VMG5313-B10A / VMG5313B30A Wireless N VDSL2 VoIP IAD with USB Version 1.00 Edition 3, 09/2014 Quick Start Guide User’s Guide Default Login Details LAN IP Address Login http://192.168.1.1 www.zyxel.com Password Default URL admin, zyuser 1234, 1234 http://192.168.1.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate. Related Documentation • Quick Start Guide The Quick Start Guide shows how to connect the VMG and get up and running right away.
Contents Overview Contents Overview User’s Guide .......................................................................................................................................15 Introducing the VMG ...............................................................................................................................17 The Web Configurator .............................................................................................................................23 Quick Start .............
Contents Overview Log Setting ...........................................................................................................................................329 Firmware Upgrade ................................................................................................................................333 Configuration .........................................................................................................................................337 Diagnostic .......................
Table of Contents Table of Contents Contents Overview ..............................................................................................................................3 Table of Contents .................................................................................................................................5 Part I: User’s Guide ......................................................................................... 15 Chapter 1 Introducing the VMG ...................................
Table of Contents 4.4 Setting Up a Secure Wireless Network .............................................................................................41 4.4.1 Configuring the Wireless Network Settings .............................................................................41 4.4.2 Using WPS ..............................................................................................................................42 4.4.3 Without WPS .................................................................
Table of Contents Chapter 7 Wireless .............................................................................................................................................107 7.1 Overview .........................................................................................................................................107 7.1.1 What You Can Do in this Chapter ..........................................................................................107 7.1.2 What You Need to Know ...............
Table of Contents 8.9 Technical Reference ........................................................................................................................152 8.9.1 LANs, WANs and the VMG ....................................................................................................152 8.9.2 DHCP Setup ..........................................................................................................................152 8.9.3 DNS Server Addresses ..........................................
Table of Contents 11.5 The DMZ Screen ...........................................................................................................................189 11.6 The ALG Screen ............................................................................................................................190 11.7 The Address Mapping Screen .......................................................................................................191 11.7.1 Add/Edit Address Mapping Rule ......................
Table of Contents 15.3 The Media Server Screen .............................................................................................................215 15.4 Print Server ..................................................................................................................................216 15.4.1 Before You Begin .................................................................................................................216 15.4.2 The Print Server Screen ...........................
Table of Contents Chapter 21 Certificates ........................................................................................................................................243 21.1 Overview .......................................................................................................................................243 21.1.1 What You Can Do in this Chapter ........................................................................................243 21.2 What You Need to Know ..................
Table of Contents 23.9 The Call History Incoming Calls Screen ........................................................................................282 23.10 Technical Reference ....................................................................................................................282 23.10.1 Quality of Service (QoS) ....................................................................................................290 23.10.2 Phone Services Overview ..........................................
Table of Contents 30.2 The Remote MGMT Screen ..........................................................................................................315 30.3 The Trust Domain Screen .............................................................................................................316 30.4 The Add Trust Domain Screen ......................................................................................................317 Chapter 31 TR-069 Client.................................................
Table of Contents 38.1 Overview .......................................................................................................................................337 38.2 The Configuration Screen .............................................................................................................337 38.3 The Reboot Screen .......................................................................................................................339 Chapter 39 Diagnostic ............................
P ART I User’s Guide 15
C HAPT ER 1 Introducing the VMG 1.1 Overview In this guide we refer to all models in the series as the VMG. The exact model name is used for explicit references. The VMG is a combo WAN (DSL, Ethernet and 3G in order of priority) gateway with VoIP capabilities and high speed LAN and WAN access for business users. It is equipped with four LAN ports, of which port number four can be converted into a WAN port, two phone ports that can be connected to make VoIP calls and one USB 2.0 port for file sharing.
Chapter 1 Introducing the VMG • Back up the configuration (and make sure you know how to restore it). Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes. If you forget your password, you will have to reset the VMG to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the VMG. You could simply restore your last configuration. 1.
Chapter 1 Introducing the VMG Figure 1 VMG’s Internet Access Application WLAN WAN Bridging IPoE PPPoE ADSL / VDSL LAN A WLAN WAN Bridging PPPoE IPoE PPPoA IPoA ADSL LAN A WLAN WAN Bridging PPPoE IPoE LAN Ethernet A You can also configure IP filtering on the VMG for secure Internet access. Click Security > MAC Filter to set the IP Filtering. When the IP filter is on, all incoming traffic from the Internet to your network is blocked by default unless it is initiated from your network.
Chapter 1 Introducing the VMG File Sharing Use the built-in USB 2.0 port to share files on a USB memory stick or a USB hard drive (B). You can connect one USB hard drive to the VMG at a time. Use FTP to access the files on the USB device. Figure 2 USB File Sharing Application B A 1.6 LEDs (Lights) The following graphic displays the labels of the LEDs. PWR/ DSL SYS INTERNET LAN1 LAN2 LAN3 LAN4 Wi-Fi PHONE1 PHONE2 USB None of the LEDs are on if the VMG is not receiving power.
Chapter 1 Introducing the VMG Table 1 LED Descriptions (continued) LED COLOR STATUS DESCRIPTION INTERNET Green On The VMG has an IP connection but no traffic. Your device has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up. LAN WiFi 2.4G Blinking The VMG is sending or receiving IP traffic. Off There is no Internet connection or the gateway is in bridged mode.
Chapter 1 Introducing the VMG 1.8 Wireless Access The VMG is a wireless Access Point (AP) for wireless clients, such as notebook computers or PDAs and iPads. It allows them to connect to the Internet without having to rely on inconvenient Ethernet cables. You can configure your wireless network in either the built-in Web Configurator, or using the WPS button. Figure 3 Wireless Access Example 1.8.1 Using the Wi-Fi and WPS Buttons If the wireless network is turned off, press the Wi-Fi button for one second.
C HAPT ER 2 The Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy VMG setup and management via Internet browser. Use Internet Explorer 8.0 and later versions or Mozilla Firefox 3 and later versions or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: • Web browser pop-up windows from your VMG.
Chapter 2 The Web Configurator 4 The following screen displays if you have not yet changed your password. It is strongly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Skip to proceed to the main menu if you do not want to change the password now. Figure 5 Change Password Screen 5 The Quick Start Wizard screen appears. You can configure the VMG’s time zone, basic Internet access, and wireless settings.
Chapter 2 The Web Configurator 2.2 Web Configurator Layout Figure 7 Screen Layout A B C As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar provides some icons in the upper right corner.
Chapter 2 The Web Configurator The icons provide the following functions. Table 2 Web Configurator Icons in the Title Bar ICON DESCRIPTION Language: Select the language you prefer. Quick Start: Click this icon to open screens where you can configure the VMG’s time zone Internet access, and wireless settings. Logout: Click this icon to log out of the web configurator. 2.2.2 Main Window The main window displays information and configuration fields. It is discussed in the rest of this document.
Chapter 2 The Web Configurator 2.2.3 Navigation Panel Use the menu items on the navigation panel to open screens to configure VMG features. The following tables describe each menu item. Table 3 Navigation Panel Summary LINK TAB FUNCTION Connection Status This screen shows the network status of the VMG and computers/ devices connected to it.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK TAB FUNCTION Static Route Use this screen to view and set up static routes on the VMG. DNS Route Use this screen to forward DNS queries for certain domain names through a specific WAN interface to its DNS server(s). Policy Forwarding Use this screen to configure policy routing on the VMG. RIP Use this screen to configure Routing Information Protocol to exchange routing information with other routers.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK TAB FUNCTION General Use this screen to configure the security level of your firewall. Protocol Use this screen to add Internet services and configure firewall rules. Access Control Use this screen to enable specific traffic directions for network services. DoS Use this screen to activate protection against Denial of Service (DoS) attacks.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK Log TAB FUNCTION System Log Use this screen to view the status of events that occurred to the VMG. You can export or e-mail the logs. Security Log Use this screen to view all security related events. You can select level and category of the security events in their proper drop-down list window.
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK TAB FUNCTION Email Notification Email Notification Use this screen to configure up to two mail servers and sender addresses on the VMG. Log Setting Log Setting Use this screen to change your VMG’s log settings. Firmware Upgrade Firmware Upgrade Use this screen to upload firmware to your VMG.
Chapter 2 The Web Configurator VMG5313-B10A/-B30A Series User’s Guide 32
C HAPT ER 3 Quick Start 3.1 Overview Use the Quick Start screens to configure the VMG’s time zone, basic Internet access, and wireless settings. Note: See the technical reference chapters (starting on Chapter 4 on page 35) for background information on the features in this chapter. 3.2 Quick Start Setup 1 The Quick Start Wizard appears automatically after login. Or you can click the Click Start icon in the top right corner of the web configurator to open the quick start screens.
Chapter 3 Quick Start Figure 10 Quick Start - Internet Connection 3 Turn the wireless LAN on or off. If you keep it on, record the security settings so you can configure your wireless clients to connect to the VMG. Click Save. Figure 11 Quick Start - Wireless 4 Your VMG saves your settings and attempts to connect to the Internet.
C HAPT ER 4 Tutorials 4.1 Overview This chapter shows you how to use the VMG’s various features. • Setting Up an Ethernet WAN Connection, see page 35 • Configure the Broadband screen as follows.
Chapter 4 Tutorials 3 The Broadband summary screen then appears as follows.
Chapter 4 Tutorials 4 Next, go to Broadband > Ethernet WAN, select Enable and then click Apply. 5 After the connection is set up, connect LAN port 4 to a broadband router or modem for Internet access. Note: The DSL Internet connection and the Ethernet Internet connection cannot operate at the same time. 4.3 Setting Up an ADSL PPPoE Connection This tutorial shows you how to set up an ADSL Internet connection using the Web Configurator.
Chapter 4 Tutorials 2 In this example, the DSL connection has the following information. General Name MyDSLConnection Type ADSL Connection Mode Routing Encapsulation PPPoE IPv6/IPv4 Mode IPv4 ATM PVC Configuration VPI/VCI 36/48 Encapsulation Mode LLC/SNAP-Bridging Service Category UBR without PCR Account Information PPP User Name 1234@DSL-Ex.com PPP Password ABCDEF! PPPoE Service Name MyDSL Static IP Address 192.168.1.
Chapter 4 Tutorials 5 Configure this rule as your default Internet connection by selecting the Apply as Default Gateway check box. Then select DNS as Static and enter the DNS server addresses provided to you, such as 192.168.5.2 (DNS server1)/192.168.5.1 (DNS server2). 6 Leave the rest of the fields to the default settings. 7 Click Apply to save your settings.
Chapter 4 Tutorials VMG5313-B10A/-B30A Series User’s Guide 40
Chapter 4 Tutorials 8 You should see a summary of your new DSL connection setup in the Broadband screen as follows. Try to connect to a website to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens. 4.4 Setting Up a Secure Wireless Network Thomas wants to set up a wireless network so that he can use his notebook to access the Internet.
Chapter 4 Tutorials 2 Go to the Wireless > Others screen and select 802.11b/g/n Mixed in the 802.11 Mode field. Click Apply. Thomas can now use the WPS feature to establish a wireless connection between his notebook and the VMG (see Section 4.4.2 on page 42). He can also use the notebook’s wireless client to search for the VMG (see Section 4.4.3 on page 46). 4.4.2 Using WPS This section shows you how to set up a wireless network using WPS.
Chapter 4 Tutorials There are two WPS methods to set up the wireless client settings: • Push Button Configuration (PBC) - simply press a button. This is the easier of the two methods. • PIN Configuration - configure a Personal Identification Number (PIN) on the VMG. A wireless client must also use the same PIN in order to download the wireless network settings from the VMG.
Chapter 4 Tutorials The VMG sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the VMG securely. The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both VMG and wireless client.
Chapter 4 Tutorials 3 Enter the PIN number of the wireless client and click the Register button. Activate WPS function on the wireless client utility screen within two minutes. The VMG authenticates the wireless client and sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the VMG securely.
Chapter 4 Tutorials Example WPS Process: PIN Method Wireless Client ZyXEL Device WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION 4.4.3 Without WPS Use the wireless adapter’s utility installed on the notebook to search for the “Example” SSID. Then enter the “DoNotStealMyWirelessNetwork” pre-shared key to establish an wireless Internet connection. Note: The VMG supports IEEE 802.11b and IEEE 802.11g wireless clients.
Chapter 4 Tutorials 4.5 Setting Up Multiple Wireless Groups Company A wants to create different wireless network groups for different types of users as shown in the following figure. Each group has its own SSID and security mode. Company Guest VIP • Employees in Company A will use a general Company wireless network group. • Higher management level and important visitors will use the VIP group. • Visiting guests will use the Guest group, which has a different SSID and password.
Chapter 4 Tutorials 2 Click Network Setting > Wireless > Guest/More AP to open the following screen. Click the Edit icon to configure the second wireless network group. 3 Configure the screen using the provided parameters and click Apply.
Chapter 4 Tutorials 4 In the Guest/More AP screen, click the Edit icon to configure the third wireless network group.Configure the screen using the provided parameters and click Apply.
Chapter 4 Tutorials 5 Check the status of VIP and Guest in the Guest/More AP screen. The yellow bulbs signify that the SSIDs are active and ready for wireless access. 4.6 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the VMG’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings.
Chapter 4 Tutorials In the following figure, router R is connected to the VMG’s LAN. R connects to two networks, N1 (192.168.1.x/24) and N2 (192.168.10.x/24). If you want to send traffic from computer A (in N1 network) to computer B (in N2 network), the traffic is sent to the VMG’s WAN default gateway by default. In this case, B will never receive the traffic. N1 A R N2 B You need to specify a static routing rule on the VMG to specify R as the router in charge of forwarding traffic to N2.
Chapter 4 Tutorials Table 4 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS R’s N1 192.168.1.253 R’s N2 192.168.10.2 B 192.168.10.33 To configure a static route to route traffic from N1 to N2: 1 Log into the VMG’s Web Configurator in advanced mode. 2 Click Network Setting > Routing. 3 Click Add new static route in the Static Route screen. 4 Configure the Static Route Setup screen using the following settings: 4a Select the Active check box. Enter the Route Name as R.
Chapter 4 Tutorials 4.7 Configuring QoS Queue and Class Setup This section contains tutorials on how you can configure the QoS screen. Let’s say you are a team leader of a small sales branch office. You want to prioritize e-mail traffic because your task includes sending urgent updates to clients at least twice every hour. You also upload data files (such as logs and e-mail archives) to the FTP server throughout the day.
Chapter 4 Tutorials Tutorial: Advanced > QoS 2 Click Queue Setup > Add new Queue to cr 3 eate a new queue. In the screen that opens, check Active and enter or select the following values: • Name: E-mail • Interface: WAN • Priority: 1 (High) • Weight: 8 • Rate Limit: 5,000 (kbps) Tutorial: Advanced > QoS > Queue Setup 4 Click Class Setup > Add new Classifier to create a new class. Check Active and follow the settings as shown in the screen below.
Chapter 4 Tutorials Tutorial: Advanced > QoS > Class Setup Class Name Give a class name to this traffic, such as E-mail in this example. From Interface This is the interface from which the traffic will be coming from. Select LAN1 for this example. Ether Type Select IP to identify the traffic source by its IP address or MAC address. IP Address Type the IP address of your computer - 192.168.1.23. Type the IP Subnet Mask if you know it.
