Instruction/ maintenance manual of the product P-2608HWL-Dx Series ZyXEL Communications
Go to page of 451
P-2608HWL-Dx Series 802.1 1g Wireless ADSL2+ V oIP IAD User ’ s Guide V ersion 3.4 0 10 / 2 0 06 Edition 1.
.
P-2608HWL-Dx Series User ’s Guide Copyright 3 Copyright Copyright © 2006 by ZyXEL Communications Corpo ration. The contents of this publication may not be reprod uced in any part or as a whole, tra.
P-2608HWL-Dx Series User’s Guide 4 Certifications Certifications Federal Communications Commissi on (FCC) Interference St atement The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference.
P-2608HWL-Dx Series User ’s Guide Certifications 5 第十二條 經型式 認證合格之低功率射頻電機,非經 許可,公司、商號或使用 者均不得擅自變更頻率、加大功.
P-2608HWL-Dx Series User’s Guide 6 Safety Warnings Safety W arnings For your safety , be sure to read and fo llow all warning notices and instructions. • Do NOT use this product near water , for exam ple, in a wet basement or nea r a swimming pool.
P-2608HWL-Dx Series User ’s Guide Safety Warnings 7 This product is recyclable . Dispose of it properly ..
P-2608HWL-Dx Series User’s Guide 8 ZyXEL Limited Warranty ZyXEL Limited W arranty ZyXEL warrants to the original en d user (purchaser) that this product is free from any defects in materials or workmansh ip for a period of up to two ye ars from the date of purchase.
P-2608HWL-Dx Series User ’s Guide Customer Support 9 Customer Support Please have the following information r eady when you contact customer support. • Product model and serial number . • W arranty Information. • Date that you received your de vice.
P-2608HWL-Dx Series User’s Guide 10 Customer Suppo rt +” is the (prefix) number you enter to make an interna tional telephone call. NORWAY support@zyxel.no +47-22-80-61-80 www .zyxel.no ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway sales@zyxel.
P-2608HWL-Dx Series User ’s Guide Table of Contents 11 T able of Content s Copyright .................................................. ................................................................ 3 Certifications ...............................
P-2608HWL-Dx Series User’s Guide 12 Table of Contents 3.3 Wireless Connection Wizard Setup .............. ................ ................. ................ .....60 3.3.1 Automatically ass ign a WP A key ................... ................ .......
P-2608HWL-Dx Series User ’s Guide Table of Contents 13 7.3 T r affic Shaping ............. ................ ................ ................ ................. ................... ..92 7.3.1 A T M T raffic Classes ............... ................. .
P-2608HWL-Dx Series User’s Guide 14 Table of Contents 9.3 Wireless Performance Overview ............... ................ .................... ................ ...122 9.3.1 Quality of Service (QoS) ..... .................... ................ ........
P-2608HWL-Dx Series User ’s Guide Table of Contents 15 1 1.1.4 SIP Call Progression ................... ................ ................ ............. ............. 152 1 1.1.5 SIP Client Server .............. .................... ................ .
P-2608HWL-Dx Series User’s Guide 16 Table of Contents Chapter 13 Phone Book .............................................................................. ............................ 177 13.1 Phone Book Overview .......... ................ ........
P-2608HWL-Dx Series User ’s Guide Table of Contents 17 Chapter 16 Firewall Configuration .................................................................................. ....... 199 16.1 Access Methods ... ............ ................. ..........
P-2608HWL-Dx Series User’s Guide 18 Table of Contents 18.1.2 Additional T opics for IKE SA ....................... ................ ................... .......226 18.1.2.1 Negotiation Mode ....... ................. ................... ..............
P-2608HWL-Dx Series User ’s Guide Table of Contents 19 Chapter 20 St atic Route ........................................................ ........................................... ....... 273 20.1 S tatic Route ............. ................ ......
P-2608HWL-Dx Series User’s Guide 20 Table of Contents 23.6 Configuring FTP .............. ................. ................ ................... ................ .......... 298 23.7 SNMP ............... ................ ................. ...........
P-2608HWL-Dx Series User ’s Guide Table of Contents 21 27.5.2 Restore Configuratio n ............. ................ ................ ................ ............. 335 27.5.3 Reset to Factory De faults ... ................. ................ ........
P-2608HWL-Dx Series User’s Guide 22 Table of Contents Windows 95/98/Me ........... ................ ................... ................ ................. .................. 367 Configuring ......... ................ ................. ..............
P-2608HWL-Dx Series User ’s Guide Table of Contents 23 Log Commands ...................... ................ .................... ................ ................ ............ 412 Configuring What Y ou W ant the ZyXEL D evice to Log ................
P-2608HWL-Dx Series User’s Guide 24 Table of Contents.
P-2608HWL-Dx Series User ’s Guide List of Figure s 25 List of Figures Figure 1 ZyXEL Device’s V oIP Feat ures ... ................... ................ ................ .......... 41 Figure 2 Internet Access ......... ................. ............
P-2608HWL-Dx Series User’s Guide 26 List of Figures Figure 39 Bandwidth Management Wizard: Complete ....... .................... ................ 77 Figure 40 S tatus Screen ........... ................. ................... ................ ........
P-2608HWL-Dx Series User ’s Guide List of Figure s 27 Figure 82 Edit Address Mappin g Rule ..................... ................ ................ ............. 148 Figure 83 Network > NA T > ALG ................. ................ ............
P-2608HWL-Dx Series User’s Guide 28 List of Figures Figure 125 VPN: T ransport and T unnel Mo de Encapsulation ...................... .......... 228 Figure 126 VPN Setup .......... ................ ................. ................ ................
P-2608HWL-Dx Series User ’s Guide List of Figure s 29 Figure 168 Configuring UPnP ............... ................. ................ ................ ................ 308 Figure 169 Add/Remove Prog rams: Windows Setup: Communication ........... ....
P-2608HWL-Dx Series User’s Guide 30 List of Figures Figure 210 Java (Sun) ..... ................ ................... ................ ................. ................... 359 Figure 21 1 WIndows 95/98/Me: Network: Conf iguration .............. ....
P-2608HWL-Dx Series User ’s Guide List of Figure s 31 Figure 253 Internal SPTGEN FTP Downlo ad Example ........... ................... .......... 417 Figure 254 Internal SPTGEN FTP Upload Example .
P-2608HWL-Dx Series User’s Guide 32 List of Figures.
P-2608HWL-Dx Series User ’s Guide List of Tables 33 List of T ables T able 1 Models Covered ................ ................ ................... ................. ................... 41 T able 2 LEDs .................. ................ ............
P-2608HWL-Dx Series User’s Guide 34 List of Tables T able 39 Wireless: WP A(2) .. ................ .................... ................ ................... .......... 128 T able 40 Wireless LAN: Advanced ........... ................ ...............
P-2608HWL-Dx Series User ’s Guide List of Tables 35 T able 82 VPN Example: Mismatching ID T ype and Content .............. ................... 225 T able 83 VPN Setup ............. ................ .................... ................ .............
P-2608HWL-Dx Series User’s Guide 36 List of Tables T able 123 Configuring UPnP ............................. .................... ................ ................ 309 T able 124 System G eneral Setup .. ................... ................ ........
P-2608HWL-Dx Series User ’s Guide List of Tables 37 T able 166 CDR Logs ................... ................ ................ ................ ................ .......... 406 T able 167 PPP Logs .... ................ ................ ...............
P-2608HWL-Dx Series User’s Guide 38 List of Tables.
P-2608HWL-Dx Series User ’s Guide Preface 39 Preface Congratulations on you r purchase of the P-2608HWL-Dx ADSL V oIP IAD with 802.1 1g W ireless (the “ZyXEL Device”).
P-2608HWL-Dx Series User’s Guide 40 Preface • The P-2608HWL-Dx series may be referred to as the ”ZyXEL Device” or the “device” in this user ’ s guide. This refers to all mode ls (ADSL over POTS, ADSL over ISD N and ADSL over T -ISDN) unless specifically identified.
P-2608HWL-Dx Series User ’s Guide Chapter 1 Getting To Know the ZyXEL Device 41 C HAPTER 1 Getting T o Know the ZyXEL Device This chapter introduces the main features and applications of the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide 42 Chapter 1 Getting To Know the ZyXEL Device 1.1.2 DSL Router Y our ZyXEL Device is an ideal solution for fast Internet access. Comput ers can connect to the ZyXEL Device’ s LAN ports (or wirelessly) and use it as a gateway to the Internet.
P-2608HWL-Dx Series User ’s Guide Chapter 1 Getting To Know the ZyXEL Device 43 The following table describes your device’ s LEDs. Table 2 LEDs LIGHT COLOR ST ATUS DESCRIPTION POWER Green On Y o ur device is receiving power and functioning properly .
P-2608HWL-Dx Series User’s Guide 44 Chapter 1 Getting To Know the ZyXEL Device.
P-2608HWL-Dx Series User ’s Guide Chapter 2 Introducing the Web Configur ator 45 C HAPTER 2 Introducing the W eb Configurator This chapter describes how to access and navigate the web configurator .
P-2608HWL-Dx Series User’s Guide 46 Chapter 2 Introducing the Web Configurator Figure 4 Password Screen 5 The following screen displays if you have no t yet changed your password.
P-2608HWL-Dx Series User ’s Guide Chapter 2 Introducing the Web Configur ator 47 Figure 6 Factory Default Certificate 7 A screen displays to let you choose whether to go to the wizard or the advanced screens. • Click Go to W izard setup if you are logging in for the firs t time or if you want to make basic changes.
P-2608HWL-Dx Series User’s Guide 48 Chapter 2 Introducing the Web Configurator 2.1.2 The RESET Button Y ou can use the RESET button on the sid e of the device to reboot the device. If you for get your password or cannot access the web configurator , you will need to use the RESET button to reload the factory-default conf iguration file.
P-2608HWL-Dx Series User ’s Guide Chapter 2 Introducing the Web Configur ator 49 • B - navigation panel • C - main window • D - status bar 2.2.1 T itle Bar The title bar provides some icon s in the upper right corner . The icons provide th e following functions.
P-2608HWL-Dx Series User’s Guide 50 Chapter 2 Introducing the Web Configurator Wireless LAN General Use this screen to configure the wireless LAN settings and WLAN authentication/security settings. OTIST Use this screen to configure a setup key for OTIST as well as start OTIST on the ZyXEL Device.
P-2608HWL-Dx Series User ’s Guide Chapter 2 Introducing the Web Configur ator 51 VPN Setup Use this screen to config ure each VPN tunnel. Monitor Use this screen to look at t he current status of each VPN tunnel. VPN Global Setting Use this screen to allow NetBIOS traffic through VPN tunnels.
P-2608HWL-Dx Series User’s Guide 52 Chapter 2 Introducing the Web Configurator Main W indow The main window displays informa tion and configuration fields. It is discussed in the rest of this document. Right after you log in, the St a t u s screen is displayed.
P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 53 C HAPTER 3 Internet and Wireless Setup Wi z a r d This chapter provides informatio n on the W izard Setup screens for Internet access in the web configurator .
P-2608HWL-Dx Series User’s Guide 54 Chapter 3 Internet and Wireless Setup Wizar d Figure 10 Wizard Welcome 3 Y our ZyXEL Device attempts to detect your DSL connectio n and your connection type. a The following screen appears if a conn ection is not detected.
P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 55 Figure 12 Auto-Detection: PPPoE c The following screen appears if the Zy XEL Device detects a connection but not the connection type. Click Next and refer to Section 3.
P-2608HWL-Dx Series User’s Guide 56 Chapter 3 Internet and Wireless Setup Wizar d Figure 14 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen.
P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 57 2 The next wizard screen varies depending on wh at mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue.
P-2608HWL-Dx Series User’s Guide 58 Chapter 3 Internet and Wireless Setup Wizar d The following table describes the fields in this screen. Figure 17 Internet Connection with ENET ENCAP The following table describes the fields in this screen.
P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 59 Figure 18 Internet Connection with PPPoA The following table describes the fields in this screen. • If the user name and/or password you ente red for PPPoE or PPPoA connection are not correct, the screen displays as shown next.
P-2608HWL-Dx Series User’s Guide 60 Chapter 3 Internet and Wireless Setup Wizar d Figure 19 Connection T est Failed- 1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wir ele ss Setup W izard to verify your In ternet access settings.
P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 61 Figure 21 Connection T est Successful 2 Use this screen to activate the wireless LAN. Click Next to continue. Figure 22 Wireless LAN Setup Wizard 1 The following table describes the labels in this screen.
P-2608HWL-Dx Series User’s Guide 62 Chapter 3 Internet and Wireless Setup Wizar d 3 Configure your wireless settin gs in this screen. Click Next . Figure 23 Wireless LAN The following table describes the labels in this screen.
P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 63 4 This screen varies depending on the security mode you selected in the previous screen.
