Page 1 AMG1302-T11C Wireless N ADSL2+ Gateway Version 3.00(ABCG.0) Edition 1, 03/2016 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://192.168.1.1 User Name admin www.zyxel.com Password 1234 Copyright © 2016 ZyXEL Communications Corporation...
Page 2 Related Documentation • Quick Start Guide The Quick Start Guide shows how to connect the AMG1302-T11C and access the Web Configurator. It contains information on setting up your wireless network. • More Information Go to support.zyxel.com to find other information on the AMG1302-T11C.
Page 3: Table Of Contents
Parental Control ............................181 Certificate ..............................184 Logs ..............................189 Traffic Status ............................191 User Account ............................194 TR-069 Client ............................195 System Settings ............................198 Time Setting ............................199 Log Setting ............................201 Firmware Upgrade ..........................205 Backup/Restore and Reboot .........................207 Remote Management ..........................210 Diagnostic .............................217 Troubleshooting ............................220 AMG1302-T11C User’s Guide...
Page 4: Table Of Contents
Part I: User’s Guide ..................12 Chapter 1 Introduction............................13 1.1 Overview ............................13 1.2 Ways to Manage the AMG1302-T11C ....................13 1.3 Good Habits for Managing the AMG1302-T11C ................13 1.4 Applications for the AMG1302-T11C ....................13 1.4.1 Internet Access ........................14 1.4.2 Wireless Access ........................14 1.5 LED (Lights) ............................15 1.6 Using the WPS Button ........................16...
Page 5 4.9.1 Configuring ATM QoS for Multiple WAN Connections .............51 4.9.2 Configuring Port Binding ......................54 4.10 Configuring QoS to Prioritize Traffic ....................55 4.11 Access the AMG1302-T11C from the Internet Using DDNS ............58 4.11.1 Registering a DDNS Account on www.dyndns.org ..............58 4.11.2 Configuring DDNS on Your AMG1302-T11C .................59 4.11.3 Testing the DDNS Setting ......................59...
Page 6 7.10.7 Wireless Distribution System (WDS) ................... 111 7.10.8 WiFi Protected Setup (WPS) ....................111 Chapter 8 Home Networking ..........................118 8.1 Overview ............................118 8.1.1 What You Can Do in the LAN Screens .................. 118 8.1.2 What You Need To Know ....................... 118 AMG1302-T11C User’s Guide...
Page 7 8.4.1 Configuring the LAN IP Alias Screen ..................123 8.5 The UPnP Screen ...........................124 8.6 The IPv6 LAN Setup Screen ......................124 8.7 Home Networking Technical Reference ..................128 8.7.1 LANs, WANs and the AMG1302-T11C ..................128 8.7.2 DHCP Setup ..........................128 8.7.3 DNS Server Addresses ......................129 8.7.4 LAN TCP/IP ...........................129 8.7.5 RIP Setup ..........................130...
Page 8 15.1 Overview ............................165 15.1.1 What You Can Do in the Firewall Screens ................165 15.1.2 What You Need to Know About Firewall ................166 15.2 The Firewall General Screen ......................167 15.3 The Default Action Screen ......................168 15.4 The Rules Screen .........................169 AMG1302-T11C User’s Guide...
Page 9 18.2 The System Log Screen ........................190 Chapter 19 Traffic Status .............................191 19.1 Overview ............................191 19.1.1 What You Can Do in this Chapter ..................191 19.2 The WAN Status Screen .......................191 19.3 The LAN Status Screen .........................192 19.4 The NAT Screen ..........................193 AMG1302-T11C User’s Guide...
Page 10 26.2 The Backup/Restore Screen ......................207 26.3 The Reboot Screen ........................209 Chapter 27 Remote Management........................210 27.1 Overview ............................210 27.1.1 What You Can Do in the Remote Management Screens ............210 27.1.2 What You Need to Know About Remote Management ............211 AMG1302-T11C User’s Guide...
Page 11 28.3 The DSL Line Screen ........................218 Chapter 29 Troubleshooting..........................220 29.1 Power, Hardware Connections, and LEDs ..................220 29.2 AMG1302-T11C Access and Login ....................221 29.3 Internet Access ..........................223 Appendix A Customer Support ......................225 Appendix B Setting up Your Computer’s IP Address ...............231 Appendix C IP Addresses and Subnetting..................251...
Page 12: User's Guide
User’s Guide...
Page 13: Introduction
Introduction 1.1 Overview The AMG1302-T11C is an ADSL2+ router. By integrating DSL and NAT, you are provided with ease of installation and high-speed, shared Internet access. The AMG1302-T11C is also a complete security solution with a robust firewall and content filtering.
Page 14: Internet Access
Chapter 1 Introduction 1.4.1 Internet Access Your AMG1302-T11C provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack. Computers can connect to the AMG1302-T11C’s Ethernet ports (or wirelessly).
Page 15: Led (Lights)
The AMG1302-T11C detected an error while self-testing, or there is a device malfunction. The AMG1302-T11C is not receiving power. Green The AMG1302-T11C has an Ethernet connection with a device on the Local Area Network (LAN). Blinking The AMG1302-T11C is sending/receiving data to /from the LAN.
Page 16: Using The Wps Button
Press the WPS button for 1-5 seconds and release it. See below for WPS button location. Press the WPS button on another WPS-enabled device within range of the AMG1302-T11C. The WPS LED should flash while the AMG1302-T11C sets up a WPS connection with the other wireless device.
Page 17: Using The Reset Button
1.8 Ways to Manage the AMG1302-T11C Use any of the following methods to manage the AMG1302-T11C. • Web Configurator. This is recommended for everyday management of the AMG1302-T11C using a (supported) web browser. • FTP for firmware upgrades and configuration backup/restore.
Page 18: Introducing The Web Configurator
Internet Explorer. 2.1.1 Accessing the Web Configurator Make sure your AMG1302-T11C hardware is properly connected (refer to the Quick Start Guide). Launch your web browser. Type "192.168.1.1" as the URL.
Page 19 Chapter 2 Introducing the Web Configurator Note: For security reasons, the AMG1302-T11C automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. The following screen displays if you have not yet changed your password. It is strongly recommended you change the default password.
Page 20 Chapter 2 Introducing the Web Configurator Figure 6 Connection Status Click System Info to display the System Info screen, where you can view the AMG1302-T11C’s interface and system information. AMG1302-T11C User’s Guide...
Page 21: The Web Configurator Layout
• A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar shows the following icon in the upper right corner. Click this icon to log out of the web configurator. AMG1302-T11C User’s Guide...
Page 22: Main Window
Chapter 5 on page 61 for more information about the Connection Status screen. 2.2.3 Navigation Panel Use the menu items on the navigation panel to open screens to configure AMG1302-T11C features. The following table describes each menu item. Table 2 Navigation Panel Summary...
Page 23 Use this screen to view the configured firewall rules and add, edit or remove a firewall rule. Use this screen to set the thresholds that the AMG1302-T11C uses to determine when to start dropping sessions that are not fully established (half-open sessions).
Page 24 Users Account Use this screen to configure the passwords your user accounts. TR-069 Client TR-069 Client Use this screen to configure the AMG1302-T11C to be managed by an Auto Configuration Server (ACS). System System Use this screen to configure management inactivity time-out setting.
Page 25: Quick Start Wizard
Leave the defaults in any fields for which you were not given information. The screen and fields to enter may vary depending on your current connection type. Configure the field and click Next to continue. AMG1302-T11C User’s Guide...
Page 26 Enter the IP address of the AMG1302-T11C. Default Gateway Enter the default gateway of the ZyXEL Device. Primary DNS Enter the primary DNS server IP address for the AMG1302-T11C. Server Secondary DNS Enter the secondary DNS server IP address for the AMG1302-T11C.
Page 27 You must specify a gateway IP address (supplied by your ISP) when you use ENET ENCAP in the Encapsulation field in the previous screen. Primary DNS Enter the primary DNS server IP address for the AMG1302-T11C. Server Secondary DNS Enter the secondary DNS server IP address for the AMG1302-T11C.
Page 28 Enter the Virtual Channel Identifier (VCI) assigned to you. This field may already be configured. IP Address Enter the IP address of the AMG1302-T11C. Primary DNS Enter the primary DNS server IP address for the AMG1302-T11C. Server Secondary DNS Enter the secondary DNS server IP address for the AMG1302-T11C. Server Back Click this to return to the previous screen without saving.
Page 29 IP Address Enter the IP address of the AMG1302-T11C. Primary DNS Enter the primary DNS server IP address for the AMG1302-T11C. Server Secondary DNS Enter the secondary DNS server IP address for the AMG1302-T11C.
Page 30 Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. Network If you change this field on the AMG1302-T11C, make sure all wireless stations use the same Name(SSID) SSID in order to access the network.
Page 31 Refer to the rest of this guide for more detailed information on the complete range of AMG1302- T11C features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. AMG1302-T11C User’s Guide...
Page 32: Tutorials
Connect the AMG1302-T11C properly. Refer to the Quick Start Guide for details on the AMG1302- T11C’s hardware connection. Connect one end of a DSL cable to the DSL port of your AMG1302-T11C. The other end should be connected to the DSL port in your house or a DSL router/modem provided by your ISP.
Page 33: Account Configuration
My DSL Multiplex IPv6/IPv4 Dual Enabled Stack Auto Authentication Others IP Address: Obtain IP Address Automatically DNS Server: Obtained From ISP IPv6 Address: Obtain IPv6 Address Automatically DHCP IPv6: DHCP DHCP PD: Enable WAN Identifier Type: EUI64 AMG1302-T11C User’s Guide...
Page 34 Chapter 4 Tutorials Go to Network Setting > Broadband, enter or select these values and click Apply. This completes your DSL WAN connection setting. AMG1302-T11C User’s Guide...
Page 35: Ipv6 Address Configuration
Chapter 4 Tutorials 4.3 IPv6 Address Configuration If the ISP’s network supports IPv6, the ISP may assign an IPv6 address to the AMG1302-T11C automatically. IPv6 IPv6 IPv6 In the Network Setting > Broadband screen’s IPv6 Address configuration section, select Obtain an IP Address Automatically. In the DHCP IPv6 field select DHCP to obtain an IPv6 address from a DHCPv6 server.
Page 36: Configuring The Wireless Network Settings
Click Network Setting > Wireless to open the General screen. Configure the screen using the provided parameters (see page 36). Click Apply. Click Network Setting > Wireless > Advanced and make sure 802.11b+g+n is selected in the 802.11 Mode field. Click Apply. AMG1302-T11C User’s Guide...
Page 37: Using Wps
AMG1302-T11C. Push Button Configuration (PBC) Make sure that your AMG1302-T11C is turned on and your notebook is within the cover range of the wireless signal. Make sure that you have installed the wireless client driver and utility in your notebook.
