Page 1 VSG1432-B101 Series 802.11n Wireless VDSL2 4-port Gateway Default Login Details IP Address http://192.168.1.1 User Name admin Password 1234 Firmware Version 1.10 Edition 1, 11/2010 www.zyxel.com www.zyxel.com Copyright © 2010 ZyXEL Communications Corporation...
Page 3: About This User's Guide
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ZyXEL Device using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
Page 4 In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/ web/contact_us.php for contact information.
Page 5: Document Conventions
Syntax Conventions • The VSG1432-B101 may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 6 Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server Firewall Telephone Router Switch VSG1432-B101 Series User’s Guide...
Page 7: Safety Warnings
Safety Warnings Safety Warnings • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. •...
Page 8 Safety Warnings VSG1432-B101 Series User’s Guide...
Page 9: Table Of Contents
Contents Overview Contents Overview User’s Guide ........................... 21 Introducing the VSG1432-B101 ....................23 The Web Configurator ....................... 33 Quick Start ..........................41 Tutorials ............................. 43 Technical Reference ......................67 Network Map and Status Screens ..................... 69 Broadband ..........................75 Wireless ............................. 91 Home Networking ........................
Page 10 Contents Overview VSG1432-B101 Series User’s Guide...
Page 11: Table Of Contents
Introducing the VSG1432-B101 ..................... 23 1.1 Overview ..........................23 1.2 Ways to Manage the ZyXEL Device ..................23 1.3 Good Habits for Managing the ZyXEL Device ..............23 1.4 Applications for the ZyXEL Device ..................24 1.4.1 Internet Access ......................24 1.4.2 ZyXEL Device’s USB Support ..................
Page 12 4.6 Configuring Static Route for Routing to Another Network ........... 58 4.7 Configuring QoS Queue and Class Setup ................60 4.8 Access the ZyXEL Device Using DDNS ................63 4.8.1 Registering a DDNS Account on www.dyndns.org ............ 64 4.8.2 Configuring DDNS on Your ZyXEL Device ..............64 4.8.3 Testing the DDNS Setting ..................
Page 13 Table of Contents 6.3.4 IP Address Assignment ....................87 6.3.5 NAT ..........................88 6.3.6 Traffic Shaping ......................88 6.3.7 ATM Traffic Classes ....................89 6.3.8 Introduction to VLANs ....................89 Chapter 7 Wireless ........................... 91 7.1 Overview ..........................91 7.1.1 What You Can Do in this Chapter ................91 7.1.2 What You Need to Know ....................
Page 14 8.5 Installing UPnP in Windows Example ................134 8.6 Using UPnP in Windows XP Example ................137 8.7 Technical Reference ......................142 8.7.1 LANs, WANs and the ZyXEL Device ................ 143 8.7.2 DHCP Setup ......................143 8.7.3 DNS Server Addresses .................... 143 8.7.4 LAN TCP/IP ......................
Page 15 Table of Contents 12.3 The Applications Screen ....................179 12.3.1 Add New Application ....................180 12.4 The Port Triggering Screen ..................... 181 12.4.1 Add/Edit Port Triggering Rule ................183 12.5 The DMZ Screen ......................185 12.6 The ALG Screen ......................186 12.7 The Sessions Screen ......................
Page 16 Table of Contents 16.1 Overview .......................... 215 16.1.1 What You Can Do in this Chapter ................215 16.1.2 What You Need to Know ..................216 16.2 The Firewall Screen ......................217 16.3 The Protocol Screen ....................... 217 16.3.1 Add a Protocol ...................... 219 16.4 The Access Control Screen .....................
Page 17 Table of Contents 21.1.1 What You Can Do in this Chapter ................245 21.1.2 What You Need to Know ..................246 21.2 The IPSec Status Screen ....................247 21.3 The IPSec Settings Screen .................... 248 21.3.1 Add/Edit IPSec Setting ..................249 21.3.2 Configuring Manual Key ..................
Page 18 Table of Contents Chapter 26 IGMP Status .......................... 279 26.1 Overview .......................... 279 26.1.1 What You Can Do in this Chapter ................279 26.2 The IGMP Group Screen ....................279 26.3 IGMP Statistics Screen ....................280 Chapter 27 Users Configuration ......................283 27.1 Overview .........................
Page 19 33.2 The Diagnostic Screen ....................305 Chapter 34 Troubleshooting........................307 34.1 Power, Hardware Connections, and LEDs ..............307 34.2 ZyXEL Device Access and Login ..................308 34.3 Internet Access ........................ 310 34.4 Wireless Internet Access ....................312 Chapter 35 Product Specifications ......................315 35.1 Hardware Specifications ....................
Page 20 Table of Contents VSG1432-B101 Series User’s Guide...
Page 21: User's Guide
User’s Guide...
Page 23: Introducing The Vsg1432-B101
Only use firmware for your ZyXEL Device’s specific model. Refer to the label on the bottom of your ZyXEL Device. The ZyXEL Device has a a USB port used to share files via a USB memory stick or a USB hard drive.
Page 24: Applications For The Zyxel Device
DSL or MODEM jack on a splitter or your telephone jack. You can have up to five WAN services over one ADSL, VDSL or Ethernet WAN line. The ZyXEL Device cannot work in ADSL, VDSL and Ethernet WAN mode at the same time.
Page 25: Zyxel Device's Usb Support
PPPoE Ethernet You can also configure IP filtering on the ZyXEL Device for secure Internet access. When the IP filter is on, all incoming traffic from the Internet to your network is blocked by default unless it is initiated from your network. This means that probes from the outside to your network are not allowed, but you can safely browse the Internet and download files.
Page 26: Hardware Setup
Use the built-in USB 2.0 port to share files on a USB memory stick or a USB hard drive (B). You can connect one USB hard drive to the ZyXEL Device at a time. Use FTP to access the files on the USB device.
Page 27 Chapter 1 Introducing the VSG1432-B101 To connect the stand, line up the arrow on the stand with the arrow on the bottom of the device as shown. Figure 3 Connecting the Stand VSG1432-B101 Series User’s Guide...
Page 28: Hardware Connections
Attach the antenna and point it up. Do one of the following for your Internet connection: DSL WAN: Use a telephone cable to connect your ZyXEL Device’s DSL WAN port to a telephone jack (or the DSL or modem jack on a splitter if you have one).
Page 29: Leds (Lights)
Chapter 1 Introducing the VSG1432-B101 LAN: Use an Ethernet cable to connect a computer to a LAN port for initial configuration and/or Internet access. USB: Connect a USB (version 2.0 or lower) memory stick or a USB hard drive for file sharing.
Page 30 Chapter 1 Introducing the VSG1432-B101 None of the LEDs are on if the ZyXEL Device is not receiving power. Table 1 LED Descriptions COLOR STATUS DESCRIPTION POWER Green The ZyXEL Device is receiving power and ready for use. Blinking The ZyXEL Device is self-testing.
Page 31: The Reset Button
1.9 Wireless Access The ZyXEL Device is a wireless Access Point (AP) for wireless clients, such as notebook computers or PDAs and iPads. It allows them to connect to the Internet without having to rely on inconvenient Ethernet cables.
Page 32 Once the connection is successfully made, the WLAN/WPS LED shines green. To turn off the wireless network, press the WLAN/WPS button on the front of the ZyXEL Device for one to five seconds. The WLAN/WPS LED turns off when the wireless network is off.
Page 33: The Web Configurator
Internet Explorer. 2.1.1 Accessing the Web Configurator Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). Launch your web browser. If the ZyXEL Device does not automatically re-direct you to the login screen, go to http://192.168.1.1.
Page 34 Login. For security reasons, you will be temporarily denied access to the ZyXEL Device for a period of time (15 minutes by default) if you have entered the incorrect username and password for a certain number of times (three times by default).
Page 35 The Network Map page appears. Figure 10 Network Map Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for ten minutes (default). If this happens, log in again. Click Status to display the Status screen, where you can view the ZyXEL Device’s interface and system information.
Page 36: Web Configurator Layout
Chapter 2 The Web Configurator 2.2 Web Configurator Layout Figure 11 Screen Layout As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar provides some icons in the upper right corner.
Page 37: Main Window
Chapter 5 on page 71 for more information about the Status screen. 2.2.3 Navigation Panel Use the menu items on the navigation panel to open screens to configure ZyXEL Device features. The following tables describe each menu item. Table 3 Navigation Panel Summary...
Page 38 Use this screen to turn UPnP and UPnP NAT-T on or off. Routing Static Route Use this screen to view and set up static routes on the ZyXEL Device. Policy Use this screen to configure policy routing on the ZyXEL Device.
Page 39 Use this screen to view the status of events that occurred to the ZyXEL Device. You can export or e-mail the logs. Security Log Use this screen to view the login record of the ZyXEL Device. You can export or e-mail the logs. Traffic Status Use this screen to view the status of all network traffic going through the WAN port of the ZyXEL Device.
Page 40 Chapter 2 The Web Configurator VSG1432-B101 Series User’s Guide...
Page 41: Quick Start
H A P T E R Quick Start 3.1 Overview Use the Quick Start screens to configure the ZyXEL Device’s time zone and basic Internet access and wireless settings. Note: See the technical reference chapters (starting on page 67) for background information on the features in this chapter.
Page 42 Yes and enter them in the fields that display. Click Next. Figure 13 Internet Connection Turn the wireless LAN on or off. If you keep it on, record the security settings so you can configure your wireless clients to connect to the ZyXEL Device. Click Save. Figure 14 Internet Connection Your ZyXEL Device saves your settings and attempts to connect to the Internet.
Page 43: Tutorials
Configurator. If you connect to the Internet through an ADSL connection, use the information from your Internet Service Provider (ISP) to configure the ZyXEL Device. Be sure to contact your service provider for any information you need to configure the Broadband screens.
Page 44 Chapter 4 Tutorials In this example, the DSL connection has the following information. General Connection Name MyDSLConnection Type ADSL Connection Mode Routing Encapsulation PPPoE ATM PVC Configuration VPI/VCI 36/48 Encapsulation Mode LLC/SNAP-Bridging Service Category UBR without PCR Account Information PPP User Name 1234@DSL-Ex.com PPP Password ABCDEF!
Page 45 Chapter 4 Tutorials Click Apply to save your settings. You should see a summary of your new DSL connection setup in the Broadband screen as follows. VSG1432-B101 Series User’s Guide...
Page 46: Setting Up A Secure Wireless Network
Chapter 4 Tutorials Try to connect to a website, such as zyxel.com to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens.
Page 47 Go to the Wireless > Others screen and select 802.11b/g/n Mixed in the 802.11 Mode field. Click Apply. Thomas can now use the WPS feature to establish a wireless connection between his notebook and the ZyXEL Device (see Section 4.3.2 on page 48). He can also...
Page 48: Using Wps
ZyXEL Device. Push Button Configuration (PBC) Make sure that your ZyXEL Device is turned on and your notebook is within the cover range of the wireless signal. Make sure that you have installed the wireless client driver and utility in your notebook.
Page 49 Network Settings > Wireless > WPS screen. Enable the WPS function and click Apply. Then click the Connect button. Note: Your ZyXEL Device has a WPS button located on its front panel as well as a WPS button in its configuration utility. Both buttons have exactly the same function: you can use one or the other.
Page 50: Wireless Client
Chapter 4 Tutorials The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both ZyXEL Device and wireless client. Example WPS Process: PBC Method ZyXEL Device Wireless Client...
Page 51 Chapter 4 Tutorials PIN Configuration When you use the PIN configuration method, you need to use both the ZyXEL Device’s web configurator and the wireless client’s utility. Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number.
Page 52: Without Wps
Chapter 4 Tutorials The following figure shows you how to set up a wireless network and its security on a ZyXEL Device and a wireless client by using PIN method. Example WPS Process: PIN Method Wireless Client ZyXEL Device WITHIN 2 MINUTES...
Page 53: Setting Up Multiple Wireless Groups
Chapter 4 Tutorials Note: The ZyXEL Device supports IEEE 802.11b and IEEE 802.11g wireless clients. Make sure that your notebook or computer’s wireless adapter supports one of these standards. 4.4 Setting Up Multiple Wireless Groups Company A wants to create different wireless network groups for different types of users as shown in the following figure.
Page 54 Chapter 4 Tutorials Click Network Settings > Wireless to open the General screen. Use this screen to set up the company’s general wireless network group. Configure the screen using the provided parameters and click Apply. Click Network Settings > Wireless > More AP to open the following screen. Click the Edit icon to configure the second wireless network group.
Page 55 Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. In the More AP screen, click the Edit icon to configure the third wireless network group. VSG1432-B101 Series User’s Guide...
Page 56: Setting Up Nat Port Forwarding
SSIDs are active and ready for wireless access. 4.5 Setting Up NAT Port Forwarding Thomas manages the Doom server on a computer behind the ZyXEL Device. In order for players on the Internet (like A in the figure below) to communicate with the Doom server, Thomas needs to configure the port settings and IP address on VSG1432-B101 Series User’s Guide...
Page 57 Chapter 4 Tutorials the ZyXEL Device. Traffic should be forwarded to the port 666 of the Doom server computer which has an IP address of 192.168.1.34. Tutorial: NAT Port Forwarding Setup D=192.168.1.34 port 666 Thomas may set up the port settings by configuring the port settings for the Doom server computer (see Section 12.2 on page 176...