P-2608HWL-Dx Series User’s Guide 64 Chapter 3 Internet and Wireless Setup Wizar d Figure 25 Manually Assign a WEP key The following table describes the labels in this screen. 5 Click Apply to save your wireless LAN settings. Table 13 Manually Assign a WEP key LABEL DESCRIPTION Key The WEP keys are used to encrypt data.
P-2608HWL-Dx Series User ’s Guide Chapter 3 Internet an d Wireless Setup Wizard 65 Figure 26 Wireless LAN Setup 3 6 Use the read-only summary table to check whet her what you have configured is correct. Click Finish to complete and save the wizard setup.
P-2608HWL-Dx Series User’s Guide 66 Chapter 3 Internet and Wireless Setup Wizar d.
P-2608HWL-Dx Series User ’s Guide Chapter 4 VoIP Wizard And Example 67 C HAPTER 4 V oIP Wizard And Example This chapter shows you how to configure your SIP account(s) and make a V oIP phone call.
P-2608HWL-Dx Series User’s Guide 68 Chapter 4 VoIP Wizard And Example Figure 29 Select a Mode 2 Click V OICE OVER INTERNET SETUP to configure your SIP settings.
P-2608HWL-Dx Series User ’s Guide Chapter 4 VoIP Wizard And Example 69 3 Fill in the V O ICE OVER INTERNET SETUP wizard screen with the information provided by your V oIP service provider . Y our V oIP service provider supplies you with the following information.
P-2608HWL-Dx Series User’s Guide 70 Chapter 4 VoIP Wizard And Example 4 Y our ZyXEL Device will attempt to register your SIP account with your V oIP service provider . When your account is registered your PHONE 1 light will come on and you are ready to make and receive V oIP phone calls.
P-2608HWL-Dx Series User ’s Guide Chapter 4 VoIP Wizard And Example 71 Figure 33 V o IP Wizard Fail 6 This screen displays if your SIP ac count registration was successful. Click Return to Wiz ar d Ma i n P a ge if you want to use anoth er configuration wizard.
P-2608HWL-Dx Series User’s Guide 72 Chapter 4 VoIP Wizard And Example.
P-2608HWL-Dx Series User ’s Guide Chapter 5 Bandwidth Management Wizard 73 C HAPTER 5 Bandwid th Management W izard This chapter shows you how to configure basic bandwidth management using th e wizard screens.
P-2608HWL-Dx Series User’s Guide 74 Chapter 5 Bandwidth Man agement Wizard 5.3 Bandwid th Management Wizard Setup 1 After you enter the password to access the web configurator , selec t Go to W izard setup and click Apply . Otherwise, click the wizard icon ( ) in the top right corner of the web configurator to display the wiza rd main screen.
P-2608HWL-Dx Series User ’s Guide Chapter 5 Bandwidth Management Wizard 75 2 Click BANDWIDTH MANAGEMENT SETUP . Figure 36 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the packet size or services.
P-2608HWL-Dx Series User’s Guide 76 Chapter 5 Bandwidth Man agement Wizard Figure 38 Bandwidt h Management Wizard: Service Configuration The following table describes the labels in this screen.
P-2608HWL-Dx Series User ’s Guide Chapter 5 Bandwidth Management Wizard 77 5 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuratio n.
P-2608HWL-Dx Series User’s Guide 78 Chapter 5 Bandwidth Man agement Wizard.
P-2608HWL-Dx Series User ’s Guide Chapter 6 Status Screens 79 C HAPTER 6 S t atus Screens Use the St a t u s screens to look at the current status of the device, syst em resources, interfaces (LAN and W AN), and SIP ac counts. Y o u can also register and unregister SIP accounts.
P-2608HWL-Dx Series User’s Guide 80 Chapter 6 Sta tus Screens Each field is described in the following table. Table 19 Status Scree n LABEL DESCRIPTION Refresh Interval Enter how often you want the ZyXEL Device to update this screen. Apply Click this to update this screen immediately .
P-2608HWL-Dx Series User ’s Guide Chapter 6 Status Screens 81 Security Firewall This displays whether or not the ZyXEL Device’s firewall is activated. Click this to go to the screen where you can change it. Content Filter This disp lays whether or not the ZyXEL Devi ce’s content filtering is activated.
P-2608HWL-Dx Series User’s Guide 82 Chapter 6 Sta tus Screens 6.2 Any IP T able Click S tatus > AnyIP T able to access this screen. Use this screen to view the IP address and MAC address of each computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device.
P-2608HWL-Dx Series User ’s Guide Chapter 6 Status Screens 83 Each field is described in the following table. 6.3 WLAN S tatus Click St a t u s > W L A N St a t u s to access this screen. Use this screen to view the wireless stations that are currently ass ociated to the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide 84 Chapter 6 Sta tus Screens Figure 43 Packet S tatistics The following table describes th e fields in this screen. Table 22 Packet S tatistics LABEL DESCRIPTION System Monitor System up T ime This is the elapsed time the system has been up.
P-2608HWL-Dx Series User ’s Guide Chapter 6 Status Screens 85 6.5 V oIP St atistics Click St a t u s > V o I P St a t i s t i c s to access this screen. Figure 44 V oIP S tatistics Up T ime This field displays the elapsed time this port has been up.
P-2608HWL-Dx Series User’s Guide 86 Chapter 6 Sta tus Screens Each field is described in the following table. Table 23 VoIP Statistics LABEL DESCRIPTION SIP S tatus Account This column disp lays each SIP account in the ZyXEL Device. Registration This field displays the current registrati on status of the SIP account.
P-2608HWL-Dx Series User ’s Guide Chapter 6 Status Screens 87 Tx B/s This field displays how quickly the ZyXEL Device has transmitted p ackets in the current call. The rate is the average number of bytes transmitted per second. Rx B/s This field displays how quickly the Zy XEL Device has receiv ed p ackets in the current call.
P-2608HWL-Dx Series User’s Guide 88 Chapter 6 Sta tus Screens.
P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 89 C HAPTER 7 W AN Setup This chapter describes how to configure W AN settings. 7.1 W AN Overview A W AN (Wide Area Network) is an outside conn ection to another network or the Internet. 7.1.1 Encap sulation Be sure to use the encapsulat ion method required by your ISP .
P-2608HWL-Dx Series User’s Guide 90 Chapter 7 WAN Setup By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task.
P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 91 7.1.4 IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Si ngle User Account feature can be enabled or disabled if you have either a dynamic or static IP .
P-2608HWL-Dx Series User’s Guide 92 Chapter 7 WAN Setup 7.2 Metric The metric represents the "cost of transmissi on". A router determines the best route for transmission by choosing a path with the lowest "cost".
P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 93 Maximum Burst Size (MBS) is the maximum numb er of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again.
P-2608HWL-Dx Series User’s Guide 94 Chapter 7 WAN Setup The VBR-nR T (non real-time V ariable Bit Rate) ty pe is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for " bursty" traffic typical on LANs.
P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 95 Figure 46 Internet Access Setup (PPPoE) The following table describes the labels in this screen. Table 24 Internet Access Setup LABEL DESCRIPTION General Mode Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Inter net account.
P-2608HWL-Dx Series User’s Guide 96 Chapter 7 WAN Setup Multiplexing Select the meth od of multiplexing used by your ISP from the drop-do wn list. Choices are VC or LLC . Virtual Circuit ID VPI (Virtual Path Iden tifier) an d VCI (Virtual Channel Id entifier) define a virtual circuit.
P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 97 7.5.1 Advanced Internet Access Setup T o edit your ZyXEL Device's ad vanced W AN settings, click the Advanced Setup button in the Internet Access Setup screen. The screen appears as shown.
P-2608HWL-Dx Series User’s Guide 98 Chapter 7 WAN Setup 7.6 W AN More Connections The ZyXEL Device allows you to configure more than one Internet access connection. T o configure additional Internet access connections click Network > W AN > More Connections .
P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 99 Figure 48 W AN More Connections The following table describes the labels in this screen. 7.6.1 W AN More Conn ections Modify Screen Use this screen to modify or create additional W AN conn ections.
P-2608HWL-Dx Series User’s Guide 100 Chapter 7 WAN Setup Figure 49 W AN More Connections > Modify The following table describes the labels in this screen. Table 27 W AN More Connections > Modify LABEL DESCRIPTION General Active Use this checkbox to activate or deactivate this WAN connection.
P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 101 Multiplexing Select the method of multipl exing used by your ISP from the drop-down li st. Choices are VC or LLC . Virtual Circuit ID VPI (V irtual Path Identifier) and VCI (Virtual Channel Identi fier) define a virtual circuit.
P-2608HWL-Dx Series User’s Guide 102 Chapter 7 WAN Setup 7.7 T raffic Redirect T raffic redirect forwards traf fic to a backup gateway when the ZyXEL Device cannot connect to the Internet.
P-2608HWL-Dx Series User ’s Guide Chapter 7 WAN Setup 103 Figure 51 T raffic Redirect LAN Setup 7.8 W AN Backup Setup T o configure your ZyXEL Device’ s W AN backup, click Network > W AN > W AN Backup Setup .
P-2608HWL-Dx Series User’s Guide 104 Chapter 7 WAN Setup The following table describes the labels in this screen. Table 28 W AN Backup Setup LABEL DESCRIPTION Backup T ype Select the method tha t the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if th e connection to the DSLAM is up.
P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 105 C HAPTER 8 LAN Setup This chapter describes how to configure LAN settings. 8.1 LAN Overview A Local Area Network (LAN) is a shared comm unication system to which many computers are attached.
P-2608HWL-Dx Series User’s Guide 106 Chapter 8 LAN Setup 8.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol , RFC 2131 and RFC 2132) allows indiv idual clients to obtain TCP/IP configuration at start-up from a server . Y ou ca n configure the ZyXEL Device as a DHCP server or disable it.
P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 107 8.1.4 DNS Server Address Assignment Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because wit hout it, you must know the IP address of a computer before you can access it.
P-2608HWL-Dx Series User’s Guide 108 Chapter 8 LAN Setup 8.2.1.1 Private IP Addresses Every machine on the Internet must ha ve a unique address. If your netw orks are isolated from the Internet, for example, only between your two branch of fice s, you can assign any IP addresses to the hosts without problems.
P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 109 8.2.3 Multicast T raditionally , IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of host s on the network - not everybody and not just 1.
P-2608HWL-Dx Series User’s Guide 110 Chapter 8 LAN Setup Figure 53 Any IP Example The Any IP fe ature does n ot apply to a computer using either a dynami c IP address or a static IP address tha t is in the sa me subnet as the ZyXEL De vice’ s IP address.
P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 111 8.3 Configuring LAN IP Click Network > LAN to open the IP screen. See Section 8.1 on page 10 5 fo r background information. Figure 54 LAN IP The following table describes th e fields in this screen.
P-2608HWL-Dx Series User’s Guide 112 Chapter 8 LAN Setup Figure 55 Advanced LAN Setup The following table describes the labels in this screen. Table 30 Advanced LA N Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Se lect the RIP direction from None , Both , In Only and Out Only .
P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 113 8.4 DHCP Setup Click Network > D HCP Setup to open this screen. Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devi ces on the LAN. Figure 56 DHCP Setup The following table describes the labels in this screen.
P-2608HWL-Dx Series User’s Guide 114 Chapter 8 LAN Setup 8.5 LAN Client List This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Med ia Access Control) addre ss.
P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 115 The following table describes the labels in this screen. 8.6 LAN IP Alias IP alias allows you to partition a physical network into dif fer ent logical networks over the same Ethernet interface.
P-2608HWL-Dx Series User’s Guide 116 Chapter 8 LAN Setup Figure 58 Physical Network & Partitioned Logical Networks Click Network > LAN > IP Alias to open the following screen. Use this screen to change your ZyXEL Device’ s IP alias settings.
P-2608HWL-Dx Series User ’s Guide Chapter 8 LAN Setup 117 RIP Direction RIP (Routing Information Protocol , RFC 1058 and RFC 1389) allows a router to exchange routing informatio n with other routers. The RIP Direction field controls the sending and receiving of RIP packe ts.
P-2608HWL-Dx Series User’s Guide 118 Chapter 8 LAN Setup.
P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 119 C HAPTER 9 W ireless LAN This chapter discusses how to configure the wire less network settings in your ZyXEL Device. 9.1 Wireless Network Overview The following figure provides an exampl e of a wireless network.
P-2608HWL-Dx Series User’s Guide 120 Chapter 9 Wireless LAN Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 9.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.
P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 121 For wireless networks, you can store the user names and passwords for each user in a RADIUS server . This is a se rver used in businesses more than in homes. If you do not have a RADIUS server , you cannot set up user names and passwords for your us ers.
P-2608HWL-Dx Series User’s Guide 122 Chapter 9 Wireless LAN Many types of encryption use a key to protect the information in the wireless network . The longer the key , the stronger the encryption. Ev ery device in the wireless network must have the same key .
P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 123 9.5 General Wireless LAN Screen Note: If you are configuring the ZyXEL Devi ce from a computer connected to the wireless LAN and you change the ZyXEL Device ’s SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm.