Chapter 4 Tutorials This maps e-mail traffic coming from port 25 to the highest priority, which you have created in the previous screen (see the IP Protocol field). This also maps your computer’s IP address and MAC address to the E-mail queue (see the Source fields). 5 Verify that the queue setup works by checking Network Setting > QoS > Monitor. This shows the bandwidth allotted to e-mail traffic compared to other network traffic. 4.
Chapter 4 Tutorials 4.8.2 Configuring DDNS on Your VMG Configure the following settings in the Network Setting > DNS > Dynamic DNS screen. • Select Enable Dynamic DNS. • Select www.DynDNS.com as the service provider. • Type zyxelrouter.dyndns.org in the Host Name field. • Enter the user name (UserName1) and password (12345). Click Apply. 4.8.3 Testing the DDNS Setting Now you should be able to access the VMG from the Internet. To test this: 1 Open a web browser on the computer (using the IP address a.b.
Chapter 4 Tutorials Thomas Josephine 1 Click Security > MAC Filter to open the MAC Filter screen. Select the Enable check box to activate MAC filter function. 2 Select Allow. Then enter the host name and MAC address of Thomas’ computer in this screen. Click Apply. Thomas can also grant access to the computers of other members of his family and friends. However, Josephine and others not listed in this screen will no longer be able to access the Internet through the VMG. 4.
Chapter 4 Tutorials 1 In FileZilla enter the IP address of the VMG (the default is 192.168.1.1), your account’s user name and password and port 21 and click Quickconnect. A screen asking for password authentication appears. File Sharing via Windows Explorer 2 Once you log in the USB device displays in the mnt folder.
Chapter 4 Tutorials 4.11 Using the Media Server Feature Use the media server feature to play files on a computer or on your television (using DMA-2500). This section shows you how the media server feature works using the following media clients: • Microsoft (MS) Windows Media Player Media Server works with Windows Vista and Windows 7. Make sure your computer is able to play media files (music, videos and pictures).
Chapter 4 Tutorials Windows Vista 1 Open Windows Media Player and click Library > Media Sharing as follows. Tutorial: Media Sharing using Windows Vista 2 Check Find media that others are sharing in the following screen and click OK. Tutorial: Media Sharing using Windows Vista (2) 3 In the Library screen, check the left panel. The Windows Media Player should detect the VMG.
Chapter 4 Tutorials Tutorial: Media Sharing using Windows Vista (3) The VMG displays as a playlist. Clicking on the category icons in the right panel shows you the media files in the USB storage device attached to your VMG. Windows 7 1 Open Windows Media Player. It should automatically detect the VMG. Tutorial: Media Sharing using Windows 7 (1) If you cannot see the VMG in the left panel as shown above, right-click Other Libraries > Refresh Other Libraries.
Chapter 4 Tutorials Tutorial: Media Sharing using Windows 7 (2) 3 In the right panel, you should see a list of files available in the USB storage device. Tutorial: Media Sharing using Windows 7 (2) 4.11.3 Using a Digital Media Adapter This section shows you how you can use the VMG with a ZyXEL DMA-2500 to play media files stored in the USB storage device in your TV screen.
Chapter 4 Tutorials Tutorial: Media Server Setup (Using DMA) USB Storage Device DMA-2500 ZyXEL Device 2 Turn on the TV and wait for the DMA-2500 Home screen to appear. Using the remote control, go to MyMedia to open the following screen. Select the VMG as your media server. Tutorial: Media Sharing using DMA-2500 3 The screen shows you the list of available media files in the USB storage device. Select the file you want to open and push the Play button in the remote control.
Chapter 4 Tutorials 4.12 Using the Print Server Feature The VMG allows you to share a USB printer on your LAN. You can do this by connecting a USB printer to one of the USB ports on the VMG and then adding the printer on the computers connected to your network. In this section you can: • Add a New Printer Using Windows • Add a New Printer Using Macintosh OS X Add a New Printer Using Windows This example shows how to connect a printer to your VMG using the Windows 7 operating system.
Chapter 4 Tutorials Tutorial: Printers Folder 2 The Add Printer wizard screen displays. Click Add a network, wireless or Bluetooth printer. Tutorial: Add Printer Wizard: Welcome 3 Click The printer that I want isn’t listed.
Chapter 4 Tutorials Tutorial: Add Printer Wizard: Welcome 4 Select the Select a shared printer by name option. Enter the URL for your printer, http:// 192.168.1.1:631/printers/USB_PRINTER, in this example. This URL can be found in the VMG’s Web Configurator on the Network Setting > USB Service > Printer Server screen. Click Next.
Chapter 4 Tutorials Tutorial: Add Printer Wizard: Welcome 5 Install the printer driver. Please check the Windows CD if it includes the printer driver. If not, please install the driver from the CD included with your printer or by downloading it from the printer vendor’s website. 6 After the printer driver installs successfully, choose if you want to set this printer to be the default.
Chapter 4 Tutorials 3 Double-click the Applications folder. Tutorial: Macintosh HD folder 4 Double-click the Utilities folder. Tutorial: Applications Folder 5 Double-click the Print Center icon. Tutorial: Utilities Folder 6 Click the Add icon at the top of the screen. Tutorial: Printer List Folder 7 Set up your printer in the Printer List configuration screen. Select IP Printing from the dropdown list box. 8 In the Printer’s Address field, type the IP address of your VMG.
Chapter 4 Tutorials 11 Select your Printer Model from the drop-down list box. If the printer's model is not listed, select Generic. Tutorial: Printer Configuration 12 Click Add to select a printer model, save and close the Printer List configuration screen. Tutorial: Printer Model 13 The Name LP1 on 192.168.1.1 displays in the Printer List field. The default printer Name displays in bold type. Tutorial: Print Server Your Macintosh print server driver setup is complete.
P ART II Technical Reference 71
C HAPT ER 5 Network Map and Status Screens 5.1 Overview After you log into the Web Configurator, the Network Map screen appears. This shows the network connection status of the Device and clients connected to it. You can use the Status screen to look at the current status of the Device, system resources, and interfaces (LAN, WAN, and WLAN). 5.2 The Network Map Screen Use this screen to view the network connection status of the device and its clients.
Chapter 5 Network Map and Status Screens If you want to view information about a client, click the client’s name and Info. Click the IP address if you want to change it. If you want to change the name or icon of the client, click Change name/ icon. If you prefer to view the status in a list, click List View in the Viewing mode selection box. You can configure how often you want the Device to update this screen in Refresh interval. Figure 13 Network Map: List View Mode 5.
Chapter 5 Network Map and Status Screens Each field is described in the following table. Table 5 Status Screen LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Device Information Host Name This field displays the VMG system name. It is used for identification. Model Number This shows the model number of your VMG. Serial Number This shows the unique serial number of your VMG. Firmware Version This is the current version of the firmware inside the VMG.
Chapter 5 Network Map and Status Screens Table 5 Status Screen (continued) LABEL DESCRIPTION System Up Time This field displays how long the VMG has been running since it last started up. The VMG starts up when you plug it in, when you restart it (Maintenance > Reboot), or when you reset it. Current Date/ Time This field displays the current date and time in the VMG. You can change this in Maintenance> Time Setting.
Chapter 5 Network Map and Status Screens Table 5 Status Screen (continued) LABEL DESCRIPTION Account Status This field displays the current registration status of the SIP account. You have to register SIP accounts with a SIP server to use VoIP. Inactive - The SIP account is not active. You can activate it in VoIP > SIP > SIP Account. Not Registered - The last time the VMG tried to register the SIP account with the SIP server, the attempt failed. Use the Register button to register the account again.
Chapter 5 Network Map and Status Screens VMG5313-B10A/-B30A Series User’s Guide 78
C HAPT ER 6 Broadband 6.1 Overview This chapter discusses the VMG’s Broadband screens. Use these screens to configure your VMG for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations. Figure 15 LAN and WAN WAN 6.1.
Chapter 6 Broadband Table 6 WAN Setup Overview LAYER-2 INTERFACE INTERNET CONNECTION CONNECTION DSL LINK TYPE MODE ENCAPSULATION CONNECTION SETTINGS ADSL over ATM EoA Routing PPPoE/PPP0A ATM PVC configuration, PPP information, IPv4/IPv6 IP address, routing feature, DNS server, VLAN, QoS, and MTU IPoE/IPoA ATM PVC configuration, IPv4/IPv6 IP address, routing feature, DNS server, VLAN, QoS, and MTU Bridge N/A ATM PVC configuration, and QoS Routing IPoE/PPPoE PPP information, IPv4/IPv6 IP a
Chapter 6 Broadband IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be written as 2001:db8:1a2b:15:0:0:1a2f:0. • Any number of consecutive blocks of zeros can be replaced by a double colon.
Chapter 6 Broadband Figure 16 IPv6 Rapid Deployment LAN - IPv6 - IPv4 WAN - IPv4 - IPv6 in IPv4 ISP (IPv4) IPv6 in IPv4 IPv6 + IPv4 BR IPv6 Internet IPv4 IPv4 Internet Dual Stack Lite Use Dual Stack Lite when local network computers use IPv4 and the ISP has an IPv6 network. When the VMG has an IPv6 WAN address and you set IPv6/IPv4 Mode to IPv6 Only, you can enable Dual Stack Lite to use IPv4 computers and services.
Chapter 6 Broadband 6.2 The Broadband Screen Use this screen to change your VMG’s Internet access settings. Click Network Setting > Broadband from the menu. The summary table shows you the configured WAN services (connections) on the VMG.
Chapter 6 Broadband The following table describes the labels in this screen. Table 7 Network Setting > Broadband LABEL DESCRIPTION Add New WAN Interface Click this button to create a new connection. # This is the index number of the entry. Name This is the service name of the connection. Type This shows whether it is an ATM, Ethernet or a PTM connection. Mode This shows whether the connection is in routing or bridge mode.
Chapter 6 Broadband 6.2.1 Add/Edit Internet Connection Click Add New WAN Interface in the Broadband screen or the Edit icon next to an existing WAN interface to configure a WAN connection. The screen varies depending on the interface type, mode, encapsulation, and IPv6/IPv4 mode you select. 6.2.1.1 Routing Mode Use Routing mode if your ISP give you one IP address only and you want multiple computers to share an Internet account.
Chapter 6 Broadband The following table describes the labels in this screen. Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) LABEL DESCRIPTION General Active Select this to enable the interface. Name Specify a descriptive name for this connection. Type Select whether it is an ADSL/VDSL over PTM, ADSL over ATM connection or Ethernet. Mode Select Routing if your ISP give you one IP address only and you want multiple computers to share an Internet account.
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION Service Category Select UBR Without PCR or UBR With PCR for applications that are non-time sensitive, such as e-mail. Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select Non Realtime VBR (non real-time Variable Bit Rate) for connections that do not require closely controlled delay and delay variation.
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DHCP option 43 Enable Static IP Address DESCRIPTION This field displays when editing an existing WAN interface. Type the vender specific information you want the VMG to add in the DHCP Offer packets. The information is used, for example, for configuring an ACS’s (Auto Configuration Server) URL. Select this option If the ISP assigned a fixed IP address.
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION IPv4 Mask Length Enter the subnet mask number (1~32) for the IPv4 network. 6RD Border Relay Server IP When you set the 6RD Type to Static, specify the relay server’s IPv4 address in this field. 6RD IPv6 Prefix Enter an IPv6 prefix for tunneling IPv6 traffic to the ISP’s border relay router and connecting to the native IPv6 Internet.
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION Rate Limit Enter the rate limit for the connection. This is the maximum transmission rate allowed for traffic on this connection. WAN Outgoing Default Tag Select Enable and enter a DSCP (DiffServ Code Point) value to have the VMG add it in the packets sent by this WAN interface.
Chapter 6 Broadband The following table describes the fields in this screen. Table 9 Network Setting > Broadband > Add New WAN Interface/Edit (Bridge Mode) LABEL DESCRIPTION General Active Select this to enable the interface. Name Enter a service name of the connection. Type Select ADSL/VDSL over PTM as the interface that you want to configure. The VMG uses the VDSL technology for data transmission over the DSL port.
Chapter 6 Broadband Note: The actual data rate you obtain varies depending the 3G card you use, the signal strength to the service provider’s base station, and so on. Figure 22 Network Setting > Broadband > 3G Backup The following table describes the labels in this screen. Table 10 Network Setting > Broadband > 3G Backup LABEL DESCRIPTION General 3G Backup Select Enable to have the VMG use the 3G connection as your WAN or a backup when the wired WAN connection fails.
Chapter 6 Broadband Table 10 Network Setting > Broadband > 3G Backup (continued) LABEL DESCRIPTION Username Type the user name (of up to 64 ASCII printable characters) given to you by your service provider. Password Type the password (of up to 64 ASCII printable characters) associated with the user name above. PIN A PIN (Personal Identification Number) code is a key to a 3G card. Without the PIN code, you cannot use the 3G card.
Chapter 6 Broadband Table 10 Network Setting > Broadband > 3G Backup (continued) LABEL DESCRIPTION Send Notification to Email Notifications are sent to the e-mail address specified in this field. If this field is left blank, notifications cannot be sent via e-mail. Advanced Click this to show the advanced 3G backup settings. Budget Setup Enable Budget Control Select Enable to set a monthly limit for the user account of the installed 3G card. You can set a limit on the total traffic and/or call time.
Chapter 6 Broadband Table 10 Network Setting > Broadband > 3G Backup (continued) LABEL DESCRIPTION Mail Server Select a mail server for the e-mail address specified below. If you do not select a mail server, e-mail notifications cannot be sent via e-mail. You must have configured a mail server already in the Maintenance > Email Notification screen. Over Budget Email Title Type a title that you want to be in the subject line of the e-mail notifications that the VMG sends.
Chapter 6 Broadband Figure 23 Network Setting > Broadband > Advanced The following table describes the labels in this screen. Table 12 Network Setting > Broadband > Advanced LABEL DESCRIPTION PhyR US Enable or disable PhyR US (upstream) for upstream transmission to the WAN. PhyR US should be enabled if data being transmitted upstream is sensitive to noise. However, enabling PhyR US can decrease the US line rate. Enabling or disabling PhyR will require the CPE to retrain.
Chapter 6 Broadband Table 12 Network Setting > Broadband > Advanced (continued) LABEL DESCRIPTION G.lite : ITU G.992.2 (better known as G.lite) is an ITU standard for ADSL using discrete multitone modulation. G.lite does not strictly require the use of DSL filters, but like all variants of ADSL generally functions better with splitters. T1.413 : ANSI T1.
Chapter 6 Broadband 6.5 The 802.1x Screen You can view and configure the 802.1X authentication settings in the 802.1x screen. Click Network Setting > Broadband > 802.1x to display the following screen. Figure 24 Network Setting > Broadband > 802.1x The following table describes the labels in this screen. Table 13 Network Setting > Network Setting > 802.1x LABEL DESCRIPTION # This is the index number of the entry. Status This field displays whether the authentication is active or not.