Page 58: Configuring Static Route For Routing To Another Network
In order to extend your Intranet and control traffic flowing directions, you may connect a router to the ZyXEL Device’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings.
Page 59 Chapter 4 Tutorials You need to specify a static routing rule on the ZyXEL Device to specify R as the router in charge of forwarding traffic to N2. In this case, the ZyXEL Device routes traffic from A to R and then R routes the traffic to B.
Page 60: Configuring Qos Queue And Class Setup
Chapter 4 Tutorials Select the Active check box. Enter the Route Name as R. Type 192.168.10.0 and subnet mask 255.255.255.0 for the destination, Type 192.168.1.253 (R’s N1 address) in the Gateway IP Address field. Click Apply. Now B should be able to receive traffic from A. You may need to additionally configure B’s firewall settings to allow specific traffic to pass through.
Page 61 Chapter 4 Tutorials Note: QoS is applied to traffic flowing out of the ZyXEL Device. Traffic that does not match this class is assigned a priority queue based on the internal QoS mapping table on the ZyXEL Device. QoS Example...
Page 62 Chapter 4 Tutorials • Rate Limit: 5,000 (kbps) Tutorial: Advanced > QoS > Queue Setup Click Class Setup > Add new Classifier to create a new class. Check Active and follow the settings as shown in the screen below. Tutorial: Advanced > QoS > Class Setup VSG1432-B101 Series User’s Guide...
Page 63: Access The Zyxel Device Using Ddns
4.8 Access the ZyXEL Device Using DDNS If you connect your ZyXEL Device to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The ZyXEL Device’s WAN IP address changes dynamically. Dynamic DNS (DDNS) allows you to access the ZyXEL Device using a domain name.
Page 64: Registering A Ddns Account On Www.dyndns.org
• Hostname: zyxelrouter.dyndns.org • Service Type: Host with IP address • IP Address: Enter the WAN IP address that your ZyXEL Device is currently using. You can find the IP address on the ZyXEL Device’s Web Configurator Status page.
Page 65: Testing The Ddns Setting
• Enter the user name (UserName1) and password (12345). Click Apply. 4.8.3 Testing the DDNS Setting Now you should be able to access the ZyXEL Device from the Internet. To test this: Open a web browser on the computer (using the IP address a.b.c.d) that is connected to the Internet.
Page 66 Chapter 4 Tutorials In FileZilla enter the IP address of the ZyXEL Device (the default is 192.168.1.1), your account’s user name and password and port 21 and click Quickconnect. A screen asking for password authentication appears. File Sharing via Windows Explorer Once you log in the USB device displays in the folder.
Page 67: Technical Reference
Technical Reference...
Page 69: Network Map And Status Screens
After you log into the Web Configurator, the Network Map screen appears. This shows the network connection status of the ZyXEL Device and clients connected to You can use the Status screen to look at the current status of the ZyXEL Device, system resources, and interfaces (LAN, WAN, and WLAN).
Page 70 Chapter 5 Network Map and Status Screens If you prefer to view the status in a list, click List View in the Viewing Mode selection box. You can configure how often you want the ZyXEL Device to update this screen in Refresh Interval.
Page 71: The Status Screen
Chapter 5 Network Map and Status Screens 5.3 The Status Screen Use this screen to view the status of the ZyXEL Device. Click Status to open this screen. Figure 17 Status Screen Each field is described in the following table.
Page 72 This field displays what DHCP services the ZyXEL Device is providing to the LAN. Choices are: Server - The ZyXEL Device is a DHCP server in the LAN. It assigns IP addresses to other computers in the LAN. Relay - The ZyXEL Device acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients.
Page 73 This field displays how long the ZyXEL Device has been running since it Time last started up. The ZyXEL Device starts up when you plug it in, when you restart it (Maintenance > Reboot), or when you reset it. Current This field displays the current date and time in the ZyXEL Device.
Page 74 Chapter 5 Network Map and Status Screens VSG1432-B101 Series User’s Guide...
Page 75: Broadband
6.1 Overview This chapter describes how to configure WAN settings from the Broadband screen. Use this screen to configure your ZyXEL Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks (such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Page 76: Before You Begin
Chapter 6 Broadband WAN IP Address The WAN IP address is an IP address for the ZyXEL Device, which makes it accessible from an outside network. It is used by the ZyXEL Device to communicate with other devices in other networks. It can be static (fixed) or dynamically assigned by the ISP each time the ZyXEL Device tries to access the Internet.
Page 77: The Broadband Screen
ATM QoS This is the type of ATM QoS of the connection. IGMP Proxy This shows whether the ZyXEL Device act as an IGMP proxy on this connection. This shows whether NAT is activated or not for this connection. Default Gateway This shows whether the ZyXEL Device use the WAN interface of this connection as the system default gateway.
Page 78: Add/Edit Broadband
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 79 Chapter 6 Broadband This screen displays when you select the Routing mode and PPPoE encapsulation. Figure 20 Broadband: Add/Edit: ADSL, PPPoE Encapsulation VSG1432-B101 Series User’s Guide...
Page 80 Chapter 6 Broadband The following table describes the labels in this screen. Table 7 Broadband: Add/Edit: Routing Mode LABEL DESCRIPTION General Active Select this to activate the WAN configuration settings. Name Specify a descriptive name of up to 15 alphanumeric characters for this connection.
Page 81 • VC/MUX: In VC multiplexing, each protocol is carried on a single ATM virtual circuit (VC). To transport multiple protocols, the ZyXEL Device needs separate VCs. There is a binding between a VC and the type of the network protocol carried on the VC. This reduces payload overhead since there is no need to carry protocol information in each Protocol Data Unit (PDU) payload.
Page 82 Multicast group - it is not used to carry user data. Select this option to have the ZyXEL Device act as an IGMP proxy on this connection. This allows the ZyXEL Device to get subscribing information and maintain a joined member list for each multicast group.
Page 83 Table 7 Broadband: Add/Edit: Routing Mode LABEL DESCRIPTION Select Dynamic if you want the ZyXEL Device use the DNS server addresses assigned by your ISP. Select Static if you want the ZyXEL Device use the DNS server addresses you configure manually.
Page 84 • VC/MUX: In VC multiplexing, each protocol is carried on a single ATM virtual circuit (VC). To transport multiple protocols, the ZyXEL Device needs separate VCs. There is a binding between a VC and the type of the network protocol carried on the VC. This reduces payload overhead since there is no need to carry protocol information in each Protocol Data Unit (PDU) payload.
Page 85 802.1Q Type the VLAN ID number (from 1 to 4094) for traffic through this connection. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to exit this screen without saving. VSG1432-B101 Series User’s Guide...
Page 86: Technical Reference
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 87: Multiplexing
Chapter 6 Broadband 6.3.2 Multiplexing There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to use the multiplexing method required by your ISP. VC-based Multiplexing In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit;...
Page 88: Nat
Chapter 6 Broadband 6.3.5 NAT NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 89: Atm Traffic Classes
Chapter 6 Broadband 6.3.7 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
Page 90 Chapter 6 Broadband In Multi-Tenant Unit (MTU) applications, VLAN is vital in providing isolation and security among the subscribers. When properly configured, VLAN prevents one subscriber from accessing the network resources of another on the same LAN, thus a user will not see the printers and hard disks of another user in the same building.
Page 91: Wireless
• Use the General screen to enable the Wireless LAN, enter the SSID and select the wireless security mode (Section 7.2 on page 92). • Use the More AP screen to set up multiple wireless networks on your ZyXEL Device (Section 7.3 on page 101).
Page 92: What You Need To Know
Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode. Note: If you are configuring the ZyXEL Device from a computer connected to the wireless LAN and you change the ZyXEL Device’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.
Page 93 Channel Set the channel depending on your particular region. Select a channel or use Auto to have the ZyXEL Device automatically determine a channel to use. If you are having problems with wireless interference, changing the channel may help. Try to use a channel that is as many channels away from any channels used by neighboring APs as possible.
Page 94 Table 9 Network Settings > Wireless > General LABEL DESCRIPTION Passphrase If you set security for the wireless LAN and have the ZyXEL Device Type generate a password, the setting in this field determines how the ZyXEL Device generates the password.
Page 95: No Security
Select No Security to allow wireless stations to communicate with the access points without any data encryption or authentication. Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range.
Page 96: Basic (Wep Encryption)
WEP, use the highest encryption level available. Your ZyXEL Device allows you to configure up to four 64-bit or 128-bit WEP keys but only one key can be enabled at any one time. In order to configure and enable WEP encryption, click Network Settings >...
Page 97 Password The password (WEP keys) are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same password (WEP key) for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
Page 98: More Secure (Wpa(2)-Psk)
7.2.3 More Secure (WPA(2)-PSK) The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the ZyXEL Device and the connecting client share a common password in order to validate the connection.
Page 99: Wpa(2) Authentication
This field appears when you choose WPA-PSK2 as the Security Mode. Compatible Check this field to allow wireless devices using WPA-PSK security mode to connect to your ZyXEL Device. The ZyXEL Device supports WPA-PSK and WPA2-PSK simultaneously. Encryption Select the encryption type (AES or TKIP+AES) for data encryption.
Page 100 Click more... to show more fields in this section. Click less to hide them. WPA Compatible This field is only available for WPA2. Select this if you want the ZyXEL Device to support WPA and WPA2 simultaneously. VSG1432-B101 Series User’s Guide...
Page 101: The More Ap Screen
7.3 The More AP Screen This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the ZyXEL Device. Click Network Settings > Wireless > More AP. The following screen displays. Figure 28 Network Settings > Wireless > More AP The following table describes the labels in this screen.
Page 102: Edit More Ap
LABEL DESCRIPTION SSID An SSID profile is the set of parameters relating to one of the ZyXEL Device’s BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated. This field displays the name of the wireless profile on the network. When a wireless client scans for an AP to associate with, this is the name that is broadcast and seen in the wireless client utility.
Page 103: Mac Authentication
Click Cancel to exit this screen without saving. 7.4 MAC Authentication This screen allows you to configure the ZyXEL Device to give exclusive access to specific devices (Allow) or exclude specific devices from accessing the ZyXEL Device (Deny). Every Ethernet device has a unique MAC (Media Access Control) address.
Page 104 Chapter 7 Wireless Use this screen to view your ZyXEL Device’s MAC filter settings and add new MAC filter rules. Click Wireless > MAC Authentication. The screen appears as shown. Figure 30 Wireless > MAC Authentication The following table describes the labels in this screen.
Page 105: The Wps Screen
Chapter 7 Wireless 7.5 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your ZyXEL Device. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices.
Page 106: The Wmm Screen
Connect Click this button to add another WPS-enabled wireless device (within wireless range of the ZyXEL Device) to your wireless network. This button may either be a physical button on the outside of device, or a menu button similar to the Connect button on this screen.
Page 107: The Wds Screen
Note: WDS security is independent of the security settings between the ZyXEL Device and any wireless clients. Note: At the time of writing, WDS is compatible with other ZyXEL APs only. Not all models support WDS links. Check your other AP’s documentation.
Page 108 Wireless Bridge Setup AP Mode Select the operating mode for your ZyXEL Device. • Access Point - The ZyXEL Device functions as a bridge and access point simultaneously. • Wireless Bridge - The ZyXEL Device acts as a wireless network bridge and establishes wireless links with other APs.
Page 109: Wds Scan
Click Cancel to restore your previously saved settings. 7.7.1 WDS Scan You can click the Scan icon in Wireless > WDS to have the ZyXEL Device automatically search and display the available APs within range. Select an AP and click Apply to have the ZyXEL Device establish a wireless link with the selected wireless device.
Page 110: The Others Screen
Device scans for the best channel. Enter 0 to disable the periodical scan. Output Power Set the output power of the ZyXEL Device. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs.
Page 111: Technical Reference
Select 802.11b/g/n Mixed to allow IEEE 802.11b, IEEE 802.11g or IEEE802.11n compliant WLAN devices to associate with the ZyXEL Device. The transmission rate of your ZyXEL Device might be reduced. 802.11 Enabling this feature can help prevent collisions in mixed-mode networks Protection (networks with both IEEE 802.11b and IEEE 802.11g traffic).
Page 112 The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your ZyXEL Device is the AP. Every wireless network must follow these basic guidelines.
Page 113: Additional Wireless Terms
By setting this value lower than the default value, the wireless devices must sometimes get permission to send information to the ZyXEL Device. The lower the value, the more often the devices must get permission. If this value is greater than the fragmentation threshold value (see below), then wireless devices never have to get permission to send information to the ZyXEL Device.