P-2608HWL-Dx Series User’s Guide 124 Chapter 9 Wireless LAN The following table describes the general wireless LAN labels in this screen. 9.5.1 No Security Select No Security to allow wireless stations to commun icate with the access points without any data encryption.
P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 125 Figure 62 Wireless: No Security The following table describes the labels in this screen. 9.5.2 WEP Encryption Screen In order to configure and enable WEP encryption; click Network > Wir eless LAN to display the General sc reen.
P-2608HWL-Dx Series User’s Guide 126 Chapter 9 Wireless LAN Figure 63 Wireless: S tatic WEP Encryption The following table describes the wireless LAN security labels in this screen. 9.5.3 WP A(2)-PSK In order to configure and enable WP A-PSK authentication; click Network > Wir eless LAN to display the General screen.
P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 127 Figure 64 Wireless: WP A(2)-PSK The following table describes the wireless LAN security labels in this screen. Table 38 Wireless: WPA(2)-PSK LABEL DESCRIPTION Security Mode Choose WP A-PSK or WP A2-PSK from the drop-d own list box.
P-2608HWL-Dx Series User’s Guide 128 Chapter 9 Wireless LAN 9.5.4 WP A(2) Auth entication Screen In order to configure and enable WP A Authentication; click the Wir eles s LAN link under Network to display the Wir e less screen. Select WP A or WP A2 from the Security list.
P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 129 9.5.5 Wireless LAN Advanced Setup T o configure advanced wi reless settings, click the Advanced Setup button in the General screen.
P-2608HWL-Dx Series User’s Guide 130 Chapter 9 Wireless LAN Figure 66 Advanced The following table describes the labels in this screen. 9.6 OTIST Screen Use this screen to set up and start OTIST on the ZyXEL Device in yo ur wireless network.T o open this screen, click Network > Wir eless LAN > OTIST .
P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 131 Figure 67 Network > Wireless LAN > OTIST The following table describes the labels in this screen. Before you click St a r t , you should enable OTIST on all the OTIST -enabled devices in the wireless network.
P-2608HWL-Dx Series User’s Guide 132 Chapter 9 Wireless LAN Figure 68 Example: Wireless Client OTIST Screen T o start OTIST in the device, click St a r t in this screen. Note: Y ou must c lick Star t in the ZyXEL Device and in the wireless device(s) within three minutes of each other .
P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 133 The following screen appears on the wireless client. Figure 71 OTIST : In Progress on the Wireless Device These screens close when the tra nsfer is complete. 9.6.1 Notes on OTIST 1 If you enable OTIST in a wireless device, you see this screen each time you start the utility .
P-2608HWL-Dx Series User’s Guide 134 Chapter 9 Wireless LAN 9.7 MAC Filter T o change your ZyXEL Device ’ s MAC filter settings, click Network > Wir e less LAN > MAC Filter . The screen appea rs as shown. Figure 73 MAC Addres s Filter The following table describes the labels in this menu.
P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 135 9.8 QoS Screen The QoS screen by default allows you to au tomatically give a service a priority level. Click Network > Wi reless LAN > QoS . The following screen displays. Wireless LAN: QoS The following table describes the fields in this screen.
P-2608HWL-Dx Series User’s Guide 136 Chapter 9 Wireless LAN 9.8.1 Application Pr iority Configuration T o edit a WMM QoS application entry , click the edit icon under Modif y . The following screen displays. Figure 74 Application Priority Configuration See Appendix A on pa ge 387 for a list of commonly-used serv ices and destination ports.
P-2608HWL-Dx Series User ’s Guide Chapter 9 Wireless LAN 137 Service The following is a d escription of the application s you can prioritize with WMM QoS. Select a service from the drop-down list box. • FTP File Transfer Program enables fast transf er of files, including large files that may not be possible by e-mail.
P-2608HWL-Dx Series User’s Guide 138 Chapter 9 Wireless LAN.
P-2608HWL-Dx Series User ’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 139 C HAPTER 10 Network Address T ranslation (NA T) Screens This chapter discusses how to configure NA T on the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide 140 Chapter 10 Network Address Translation (NAT) Scree ns 10.1.2 What NA T Does In the simplest form, NA T changes the sour ce IP addres s in a packet received from a subscriber (the inside local address) to anothe r (the inside global address) before forwarding the packet to the W AN side.
P-2608HWL-Dx Series User ’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 141 10.1.4 NA T Application The following figure illustrates a possible NA T application, wher e three inside LANs (logical LANs using IP Alias) behind the ZyXEL Devi ce can communicate with three distinct W AN networks.
P-2608HWL-Dx Series User’s Guide 142 Chapter 10 Network Address Translation (NAT) Scree ns Port numbers do NOT change for One-to-One and Many-to-Many No Overload NA T mapping types.
P-2608HWL-Dx Series User ’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 143 Figure 77 NA T Gener al The following table describes the labels in this screen.
P-2608HWL-Dx Series User’s Guide 144 Chapter 10 Network Address Translation (NAT) Scree ns Y ou may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server . The port number identifies a servic e; for example, web service is on port 80 and FTP on port 21.
P-2608HWL-Dx Series User ’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 145 10.5 Configuring Port Forwarding Note: If you do not assign a Default Serve r IP address, the ZyXEL Device discards all packet s received for ports that are not specified here or in the remote management setup.
P-2608HWL-Dx Series User’s Guide 146 Chapter 10 Network Address Translation (NAT) Scree ns 10.5.1 Port Forwarding Rule Edit T o edit a port forwarding rule, c lick the rule’ s edit icon in the Port Forwarding screen to display the screen shown next.
P-2608HWL-Dx Series User ’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 147 10.6 Address Mapping Note: The Address Mapping screen is available only when you select Ful l Feature in the NA T > General screen. Ordering your rules is important because the Zy XEL Device applies the rules in the order that you specify .
P-2608HWL-Dx Series User’s Guide 148 Chapter 10 Network Address Translation (NAT) Scree ns 10.6.1 Address Mapping Rule Edit T o edit an address mapping rule, click the rule’ s edit icon in the Address Mapping screen to display the screen shown next.
P-2608HWL-Dx Series User ’s Guide Chapter 10 Network Address Translation (NAT) Scr eens 149 The following table describes th e fields in this screen.
P-2608HWL-Dx Series User’s Guide 150 Chapter 10 Network Address Translation (NAT) Scree ns Figure 83 Network > NA T > ALG Each field is described in the following table. Table 52 Network > NAT > ALG LABEL DESCRIPTION Enable SIP ALG Select this to make sure SIP (V oIP) works correctly with po rt-forwardi ng and address-mapping rules.
P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 151 C HAPTER 11 SIP Use these screens to set up your SIP a ccounts and to configure QoS settings. 1 1 .1 SIP Overview 1 1.1.1 Introduction to V oIP V oIP (V oice over IP) is the sending of voice s i gnals over the Internet Protocol.
P-2608HWL-Dx Series User’s Guide 152 Chapter 11 SIP 1 1.1.3.2 SIP Service Domain The SIP service domain of the V oIP service provider (the company that lets you make phone calls over the Internet) is the domain name in a SIP URI. For example, if the SIP a ddress is 1 122334455@V oIP-provider .
P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 153 1 1.1.5.1 S IP User Agent A SIP user agent can make and receive V oIP tele phone ca lls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol.
P-2608HWL-Dx Series User’s Guide 154 Chapter 11 SIP 1 1.1.5.3 SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to th e device that sent the request.
P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 155 1 1.1.7 NA T and SIP The ZyXEL Device must register its public IP ad dress with a SIP register server . If there is a NA T router between the ZyXEL De vice and th e SIP register server , the ZyXEL Device probably has a private IP address.
P-2608HWL-Dx Series User’s Guide 156 Chapter 11 SIP Figure 87 STUN 1 1.1.7.4 Outbound Proxy Y our V oIP service provider may host a SIP outbo und proxy server to handle all of the ZyXEL Device’ s V oIP traffic. This allows the ZyXEL Device to work with any type of NA T router and eliminates the need for STUN or a SIP ALG .
P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 157 1 1.1.10 MWI (Message W aiting Indication) Enable Message W aiting Indication (MWI) en ables your phone to give you a message– waiting (beeping) dial tone when you have a voice message(s).
P-2608HWL-Dx Series User’s Guide 158 Chapter 11 SIP 1 Pick up the phone and press “****” on yo ur phone’ s keypad and wait for the message that says you are in the configuration menu. 2 Press a number from 1301~1308 followed by th e “#” key to delete the tone of your choice.
P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 159 The DSCP value determines the forwardi ng behavior , the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, dif f e rent kinds of traffic can be marked for different priorities of fo rwarding.
P-2608HWL-Dx Series User’s Guide 160 Chapter 11 SIP Figure 89 V o IP > SIP > SIP Settings Each field is described in the following table. Table 55 VoIP > SIP > SIP Settings LABEL DESCRIPTION SIP Account Select the SIP account you want to see in this screen.
P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 161 1 1.2.2 Advanced SIP Setup Screen Use this screen to maintain a dvanced settings for each SIP acc ount. T o access this screen, click Advanced Setup in V oIP > SIP > SIP Settings . Send Caller ID Select th is if you want to send identification when you make VoIP phone calls.
P-2608HWL-Dx Series User’s Guide 162 Chapter 11 SIP Figure 90 V o IP > SIP > SIP Settings > Advanced Each field is described in the following table. Table 56 VoIP > SIP Settings > Advanc ed LABEL DESCRIPTION SIP Account This field displays the SIP account you see in this screen.
P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 163 URL T ype Select whether or not to include th e SIP service domain name when the ZyXEL Device sends the SIP number .
P-2608HWL-Dx Series User’s Guide 164 Chapter 11 SIP Enable Select this if your V oIP servi ce prov ider has a SIP outbound serve r to handle voice calls. This allow s the ZyXEL Device to work with any type of NA T router and eliminates the need fo r STUN or a SIP ALG .
P-2608HWL-Dx Series User ’s Guide Chapter 11 SIP 165 1 1.2.3 SIP QoS Screen Use this screen to maintain T oS and VLAN se ttings for the ZyXEL De vice. T o access this screen, click V oIP > SIP > QoS . Figure 91 V o IP > SIP > QoS Each field is described in the following table.
P-2608HWL-Dx Series User’s Guide 166 Chapter 11 SIP.
P-2608HWL-Dx Series User ’s Guide Chapter 12 Phone 167 C HAPTER 12 Phone Use these screens to configure the phones you use to make phone calls. 12.1 Phone Overview Y ou can configure the volume, ec ho cancellation and V AD settings for each individual phone port on the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide 168 Chapter 1 2 Phone Note: T o take full advant age of the supplementar y phone services available though the ZyXEL Device's phone port s, you may need to subscribe to the services from your V oIP service provider .
P-2608HWL-Dx Series User ’s Guide Chapter 12 Phone 169 Press the flash key and then “0” to disconnect th e call presently on hold and keep the current call on line. Press the flash key and then “1” to disconnect th e current call and resume the call on hold.
P-2608HWL-Dx Series User’s Guide 170 Chapter 1 2 Phone 12.1.3.3 USA T ype S upplement ary Services This section describes how to use su pplementary phone services with the USA T ype Call Service Mode . Commands for supplementary serv ices are listed in the table below .
P-2608HWL-Dx Series User ’s Guide Chapter 12 Phone 171 1 When you are o n the phone talk ing to someone, place the fl ash key to put the caller on hold and get a di al tone.
P-2608HWL-Dx Series User’s Guide 172 Chapter 1 2 Phone Figure 92 V oIP > Phone > Analog Phone Each field is described in the following table. 12.2.2 Advanced Anal og Phone Setup Screen Use this screen to edit advanced settings for eac h phone port.
P-2608HWL-Dx Series User ’s Guide Chapter 12 Phone 173 Figure 93 V oIP > Phone > Analog Phone > Advance d Each field is described in the following table. Table 61 VoIP > Phone > Ana log Phone > Advanced LABEL DESCRIPTION Analog Phone This field displays the phone port you see in th is screen.
P-2608HWL-Dx Series User’s Guide 174 Chapter 1 2 Phone 12.2.3 Common Phone Settings Screen Use this screen to activate and deactivate im mediate dialing. T o access this screen, click Vo I P > Phone > Common . Figure 94 V oIP > Phone > Common Each field is described in the following table.
P-2608HWL-Dx Series User ’s Guide Chapter 12 Phone 175 Figure 95 V oIP > Phone > Region Each field is described in the following table. Table 63 VoIP > Phone > Reg ion LABEL DESCRIPTION Region Settings Select the place in which the ZyXEL Devi ce is located.
P-2608HWL-Dx Series User’s Guide 176 Chapter 1 2 Phone.
P-2608HWL-Dx Series User ’s Guide Chapter 13 Phone Book 177 C HAPTER 13 Phone Book Use these screens to maintain call-forw arding rules and speed-dial settings . 13.1 Phone Book Overview Speed dial provides shortcuts for dialing frequently used (V oIP) phone numbers.