Chapter 6 Broadband 6.5.1 Modify 802.1X Settings Use this screen to edit 802.1X authentication settings. Click the Edit icon next to the rule you want to edit. The screen shown next appears. Figure 25 Network Setting > Broadband > 802.1x > Modify The following table describes the labels in this screen. Table 14 Network Setting > Broadband > 802.1x: Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate the authentication. Select this to enable the authentication.
Chapter 6 Broadband It’s not enough to just enable LAN 4 as a WAN connection here. You must also go to Network Setting > Broadband > Add New WAN Interface screen and create a new interface for it with the Type as Ethernet and Encapsulation as IPoE, and it’s advisable to enable NAT. You cannot have DSL Ethernet and 3G WAN connections working at the same time.
Chapter 6 Broadband IP over Ethernet IP over Ethernet (IPoE) is an alternative to PPPoE. IP packets are being delivered across an Ethernet network, without using PPP encapsulation. They are routed between the Ethernet interface and the WAN interface and then formatted so that they can be understood in a bridged environment. For instance, it encapsulates routed Ethernet frames into bridged Ethernet cells. PPP over ATM (PPPoA) PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5).
Chapter 6 Broadband In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc. VC-based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical. LLC-based Multiplexing In this case one VC carries multiple protocols with protocol identifying information being contained in each packet header.
Chapter 6 Broadband ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent. CBR traffic is generally time-sensitive (doesn't tolerate delay). CBR is used for connections that continuously require a specific amount of bandwidth. A PCR is specified and if traffic exceeds this rate, cells may be dropped.
Chapter 6 Broadband VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain. Introduction to IEEE 802.
Chapter 6 Broadband important because without it, you must know the IP address of a computer before you can access it. The VMG can get the DNS server addresses in the following ways. 1 The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields.
Chapter 6 Broadband VMG5313-B10A/-B30A Series User’s Guide 106
C HAPT ER 7 Wireless 7.1 Overview This chapter describes the VMG’s Network Setting > Wireless screens. Use these screens to set up your VMG’s wireless connection. 7.1.1 What You Can Do in this Chapter This section describes the VMG’s Wireless screens. Use these screens to set up your VMG’s wireless connection. • Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode (Section 7.2 on page 108).
Chapter 7 Wireless 7.1.2 What You Need to Know Wireless Basics “Wireless” is essentially radio communication. In the same way that walkie-talkie radios send and receive information over the airwaves, wireless networking devices exchange information with one another. A wireless networking device is just like a radio that lets your computer exchange information with radios attached to other computers.
Chapter 7 Wireless Figure 28 Network Setting > Wireless > General The following table describes the general wireless LAN labels in this screen. Table 16 Network Setting > Wireless > General LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in this field. Band This shows the wireless band which this radio profile is using. 2.4GHz is the frequency used by IEEE 802.11b/g/n wireless clients.
Chapter 7 Wireless Table 16 Network Setting > Wireless > General (continued) LABEL DESCRIPTION Control Sideband This is available for some regions when you select a specific channel and set the Bandwidth field to 40MHz. Set whether the control channel (set in the Channel field) should be in the Lower or Upper range of channel bands. Passphrase Type If you set security for the wireless LAN and have the VMG generate a password, the setting in this field determines how the VMG generates the password.
Chapter 7 Wireless Note: If you do not enable any wireless security on your VMG, your network is accessible to any wireless networking device that is within range. Figure 29 Wireless > General: No Security The following table describes the labels in this screen. Table 17 Wireless > General: No Security LABEL DESCRIPTION Security Level Choose No Security to allow all wireless connections without data encryption or authentication. 7.2.
Chapter 7 Wireless The following table describes the labels in this screen. Table 18 Wireless > General: Basic (WEP) LABEL DESCRIPTION Security Level Select Basic to enable WEP data encryption. Generate password automatically Select this option to have the VMG automatically generate a password. The password field will not be configurable when you select this option. Password 1~4 The password (WEP keys) are used to encrypt data.
Chapter 7 Wireless 7.2.3 More Secure (WPA(2)-PSK) The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the VMG and the connecting client share a common password in order to validate the connection. This type of encryption, while robust, is not as strong as WPA, WPA2 or even WPA2-PSK. The WPA2-PSK security mode is a newer, more robust version of the WPA encryption standard.
Chapter 7 Wireless Table 19 Wireless > General: More Secure: WPA(2)-PSK (continued) LABEL DESCRIPTION Encryption Select the encryption type (TKIP, AES or TKIP+AES) for data encryption. Select TKIP if your wireless clients can all use TKIP. Select AES if your wireless clients can all use AES. Select TKIP+AES to allow the wireless clients to use either TKIP or AES. Group Key Update Timer The Group Key Update Timer is the rate at which the RADIUS server sends a new group key out to all clients. 7.
Chapter 7 Wireless 7.3.1 Edit Guest / More AP Use this screen to edit an SSID profile. Click the Edit icon next to an SSID in the Guest / More AP screen. The following screen displays. Figure 33 Network Setting > Wireless > Guest / More AP > Edit The following table describes the fields in this screen. Table 21 Network Setting > Wireless > Guest / More AP > Edit LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in this field.
Chapter 7 Wireless Table 21 Network Setting > Wireless > Guest / More AP > Edit (continued) LABEL DESCRIPTION Wireless Network Name (SSID) The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated. Wireless devices associating to the access point (AP) must have the same SSID. Max clients Specify the maximum number of clients that can connect to this network at the same time.
Chapter 7 Wireless 7.4 MAC Authentication This screen allows you to configure the ZyXEL Device to give exclusive access to specific devices (Allow) or exclude specific devices from accessing the ZyXEL Device (Deny). Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen.
Chapter 7 Wireless 7.5 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your VMG. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices. Both devices must support WPS. See Section 7.10.9.3 on page 134 for more information about WPS. Note: The VMG applies the security settings of the SSID1 profile (see Section 7.2 on page 108).
Chapter 7 Wireless Table 23 Network Setting > Wireless > WPS (continued) LABEL DESCRIPTION Method 2 Use this section to set up a WPS wireless network by entering the PIN of the client into the VMG. Register Enter the PIN of the device that you are setting up a WPS connection with and click Register to authenticate and add the wireless device to your wireless network. You can find the PIN either on the outside of the device, or by checking the device’s settings.
Chapter 7 Wireless The following table describes the labels in this screen. Table 24 Network Setting > Wireless > WMM LABEL DESCRIPTION WMM Select On to have the VMG automatically give a service a priority level according to the ToS value in the IP header of packets it sends. WMM QoS (Wifi MultiMedia Quality of Service) gives high priority to voice and video, which makes them run more smoothly.
Chapter 7 Wireless Figure 37 Network Setting > Wireless > WDS The following table describes the labels in this screen. Table 25 Network Setting > Wireless > WDS LABEL DESCRIPTION Wireless Bridge Setup AP Mode Select the operating mode for your VMG. • • Bridge Restrict Access Point - The VMG functions as a bridge and access point simultaneously. Wireless Bridge - The VMG acts as a wireless network bridge and establishes wireless links with other APs.
Chapter 7 Wireless 7.7.1 WDS Scan You can click the Scan icon in Wireless > WDS to have the VMG automatically search and display the available APs within range. Select an AP and click Apply to have the VMG establish a wireless link with the selected wireless device. Figure 38 WDS: Scan The following table describes the labels in this screen. Table 26 WDS: Scan LABEL DESCRIPTION Wireless Bridge Scan Setup Refresh Click Refresh to update the table. # This is the index number of the entry.
Chapter 7 Wireless Figure 39 Network Setting > Wireless > Others The following table describes the labels in this screen. Table 27 Network Setting > Wireless > Others LABEL DESCRIPTION RTS/CTS Threshold Data with its frame size larger than this value will perform the RTS (Request To Send)/CTS (Clear To Send) handshake. Enter a value between 0 and 2347. Fragmentation Threshold This is the maximum data fragment size that can be sent. Enter a value between 256 and 2346.
Chapter 7 Wireless Table 27 Network Setting > Wireless > Others (continued) LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the VMG. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the VMG. Select 802.11n Only to allow only IEEE 802.11n compliant WLAN devices to associate with the VMG. Select 802.11b/g Mixed to allow either IEEE 802.11b or IEEE 802.
Chapter 7 Wireless Figure 40 Network Setting > Wireless > Channel Status 7.10 Technical Reference This section discusses wireless LANs in depth. For more information, see Appendix E on page 375. 7.10.1 Wireless Network Overview Wireless networks consist of wireless clients, access points and bridges. • A wireless client is a radio connected to a user’s computer.
Chapter 7 Wireless The following figure provides an example of a wireless network. Figure 41 Example of a Wireless Network The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your VMG is the AP. Every wireless network must follow these basic guidelines. • Every device in the same wireless network must use the same SSID.
Chapter 7 Wireless 7.10.2 Additional Wireless Terms The following table describes some wireless network terms and acronyms used in the VMG’s Web Configurator. Table 28 Additional Wireless Terms TERM DESCRIPTION RTS/CTS Threshold In a wireless network which covers a large area, wireless devices are sometimes not aware of each other’s presence. This may cause them to send information to the AP at the same time and result in information colliding and not getting through.
Chapter 7 Wireless and does not include real words. For example, if your mother owns a 1970 Dodge Challenger and her favorite movie is Vanishing Point (which you know was made in 1971) you could use “70dodchal71vanpoi” as your security key. The following sections introduce different types of wireless security you can set up in the wireless network. 7.10.3.1 SSID Normally, the VMG acts like a beacon and regularly broadcasts the SSID in the area.
Chapter 7 Wireless 7.10.3.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network. Encryption is like a secret code. If you do not know the secret code, you cannot understand the message. The types of encryption you can choose depend on the type of authentication. (See Section 7.10.3.3 on page 128 for information about this.
Chapter 7 Wireless 7.10.5 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP). Intra-BSS traffic is traffic between wireless stations in the BSS. When Intra-BSS traffic blocking is disabled, wireless station A and B can access the wired network and communicate with each other.
Chapter 7 Wireless • MBSSID should not replace but rather be used in conjunction with 802.1x security. 7.10.7 Preamble Type Preamble is used to signal that data is coming to the receiver. Short and long refer to the length of the synchronization field in a packet. Short preamble increases performance as less time sending preamble means more time for sending data. All IEEE 802.11 compliant wireless adapters support long preamble, but not all support short preamble.
Chapter 7 Wireless Depending on the devices you have, you can either press a button (on the device itself, or in its configuration utility) or enter a PIN (a unique Personal Identification Number that allows one device to authenticate the other) in each of the two devices. When WPS is activated on a device, it has two minutes to find another device that also has WPS activated. Then, the two devices connect and set up a secure network by themselves. 7.10.9.
Chapter 7 Wireless 3 Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the VMG, see Section 7.5 on page 118). 4 Enter the client’s PIN in the AP’s configuration interface.
Chapter 7 Wireless Figure 44 Example WPS Process: PIN Method ENROLLEE REGISTRAR WPS This device’s WPS PIN: 123456 WPS Enter WPS PIN from other device: WPS WPS START START WITHIN 2 MINUTES SECURE EAP TUNNEL SSID WPA(2)-PSK COMMUNICATION 7.10.9.3 How WPS Works When two WPS-enabled devices connect, each device must assume a specific role.
Chapter 7 Wireless Figure 45 How WPS works ACTIVATE WPS ACTIVATE WPS WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes). The next time you use WPS, a different device can be the registrar if necessary. The WPS connection process is like a handshake; only two devices participate in each WPS transaction.
Chapter 7 Wireless Figure 46 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO AP1 CLIENT 1 In step 2, you add another wireless client to the network. You know that Client 1 supports registrar mode, but it is better to use AP1 for the WPS handshake with the new client since you must connect to the access point anyway in order to use the network. In this case, AP1 must be the registrar, since it is configured (it already has security information for the network).
Chapter 7 Wireless Figure 48 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 IS EX O GC TIN ION CT E NN AP1 REGISTRAR CLIENT 2 SE CU RIT Y ENROLLEE INF O AP2 7.10.9.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate). It does not work in Ad-Hoc networks (where there is no AP). • When you use WPS, it works between two devices only.
Chapter 7 Wireless access point is the WPS registrar, the enrollee, or was not involved in the WPS handshake; a rogue device must still associate with the access point to gain access to the network. Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP.
C HAPT ER 8 Home Networking 8.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses. LAN DSL 8.1.1 What You Can Do in this Chapter • Use the LAN Setup screen to set the LAN IP address, subnet mask, and DHCP settings of your VMG (Section 8.2 on page 141).
Chapter 8 Home Networking 8.1.2 What You Need To Know 8.1.2.1 About LAN IP Address IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet Mask Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Chapter 8 Home Networking • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the Chapter 11 on page 181 for more information on NAT. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments.
Chapter 8 Home Networking 3 Click Apply to save your settings. Figure 49 Network Setting > Home Networking > LAN Setup The following table describes the fields in this screen. Table 30 Network Setting > Home Networking > LAN Setup LABEL DESCRIPTION Interface Group Group Name Select the interface group name for which you want to configure LAN settings. See Chapter 14 on page 205 for how to create a new interface group.
Chapter 8 Home Networking Table 30 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION IP Addressing Values This field is only available when you select Enable in the DHCP field. Beginning IP Address This field specifies the first of the contiguous addresses in the IP address pool. Ending IP Address This field specifies the last of the contiguous addresses in the IP address pool.
Chapter 8 Home Networking Table 30 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION MLD Mode Select Standard Mode to have the VMG forward IPv6 multicast packets to a port that joins the IPv6 multicast group and broadcast unknown IPv6 multicast packets from the WAN to all LAN ports. Select Blocking Mode to have the VMG block all unknown IPv6 multicast packets from the WAN.
Chapter 8 Home Networking Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. Use this screen to change your VMG’s static DHCP settings. Click Network Setting > Home Networking > Static DHCP to open the following screen. Figure 50 Network Setting > Home Networking > Static DHCP The following table describes the labels in this screen.
Chapter 8 Home Networking The following table describes the labels in this screen. Table 32 Static DHCP: Add/Edit LABEL DESCRIPTION Active Select this to activate the connection between the client and the VMG. Group Name Select the interface group name for which you want to configure static DHCP settings. See Chapter 14 on page 205 for how to create a new interface group.
Chapter 8 Home Networking The following table describes the labels in this screen. Table 33 Network Setting > Home Networking > UPnP LABEL DESCRIPTION UPnP Select Enable to activate UPnP. Be aware that anyone could use a UPnP application to open the web configurator's login screen without entering the VMG's IP address (although you must still enter the password to access the web configurator).
Chapter 8 Home Networking 3 Select Turn on network discovery and click Save Changes. Network discovery allows your computer to find other computers and devices on the network and other computers on the network to find your computer. This makes it easier to share files and printers. 8.5 The Additional Subnet Screen Use the Additional Subnet screen to configure IP alias and public static IP.
Chapter 8 Home Networking interface with the VMG itself as the gateway for the LAN network. When you use IP alias, you can also configure firewall rules to control access to the LAN's logical network (subnet). If your ISP provides the Public LAN service, the VMG may use an LAN IP address that can be accessed from the WAN. Click Network Setting > Home Networking > Additional Subnet to display the screen shown next.