Page 114: Wireless Security Overview
The following sections introduce different types of wireless security you can set up in the wireless network. 7.9.3.1 SSID Normally, the ZyXEL Device acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the ZyXEL Device does VSG1432-B101 Series User’s Guide...
Page 115: Mac Address Filter
User’s Guide or other documentation. You can use the MAC address filter to tell the ZyXEL Device which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security).
Page 116 Usually, you should set up the strongest encryption that every device in the wireless network supports. For example, suppose you have a wireless network with the ZyXEL Device and you do not have a RADIUS server. Therefore, there is no authentication. Suppose the wireless network has two devices. Device A only supports WEP, and device B supports WEP and WPA.
Page 117: Signal Problems
Chapter 7 Wireless 7.9.4 Signal Problems Because wireless networks are radio networks, their signals are subject to limitations of distance, interference and absorption. Problems with distance occur when the two radios are too far apart. Problems with interference occur when other radio waves interrupt the data signal. Interference may come from other radio transmissions, such as military or air traffic control communications, or from machines that are coincidental emitters such as electric motors or microwaves.
Page 118: Mbssid
Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference. The ZyXEL Device’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously.
Page 119: Preamble Type
APs you want to link to. Once the security settings of peer sides match one another, the connection between devices is made. At the time of writing, WDS security is compatible with other ZyXEL access points only. Refer to your other access point’s documentation for details.
Page 120: Push Button Configuration
Section 7.6 on page 106). Press the button on one of the devices (it doesn’t matter which). For the ZyXEL Device you must press the WPS button for more than three seconds. Within two minutes, press the button on the other device. The registrar sends the network name (SSID) and security key through an secure connection to the enrollee.
Page 121: Pin Configuration
Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the ZyXEL Device, see Section 7.5 on page 105).
Page 122: How Wps Works
Chapter 7 Wireless The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method. Figure 39 Example WPS Process: PIN Method ENROLLEE REGISTRAR This device’s WPS PIN: 123456 Enter WPS PIN from other device: START START...
Page 123 Chapter 7 Wireless The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. Figure 40 How WPS works ACTIVATE ACTIVATE WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes).
Page 124 Chapter 7 Wireless 7.9.9.4 Example WPS Network Setup This section shows how security settings are distributed in an example WPS setup. The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee.
Page 125: Limitations Of Wps
Chapter 7 Wireless point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. Figure 43 WPS: Example Network Step 3 EXISTING CONNECTION CLIENT 1 REGISTRAR CLIENT 2 ENROLLEE 7.9.9.5 Limitations of WPS WPS has some limitations of which you should be aware.
Page 126 Chapter 7 Wireless • When you use the PBC method, there is a short period (from the moment you press the button on one device to the moment you press the button on the other device) when any WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct”...
Page 127: Home Networking
• Use the Static DHCP screen to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses (Section 8.3 on page 132). • Use the UPnP screen to enable UPnP and UPnP NAT traversal on the ZyXEL Device (Section 8.4 on page 133).
Page 128: What You Need To Know
You can also use subnet masks to divide one network into multiple sub-networks. DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your ZyXEL Device an IP address, subnet mask, DNS and other routing information when it's turned on.
Page 129: Before You Begin
All UPnP-enabled devices may communicate freely with each other without additional configuration. Disable UPnP if this is not your intention. UPnP and ZyXEL ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0.
Page 130: The Lan Setup Screen
8.2 The LAN Setup Screen Use this screen to set the Local Area Network IP address and subnet mask of your ZyXEL Device. Click Network Settings > Home Networking to open the LAN Setup screen. Follow these steps to configure your LAN settings.
Page 131 LAN IP Setup IP Address Enter the LAN IP address you want to assign to your ZyXEL Device in dotted decimal notation, for example, 192.168.1.1 (factory default). Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
Page 132: The Static Dhcp Screen
00:A0:C5:00:00:02. Use this screen to change your ZyXEL Device’s static DHCP settings. Click Network Settings > Home Networking > Static DHCP to open the following screen.
Page 133: The Upnp Screen
Table 26 Static DHCP: Add/Edit LABEL DESCRIPTION Active This field displays whether the client is connected to the ZyXEL Device. MAC Address Enter the MAC address of a computer on your LAN. IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify.
Page 134: Installing Upnp In Windows Example
Chapter 8 Home Networking Use the following screen to configure the UPnP settings on your ZyXEL Device. Click Network Settings > Home Networking > UPnP to display the screen shown next. Figure 47 Network Settings > Home Networking > UPnP The following table describes the labels in this screen.
Page 135 Chapter 8 Home Networking Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication In the Communications window, select the Universal Plug and Play check box in the Components selection box. Add/Remove Programs: Windows Setup: Communication: Components VSG1432-B101 Series User’s Guide...
Page 136 Chapter 8 Home Networking Click OK to go back to the Add/Remove Programs Properties window and click Next. Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections.
Page 137: Using Upnp In Windows Xp Example
UPnP installed in Windows XP and UPnP activated on the ZyXEL Device. Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled Network Device Click Start and Control Panel.
Page 138 Chapter 8 Home Networking Right-click the icon and select Properties. Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties VSG1432-B101 Series User’s Guide...
Page 139 Chapter 8 Home Networking You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Page 140 Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device.
Page 141 Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Network Connections: My Network Places VSG1432-B101 Series User’s Guide...
Page 142: Technical Reference
Chapter 8 Home Networking Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Network Connections: My Network Places: Properties: Example 8.7 Technical Reference This section provides some technical background information about the topics covered in this chapter.
Page 143: Lans, Wans And The Zyxel Device
TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients. If you turn DHCP service off, you must have another DHCP server on your LAN, or else the computer must be manually configured.
Page 144: Lan Tcp/Ip
IP addresses in the DHCP Setup screen. 8.7.4 LAN TCP/IP The ZyXEL Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number.
Page 145 Chapter 8 Home Networking The subnet mask specifies the network number portion of an IP address. Your ZyXEL Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise.
Page 146 Chapter 8 Home Networking VSG1432-B101 Series User’s Guide...
Page 147: Static Routing
9.1 Overview The ZyXEL Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the ZyXEL Device send data to devices not reachable through the default gateway, use static routes.
Page 148: The Routing Screen
Chapter 9 Static Routing 9.2 The Routing Screen Use this screen to view and configure the static route rules on the ZyXEL Device. Click Network Settings > Routing > Static Route to open the following screen. Figure 50 Network Settings > Routing > Static Route The following table describes the labels in this screen.
Page 149: Add/Edit Static Route
Chapter 9 Static Routing 9.2.1 Add/Edit Static Route Use this screen to add or edit a static route. Click Add new Static Route Entry in the Routing screen or the Edit icon next to the static route you want to edit. The screen shown next appears.
Page 150 Chapter 9 Static Routing VSG1432-B101 Series User’s Guide...
Page 151: Quality Of Service (Qos)
Configure QoS on the ZyXEL Device to group and prioritize application traffic and fine-tune network performance. Setting up QoS involves these steps: Configure classifiers to sort traffic into different flows.
Page 152: What You Need To Know
Bursty traffic may cause network congestion. Traffic shaping regulates packets to be transmitted with a pre-configured data transmission rate using buffers (or queues). Your ZyXEL Device uses the Token Bucket algorithm to allow a certain amount of large bursts while keeping a limit at the average rate.
Page 153: The Quality Of Service General Screen
(Before Traffic Policing) (After Traffic Policing) The ZyXEL Device supports three incoming traffic metering algorithms: Token Bucket Filter (TBF), Single Rate Two Color Maker (srTCM), and Two Rate Two Color Marker (trTCM). You can specify actions which are performed on the colored packets.
Page 154: The Queue Setup Screen
100 Mbps. You can set this number higher than the interfaces’ actual transmission speed. The ZyXEL Device uses up to 95% of the DSL port’s actual upstream transmission speed even if you set this number higher than the DSL port’s actual transmission speed.
Page 155 A gray bulb signifies that this queue is not active. Name This shows the descriptive name of this queue. Interface This shows the name of the ZyXEL Device’s interface through which traffic in this queue passes. Priority This shows the priority of this queue. Weight This shows the weight of this queue.
Page 156: Adding A Qos Queue
Weight Select the weight (from 1 to 8) of this queue. If two queues have the same priority level, the ZyXEL Device divides the bandwidth across the queues according to their weights. Queues with larger weights get more bandwidth than queues with smaller weights.
Page 157: The Class Setup Screen
(such as Telnet) to form a flow. You can give different priorities to traffic that the ZyXEL Device forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly.
Page 158 Chapter 10 Quality of Service (QoS) Table 33 Network Settings > QoS > Class Setup LABEL DESCRIPTION To Queue This is the name of the queue in which traffic of this classifier is put. Modify Click the Edit icon to edit the classifier. Click the Delete icon to delete an existing classifier.
Page 159: Add/Edit Qos Class
Chapter 10 Quality of Service (QoS) 10.5.1 Add/Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to a classifier to open the following screen. Figure 56 Class Setup: Add/Edit VSG1432-B101 Series User’s Guide...
Page 160 Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 34 Class Setup: Add/Edit LABEL DESCRIPTION Active Select this to enable this classifier. Class Name Enter a descriptive name of up to 15 printable English keyboard characters, not including spaces.
Page 161 Chapter 10 Quality of Service (QoS) Table 34 Class Setup: Add/Edit LABEL DESCRIPTION MAC Mask Type the mask for the specified MAC address to determine which bits a packet’s MAC address should match. Enter “f” for each bit of the specified source MAC address that the traffic’s MAC address should match.
Page 162 DSCP Mark This field is available only when you select IP in the Ether Type field. If you select Mark, enter a DSCP value with which the ZyXEL Device replaces the DSCP field in the packets. If you select Unchange, the ZyXEL Device keep the DSCP field in the packets.
Page 163: The Qos Policer Setup Screen
Chapter 10 Quality of Service (QoS) 10.6 The QoS Policer Setup Screen Use this screen to configure QoS policers that allow you to limit the transmission rate of incoming traffic. Click Network Settings > QoS > Policer Setup. The screen appears as shown. Figure 57 Network Settings >...
Page 164: Add/Edit A Qos Policer
Chapter 10 Quality of Service (QoS) 10.6.1 Add/Edit a QoS Policer Click Add new Officer in the Policer Setup screen or the Edit icon next to a policer to show the following screen. Figure 58 Policer Setup: Add/Edit The following table describes the labels in this screen. Table 36 Policer Setup: Add/Edit LABEL DESCRIPTION...
Page 165: The Qos Monitor Screen
Click Cancel to exit this screen without saving. 10.7 The QoS Monitor Screen To view the ZyXEL Device’s QoS packet statistics, click Network Settings > QoS > Monitor. The screen appears as shown. Figure 59 Network Settings > QoS > Monitor The following table describes the labels in this screen.
Page 166: Technical Reference
Drop Rate This shows how many packets assigned to this queue are dropped. 10.8 Technical Reference The following section contains additional technical information about the ZyXEL Device features described in this chapter. IEEE 802.1Q Tag The IEEE 802.1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges.
Page 167 Chapter 10 Quality of Service (QoS) DiffServ QoS is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types. DiffServ (Differentiated Services) is a class of service (CoS) model that marks packets so that they receive specific per-hop treatment at DiffServ-compliant network devices along the route based on the application types and traffic flow.
Page 168 Chapter 10 Quality of Service (QoS) Automatic Priority Queue Assignment If you enable QoS on the ZyXEL Device, the ZyXEL Device can automatically base on the IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class.
Page 169 • After a packet is transmitted, a number of tokens corresponding to the packet size is removed from the bucket. • If there are no tokens in the bucket, the ZyXEL Device stops transmitting until enough tokens are generated. • If not enough tokens are available, the ZyXEL Device treats the packet in either...
Page 170 • After a packet is transmitted, a number of tokens corresponding to the packet size is removed from the CBS bucket. • If there are not enough tokens in the CBS bucket, the ZyXEL Device checks the EBS bucket. The packet is marked yellow if there are sufficient tokens in the EBS bucket.
Page 171: Policy Forwarding