P-2608HWL-Dx Series User’s Guide 178 Chapter 13 Phone Bo ok Figure 96 Phone Book > S peed Dial Each field is described in the following table. Table 64 Phone Book > Speed Dial LABEL DESCRIPTION S peed D ial Use this section to create or edit speed-dial entries.
P-2608HWL-Dx Series User ’s Guide Chapter 13 Phone Book 179 13.3 Incoming Call Policy Screen Use this screen to maintain rules for handlin g inco ming calls. Y ou can block, redirect, or accept them. T o acce ss this screen, click V oIP > Phone Book > Incoming Call Policy .
P-2608HWL-Dx Series User’s Guide 180 Chapter 13 Phone Bo ok Figure 97 Phone Book > Incoming Call Policy Y ou can create two sets of c all-forwarding rules. Each one is stored in a call-forwarding table. Each field is described in the following table.
P-2608HWL-Dx Series User ’s Guide Chapter 13 Phone Book 181 13.4 Group Ring Screen This screen lets you specify ring types for ca lls from particular numbers. The ring types vary by ring duration and stop ring duration. Any standard phon e is compatible with this feat ure.
P-2608HWL-Dx Series User’s Guide 182 Chapter 13 Phone Bo ok Figure 98 Phone Book > Group Ring Each field is described in the following table. Table 66 Phone Book > Group Ring LABEL DESCRIPTION Active Select this if you want to activate the group ring feature.
P-2608HWL-Dx Series User ’s Guide Chapter 13 Phone Book 183 Name T ype a name for the associated telephone nu mber . TEL T ype the tele phone number you wa nt to add to a group. Group Select a group for the telephone nu mber you entered. Y ou can select Family , Workmate , Friend or VIP .
P-2608HWL-Dx Series User’s Guide 184 Chapter 13 Phone Bo ok.
P-2608HWL-Dx Series User ’s Guide Chapter 14 PSTN Line 185 C HAPTER 14 PSTN Line This chapter applies to P-2608H WL-Dx models only . Use this sc reen to set up the PSTN line used to make regular phone calls. Th e se phone calls do not use the Internet.
P-2608HWL-Dx Series User’s Guide 186 Chapter 14 PSTN Line Figure 99 V o IP > PSTN Line > General Each field is described in the following table.
P-2608HWL-Dx Series User ’s Guide Chapter 15 Firewalls 187 C HAPTER 15 Firewalls This chapter gives some back ground information on firewa lls and introduces the ZyXEL Device firewall. 15.1 Firewall Overview The networking term “firewall ” is a system or group of systems that enforces an access- control policy between two networks.
P-2608HWL-Dx Series User’s Guide 188 Chapter 15 Firewalls 15.2.2 Application-level Firewalls Application-level firewalls restrict access by serv ing as proxies for e xternal servers.
P-2608HWL-Dx Series User ’s Guide Chapter 15 Firewalls 189 • The LAN (Local Area Network) port attache s to a network of computers, which needs security from the outside world. These computer s will have access to Internet services such as e-mail, FTP , and the W orld W ide W e b.
P-2608HWL-Dx Series User’s Guide 190 Chapter 15 Firewalls 15.4.2 T ypes of DoS Att acks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
P-2608HWL-Dx Series User ’s Guide Chapter 15 Firewalls 191 Under normal circumstances, the applica tion that initiates a session sends a SYN (synchronize) packet to the receiving server . The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the in itiator responds with an ACK (acknowledgment).
P-2608HWL-Dx Series User’s Guide 192 Chapter 15 Firewalls Figure 103 Smurf Attack 15.4.2.1 ICMP V ulnerability ICMP is an error -reporting protocol that work s in concert with IP . The following ICMP types trigger an alert: 15.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.
P-2608HWL-Dx Series User ’s Guide Chapter 15 Firewalls 193 15.4.2.3 T raceroute T raceroute is a utility used to determine th e path a packet takes between two endpoints. Sometimes when a packet filter firewall is conf igured incorrectly an at ta cker can traceroute the firewall gaining knowledge of the network topology inside the firewall.
P-2608HWL-Dx Series User’s Guide 194 Chapter 15 Firewalls The previous figure shows the ZyXEL Device’ s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a T elnet session from within the LAN and responses to this request are allowe d.
P-2608HWL-Dx Series User ’s Guide Chapter 15 Firewalls 195 • Allow certain types of traffic from the In ternet to specific hosts on the LAN. • Allow access to a W eb server to everyone but competitors. • Restrict use of certain protocols, such as T elnet, to authoriz ed users on the LAN.
P-2608HWL-Dx Series User’s Guide 196 Chapter 15 Firewalls A similar situation exists for ICMP , except that the ZyXEL Device is even more restrictive.
P-2608HWL-Dx Series User ’s Guide Chapter 15 Firewalls 197 • Encourage your co mpany or organization to develop a comp rehensive security plan. Good network administration takes into ac count what hackers can do and prepares against attacks. The best defense against hack ers and crackers is information.
P-2608HWL-Dx Series User’s Guide 198 Chapter 15 Firewalls 15.7.1.1 When T o Use Filtering • T o block/allow LAN packet s by their MAC addresses. • T o block/allow special IP packets which are neither TCP nor UDP , nor ICMP packets.
P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 199 C HAPTER 16 Firewall Configuration This chapter shows you how to enable and configure t he ZyXEL Device firewall. 16.1 Access Methods The web configurator is, by far , the most co mprehensive firewall configuration tool your ZyXEL Device has to offer .
P-2608HWL-Dx Series User’s Guide 200 Chapter 16 Firewall Configuration Note: If you configure firewall rules wit hout a good understanding of how they work, you might inadvertently introduce securi ty risks to the f irewall and to the protected network.
P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 201 4 Does a rule that allows Internet users acces s to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are al lowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers.
P-2608HWL-Dx Series User’s Guide 202 Chapter 16 Firewall Configuration 16.4.1 LAN to W AN Rules The default rule for LAN to W AN traf fic is that all users on the LAN are allowed non- restricted access to the W AN.
P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 203 The following table describes the labels in this screen. 16.6 Firewall Rules Summary Note: The ordering of your rule s is very important as rules are app lied in turn. Refer to Section 15.
P-2608HWL-Dx Series User’s Guide 204 Chapter 16 Firewall Configuration Figure 106 Firewall Rules The following table describes the labels in this screen.
P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 205 16.6.1 Configuring Firewall Rules Refer to Section 15.1 on page 187 for more information. In the Rules screen, select an index number and click Add or click a rule’ s Edit icon to display this screen and refe r to the following table for information on the l a bels.
P-2608HWL-Dx Series User’s Guide 206 Chapter 16 Firewall Configuration Figure 107 Firewall: Edit Rule.
P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 207 The following table describes the labels in this screen. Table 74 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to ena ble this firewall rule.
P-2608HWL-Dx Series User’s Guide 208 Chapter 16 Firewall Configuration 16.6.2 Customized Services Configure customized services and port number s not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.
P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 209 16.6.3 Configuring A Customized Service Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one. This actio n displays the following screen.
P-2608HWL-Dx Series User’s Guide 210 Chapter 16 Firewall Configuration 2 Select W AN to LAN in the Packet Dir ection field. Figure 1 10 Firewall Example: R ules 3 In the Rules screen, select the index number after that you want to add the rule.
P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 211 Figure 1 12 Firewall Example: E dit Rule: Destination Address 9 Use the Add >> and Remove buttons between A vailable Services and Selected Services list boxes to configure it as follows.
P-2608HWL-Dx Series User’s Guide 212 Chapter 16 Firewall Configuration Figure 1 13 Firewall Example: E dit Rule : Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following.
P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 213 Figure 1 14 Firewall Example: R ules: MyService 16.8 DoS Thresholds For DoS attacks, the ZyXEL Device uses threshol ds to determine when to drop sessions that do not become fully established.
P-2608HWL-Dx Series User’s Guide 214 Chapter 16 Firewall Configuration Y ou should make any ch anges to the threshold values before you continue con figuring firewall rules.
P-2608HWL-Dx Series User ’s Guide Chapter 16 Firewall Configurat ion 215 16.8.3 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold an d timeout apply to all TCP connections.
P-2608HWL-Dx Series User’s Guide 216 Chapter 16 Firewall Configuration Maximum Incomplete Low This is the number of existing half-open sessions that cau ses the firewall to stop deleting half-open sessions.
P-2608HWL-Dx Series User ’s Guide Chapter 17 Content Filtering 217 C HAPTER 17 Content Filtering This chapter covers how to configure content filtering. 17.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs.
P-2608HWL-Dx Series User’s Guide 218 Chapter 17 Content Filtering The following table describes the labels in this screen. 17.3 Configuring the Schedule T o set the days and times for the ZyXEL De vice to perform content filtering, click Security > Content Filter > Schedule .
P-2608HWL-Dx Series User ’s Guide Chapter 17 Content Filtering 219 The following table describes the labels in this screen. 17.4 Configuring T rusted Computers T o exclude a range of users on the LAN from content fi ltering on your Zy XEL Device, click Security > Content Filter > Tr u s t e d .
P-2608HWL-Dx Series User’s Guide 220 Chapter 17 Content Filtering.
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 221 C HAPTER 18 IPSec VPN This chapter explains how tos set up and maintain IPSec VPNs in the Z yXEL Device. 18.1 IPSec VPN Overview A virtual private network (VPN) provides secu re communications between sites without the expense of leased site-to-site lines.
P-2608HWL-Dx Series User’s Guide 222 Chapter 18 IPSec VPN Figure 120 VPN: IKE SA and IPSec SA In this example, a computer in network A is exchanging data with a computer in network B . Inside networks A and B , the data is transmitte d the same way data is normally transmitted in the networks.
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 223 18.1.1.2 IKE SA Proposal The IKE SA proposal is used to identify the encryption algorithm, au thentication algorithm, and Diffie-Hellman (DH) key group that the ZyXEL Device and remote IPSec router use in the IKE SA.
P-2608HWL-Dx Series User’s Guide 224 Chapter 18 IPSec VPN 18.1.1.4 Authentication Before the ZyXEL Device and remote IPSec router establish an IKE SA , they have to verify each other ’ s identity . This process is based on pre-shared keys and router identities.
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 225 In the following example, the authentication fails, so they cannot establish an IKE SA. It is also possible to config ure the ZyXEL Device to ignore the identity of the remote IPSec router .
P-2608HWL-Dx Series User’s Guide 226 Chapter 18 IPSec VPN 18.1.2 Additional T opics for IKE SA This section provides more information about IKE SA. 18.1.2.1 Negotiation Mode There are two negotiation modes: main mode and aggressive mode. Main mode provides better security , while aggressive mode is faster .
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 227 Figure 124 VPN/NA T Example If router A does NA T , it might change IP addresses (source or destination), port numbers (source or destination), or any comb ination of these.
P-2608HWL-Dx Series User’s Guide 228 Chapter 18 IPSec VPN 18.1.3.1 Local Networ k and Remo te Network In IPSec SA terminology , the local network, th e one(s) connected to the ZyXEL Device, may be called the local policy . Similarly , the remote network, the one(s) connected to the remote IPSec router , may be called the remote policy .
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 229 In transport mode, the IP header is the origin al IP header , and the encapsulation depends on the active prot ocol. If the active protocol is AH, the ZyXEL Device includes part of the IP header when it encapsulates the packet.
P-2608HWL-Dx Series User’s Guide 230 Chapter 18 IPSec VPN 18.1.4.1.1 IPSec SA Proposal using Manual Keys In IPSec SAs using manual keys, you can only specify one encryption algorithm and one authentication algorithm. Y ou can not specify several proposals.
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 231 Figure 126 VPN Setup The following table describes the fields in this screen. Table 83 VPN Se tup LABEL DESCRIPTION No. This is the VPN policy index number . Click a numbe r to edit VPN policies.
P-2608HWL-Dx Series User’s Guide 232 Chapter 18 IPSec VPN 18.3 Editing VPN Policies Click an Edit icon in the VPN Setup Screen to edit VPN policies. Remote Address This is the IP address(es) of computer(s) on the remote network behind the remote IPSec router .
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 233 Figure 127 Edit VPN Policies The following table describes the fields in this screen. Table 84 Edit VPN Policies LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy .
P-2608HWL-Dx Series User’s Guide 234 Chapter 18 IPSec VPN NA T Traversal This function is available if the VPN protocol is ESP . Select this check box if you want to set up a VPN tunnel when there are NA T routers between the ZyXEL Devi ce and remo te IPSec router .
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 235 Remote Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when th e Secure Gateway IP Address field is configured to 0.
P-2608HWL-Dx Series User’s Guide 236 Chapter 18 IPSec VPN Peer ID T ype Select IP to id entify the remote IPSec router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address.
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 237 18.4 Configuring Advanced IKE Settings Click Advanced in the Edit VPN Policies screen to open this screen.
