernet 6 Click Apply Now and close the window. Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab. Figure 186 Mac OS X 10.4: Network Utility Mac OS X: 10.5 The screens in this section are from Mac OS X 10.5.
Appendix B Setting Up Your Computer’s IP Address 1 Click Apple > System Preferences. Figure 187 Mac OS X 10.5: Apple Menu 2 In System Preferences, click the Network icon. Figure 188 Mac OS X 10.
Appendix B Setting Up Your Computer’s IP Address 3 When the Network preferences pane opens, select Ethernet from the list of available connection types. Figure 189 Mac OS X 10.5: Network Preferences > Ethernet 4 From the Configure list, select Using DHCP for dynamically assigned settings. 5 For statically assigned settings, do the following: • From the Configure list, select Manually. • In the IP Address field, enter your IP address. • In the Subnet Mask field, enter your subnet mask.
Appendix B Setting Up Your Computer’s IP Address • In the Router field, enter the IP address of your Device. Figure 190 Mac OS X 10.5: Network Preferences > Ethernet 6 Click Apply and close the window.
Appendix B Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network interface from the Info tab. Figure 191 Mac OS X 10.5: Network Utility Linux: Ubuntu 8 (GNOME) This section shows you how to configure your computer’s TCP/IP settings in the GNU Object Model Environment (GNOME) using the Ubuntu 8 Linux distribution.
Appendix B Setting Up Your Computer’s IP Address 2 When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password. Figure 193 Ubuntu 8: Network Settings > Connections 3 In the Authenticate window, enter your admin account name and password then click the Authenticate button.
Appendix B Setting Up Your Computer’s IP Address 4 In the Network Settings window, select the connection that you want to configure, then click Properties. Figure 195 Ubuntu 8: Network Settings > Connections 5 The Properties dialog box opens. Figure 196 Ubuntu 8: Network Settings > Properties • In the Configuration list, select Automatic Configuration (DHCP) if you have a dynamic IP address. • In the Configuration list, select Static IP address if you have a static IP address.
Appendix B Setting Up Your Computer’s IP Address 7 If you know your DNS server IP address(es), click the DNS tab in the Network Settings window and then enter the DNS server information in the fields provided. Figure 197 Ubuntu 8: Network Settings > DNS 8 Click the Close button to apply the changes.
Appendix B Setting Up Your Computer’s IP Address Verifying Settings Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices tab. The Interface Statistics column shows data if your connection is working properly. Figure 198 Ubuntu 8: Network Tools Linux: openSUSE 10.3 (KDE) This section shows you how to configure your computer’s TCP/IP settings in the K Desktop Environment (KDE) using the openSUSE 10.
Appendix B Setting Up Your Computer’s IP Address 1 Click K Menu > Computer > Administrator Settings (YaST). Figure 199 openSUSE 10.3: K Menu > Computer Menu 2 When the Run as Root - KDE su dialog opens, enter the admin password and click OK. Figure 200 openSUSE 10.
Appendix B Setting Up Your Computer’s IP Address 3 When the YaST Control Center window opens, select Network Devices and then click the Network Card icon. Figure 201 openSUSE 10.3: YaST Control Center 4 When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. Figure 202 openSUSE 10.
Appendix B Setting Up Your Computer’s IP Address 5 When the Network Card Setup window opens, click the Address tab Figure 203 openSUSE 10.3: Network Card Setup 6 Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields. 7 Click Next to save the changes and close the Network Card Setup window.
Appendix B Setting Up Your Computer’s IP Address 8 If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided. Figure 204 openSUSE 10.3: Network Settings 9 Click Finish to save your settings and close the window. Verifying Settings Click the KNetwork Manager icon on the Task bar to check your TCP/IP properties. From the Options sub-menu, select Show Connection Information. Figure 205 openSUSE 10.
Appendix B Setting Up Your Computer’s IP Address When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly.
Appendix B Setting Up Your Computer’s IP Address 322 EMG5324-D10A User’s Guide
A PPENDIX C Pop-up Windows, JavaScript and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScript (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Appendix C Pop-up Windows, JavaScript and Java Permissions 2 Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 208 Internet Options: Privacy 3 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 324 In Internet Explorer, select Tools, Internet Options and then the Privacy tab.