Chapter 8 Home Networking Table 34 Network Setting > Home Networking > Additional Subnet (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 8.6 The STB Vendor ID Screen Set Top Box (STB) devices with dynamic IP addresses sometimes don’t renew their IP addresses before the lease time expires. This could lead to IP address conflicts if the STB continues to use an IP address that gets assigned to another device.
Chapter 8 Home Networking Click Network Setting > Home Networking > Wake on Lan to open this screen. Figure 55 Network Setting > Home Networking > Wake on Lan The following table describes the labels in this screen. Table 36 Network Setting > Home Networking > Wake on Lan LABEL DESCRIPTION Wake by Address Select Manual and enter the IP address or MAC address of the device to turn it on remotely. The drop-down list also lists the IP addresses that can be found in the VMG’s ARP table.
Chapter 8 Home Networking The following table describes the labels in this screen. Table 37 Network Setting > Home Networking > TFTP Server Name LABEL DESCRIPTION TFTP Server Name Enter the the IP address or the hostname of a single TFTP server. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 8.9 Technical Reference This section provides some technical background information about the topics covered in this chapter. 8.9.
Chapter 8 Home Networking 8.9.3 DNS Server Addresses DNS (Domain Name System) maps a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. The DNS server addresses you enter when you set up DHCP are passed to the client machines along with the assigned IP address and subnet mask. There are two ways that an ISP disseminates the DNS server addresses.
Chapter 8 Home Networking Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: • 10.0.0.0 • 172.16.0.0 — 10.255.255.255 — 172.31.255.255 • 192.168.0.0 — 192.168.255.
C HAPT ER 9 Routing 9.1 Overview The VMG usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the VMG send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the VMG’s LAN interface. The VMG routes most traffic from A to the Internet through the VMG’s default gateway (R1). You create one static route to connect to services offered by your ISP behind router R2.
Chapter 9 Routing The following table describes the labels in this screen. Table 38 Network Setting > Routing > Static Route LABEL DESCRIPTION Add new static route Click this to configure a new static route. # This is the index number of the entry. Status This field displays whether the static route is active or not. A yellow bulb signifies that this route is active. A gray bulb signifies that this route is not active. Name This is the name that describes or identifies this route.
Chapter 9 Routing Table 39 Routing: Add/Edit (Sheet 2 of 2) LABEL DESCRIPTION IP Subnet Mask If you are using IPv4 and need to specify a route to a single host, use a subnet mask of 255.255.255.255 in the subnet mask field to force the network number to be identical to the host ID. Enter the IP subnet mask here. Use Gateway IP Address The gateway is a router or switch on the same network segment as the device's LAN or WAN port. The gateway helps forward packets to their destinations.
Chapter 9 Routing 9.3.1 The DNS Route Add Screen You can manually add the VMG’s DNS route entry. Click Add new DNS Route in the Network Setting > Routing > DNS Route screen. The screen shown next appears. Figure 62 DNS Route Add The following table describes the labels in this screen. Table 41 DNS Route Add LABEL DESCRIPTION Domain Name Enter the domain name of the DNS route entry. Interface Select the WAN connection through which the VMG forwards DNS requests for this domain name.
Chapter 9 Routing The Policy Forwarding screen let you view and configure routing policies on the VMG. Click Network Setting > Routing > Policy Forwarding to open the following screen. Figure 63 Network Setting > Routing > Policy Forwarding The following table describes the labels in this screen. Table 42 Network Setting > Routing >Policy Forwarding LABEL DESCRIPTION Add new Policy Forward Rule Click this to create a new policy forwarding rule. # This is the index number of the entry.
Chapter 9 Routing 9.4.1 Add/Edit Policy Forwarding Click Add new Policy Forward Rule in the Policy Forwarding screen or click the Edit icon next to a policy. Use this screen to configure the required information for a policy route. Figure 64 Policy Forwarding: Add/Edit The following table describes the labels in this screen. Table 43 Policy Forwarding: Add/Edit LABEL DESCRIPTION Policy Name Enter a descriptive name of up to 8 printable English keyboard characters, not including spaces.
Chapter 9 Routing 9.5.1 The RIP Screen Click Network Setting > Routing > RIP to open the RIP screen. Figure 65 RIP The following table describes the labels in this screen. Table 44 RIP LABEL DESCRIPTION # This is the index of the interface in which the RIP setting is used. Interface This is the name of the interface in which the RIP setting is used.
Chapter 9 Routing VMG5313-B10A/-B30A Series User’s Guide 162
C HAPTER 10 Quality of Service (QoS) 10.1 Overview Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested. This can cause a reduction in network performance and make the network inadequate for time-critical application such as video-ondemand.
Chapter 10 Quality of Service (QoS) similar types of traffic together and treating each type as a class. You can use CoS to give different priorities to different packet types. CoS technologies include IEEE 802.1p layer 2 tagging and DiffServ (Differentiated Services or DS). IEEE 802.1p tagging makes use of three bits in the packet header, while DiffServ is a new protocol and defines a new DS field, which replaces the eight-bit ToS (Type of Service) field in the IP header.
Chapter 10 Quality of Service (QoS) which are performed on the colored packets. See Section 10.7 on page 175 for more information on each metering algorithm. 10.3 The Quality of Service General Screen Click Network Setting > QoS > General to open the screen as shown next. Use this screen to enable or disable QoS and set the upstream bandwidth. See Section 10.1 on page 163 for more information. Figure 66 Network Settings > QoS > General The following table describes the labels in this screen.
Chapter 10 Quality of Service (QoS) Table 45 Network Setting > QoS > General (continued) (continued) LABEL DESCRIPTION LAN Managed Downstream Bandwidth Enter the amount of downstream bandwidth for the LAN interfaces (including WLAN) that you want to allocate using QoS. The recommendation is to set this speed to match the WAN interfaces’ actual transmission speed. For example, set the LAN managed downstream bandwidth to 100000 kbps if you use a 100 Mbps wired Ethernet WAN connection.
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 46 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Add new Queue Click this button to create a new queue entry. # This is the index number of the entry. Status This field displays whether the queue is active or not. A yellow bulb signifies that this queue is active. A gray bulb signifies that this queue is not active. Name This shows the descriptive name of this queue.
Chapter 10 Quality of Service (QoS) Table 47 Queue Setup: Add (continued) LABEL DESCRIPTION Priority Select the priority level (from 1 to 7) of this queue. The smaller the number, the higher the priority level. Traffic assigned to higher priority queues gets through faster while traffic in lower priority queues is dropped if the network is congested. Weight Select the weight (from 1 to 8) of this queue.
Chapter 10 Quality of Service (QoS) Figure 69 Network Setting > QoS > Class Setup The following table describes the labels in this screen. Table 48 Network Setting > QoS > Class Setup LABEL DESCRIPTION Add new Classifier Click this to create a new classifier. # This is the index number of the entry. Status This field displays whether the classifier is active or not. A yellow bulb signifies that this classifier is active. A gray bulb signifies that this classifier is not active.
Chapter 10 Quality of Service (QoS) Figure 70 Class Setup: Add/Edit The following table describes the labels in this screen. Table 49 Class Setup: Add/Edit LABEL DESCRIPTION Active Select this to enable this classifier. Class Name Enter a descriptive name of up to 15 printable English keyboard characters, not including spaces.
Chapter 10 Quality of Service (QoS) Table 49 Class Setup: Add/Edit (continued) LABEL DESCRIPTION Classification Order Select an existing number for where you want to put this classifier to move the classifier to the number you selected after clicking Apply. Select Last to put this rule in the back of the classifier list. From Interface If you want to classify the traffic by an ingress interface, select an interface from the From Interface drop-down list box.
Chapter 10 Quality of Service (QoS) Table 49 Class Setup: Add/Edit (continued) LABEL IP Protocol DESCRIPTION This field is available only when you select IP in the Ether Type field. Select this option and select the protocol (service type) from TCP, UDP, ICMP or IGMP. If you select User defined, enter the protocol (service type) number. DHCP This field is available only when you select IP in the Ether Type field. Select this option and select a DHCP option.
Chapter 10 Quality of Service (QoS) Table 49 Class Setup: Add/Edit (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 10.6 The QoS Policer Setup Screen Use this screen to configure QoS policers that allow you to limit the transmission rate of incoming traffic. Click Network Setting > QoS > Policer Setup. The screen appears as shown.
Chapter 10 Quality of Service (QoS) 10.6.1 Add/Edit a QoS Policer Click Add new Policer in the Policer Setup screen or the Edit icon next to a policer to show the following screen. Figure 72 Policer Setup: Add/Edit The following table describes the labels in this screen. Table 51 Policer Setup: Add/Edit LABEL DESCRIPTION Active Select the check box to activate this policer. Name Enter the descriptive name of this policer. Meter Type This shows the traffic metering algorithm used in this policer.
Chapter 10 Quality of Service (QoS) Table 51 Policer Setup: Add/Edit LABEL DESCRIPTION Conforming Action Specify what the VMG does for packets within the committed rate and burst size (greenmarked packets). • • Pass: Send the packets without modification. DSCP Mark: Change the DSCP mark value of the packets. Enter the DSCP mark value to use. NonConforming Action Specify what the VMG does for packets that exceed the excess burst size or peak rate and burst size (red-marked packets).
Chapter 10 Quality of Service (QoS) Table 52 IEEE 802.1p Priority Level and Traffic Type PRIORITY LEVEL TRAFFIC TYPE Level 1 This is typically used for non-critical “background” traffic such as bulk transfers that are allowed but that should not affect other applications and users. Level 0 Typically used for best-effort traffic. DiffServ QoS is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority.
Chapter 10 Quality of Service (QoS) The following table shows you the internal layer-2 and layer-3 QoS mapping on the VMG. On the VMG, traffic assigned to higher priority queues gets through faster while traffic in lower index queues is dropped if the network is congested. Table 53 Internal Layer2 and Layer3 QoS Mapping LAYER 2 LAYER 3 PRIORITY QUEUE IEEE 802.
Chapter 10 Quality of Service (QoS) • If there are no tokens in the bucket, the VMG stops transmitting until enough tokens are generated. • If not enough tokens are available, the VMG treats the packet in either one of the following ways: In traffic shaping: • Holds it in the queue until enough tokens are available in the bucket. In traffic policing: • Drops it. • Transmits it but adds a DSCP mark. The VMG may drop these marked packets if the network is overloaded.
Chapter 10 Quality of Service (QoS) on the guaranteed and maximum bandwidth respectively as negotiated between a service provider and client. The trTCM evaluates incoming packets and marks them with one of three colors which refer to packet loss priority levels. High packet loss priority level is referred to as red, medium is referred to as yellow and low is referred to as green. The trTCM is based on the token bucket filter and has two token buckets (Committed Burst Size (CBS) and Peak Burst Size (PBS)).
Chapter 10 Quality of Service (QoS) VMG5313-B10A/-B30A Series User’s Guide 180
C HAPTER 11 Network Address Translation (NAT) 11.1 Overview This chapter discusses how to configure NAT on the VMG. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. 11.1.
Chapter 11 Network Address Translation (NAT) NAT In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Chapter 11 Network Address Translation (NAT) Figure 73 Multiple Servers Behind NAT Example A=192.168.1.33 WAN LAN B=192.168.1.34 192.168.1.1 IP Address assigned by ISP C=192.168.1.3 D=192.168.1.36 Click Network Setting > NAT > Port Forwarding to open the following screen. See Appendix D on page 383 for port numbers commonly used for particular services. Figure 74 Network Setting > NAT > Port Forwarding The following table describes the fields in this screen.
Chapter 11 Network Address Translation (NAT) Table 54 Network Setting > NAT > Port Forwarding (continued) LABEL DESCRIPTION End Port This is the last external port number that identifies a service. Translation Start Port This is the first internal port number that identifies a service. Translation End Port This is the last internal port number that identifies a service. Protocol This shows the IP protocol supported by this virtual server, whether it is TCP, UDP, or TCP/ UDP.
Chapter 11 Network Address Translation (NAT) Table 55 Port Forwarding: Add/Edit (continued) LABEL DESCRIPTION WAN IP Enter the WAN IP address for which the incoming service is destined. If the packet’s destination IP address doesn’t match the one specified here, the port forwarding rule will not be applied. Start Port Enter the original destination port for the packets. To forward only one port, enter the port number again in the End Port field.
Chapter 11 Network Address Translation (NAT) The following table describes the labels in this screen. Table 56 Network Setting > NAT > Applications LABEL DESCRIPTION Add new application Click this to add a new NAT application rule. Application Forwarded This field shows the type of application that the service forwards. WAN Interface This field shows the WAN interface through which the service is forwarded. Server IP Address This field displays the destination IP address for the service.
Chapter 11 Network Address Translation (NAT) 11.4 The Port Triggering Screen Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address.
Chapter 11 Network Address Translation (NAT) Figure 79 Network Setting > NAT > Port Triggering The following table describes the labels in this screen. Table 58 Network Setting > NAT > Port Triggering LABEL DESCRIPTION Add new rule Click this to create a new rule. # This is the index number of the entry. Status This field displays whether the port triggering rule is active or not. A yellow bulb signifies that this rule is active. A gray bulb signifies that this rule is not active.
Chapter 11 Network Address Translation (NAT) Figure 80 Port Triggering: Add/Edit The following table describes the labels in this screen. Table 59 Port Triggering: Configuration Add/Edit LABEL DESCRIPTION Active Select the check box to enable this rule. Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on). WAN Interface Select a WAN interface for which you want to configure port triggering rules.
Chapter 11 Network Address Translation (NAT) Figure 81 Network Setting > NAT > DMZ The following table describes the fields in this screen. Table 60 Network Setting > NAT > DMZ LABEL DESCRIPTION Default Server Address Enter the IP address of the default server which receives packets from ports that are not specified in the NAT Port Forwarding screen.
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 61 Network Setting > NAT > ALG LABEL DESCRIPTION NAT ALG Enable this to make sure applications such as FTP and file transfer in IM applications work correctly with port-forwarding and address-mapping rules. SIP ALG Enable this to make sure SIP (VoIP) works correctly with port-forwarding and addressmapping rules.
Chapter 11 Network Address Translation (NAT) Table 62 Network Setting > NAT > Address Mapping (continued) LABEL DESCRIPTION Type This is the address mapping type. One-to-One: This mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type. Many-to-One: This mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e.
Chapter 11 Network Address Translation (NAT) Table 63 Address Mapping: Add/Edit (continued) LABEL DESCRIPTION Local End IP Enter the ending Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This field is blank for One-to-One mapping types. Global Start IP Enter the starting Inside Global IP Address (IGA). Enter 0.0.0.
Chapter 11 Network Address Translation (NAT) 11.9.1 NAT Definitions Inside/outside denotes where a host is located relative to the VMG, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Chapter 11 Network Address Translation (NAT) 11.9.3 How NAT Works Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN.
Chapter 11 Network Address Translation (NAT) Figure 87 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also refer to the Supporting CD for more examples and details on port forwarding and NAT.
Chapter 11 Network Address Translation (NAT) third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 88 Multiple Servers Behind NAT Example A=192.168.1.33 192.168.1.1 B=192.168.1.34 IP address assigned by ISP C=192.168.1.35 D=192.168.1.