P-2608HWL-Dx Series User’s Guide 238 Chapter 18 IPSec VPN Figure 128 Advanced VPN Policies The following table describes the fields in this screen. Table 85 Advanced VPN Policies LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP , 6 for TCP , 17 for UDP , etc.
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 239 Negotiati on Mode Select Main or Aggressive from th e drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode . Pre-Shared Key T ype your pre-shared key in this field.
P-2608HWL-Dx Series User’s Guide 240 Chapter 18 IPSec VPN 18.5 Configuring Manual Key Y ou only configure VP N Manual Key when you sele ct Manual in the IP Sec Key Mode field on the VPN IKE screen. This is the VPN Manual Key screen as shown next. Authentication Algorithm Select SHA1 or MD5 from the drop-down list box.
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 241 Figure 129 VPN: Manual Key The following table describes the fields in this screen. Table 86 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy .
P-2608HWL-Dx Series User’s Guide 242 Chapter 18 IPSec VPN DNS Server (for IPSec VPN) If there is a private DNS server that se rvices the VPN, type its IP address here. The ZyXEL Device a ssigns this additio nal DNS server to the ZyXEL Device 's DHCP clients that have IP addresses in this IPSec rule's range of lo cal addresses.
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 243 18.6 V iewing SA Monitor Click Security , VPN and Monitor to open the SA Monito r screen as shown. Use this screen to display and ma nage active VPN conn ections. A Security Association (SA) is the group of se cu rity settings related to a specific VPN tunnel.
P-2608HWL-Dx Series User’s Guide 244 Chapter 18 IPSec VPN When there is outbound traffic but no inbound tr affic, the SA times out automatically after two minutes. A tunnel with no outb ound or inbound traf fic is "idle" and does not timeout until the SA lifetime period expires.
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 245 18.7 Configuring Global Setting T o change your ZyXEL Devi ce’ s global settings, click VPN and then Global Setti ng . The screen appears as shown. Figure 131 VPN: Global Setting The following table describes the fields in this screen.
P-2608HWL-Dx Series User’s Guide 246 Chapter 18 IPSec VPN Figure 132 T elecommuters Sharing One VPN Rule Example 18.8.2 T elecommuters Using Unique VPN Rules Example In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain names that are mapped to their dynamic W AN IP addresse s (use Dynamic DNS to do this).
P-2608HWL-Dx Series User ’s Guide Chapter 18 IP Sec VPN 247 Figure 133 T e lecommuters Using Uniq ue VPN Rules Example Table 90 T elecommuters Using Unique VPN Rules Example T ELECOMMUTERS HEADQUARTERS All T elecommu ter Rules: All Headquarters Rules: My IP Address 0.
P-2608HWL-Dx Series User’s Guide 248 Chapter 18 IPSec VPN 18.9 VPN and Remote Management If a VPN tunnel uses T elnet, FTP , WWW , then you should config ure remote management ( Advanced > Remote Management ) to allow access for that service.
P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 249 C HAPTER 19 Certificates This chapter gives background in formation about public-key certificates and explains how to use them. 19.1 Certificates Overview The ZyXEL Device can use certificates (also ca lled digital IDs) to authenticate users.
P-2608HWL-Dx Series User’s Guide 250 Chapter 19 Certificates A certification path is the hierarchy of certif ication authority certificates that validate a certificate. The ZyXEL Device does not trust a ce rtificate if any certificate on its path has expired or been revoked.
P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 251 Use the My Certificates sc reens to generate and export self-signed certificates or certification requests and import the ZyXEL Device’ s CA-signed certificates. Use the T rusted CAs screens to save CA certificates to the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide 252 Chapter 19 Certificates # This field displays the certificate index number . The certi ficates are listed in alphabetical order. Name This fie ld displays the name used to iden tify thi s certificate. It is recommended that you give each certificate a unique name.
P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 253 19.5 My Certificate Import Click Security > Certificates > My Certificates and then Impor t to open the My Certificate Import screen. Follow the instructions in this sc reen to save an exis ting certificate to the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide 254 Chapter 19 Certificates The following table describes the labels in this screen. 19.6 My Certificate Create Click Security > Certificates > My Certificates > Crea te to open the My Certificate Create screen.
P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 255 The following table describes the labels in this screen. T able 93 My Certificate Create LABEL DESCRIPTION Certificate Name T ype up to 31 ASCII characters (not includ ing spaces ) to identify this certifi cate.
P-2608HWL-Dx Series User’s Guide 256 Chapter 19 Certificates After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyXEL Device is generating the self-signe d certificate or certification request.
P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 257 Figure 138 My Certificate Details.
P-2608HWL-Dx Series User’s Guide 258 Chapter 19 Certificates The following table describes the labels in this screen. Table 94 My Certificate Det ails LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this certifica te.
P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 259 19.8 T rusted CAs Click Security > Certificates > T rusted CAs to open the T rusted CAs screen. This screen displays a summary list of certificates of the certification authorities that you ha ve set the ZyXEL Device to accept as trusted.
P-2608HWL-Dx Series User’s Guide 260 Chapter 19 Certificates Figure 139 T rusted CAs The following table describes the labels in this screen. Table 95 Tr u s t e d C A s LABEL DESCRIPTION PKI S torage S pace in Use This bar displays the percentage of the Zy XEL Device’s PKI storage space that is currently in use.
P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 261 19.9 T rusted CA Import Click Security > Certificates > T rusted CAs to open the T rusted CAs screen and then click Import to open the T rusted CA Import screen. Follow the instructions in this screen to save a trusted certification authority’ s certificate to the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide 262 Chapter 19 Certificates 19.10 T rusted CA Det ails Click Security > Certificates > T rusted CAs to open the T r usted CAs screen.
P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 263 The following table describes the labels in this screen. Table 97 T rusted CA Details LABEL DESCRIPTION Name This field disp lays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key cert ificat e.
P-2608HWL-Dx Series User’s Guide 264 Chapter 19 Certificates 19.1 1 T rusted Remote Host s Click Security > Certificates > T rusted Remote Hosts to open the T rusted Remote Hosts screen.
P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 265 Figure 142 T rusted Remote Hosts The following table describes the labels in this screen. Table 98 T rusted Remote Hosts LABEL DESCRIPTION PKI S torage S pace in Use This bar displays th e percentage of the Zy XEL Device’s PKI storage space that is currently in use.
P-2608HWL-Dx Series User’s Guide 266 Chapter 19 Certificates 19.12 V erifying a T rusted Remote Host’ s Certificate Certificates issued by certific ation authorities have the certificat ion authority’ s signature for you to check. Self-sig ned certificates only ha ve th e signature of the host itself.
P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 267 V erify (over the phone for example) that the remote host has the sa me information in the Thumbprint Algorithm and Thumbprint fields.
P-2608HWL-Dx Series User’s Guide 268 Chapter 19 Certificates Figure 146 T rusted Remote Host Details.
P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 269 The following table describes the labels in this screen. Table 100 T rusted Remote Host Details LABEL DESCRIPTION Name Th is field displays the identi fying name of this certificate. If you want to change the name, type up to 31 characters to id entify this key certificate.
P-2608HWL-Dx Series User’s Guide 270 Chapter 19 Certificates 19.15 Directory Servers Click Security > Certificates > Dir ec tory Servers to open the Directory Servers screen. This screen display s a summary list of dire ctory servers (that conta in lists of valid a nd revoked certificates) that have been save d into the ZyXEL Device.
P-2608HWL-Dx Series User ’s Guide Chapter 19 Certificates 271 Figure 147 Directory Servers The following table describes the labels in this screen. 19.16 Directory Server Add or Edit Click Security > Certificates > Dir ec tory Servers to open the Directory Servers screen.
P-2608HWL-Dx Series User’s Guide 272 Chapter 19 Certificates Figure 148 Directory Server Add The following table describes the labels in this screen. T able 102 Directory Server Add LABEL DESCRIPTION Directory Service Setting Name T ype up to 31 ASCII characters (spaces ar e not permitted) to identify this directory server .
P-2608HWL-Dx Series User ’s Guide Chapter 20 Static Rout e 273 C HAPTER 20 S t atic Route This chapter shows you how to configure static routes for your ZyXEL Device. 20.1 S t atic Route Each remote node specifies only the network to which the gateway is di rectly connected, and the ZyXEL Device has no know ledge of the network s beyond.
P-2608HWL-Dx Series User’s Guide 274 Chapter 20 Static Route Figure 150 S tatic Route The following table describes the labels in this screen. 20.2.1 S t atic Route Edit Select a static route index numb er and click Edit . The screen shown next appears.
P-2608HWL-Dx Series User ’s Guide Chapter 20 Static Rout e 275 Figure 151 S tatic Route Edit The following table describes the labels in this screen. T able 104 S tatic Route Edit LABEL DESCRIPTION Active This field allows you to activa te/deactivate this st atic route.
P-2608HWL-Dx Series User’s Guide 276 Chapter 20 Static Route.
P-2608HWL-Dx Series User ’s Guide Chapter 21 Bandwidth Managemen t 277 C HAPTER 21 Bandwid th Management This chapter contains information about configuri ng bandwidth management, editing rules and viewing the ZyXEL Device’ s bandwidth man agement logs.
P-2608HWL-Dx Series User’s Guide 278 Chapter 21 Bandwidth Management The following figure shows LAN subnets. Y ou could configure one bandwidth class for subnet A and another for subnet B .
P-2608HWL-Dx Series User ’s Guide Chapter 21 Bandwidth Managemen t 279 21.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one ba ndwidth class from using all of the interface’ s bandwidth.
P-2608HWL-Dx Series User’s Guide 280 Chapter 21 Bandwidth Management 21.6.2 Maximize Ba ndwid th Usag e Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each ba nd width class’ s bandwidth budget.
P-2608HWL-Dx Series User ’s Guide Chapter 21 Bandwidth Managemen t 281 • Research requires more bandwidth but only gets its budgeted 2048 kbps because all of the unbudgeted and unu sed bandwidth goes to the higher priority sales and marketing classes.
P-2608HWL-Dx Series User’s Guide 282 Chapter 21 Bandwidth Management 21.7 Over Allotment of Bandwid th Y ou can set the bandwidth management speed fo r an interface higher than the interface’ s actual transmission speed.
P-2608HWL-Dx Series User ’s Guide Chapter 21 Bandwidth Managemen t 283 The following table describes the labels in this screen. 21.9 Bandwid th Management Rule Setup Y ou must use the Bandwidth Management Summary scr een to enab le bandwidth management on an interface before yo u can configure rules for that interface.
P-2608HWL-Dx Series User’s Guide 284 Chapter 21 Bandwidth Management Figure 154 Bandwidth Management: Rule Setup The following table describes the labels in this screen. Table 112 Bandwidth Management: Rule Setup LABEL DESCRIPTION Direction Select LAN to a pply bandwidth management to traffic that the ZyXEL Device forwards to the LAN.
P-2608HWL-Dx Series User ’s Guide Chapter 21 Bandwidth Managemen t 285 21.9.1 Rule Configuration Click the Edit icon or User define in the Service field to configure a bandwidth mana gement rule. Use bandwidth rules to allocate specific amounts of bandwidth capacity (ban dwidth budgets) to specific applications and/or subnets.
P-2608HWL-Dx Series User’s Guide 286 Chapter 21 Bandwidth Management Rule Name Use the auto-ge nerated name or en ter a descriptive name of up to 20 alphanumeric characters, including spaces. BW Budget S pecify the maximum bandwidth allowed for the rule in kbps.
P-2608HWL-Dx Series User ’s Guide Chapter 21 Bandwidth Managemen t 287 21.10 Bandwid th Monitor T o view the ZyXEL Device’ s bandwidth usage and allotments, click Advanced > Bandwidth MGMT > Mon itor . The screen appe ars as shown. Select an interface from the drop-down list box to view the bandwidth usa ge of its bandwidth rules.
P-2608HWL-Dx Series User’s Guide 288 Chapter 21 Bandwidth Management.
P-2608HWL-Dx Series User ’s Guide Chapter 22 Dynamic DNS Setup 289 C HAPTER 22 Dynamic DNS Setup This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS.
P-2608HWL-Dx Series User’s Guide 290 Chapter 2 2 Dynamic DNS Setup Figure 157 Dynamic DNS The following table describes th e fields in this screen. Table 114 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic DNS Select this check box to use dynamic DNS.
P-2608HWL-Dx Series User ’s Guide Chapter 22 Dynamic DNS Setup 291 Dynamic DNS server auto detect IP Address Select this option only when there are one or more NA T routers between the ZyXEL Device and the DDNS server . This feat ure has the DDNS server automatically detect and use the IP address of th e NA T router that has a public IP address.
P-2608HWL-Dx Series User’s Guide 292 Chapter 2 2 Dynamic DNS Setup.
P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 293 C HAPTER 23 Remote Management Configuration This chapter provides information on config uring remote management.