Appendix C Pop-up Windows, JavaScript and Java Permissions 2 Select Settings…to open the Pop-up Blocker Settings screen. Figure 209 Internet Options: Privacy 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1.
Appendix C Pop-up Windows, JavaScript and Java Permissions 4 Click Add to move the IP address to the list of Allowed sites. Figure 210 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. JavaScript If pages of the web configurator do not display properly in Internet Explorer, check that JavaScript are allowed.
Appendix C Pop-up Windows, JavaScript and Java Permissions 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 211 Internet Options: Security 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default).
Appendix C Pop-up Windows, JavaScript and Java Permissions 6 Click OK to close the window. Figure 212 Security Settings - Java Scripting Java Permissions 328 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected.
Appendix C Pop-up Windows, JavaScript and Java Permissions 5 Click OK to close the window. Figure 213 Security Settings - Java JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Appendix C Pop-up Windows, JavaScript and Java Permissions 3 Click OK to close the window. Figure 214 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, JavaScript and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
Appendix C Pop-up Windows, JavaScript and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen.
Appendix C Pop-up Windows, JavaScript and Java Permissions 332 EMG5324-D10A User’s Guide
A PPENDIX D Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix D Wireless LANs disabled, wireless client A and B can still access the wired network but cannot communicate with each other. Figure 218 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Appendix D Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. Figure 219 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area.
Appendix D Wireless LANs cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. Figure 220 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Appendix D Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Preamble Type Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet.
Appendix D Wireless LANs The following figure shows the relative effectiveness of these wireless security methods available on your Device. Table 118 Wireless Security Levels SECURITY LEVEL Least Secure SECURITY TYPE Unique SSID (Default) Unique SSID with Hide SSID Enabled MAC Address Filtering WEP Encryption IEEE802.
Appendix D Wireless LANs RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server. Types of RADIUS Messages The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access.
Appendix D Wireless LANs EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wireless client. The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. However, MD5 authentication has some weaknesses.
Appendix D Wireless LANs If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen. You may still configure and store keys, but they will not be used while dynamic WEP is enabled. Note: EAP-MD5 cannot be used with Dynamic WEP Key Exchange For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption.
Appendix D Wireless LANs called Rijndael. They both include a per-packet key mixing function, a Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. WPA and WPA2 regularly change and rotate the encryption keys so that the same encryption key is never used twice.
Appendix D Wireless LANs WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution system. 1 The AP passes the wireless client's authentication request to the RADIUS server.
Appendix D Wireless LANs 4 The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys. They use these keys to encrypt data exchanged between them. Figure 222 WPA(2)-PSK Authentication Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type.
Appendix D Wireless LANs Antenna Characteristics Frequency An antenna in the frequency of 2.4GHz (IEEE 802.11b and IEEE 802.11g) or 5GHz (IEEE 802.11a) is needed to communicate efficiently in a wireless LAN Radiation Pattern A radiation pattern is a diagram that allows you to visualize the shape of the antenna’s coverage area. Antenna Gain Antenna gain, measured in dB (decibel), is the increase in coverage within the RF beam width.
Appendix D Wireless LANs WiFi Protected Setup Your Device supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Each WPS connection works between two devices. Both devices must support WPS (check each device’s documentation to make sure).
Appendix D Wireless LANs 1 Decide which device you want to be the registrar (usually the AP) and which you want to be the enrollee (usually the client). 2 Look for the enrollee’s WPS PIN; it may be displayed on the device. If you don’t see it, log into the enrollee’s configuration interface and locate the PIN. Select the PIN connection mode (not PBC connection mode). See the device’s User’s Guide for how to do this - for the Device, see Section 6.4 on page 105.
Appendix D Wireless LANs The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method. Figure 223 Example WPS Process: PIN Method ENROLLEE REGISTRAR WPS This device’s WPS PIN: 123456 WPS Enter WPS PIN from other device: WPS START WPS START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION How WPS Works When two WPS-enabled devices connect, each device must assume a specific role.
Appendix D Wireless LANs The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. Figure 224 How WPS works ACTIVATE WPS ACTIVATE WPS WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The next time you use WPS, a different device can be the registrar if necessary.