Page 38 You must press the second button within two minutes of pressing the first one. The AMG1302-T11C sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the AMG1302-T11C securely.
Page 39: Wireless Client
COMMUNICATION PIN Configuration When you use the PIN configuration method, you need to use both the AMG1302-T11C’s web config ur at or and the wireless client’s utility. Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number.
Page 40 AMG1302-T11C’s WPS screen within two minutes. The AMG1302-T11C authenticates the wireless client and sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the AMG1302-T11C securely.
Page 41: Connecting Wirelessly To Your Amg1302-T11C
COMMUNICATION 4.4.3 Connecting Wirelessly to your AMG1302-T11C This section describes how to connect wirelessly to your AMG1302-T11C. The connection procedure is shown here using Windows XP as an example. Right-click the wireless adapter icon which appears in the bottom right of your computer monitor.
Page 42 Chapter 4 Tutorials Tutorial: Status Select the AMG1302-T11C’s SSID name and click Connect (A). The SSID “SecureWirelessNetwork” is given here as an example. Tutorial: Status You are prompted to enter a password. Enter it and click Connect. Tutorial: Status You may have to wait several minutes while your computer connects to the wireless network.
Page 43: Configuring The Mac Address Filter For Restricting Wireless Internet Access
Congratulations! Your computer is now ready to connect to the Internet wirelessly through your AMG1302-T11C. Note: If you cannot connect wirelessly to the AMG1302-T11C, check you have selected the correct SSID and entered the correct security key. If that does not work, ensure your wireless network adapter is enabled by clicking on the wireless adapter icon and clicking Enable.
Page 44: Setting Up Nat Forwarding For A Game Server
4.6 Setting Up NAT Forwarding for a Game Server Thomas manages a Doom server on a computer behind the AMG1302-T11C. In order for players on the Internet (like A in the figure below) coming through the default WAN connection (PVC0) to communicate with the Doom server, Thomas can use port forwarding.
Page 45: Port Forwarding
666 4.6.1 Port Forwarding Thomas needs to configure the port settings and IP address on the AMG1302-T11C. Traffic should be forwarded to port 666 of the Doom server computer which has an IP address of 192.168.1.34. Thomas may set up the port settings by configuring the port settings for the Doom server computer (see Section 11.3 on page 150...
Page 46: Configuring Firewall Rules To Allow A Specified Service
Chapter 4 Tutorials The port forwarding settings you configured appear in the table. The AMG1302-T11C forwards port 666 traffic to the computer with IP address 192.168.1.34. Players on the Internet then can have access to Thomas’ Doom server. 4.7 Configuring Firewall Rules to Allow a Specified Service By default the firewall will block traffic originating from the WAN (1).
Page 47 The Add New Firewall Rule screen will appear. Click the Edit Customized Services button to access the following screen. Click Add and configure the following settings. In this tutorial, a hypothetical port 123 is allowed. Click OK. Service Name My_Service Service Type Port Number AMG1302-T11C User’s Guide...
Page 48 Chapter 4 Tutorials Tutorial: Advanced > QoS > Queue Setup In the Add New Firewall Rule screen, select Active. In the Available Services field, select the service you configured, My_Service. Click OK. Tutorial: Advanced > QoS > Queue Setup AMG1302-T11C User’s Guide...
Page 49: Configuring Static Route For Routing To Another Network
T11C’s WAN default gateway by default. In this case, B will never receive the traffic. You need to specify a static routing rule on the AMG1302-T11C to specify R as the router in charge of forwarding traffic to N2. In this case, the AMG1302-T11C routes traffic from A to R and then R routes the traffic to B.
Page 50 192.168.10.2 192.168.10.33 To configure a static route to route traffic from N1 to N2: Log into the AMG1302-T11C’s Web Configurator. Click Network Setting > Static Route. Click Edit on a new rule in the Static Route screen. Configure the Static Route Setup screen using the following settings: Type 192.168.10.0 and subnet mask 255.255.255.0 for the destination, N2.
Page 51: Port Binding Configuration
4.9.1 Configuring ATM QoS for Multiple WAN Connections This example shows an application for multiple WAN connections with different ATM QoS Settings. More than one WAN connection on the AMG1302-T11C may be configured to record traffic statistics or calculate service charges.
Page 52 Chapter 4 Tutorials To configure bandwidth for the data connection, select UBR with PCR in the ATM QoS Type field. Click Apply. AMG1302-T11C User’s Guide...
Page 53 ATM QoS Type field. Set the Peak Cell Rate as 4717 (divide the bandwidth 2mbps by 424) and set both the Sustain Cell Rate and Maximum Burst Size as 4716 (which is less than the peak cell rate). Click Apply to save the settings. AMG1302-T11C User’s Guide...
Page 54: Configuring Port Binding
Access the port binding screen by clicking Network Setting > Port Binding, and select Activated Port Binding to turn on the port binding feature. Click the Port Binding tab, specify the Group Index and select the ports to include in the port binding group. Click Apply. AMG1302-T11C User’s Guide...
Page 55: Configuring Qos To Prioritize Traffic
• Note the MAC address (AA:FF:AA:FF:AA:FF for example) of your computer and map it to queue Note: QoS is applied to traffic flowing out of the AMG1302-T11C. Traffic that does not match this class is assigned a priority queue based on the internal QoS mapping table on the AMG1302-T11C.
Page 56 Select Active and follow the settings as shown in the screen below. Then click OK. Note that you have to select TCP in the IP Protocol field first, then you can configure the source port range setting. AMG1302-T11C User’s Guide...
Page 57 Chapter 4 Tutorials Tutorial: Advanced > QoS > Class Setup AMG1302-T11C User’s Guide...
Page 58: Access The Amg1302-T11C From The Internet Using Ddns
4.11 Access the AMG1302-T11C from the Internet Using DDNS If you connect your AMG1302-T11C to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The AMG1302-T11C’s WAN IP address changes dynamically.
Page 59: Configuring Ddns On Your Amg1302-T11C
• Hostname: zyxelrouter.dyndns.org • Service Type: Host with IP address • IP Address: Enter the WAN IP address that your AMG1302-T11C is currently using. You can find the IP address on the AMG1302-T11C’s Web Configurator Status page. Then you will need to configure the same account and host name on the AMG1302-T11C later.
Page 60: Technical Reference
Technical Reference...
Page 61: Connection Status And System Info Screens
If you prefer to view the status in a list, click List View in the Viewing mode selection box. You can configure how often you want the AMG1302-T11C to update this screen in Refresh Interval. Figure 15 Connection Status: Icon View...
Page 62: The System Info Screen
In Icon View, if you want to view information about a client, click the client’s name and then click on Info. In List View, you can also view the client’s information. 5.3 The System Info Screen Click Connection Status > System Info to open this screen. AMG1302-T11C User’s Guide...
Page 63 Table 10 System Info Screen LABEL DESCRIPTION Refresh Interval Select how often you want the AMG1302-T11C to update this screen from the drop- down list box. Device Information Host Name This field displays the AMG1302-T11C system name. It is used for identification.
Page 64 This is the primary/secondary DNS server IP address assigned to the AMG1302-T11C. Secondary DNS IPv6 Global IP This is the current IPv6 address of the AMG1302-T11C in the WAN. Click this to go to the screen where you can change it. IPv6 Prefix This is the current IPv6 prefix length in the WAN.
Page 65 This field displays how long the DSL connection has been active. System Up Time This field displays how long the AMG1302-T11C has been running since it last started up. The AMG1302-T11C starts up when you plug it in, when you restart it (Maintenance >...
Page 66 This field displays what percentage of the AMG1302-T11C’s memory is currently used. Usually, this percentage should not increase much. If memory usage does get close to 100% and remains like that for a high period of time, the AMG1302-T11C may become unstable and you should restart it. See...
Page 67: Broadband
WAN IP Address The WAN IP address is an IP address for the AMG1302-T11C, which makes it accessible from an outside network. It is used by the AMG1302-T11C to communicate with other devices in other AMG1302-T11C User’s Guide...
Page 68: Before You Begin
Chapter 6 Broadband networks. It can be static (fixed) or dynamically assigned by the ISP each time the AMG1302-T11C tries to access the Internet. If your ISP assigns you a static WAN IP address, they should also assign you the subnet mask and DNS server IP address(es) (and a gateway IP address if you use the Ethernet or ENET ENCAP encapsulation method).
Page 69 Chapter 6 Broadband Figure 19 Network Setting > Broadband > Internet Connection > Auto Sync Up AMG1302-T11C User’s Guide...
Page 70 Chapter 6 Broadband Figure 20 Network Setting > Broadband > Internet Connection > Ethernet(ETH1) AMG1302-T11C User’s Guide...
Page 71 Other options are ADSL2+, ADSL2, G.DMT, T1.413 and G.lite. The AMG1302-T11C supports Ethernet(ETH1) mode. To select this mode, connect a modem or router to the WAN port and select Ethernet(ETH1). Note: The AMG1302-T11C reboots when transferring to and from Ethernet(ETH1) type.
Page 72 IPv6/IPv4 Dual Stack Select IPv4 if you want the AMG1302-T11C to run IPv4 only. Select IPv4/IPv6 to allow the AMG1302-T11C to run IPv4 and IPv6 at the same time. Select IPv6 if you want the AMG1302-T11C to run IPv6 only.
Page 73 DNS server, you must know a computer’s IP address in order to access it. IPv6 Address Obtain an IP Address Select this option if you want to have the AMG1302-T11C use the IPv6 prefix from the Automatically connected router’s Router Advertisement (RA) to generate an IPv6 address.
Page 74: Advanced Setup
M/O (Managed/Other) flag values in the router advertisements sending to hosts. • If M flag is 1, the AMG1302-T11C will indicate to hosts to obtain network settings (such as WAN IP, LAN prefix and DNS settings) through DHCPv6. •...
Page 75 IGMP-v3. Select None to disable it. MLD Proxy Select the version of MLD proxy (v1 or v2) to have the AMG1302-T11C act as for this connection. This allows the AMG1302-T11C to get subscription information and maintain a joined member list for each multicast group. It can reduce multicast traffic significantly.
Page 76: The More Connections Screen
For PPPoA and RFC 1483, the MTU is 65535. 6.3 The More Connections Screen The AMG1302-T11C allows you to configure more than one Internet access connection. To configure additional Internet access connections click Network Setting > Broadband > More Connections. The screen differs by the encapsulation you select. When you use the Broadband >...
Page 77: More Connections Edit
WAN connection. Encapsulation This field indicates the encapsulation method of the Internet connection. Default Route This field displays whether the AMG1302-T11C use the WAN interface of this connection Enable as the system default gateway. Modify The first (ISP) connection is read-only in this screen. Use the Broadband > Internet Connection screen to edit it.
Page 78 Select Router from the drop-down list box if your ISP allows multiple computers to share an Internet account. If you select Bridge, the AMG1302-T11C will forward any packet that it does not route to this remote node; otherwise, the packets are discarded.