P-2608HWL-Dx Series User’s Guide 294 Chapter 23 Remote Ma nagement Configuration • Y ou have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match th e client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately .
P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 295 2 HTTP connection requ ests from a web browser go to po rt 80 (by default) on the ZyXEL Device’ s WS (web server).
P-2608HWL-Dx Series User’s Guide 296 Chapter 23 Remote Ma nagement Configuration The following table describes the labels in this screen. 23.4 T elnet Y ou can configure your ZyXEL Device for remote T elnet access as shown next. The administrator uses T elnet from a computer on a remote network to access the ZyXEL Device.
P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 297 Figure 160 T e lnet Configuration on a TCP/IP Network 23.5 Configuring T elnet Click Advanced > Remote MGMT > Te l n e t tab to display the screen as shown. Figure 161 Remote Mana gement: T elnet The following table describes the labels in this screen.
P-2608HWL-Dx Series User’s Guide 298 Chapter 23 Remote Ma nagement Configuration 23.6 Configuring FTP Y ou can upload and download the ZyXEL Devi ce’ s firmware and configuration file s using FTP , please see Chapter 27 on page 331 for details. T o use this feat ure, your comp uter must have an FTP client.
P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 299 23.7 SNMP Simple Network Management Protocol (SNM P) i s a protoc ol used for ex changing management information b etween network devices. SNMP is a member of the TCP/IP protocol suite.
P-2608HWL-Dx Series User’s Guide 300 Chapter 23 Remote Ma nagement Configuration • GetNext - Allows the manager to retrieve th e next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Ge t operation, followed by a series of GetNext operations.
P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 301 Figure 164 Remote Mana gement: SNMP The following table describes the labels in this screen.
P-2608HWL-Dx Series User’s Guide 302 Chapter 23 Remote Ma nagement Configuration 23.8 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to Chapter 8 on page 105 for background information.
P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 303 If an outside user attempts to probe an unsupp orted port on your ZyXEL Device , an ICMP response packet is automatically returned. This allows the ou tside user to know the ZyXEL Device exists.
P-2608HWL-Dx Series User’s Guide 304 Chapter 23 Remote Ma nagement Configuration 23.10 TR-069 TR-069 is a protocol that de fines how your ZyXEL Device can be managed via a management server such as ZyXEL ’ s V antage CNM Access.
P-2608HWL-Dx Series User ’s Guide Chapter 23 Remote M anagement Configuration 305 periodicEnable [0:Disable/ 1:Enable] Whether or not the device must periodical ly send information to CNM Access. It is recommen ded to set this value t o 1 in order for the ZyXEL Device to send information to CNM Access.
P-2608HWL-Dx Series User’s Guide 306 Chapter 23 Remote Ma nagement Configuration.
P-2608HWL-Dx Series User ’s Guide Chapter 24 Universa l Plug-and-Play (UPnP) 307 C HAPTER 24 Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configura tor .
P-2608HWL-Dx Series User’s Guide 308 Chapter 24 Univer sal Plug-and-Play (UPnP) 24.1.3 Cautions with UPnP The automated nature of NA T traversal applications in establishing their own services and opening firewall ports ma y present network security issues.
P-2608HWL-Dx Series User ’s Guide Chapter 24 Universa l Plug-and-Play (UPnP) 309 The following table describes the fields in this screen. 24.3 Inst alling UPnP in Windows Example This section shows ho w to install UPnP in W indows Me and W indows XP .
P-2608HWL-Dx Series User’s Guide 310 Chapter 24 Univer sal Plug-and-Play (UPnP) Figure 169 Add/Remove Programs: Wind ows Setup: Communication 3 In the Communications window , select the Universal Plug and Play check box in the Components selection box.
P-2608HWL-Dx Series User ’s Guide Chapter 24 Universa l Plug-and-Play (UPnP) 311 Inst alling UPnP in Windows XP Follow the steps below to inst all the UPnP in W indows XP .
P-2608HWL-Dx Series User’s Guide 312 Chapter 24 Univer sal Plug-and-Play (UPnP) Figure 173 Networking Services 6 Click OK to go back to the W indows Optional Networking Component W izard window and click Next . 24.4 Using UPnP in Windows XP Example This section shows yo u how to use the UPnP feature in W indows XP .
P-2608HWL-Dx Series User ’s Guide Chapter 24 Universa l Plug-and-Play (UPnP) 313 Figure 174 Network Connections 3 In the Internet Connection Properties window , click Setti ngs to see the port mappings there were automatically created.
P-2608HWL-Dx Series User’s Guide 314 Chapter 24 Univer sal Plug-and-Play (UPnP) 4 Y ou may edit or delete the port map pings or click Add to manually add port mappings.
P-2608HWL-Dx Series User ’s Guide Chapter 24 Universa l Plug-and-Play (UPnP) 315 Figure 178 System T r ay Icon 7 Double-click on the icon to display yo ur curr ent Internet co nnection status.
P-2608HWL-Dx Series User’s Guide 316 Chapter 24 Univer sal Plug-and-Play (UPnP) Figure 180 Network Connections 4 An icon with the description for e ach UPnP-enabled device display s under Local Network . 5 Right-click on the icon for your ZyXEL Device an d select Invoke .
P-2608HWL-Dx Series User ’s Guide Chapter 24 Universa l Plug-and-Play (UPnP) 317 Figure 181 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Pr operties . A properties window displays with basic info rmation about the ZyXEL Device.
P-2608HWL-Dx Series User’s Guide 318 Chapter 24 Univer sal Plug-and-Play (UPnP).
P-2608HWL-Dx Series User ’s Guide Chapter 25 System 319 C HAPTER 25 System Use this screen to configure the ZyXEL Device’ s time and date settings. 25.1 General Setup and System Name General Setup contains administrative and system-related information.
P-2608HWL-Dx Series User’s Guide 320 Chapter 25 Syst em Figure 183 System General Setu p The following table describes the labels in this screen. T able 124 System Gene ral Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identificatio n purposes.
P-2608HWL-Dx Series User ’s Guide Chapter 25 System 321 25.2 T ime Setting T o change your ZyXEL De vice’ s time and date, click Maintenance > System > Time Setting . The screen appears as shown. Use this screen to configure the ZyXEL Device’ s time based on your local time zone.
P-2608HWL-Dx Series User’s Guide 322 Chapter 25 Syst em New T ime (hh:mm:ss) This field displays the last updated ti me from the time server or the last time configured manually . When you set Time and Date Setup to Manual , enter the new time in this field and then click Apply .
P-2608HWL-Dx Series User ’s Guide Chapter 25 System 323 End Date Configure the day and time when Da ylight Saving Time ends if you selected Enable Daylight Saving . The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United S tates on the last Sunday of October .
P-2608HWL-Dx Series User’s Guide 324 Chapter 25 Syst em.
P-2608HWL-Dx Series User ’s Guide Chapter 26 Logs 325 C HAPTER 26 Logs This chapter contains inform ation about configuring genera l log settings and viewing the ZyXEL Device’ s logs. Refer to the append ix for example log message explanations. 26.
P-2608HWL-Dx Series User’s Guide 326 Chapter 26 Logs Figure 185 V iew Log The following table describes the fields in this screen. 26.3 Configuring Log Settings Use the Log Settings screen to config.
P-2608HWL-Dx Series User ’s Guide Chapter 26 Logs 327 Alerts are e-mailed as soon as they happen. Logs may be e-ma iled as soon as the log is full. Selecting many alert and/or log categories (especially Access Control ) may result in many e- mails being sent.
P-2608HWL-Dx Series User’s Guide 328 Chapter 26 Logs Send Log to The ZyXEL Device sen ds logs to the e-mail add ress specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail.
P-2608HWL-Dx Series User ’s Guide Chapter 26 Logs 329 26.4 SMTP Error Messages If there are difficulties in sending e-mail the following error message appears. “SMTP action request failed. ret= ??". The “??"are described in the following table.
P-2608HWL-Dx Series User’s Guide 330 Chapter 26 Logs Figure 187 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com To: user@zyxel.com 1| Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:0052 0 dest port:00520 |<1,00> | 2|Apr 7 00 |From:192.
P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 331 C HAPTER 27 To o l s This chapter explains how to upload new firm ware, manage configuration files and restart your ZyXEL Device. Note: Do not interrupt the file transfer p rocess as this may PERMANENTL Y DAMAGE YOUR ZyXEL Device.
P-2608HWL-Dx Series User’s Guide 332 Chapter 27 Tools This is a sample FTP session saving the cu rrent configuration to the computer file “ config.
P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 333 Figure 188 Firmware Upgr ade The following table describes the labels in this screen. Note: Do NOT turn off th e ZyXEL Device while firmware upload is in pro gress! After you see the Firmware Upload in Pr ogress screen, wait two minutes before logging into the ZyXEL Device again.
P-2608HWL-Dx Series User’s Guide 334 Chapter 27 Tools Figure 190 Network T e mporarily Disconnected After two minutes, log in again an d check your new firmware version in the St a t u s screen. If the upload was not successful, the following screen will appear .
P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 335 Figure 192 Configuration 27.5.1 Backup Configuration Backup Configuration allows you to back up (save) the ZyXE L Device’ s current configuration to a file on your co mputer .
P-2608HWL-Dx Series User’s Guide 336 Chapter 27 Tools After you see a “restore configuration successf ul” scree n, you must then wait one minute before logging into th e ZyXEL Device again. Figure 193 Configuration Upload Successfu l The ZyXEL Device automatically restarts in this time causing a temporary network disconnect.
P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 337 Figure 196 Reset In Process Message Y ou can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to Section 2.1.2 on pag e 48 for more info rmation on the RESET button.
P-2608HWL-Dx Series User’s Guide 338 Chapter 27 Tools 4 Enter your password as requested (the default is “1234”). 5 Enter “ bin ” to set transfer mode to binary . 6 Use “ get ” to transfer files from the ZyXEL Devi ce to the computer , for example, “ get rom-0 config.
P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 339 27.7.4 Backup Configuration Using TFTP The ZyXEL Device supports the up/downlo ading of the firmware and the configuratio n file using TFTP (T rivial File T ransfer Protocol) ov er LAN. Although TFTP should work over W AN as well, it is not recommended.
P-2608HWL-Dx Series User’s Guide 340 Chapter 27 Tools 27.7.6 Configuration Backup Using GUI-based TFTP Client s The following table describes some of the fiel ds that you may see in GUI-based TFTP clients. Refer to Section 27.3 on page 332 to read about configurations that disallow TFTP and FTP over W AN.
P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 341 27.8.1 Restore Usin g FTP Session Example Figure 199 Restore Using FTP Session Example Refer to Section 27.
P-2608HWL-Dx Series User’s Guide 342 Chapter 27 Tools 27.9.2 FTP Session Exampl e of Firmware File Upload Figure 200 FTP Session Example of Firmware File Upload More commands (found in GUI-based FTP clie nts) are listed earlier in this chapter . Refer to Section 27.
P-2608HWL-Dx Series User ’s Guide Chapter 27 Tools 343 27.9.4 TFTP Upload Command Example The following is an example TFTP command: tftp [-i] host put firmware.
P-2608HWL-Dx Series User’s Guide 344 Chapter 27 Tools.
P-2608HWL-Dx Series User ’s Guide Chapter 28 Diagnostic 345 C HAPTER 28 Diagnostic These read-only screens display information to help you identify problems with the ZyXEL Device. 28.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next.
P-2608HWL-Dx Series User’s Guide 346 Chapter 28 Diagnostic Figure 202 Diagnostic: DSL Line The following table describes th e fields in this screen. Table 135 Diagnostic: DSL Line LABEL DESCRIPTION A TM S tatus Click this button to view your DSL connection’s Asynchronous T ransfer Mode (A TM) statistics.
P-2608HWL-Dx Series User ’s Guide Chapter 28 Diagnostic 347 DSL Line S tatus Click this button to view stat istics about the DSL connections. noise margin downstream is th e signal to noise ratio for the dow nstream part of the connection (coming into the ZyXEL Device from the ISP).
P-2608HWL-Dx Series User’s Guide 348 Chapter 28 Diagnostic.
P-2608HWL-Dx Series User ’s Guide Chapter 29 Troubleshooting 349 C HAPTER 29 T roubleshooting This chapter covers potential proble ms and the corresponding remedies.
P-2608HWL-Dx Series User’s Guide 350 Chapter 29 Troublesh ooting 29.3 Problems with the W AN Table 138 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL light is off. Check the telephone wire and connection s between the ZyXEL Device DSL port and the wall jack.
P-2608HWL-Dx Series User ’s Guide Chapter 29 Troubleshooting 351 29.4 Problems Accessi ng the ZyXEL Device 29.4.1 Pop-up Windows, Ja vaScript s and Java Permissions In order to use the web configurator you need to allow: • W eb browser pop-up windows from your device.
P-2608HWL-Dx Series User’s Guide 352 Chapter 29 Troublesh ooting • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may va ry . 29.4.1.1 Internet Explorer Pop-up Blockers Y ou may have to disable pop-up b locking to log into y our device.