Policy Forwarding 11.1 Overview Traditionally, routing is based on the destination address only and the ZyXEL Device takes the shortest path to forward a packet. Policy forwarding allows the ZyXEL Device to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator.
Page 172: Add/Edit Policy Forwarding
Chapter 11 Policy Forwarding Table 40 Network Settings > Routing > Policy Forwarding LABEL DESCRIPTION Source IP This is the source IP address. Source This is the source subnet mask address. Subnet Mask Protocol This is the transport layer protocol. SourcePort This is the source port number.
Page 173 Chapter 11 Policy Forwarding Table 41 Policy Forwarding: Add/Edit LABEL DESCRIPTION Select a WAN interface through which the traffic is sent. You must have the WAN interface(s) already configured in the Broadband screens. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
Page 174 Chapter 11 Policy Forwarding VSG1432-B101 Series User’s Guide...
Page 175: Network Address Translation (Nat)
181). • Use the DMZ screen to configure a default server (Section 12.5 on page 185). • Use the ALG screen to enable and disable the SIP (VoIP) ALG in the ZyXEL Device (Section 12.6 on page 186). • Use the Sessions screen to limit the number of concurrent NAT sessions all clients can use (Section 12.7 on page...
Page 176: The Port Forwarding Screen
Chapter 12 Network Address Translation (NAT) Global/Local Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.
Page 177 Chapter 12 Network Address Translation (NAT) Note: Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location.
Page 178: Add/Edit Port Forwarding
Chapter 12 Network Address Translation (NAT) The following table describes the fields in this screen. Table 42 Network Settings > NAT > Port Forwarding LABEL DESCRIPTION Add new rule Click this to add a new rule. This is the index number of the entry. Status This field displays whether the NAT rule is active or not.
Page 179: The Applications Screen
External Start Port field above. Internal Start This shows the port number to which you want the ZyXEL Device to Port translate the incoming port. For a range of ports, enter the first number of the range to which you want the incoming ports translated.
Page 180: Add New Application
Chapter 12 Network Address Translation (NAT) To access this screen, click Network Settings > NAT > Applications. The following screen appears. Figure 65 Network Settings > NAT > Applications The following table describes the labels in this screen. Table 44 Network Settings > NAT > Applications LABEL DESCRIPTION Add new...
Page 181: The Port Triggering Screen
WAN port receives a response with a specific port number and protocol ("open" port), the ZyXEL Device forwards the traffic to the LAN IP address of the computer that sent the request. After that computer’s connection for that service closes, another computer on the LAN can use the service in the same manner.
Page 182 Figure 67 Trigger Port Forwarding Process: Example Jane requests a file from the Real Audio server (port 7070). Port 7070 is a “trigger” port and causes the ZyXEL Device to record Jane’s computer IP address. The ZyXEL Device associates Jane's computer IP address with the "open"...
Page 183: Add/Edit Port Triggering Rule
Trigger Port The trigger port is a port (or a range of ports) that causes (or triggers) the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN. Start This is the first port number that identifies a service.
Page 184 The trigger port is a port (or a range of ports) that causes (or triggers) Port the ZyXEL Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN. Type a port number or the starting port number in a range of port numbers.
Page 185: The Dmz Screen
Address ports that are not specified in the NAT Port Forwarding screen. Note: If you do not assign a Default Server Address, the ZyXEL Device discards all packets received for ports that are not specified in the NAT Port Forwarding screen.
Page 186: The Alg Screen
SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your ZyXEL Device is behind a SIP ALG. Use this screen to enable and disable the SIP (VoIP) ALG in the ZyXEL Device. To access this screen, click Network Settings > NAT > ALG.
Page 187: Technical Reference
This part contains more information regarding NAT. 12.8.1 NAT Definitions Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Page 188: What Nat Does
If you do not define any servers (for Many-to-One and Many-to- Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
Page 189: How Nat Works
IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored.
Page 190: Nat Application
Chapter 12 Network Address Translation (NAT) 12.8.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the ZyXEL Device can communicate with three distinct WAN networks. Figure 74 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table.
Page 191 Chapter 12 Network Address Translation (NAT) Table 52 Services and Port Numbers SERVICES PORT NUMBER SNMP trap PPTP (Point-to-Point Tunneling Protocol) 1723 Port Forwarding Example Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Page 192 Chapter 12 Network Address Translation (NAT) VSG1432-B101 Series User’s Guide...
Page 193: Dynamic Dns Setup
DNS queries for certain domain names through a specific WAN interface to its DNS server(s). The ZyXEL Device uses a system DNS server (in the order you specify in the Broadband screen) to resolve domain names that do not match any DNS routing entry.
Page 194: What You Can Do In This Chapter
• Use the DNS Entry screen to view, configure, or remove DNS routes (Section 13.2 on page 195). • Use the Dynamic DNS screen to enable DDNS and configure the DDNS settings on the ZyXEL Device (Section 13.3 on page 196). 13.1.2 What You Need To Know DYNDNS Wildcard Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be...
Page 195: The Dns Entry Screen
If you have a private WAN IP address, then you cannot use Dynamic DNS. 13.2 The DNS Entry Screen Use this screen to view and configure DNS routes on the ZyXEL Device. Click Advanced > DNS Setting to open the DNS Entry screen.
Page 196: Add/Edit Dns Entry
Chapter 13 Dynamic DNS Setup 13.2.1 Add/Edit DNS Entry You can manually add or edit the ZyXEL Device’s DNS name and IP address entry. Click Add new DNS entry in the DNS Entry screen or the Edit icon next to the entry you want to edit.
Page 197 Select your Dynamic DNS service provider from the drop-down list box. Provider Hostname Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (",").
Page 198 Chapter 13 Dynamic DNS Setup VSG1432-B101 Series User’s Guide...
Page 199: Igmp
H A P T E R IGMP 14.1 Overview Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group - it is not used to carry user data.
Page 200 There should only be one upstream interface (also known as the query port) for one query VLAN on the ZyXEL Device. A downstream interface is a port that connects to a host (such as a computer).
Page 201 Proxy Hosts The ZyXEL Device will not respond to IGMP join and leave messages on the upstream interface. The ZyXEL Device only responds to IGMP query messages on the upstream interface. The ZyXEL Device sends IGMP query messages to the hosts that are members of the query VLAN.
Page 202: The Igmp General Screen
Specify how many seconds the host allots for gathering membership Interval information from directly connected networks before it sends a report. Robustness This is the number of times the host sends a report to the ZyXEL Value Device when the ZyXEL Device queries for the host’s status. IGMP Packet Select one or more of these fields to increase the IGMP network’s...
Page 203 224.0.0.1, the all-hosts multicast address. destination IP is not 224.0.0.1 Apply Click this button to save your settings back to the ZyXEL Device. Cancel Click Cancel to restore your previously saved settings. VSG1432-B101 Series User’s Guide...
Page 204: Igmp Filter Configuration
Chapter 14 IGMP 14.3 IGMP Filter Configuration Use this screen to control IGMP access. Click Network Settings > IGMP Setting > IGMP Filter to open the following screen. Figure 82 Network Settings > IGMP Setting > IGMP Filter The following table describes the fields in this screen. Table 57 Network Settings >...
Page 205 This table lists the LAN computers the ZyXEL Device has detected. LAN Host IP This is the IP address of a computer on the ZyXEL Device’s LAN. Type This shows whether or not the LAN device is a Set Top Box (STB).
Page 206: Igmp Host Limitation Edit
Chapter 14 IGMP 14.3.1 IGMP Host Limitation Edit Use this screen to control a LAN host’s access to IGMP services through the ZyXEL Device. Click Network Settings > IGMP Setting > IGMP Filter and then a LAN host’s Edit icon to open the following screen.
Page 207: Igmp Service Add
This column lists the multicast groups and subnet masks for this IGMP service domain. Modify Click the Delete icon to delete the entry. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to exit this screen without saving. VSG1432-B101 Series User’s Guide...
Page 208: Igmp Host Limitation Add
Specify the name of the IGMP multicast service domain to which you want to block or allow access. LAN Host Select the IP address of one of the ZyXEL Device’s LAN hosts. IGMP Enabled Select whether or not the LAN device using the specified IP address is allowed to use the IGMP multicast service domain.
Page 209: Igmp Acl Configuration
Select White List to allow access to only specific multicast channels and block access to other multicast channels. Select Disabled to have the ZyXEL Device not restrict which multicast channels the multimedia devices on the LAN can access. Add a new rule Click this to create a new IGMP ACL rule.
Page 210: Igmp Acl Add
Select White List to have this entry allow access to the specified multicast IP address. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to exit this screen without saving. VSG1432-B101 Series User’s Guide...
Page 211: Interface Group
Interface Group 15.1 Overview By default, all LAN and WAN interfaces on the ZyXEL Device are in the same group and can communicate with each other. Create interface groups to have the ZyXEL Device assign the IP addresses in different domains to different groups. Each group acts as an independent network on the ZyXEL Device.
Page 212 LAN Interfaces This shows the LAN interfaces in the group. DHCP Vendor IDs The ZyXEL Device automatically adds LAN hosts sending traffic with any of the Vendor Class Identifiers listed here to the interface group. This field is blank if you do not have the ZyXEL Device automatically add clients to the interface group based on their Vendor Class Identifiers.
Page 213: Interface Group Configuration
Chapter 15 Interface Group 15.2.1 Interface Group Configuration Click the Add New Interface Group button in the Interface Group screen to open the following screen. Use this screen to create a new interface group. Note: An interface can belong to only one group at a time. Figure 90 Interface Group Configuration The following table describes the fields in this screen.
Page 214 DHCP Vendor IDs Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to exit this screen without saving. VSG1432-B101 Series User’s Guide...
Page 215: Firewall
Firewall 16.1 Overview This chapter shows you how to enable and configure the ZyXEL Device firewall. Use the firewall to protect your ZyXEL Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
Page 216: What You Need To Know
Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The ZyXEL Device is pre-configured to automatically detect and thwart all known DoS attacks.
Page 217: The Firewall Screen
Chapter 16 Firewall 16.2 The Firewall Screen Use this screen to set the security level of the firewall on the ZyXEL Device. Firewall rules are grouped based on the direction of travel of packets to which they apply. Click Security Settings > Firewall to display the following screen.
Page 218 Chapter 16 Firewall Click Security Settings > Firewall > Protocol to display the following screen. Figure 93 Security Settings > Firewall > Protocol The following table describes the labels in this screen. Table 66 Security Settings > Firewall > Protocol LABEL DESCRIPTION Add New...
Page 219: Add A Protocol
Chapter 16 Firewall 16.3.1 Add a Protocol Use this screen to add a customized service rule that you can use in the firewall’s ACL rule configuration. Click Add New Protocol Entry in the Protocol screen to display the following screen. Figure 94 Security Settings >...
Page 220: The Access Control Screen
Chapter 16 Firewall Table 67 Security Settings > Firewall > Protocol > Add LABEL DESCRIPTION Ports/ For TCP, UDP, ICMP, or TCP/UDP protocol rules this shows the port Protocol number or range that defines the custom service. For other IP protocol Number rules this shows the protocol number.
Page 221 Chapter 16 Firewall Table 68 Security Settings > Firewall > Access Control LABEL DESCRIPTION Src IP This displays the source IP addresses to which this rule applies. Please note that a blank source address is equivalent to Any. Dst IP This displays the destination IP addresses to which this rule applies.
Page 222: Add/Edit An Acl Rule
Chapter 16 Firewall 16.4.1 Add/Edit an ACL Rule Click Add New ACL Rule or the Edit icon next to an existing ACL rule in the Access Control screen. The following screen displays. Figure 96 Security Settings > Firewall > Access Control > Add/Edit The following table describes the labels in this screen.
Page 223 Chapter 16 Firewall Table 69 Security Settings > Firewall > Access Control > Add/Edit (continued) LABEL DESCRIPTION Select Protocol Select the transport layer protocol that defines your customized port from the drop-down list box. The specific protocol rule sets you add in the Security Settings >...
Page 224 Chapter 16 Firewall VSG1432-B101 Series User’s Guide...
Page 225: Mac Filter
MAC Filter 17.1 Overview This screen allows you to configure the ZyXEL Device to give exclusive access to specific devices or exclude specific devices from accessing the ZyXEL Device. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
Page 226 Select Enable to activate the MAC filter function. Otherwise, select Disable. Add new devices to the Select this check box if you want the ZyXEL Device to Allow List automatically automatically add the newly connected devices to the Allow List.
Page 227: Parental Control
Parental control allows you to permit or block access to certain web sites from home network computers. You can define time periods and days during which the ZyXEL Device performs parental control on a specific user in the Security Settings > Scheduler Rules...
Page 228: Add/Edit Parental Control Rule
Add new rule Click this to create a new parental control rule. This is the index number of the rule. PC Name/IP/MAC The ZyXEL Device allows or prohibits the users from viewing the Web sites with the URLs listed below. Access Type This shows the access type that is applied on the user to the web site of this rule.