Page 79 Select IPv4 if you want the AMG1302-T11C to run IPv4 only. Stack Select IPv4/IPv6 to allow the AMG1302-T11C to run IPv4 and IPv6 at the same time. Select IPv6 if you want the AMG1302-T11C to run IPv6 only. This field is not available when you select IPoA in the Encapsulation field.
Page 80 Table 14 Network Setting > Broadband > More Connections: Edit (continued) LABEL DESCRIPTION IPv6 Address Obtain an IP Select this option if you want to have the AMG1302-T11C use the IPv6 prefix from the Address connected router’s Router Advertisement (RA) to generate an IPv6 address. Automatically Static IP Address Select this if you have a fixed IPv6 address assigned by your ISP.
Page 81: Configuring More Connections Advanced Setup
Click this to return to the previous screen without saving. 6.3.2 Configuring More Connections Advanced Setup Use this screen to edit your AMG1302-T11C's advanced WAN settings. Click the Advanced Setup arrow icon in the More Connections Edit screen. The screen appears as shown.
Page 82: Wan Technical Reference
This section provides some technical background information about the topics covered in this chapter. 6.4.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The AMG1302-T11C supports the following methods. 6.4.1.1 ENET ENCAP The MAC Encapsulated Routing Link Protocol (ENET ENCAP) is only implemented with the IP network protocol.
Page 83: Multiplexing
By implementing PPPoE directly on the AMG1302-T11C (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the AMG1302-T11C does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 84: Nailed-Up Connection (Ppp)
Address and Gateway IP Address fields as supplied by your ISP. However for a dynamic IP, the AMG1302-T11C acts as a DHCP client on the WAN port and so the IP Address and Gateway IP Address fields are not applicable (N/A) as the DHCP server assigns them to the AMG1302-T11C.
Page 85: Atm Traffic Classes
An example of an VBR-RT connection would be video conferencing. Video conferencing requires real-time data transfers and the bandwidth requirement varies in proportion to the video image's changing dynamics. AMG1302-T11C User’s Guide...
Page 86 Unspecified Bit Rate (UBR) The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers. However, UBR doesn't guarantee any bandwidth and only delivers traffic when the network has spare bandwidth. An example application is background file transfer. AMG1302-T11C User’s Guide...
Page 87: Wireless Lan
• Performing other performance-related wireless tasks. 7.1.1 What You Can Do in the Wireless LAN Screens This section describes the AMG1302-T11C’s Network Setting > Wireless screens. Use these screens to set up your AMG1302-T11C’s wireless connection. • Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode (Section 7.2 on page...
Page 88: What You Need To Know About Wireless
Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode. Note: If you are configuring the AMG1302-T11C from a computer connected to the wireless LAN and you change the AMG1302-T11C’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.
Page 89 Select this to keep the wireless clients in this SSID from communicating with clients in Isolation other SSIDs or wired LAN devices through the AMG1302-T11C. Select both Client Isolation and MBSSID/LAN Isolation to allow this SSID’s wireless clients to only connect to the Internet through the AMG1302-T11C. AMG1302-T11C User’s Guide...
Page 90: No Security
Select No Security to allow wireless stations to communicate with the access points without any data encryption or authentication. Note: If you do not enable any wireless security on your AMG1302-T11C, your network is accessible to any wireless networking device that is within range.
Page 91 Password The password (WEP key) are used to encrypt data. Both the AMG1302-T11C and the wireless stations must use the same password (WEP key) for data transmission. If you chose 64Bits WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
Page 92: More Secure (Wpa(2)-Psk)
The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the AMG1302-T11C and the connecting client share a common password in order to validate the connection. This type of encryption, while robust, is not as strong as WPA, WPA2 or even WPA2-PSK.
Page 93: Wpa(2) Authentication
Encryption This field displays the encryption type for data encryption. If you choose WPA-PSK as the security mode, the AMG1302-T11C uses TKIP for data encryption. If you choose WPA2-PSK as the security mode and enable WPA-PSK Compatible, the AMG1302-T11C uses either TKIP and AES (TKIPAES MIX) for data encryption.
Page 94: The More/Guest Ap Screen
Timer to reauthenticate itself to the server again. WPA Compatible This field is only available for WPA2. Select this if you want the AMG1302-T11C to support WPA and WPA2 simultaneously. Group Key Update The Group Key Update Timer is the rate at which the RADIUS server sends a new Timer group key out to all clients.
Page 95: More/Guest Ap Edit
SSID is not active. SSID An SSID profile is the set of parameters relating to one of the AMG1302-T11C’s BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated.
Page 96: The Mac Authentication Screen
Click Cancel to exit this screen without saving. 7.4 The MAC Authentication Screen This screen allows you to configure the AMG1302-T11C to give exclusive access to specific devices (Allow) or exclude specific devices from accessing the AMG1302-T11C (Deny). Every Ethernet device has a unique MAC (Media Access Control) address.
Page 97: Mac Address Add/Edit
Chapter 7 Wireless LAN Use this screen to view your AMG1302-T11C’s MAC filter settings and add new MAC filter rules. Click Network Setting > Wireless > MAC Authentication. The screen appears as shown. Figure 33 Network Setting > Wireless > MAC Authentication The following table describes the labels in this screen.
Page 98: The Wps Screen
Mac Address Enter the MAC addresses of the wireless devices that are allowed or denied access to the AMG1302-T11C in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
Page 99 Click this button to add another WPS-enabled wireless device (within wireless range of the AMG1302-T11C) to your wireless network. This button may either be a physical button on the outside of device, or a menu button similar to the WPS button on this screen.
Page 100: The Wds Screen
PIN in the configuration utility of the device you want to connect to using WPS. The PIN is not necessary when you use WPS push-button method. Click the Generate New PIN button to have the AMG1302-T11C create a new PIN. Status...
Page 101: The Wmm Screen
This is the index number of the individual WDS link. Active Select this to activate the link between the AMG1302-T11C and the peer device to which this entry refers. When you do not select the check box this link is down.
Page 102: The Scheduling Screen
7.8 The Scheduling Screen The wireless LAN can be scheduled to disable on certain days and at certain times. Use this screen to view the wireless scheduling rules on the AMG1302-T11C. Click Network Setting > Wireless > Scheduling. The following screen displays.
Page 103: Scheduling Rule Add/Edit
7.9 The Advanced Screen Use this screen to configure advanced wireless settings. Click Network Setting > Wireless > Advanced, the screen appears as shown. Section 7.10.2 on page 107 for detailed definitions of the terms listed in this screen. AMG1302-T11C User’s Guide...
Page 104 AMG1302-T11C. Select 802.11b+g to allow either IEEE 802.11b or IEEE 802.11g compliant WLAN devices to associate with the AMG1302-T11C. The transmission rate of your AMG1302-T11C might be reduced. Select 802.11n to allow only IEEE 802.11n compliant WLAN devices to associate with the AMG1302-T11C.
Page 105: Wireless Lan Technical Reference
This field is available only when you set the 802.11 Mode to 802.11n, 802.11g+n or 802.11b+g+n. E-mail notification when the wireless guest visit Enable E-mail Select this to have the AMG1302-T11C e-mail you a notification when a wireless client is notification connected to the wireless network. SMTP...
Page 106 The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your AMG1302-T11C is the AP. Every wireless network must follow these basic guidelines.
Page 107: Additional Wireless Terms
A preamble affects the timing in your wireless network. There are two preamble modes: long and short. If a device uses a different preamble mode than the AMG1302-T11C does, it cannot communicate with the AMG1302-T11C. Authentication The process of verifying whether a wireless device is allowed to use the wireless network.
Page 108: User Authentication
User’s Guide or other documentation. You can use the MAC address filter to tell the AMG1302-T11C which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security).
Page 109: Signal Problems
When you select WPA2 or WPA2-PSK in your AMG1302-T11C, you can also select an option (WPA compatible) to support WPA as well. In this case, if some of the devices support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the AMG1302-T11C.
Page 110: Bss
• You must use different keys for different BSSs. If two wireless devices have different BSSIDs (they are in different BSSs), but have the same keys, they may hear each other’s communications (but not communicate with each other). AMG1302-T11C User’s Guide...
Page 111: Wireless Distribution System (Wds)
AP 2 7.10.8 WiFi Protected Setup (WPS) Your AMG1302-T11C supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually.
Page 112: Pin Configuration
Section 7.6 on page 100). Press the button on one of the devices (it doesn’t matter which). For the AMG1302-T11C you must press the WPS button for more than three seconds. Within two minutes, press the button on the other device. The registrar sends the network name (SSID) and security key through an secure connection to the enrollee.
Page 113 If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly. The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. AMG1302-T11C User’s Guide...
Page 114: Example Wps Network Setup
When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information. AMG1302-T11C User’s Guide...
Page 115 In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. AMG1302-T11C User’s Guide...
Page 116: Limitations Of Wps
If this happens, open the access point’s configuration interface and look at the list of associated clients (usually displayed by MAC address). It does not matter if the AMG1302-T11C User’s Guide...
Page 117 Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. AMG1302-T11C User’s Guide...
Page 118: Home Networking
• Use the IP Alias screen (Section 8.4 on page 123) to change your AMG1302-T11C’s IP alias settings. • Use the UPnP screen to enable UPnP and UPnP NAT traversal on the AMG1302-T11C (Section 8.5 on page 124). • Use the IPv6 LAN Setup screen (Section 8.6 on page...
Page 119 DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your AMG1302-T11C an IP address, subnet mask, DNS and other routing information when it's turned on. DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa.
Page 120: Before You Begin
8.2 The LAN Setup Screen Use this screen to set the Local Area Network IP address, subnet mask and advanced networking settings such as RIP, multicast of your AMG1302-T11C. Click Network Setting > Home Networking to open the LAN Setup screen.
Page 121 DESCRIPTION LAN IP Setup IP Address Enter the LAN IP address you want to assign to your AMG1302-T11C in dotted decimal notation, for example, 192.168.1.1 (factory default). Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
Page 122: The Static Dhcp Screen
00:A0:C5:00:00:02. Use this screen to change your AMG1302-T11C’s static DHCP settings. Click Network Setting > Home Networking > Static DHCP to open the following screen. Figure 50 Network Setting > Home Networking > Static DHCP The following table describes the labels in this screen.