Appendix D Wireless LANs is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information. Figure 225 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO AP1 CLIENT 1 In step 2, you add another wireless client to the network.
Appendix D Wireless LANs In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead.
Appendix D Wireless LANs • When you use the PBC method, there is a short period (from the moment you press the button on one device to the moment you press the button on the other device) when any WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct” enrollee, and cannot differentiate between your enrollee and a rogue device. This is a possible way for a hacker to gain access to a network. You can easily check to see if this has happened.
A PPENDIX E Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service.
Appendix E Common Services Table 121 Commonly Used Services (continued) 354 NAME PROTOCOL PORT(S) DESCRIPTION HTTP TCP 80 Hyper Text Transfer Protocol - a client/ server protocol for the world wide web. HTTPS TCP 443 HTTPS is a secured http session often used in e-commerce. ICMP User-Defined 1 Internet Control Message Protocol is often used for diagnostic or routing purposes. ICQ UDP 4000 This is a popular Internet chat program.
Appendix E Common Services Table 121 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SMTP TCP 25 Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another. SNMP TCP/UDP 161 Simple Network Management Program. SNMP-TRAPS TCP/UDP 162 Traps for use with the SNMP (RFC:1215).
Appendix E Common Services 356 EMG5324-D10A User’s Guide
A PPENDIX F IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted.
Appendix F IPv6 Link-local Address A link-local address uniquely identifies a device on the local network (the LAN). It is similar to a “private IP address” in IPv4. You can have the same link-local address on multiple interfaces on a device. A link-local unicast address has a predefined prefix of fe80::/10. The link-local unicast address format is as follows.
Appendix F IPv6 The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group.
Appendix F IPv6 MAC address and complements the seventh bit of the first byte of the MAC address. See the following example. MAC EUI-64 00 : 13 02 : 13 : 49 : 49 : 12 : 34 : 56 : FF : FE : 12 : 34 : 56 Stateless Autoconfiguration With stateless autoconfiguration in IPv6, addresses can be uniquely and automatically generated.
Appendix F IPv6 IA assigned to an interface to obtain configuration from a DHCP server for that interface. Each IA consists of a unique IAID and associated IP information. The IA type is the type of address in the IA. Each IA holds one type of address. IA_NA means an identity association for non-temporary addresses and IA_TA is an identity association for temporary addresses. An IA_NA option contains the T1 and T2 fields, but an IA_TA option does not.
Appendix F IPv6 ICMPv6 Internet Control Message Protocol for IPv6 (ICMPv6 or ICMP for IPv6) is defined in RFC 4443. ICMPv6 has a preceding Next Header value of 58, which is different from the value used to identify ICMP for IPv4. ICMPv6 is an integral part of IPv6. IPv6 nodes use ICMPv6 to report errors encountered in packet processing and perform other diagnostic functions, such as "ping".
Appendix F IPv6 and can be reached directly without passing through a router. If the address is unlink, the address is considered as the next hop. Otherwise, the Device determines the next-hop from the default router list or routing table. Once the next hop IP address is known, the Device looks into the neighbor cache to get the link-layer address and sends the packet when the neighbor is reachable.
Appendix F IPv6 also displays how to use the ipconfig command to see auto-generated IP addresses. C:\>ipv6 install Installing... Succeeded. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific IP Address. . . . . Subnet Mask . . . . IP Address. . . . . Default Gateway . . DNS . . . . . . . . Suffix . . . . . . . . . . . . . . . . . . . . . : : : : : 10.1.1.46 255.255.255.0 fe80::2d0:59ff:feb8:103c%4 10.1.1.
Appendix F IPv6 4 Double click Dibbler - a DHCPv6 client. 5 Click Start and then OK. 6 Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer.
Appendix F IPv6 366 1 Select Control Panel > Network and Sharing Center > Local Area Connection. 2 Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. 3 Click OK to save the change. 4 Click Close to exit the Local Area Connection Status screen. 5 Select Start > All Programs > Accessories > Command Prompt.