Page 229 If you select Block All, the ZyXEL Device blocks access to all URLs. Web Site Enter the URL of web site to which the ZyXEL Device blocks or allows access. Click Add to add this URL to the list below.
Page 230 Chapter 18 Parental Control VSG1432-B101 Series User’s Guide...
Page 231: Scheduler Rules
H A P T E R Scheduler Rules 19.1 Overview You can define time periods and days during which the ZyXEL Device performs scheduled rules of certain features (such as Firewall Access Control, Parental Control) on a specific user in the Scheduler Rules screen.
Page 232: Add/Edit A Schedule
Rule Name Enter a name (up to 31 printable English keyboard characters, not including spaces) for this schedule. Select check boxes for the days that you want the ZyXEL Device to perform this scheduler rule. Time if Day Enter the time period of each day, in 24-hour format, during which Range parental control will be enforced.
Page 233: Certificates
CyberTrust or VeriSign and government certification authorities. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority's public key to verify the certificates. You can use the ZyXEL Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority.
Page 234: The Local Certificates Screen
The following table describes the labels in this screen. Table 75 Security Settings > Certificates > Local Certificates LABEL DESCRIPTION Create Click this button to go to the screen where you can have the ZyXEL Certificate Device generate a certification request. Request Import...
Page 235: Create Certificate Request
After you click Apply, the following screen displays to notify you that you need to get the certificate request signed by a Certificate Authority. If you already have, click Load_Signed to import the signed certificate into the ZyXEL Device. Otherwise click Back to return to the Local Certificates screen.
Page 236: Load Signed Certificate
20.3.2 Load Signed Certificate After you create a certificate request and have it signed by a Certificate Authority, in the Local Certificates screen click the certificate request’s Load Signed icon to import the signed certificate into the ZyXEL Device. VSG1432-B101 Series User’s Guide...
Page 237: Import Certificate
Click Back to return to the previous screen. 20.3.3 Import Certificate Click Security Settings > Local Certificates and then Import Certificate to open the Import Local Certificate screen. Follow the instructions in this screen to save an existing certificate to the ZyXEL Device. VSG1432-B101 Series User’s Guide...
Page 238 Import Click this check box to open a screen where you can save the certificate of a from file certification authority that you trust, from your computer to the ZyXEL Device. Certificate Type up to 63 ASCII characters (not including spaces) to identify this Name certificate.
Page 239: Certificate Details
Copy and paste the certificate into the text box to store it on the ZyXEL Device. Private Copy and paste the private key into the text box to store it on the ZyXEL Device. Apply Click Apply to save your changes.
Page 240 Chapter 20 Certificates Figure 108 Certificate Details The following table describes the labels in this screen. Table 80 Certificate Details LABEL DESCRIPTION Name This field displays the identifying name of this certificate. If you want to change the name, type up to 63 characters to identify this certificate.
Page 241: The Trusted Ca Screen
Click Security Settings > Certificates > Trusted CA to open the following screen. This screen displays a summary list of certificates of the certification authorities that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being trustworthy;...
Page 242: View Trusted Ca Certificate
Chapter 20 Certificates Table 81 Security Settings > Certificates > Trusted CA (continued) LABEL DESCRIPTION Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), OU (Organizational Unit or department), Organization (O), State (ST) and Country (C). It is recommended that each certificate have unique subject information.
Page 243: Import Trusted Ca Certificate
20.4.2 Import Trusted CA Certificate Click the Import Certificate button in the Trusted CA screen to open the following screen. The ZyXEL Device trusts any valid certificate signed by any of the imported trusted CA certificates. Figure 111 Trusted CA: Import Certificate...
Page 244 Click this check box to open a screen where you can save the certificate of a certification authority that you trust, from your computer to the ZyXEL Device. Certificate Name Enter the name that identifies this certificate. The certificate name should not exceed 63 ASCII characters (not including spaces).
Page 245: Ipsec
H A P T E R IPSec 21.1 Overview A virtual private network (VPN) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing. It is used to transport traffic over the Internet or any insecure network that uses TCP/IP for communication.
Page 246: What You Need To Know
Gateway Address field if the remote secure gateway has a dynamic WAN IP address and is using DDNS. The ZyXEL Device has to rebuild the VPN tunnel each time the remote secure gateway’s WAN IP address changes (there may be a delay until the DDNS servers are updated with the remote gateway’s new WAN IP...
Page 247: The Ipsec Status Screen
This is the static WAN IP address or URL of the remote IPSec router. Gateway Local This is the IP address of computer(s) on your local network behind your Addresses ZyXEL Device. Remote This is the IP address of computer(s) on the remote network behind the Addresses remote IPSec router.
Page 248: The Ipsec Settings Screen
Chapter 21 IPSec 21.3 The IPSec Settings Screen The following figure helps explain the main fields in the web configurator. Figure 116 IPSec Summary Fields Remote Network Local Network Remote IPSec Router VPN Tunnel Remote IP Address Local IP Address My IP Address Secure Gateway IP Address Local and remote IP addresses must be static.
Page 249: Add/Edit Ipsec Setting
Click Add New Connection or a policy’s Edit icon in the IPSec > Settings screen to edit VPN policies. Note: The ZyXEL Device uses the system default gateway interface’s WAN IP address as its WAN IP address to set up a VPN tunnel.
Page 250 IPSec Type up to 39 alphanumeric characters to identify this VPN policy. You Connection may use spaces, underscores and dashes, but the ZyXEL Device drops Name trailing spaces. Remote IPSec Type the WAN IP address or the URL (up to 31 characters) of the IPSec Gateway router with which you're making the VPN connection.
Page 251 Table 87 Settings > Add/Edit: Auto(IKE) LABEL DESCRIPTION Tunnel access Specify the IP addresses of the devices behind the ZyXEL Device that from local IP can use the VPN tunnel. The local IP addresses must correspond to the addresses remote IPSec router's configured remote IP addresses.
Page 252 Local/Remote ID Content field. When you select DNS or E-mail in the Local/Remote ID Type field, type a domain name or e-mail address by which to identify this ZyXEL Device in the Local/Remote ID Content field. Use up to 31 ASCII characters including spaces, although trailing spaces are truncated.
Page 253: Manual Key Setup
Chapter 21 IPSec Table 87 Settings > Add/Edit: Auto(IKE) LABEL DESCRIPTION Encryption Select DES, 3DES, AES-128, ES-192 or AES-256 from the drop- Algorithm down list box. When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
Page 254: Configuring Manual Key
IPSec Type up to 39 alphanumeric characters to identify this VPN policy. You Connection may use spaces, underscores and dashes, but the ZyXEL Device drops Name trailing spaces. Remote IPSec Type the WAN IP address or the URL (up to 31 characters) of the IPSec Gateway router with which you're making the VPN connection.
Page 255 Table 88 IPSec Settings > Add/Edit: Manual LABEL DESCRIPTION Tunnel access Specify the IP addresses of the devices behind the ZyXEL Device that from local IP can use the VPN tunnel. The local IP addresses must correspond to the addresses remote IPSec router's configured remote IP addresses.
Page 256: Technical Reference
Chapter 21 IPSec Table 88 IPSec Settings > Add/Edit: Manual LABEL DESCRIPTION Encryption Select DES, 3DES, AES(aes-cbc) or ESP_NULL from the drop-down Algorithm list box. When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
Page 257: Ipsec Architecture
Chapter 21 IPSec 21.4.1 IPSec Architecture The overall IPSec architecture is shown as follows. Figure 120 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms).
Page 258: Encapsulation
Chapter 21 IPSec 21.4.2 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. At the time of writing, the ZyXEL Device supports Tunnel mode only. Figure 121 Transport and Tunnel Mode IPSec Encapsulation Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet.
Page 259: Ike Phases
• Set the IPSec SA lifetime. This field allows you to determine how long the IPSec SA should stay up before it times out. The ZyXEL Device automatically renegotiates the IPSec SA if there is traffic when the IPSec SA lifetime period expires.
Page 260: Negotiation Mode
21.4.5 IPSec and NAT Read this section if you are running IPSec on a host computer behind the ZyXEL Device. NAT is incompatible with the AH protocol in both Transport and Tunnel mode.
Page 261: Vpn, Nat, And Nat Traversal
VPN device at the receiving end finds a mismatch between the hash value and the data and assumes that the data has been maliciously altered. NAT is not normally compatible with ESP in transport mode either, but the ZyXEL Device’s NAT Traversal feature provides a way to handle this. NAT traversal allows you to set up an IKE SA when there are NAT routers between the two IPSec routers.
Page 262: Id Type And Content
PROTOCOL Transport Tunnel Transport Tunnel Y* - This is supported in the ZyXEL Device if you enable NAT traversal. 21.4.7 ID Type and Content With aggressive negotiation mode (see Section 21.4.4 on page 260), the ZyXEL Device identifies incoming SAs by ID type and content since this identifying information is not encrypted.
Page 263: Id Type And Content Examples
The two ZyXEL Devices in this example cannot complete their negotiation because ZyXEL Device B’s Local ID type is IP, but ZyXEL Device A’s Remote ID type is set to E-mail. An “ID mismatched” message displays in the IPSEC LOG.
Page 264: Diffie-Hellman (Dh) Key Groups
Chapter 21 IPSec 21.4.9 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie- Hellman is used within IKE SA setup to establish session keys. 768-bit, 1024-bit 1536-bit, 2048-bit, and 3072-bit Diffie-Hellman groups are supported.
Page 265: Service Control
H A P T E R Service Control 22.1 Overview This chapter provides information on the Service Control screens. Service Control allows you to manage your ZyXEL Device from a remote location through the following interfaces: • LAN • WAN Note: The ZyXEL Device is managed using the Web Configurator.
Page 266 Certificate HTTPS Certificate Select a certificate the HTTPS server (the ZyXEL Device) uses to authenticate itself to the HTTPS client. You must have certificates already configured in the Certificates screen.
Page 267: Arp Table
H A P T E R ARP Table 23.1 Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long.
Page 268: Arp Table Screen
Chapter 23 ARP Table 23.2 ARP Table Screen Use the ARP table to view IP-to-MAC address mapping(s). To open this screen, click System Monitor > ARP Table. Figure 125 System Monitor > ARP Table The following table describes the labels in this screen. Table 95 System Monitor >...
Page 269: Logs
The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Page 270: The System Log Screen
Chapter 24 Logs Refer to the documentation of your syslog program for details. The following table describes the syslog severity levels. Table 96 Syslog Severity Levels CODE SEVERITY Emergency: The system is unusable. Alert: Action must be taken immediately. Critical: The system condition is critical. Error: There is an error condition on the system.
Page 271: The Security Log Screen
Level Select a severity level from the drop-down list box. This filters search results according to the severity level you have selected. When you select a severity, the ZyXEL Device searches through all logs of that severity or higher. Category Select the type of logs to display.
Page 272 Level Select a severity level from the drop-down list box. This filters search results according to the severity level you have selected. When you select a severity, the ZyXEL Device searches through all logs of that severity or higher. Category Select the type of logs to display.
Page 273: Traffic Status
H A P T E R Traffic Status 25.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN and LAN interfaces. 25.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 25.2 on page 274).
Page 274: The Wan Status Screen
25.2 The WAN Status Screen Click System Monitor > Traffic Status to open the WAN screen. The figure in this screen shows the number of bytes received and sent on the ZyXEL Device. Figure 128 System Monitor > Traffic Status > WAN The following table describes the fields in this screen.
Page 275 Chapter 25 Traffic Status Table 99 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Packets Sent Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface.
Page 276: The Lan Status Screen
25.3 The LAN Status Screen Click System Monitor > Traffic Status > LAN to open the following screen. The figure in this screen shows the interface that is currently connected on the ZyXEL Device. Figure 129 System Monitor > Traffic Status > LAN The following table describes the fields in this screen.
Page 277 Chapter 25 Traffic Status Table 100 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Packets Sent Data This indicates the number of transmitted packets on this interface. Error This indicates the number of frames with errors transmitted on this interface.
Page 278 Chapter 25 Traffic Status VSG1432-B101 Series User’s Guide...
Page 279: Igmp Status
280). 26.2 The IGMP Group Screen Use this screen to look at the current list of multicast groups the ZyXEL Device has joined and which ports have joined it. To open this screen, click System Monitor > IGMP Group Status > IGMP Group.
Page 280: Igmp Statistics Screen
(sec) from when the IGMP multicast group was joined to when it was left. Total Joins This field displays the total number of Join packets the ZyXEL Device has received for this IGMP multicast group. Total Leaves This field displays the total number of Leave packets the ZyXEL Device has received for this IGMP multicast group.