Page 123: The Ip Alias Screen
(subnet). 8.4.1 Configuring the LAN IP Alias Screen Use this screen to change your AMG1302-T11C’s IP alias settings. Click Network Setting > Home Networking > IP Alias to open the following screen. Figure 52 Network Setting > Home Networking > IP Alias...
Page 124: The Upnp Screen
119 for more information on UPnP. Use the following screen to enable or disable the UPnP function on your AMG1302-T11C. Click Network Setting > Home Networking > UPnP to display the screen shown next. Figure 53 Network Setting > Home Networking > UPnP The following table describes the labels in this screen.
Page 125 EUI-64 format to generate a link local address from the Ethernet MAC address. IPv6 Address If you selected Manual in the Link Local Address Type field, enter the LAN IPv6 address you want to assign to your AMG1302-T11C in hexadecimal notation, for example, fe80::1 (factory default). Prefix Enter the address prefix to specify how many most significant bits in an IPv6 address compose the network address.
Page 126 DHCPv6 server is disabled. Stateful: The AMG1302-T11C uses IPv6 stateful autoconfiguration. The DHCPv6 server is enabled to have the AMG1302-T11C act as a DHCPv6 server and pass IPv6 addresses to DHCPv6 clients. Stateless and Stateful: The AMG1302-T11C uses both IPv6 stateless and stateful autoconfiguration.
Page 127 Table 37 Network Setting > Home Networking > IPv6 LAN Setup LABEL DESCRIPTION DNSv6 Mode Select the DNS role (Proxy or Relay) that you want the AMG1302-T11C to act in the IPv6 LAN network. Alternatively, select Manual and specify the DNS servers’ IPv6 address in the fields below. Primary DNS This field is available if you choose Manual as the DNSv6 mode.
Page 128: Home Networking Technical Reference
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the AMG1302-T11C as a DHCP server or disable it. When configured as a server, the AMG1302-T11C provides the TCP/IP...
Page 129: Dns Server Addresses
LAN, or else the computer must be manually configured. IP Pool Setup The AMG1302-T11C is pre-configured with a pool of IP addresses for the DHCP clients (DHCP Pool). Do not assign static IP addresses from the DHCP pool to your LAN computers.
Page 130: Rip Setup
• Both - the AMG1302-T11C will broadcast its routing table periodically and incorporate the RIP information that it receives. • In Only - the AMG1302-T11C will not send any RIP packets but will accept all RIP packets received. • Out Only - the AMG1302-T11C will send out RIP packets but will not accept any RIP packets received.
Page 131: Multicast
At start up, the AMG1302-T11C queries all directly connected networks to gather group membership. After that, the AMG1302-T11C periodically updates this information. IP multicasting can be enabled/disabled on the AMG1302-T11C LAN and/or WAN interfaces in the web configurator (LAN; WAN). Select None to disable IP multicasting on these interfaces.
Page 132: Static Route
9.1 Overview The AMG1302-T11C usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the AMG1302-T11C send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the AMG1302-T11C’s LAN interface.
Page 133: What You Can Do In The Static Route Screens
Click the Edit icon to go to the screen where you can set up a static route on the AMG1302-T11C. Click the Delete icon to remove a static route from the AMG1302-T11C. A window displays asking you to confirm that you want to delete the route.
Page 134: Ipv6 Static Route
Use this screen to view the IPv6 static route rules. Click Network Setting > Static Route > IPv6 Static Route to open the IPv6 Static Route screen. Figure 59 Network Setting > Static Route > IPv6 Static Route AMG1302-T11C User’s Guide...
Page 135: Ipv6 Static Route Edit
Click the Edit icon to go to the screen where you can set up a static route on the AMG1302-T11C. Click the Remove icon to remove a static route from the AMG1302-T11C. A window displays asking you to confirm that you want to delete the route.
Page 136 Gateway IPv6 Enter the IPv6 address of the gateway. Address PVC IPv6 Address Select the interface through which the traffic is routed. Click this to save your changes. Cancel Click this to restore your previously saved settings. AMG1302-T11C User’s Guide...
Page 137: Quality Of Service (Qos)
Quality of Service (QoS) 10.1 Overview Use the QoS screen to set up your AMG1302-T11C to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth. QoS allows the AMG1302-T11C to group and prioritize application traffic and fine-tune network performance.
Page 138: What You Need To Know About Qos
10.2 The Quality of Service General Screen Use this screen to enable or disable QoS and set the upstream bandwidth. Click Network Setting > QoS > General to open the screen as shown next. Figure 62 Network Setting > QoS > General AMG1302-T11C User’s Guide...
Page 139: The Queue Screen
A gray bulb signifies that this queue is not active. Name This shows the descriptive name of this queue. Interface This shows the name of the AMG1302-T11C’s interface through which traffic in this queue passes. Priority This shows the priority of this queue. Weight This shows the weight of this queue.
Page 140: Adding A Qos Queue
Weight Select the weight (from 1 to 8) of this queue. If two queues have the same priority level, the AMG1302-T11C divides the bandwidth across the queues according to their weights. Queues with larger weights get more bandwidth than queues with smaller weights.
Page 141: The Class Setup Screen
(such as Telnet) to form a flow. You can give different priorities to traffic that the AMG1302-T11C forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly. Similarly, give low priority to many large file downloads so that they do not reduce the quality of other applications.
Page 142 Chapter 10 Quality of Service (QoS) Figure 66 QoS > Class Setup Add/Edit AMG1302-T11C User’s Guide...
Page 143 If you select TCP/UDP, TCP or UDP in the IP Protocol field, select the check box and enter the port number(s) of the source. MAC Address Select the check box and enter the destination MAC address of the packet. AMG1302-T11C User’s Guide...
Page 144 Select the interface through which traffic that matches the rule is forwarded out. If you select Unchange, the AMG1302-T11C forwards traffic of this class according to the default routing table. If traffic of this class comes from a WAN interface and is in a queue that forwards traffic through the LAN/WLAN interface, the AMG1302-T11C ignores the setting here.
Page 145: The Qos Game List Screen
This field is available only when you select IP in the Ether Type field. Mark(0~63) If you select Mark, enter a DSCP value with which the AMG1302-T11C replaces the DSCP field in the packets. If you select Unchange, the AMG1302-T11C keep the DSCP field in the packets.
Page 146: Qos Technical Reference
IP precedence uses three bits of the eight-bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest. AMG1302-T11C User’s Guide...
Page 147: Automatic Priority Queue Assignment
Chapter 10 Quality of Service (QoS) 10.6.3 Automatic Priority Queue Assignment If you enable QoS on the AMG1302-T11C, the AMG1302-T11C can automatically base on the IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class.
Page 148: Network Address Translation (Nat)
• Use the DMZ screen to configure a default server (Section 11.4 on page 153). • Use the ALG screen to enable and disable the SIP (VoIP) ALG in the AMG1302-T11C (Section 11.5 on page 153).
Page 149: The Nat General Screen
NAT to open the following screen. Note: You must create an IP filter rule in addition to setting up NAT, to allow traffic from the WAN to be forwarded through the AMG1302-T11C. Figure 68 Network Setting > NAT > General The following table describes the labels in this screen.
Page 150: The Port Forwarding Screen
Note: If you do not assign a Default Server IP address, the AMG1302-T11C discards all packets received for ports that are not specified here or in the remote management setup.
Page 151: Port Forwarding Rule Add/Edit
11.3.2 Port Forwarding Rule Add/Edit Use this screen to add or edit a port forwarding rule. Click the Add new rule button or a rule’s edit icon in the Port Forwarding screen to display the screen as shown next. AMG1302-T11C User’s Guide...
Page 152 For a range of ports, you only need to enter the first number of the range to which you want the incoming ports translated, the device automatically calculates the last port of the translated port range. Apply Click this to save your changes. Cancel Click this to return to the previous screen without saving. AMG1302-T11C User’s Guide...
Page 153: The Dmz Screen
When the AMG1302-T11C registers with the SIP register server, the SIP ALG translates the AMG1302-T11C’s private IP address inside the SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your AMG1302-T11C is behind a SIP ALG.
Page 154: Nat Technical Reference
This chapter contains more information regarding NAT. 11.6.1 NAT Definitions Inside/outside denotes where a host is located relative to the AMG1302-T11C, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Page 155: How Nat Works
Table 56 on page 157), NAT offers the additional benefit of firewall protection. With no servers defined, your AMG1302-T11C filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
Page 156: Nat Mapping Types
11.6.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the AMG1302-T11C maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the AMG1302-T11C maps multiple local IP addresses to one global IP address.
Page 157 ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 AMG1302-T11C User’s Guide...
Page 158: Port Binding
PVC connections. The first PVC (PVC0) is for non time-sensitive data traffic. The second and third PVCs (PVC1 and PVC2) are for time sensitive Media-On-Demand (MOD) video traffic and VoIP traffic, respectively. Figure 76 Port Binding Groups Data PVC0 PVC1 VoIP PVC2 AMG1302-T11C User’s Guide...
Page 159: What You Can Do In The Port Binding Screens
Wireless LAN Select the WLAN (AP) connection to include in the port binding group. Additional APs can be enabled on the More AP screen (Section 7.3 on page 94). AMG1302-T11C User’s Guide...
Page 160: Port Binding Summary Screen
The following table describes the labels in this screen. Table 58 Network Setting > Port Binding > Port Binding Summary LABEL DESCRIPTION Group ID This field displays the group index number. Group port This field displays the ports included in the group. AMG1302-T11C User’s Guide...
Page 161: Dynamic Dns Setup
If you have a private WAN IP address, then you cannot use Dynamic DNS. 13.2 The Dynamic DNS Screen Use this screen to change your AMG1302-T11C’s DDNS. Click Network Setting > Dynamic DNS. The screen appears as shown. AMG1302-T11C User’s Guide...
Page 162 Service Provider Select your Dynamic DNS service provider. Host Name Type the domain name assigned to your AMG1302-T11C by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (","). Username Type your user name.
Page 163: Filters
HAPTER Filters 14.1 Overview This chapter introduces the type of filter supported by the AMG1302-T11C. You can configure rules to restrict traffic by MAC addresses. 14.1.1 What You Can Do in the Filter Screens • Use the Filter screen (Section 14.2 on page 163) to create MAC filter rules.
Page 164 This field shows whether the rule is activated. Mac Address This is the MAC address of the packets being filtered. Apply Click this to apply your changes. Delete Click this to remove the filter rule. Cancel Click this to restore your previously saved settings. AMG1302-T11C User’s Guide...
Page 165: Firewall