Chapter 11 Network Address Translation (NAT) VMG5313-B10A/-B30A Series User’s Guide 198
C HAPTER 12 Dynamic DNS Setup 12.1 Overview DNS DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list.
Chapter 12 Dynamic DNS Setup 12.1.2 What You Need To Know DYNDNS Wildcard Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname. If you have a private WAN IP address, then you cannot use Dynamic DNS. 12.2 The DNS Entry Screen Use this screen to view and configure DNS routes on the VMG.
Chapter 12 Dynamic DNS Setup Figure 90 DNS Entry: Add/Edit The following table describes the labels in this screen. Table 68 DNS Entry: Add/Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry. IP Address Enter the IP address of the DNS entry. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 12.3 The Dynamic DNS Screen Use this screen to change your VMG’s DDNS. Click Network Setting > DNS > Dynamic DNS. The screen appears as shown.
Chapter 12 Dynamic DNS Setup Table 69 Network Setting > DNS > > Dynamic DNS (continued) LABEL DESCRIPTION Service Provider Select your Dynamic DNS service provider from the drop-down list box. Hostname Type the domain name assigned to your VMG by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (","). Username Type your user name. Password Type the password assigned to you.
C HAPTER 13 Vlan Group 13.1 Overview Virtual LAN IDs are used to identify different traffic types over the same physical link. In the following example, the VMG (DSL) can use VLAN IDs (VID) 100 and 200 to identify Video-onDemand and IPTV traffic respectively coming from the two VoD and IPTV multicast servers. The VMG (DSL) can also tag outgoing requests to these servers with these VLAN IDs. Figure 92 VLAN Group Example 13.1.
Chapter 13 Vlan Group The following table describes the fields in this screen. Table 70 Network Setting > Vlan Group LABEL DESCRIPTION Add New Vlan Group Click this button to create a new VLAN group. # This is the index number of the VLAN group. Group Name This shows the descriptive name of the VLAN group. VLAN ID This shows the unique ID number that identifies the VLAN group.
C HAPTER 14 Interface Group 14.1 Overview By default, all LAN and WAN interfaces on the VMG are in the same group and can communicate with each other. Create interface groups to have the VMG assign the IP addresses in different domains to different groups. Each group acts as an independent network on the VMG. This lets devices connected to an interface group’s LAN interfaces communicate through the interface group’s WAN or LAN interfaces but not other WAN or LAN interfaces. 14.1.
Chapter 14 Interface Group Figure 95 Interface Grouping Application Default: ETH 2~4 192.168.1.x/24 eth10.0 Internet VDSL_PoE/ppp0.1 192.168.2.x/24 DHCP Vendor ID option: MSFT 5.0 Click Network Setting > Interface Group to open the following screen. Figure 96 Network Setting > Interface Group The following table describes the fields in this screen. Table 72 Network Setting > Interface Group LABEL DESCRIPTION Add New Interface Group Click this button to create a new interface group.
Chapter 14 Interface Group Figure 97 Interface Group Configuration The following table describes the fields in this screen. Table 73 Interface Group Configuration LABEL DESCRIPTION Group Name Enter a name to identify this group. You can enter up to 30 characters. You can use letters, numbers, hyphens (-) and underscores (_). Spaces are not allowed. WAN Interface used in the grouping Select the WAN interface this group uses.
Chapter 14 Interface Group 14.2.2 Interface Grouping Criteria Click the Add button in the Interface Grouping Configuration screen to open the following screen. Figure 98 Interface Grouping Criteria The following table describes the fields in this screen. Table 74 Interface Grouping Criteria LABEL DESCRIPTION Source MAC Address Enter the source MAC address of the packet.
Chapter 14 Interface Group Table 74 Interface Grouping Criteria (continued) LABEL DESCRIPTION Enterprise Number Enter the vendor’s 32-bit enterprise number registered with the IANA (Internet Assigned Numbers Authority). Manufactur er OUI Specify the vendor’s OUI (Organization Unique Identifier). It is usually the first three bytes of the MAC address. Product Class Enter the product class of the device. Model Name Enter the model name of the device.
Chapter 14 Interface Group VMG5313-B10A/-B30A Series User’s Guide 210
C HAPTER 15 USB Service 15.1 Overview You can share files on a USB memory stick or hard drive connected to your VMG with users on your network. The following figure is an overview of the VMG’s file server feature. Computers A and B can access files on a USB device (C) which is connected to the VMG. Figure 99 File Sharing Overview B C A The VMG will not be able to join the workgroup if your local area network has restrictions set up that do not allow devices to join a workgroup.
Chapter 15 USB Service 15.1.2.1 About File Sharing Workgroup name This is the name given to a set of computers that are connected on a network and share resources such as a printer or files. Windows automatically assigns the workgroup name when you set up a network. Shares When settings are set to default, each USB device connected to the VMG is given a folder, called a “share”. If a USB hard drive connected to the VMG has more than one partition, then each partition will be allocated a share.
Chapter 15 USB Service Supported OSs Your operating system must support TCP/IP ports for printing and be compatible with the RAW (port 9100) protocol. The following OSs support VMG’s printer sharing feature. • Microsoft Windows 95, Windows 98 SE (Second Edition), Windows Me, Windows NT 4.0, Windows 2000, Windows XP or Macintosh OS X. 15.1.3 Before You Begin Make sure the VMG is connected to your network and turned on. 1 Connect the USB device to one of the VMG’s USB port.
Chapter 15 USB Service Each field is described in the following table. Table 75 Network Setting > USB Service > File Sharing LABEL DESCRIPTION Information Volume This is the volume name the VMG gives to an inserted USB device. Capacity This is the total available memory size (in megabytes) on the USB device. Used Space This is the memory size (in megabytes) already used on the USB device. Server Configuration File Sharing Services Select Enable to activate file sharing through the VMG.
Chapter 15 USB Service Figure 101 Network Setting > USB Service > File Sharing > Add new user Each field is described in the following table. Table 76 Network Setting > USB Service > File Sharing > Add new user LABEL DESCRIPTION User Name Enter a user name. You can enter up to 16 characters. Only letters and numbers allowed. New Password Enter the password used to access the secured share. The password must be 5 to 15 characters long. Only letters and numbers are allowed.
Chapter 15 USB Service Figure 102 Network Setting > USB Service > Media Server The following table describes the labels in this menu. Table 77 Network Setting > USB Service > Media Server LABEL DESCRIPTION Media Server Select Enable to have the VMG function as a DLNA-compliant media server. Enable the media server to let (DLNA-compliant) media clients on your network play media files located in the shares. Interface Select an interface on which you want to enable the media server function.
Chapter 15 USB Service 15.4.2 The Print Server Screen Use this screen to enable or disable sharing of a USB printer via your VMG. To access this screen, click Network Setting > USB Service > Print Server. Figure 103 Network Setting > USB Service > Printer Server The following table describes the labels in this menu. Table 78 Network Setting > USB Service > Print Server LABEL DESCRIPTION Print Server Select Enable to have the VMG share a USB printer. Apply Click Apply to save your changes.
Chapter 15 USB Service VMG5313-B10A/-B30A Series User’s Guide 218
C HAPTER 16 Power Management 16.1 Overview Power management allows you to turn on/off one or more interfaces and all LED lights without power off the whole system when necessary. You can configure a schedule to do so automatically or manually do it on the Web Configurator. 16.1.1 What You Can Do in this Chapter • Use the Power Management screen to manually turn on/off interface(s) and/or LEDs (Section 16.2 on page 219).
Chapter 16 Power Management Figure 104 Network Setting > Power Management Each field is described in the following table. Table 79 Network Setting > Power Management LABEL DESCRIPTION Manually Switch On/Off Select POWER ON or POWER OFF to turn on/off the interface or LED lights. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 16.
Chapter 16 Power Management The following table describes the labels in this menu. Table 80 Network Setting > Power Managment > Auto Switch OffNetwork Setting > Power Managment > Auto Switch Off LABEL DESCRIPTION Add or modify rules Click this link to create or edit a schedule. # This is the index number of a schedule rule. Rule Name This field shows the name of the schedule rule.
Chapter 16 Power Management 16.3.2 The Add/Edit Rule Screen Use this screen to configure a schedule rule. To access this screen, click the Add new rule link or the Edit icon in the Network Setting > Power Management > Auto Switch Off > Add or modify rules screen. Figure 107 Network Setting > Power Management > Auto Switch Off > Add or modify rules > Add new rule/Edit Each field is described in the following table.
C HAPTER 17 Firewall 17.1 Overview This chapter shows you how to enable and configure the VMG’s security settings. Use the firewall to protect your VMG and network from attacks by hackers on the Internet and control access to it. By default the firewall: • allows traffic that originates from your LAN computers to go to all other networks. • blocks traffic that originates on other networks from going to the LAN. The following figure illustrates the default firewall action.
Chapter 17 Firewall 17.1.2 What You Need to Know SYN Attack A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYNACKs are moved off the queue only when an ACK comes back or when an internal timer terminates the three-way handshake.
Chapter 17 Firewall 17.2 The Firewall Screen Use this screen to set the security level of the firewall on the VMG. Firewall rules are grouped based on the direction of travel of packets to which they apply. Click Security > Firewall to display the General screen. Figure 109 Security > Firewall > General The following table describes the labels in this screen. Table 83 Security > Firewall > General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the VMG.
Chapter 17 Firewall Figure 110 Security > Firewall > Protocol The following table describes the labels in this screen. Table 84 Security > Firewall > Protocol LABEL DESCRIPTION Add new service entry Click this to add a new service. Name This is the name of your customized service. Description This is the description of your customized service. Ports/Protocol Number This shows the IP protocol (TCP, UDP, ICMP, or TCP/UDP) and the port number or range of ports that defines your customized service.
Chapter 17 Firewall Figure 111 Service: Add/Edit The following table describes the labels in this screen. Table 85 Service: Add/Edit LABEL DESCRIPTION Protocol Choose the IP protocol (TCP, UDP, ICMP, or Other) that defines your customized port from the drop-down list box. Select Other to be able to enter a protocol number. Source/ These fields are displayed if you select TCP or UDP as the IP port.
Chapter 17 Firewall 17.4 The Access Control Screen Click Security > Firewall > Access Control to display the following screen. This screen displays a list of the configured incoming or outgoing filtering rules. Figure 112 Security > Firewall > Access Control The following table describes the labels in this screen. Table 86 Security > Firewall > Access Control LABEL DESCRIPTION Add new ACL rule Click this to go to add a filter rule for incoming or outgoing IP traffic.
Chapter 17 Firewall Figure 113 Access Control: Add/Edit The following table describes the labels in this screen. Table 87 Access Control: Add/Edit LABEL DESCRIPTION Filter Name Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes. You must enter the filter name to add an ACL rule. This field is read-only if you are editing the ACL rule. Order Select the order of the ACL rule.
Chapter 17 Firewall Table 87 Access Control: Add/Edit (continued) LABEL DESCRIPTION Custom This field is displayed only when you select Specific Protocol in Select Protocol. Destination Port Enter a single port number or the range of port numbers of the destination. Policy Use the drop-down list box to select whether to discard (DROP), deny and send an ICMP destination-unreachable message to the sender of (REJECT) or allow the passage of (ACCEPT) packets that match this rule.
Chapter 17 Firewall Table 88 Security > Firewall > DoS (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
Chapter 17 Firewall VMG5313-B10A/-B30A Series User’s Guide 232
C HAPTER 18 MAC Filter 18.1 Overview You can configure the VMG to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. 18.
Chapter 18 MAC Filter The following table describes the labels in this screen. Table 89 Security > MAC Filter LABEL DESCRIPTION MAC Address Filter Select Enable to activate the MAC filter function. MAC Restrict Mode Select Allow to only permit the listed MAC addresses access to the VMG. Select Deny to permit anyone access to the VMG except the listed MAC addresses. Set This is the index number of the MAC address. Allow Select Allow to enable the MAC filter rule. .
C HAPTER 19 Parental Control 19.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the VMG performs parental control on a specific user. 19.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules. Click Security > Parental Control to open the following screen. Figure 116 Security > Parental Control The following table describes the fields in this screen.
Chapter 19 Parental Control Table 90 Security > Parental Control (continued) LABEL DESCRIPTION PCP Name This shows the name of the rule. Home Network User (MAC) This shows the MAC address of the LAN user’s computer to which this rule applies. Internet Access Schedule This shows the day(s) and time on which parental control is enabled. Network Service This shows whether the network service is configured. If not, None will be shown. Website Block This shows whether the website block is configured.
Chapter 19 Parental Control Figure 117 Parental Control Rule: Add/Edit Rule Figure 118 Parental Control Rule: Add/Edit Rule > Add Service VMG5313-B10A/-B30A Series User’s Guide 237
Chapter 19 Parental Control Figure 119 Parental Control Rule: Add/Edit Rule > Add Keyword The following table describes the fields in this screen. Table 91 Parental Control Rule: Add/Edit LABEL DESCRIPTION General Active Select the checkbox to activate this parental control rule. Parental Control Profile Name Enter a descriptive name for the rule. Home Network User Select the LAN user that you want to apply this rule to from the drop-down list box.
Chapter 19 Parental Control Table 91 Parental Control Rule: Add/Edit (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Delete icon to delete an existing rule. Blocked Site/ URL Keyword Click Add to show a screen to enter the URL of web site or URL keyword to which the VMG blocks access. Click Delete to remove it. Apply Click this button to save your settings back to the VMG.
Chapter 19 Parental Control VMG5313-B10A/-B30A Series User’s Guide 240
C HAPTER 20 Scheduler Rule 20.1 Overview You can define time periods and days during which the VMG performs scheduled rules of certain features (such as Firewall Access Control) in the Scheduler Rule screen. 20.2 The Scheduler Rule Screen Use this screen to view, add, or edit time schedule rules. Click Security > Scheduler Rule to open the following screen. Figure 120 Security > Scheduler Rule The following table describes the fields in this screen.
Chapter 20 Scheduler Rule 20.2.1 Add/Edit a Schedule Click the Add button in the Scheduler Rule screen or click the Edit icon next to a schedule rule to open the following screen. Use this screen to configure a restricted access schedule. Figure 121 Scheduler Rule: Add/Edit The following table describes the fields in this screen. Table 93 Scheduler Rule: Add/Edit LABEL DESCRIPTION Rule Name Enter a name (up to 31 printable English keyboard characters, not including spaces) for this schedule.
C HAPTER 21 Certificates 21.1 Overview The VMG can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 21.1.1 What You Can Do in this Chapter • The Local Certificates screen lets you generate certification requests and import the VMG's CAsigned certificates (Section 21.4 on page 247).
Chapter 21 Certificates Figure 122 Security > Certificates > Local Certificates The following table describes the labels in this screen. Table 94 Security > Certificates > Local Certificates LABEL DESCRIPTION Private Key is protected by a password Select the checkbox and enter the private key into the text box to store it on the VMG. The private key should not exceed 63 ASCII characters (not including spaces). Browse... Click this to find the certificate file you want to upload.