Page 281 LAN IP address joined the IGMP multicast group to when it left. Total Joins This field displays the total number of Join packets the ZyXEL Device has received from this LAN IP address. Total Leaves This field displays the total number of Leave packets the ZyXEL Device has received from this LAN IP address.
Page 282 Chapter 26 IGMP Status VSG1432-B101 Series User’s Guide...
Page 283: Users Configuration
Users Configuration 27.1 Overview In the Users Configuration screen, you can view, add, and configure user accounts of the ZyXEL Device. 27.2 The Users Configuration Screen Click Maintenance > Users Configuration to open the following screen. Figure 132 Maintenance > Users Configuration...
Page 284 Lock Period This field indicates the number of minutes for the lockout period. A user cannot log into the ZyXEL Device during the lockout period, even if he/ she enters correct account information. Group This field displays the login account type of the user.
Page 285: Add/Edit A Users Account
Chapter 27 Users Configuration 27.2.1 Add/Edit a Users Account Use this screen to add or edit a users account. Click Add new user in the Users Configuration screen or the Edit icon next to the user account you want to edit. The screen shown next appears.
Page 286 Enter a number of days to specify how many days this user’s password is available. Retry Times The ZyXEL Device can lock a user out if you use a wrong user name or password to log in the ZyXEL Device. Enter up to how many times a user can re-enter his/her account information before the ZyXEL Device locks the user out.
Page 287: Remote Management
RPCs are sent in Extensible Markup Language (XML) format over HTTP or HTTPS. An administrator can use an ACS to remotely set up the ZyXEL Device, modify settings, perform firmware upgrades as well as monitor and diagnose the ZyXEL Device.
Page 288 Chapter 28 Remote Management Click Maintenance > Remote Management > TR-069 Client to open the following screen. Use this screen to configure your ZyXEL Device to be managed by an ACS. Figure 134 Maintenance > Remote Management > TR-069 Client The following table describes the fields in this screen.
Page 289: The Tr-064 Screen
Password password is used to authenticate the ACS. Connection This shows the connection request URL. Request URL The ACS can use this URL to make a connection request to the ZyXEL Device. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
Page 290 Chapter 28 Remote Management VSG1432-B101 Series User’s Guide...
Page 291: Time Settings
29.2 The Time Setting Screen To change your ZyXEL Device’s time and date, click Maintenance > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 136 Maintenance > Time Setting...
Page 292 LABEL DESCRIPTION Current Date/Time System Time This field displays the time and fate of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the time and date with the time server. NTP Time Server First ~ Fifth NTP Select an NTP time server from the drop-down list box.
Page 293 Chapter 29 Time Settings Table 107 Maintenance > Time Setting LABEL DESCRIPTION End rule Configure the day and time when Daylight Saving Time ends if you enabled Daylight Saving. You can select a specific date in a particular month or a specific day of a specific week in a particular month. The Time field uses the 24 hour format.
Page 294 Chapter 29 Time Settings VSG1432-B101 Series User’s Guide...
Page 295: Logs Setting
H A P T E R Logs Setting 30.1 Overview You can configure where the ZyXEL Device sends logs and which logs and/or immediate alerts the ZyXEL Device records in the Logs Setting screen. 30.2 The Log Settings Screen To change your ZyXEL Device’s log settings, click Maintenance > Logs Setting.
Page 296 Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via E-mail. Send Alarm to Alerts are real-time notifications that are sent as soon as an event, such as a DoS attack, system error, or forbidden web access attempt occurs.
Page 297: Example E-Mail Log
Select the categories of system logs that you want to record. Security Log Select the categories of security logs that you want to record. Send Select log categories for which you want the ZyXEL Device to send E-mail immediate alerts immediately. alert Apply Click Apply to save your changes.
Page 298 Chapter 30 Logs Setting VSG1432-B101 Series User’s Guide...
Page 299: Firmware Upgrade
H A P T E R Firmware Upgrade 31.1 Overview This chapter explains how to upload new firmware to your ZyXEL Device. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance.
Page 300 After you see the firmware updating screen, wait two minutes before logging into the ZyXEL Device again. Figure 140 Firmware Uploading The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop.
Page 301: Configuration
Backup Configuration Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes. The backup configuration file will be useful in case you need to return to your previous settings.
Page 302 Chapter 32 Configuration Click Backup to save the ZyXEL Device’s current configuration to your computer. Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your ZyXEL Device. Table 110 Restore Configuration...
Page 303 Figure 145 Configuration Upload Error Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears. Figure 146 Reset Warning Message Figure 147 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device.
Page 304: The Reboot Screen
System restart allows you to reboot the ZyXEL Device remotely without turning the power off. You may need to do this if the ZyXEL Device hangs, for example. Click Maintenance > Reboot. Click Reboot to have the ZyXEL Device reboot.
Page 305: Diagnostic
You can use different diagnostic methods to test a connection and see detailed results. These read-only screens display information to help you identify problems with the ZyXEL Device. 33.2 The Diagnostic Screen Use this screen to ping, traceroute, or nslookup an IP address. Click Maintenance >...
Page 306 Chapter 33 Diagnostic The following table describes the fields in this screen. Table 111 Maintenance > Diagnostic > Ping & TraceRoute & NsLookup LABEL DESCRIPTION URL or IP Type the IP address of a computer that you want to perform ping, Address traceroute, or nslookup in order to test a connection.
Page 307: Troubleshooting
The ZyXEL Device does not turn on. None of the LEDs turn on. Make sure the ZyXEL Device is turned on. Make sure you are using the power adaptor or cord included with the ZyXEL Device. Make sure the power adaptor or cord is connected to the ZyXEL Device and plugged in to an appropriate power source.
Page 308: Zyxel Device Access And Login
If you changed the IP address and have forgotten it, you might get the IP address of the ZyXEL Device by looking up the IP address of the default gateway for your computer. To do this in most Windows computers, click Start > Run, enter cmd, and then enter ipconfig.
Page 309 • Try to access the ZyXEL Device using another service, such as Telnet. If you can access the ZyXEL Device, check the remote management settings and firewall rules to find out why the ZyXEL Device does not respond to HTTP.
Page 310: Internet Access
LAN in the ZyXEL Device and your wireless client and that the wireless settings in the wireless client are the same as the settings in the ZyXEL Device. Disconnect all the cables from your device, and follow the directions in Section 1.6...
Page 311 Chapter 34 Troubleshooting I cannot access the Internet through a DSL connection. Make sure you have the DSL WAN port connected to a telephone jack (or the DSL or modem jack on a splitter if you have one). Make sure you configured a proper DSL WAN interface (Network Settings > Broadband screen) with the Internet account information provided by your ISP and that it is enabled.
Page 312: Wireless Internet Access
Chapter 34 Troubleshooting I cannot access the Internet anymore. I had access to the Internet (with the ZyXEL Device), but my Internet connection is not available anymore. Your session with the ZyXEL Device may have expired. Try logging into the ZyXEL Device again.
Page 313 Wireless security is vital to your network. It protects communications between wireless stations, access points and the wired network. The available security modes in your ZyXEL device are as follows: • WPA2-PSK: (recommended) This uses a pre-shared key with the WPA2 standard.
Page 314 Chapter 34 Troubleshooting VSG1432-B101 Series User’s Guide...
Page 315: Product Specifications
WLAN/WPS Button If the wireless network is turned off, press the WLAN/WPS button on the front of the ZyXEL Device for one second. Once the WLAN/WPS LED turns green, the wireless network is active. While the WLAN/WPS LED is green press the WLAN/WPS button for five seconds and release it to enable WPS (Wi-Fi Protected Setup).
Page 316: Firmware Specifications
Configuration Backup Make a copy of the ZyXEL Device’s configuration. You can put it & Restoration back on the ZyXEL Device later if you decide to revert back to an earlier configuration. Port Forwarding If you have a server (mail or web server for example) on your network, you can use this feature to let people access it from the Internet.
Page 317 Chapter 35 Product Specifications Table 113 Firmware Specifications (continued) Logs Use logs for troubleshooting. You can send logs from the ZyXEL Device to an external syslog server. Universal Plug and A UPnP-enabled device can dynamically join a network, obtain an...
Page 318 Chapter 35 Product Specifications Table 113 Firmware Specifications (continued) VDSL Standards ITU-T G.993.1 VDSL Annex A (North American) Standard ITU G.993.2 (2/06) VDSL2 Annex A (North American) Standard • Corrigendum 1 (12/06) + Amendment 1 (4/07) + Amendment 1 Corrigendum 1 (7/07) •...
Page 319 Chapter 35 Product Specifications Table 113 Firmware Specifications (continued) ADSL Standards ADSL ITU-T G.992.1 (G.dmt), Annex A and ETSI TS 101 388 V1.3.1 (05/2002) 1TR112 (U-R2 Deutsche Telekom AG) Version 7.0 including support of Dying Gasp and report of Self-Test-Result (ATU-T Register#3) EOC as specified in ITU-T G.992.1 (G.dmt) Handshake ITU G.994.1 (G.hs)
Page 320 Chapter 35 Product Specifications The following list, which is not exhaustive, illustrates the standards supported in the ZyXEL Device. Table 114 Standards Supported STANDARD DESCRIPTION RFC 1058 RIP-1 (Routing Information Protocol) RFC 1112 IGMP v1 RFC 1305 Network Time Protocol (NTP version 3)
Page 321: Appendix A Setting Up Your Computer's Ip Address
"communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device’s LAN port. VSG1432-B101 Series User’s Guide...
Page 322 Appendix A Setting up Your Computer’s IP Address Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window. Figure 150 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks.
Page 323 Appendix A Setting up Your Computer’s IP Address Select Microsoft from the list of manufacturers. Select TCP/IP from the list of network protocols and then click OK. If you need Client for Microsoft Networks: Click Add. Select Client and then click Add. Select Microsoft from the list of manufacturers.
Page 324 Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your ZyXEL Device and restart your computer when prompted. Verifying Settings Click Start and then Run.
Page 325 Appendix A Setting up Your Computer’s IP Address Windows 2000/NT/XP The following example figures use the default Windows XP GUI theme. Click start (Start in Windows 2000/NT), Settings, Control Panel. Figure 153 Windows XP: Start Menu In the Control Panel, double-click Network Connections (Network and Dial- up Connections in Windows 2000/NT).
Page 326 Appendix A Setting up Your Computer’s IP Address Right-click Local Area Connection and then click Properties. Figure 155 Windows XP: Control Panel: Network Connections: Properties Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 156 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 327 Appendix A Setting up Your Computer’s IP Address • If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. •...
Page 328 Appendix A Setting up Your Computer’s IP Address • Click OK when finished. Figure 158 Windows XP: Advanced TCP/IP Properties In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 329: Windows Vista
Properties window. 10 Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt. In the Command Prompt window, type "ipconfig" and then press [ENTER]. You can also open Network Connections, right-click a network connection, click Status and then click the Support tab.
Page 330 Appendix A Setting up Your Computer’s IP Address Click the Start icon, Control Panel. Figure 160 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 161 Windows Vista: Control Panel Click Network and Sharing Center. Figure 162 Windows Vista: Network And Internet VSG1432-B101 Series User’s Guide...
Page 331 Appendix A Setting up Your Computer’s IP Address Click Manage network connections. Figure 163 Windows Vista: Network and Sharing Center Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. Figure 164 Windows Vista: Network and Sharing Center VSG1432-B101 Series User’s Guide...
Page 332 Appendix A Setting up Your Computer’s IP Address Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 165 Windows Vista: Local Area Connection Properties The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General tab). • If you have a dynamic IP address click Obtain an IP address automatically.
Page 333 Appendix A Setting up Your Computer’s IP Address • Click Advanced. Figure 166 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 334 Appendix A Setting up Your Computer’s IP Address • Click OK when finished. Figure 167 Windows Vista: Advanced TCP/IP Properties In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
Page 335 11 Click Close to close the Local Area Connection Properties window. 12 Close the Network Connections window. 13 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt.
Page 336 Appendix A Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/ IP Control Panel. Figure 169 Macintosh OS 8/9: Apple Menu VSG1432-B101 Series User’s Guide...
Page 337 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. Close the TCP/IP Control Panel. Click Save if prompted, to save changes to your configuration.
Page 338: Macintosh Os X
Appendix A Setting up Your Computer’s IP Address Macintosh OS X Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 171 Macintosh OS X: Apple Menu Click Network in the icon bar. • Select Automatic from the Location list. •...
Page 339 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your ZyXEL Device in the Router address box. Click Apply Now and close the window.
Page 340 Appendix A Setting up Your Computer’s IP Address Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 174 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list.