HAPTER Firewall 15.1 Overview This chapter shows you how to enable the AMG1302-T11C firewall. Use the firewall to protect your AMG1302-T11C and network from attacks by hackers on the Internet and control access to it. The firewall: • allows traffic that originates from your LAN computers to go to all other networks.
Page 166: What You Need To Know About Firewall
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The AMG1302-T11C is pre-configured to automatically detect and thwart all known DoS attacks.
Page 167: The Firewall General Screen
Chapter 15 Firewall Anti-Probing If an outside user attempts to probe an unsupported port on your AMG1302-T11C, an ICMP response packet is automatically returned. This allows the outside user to know the AMG1302-T11C exists. The AMG1302-T11C supports anti-probing, which prevents the ICMP response packet from being sent.
Page 168: The Default Action Screen
Select Reject to deny the packets and send a TCP reset packet (for a TCP packet) or an ICMP destination-unreachable message (for a UDP packet) to the sender. Select Permit to allow the passage of the packets. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. AMG1302-T11C User’s Guide...
Page 169: The Rules Screen
LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the AMG1302-T11C's memory for recording Storage Space in firewall rules it is currently using. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
Page 170: The Rules Add Screen
DESCRIPTION Source Interface This column displays the source interface to which this firewall rule applies. This is the interface through which the traffic entered the AMG1302-T11C. Please note that a blank source interface is equivalent to Any. Destination This column displays the destination interface to which this firewall rule applies. This is Interface the interface through which the traffic is destined to leave the AMG1302-T11C.
Page 171 Maximum Burst Set the maximum number of packets that can be sent at the peak rate. Number This field determines if a log for packets that match the rule is created or not. Rules/Destination Address AMG1302-T11C User’s Guide...
Page 172: Customized Services
Destination Interface Specify a destination interface to which this firewall rule applies. This is the interface through which the traffic is destined to leave the AMG1302-T11C. Please note that a blank source interface is equivalent to any. Services...
Page 173: Customized Service Add/Edit
Use this screen to add a customized rule or edit an existing rule. Click Add or the Edit icon next to a rule number in the Firewall Customized Services screen to display the following screen. Figure 87 Security > Firewall > Rules: Edit: Edit Customized Services: Add/Edit AMG1302-T11C User’s Guide...
Page 174: The Dos Screen
Cancel Click this to restore your previously saved settings. Advanced Click this to go to a screen to specify maximum thresholds at which the AMG1302-T11C will start dropping sessions. 15.5.1 The DoS Advanced Screen For DoS attacks, the AMG1302-T11C uses thresholds to determine when to start dropping sessions that do not become fully established (half-open sessions).
Page 175: Configuring Firewall Thresholds
Tune these parameters when you believe the AMG1302-T11C has been receiving DoS attacks that are not recorded in the logs or the logs show that the AMG1302-T11C is classifying normal traffic as DoS attacks. Factors influencing choices for threshold values are: The maximum number of opened sessions.
Page 176: Firewall Technical Reference
ICMP redirect packets are sent, it is important to note that it is very likely to be used as a means for a network attack. DoS Log Select to determines if a log is created or not when the AMG1302-T11C drops sessions that surpass maximum thresholds. Click this to save your changes.
Page 177 By default the AMG1302-T11C stops computers on the WAN from managing the AMG1302-T11C. You could configure one of these rules to allow a WAN computer to manage the AMG1302-T11C. Note: You also need to configure the remote management settings to allow a WAN computer to manage the AMG1302-T11C.
Page 178: Guidelines For Enhancing Security With Your Firewall
15.6.4 Triangle Route When the firewall is on, your AMG1302-T11C acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the AMG1302-T11C to protect your LAN against attacks.
Page 179 Internet (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the AMG1302-T11C’s LAN IP address), the “triangle route” (also called asymmetrical route) problem may occur. The steps below describe the “triangle route”...
Page 180 The AMG1302-T11C reroutes the packet to Gateway A, which is in Subnet 2. The reply from the WAN goes to the AMG1302-T11C. The AMG1302-T11C then sends it to the computer on the LAN in Subnet 1. Figure 93 IP Alias...
Page 181: Parental Control
16.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the AMG1302-T11C performs parental control on a specific user. 16.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules.
Page 182: Add/Edit Parental Control Rule
Figure 95 Add/Edit Parental Control Rule The following table describes the fields in this screen. Table 70 Parental Control: Add/Edit LABEL DESCRIPTION General Active Select the checkbox to activate this parental control rule. AMG1302-T11C User’s Guide...
Page 183 Custom, enter the LAN user’s MAC address. If you select All, the rule applies to all LAN users. Internet Access Schedule Select check boxes for the days that you want the AMG1302-T11C to perform parental control. Time of Day to Apply Start Time Enter the starting and ending time that the LAN user is allowed access.
Page 184: Certificate
• PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses 64 ASCII characters to convert a binary X.509 certificate into a printable form. 17.3 Local Certificates Use this screen to view the AMG1302-T11C’s summary list of certificates and certification requests. You can import the following certificates to your AMG1302-T11C: AMG1302-T11C User’s Guide...
Page 185 Expiring! or Expired! message if the certificate is about to expire or has already expired. Cert Click this button and then Save in the File Download screen. The Save As screen opens, browse to the location that you want to use and click Save. AMG1302-T11C User’s Guide...
Page 186: The Trusted Ca Screen
Click this button and then Save in the File Download screen. The Save As screen opens, browse to the location that you want to use and click Save. Replace Click this to replace the certificate(s) and save your changes back to the AMG1302-T11C. Reset Click this to clear your settings.
Page 187: Trusted Ca Import
17.5 Trusted CA Import Click Import Certificate in the Trusted CA screen to open the Import Certificate screen. You can save a trusted certification authority’s certificate to the AMG1302-T11C. Note: You must remove any spaces from the certificate’s filename before you can import the certificate.
Page 188: View Certificate
Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the AMG1302-T11C to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
Page 189: Logs
18.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the AMG1302-T11C log and then display the logs or have the AMG1302-T11C send them to an administrator (as e-mail) or to a syslog server.
Page 190: The System Log Screen
DESCRIPTION Level Select a severity level from the drop-down list box. This filters search results according to the severity level you have selected. When you select a severity, the AMG1302-T11C searches through all logs of that severity or higher. Refresh Click this to renew the log screen.
Page 191: Traffic Status
191). • Use the LAN screen to view the LAN traffic statistics (Section 19.3 on page 192). • Use the NAT screen to view the NAT status of the AMG1302-T11C’s client(s) (Section 19.4 on page 193). 19.2 The WAN Status Screen Click System Monitor >...
Page 192: The Lan Status Screen
Table 78 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Refresh Specify how often you want the AMG1302-T11C to update this screen. Interval(s) Set Interval Click this button to apply the new poll interval you entered in the Refresh Interval field.
Page 193: The Nat Screen
Table 79 System Monitor > Traffic Status > NAT LABEL DESCRIPTION Refresh Interval Specify how often you want the AMG1302-T11C to update this screen. Set Interval Click this button to apply the new poll interval you entered in the Refresh Interval field. Stop Click Stop to stop refreshing statistics.
Page 194: User Account
Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the AMG1302-T11C. Retype to Type the new password again for confirmation.
Page 195: Client
The AMG1302-T11C supports TR-069 Amendment 1 (CPE WAN Management Protocol Release 2.0) and TR-069 Amendment 2 (CPE WAN Management Protocol v1.1, Release 3.0). TR-069 is a protocol that defines how your AMG1302-T11C (ZD) can be managed via a management server (MS) such as ZyXEL’s Vantage Access.
Page 196 Disable to not allow the AMG1302-T11C to be managed by a management server. ACS URL Type the IP address or domain name of the management server. If the AMG1302-T11C is behind a NAT router that assigns it a private IP address, you will have to configure a NAT port forwarding rule on the NAT router.
Page 197 AMG1302-T11C periodically send information to the management server Inform Interval The interval is the duration in seconds for which the AMG1302-T11C must attempt to connect with the management server to send information and check for configuration updates. Enter a value between 1 and 86400 seconds.
Page 198: System Settings
Schedule Reboot Select Enable to let the AMG1302-T11C automatically restart at the scheduled time. Interval Select this option and specify the interval (in seconds) at which the AMG1302-T11C automatically restarts. Time Select this option to specify the time of the day in 24-hour format and select the day of the week you want the AMG1302-T11C to automatically restart.
Page 199: Time Setting
23.2 The Time Setting Screen To change your AMG1302-T11C’s time and date, click Maintenance > Time Setting. The screen appears as shown. Use this screen to configure the AMG1302-T11C’s time based on your local time zone. Figure 108 Maintenance > Time Setting The following table describes the fields in this screen.
Page 200 When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. Get from Time Select this radio button to have the AMG1302-T11C get the time and date from the time Server server you specified below.
Page 201: Log Setting
HAPTER Log Setting 24.1 Overview You can configure where the AMG1302-T11C sends logs and which logs and/or immediate alerts the AMG1302-T11C records in the Log Setting screen. 24.2 The Log Setting Screen To change your AMG1302-T11C’s log settings, click Maintenance > Log Setting. The screen appears as shown.
Page 202 The following table describes the fields in this screen. Table 84 Maintenance > Logs Setting LABEL DESCRIPTION Syslog Settings Syslog Logging The AMG1302-T11C sends a log to an external syslog server. Select the check box to enable syslog logging. AMG1302-T11C User’s Guide...
Page 203 Enter the time of the day in 24-hour format (for example 23:00 equals 11:00 pm) to send Sending Log the logs. Clear log after Select this to delete all the logs after the AMG1302-T11C sends an E-mail of the logs. sending mail Email Alarm Log Settings Send Alarm to Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs.
Page 204: Example E-Mail Log
|<1,02> 127|Apr 10 15 |From:192.168.1.131 To:192.168.1.255 |match |forward | 10:05:17 |UDP src port:00520 dest port:00520 |<1,02> 128|Apr 10 15 |From:192.168.1.1 To:192.168.1.255 |match |forward | 10:05:30 |UDP src port:00520 dest port:00520 |<1,02> End of Firewall Log AMG1302-T11C User’s Guide...
Page 205: Firmware Upgrade