Appendix F IPv6 6 Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS IPv6 Address. . . . . . Link-local IPv6 Address IPv4 Address. . . . . . Subnet Mask . . . . . . Default Gateway . . . . EMG5324-D10A User’s Guide Suffix . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix F IPv6 368 EMG5324-D10A User’s Guide
A PPENDIX G Legal Information Copyright Copyright © 2012 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix G Legal Information • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Appendix G Legal Information Notices Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment. This device is designed for the WLAN 2.4 GHz and/or 5 GHz networks throughout the EC region and Switzerland, with restrictions in France. Ce produit est conçu pour les bandes de fréquences 2,4 GHz et/ou 5 GHz conformément à la législation Européenne.
Appendix G Legal Information Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com. Safety Warnings • • • • • • • • • • • • • • • • • • • • • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. Do NOT expose your device to dampness, dust or corrosive liquids. Do NOT store things on the device. Do NOT install, use, or service this device during a thunderstorm.
Index Index A blinking LEDs 20 ACK message 237 broadcast 92 ACL rule 182 BSS 113, 333 example 113 activation firewalls 178 media server 130 SIP ALG 168 SSID 104 wireless LAN scheduling 108 adding a printer example 55 administrator password 23 Advanced Encryption Standard, see AES AES 341 AH 211 algorithms 211 alternative subnet mask notation 286 antenna directional 345 gain 345 omni-directional 345 AP (Access Point) 335 applications Internet access 17 media server 130 activation 130 iTunes server 130
Index client-server protocol 234 DTMF 237 comfort noise generation 222 Dual-Tone MultiFrequency, see DTMF configuration 132 backup 267 firewalls 178 reset 269 restoring 268 DUID 83 Dynamic Host Configuration Protocol, see DHCP dynamic secure gateway address 202 dynamic WEP key exchange 340 copyright 369 CoS 160, 238 CTS (Clear to Send) 336 CTS threshold 110 E EAP Authentication 339 echo cancellation 222 D Encapsulation 91 MER 91 PPP over Ethernet 91 data fragment threshold 110 encapsulation 82,
Index G IP Address Assignment 91 IP pool 125 G.168 222 IP pool setup 132 Guide Quick Start 2 IPSec 201 algorithms 211 architecture 211 NAT 211 see also VPN H hidden node 335 host 253 host name 77 I IANA 133, 290 IBSS 333 ID type and content 216 IEEE 802.11g 337 IEEE 802.1Q 92 IEEE 802.
Index M P MAC 77, 185 Pairwise Master Key (PMK) 342, 343 MAC address 126 filter 111 passphrase 100 MAC address filtering 185 PBC 114 MAC filter 185 peer-to-peer calls 232 managing the device good habits 20 using FTP. See FTP.
Index call progression 236 client 234 identities 233 INVITE request 237 number 233 proxy server 235 redirect server 235 register server 236 servers 234 service domain 234 URI 233 user agent 234 R RADIUS 338 message types 339 messages 339 shared secret key 339 RADIUS server 111 Real time Transport Protocol, see RTP registration product 372 related documentation 2 Request To Send, see RTS reset 269 SIP ALG 168 activation 168 RESET button 22 speed dial 232 restart 269 restoring configuration 268 SSID 11
Index thresholds data fragment 110 RTS/CTS 110 VLAN Identifier See VID TKIP 341 voice coding 237 ToS 238 trusted CAs, and certificates 195 VoIP 233 features 18 peer-to-peer calls 232 tutorial 39 tunnel mode 213 VoIP features 18 tutorial VoIP 39 wireless 31 VoIP status 251 TPID 92 trademarks 369 Type of Service, see ToS VLAN tag 92 voice activity detection 222 VPN 201 established in two phases 201 IPSec 201 security associations (SA) 201 see also IKE SA, IPSec SA U unicast 92 Uniform Resource
Index RADIUS server 111 RTS/CTS threshold 110 scheduling 108 security 110 SSID 111 activation 104 WEP 112 WPA 112 WPA-PSK 112 WPS 113, 116 example 117 limitations 118 PIN 114 push button 114 push button 114 wireless network example 95 wireless security 337 WLAN 95 auto-scan channel 98 interference 335 passphrase 100 scheduling 108 security parameters 344 see also wireless.
Index 380 EMG5324-D10A User’s Guide
Index EMG5324-D10A User’s Guide 381
Index 382 EMG5324-D10A User’s Guide