Chapter 21 Certificates Figure 123 Create Certificate Request The following table describes the labels in this screen. Table 95 Create Certificate Request LABEL DESCRIPTION Certificate Name Type up to 63 ASCII characters (not including spaces) to identify this certificate. Common Name Select Auto to have the VMG configure this field automatically. Or select Customize to enter it manually. Type the IP address (in dotted decimal notation), domain name or e-mail address in the field provided.
Chapter 21 Certificates Figure 124 Certificate Request Created 21.3.2 Load Signed Certificate After you create a certificate request and have it signed by a Certificate Authority, in the Local Certificates screen click the certificate request’s Load Signed icon to import the signed certificate into the VMG. Note: You must remove any spaces from the certificate’s filename before you can import it.
Chapter 21 Certificates The following table describes the labels in this screen. Table 96 Load Signed Certificate LABEL DESCRIPTION Certificate Name This is the name of the signed certificate. Certificate Copy and paste the signed certificate into the text box to store it on the VMG. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 21.4 The Trusted CA Screen Click Security > Certificates > Trusted CA to open the following screen.
Chapter 21 Certificates 21.4.1 View Trusted CA Certificate Click the View icon in the Trusted CA screen to open the following screen. Use this screen to view in-depth information about the certification authority’s certificate. Figure 127 Trusted CA: View The following table describes the fields in this screen. Table 98 Trusted CA: View LABEL DESCRIPTION Name This field displays the identifying name of this certificate. Type This field displays general information about the certificate.
Chapter 21 Certificates Figure 128 Trusted CA: Import Certificate The following table describes the fields in this screen. Table 99 Trusted CA: Import Certificate LABEL DESCRIPTION Certificate File Path Type in the location of the certificate you want to upload in this field or click Browse ... to find it. Enable Trusted CA for 802.1x Authentication If you select this checkbox, the trusted CA will be used for 802.1x authentication.
Chapter 21 Certificates VMG5313-B10A/-B30A Series User’s Guide 250
C HAPTER 22 VPN 22.1 Overview A virtual private network (VPN) provides secure communications over the the Internet. Internet Protocol Security (IPSec) is a standards-based VPN that provides confidentiality, data integrity, and authentication. This chapter shows you how to configure the VMG’s VPN settings. Figure 129 IPSec Fields Summary Remote Network Local Network VPN Tunnel 22.2 The IPSec VPN Setup Screen Use this screen to view and manage your VPN tunnel policies.
Chapter 22 VPN This screen contains the following fields: Table 100 Security > IPSec VPN LABEL DESCRIPTION Add New Connection Click this button to add an item to the list. # This displays the index number of an entry. Status This displays whether the VPN policy is enabled (Enable) or not (Disable). Connection Name The name of the VPN policy. Remote Gateway This is the IP address of the remote IPSec router in the IKE SA.
Chapter 22 VPN Figure 131 Security > IPSec VPN: Add/Edit This screen contains the following fields: Table 101 Security > IPSec VPN: Add/Edit LABEL DESCRIPTION Active Select this to activate this VPN policy. IPSec Connection Name Enter the name of the VPN policy. Remote IPSec Gateway Address Enter the IP address of the remote IPSec router in the IKE SA. Tunnel access from local IP addresses Select Single Address to have only one local LAN IP address use the VPN tunnel.
Chapter 22 VPN Table 101 Security > IPSec VPN: Add/Edit LABEL DESCRIPTION IP Address for VPN If Single Address is selected, enter a (static) IP address on the LAN behind your VMG. If Subnet is selected, specify IP addresses on a network by their subnet mask by entering a (static) IP address on the LAN behind your VMG. Then enter the subnet mask to identify the network address. IP Subnetmask If Subnet is selected, enter the subnet mask to identify the network address.
Chapter 22 VPN Table 101 Security > IPSec VPN: Add/Edit LABEL DESCRIPTION Local ID Content When you select IP in the Local ID Type field, type the IP address of your computer in this field. If you configure this field to 0.0.0.0 or leave it blank, the VMG automatically uses the Pre-Shared Key (refer to the Pre-Shared Key field description). It is recommended that you type an IP address other than 0.0.0.0 in this field or use the DNS or E-mail type in the following situations.
Chapter 22 VPN Table 101 Security > IPSec VPN: Add/Edit LABEL DESCRIPTION Encryption Algorithm Select which key size and encryption algorithm to use in the IKE SA.
Chapter 22 VPN Table 101 Security > IPSec VPN: Add/Edit LABEL DESCRIPTION Perfect Forward Secrecy (PFS) Select whether or not you want to enable Perfect Forward Secrecy (PFS) PFS changes the root key that is used to generate encryption keys for each IPSec SA. The longer the key, the more secure the encryption, but also the longer it takes to encrypt and decrypt information. Both routers must use the same DH key group. Choices are: None - do not use any random number.
Chapter 22 VPN 22.3 The IPSec VPN Monitor Screen Use this screen to check your VPN tunnel’s current status. You can also manually trigger a VPN tunnel to the remote network. Click Security > IPSec VPN > Monitor to open this screen as shown next. Figure 132 Security > IPSec VPN > Monitor This screen contains the following fields: Table 102 Security > IPSec VPN > Monitor LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen.
Chapter 22 VPN Figure 133 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Chapter 22 VPN Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP). With ESP, protection is applied only to the upper layer protocols contained in the packet.
Chapter 22 VPN Figure 135 Two Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm. • Choose a Diffie-Hellman public-key cryptography key group. • Set the IKE SA lifetime. This field allows you to determine how long an IKE SA should stay up before it times out. An IKE SA times out when the IKE SA lifetime period expires.
Chapter 22 VPN • Aggressive Mode is quicker than Main Mode because it eliminates several steps when the communicating parties are negotiating authentication (phase 1). However the trade-off is that faster speed limits its negotiating power and it also does not provide identity protection. It is useful in remote access situations where the address of the initiator is not know by the responder and both parties want to use pre-shared key authentication. 22.4.
Chapter 22 VPN Figure 136 NAT Router Between IPSec Routers B A Normally you cannot set up an IKE SA with a NAT router between the two IPSec routers because the NAT router changes the header of the IPSec packet. NAT traversal solves the problem by adding a UDP port 500 header to the IPSec packet. The NAT router forwards the IPSec packet with the UDP port 500 header unchanged.
Chapter 22 VPN The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP address, domain name, or e-mail address. Table 105 Local ID Type and Content Fields LOCAL ID TYPE= CONTENT= IP Type the IP address of your computer. DNS Type a domain name (up to 31 characters) by which to identify this VMG. E-mail Type an e-mail address (up to 31 characters) by which to identify this VMG.
C HAPTER 23 Voice 23.1 Overview Use this chapter to: • Connect an analog phone to the VMG. • Make phone calls over the Internet, as well as the regular phone network. • Configure settings such as speed dial. • Configure network settings to optimize the voice quality of your phone calls. 23.1.1 What You Can Do in this Chapter These screens allow you to configure your VMG to make phone calls over the Internet and your regular phone line, and to set up the phones you connect to the VMG.
Chapter 23 Voice 23.1.2 What You Need to Know About VoIP VoIP VoIP stands for Voice over IP. IP is the Internet Protocol, which is the message-carrying standard the Internet runs on. So, Voice over IP is the sending of voice signals (speech) over the Internet (or another network that uses the Internet Protocol). SIP SIP stands for Session Initiation Protocol. SIP is a signalling standard that lets one network device (like a computer or the VMG) send messages to another.
Chapter 23 Voice to enable and configure a SIP account, and map it to a phone port. The SIP account contains information that allows your VMG to connect to your VoIP service provider. See Section 23.3.1 on page 267 for how to map a SIP account to a phone port. Use this screen to view SIP account information. You can also enable and disable each SIP account. To access this screen, click VoIP > SIP > SIP Account. Figure 137 VoIP > SIP > SIP Account Each field is described in the following table.
Chapter 23 Voice Figure 138 VoIP > SIP > SIP Account > Add new accoun/Edit Each field is described in the following table. Table 109 VoIP > SIP > SIP Account > Add new accoun/Edit LABEL DESCRIPTION SIP Account Selection This field displays ADD_NEW if you are creating a new SIP account or the SIP account you are modifying. SIP Service Provider Association Select the SIP service provider profile to use for the SIP account you are configuring in this screen.
Chapter 23 Voice Table 109 VoIP > SIP > SIP Account > Add new accoun/Edit (continued) LABEL DESCRIPTION Apply To Phone Select a phone port on which you want to make or receive phone calls for this SIP account. If you map a phone port to more than one SIP account, there is no way to distinguish between the SIP accounts when you receive phone calls. The VMG uses the most recently registered SIP account first when you make an outgoing call.
Chapter 23 Voice Table 109 VoIP > SIP > SIP Account > Add new accoun/Edit (continued) LABEL DESCRIPTION Send Caller ID Select this if you want to send identification when you make VoIP phone calls. Clear this if you do not want to send identification. Enable Call Transfer Select this to enable call transfer on the VMG. This allows you to transfer an incoming call (that you have answered) to another phone. Enable Call Waiting Select this to enable call waiting on the VMG.
Chapter 23 Voice Table 109 VoIP > SIP > SIP Account > Add new accoun/Edit (continued) LABEL DESCRIPTION Warm Line Select this to have the VMG dial the specified warm line number after you pick up the telephone and do not press any keys on the keypad for a period of time. Hot Line Select this to have the VMG dial the specified hot line number immediately when you pick up the telephone. Hot Line / Warm Line number Enter the number of the hot line or warm line that you want the VMG to dial.
Chapter 23 Voice Figure 139 VoIP > SIP > SIP Service Provider Each field is described in the following table. Table 110 VoIP > SIP > SIP Service Provider LABEL DESCRIPTION Add new provider # This is the index number of the entry. SIP Service Provider Name This shows the name of the SIP service provider. SIP Server Address This shows the IP address or domain name of the SIP server. REGISTER Server Address This shows the IP address or domain name of the SIP register server.
Chapter 23 Voice • The dot “.” appended to a digit allows the digit to be ignored or repeated multiple times. Any digit (0~9, *, #) after the dot will be ignored. For example, (01.) means a number matching this rule can be 0, 01, 0111, 01111, and so on. • indicates the number after the colon replaces the number before the colon in an angle bracket <>.
Chapter 23 Voice Figure 140 VoIP > SIP > SIP Service Provider > Add new provider/Edit Each field is described in the following table. Table 111 VoIP > SIP > SIP Service Provider > Add new provider/Edit LABEL DESCRIPTION SIP Service Provider Selection Service Provider Selection Select the SIP service provider profile you want to use for the SIP account you configure in this screen. If you change this field, the screen automatically refreshes.
Chapter 23 Voice Table 111 VoIP > SIP > SIP Service Provider > Add new provider/Edit (continued) LABEL DESCRIPTION SIP Server Port Enter the SIP server’s listening port number, if your VoIP service provider gave you one. Otherwise, keep the default value. REGISTER Server Address Enter the IP address or domain name of the SIP register server, if your VoIP service provider gave you one. Otherwise, enter the same address you entered in the SIP Server Address field.
Chapter 23 Voice Table 111 VoIP > SIP > SIP Service Provider > Add new provider/Edit (continued) LABEL DESCRIPTION Bound Interface Name If you select LAN or Any_WAN, the VMG automatically activates the VoIP service when any LAN or WAN connection is up. If you select Multi_WAN, you also need to select two or more pre-configured WAN interfaces. The VoIP service is activated only when one of the selected WAN connections is up.
Chapter 23 Voice Table 111 VoIP > SIP > SIP Service Provider > Add new provider/Edit (continued) LABEL DESCRIPTION Ignore Direct IP Select Enable to have the connected CPE devices accept SIP requests only from the SIP proxy/register server specified above. SIP requests sent from other IP addresses will be ignored. FAX Option This field controls how the VMG handles fax messages. G711 Fax Passthrough Select this if the VMG should use G.711 to send fax messages.
Chapter 23 Voice Table 111 VoIP > SIP > SIP Service Provider > Add new provider/Edit (continued) LABEL DESCRIPTION No Answer Call Forward Enable Enter the key combinations that you can enter to forward incoming calls to the phone number you specified in the SIP > SIP Account screen if the calls are unanswered. No Answer Call Forward Disable Enter the key combinations that you can enter to turn the no answer call forward function off.
Chapter 23 Voice 23.5 The Phone Screen Use this screen to maintain settings that depend on which region of the world the VMG is in. To access this screen, click VoIP > Phone. Figure 141 VoIP > Phone Each field is described in the following table. Table 112 VoIP > Phone LABEL DESCRIPTION Region Settings Select the place in which the VMG is located.
Chapter 23 Voice Figure 142 VoIP > Call Rule Each field is described in the following table. Table 113 VoIP > Call Rule LABEL DESCRIPTION Clear all speed dials Click this to erase all the speed-dial entries on this screen. Keys This field displays the speed-dial number you should dial to use this entry. Number Enter the SIP number you want the VMG to call when you dial the speed-dial number. Description Enter a name to identify the party you call when you dial the speed-dial number.
Chapter 23 Voice Figure 143 VoIP > Call History > Call History Summary Each field is described in the following table. Table 114 VoIP > Call History > Call History Summary LABEL DESCRIPTION Refresh Click this button to renew the call history list. Clear All Click this button to remove all entries from the call history list. # This is a read-only index number. Date This is the date when the calls were made. Total Calls This displays the total number of calls from or to your SIP numbers that day.
Chapter 23 Voice Table 115 VoIP > Call History > Call History Outgoing LABEL DESCRIPTION phone port This is the phone port on which you made the call. phone number This is the SIP number you called. duration This displays how long the call lasted. 23.9 The Call History Incoming Calls Screen Use this screen to see detailed information for each incoming call from someone calling you. Click VoIP > Call History > Call History Incoming Calls. The following screen displays.
Chapter 23 Voice Circuit-switched telephone networks require 64 kilobits per second (Kbps) in each direction to handle a telephone call. VoIP can use advanced voice coding techniques with compression to reduce the required bandwidth. SIP The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet. SIP signaling is separate from the media for which it handles sessions.
Chapter 23 Voice The VMG attempts to register all enabled subscriber ports when it is switched on. When you enable a subscriber port that was previously disabled, the VMG attempts to register the port immediately. Authorization Requirements SIP registrations (and subsequent SIP requests) require a username and password for authorization. These credentials are validated via a challenge / response system using the HTTP digest mechanism (as detailed in RFC 3261, "SIP: Session Initiation Protocol").
Chapter 23 Voice Figure 147 SIP Proxy Server SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server. Redirect servers do not initiate SIP requests.
Chapter 23 Voice Figure 148 SIP Redirect Server SIP Register Server A SIP register server maintains a database of SIP identity-to-IP address (or domain name) mapping. The register server checks your user name and password when you register. RTP When you make a VoIP call using SIP, the RTP (Real time Transport Protocol) is used to handle voice data transfer. See RFC 1889 for details on RTP.
Chapter 23 Voice Table 117 SIP Call Progression (continued) A B 6. BYE 7. OK 1 A sends a SIP INVITE request to B. This message is an invitation for B to participate in a SIP telephone call. 2 B sends a response indicating that the telephone is ringing. 3 B sends an OK response after the call is answered. 4 A then sends an ACK message to acknowledge that B has answered the call. 5 Now A and B exchange voice media (talk). 6 After talking, A hangs up and sends a BYE request.