HAPTER Firmware Upgrade 25.1 Overview This chapter explains how to upload new firmware to your AMG1302-T11C. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your AMG1302-T11C.
Page 206 Chapter 25 Firmware Upgrade Figure 112 Firmware Uploading The AMG1302-T11C automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 113 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.
Page 207: Backup/Restore And Reboot
Backup Configuration allows you to back up (save) the AMG1302-T11C’s current configuration to a file on your computer. Once your AMG1302-T11C is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Page 208 T11C to its factory defaults. The following warning screen appears. Figure 117 Reset Warning Message Wait until the AMG1302-T11C’s login screen appears. You can also press the RESET button on the rear panel to reset the factory defaults of your AMG1302-T11C. Refer to Section 1.7 on page 16...
Page 209: The Reboot Screen
Chapter 26 Backup/Restore and Reboot 26.3 The Reboot Screen System restart allows you to reboot the AMG1302-T11C remotely without turning the power off. You may need to do this if the AMG1302-T11C hangs, for example. Click Maintenance > Reboot. Click the Reboot button to have the AMG1302-T11C reboot. This does not affect the AMG1302-T11C's configuration.
Page 210: Remote Management
211) to configure through which interface(s), which services can access the AMG1302-T11C. • Your AMG1302-T11C can act as an SNMP agent, which allows a manager station to manage and monitor the AMG1302-T11C through the network. Use the SNMP screen (Section 27.3 on page 212) to change your SNMP settings.
Page 211: What You Need To Know About Remote Management
(Section 27.4 on page 214) to view and configure a list of public IP addresses which are allowed to access the AMG1302-T11C through the services configured in the Remote MGMT screen. 27.1.2 What You Need to Know About Remote Management...
Page 212: The Snmp Screen
Select the Enable check box for the corresponding services that you want to allow access to the AMG1302-T11C from all WAN connections. WAN Trust If you only want certain WAN connections to have access to to the AMG1302-T11C using the Domain corresponding services, then clear the Enable check box in the WAN column, select the Enable check box in the WAN Trust Domain column and configure the allowed IP address(es) in the Trust Domain screen.
Page 213: Configuring Snmp
SNMP allows a manager and agents to communicate for the purpose of accessing these objects. 27.3.1 Configuring SNMP To change your AMG1302-T11C’s SNMP settings, click Maintenance > RemoteMGMT > SNMP. The screen appears as shown. Figure 122 Maintenance > RemoteMGMT > SNMP The following table describes the labels in this screen.
Page 214: The Trust Domain Screen
Click Cancel to begin configuring this screen afresh. 27.4 The Trust Domain Screen Use this screen to view a list of public IP addresses which are allowed to access the AMG1302-T11C through the services configured in the Maintenance > Remote MGMT screen. Click Maintenance >...
Page 215: The Add Trust Domain Screen
Click the Delete icon to remove the trust IP address. 27.4.1 The Add Trust Domain Screen Use this screen to configure a public IP address which is allowed to access the AMG1302-T11C from the WAN. Click the Add Trust Domain button in the Maintenance > Remote MGMT > Turst Domain screen to open the following screen.
Page 216 Do you want to allow a particular (single) IP, a range of IP addresses (for instance, 192.168.1.10 to 192.169.1.50), or a subnet to access the AMG1302-T11C? Select an option from the drop-down list box that includes: Single Address, Range Address, and Subnet Address.
Page 217: Diagnostic
HAPTER Diagnostic 28.1 Overview These read-only screens display information to help you identify problems with the AMG1302-T11C. 28.1.1 What You Can Do in the Diagnostic Screens • Use the Ping screen (Section 28.2 on page 217) to ping an IP address.
Page 218: The Dsl Line Screen
Table 91 Maintenance > Diagnostic > Ping (continued) LABEL DESCRIPTION TracerouteV6 Click this to display the route path and transmission delays between the AMG1302-T11C to the IPv6 address that you entered. TracerouteV4 Click this to display the route path and transmission delays between the AMG1302-T11C to the IPv4 address that you entered.
Page 219 Click this to start the ATM loopback test. Make sure you have configured at least one PVC Test with proper VPIs/VCIs before you begin this test. The AMG1302-T11C sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the AMG1302- T11C.
Page 220: Troubleshooting
Make sure you are using the power adaptor or cord included with the AMG1302-T11C. Make sure the power adaptor or cord is connected to the AMG1302-T11C and plugged in to an appropriate power source. Make sure the power source is turned on.
Page 221: Amg1302-T11C Access And Login
Windows computers, click Start > Run, enter cmd, and then enter ipconfig. The IP address of the Default Gateway might be the IP address of the AMG1302-T11C (it depends on the network), so enter this IP address in your Internet browser.
Page 222 Lock] is not on. You cannot log in to the web configurator while someone is using Telnet to access the AMG1302- T11C. Log out of the AMG1302-T11C in the other session, or ask the person who is logged in to log out.
Page 223: Internet Access
Check the signal strength. If the signal strength is low, try moving your computer closer to the AMG1302-T11C if possible, and look around to see if there are any devices that might be interfering with the wireless network (for example, microwaves, other wireless networks, and so on).
Page 224 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications. AMG1302-T11C User’s Guide...
Page 225: Appendix A Customer Support
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Asia China • ZyXEL Communications (Shanghai) Corp. ZyXEL Communications (Beijing) Corp. ZyXEL Communications (Tianjin) Corp. • http://www.zyxel.cn India • ZyXEL Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
Page 226 • ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com/tw/zh/ Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.th Vietnam • ZyXEL Communications Corporation-Vietnam Office • http://www.zyxel.com/vn/vi Europe Austria • ZyXEL Deutschland GmbH • http://www.zyxel.de Belarus • ZyXEL BY • http://www.zyxel.by...
Page 227 Appendix A Customer Support Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ • http://www.zyxel.com/be/fr/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech Republic • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland •...
Page 228 • ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Communications ES Ltd • http://www.zyxel.es Sweden • ZyXEL Communications • http://www.zyxel.se Switzerland •...
Page 229 Appendix A Customer Support • http://www.zyxel.ch/ Turkey • ZyXEL Turkey A.S. • http://www.zyxel.com.tr • ZyXEL Communications UK Ltd. • http://www.zyxel.co.uk Ukraine • ZyXEL Ukraine • http://www.ua.zyxel.com Latin America Argentina • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Brazil • ZyXEL Communications Brasil Ltda.
Page 230 Appendix A Customer Support North America • ZyXEL Communications, Inc. - North America Headquarters • http://www.zyxel.com/us/en/ Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za AMG1302-T11C User’s Guide...
Page 231: Appendix B Setting Up Your Computer's Ip Address
After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the AMG1302-T11C’s LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window.
Page 232 • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. AMG1302-T11C User’s Guide...
Page 233 • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Figure 130 Windows 95/98/Me: TCP/IP Properties: DNS Configuration Click the Gateway tab. AMG1302-T11C User’s Guide...
Page 234 Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your AMG1302-T11C and restart your computer when prompted. Verifying Settings Click Start and then Run.
Page 235 Figure 132 Windows XP: Control Panel Right-click Local Area Connection and then click Properties. Figure 133 Windows XP: Control Panel: Network Connections: Properties Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. AMG1302-T11C User’s Guide...
Page 236 • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. Figure 135 Windows XP: Internet Protocol (TCP/IP) Properties AMG1302-T11C User’s Guide...
Page 237 • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. AMG1302-T11C User’s Guide...
Page 238 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your AMG1302-T11C and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt.
Page 239 In the Control Panel, double-click Network and Internet. Figure 139 Windows Vista: Control Panel Click Network and Sharing Center. Figure 140 Windows Vista: Network And Internet Click Manage network connections. Figure 141 Windows Vista: Network and Sharing Center AMG1302-T11C User’s Guide...
Page 240 Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 143 Windows Vista: Local Area Connection Properties The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General tab). • If you have a dynamic IP address click Obtain an IP address automatically. AMG1302-T11C User’s Guide...
Page 241 (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. AMG1302-T11C User’s Guide...
Page 242 • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. AMG1302-T11C User’s Guide...
Page 243 10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window. 11 Click Close to close the Local Area Connection Properties window. Close the Network Connections window. 13 Turn on your AMG1302-T11C and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt.
Page 244 Figure 147 Macintosh OS 8/9: Apple Menu Select Ethernet built-in from the Connect via list. Figure 148 Macintosh OS 8/9: TCP/IP For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: AMG1302-T11C User’s Guide...
Page 245 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your AMG1302-T11C in the Router address box. Close the TCP/IP Control Panel. Click Save if prompted, to save changes to your configuration.
Page 246 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your AMG1302-T11C in the Router address box. Click Apply Now and close the window.
Page 247 • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields. Click OK to save the changes and close the Ethernet Device General screen. AMG1302-T11C User’s Guide...
Page 248 (where eth0 is the name of the Ethernet card). Open the configuration file with any plain text editor. • If you have a dynamic IP address, enter in the BOOTPROTO= field. The following figure dhcp shows an example. AMG1302-T11C User’s Guide...
Page 249: Verifying Settings
Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. AMG1302-T11C User’s Guide...
Page 250 HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# AMG1302-T11C User’s Guide...
Page 251: Appendix C Ip Addresses And Subnetting
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. AMG1302-T11C User’s Guide...
Page 252: Subnet Masks
Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. AMG1302-T11C User’s Guide...
Page 253 For example, 192.1.1.0 /25 is equivalent to saying 192.1.1.0 with subnet mask 255.255.255.128. The following table shows some possible subnet masks using both notations. Table 96 Alternative Subnet Mask Notation ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.128 1000 0000 255.255.255.192 1100 0000 AMG1302-T11C User’s Guide...
Page 254 The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub- networks, A and B. AMG1302-T11C User’s Guide...
Page 255 Table 97 Subnet 1 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address (Decimal) 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.1 192.168.1.0 Broadcast Address: Highest Host ID: 192.168.1.62 192.168.1.63 AMG1302-T11C User’s Guide...