P-2608HWL-Dx Series User ’s Guide Chapter 29 Troubleshooting 353 Figure 204 Intern et Options 3 Click Apply to save this setting. 29.4.1.1.2 Enable pop-up Blockers with Exceptions Alternatively , if you only want to allow pop-up win dows from your device, see the following steps.
P-2608HWL-Dx Series User’s Guide 354 Chapter 29 Troublesh ooting Figure 205 Internet Options 3 T ype the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites .
P-2608HWL-Dx Series User ’s Guide Chapter 29 Troubleshooting 355 Figure 206 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 29.4.1.2 JavaScript s If pages of the web configura tor do not display properly in Inte rnet Explorer , ch eck that JavaScripts are allowed.
P-2608HWL-Dx Series User’s Guide 356 Chapter 29 Troublesh ooting Figure 207 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting . 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is sele cted (the default).
P-2608HWL-Dx Series User ’s Guide Chapter 29 Troubleshooting 357 Figure 208 Security Settings - Java Scripting 29.4.1.3 Java Permissions 1 From Internet Explorer , click To o l s , In ternet Options and then the Security tab. 2 Click the Custom Level.
P-2608HWL-Dx Series User’s Guide 358 Chapter 29 Troublesh ooting Figure 209 Security Settings - Java 29.4.1.3.1 JA V A (Sun) 1 From Internet Explorer , click To o l s , In ternet Options and then the Adva nced tab. 2 make sure that Use Java 2 for <applet> u nder Java (Sun) is selected.
P-2608HWL-Dx Series User ’s Guide Chapter 29 Troubleshooting 359 Figure 210 Java (Sun) 29.5 T elephone Problems Table 140 Troubleshooting Telephone PROBLEM CORRECTIVE ACTION The telephone port won’t work or the telephone lacks a dial to ne. Check the telephone con nections and telephone wire.
P-2608HWL-Dx Series User’s Guide 360 Chapter 29 Troublesh ooting.
P-2608HWL-Dx Series User ’s Guide Appendix A Product Specifications 361 A PPENDIX A Product S pecifications See also Chapter 1 on pa ge 41 for a general overview of the key features. S pecification T a bles Firmware S pecifications Table 141 Device Specifications Default IP Address 192.
P-2608HWL-Dx Series User’s Guide 362 Appendix A Product Specifications IEEE 802.1 1b/g Wireless LAN The ZyXEL Device can serve as an IEEE 802.1 1g wireless access point. Expand your network by allowing IEEE 802.1 1g and IEEE 802.1 1b devices to connect to your network.
P-2608HWL-Dx Series User ’s Guide Appendix A Product Specifications 363 TR-069 TR-069 is a protocol that defines how your ZyXEL Device can be managed via a management server such as ZyXEL ’s V antage CNM Access. The manageme nt server can securely manage and update con figuration changes in ZyXEL Devices.
P-2608HWL-Dx Series User’s Guide 364 Appendix A Product Specifications Table 143 Firmware Specifications ADSL S tandards Su pport ITU G .992.1 G .dmt (Annex B, U-R2) EOC specified in ITU-T G . 992.1 ADSL2 G .dmt.bis (G .992.3) ADSL2 G .l ite.bis (G .
P-2608HWL-Dx Series User ’s Guide Appendix A Product Specifications 365 Wireless IEEE 802.1 1g Compliance Frequency Range: 2.4 GHz ISM Band Advanced Orthogonal Frequency Divisio n Multiplexing (OFDM) Data Ra tes: 54Mbp s, 1 1Mbps, 5.5M bps, 2Mbps, and 1 Mbps Auto Fallback WP A/WP A2 security WMM IEEE 802.
P-2608HWL-Dx Series User’s Guide 366 Appendix A Product Specifications P-2608HW/HWL-Dx Series Power Adaptor Specifications V oice Features SIP ve rsion 2 (Session Initiating Protocol RFC 3261) SDP (Session Description Protocol RFC 2327) RTP (RFC 1889) RTCP (RFC 1890) V oice codecs (co der/decoders) G .
P-2608HWL-Dx Series User ’s Guide Appendix B Setting up Your Computer’s IP Addr ess 367 A PPENDIX B Setting up Y our Computer ’ s IP Address All computers must have a 10M or 100M Et hernet adapter card and TCP/IP installed.
P-2608HWL-Dx Series User’s Guide 368 Appendix B Setting up Your Computer’s IP Add ress Figure 21 1 WIndows 95/98/Me: Network: Configuration Inst alling Component s The Network window Configuration tab displays a list of installed components. Y ou need a network adapter , the TCP/IP protocol and Client for Microsof t Networks.
P-2608HWL-Dx Series User ’s Guide Appendix B Setting up Your Computer’s IP Addr ess 369 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click OK . 5 Restart your computer so the changes you made take ef fect.
P-2608HWL-Dx Series User’s Guide 370 Appendix B Setting up Your Computer’s IP Add ress Figure 213 Windows 95/98/Me : TCP/IP Pr operties: DNS Configuration 4 Click the Gateway tab. • If you do not know your gateway’ s IP address, remove previously installed gateways.
P-2608HWL-Dx Series User ’s Guide Appendix B Setting up Your Computer’s IP Addr ess 371 Figure 214 Windows XP: S tart Menu 2 For W indows XP , click Network Connections . For W indows 2000/NT , click Network and Dial-up Connections . Figure 215 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Pr operties .
P-2608HWL-Dx Series User’s Guide 372 Appendix B Setting up Your Computer’s IP Add ress Figure 216 Windows XP: Control Panel: Network Connections: Pro perties 4 Select Internet Protocol (TCP/IP) (under the Genera l tab in W in XP) and click Properties .
P-2608HWL-Dx Series User ’s Guide Appendix B Setting up Your Computer’s IP Addr ess 373 • If you have a static IP address click Use the following IP Address and fill in the IP addr ess , Subnet mask , and Default gateway fields. Click Advanced .
P-2608HWL-Dx Series User’s Guide 374 Appendix B Setting up Your Computer’s IP Add ress • Click Obtain DNS server address automatically if you do not know your DNS server IP addre ss(es).
P-2608HWL-Dx Series User ’s Guide Appendix B Setting up Your Computer’s IP Addr ess 375 Figure 220 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 221 Macintosh O S 8/9: TC P/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configur e: list.
P-2608HWL-Dx Series User’s Guide 376 Appendix B Setting up Your Computer’s IP Add ress •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address bo x. • T ype your subnet mask in the Subnet mask box. • T ype the IP address of your ZyXEL Device in the Router address box.
P-2608HWL-Dx Series User ’s Guide Appendix B Setting up Your Computer’s IP Addr ess 377 Figure 223 Macintosh O S X: Networ k 4 For statically assigned settings, do the following: •F r o m t h e Configure box, select Manually . • T ype your IP address in the IP Address bo x.
P-2608HWL-Dx Series User’s Guide 378 Appendix B Setting up Your Computer’s IP Add ress.
P-2608HWL-Dx Series User ’s Guide Appendix C IP Addresses and Subn etting 379 A PPENDIX C IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. Y ou use subnet masks to subdivid e a network in to smaller logical networks.
P-2608HWL-Dx Series User’s Guide 380 Appendix C IP Addresses a n d Subnetting The following table shows the network number and host ID arrangement for classes A, B and C. An IP address with host IDs of all zeros is the IP address of the n etwork (192.
P-2608HWL-Dx Series User ’s Guide Appendix C IP Addresses and Subn etting 381 Subnet Masks A subnet mask is used to dete rmine which bits are part of th e network number , and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits.
P-2608HWL-Dx Series User’s Guide 382 Appendix C IP Addresses a n d Subnetting The first mask shown is the class “C” natural m ask. Normally if no mask is specified it is understood that the natura l mask is being used. Example: T wo Subnet s As an example, you have a class “C” address 1 92.
P-2608HWL-Dx Series User ’s Guide Appendix C IP Addresses and Subn etting 383 Host IDs of all zeros represent the subnet itsel f and host IDs of all ones are the broadcast address for that subnet, so the actual number of hosts available on each subnet in the example above is 2 7 – 2 or 126 h o sts for each subnet.
P-2608HWL-Dx Series User’s Guide 384 Appendix C IP Addresses a n d Subnetting Example Eight Subnet s Similarly use a 27-bit mask to create eight subnets (000, 001, 010 , 01 1, 100, 101, 1 10 and 111 ) . Subnet Address: 192.1 68.1.0 Lowest Ho st ID: 192.
P-2608HWL-Dx Series User ’s Guide Appendix C IP Addresses and Subn etting 385 The following table shows class C IP ad dress last octet values for each subnet. The following table is a summary for class “C” subnet planning. Subnetting With Class A and Class B Networks.
P-2608HWL-Dx Series User’s Guide 386 Appendix C IP Addresses a n d Subnetting The following table is a summary for class “B” subnet planning. Table 158 Class B Subnet Planning NO. “BORROWED” HOST BIT S SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.
P-2608HWL-Dx Series User ’s Guide Appendix D Common Services 387 Appendix D Common Services The commonly used services and port numbers ar e shown in the following table. Please refer to RFC 1700 for further information about port numbers. Next to the name of the service, two fields appear in brackets.
P-2608HWL-Dx Series User’s Guide 388 Appendix D Common Services NFS(UDP:2049) Network File System - NFS is a clie nt/server distributed file service that provides transparent file sharing for network environments. NNTP(TCP:1 19) Netwo rk News T ransport Protocol is the delivery mechani sm for the USENET newsg roup service.
P-2608HWL-Dx Series User ’s Guide Appendix E Importin g Certificates 389 A PPENDIX E Importing Certificates This appendix shows importing certificat es examples using In ternet Ex plorer 5.
P-2608HWL-Dx Series User’s Guide 390 Appe ndix E Importing Certificates Figure 225 Login Screen 2 Click Install Certificate to open the Install Certificate wizard. Figure 226 Certificate General Information befor e Import 3 Click Next to begin the Install Certificate wizard.
P-2608HWL-Dx Series User ’s Guide Appendix E Importin g Certificates 391 Figure 227 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next . Figure 228 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard.
P-2608HWL-Dx Series User’s Guide 392 Appe ndix E Importing Certificates Figure 229 Certificate Import Wizard 3 6 Click Ye s to add the Prestige certificate to the root store.
P-2608HWL-Dx Series User ’s Guide Appendix E Importin g Certificates 393 Figure 231 Certificate General Information af ter Import Enrolling and Importing SSL Client Certificates The SSL client needs a certificate if Authenticate Client Certificates is selected on the Prestige.
P-2608HWL-Dx Series User’s Guide 394 Appe ndix E Importing Certificates Figure 232 Prestige T rusted CA Screen The CA sends you a package containing the CA ’ s truste d certificate(s), your personal certificate(s) and a password to inst all the personal certificate(s).
P-2608HWL-Dx Series User ’s Guide Appendix E Importin g Certificates 395 Inst alling Y o ur Personal Certificate(s) Y ou need a password in advance. The CA may is sue the password or you may have to sp ecify it during the enrollment.
P-2608HWL-Dx Series User’s Guide 396 Appe ndix E Importing Certificates Figure 236 Personal Certificate Import Wizard 3 4 Have the wizard determine where the certificat e should be saved on your computer or select Place all certificates in the following stor e and choose a different location.
P-2608HWL-Dx Series User ’s Guide Appendix E Importin g Certificates 397 Figure 238 Personal Certificate Import Wizard 5 6 Y ou should see the following screen when the ce rtificate is correctly installed on your computer .
P-2608HWL-Dx Series User’s Guide 398 Appe ndix E Importing Certificates Figure 241 SSL Client Authentication 3 Y ou next see the Prestige login screen.
P-2608HWL-Dx Series User ’s Guide Appendix F Triangl e Route 399 A PPENDIX F T riangle Route The Ideal Setup When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet.
P-2608HWL-Dx Series User’s Guide 400 Appendix F Tria ngle Route Figure 244 “T riangle Route” Problem The “T riangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.
P-2608HWL-Dx Series User ’s Guide Appendix F Triangl e Route 401 Figure 245 IP Alias Gateways on the W AN Side A second solution to the “triangle route” problem is to put all of your network gateways on the W AN side as the following figure shows.
P-2608HWL-Dx Series User’s Guide 402 Appendix F Tria ngle Route.
P-2608HWL-Dx Series User ’s Guide Appendix G Log Descriptions 403 A PPENDIX G Log Descriptions This appendix provides descrip tions of example log messages. Table 160 System Maintenance Logs LOG MESSAGE DESCRIPTION Time calibration is successful The router has adjusted its time based on information from the time server .
P-2608HWL-Dx Series User’s Guide 404 Appendix G Log Descriptions Successful HTTPS login Someone has log ged on to the router's web configurator interface using HTTPS protocol. HTTPS login failed Someone has faile d to log on to the router's web configurator interface using HTTPS protocol.