Page 341 Appendix A Setting up Your Computer’s IP Address Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 176 Red Hat 9.0: KDE: Network Configuration: Activate After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.
Page 342 Appendix A Setting up Your Computer’s IP Address • If you have a static IP address, enter static in the BOOTPROTO= field. Type IPADDR= followed by the IP address (in dotted decimal notation) and type NETMASK= followed by the subnet mask. The following example shows an example where the static IP address is 192.168.1.10 and the subnet mask is 255.255.255.0.
Page 343: Verifying Settings
Appendix A Setting up Your Computer’s IP Address Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. Figure 181 Red Hat 9.0: Checking TCP/IP Properties [root@localhost]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:BA:72:5B:44 inet addr:172.23.19.129 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1...
Page 344 Appendix A Setting up Your Computer’s IP Address VSG1432-B101 Series User’s Guide...
Page 345: Appendix B Ip Addresses And Subnetting
P P E N D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
Page 346: Subnet Masks
Appendix B IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 182 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
Page 347 Appendix B IP Addresses and Subnetting By convention, subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask, followed by a continuous sequence of zeros, for a total number of 32 bits. Subnet masks can be referred to by the size of the network number part (the bits with a “1”...
Page 348 Appendix B IP Addresses and Subnetting Notation Since the mask is always a continuous number of ones beginning from the left, followed by a continuous number of zeros for the remainder of the 32 bit mask, you can simply specify the number of ones instead of writing the value of each octet.
Page 349 Appendix B IP Addresses and Subnetting The following figure shows the company network before subnetting. Figure 183 Subnetting Example: Before Subnetting You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25).
Page 350 Appendix B IP Addresses and Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address).
Page 351 Appendix B IP Addresses and Subnetting Table 121 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.129 192.168.1.128 Broadcast Address: Highest Host ID: 192.168.1.190 192.168.1.191 Table 122 Subnet 4...
Page 352 Appendix B IP Addresses and Subnetting Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 124 24-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.255.128 (/25)
Page 353 You must also enable Network Address Translation (NAT) on the ZyXEL Device. Once you have decided on the network number, pick an IP address for your ZyXEL Device that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
Page 354 Appendix B IP Addresses and Subnetting VSG1432-B101 Series User’s Guide...
Page 355: Appendix C Pop-Up Windows, Javascripts And Java Permissions
P P E N D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
Page 356 Appendix C Pop-up Windows, JavaScripts and Java Permissions In Internet Explorer, select Tools, Internet Options, Privacy. Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 186 Internet Options: Privacy Click Apply to save this setting.
Page 357 Appendix C Pop-up Windows, JavaScripts and Java Permissions Select Settings…to open the Pop-up Blocker Settings screen. Figure 187 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. VSG1432-B101 Series User’s Guide...
Page 358 Appendix C Pop-up Windows, JavaScripts and Java Permissions Click Add to move the IP address to the list of Allowed sites. Figure 188 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
Page 359 Appendix C Pop-up Windows, JavaScripts and Java Permissions In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 189 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default).
Page 360: Java Permissions
Appendix C Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 190 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM.
Page 361 Appendix C Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 191 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. VSG1432-B101 Series User’s Guide...
Page 362 Appendix C Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 192 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
Page 363 Appendix C Pop-up Windows, JavaScripts and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 194 Mozilla Firefox Content Security VSG1432-B101 Series User’s Guide...
Page 364 Appendix C Pop-up Windows, JavaScripts and Java Permissions VSG1432-B101 Series User’s Guide...
Page 365: Appendix D Wireless Lans
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
Page 366 Appendix D Wireless LANs with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. Figure 196 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network.
Page 367 Appendix D Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. Figure 197 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data.
Page 368 Appendix D Wireless LANs hidden node. Both stations (STA) are within range of the access point (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other.
Page 369: Fragmentation Threshold
Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. Wireless security methods available on the ZyXEL Device are data encryption, wireless client authentication, restricting access by device MAC address and hiding the ZyXEL Device identity.
Page 370 Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional...
Page 371 Appendix D Wireless LANs • Authorization Determines the network services available to authenticated users once they are connected to the network. • Accounting Keeps track of the client’s network activity. RADIUS is a simple package exchange in which your AP acts as a message relay between the wireless client and the network RADIUS server.
Page 372 Appendix D Wireless LANs EAP (Extensible Authentication Protocol) is an authentication protocol that runs on top of the IEEE 802.1x transport mechanism in order to support multiple types of user authentication. By using EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication.
Page 373: Dynamic Wep Key Exchange
Appendix D Wireless LANs TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity.
Page 374: Wpa And Wpa2
Appendix D Wireless LANs WPA and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication.
Page 375 Appendix D Wireless LANs The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
Page 376 Appendix D Wireless LANs The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. WPA(2) with RADIUS Application Example To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret.
Page 377: Security Parameters Summary
Appendix D Wireless LANs The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. The AP and wireless clients use the TKIP or AES encryption process, the PMK and information exchanged in a handshake to create temporal encryption keys.
Page 378: Antenna Characteristics
Appendix D Wireless LANs Table 129 Wireless Security Relational Matrix (continued) AUTHENTICATION METHOD/ KEY ENCRYPTIO ENTER IEEE 802.1X MANAGEMENT N METHOD MANUAL KEY PROTOCOL WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air.
Page 379: Types Of Antennas For Wlan
Appendix D Wireless LANs Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications. • Omni-directional antennas send the RF signal out in all directions on a horizontal plane. The coverage area is torus-shaped (like a donut) which makes these antennas ideal for a room environment.
Page 380 Appendix D Wireless LANs VSG1432-B101 Series User’s Guide...
Page 381: Appendix E Services
P P E N D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. •...
Page 382 A popular videoconferencing solution from White Pines Software. TCP/UDP 24032 TCP/UDP Domain Name Server, a service that matches web names (for instance www.zyxel.com) to IP numbers. User-Defined The IPSEC ESP (Encapsulation (IPSEC_TUNNEL) Security Protocol) tunneling protocol uses this service. FINGER...
Page 383 Appendix E Services Table 130 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION MSN Messenger 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDP The Network Basic Input/Output System is used for communication TCP/UDP between computers in a LAN. TCP/UDP TCP/UDP NEW-ICQ...
Page 384 Appendix E Services Table 130 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SFTP The Simple File Transfer Protocol is an old way of transferring files between computers. SMTP Simple Mail Transfer Protocol is the message-exchange standard for the Internet. SMTP enables you to move messages from one e-mail server to another.
Page 385: Appendix F Open Software Announcements
CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM. IF YOU DO NOT AGREE TO THESE TERMS, THEN ZyXEL IS UNWILLING TO LICENSE THE SOFTWARE TO YOU, IN WHICH EVENT YOU SHOULD RETURN THE UNINSTALLED SOFTWARE AND PACKAGING TO THE PLACE FROM WHICH IT WAS ACQUIRED OR ZyXEL, AND YOUR MONEY WILL BE REFUNDED.
Page 386 Software as long as this License Agreement remains in full force and effect. Ownership of the Software, Documentation and all intellectual property rights therein shall remain at all times with ZyXEL. Any other use of the Software by any other entity is strictly forbidden and is a violation of this License Agreement.
Page 387 SOFTWARE, AND NO WARRANTIES SHALL APPLY AFTER THAT PERIOD. 7.Limitation of Liability IN NO EVENT WILL ZyXEL BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, INDIRECT, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES FOR LOSS OF...
Page 388 Software and Documentation in your possession or under your control. ZyXEL may terminate this License Agreement for any reason, including, but not limited to, if ZyXEL finds that you have violated any of the terms of this License Agreement. Upon notification of termination, you agree to destroy or return to ZyXEL all copies of the Software and Documentation and to certify in writing that all known copies, including backup copies, have been destroyed.
Page 389 For at least three (3) years from the date of distribution of the applicable product or software, we will give to anyone who contacts us at the ZyXEL Technical Support (support@zyxel.com.tw), for a charge of no more than our cost of physically performing source code distribution, a...
Page 390 Appendix F Open Software Announcements Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.
Page 391 Appendix F Open Software Announcements TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
Page 392 Appendix F Open Software Announcements These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works.
Page 393 Appendix F Open Software Announcements 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License.
Page 394 Appendix F Open Software Announcements places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9.
Page 395 Appendix F Open Software Announcements END OF TERMS AND CONDITIONS All other trademarks or trade names mentioned herein, if any, are the property of their respective owners. This Product includes ppp software under below license This directory contains source code and precompiled binaries for ppp-2.4, a package which implements the Point-to-Point Protocol (PPP) to provide Internet connections over serial lines.
Page 396 Appendix F Open Software Announcements FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Page 397: Appendix G Legal Information
Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice.
Page 398 Appendix G Legal Information • This device must accept any interference received, including interference that may cause undesired operations. This device has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 399: Zyxel Limited Warranty
Canada. Viewing Certifications Go to http://www.zyxel.com. Select your product on the ZyXEL home page to go to that product's page. Select the certification you wish to view from this page. ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
Page 400 (at the discretion of ZyXEL) and the customer will be billed for parts and labor. All repaired or replaced products will be shipped by ZyXEL to the corresponding return address, Postage Paid. This warranty gives you specific legal rights, and you may also have other rights that vary from country to country.
Page 401: Index
Index Index Basic Service Set, See BSS Basic Service Set, see BSS blinking LEDs ACL rule broadcast activation 117, 365 example firewalls SIP ALG SSID Address Resolution Protocol administrator password ADSL 233, 372 compliance Canonical Format Indicator See CFI dual latency certificate multi-mode details...
Page 402 Index firewalls reset restoring EAP Authentication static route 149, 196, 285 ECHO copyright e-mail log example CoS technologies encapsulation 75, 258 creating certificates PPPoA CTS (Clear to Send) PPPoE CTS threshold encryption 110, 113 116, 374 Extended Service Set IDentification 94, 102 Extended Service Set, See ESS data fragment threshold...
Page 403 Index Internet Protocol Security, see IPSec IP address 76, 87, 128, 144 ping hidden node private HTTP IP alias humidity NAT applications IP multicasting IP Sec IPSec algorithms IANA architecture Internet Assigned Numbers Authority see IANA see also VPN IBSS ID type and content IEEE 802.11g IEEE 802.1Q...
Page 404 Index MTU (Multi-Tenant Unit) multicast IGMP Pairwise Master Key (PMK) 374, 377 Multiple BSS, see MBSSID passwords 33, 34 multiplexing LLC-based VC-based Per-Hop Behavior, see PHB PIN, WPS example Ping of Death 175, 176, 177, 187, 188, 353 Point-to-Point Protocol over Ethernet applications Point-to-Point Tunneling Protocol IP alias...
Page 405 Index Quality of Service, see QoS firewalls static route 149, 196, 285 shaping traffic Single Rate Three Color Marker, see srTCM SIP ALG activation RADIUS SMTP message types SNMP messages 190, 319 shared secret key SNMP trap RADIUS server 216, 253 registration srTCM product...
Page 406 Index VDSL band plans Tag Control Information See TCI HDLC Tag Protocol Identifier See TPID temperature profiles thresholds data fragment SNRM 110, 113 RTS/CTS 110, 113 time tone spacing TPS-TC TPID US0 types TR-064 TR-069 Virtual Local Area Network See VLAN ACS setup authentication Virtual Private Network, see VPN...
Page 407 Index note WLAN interference 107, 119 security parameters compatibility example 116, 374 key caching web configurator pre-authentication login user authentication passwords 33, 34 vs WPA-PSK wireless client supplicant WEP Encryption 97, 98 with RADIUS application example WEP encryption WPA2 WEP key user authentication Wide Area Network, see WAN vs WPA2-PSK...
Page 408 Index VSG1432-B101 Series User’s Guide...