Page 256 Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 101 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS AMG1302-T11C User’s Guide...
Page 257 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the AMG1302-T11C. AMG1302-T11C User’s Guide...
Page 258 Appendix C IP Addresses and Subnetting Once you have decided on the network number, pick an IP address for your AMG1302-T11C that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
Page 259: Appendix D Pop-Up Windows, Javascripts And Java Permissions
You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. In Internet Explorer, select Tools, Internet Options, Privacy. Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. AMG1302-T11C User’s Guide...
Page 260 Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab. Select Settings…to open the Pop-up Blocker Settings screen. AMG1302-T11C User’s Guide...
Page 261 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. Click Add to move the IP address to the list of Allowed sites. Figure 166 Pop-up Blocker Settings AMG1302-T11C User’s Guide...
Page 262 Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). Click OK to close the window. AMG1302-T11C User’s Guide...
Page 263 From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window. AMG1302-T11C User’s Guide...
Page 264 JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. Click OK to close the window. Figure 170 Java (Sun) AMG1302-T11C User’s Guide...
Page 265 You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 171 Mozilla Firefox: Tools > Options Click Content to show the screen below. Select the check boxes as shown in the following screen. Figure 172 Mozilla Firefox Content Security AMG1302-T11C User’s Guide...
Page 266: Appendix E Wireless Lans
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. AMG1302-T11C User’s Guide...
Page 267 An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. AMG1302-T11C User’s Guide...
Page 268 (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. AMG1302-T11C User’s Guide...
Page 269 If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. AMG1302-T11C User’s Guide...
Page 270 Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. Wireless security methods available on the AMG1302-T11C are data encryption, wireless client authentication, restricting access by device MAC address and hiding the AMG1302-T11C identity.
Page 271 Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the AMG1302-T11C and on all wireless clients that you want to associate with it. IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features.
Page 272 For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. AMG1302-T11C User’s Guide...
Page 273 The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. AMG1302-T11C User’s Guide...
Page 274 Cipher block chaining Message authentication code Protocol (CCMP). TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm AMG1302-T11C User’s Guide...
Page 275 WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. AMG1302-T11C User’s Guide...
Page 276 The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. AMG1302-T11C User’s Guide...
Page 277: Security Parameters Summary
An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air. The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN. AMG1302-T11C User’s Guide...
Page 278 For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. AMG1302-T11C User’s Guide...
Page 279: Appendix F Ipv6
“private IP address” in IPv4. You can have the same link-local address on multiple interfaces on a device. A link-local unicast address has a predefined prefix of fe80::/10. The link-local unicast address format is as follows. Table 108 Link-local Unicast Address Format 1111 1110 10 Interface ID 10 bits 54 bits 64 bits AMG1302-T11C User’s Guide...
Page 280 All DHCP severs on a local site. FF05:0:0:0:0:0:1:3 The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group. Table 110 Reserved Multicast Address MULTICAST ADDRESS FF00:0:0:0:0:0:0:0 FF01:0:0:0:0:0:0:0 FF02:0:0:0:0:0:0:0 FF03:0:0:0:0:0:0:0 FF04:0:0:0:0:0:0:0 FF05:0:0:0:0:0:0:0 FF06:0:0:0:0:0:0:0 FF07:0:0:0:0:0:0:0 AMG1302-T11C User’s Guide...
Page 281 When IPv6 is enabled on a device, its interface automatically generates a link-local address (beginning with fe80). When the interface is connected to a network with a router and the AMG1302-T11C is set to automatically obtain an IPv6 network prefix from the router for the interface, it generates another AMG1302-T11C User’s Guide...
Page 282 The DHCP relay agent can add the remote identification (remote-ID) option and the interface-ID option to the Relay-Forward DHCPv6 messages. The remote-ID option carries a user-defined string, In IPv6, all network interfaces can be associated with several addresses. AMG1302-T11C User’s Guide...
Page 283 Prefix delegation enables an IPv6 router to use the IPv6 prefix (network address) received from the ISP (or a connected uplink router) for its LAN. The AMG1302-T11C uses the received IPv6 prefix (for example, 2001:db2::/48) to generate its LAN IP address. Through sending Router Advertisements (RAs) regularly by multicast, the AMG1302-T11C passes the IPv6 prefix information to its LAN hosts.
Page 284 If the AMG1302-T11C cannot find an entry in the neighbor cache or the state for the neighbor is not reachable, it starts the address resolution process. This helps reduce the number of IPv6 solicitation and advertisement messages.
Page 285 IPv4 address. A 6to4 address has the following format: 2002:IPv4 address:subnet ID:host ID/64 For example, if you have an IPv4 address of 192.168.1.1 (first converted to binary notation and then to the colon hexadecimal representation of ), then the 6to4 addresses is c0a8:0101 2002:c0a8:0101::1/ AMG1302-T11C User’s Guide...
Page 286 Install Dibbler and select the DHCPv6 client option on your computer. After the installation is complete, select Start > All Programs > Dibbler-DHCPv6 > Client Install as service. Select Start > Control Panel > Administrative Tools > Services. Double click Dibbler - a DHCPv6 client. AMG1302-T11C User’s Guide...
Page 287 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer. To enable IPv6 in Windows 7: Select Control Panel > Network and Sharing Center > Local Area Connection. Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. Click OK to save the change. AMG1302-T11C User’s Guide...
Page 288 IPv4 Address... : 172.16.100.61 Subnet Mask ... : 255.255.255.0 Default Gateway ..: fe80::213:49ff:feaa:7125%11 172.16.100.254 AMG1302-T11C User’s Guide...
Page 289: Appendix G Services
• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number. • If the Protocol is USER, this is the IP protocol number. • Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. AMG1302-T11C User’s Guide...
Page 290 6667 This is another popular Internet chat program. MSN Messenger 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDP The Network Basic Input/Output System is used for communication between TCP/UDP computers in a LAN. TCP/UDP TCP/UDP AMG1302-T11C User’s Guide...
Page 291 Internet. SMTP enables you to move messages from one e-mail server to another. SMTPS This is a more secure version of SMTP that runs over SSL. SNMP TCP/UDP Simple Network Management Program. SNMP-TRAPS TCP/UDP Traps for use with the SNMP (RFC:1215). AMG1302-T11C User’s Guide...
Page 292 UNIX environments. It operates over TCP/ IP networks. Its primary function is to allow users to log into remote host systems. VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the application. user- defined AMG1302-T11C User’s Guide...
Page 293: Appendix H Legal Information
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 294: European Union
ZyXEL tímto prohlašuje, že tento zařízení je ve shodě se základními požadavky a dalšími příslušnými ustanoveními (Czech) směrnice 1999/5/EC. Dansk (Danish) Undertegnede ZyXEL erklærer herved, at følgende udstyr udstyr overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF. AMG1302-T11C User’s Guide...
Page 295 The requirements for any country may evolve. ZyXEL recommends that you check with the local authorities for the latest status of their national regulations for both the 2.4GHz and 5GHz wireless LANs. The following countries have restrictions and/or requirements in addition to those given in the table labeled “Overview of Regulatory Requirements for Wireless LANs”:. Belgium AMG1302-T11C User’s Guide...
Page 296: Safety Warnings
Do not remove the plug and connect it to a power outlet by itself; always attach the plug to the power adaptor first before connecting it to a power outlet. • Do not allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord. AMG1302-T11C User’s Guide...
Page 297 Symbolen innebär att enligt lokal lagstiftning ska produkten och/eller dess batteri kastas separat från hushållsavfallet. När den här produkten når slutet av sin livslängd ska du ta den till en återvinningsstation. Vid tiden för kasseringen bidrar du till en bättre miljö och mänsklig hälsa genom att göra dig av med den på ett återvinningsställe. AMG1302-T11C User’s Guide...
Page 298 Appendix H Legal Information Environmental Product Declaration AMG1302-T11C User’s Guide...
Page 299: Zyxel Limited Warranty
To obtain the services of this warranty, contact your vendor. You may also refer to the warranty policy for the region in which you bought the device at http://www.zyxel.com/web/support_warranty_info.php. Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. AMG1302-T11C User’s Guide...
Page 300 This product contains in part some free software distributed under GPL license terms and/or GPL like licenses. Open source licenses are provided with the firmware package. You can download the latest firmware at www.zyxel.com. To obtain the source code covered under those Licenses, please contact support@zyxel.com.tw to get it. AMG1302-T11C User’s Guide...
Page 301: Index
Asynchronous Transfer Mode, see ATM viewing channel 76, 82 interference 75, 81 channel, wireless LAN 75, 81, 85 75, 81 client list status Command Line Interface, see CLI authentication 107, 108 RADIUS server compatibility, WDS automatic logout configuration backup CWMP AMG1302-T11C User’s Guide...
Page 302 DDoS default action 119, 129 documentation thresholds 167, 174, 175 related ICMP Domain Name System, see DNS LAND attack logs three-way handshake thresholds packet direction 167, 174, 175 Ping of Death DSCP rules DSL connections, status AMG1302-T11C User’s Guide...
Page 303 119, 129 LAND attack importing trusted CAs limitations Independent Basic Service Set wireless LAN See IBSS initialization vector (IV) Local Area Network, see LAN Inside Global Address, see IGA login Inside Local Address, see ILA AMG1302-T11C User’s Guide...
Page 304 74, 80, 84 summary screen 80, 148, 154, 257 activation port forwarding 149, 150 address mapping activation types configuration applications example IP alias rules default server IP address PPPoA 71, 79, 83 example PPPoE 71, 79, 82 AMG1302-T11C User’s Guide...
Page 305 71, 79, 83 RFC 3164 subnet 75, 130 subnet mask 119, 129, 252 Routing Information Protocol, see RIP subnetting RTS (Request To Send) Sustain Cell Rate, see SCR threshold 268, 269 SYN attack rules, port forwarding syslog AMG1302-T11C User’s Guide...
Page 306 WEP key Wide Area Network, see WAN WiFi Protected Access WiFi Protected Setup, see WPS wireless client configuration VBR-nRT 75, 81, 86 wireless client WPA supplicants VBR-RT 75, 81, 85 Wireless Distribution System, see WDS 72, 79, 83 AMG1302-T11C User’s Guide...
Page 307 16, 111 status wireless security Wireless tutorial wizard configuration wireless LAN WLAN interference security parameters 109, 274 key caching pre-authentication user authentication vs WPA-PSK wireless client supplicant with RADIUS application example WPA2 user authentication vs WPA2-PSK AMG1302-T11C User’s Guide...