P-2608HWL-Dx Series User ’s Guide Appendix G Log Descriptions 405 For type and code details, see T able 173 on page 409 . Table 163 TCP Reset Lo gs LOG MESSAGE DESCRIPTION Under SYN flood attack, sent TCP RST The router sent a TCP reset packet when a host was u nder a SYN flood attack (the TCP incomplete count is per desti nation host.
P-2608HWL-Dx Series User’s Guide 406 Appendix G Log Descriptions Triangle route packet forwarded: ICMP The firewall allow ed a triangle route session to pass through. Packet without a NAT table entry blocked: ICMP The router blocked a packet that didn’t have a corresponding NA T table entry .
P-2608HWL-Dx Series User ’s Guide Appendix G Log Descriptions 407 For type and code details, see T able 173 on page 409 . Table 168 UPnP Logs LOG MESSAGE DESCRIPTION UPnP pass through Firewall UPnP packets can p ass thro ugh the firewall.
P-2608HWL-Dx Series User’s Guide 408 Appendix G Log Descriptions ip spoofing - no routing entry ICMP (type:%d, code:%d) The firewall classified an ICMP packet with no source routing entry as an IP spoofing attack. vulnerability ICMP (type:%d, code:%d) The firewall detecte d an ICMP vulnerability attack.
P-2608HWL-Dx Series User ’s Guide Appendix G Log Descriptions 409 No Server to authenticate user. Th ere is no authentication serv er to authenticate a user . Local User Database does not find user`s credential. A user was not authenticated by the local user database because the user is not listed in th e local user database.
P-2608HWL-Dx Series User’s Guide 410 Appendix G Log Descriptions 11 T ime Exceeded 0 T ime to live exceeded in transit 1 Fragment reassembly time exceeded 12 Parameter Problem 0 Pointer indicates th.
P-2608HWL-Dx Series User ’s Guide Appendix G Log Descriptions 411 Table 176 RTP Logs LOG MESSAGE DESCRIPTION Error, RTP init fail The initialization of an RTP session failed. Error, Call fail: RTP connect fail A V oIP phone call failed because the RTP session could not be established.
P-2608HWL-Dx Series User’s Guide 412 Appendix G Log Descriptions The following table shows RFC-2408 ISAKMP payload types that the log displays. Please refer to RFC 2408 for detail ed information on each type. Log Commands Go to the command in terpreter interface ( Appendix I on page 42 3 explains how to access and use the commands).
P-2608HWL-Dx Series User ’s Guide Appendix G Log Descriptions 413 Figure 248 Displaying Log Para meters Example 4 Use sys logs category foll owed by a log category and a parameter to decide what to record.
P-2608HWL-Dx Series User’s Guide 414 Appendix G Log Descriptions Log Command Example This example shows how to set the ZyXEL Devi ce to record the acc ess logs and alerts and then view the results. Figure 249 Log Command Example ras> sys logs load ras> sys logs category access 3 ras> sys logs save ras> sys logs display access # .
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 415 A PPENDIX H Internal SPTGEN Internal SPTGEN Overview Internal SP TGEN (System Parame ter T able Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices.
P-2608HWL-Dx Series User’s Guide 416 Appendix H Internal SPTG EN Some parameters are dependent on othe rs. For example, if you disable the Configur ed field in menu 1 (see Figure 250 on page 415 ), then you disable every field in this me nu.
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 417 Figure 253 Internal SP TGEN FTP Download Example Note: Y ou can rename your “ rom-t ” file when you save it to your computer but it must be named “ rom-t ” when you uplo ad it to your ZyXEL Device.
P-2608HWL-Dx Series User’s Guide 418 Appendix H Internal SPTG EN The following are the Internal SP TGEN menus. PV A Pa rameter V alues Allo wed INPUT An example of what you may enter * Applies to the ZyXEL Device.
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 419 FIN FN PVA INPUT 30200001 = DHCP <0(None) | 1(Server) | 2(Relay)> = 0 30200002 = Client IP Pool Starting Address = 192.168.1.33 30200003 = Size of Client IP Pool = 32 30200004 = Primary DNS Server = 0.
P-2608HWL-Dx Series User’s Guide 420 Appendix H Internal SPTG EN 30201008 = IP Alias #1 Incoming protocol filters Set 3 = 256 30201009 = IP Alias #1 Incoming protocol filters Set 4 = 256 30201010 = .
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 421 30500004 = RTS Threshold <0 ~ 2432> = 2432 30500005 = FRAG. Threshold <256 ~ 2432> = 2432 30500006 = WEP <0(DISABLE) .
P-2608HWL-Dx Series User’s Guide 422 Appendix H Internal SPTG EN 40000002 = Active <0(No) | 1(Yes)> = 1 40000003 = ISP's Name = ChangeMe 40000004 = Encapsulation <2(PPPOE) | 3(RFC 1483.
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 423 40000032= RIP Version <0(Ri p-1) | 1(Rip-2B) |2(Rip-2M)> = 0 40000033= Nailed-up Co nnection <0(No) |1(Yes)> = 0 Table 184 Menu 4 Internet Access Setup (con tinued) Table 185 Menu 12 / Menu 12.
P-2608HWL-Dx Series User’s Guide 424 Appendix H Internal SPTG EN / Menu 12.1.4 IP Static Route Setup FIN FN PVA INPUT 120104001 = IP Static Route set #4, Name <Str> = 120104002 = IP Static Route set #4, Active <0(No) |1(Yes)> = 0 120104003 = IP Static Route set #4, Destination IP address = 0.
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 425 120107006 = IP Static Route set #7, Metric = 0 120107007 = IP Static Route set #7, Private <0(No) |1(Yes)> = 0 / Menu 12.
P-2608HWL-Dx Series User’s Guide 426 Appendix H Internal SPTG EN 120111004 = IP Static Route set #11, Destination IP subnetmask = 0 120111005 = IP Static Route set #11, Gateway = 0.0.0.0 120111006 = IP Static Route set #11, Metric = 0 120111007 = IP Static Route set #11, Private <0(No) |1(Yes)> = 0 */ Menu 12.
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 427 120115002 = IP Static Route set #15, Active <0(No) |1(Yes)> = 0 120115003 = IP Static Route set #15, D estination IP address = 0.0.0.0 120115004 = IP Static Route set #15, D estination IP subnetmask = 0 120115005 = IP Static Route set #15, Gateway = 0.
P-2608HWL-Dx Series User’s Guide 428 Appendix H Internal SPTG EN 150000014 = SUA Server #4 Port Start = 0 150000015 = SUA Server #4 Port End = 0 150000016 = SUA Server #4 Local IP address = 0.
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 429 150000048 = SUA Server #11 Protocol <0(All)|6(TCP)|17(U DP)> = 0 150000049 = SUA Server #11 Port Start = 0 150000050 = SUA Server #11 Port End = 0 150000051 = SUA Server #11 Local IP addr ess = 0.
P-2608HWL-Dx Series User’s Guide 430 Appendix H Internal SPTG EN / Menu 21.1.1.2 set #1, rule #2 FIN FN PVA INPUT 210102001 = IP Filter Set 1,Rule 2 Type <2(TCP/IP)> = 2 210102002 = IP Filter Set 1,Rule 2 Active <0(No)|1(Yes)> = 1 210102003 = IP Filter Set 1,Rule 2 Protocol = 6 210102004 = IP Filter Set 1,Rule 2 Dest IP address = 0.
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 431 210103013 = IP Filter Set 1,Rule 3 Act Match <1(check next)|2(forward)| 3(drop) = 3 210103014 = IP Filter Set 1,Rule 3 Act Not Match <1(check next)|2(forward)| 3(drop) = 1 / Menu 21.
P-2608HWL-Dx Series User’s Guide 432 Appendix H Internal SPTG EN 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask = 0 210105010 = IP Filter Set 1,Rule 5 Src Port = 0 210105011 = IP Filter Set 1,Ru.
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 433 / Menu 21.1.2.1 Filter set #2, rule #1 FIN FN PVA INPUT 210201001 = IP Filter Set 2, Rule 1 Type <0(none)|2(TCP/IP)> = 2 21020.
P-2608HWL-Dx Series User’s Guide 434 Appendix H Internal SPTG EN 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask = 0 210202010 = IP Filter Set 2,Rule 2 Src Port = 0 210202011 = IP Filter Set 2, .
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 435 210204002 = IP Filter Set 2, Rule 4 Active <0(No)|1(Yes )> = 1 210204003 = IP Filter Set 2, Rule 4 Protocol = 17 210204004 = IP Filter Set 2, Rule 4 Dest IP address = 0.
P-2608HWL-Dx Series User’s Guide 436 Appendix H Internal SPTG EN 210205011 = IP Filter Set 2, Rule 5 Src Port Comp <0(none)|1(equal)|2 (not equal)|3(less)|4(gr eater)> = 0 210205013 = IP Filte.
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 437 Table 189 Menu 23 System Menus */ Menu 23.1 System Password Setup FIN FN PVA INPUT 230000000 = System Password = 1234 */ Menu 23.
P-2608HWL-Dx Series User’s Guide 438 Appendix H Internal SPTG EN Command Examples The following are example Internal SP TGEN screens associated with the ZyXEL Device’ s command interpreter commands.
P-2608HWL-Dx Series User ’s Guide Appendix H Inte rnal SPTGEN 439 FIN FN PVA INPUT 990000001 = ADSL OPMD <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> = 3 Table 191 Command Examples (continued) F.
P-2608HWL-Dx Series User’s Guide 440 Appendix H Internal SPTG EN.
P-2608HWL-Dx Series User ’s Guide Index 441 Index A AAL5 364 AbS 156 active protocol 228 AH 228 and encapsulation 228 ESP 228 Address Resolution Protocol (ARP) 11 0 administrator passwor d 320 ADSL2.
P-2608HWL-Dx Series User’s Guide 442 Index and cryptology 249 and directory servers 250 , 270 and IKE SA 225 and public-key cryptology 249 and public-private keys 249 and remote hosts 264 and remote.
P-2608HWL-Dx Series User ’s Guide Index 443 Domain Name System, See DNS domain name, and ISPs 319 domain name, of system 319 DoS 189 types 190 DoS (Denial of Service) basics 189 DoS thresholds, and .
P-2608HWL-Dx Series User’s Guide 444 Index and Smurf attack 191 and SYN attack 191 and SYN Flood 190 and TCP/IP 190 and T ea rdrop 190 and three-way-handshake 190 and upper laye r protocols 196 appl.
P-2608HWL-Dx Series User ’s Guide Index 445 passwor d 225 peer identity 224 pre-shared key 224 proposal 223 user name 225 IKE SA. See also VPN. importing certificates 253 importing trusted CA ’s 2.
P-2608HWL-Dx Series User’s Guide 446 Index schedule 327 settings 326 sorting 325 syslog server 325 viewing 325 M MAC address filter a ction 134 MAC filter 134 Management Information Ba se (MIB) 299 .
P-2608HWL-Dx Series User ’s Guide Index 447 pop-ups, browser settings 351 Port Forwarding 365 port forwarding 144 and servers 144 configuration 145 example 144 Power Adaptor 366 Power Adaptor S peci.
P-2608HWL-Dx Series User’s Guide 448 Index RFC 2684 364 RFC 3261 366 RFC 3489 155 RIP 108 direction 108 version 108 RIP (Routing Information Protocol) 108 romfile, configuration fi le 331 root class.
P-2608HWL-Dx Series User ’s Guide Index 449 configuration 274 example 273 reaching other networks 273 S torage Humidity 361 S torage T emperature 361 STUN 155 how it works 155 SUA 142 SUA (Single User Account) 142 SUA vs.
P-2608HWL-Dx Series User’s Guide 450 Index VBR-nRT 98 VBR-RT 98 VCI (Virtual Channel Identifier) 90 Virtual Channel Identifier (VCI) 90 virtual circuit (VC), and multiplexing 90 Virtual Local Area Network 159 Virtual Path Identifier (VPI) 90 virtual private networks.
P-2608HWL-Dx Series User ’s Guide Index 451 Z zero configuration Internet access 94 ZyNOS 332 ZyNOS (ZyXEL Network Operating System) 331 ZyNOS firmware version 332 ZyXEL ’s firewall introduction 1.
An important point after buying a device ZyXEL Communications P-2608HWL-Dx Series (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought ZyXEL Communications P-2608HWL-Dx Series yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data ZyXEL Communications P-2608HWL-Dx Series - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, ZyXEL Communications P-2608HWL-Dx Series you will learn all the available features of the product, as well as information on its operation. The information that you get ZyXEL Communications P-2608HWL-Dx Series will certainly help you make a decision on the purchase.
If you already are a holder of ZyXEL Communications P-2608HWL-Dx Series, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime ZyXEL Communications P-2608HWL-Dx Series.
However, one of the most important roles played by the user manual is to help in solving problems with ZyXEL Communications P-2608HWL-Dx Series. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device ZyXEL Communications P-2608HWL-Dx Series along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center