Chapter 23 Voice The following table shows the SIP call progression. Table 118 SIP Call Progression UA 1 PROXY 1 PROXY 2 UA 2 Invite Invite 100 Trying Invite 100 Trying 180 Ringing 180 Ringing 180 Ringing 200 OK 200 OK 200 OK ACK RTP RTP BYE 200 OK 1 User Agent 1 sends a SIP INVITE request to Proxy 1. This message is an invitation to User Agent 2 to participate in a SIP telephone call. Proxy 1 sends a response indicating that it is trying to complete the request.
Chapter 23 Voice • G.726 is an Adaptive Differential PCM (ADPCM) waveform codec that uses a lower bitrate than standard PCM conversion. ADPCM converts analog audio into digital signals based on the difference between each audio sample and a prediction based on previous samples. The more similar the audio sample is to the prediction, the less space needed to describe it. G.726 operates at 16, 24, 32 or 40 kbps. • G.
Chapter 23 Voice 1 Pick up the phone and press “****” on your phone’s keypad and wait for the message that says you are in the configuration menu. 2 Press a number from 1101~1105 on your phone followed by the “#” key. 3 Play your desired music or voice recording into the receiver’s mouthpiece. Press the “#” key. 4 You can continue to add, listen to, or delete tones, or you can hang up the receiver when you are done.
Chapter 23 Voice desired. This allows the intermediary DiffServ-compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow. In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going.3 DSCP and Per-Hop Behavior DiffServ defines a new DS (Differentiated Services) field to replace the Type of Service (TOS) field in the IP header.
Chapter 23 Voice Note: To take full advantage of the supplementary phone services available through the VMG's phone ports, you may need to subscribe to the services from your VoIP service provider. 23.10.2.1 The Flash Key Flashing means to press the hook for a short period of time (a few hundred milliseconds) before releasing it. On newer telephones, there should be a "flash" key (button) that generates the signal electronically.
Chapter 23 Voice European Call Waiting This allows you to place a call on hold while you answer another incoming call on the same telephone (directory) number. If there is a second call to a telephone number, you will hear a call waiting tone. Take one of the following actions. • Reject the second call. Press the flash key and then press “0”. • Disconnect the first call and answer the second call. Either press the flash key and press “1”, or just hang up the phone and then answer the phone after it rings.
Chapter 23 Voice After pressing the flash key, if you do not issue the sub-command before the default sub-command timeout (2 seconds) expires or issue an invalid sub-command, the current operation will be aborted. Table 121 USA Flash Key Commands COMMAND SUB-COMMAND Flash DESCRIPTION Put a current call on hold to place a second call. After the second call is successful, press the flash key again to have a three-way conference call. Put a current call on hold to answer an incoming call.
Chapter 23 Voice 4 Hang up the phone to drop the connection. 5 If you want to separate the activated three-way conference into two individual connections (with party A on-line and party B on hold), press the flash key. 6 If you want to go back to the three-way conversation, press the flash key again. 7 If you want to separate the activated three-way conference into two individual connections again, press the flash key. This time the party B is on-line and party A is on hold. 23.10.2.
Chapter 23 Voice VMG5313-B10A/-B30A Series User’s Guide 296
C HAPTER 24 Log 24.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the VMG log and then display the logs or have the VMG send them to an administrator (as e-mail) or to a syslog server. 24.1.1 What You Can Do in this Chapter • Use the System Log screen to see the system logs (Section 24.2 on page 298). • Use the Security Log screen to see the security-related logs for the categories that you select (Section 24.3 on page 299). 24.1.
Chapter 24 Log Table 123 Syslog Severity Levels CODE SEVERITY 5 Notice: There is a normal but significant condition on the system. 6 Informational: The syslog contains an informational message. 7 Debug: The message is intended for debug-level purposes. 24.2 The System Log Screen Use the System Log screen to see the system logs. Click System Monitor > Log to open the System Log screen. Figure 151 System Monitor > Log > System Log The following table describes the fields in this screen.
Chapter 24 Log 24.3 The Security Log Screen Use the Security Log screen to see the security-related logs for the categories that you select. Click System Monitor > Log > Security Log to open the following screen. Figure 152 System Monitor > Log > Security Log The following table describes the fields in this screen. Table 125 System Monitor > Log > Security Log LABEL DESCRIPTION Level Select a severity level from the drop-down list box.
Chapter 24 Log VMG5313-B10A/-B30A Series User’s Guide 300
C HAPTER 25 Traffic Status 25.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN, LAN interfaces and NAT. 25.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 25.2 on page 301). • Use the LAN screen to view the LAN traffic statistics (Section 25.3 on page 302). • Use the NAT screen to view the NAT status of the VMG’s client(s) (Section 25.4 on page 303) 25.
Chapter 25 Traffic Status The following table describes the fields in this screen. Table 126 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Connected Interface This shows the name of the WAN interface that is currently connected. Packets Sent Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface. Drop This indicates the number of outgoing packets dropped on this interface.
Chapter 25 Traffic Status Figure 154 System Monitor > Traffic Status > LAN The following table describes the fields in this screen. Table 127 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Interface This shows the LAN or WLAN interface. Bytes Sent This indicates the number of bytes transmitted on this interface. Bytes Received This indicates the number of bytes received on this interface. more...
Chapter 25 Traffic Status Figure 155 System Monitor > Traffic Status > NAT The following table describes the fields in this screen. Table 128 System Monitor > Traffic Status > NAT LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Device Name This displays the name of the connected host. IP Address This displays the IP address of the connected host. MAC Address This displays the MAC address of the connected host. No.
C HAPTER 26 VoIP Status 26.1 The VoIP Status Screen Click System Monitor > VoIP Status to open the following screen. You can view the VoIP registration, current call status and phone numbers in this screen. Figure 156 System Monitor > VoIP Status The following table describes the fields in this screen. Table 129 System Monitor > VoIP Status LABEL DESCRIPTION Poll Interval(s) Enter the number of seconds the VMG needs to wait before updating this screen and then click Set Interval.
Chapter 26 VoIP Status Table 129 System Monitor > VoIP Status (continued) LABEL DESCRIPTION Registration Time This field displays the last time the VMG successfully registered the SIP account. The field is blank if the VMG has never successfully registered this account. URI This field displays the account number and service domain of the SIP account. You can change these in the VoIP > SIP screens. Message Waiting This field indicates whether or not there are any messages waiting for the SIP account.
C HAPTER 27 xDSL Statistics 27.1 The xDSL Statistics Screen Use this screen to view detailed DSL statistics. Click System Monitor > xDSL Statistics to open the following screen.
Chapter 27 xDSL Statistics VMG5313-B10A/-B30A Series User’s Guide 308
Chapter 27 xDSL Statistics The following table describes the labels in this screen. Table 130 Status > xDSL Statistics LABEL DESCRIPTION Refresh Interval Select the time interval for refreshing statistics. Line Select which DSL line’s statistics you want to display. xDSL Training Status This displays the current state of setting up the DSL connection. Mode This displays the ITU standard used for this connection.
Chapter 27 xDSL Statistics Table 130 Status > xDSL Statistics (continued) LABEL DESCRIPTION Downstream These are the statistics for the traffic direction coming into the port from the service provider. Upstream These are the statistics for the traffic direction going out from the port to the service provider. FEC This is the number of Far End Corrected blocks. CRC This is the number of Cyclic Redundancy Checks.
C HAPTER 28 3G Statistics 28.1 Overview Use the 3G Statistics screens to look at 3G Internet connection status. 28.2 The 3G Statistics Screen To open this screen, click System Monitor > 3G Statistics. The 3G status is available on this screen only when you insert a compatible 3G dongle in a USB port on the VMG. Figure 158 System Monitor > 3G Statistics The following table describes the labels in this screen.
Chapter 28 3G Statistics Table 131 System Monitor > 3G Statistics (continued) LABEL DESCRIPTION Connection Uptime This field displays the time the connection has been up. 3G Card Manufacturer This field displays the manufacturer of the 3G card. 3G Card Model This field displays the model name of the 3G card. 3G Card F/W Version This field displays the firmware version of the 3G card.
C HAPTER 29 User Account 29.1 Overview A user account is the In the Users Account screen, you can change the password of the “admin” user account that you used to log in the VMG. 29.2 The User Account Screen Click Maintenance > User Account to open the following screen. Figure 159 Maintenance > User Account The following table describes the labels in this screen.
Chapter 29 User Account Table 132 Maintenance > User Account (continued) (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. 29.2.1 The User Account Add/Edit Screen Click Add new user or the Edit icom of an existign account in the Maintenance > User Account to open the following screen. Figure 160 Maintenance > User Account >Add/Edit The following table describes the labels in this screen.
C HAPTER 30 Remote Management 30.1 Overview Remote management controls through which interface(s), which services can access the Device. Note: The VMG is managed using the Web Configurator. 30.2 The Remote MGMT Screen Use this screen to configure through which interface(s), which services can access the Device. You can also specify the port numbers the services must use to connect to the Device. Click Maintenance > Remote MGMT to open the following screen.
Chapter 30 Remote Management The following table describes the fields in this screen. Table 134 Maintenance > Remote MGMT LABEL DESCRIPTION WAN Interface used for services Select Any WAN to have the VMG automatically activate the remote management service when any WAN connection is up. Select Multi WAN and then select one or more WAN connections to have the VMG activate the remote management service when the selected WAN connections are up. HTTP This is the service you may use to access the VMG.
Chapter 30 Remote Management The following table describes the fields in this screen. Table 135 Maintenance > Remote MGMT > Trust Domain LABEL DESCRIPTION Add Trust Domain Click this to add a trusted host IP address. IPv4 Address This field shows a trusted host IP address. Delete Click the Delete icon to remove the trust IP address. 30.4 The Add Trust Domain Screen Use this screen to configure a public IP address which is allowed to access the VMG.
Chapter 30 Remote Management VMG5313-B10A/-B30A Series User’s Guide 318
C HAPTER 31 TR-069 Client 31.1 Overview This chapter explains how to configure the VMG’s TR-069 auto-configuration settings. 31.2 The TR-069 Client Screen TR-069 defines how Customer Premise Equipment (CPE), for example your VMG, can be managed over the WAN by an Auto Configuration Server (ACS). TR-069 is based on sending Remote Procedure Calls (RPCs) between an ACS and a client device. RPCs are sent in Extensible Markup Language (XML) format over HTTP or HTTPS.
Chapter 31 TR-069 Client The following table describes the fields in this screen. Table 137 Maintenance > TR-069 Client LABEL DESCRIPTION Inform Select Enable for the VMG to send periodic inform via TR-069 on the WAN. Otherwise, select Disable. Inform Interval Enter the time interval (in seconds) at which the VMG sends information to the autoconfiguration server. ACS URL Enter the URL or IP address of the auto-configuration server.
C HAPTER 32 TR-064 32.1 Overview This chapter explains how to configure the VMG’s TR-064 auto-configuration settings. 32.2 The TR-064 Screen TR-064 is a LAN-Side DSL CPE Configuration protocol defined by the DSL Forum. TR-064 is built on top of UPnP. It allows the users to use a TR-064 compliant CPE management application on their computers from the LAN to discover the CPE and configure user-specific parameters, such as the username and password. Click Maintenance > TR-064 to open the following screen.
Chapter 32 TR-064 VMG5313-B10A/-B30A Series User’s Guide 322
C HAPTER 33 SNMP 33.1 Overview This chapter explains how to configure the SNMP settings on the VMG. 33.2 The SNMP Screen Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Your VMG supports SNMP agent functionality, which allows a manager station to manage and monitor the VMG through the network. The VMG supports SNMP version one (SNMPv1) and version two (SNMPv2c). The next figure illustrates an SNMP management operation.
Chapter 33 SNMP SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: • Get - Allows the manager to retrieve an object variable from the agent. • GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent.
C HAPTER 34 Time Settings 34.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 34.2 The Time Screen To change your VMG’s time and date, click Maintenance > Time. The screen appears as shown. Use this screen to configure the VMG’s time based on your local time zone. Figure 168 Maintenance > Time The following table describes the fields in this screen.
Chapter 34 Time Settings Table 140 Maintenance > Time (continued) LABEL DESCRIPTION Current Date This field displays the date of your VMG. Each time you reload this page, the VMG synchronizes the date with the time server. NTP Time Server First ~ Fifth NTP time server Select an NTP time server from the drop-down list box. Otherwise, select Other and enter the IP address or URL (up to 29 extended ASCII characters in length) of your time server.
C HAPTER 35 E-mail Notification 35.1 Overview A mail server is an application or a computer that runs such an application to receive, forward and deliver e-mail messages. To have the VMG send reports, logs or notifications via e-mail, you must specify an e-mail server and the e-mail addresses of the sender and receiver. 35.2 The Email Notification Screen Click Maintenance > Email Notification to open the Email Notification screen.
Chapter 35 E-mail Notification 35.2.1 Email Notification Edit Click the Add button in the Email Notification screen. Use this screen to configure the required information for sending e-mail via a mail server. Figure 170 Email Notification > Add The following table describes the labels in this screen. Table 142 Email Notification > Add LABEL DESCRIPTION Mail Server Address Enter the server name or the IP address of the mail server for the e-mail address specified in the Account Email Address field.
C HAPTER 36 Log Setting 36.1 Overview You can configure where the VMG sends logs and which logs and/or immediate alerts the VMG records in the Logs Setting screen. 36.2 The Log Settings Screen To change your VMG’s log settings, click Maintenance > Logs Setting. The screen appears as shown.
Chapter 36 Log Setting The following table describes the fields in this screen. Table 143 Maintenance > Logs Setting LABEL DESCRIPTION Syslog Setting Syslog Logging The VMG sends a log to an external syslog server. Select Enable to enable syslog logging. Mode Select the syslog destination from the drop-down list box. If you select Remote, the log(s) will be sent to a remote syslog server. If you select Local File, the log(s) will be saved in a local file.
Chapter 36 Log Setting • "End of Log" message shows that a complete log has been sent. Figure 172 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> | 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy |forward | 09:54:17 |UDP src port:00520 dest port:00520 |<1,00> | 3|Apr 7 00 |From:192.168.1.6 To:10.
Chapter 36 Log Setting VMG5313-B10A/-B30A Series User’s Guide 332
C HAPTER 37 Firmware Upgrade 37.1 Overview This chapter explains how to upload new firmware to your VMG. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your VMG. 37.2 The Firmware Screen Click Maintenance > Firmware Upgrade to open the following screen.
Chapter 37 Firmware Upgrade Table 144 Maintenance > Firmware Upgrade LABEL DESCRIPTION Upgrade Firmware Current Firmware Version This is the present Firmware version and the date created. File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click this to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click this to begin the upload process.
Chapter 37 Firmware Upgrade Figure 176 Error Message VMG5313-B10A/-B30A Series User’s Guide 335
Chapter 37 Firmware Upgrade VMG5313-B10A/-B30A Series User’s Guide 336
C HAPTER 38 Configuration 38.1 Overview The Configuration screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 38.2 The Configuration Screen Click Maintenance > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Chapter 38 Configuration Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your VMG. Table 145 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse... Click this to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them.