This manual is also suitable for:

B-101 Vsg1432-b101 series

ZyXEL Communications VSG1432-B101 - V1.10 Manual

About this User's Guide

Document Conventions

Safety Warnings

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Introducing the VSG1432-B101

Chapter 2 The Web Configurator

Chapter 3 Quick Start

Chapter 4 Tutorials

Technical Reference

Part II: Technical Reference

Chapter 5 Network Map and Status Screens

Chapter 6 Broadband

Chapter 7 Wireless

Chapter 8 Home Networking

Chapter 9 Static Routing

Chapter 10 Quality of Service (Qos)

Chapter 11 Policy Forwarding

Chapter 12 Network Address Translation (NAT)

Chapter 13 Dynamic DNS Setup

Chapter 14 IGMP

Chapter 15 Interface Group

Chapter 16 Firewall

Chapter 17 MAC Filter

Chapter 18 Parental Control

Chapter 19 Scheduler Rules

Chapter 20 Certificates

Chapter 21 Ipsec

Chapter 22 Service Control

Chapter 23 ARP Table

Chapter 24 Logs

Chapter 25 Traffic Status

Chapter 26 IGMP Status

Chapter 27 Users Configuration

Chapter 28 Remote Management

Chapter 29 Time Settings

Chapter 30 Logs Setting

Chapter 31 Firmware Upgrade

Chapter 32 Configuration

Chapter 33 Diagnostic

Chapter 34 Troubleshooting

Quick Links

Related Manuals for ZyXEL Communications VSG1432-B101 - V1.10

Summary of Contents for ZyXEL Communications VSG1432-B101 - V1.10