ZyXEL Communications AMG1302-T11C User Manual

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Introduction

Chapter 2 Introducing the Web Configurator

Chapter 3 Quick Start Wizard

Chapter 4 Tutorials

Technical Reference

Part II: Technical Reference

Chapter 5 Connection Status and System Info Screens

Chapter 6 Broadband

Chapter 7 Wireless LAN

Chapter 8 Home Networking

Chapter 9 Static Route

Chapter 10 Quality of Service (Qos)

Chapter 11 Network Address Translation (NAT)

Chapter 12 Port Binding

Chapter 13 Dynamic DNS Setup

Chapter 14 Filters

Chapter 15 Firewall

Chapter 16 Parental Control

Chapter 17 Certificate

Chapter 18 Logs

Chapter 19 Traffic Status

Chapter 20 User Account

Chapter 21 Client

Chapter 22 System Settings

Chapter 23 Time Setting

Chapter 24 Log Setting

Chapter 25 Firmware Upgrade

Chapter 26 Backup/Restore and Reboot

Chapter 27 Remote Management

Chapter 28 Diagnostic

Chapter 29 Troubleshooting

Appendix A Customer Support

Appendix B Setting up Your Computer's IP Address

Appendix C IP Addresses and Subnetting

Appendix D Pop-Up Windows, Javascripts and Java Permissions

Appendix E Wireless Lans

Appendix F Ipv6

Appendix G Services

Appendix H Legal Information

Index

Quick Links

Related Manuals for ZyXEL Communications AMG1302-T11C

Summary of Contents for ZyXEL Communications AMG1302-T11C