Chapter 38 Configuration Figure 180 Reset Warning Message Figure 181 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your VMG. Refer to Section 1.7 on page 21 for more information on the RESET button. 38.3 The Reboot Screen System restart allows you to reboot the VMG remotely without turning the power off. You may need to do this if the VMG hangs, for example. Click Maintenance > Reboot. Click Reboot to have the VMG reboot.
C HAPTER 39 Diagnostic 39.1 Overview The Diagnostic screens display information to help you identify problems with the VMG. The route between a CO VDSL switch and one of its CPE may go through switches owned by independent organizations. A connectivity fault point generally takes time to discover and impacts subscriber’s network access. In order to eliminate the management and maintenance efforts, IEEE 802.
Chapter 39 Diagnostic 39.3 Ping & TraceRoute & NsLookup Use this screen to ping, traceroute, or nslookup an IP address. Click Maintenance > Diagnostic > Ping&TraceRoute&NsLookup to open the screen shown next. Figure 183 Maintenance > Diagnostic > Ping &TraceRoute&NsLookup The following table describes the fields in this screen.
Chapter 39 Diagnostic Figure 184 Maintenance > Diagnostic > 802.1ag The following table describes the fields in this screen. Table 147 Maintenance > Diagnostic > 802.1ag LABEL DESCRIPTION 802.1ag Connectivity Fault Management Maintenance Domain (MD) Level Select a level (0-7) under which you want to create an MA. Destination MAC Address Enter the target device’s MAC address to which the VMG performs a CFM loopback test. 802.1Q VLAN ID Type a VLAN ID (0-4095) for this MA.
Chapter 39 Diagnostic ATM sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: • Virtual Channel (VC) Logical connections between ATM devices • Virtual Path (VP) A bundle of virtual channels • Virtual Circuits A series of virtual paths between circuit end points Figure 185 Virtual Circuit Topology Think of a virtual path as a cable that contains a bundle of wires.
Chapter 39 Diagnostic Figure 186 Maintenance > Diagnostic > OAM Ping The following table describes the fields in this screen. Table 148 Maintenance > Diagnostic > OAM Ping LABEL DESCRIPTION Select a PVC on which you want to perform the loopback test. F4 segment Press this to perform an OAM F4 segment loopback test. F4 end-end Press this to perform an OAM F4 end-to-end loopback test. F5 segment Press this to perform an OAM F5 segment loopback test.
C HAPTER 40 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • VMG Access and Login • Internet Access • Wireless Internet Access • USB Device Connection • UPnP 40.1 Power, Hardware Connections, and LEDs The VMG does not turn on. None of the LEDs turn on. 1 Make sure the VMG is turned on.
Chapter 40 Troubleshooting 5 If the problem continues, contact the vendor. 40.2 VMG Access and Login I forgot the IP address for the VMG. 1 The default LAN IP address is 192.168.1.1. 2 If you changed the IP address and have forgotten it, you might get the IP address of the VMG by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Chapter 40 Troubleshooting 5 Reset the device to its factory defaults, and try to access the VMG with the default IP address. See Section 1.7 on page 21. 6 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Make sure you have logged out of any earlier management sessions using the same user account even if they were through a different interface or using a different browser.
Chapter 40 Troubleshooting 40.3 Internet Access I cannot access the Internet. 1 Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.6 on page 20. 2 Make sure you entered your ISP account information correctly in the Network Setting > Broadband screen. These fields are case-sensitive, so make sure [Caps Lock] is not on.
Chapter 40 Troubleshooting 2 Make sure you have the Ethernet WAN port connected to a MODEM or Router. 3 Make sure you converted LAN port number four as WAN. Click Enable in Network Setting > Broadband > Ethernet WAN screen. 4 Make sure you configured a proper EthernetWAN interface (Network Setting > Broadband screen) with the Internet account information provided by your ISP and that it is enabled.
Chapter 40 Troubleshooting • Building Materials: metal doors, aluminum studs. • Electrical devices: microwaves, monitors, electric motors, cordless phones, and other wireless devices. To optimize the speed and quality of your wireless connection, you can: • Move your wireless device closer to the AP if the signal strength is low. • Reduce wireless interference that may be caused by other wireless networks or surrounding wireless electronics such as cordless phones.
Chapter 40 Troubleshooting 1 Disconnect the Ethernet cable from the VMG’s LAN port or from your computer. 2 Re-connect the Ethernet cable. The Local Area Connection icon for UPnP disappears in the screen. Restart your computer.
Chapter 40 Troubleshooting VMG5313-B10A/-B30A Series User’s Guide 352
P ART III Appendices Appendices contain general information. Some information may not apply to your device.
A PPENDIX A Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. Regional websites are listed below See also http://www.zyxel.com/about_zyxel/zyxel_worldwide.shtml Please have the following information ready when you contact an office. Required Information • Product model and serial number. • Warranty Information.
Appendix A Customer Support • http://www.zyxel.kz Korea • ZyXEL Korea Corp. • http://www.zyxel.kr Malaysia • ZyXEL Malaysia Sdn Bhd. • http://www.zyxel.com.my Pakistan • ZyXEL Pakistan (Pvt.) Ltd. • http://www.zyxel.com.pk Philipines • ZyXEL Philippines • http://www.zyxel.com.ph Singapore • ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.
Appendix A Customer Support Belarus • ZyXEL BY • http://www.zyxel.by Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland • ZyXEL Communications • http://www.zyxel.fi France • ZyXEL France • http://www.zyxel.
Appendix A Customer Support • http://www.zyxel.com/lv/lv/homepage.shtml Lithuania • ZyXEL Lithuania • http://www.zyxel.com/lt/lt/homepage.shtml Netherlands • ZyXEL Benelux • http://www.zyxel.nl Norway • ZyXEL Communications • http://www.zyxel.no Poland • ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.
Appendix A Customer Support • http://www.zyxel.ch/ Turkey • ZyXEL Turkey A.S. • http://www.zyxel.com.tr UK • ZyXEL Communications UK Ltd. • http://www.zyxel.co.uk Ukraine • ZyXEL Ukraine • http://www.ua.zyxel.com Latin America Argentina • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Ecuador • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Middle East Egypt • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.
Appendix A Customer Support Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.
A PPENDIX B Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Appendix B Wireless LANs Figure 188 Basic Service Set ESS An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood.
Appendix B Wireless LANs Figure 189 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference. Interference occurs when radio signals from different access points overlap causing interference and degrading performance.
Appendix B Wireless LANs Figure 190 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations. RTS/CTS is designed to prevent collisions due to hidden nodes.
Appendix B Wireless LANs IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has several intermediate rate steps between the maximum and minimum data rates. The IEEE 802.11g data rate and modulation are as follows: Table 149 IEEE 802.
Appendix B Wireless LANs • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients. RADIUS RADIUS is based on a client-server model that supports authentication, authorization and accounting.
Appendix B Wireless LANs shared key, password information exchanged is also encrypted to protect the network from unauthorized access. Types of EAP Authentication This section discusses some popular authentication types: EAP-MD5, EAP-TLS, EAP-TTLS, PEAP and LEAP. Your wireless LAN device may not support all authentication types. EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.
Appendix B Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco.
Appendix B Wireless LANs WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2.
Appendix B Wireless LANs pre-authentication. These two features are optional and may not be supported in all wireless devices. Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.
Appendix B Wireless LANs Figure 191 WPA(2) with RADIUS Application Example WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. 1 First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). 2 The AP checks each wireless client's password and allows it to join the network only if the password matches.
Appendix B Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 152 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTIO METHOD/ KEY MANAGEMENT PROTOCOL N METHOD ENTER MANUAL KEY IEEE 802.
Appendix B Wireless LANs 2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a range increase of approximately 5%. Actual results may vary depending on the network environment. Antenna gain is sometimes specified in dBi, which is how much the antenna increases the signal power compared to using an isotropic antenna. An isotropic antenna is a theoretical perfect antenna that sends out radio signals equally well in all directions.
Appendix B Wireless LANs VMG5313-B10A/-B30A Series User’s Guide 374
A PPENDIX C IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted.
Appendix C IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address. It is similar to “0.0.0.0” in IPv4. Loopback Address A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to “127.0.0.1” in IPv4.
Appendix C IPv6 Table 155 Reserved Multicast Address (continued) MULTICAST ADDRESS FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
Appendix C IPv6 the time T2 is reached and the server does not respond, the client sends a Rebind message to any available server (S2). For an IA_TA, the client may send a Renew or Rebind message at the client's discretion. T2 T1 Renew Renew to S1 to S1 Renew Renew to S1 to S1 Renew to S1 Renew to S1 Rebind to S2 Rebind to S2 DHCP Relay Agent A DHCP relay agent is on the same network as the DHCP clients and helps forward messages between the DHCP server and clients.
Appendix C IPv6 • Neighbor advertisement: A response from a node to announce its link-layer address. • Router solicitation: A request from a host to locate a router that can act as the default router and forward packets. • Router advertisement: A response to a router solicitation or a periodical multicast advertisement from a router to advertise its presence and other parameters. IPv6 Cache An IPv6 host is required to have a neighbor cache, destination cache, prefix list and default router list.
Appendix C IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses. C:\>ipv6 install Installing... Succeeded. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific IP Address. . . . . Subnet Mask . . . . IP Address. . . . .
Appendix C IPv6 5 Click Start and then OK. 6 Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer. To enable IPv6 in Windows 7: 1 Select Control Panel > Network and Sharing Center > Local Area Connection. 2 Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. 3 Click OK to save the change.
Appendix C IPv6 4 Click Close to exit the Local Area Connection Status screen. 5 Select Start > All Programs > Accessories > Command Prompt. 6 Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS IPv6 Address. . . . . . Link-local IPv6 Address IPv4 Address. . . . . . Subnet Mask . . . . . . Default Gateway .
A PPENDIX D Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP. If this is USER-DEFINED, the Port(s) is the IP protocol number, not the port number.
Appendix D Services Table 156 Examples of Services NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined 51 The IPSEC AH (Authentication Header) tunneling protocol uses this service. AIM TCP 5190 AOL’s Internet Messenger service. AUTH TCP 113 Authentication protocol used by some servers. BGP TCP 179 Border Gateway Protocol. BOOTP_CLIENT UDP 68 DHCP Client. BOOTP_SERVER UDP 67 DHCP Server.
Appendix D Services Table 156 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION NFS UDP 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments. NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service. PING User-Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable.
Appendix D Services Table 156 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server. TACACS UDP 49 Login Host Protocol used for (Terminal Access Controller Access Control System). TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems.
A PPENDIX E Legal Information Copyright Copyright © 2014 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix E Legal Information Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser. This warranty is in lieu of all other warranties, express or implied, including any implied warranty of merchantability or fitness for a particular use or purpose. ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser.
Appendix E Legal Information • Connect the power adaptor or cord to the right supply voltage (for example, 110V AC in North America or 230V AC in Europe). • Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord. • Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocution. • If the power adaptor or cord is damaged, remove it from the device and the power source.
Appendix E Legal Information VMG5313-B10A/-B30A Series User’s Guide 390
Index Index example 130 A BYE request 287 ACK message 287 ACL rule 228 ACS 319 C activation firewalls 225 media server 216 SIP ALG 191 SSID 114 CA 243, 367 call history 280 incoming calls 282 outgoing calls 281 adding a printer example 65 call hold 292, 294 administrator password 24 call service mode 292, 293 AH 259 call transfer 293, 294 algorithms 259 call waiting 293, 294 antenna directional 373 gain 372 omni-directional 373 Canonical Format Indicator See CFI CCMs 340 certificate factory
Index interference 363 DMZ 189 channel, wireless LAN 126 DNS 140, 153 Class of Service 290 DNS server address assignment 104 Class of Service, see CoS Domain Name 196 client list 144 Domain Name System, see DNS client-server protocol 284 Domain Name System. See DNS.
Index add protocols 225 configuration 225 DDoS 224 DoS 224 LAND attack 224 Ping of Death 224 SYN attack 224 Inside Local Address, see ILA interface group 205 Internet wizard setup 33 Internet access 18 wizard setup 33 Internet Key Exchange 260 firmware 333 version 75 Internet Protocol version 6 80 Internet Protocol version 6, see IPv6 flash key 292 fragmentation threshold 123, 127, 364 IP address 140, 153 ping 341 private 154 WAN 80 FTP 182, 196 IP Address Assignment 103 flashing 292 forwarding po
Index and USB printer 216 client list 144 DHCP 140, 152 DNS 140, 153 IP address 140, 141, 153 MAC address 145 status 75 subnet mask 140, 141, 153 iTunes server 215 MEP 340 MTU (Multi-Tenant Unit) 103 multicast 104 multimedia 283 Multiple BSS, see MBSSID multiplexing 101 LLC-based 102 VC-based 101 LAND attack 224 LAN-Side DSL CPE Configuration 321 multiprotocol encapsulation 101 LBR 340 limitations wireless LAN 129 WPS 137 N link trace 340 NAT 181, 182, 183, 194 applications 195 IP alias 196 example 1
Index tagging 164 versus CoS 163 P Quality of Service, see QoS Pairwise Master Key (PMK) 369, 371 passwords 23, 24 PBC 132 R Peak Cell Rate (PCR) 102 peer-to-peer calls 279 RADIUS 366 message types 366 messages 366 shared secret key 366 Per-Hop Behavior, see PHB 176 PHB 176, 291 phone functions 295 PIN, WPS 132 example 134 RADIUS server 128 Real time Transport Protocol, see RTP Ping of Death 224 registration product 388 Point-to-Point Tunneling Protocol 196 POP3 196 remote management TR-069 319
Index Services 196 static VLAN Session Initiation Protocol, see SIP silence suppression 289 status 73 firmware version 75 LAN 75 WAN 75 wireless LAN 75 Simple Network Management Protocol, see SNMP status indicators 20 Single Rate Three Color Marker, see srTCM subnet mask 140, 153 SIP 283 account 283 call progression 286 client 284 identities 283 INVITE request 287, 288 number 283 OK response 288 proxy server 284 redirect server 285 register server 286 servers 284 service domain 283 URI 283 user ag
Index tunnel mode 260 warranty note 388 Two Rate Three Color Marker, see trTCM WDS 120, 131 compatibility 120 example 131 Type of Service, see ToS U web configurator 23 login 23 passwords 23, 24 unicast 104 WEP 129 Uniform Resource Identifier 283 WEP Encryption 112, 113 Universal Plug and Play, see UPnP WEP encryption 111 upgrading firmware 333 WEP key 111 UPnP 146 cautions 141 NAT traversal 140 Wi-Fi Protected Access 368 wireless client WPA supplicants 370 Wireless Distribution System, see
Index WLAN interference 363 security parameters 372 WPA 129, 368 key caching 370 pre-authentication 370 user authentication 369 vs WPA-PSK 369 wireless client supplicant 370 with RADIUS application example 370 WPA2 368 user authentication 369 vs WPA2-PSK 369 wireless client supplicant 370 with RADIUS application example 370 WPA2-Pre-Shared Key 369 WPA2-PSK 369 application example 371 WPA-PSK 129, 369 application example 371 WPS 131, 134 example 135 limitations 137 PIN 132 example 134 push button 22, 132 V