Page 1 AMG1312-T Series Wireless N ADSL2+ 4-port Gateway with USB Version 2.00 Edition 1, 8/2013 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://192.168.1.1 User Name admin Password 1234 www.zyxel.com Copyright © 2013 ZyXEL Communications Corporation...
Page 2 Related Documentation • Quick Start Guide The Quick Start Guide shows how to connect the AMG1312-T Series and access the Web Configurator. It contains information on setting up your wireless network. AMG1312-T Series User’s Guide...
Page 3: Table Of Contents
Dynamic DNS Setup ..........................161 Filters ..............................163 Firewall ..............................168 Parental Control ............................186 Certificate ..............................189 Logs ..............................194 Traffic Status ............................196 User Account ............................199 TR-069 Client ............................200 System Settings ............................202 Firmware Upgrade ..........................205 Backup/Restore .............................207 Remote Management ..........................210 Diagnostic .............................221 Troubleshooting ............................224 AMG1312-T Series User’s Guide...
Page 4: Table Of Contents
Chapter 1 Introduction............................14 1.1 Overview ............................14 1.2 Ways to Manage the AMG1312-T Series ..................14 1.3 Good Habits for Managing the AMG1312-T Series ................14 1.4 Applications for the AMG1312-T Series ....................15 1.4.1 Internet Access ........................15 1.4.2 Wireless Access ........................15 1.5 General Hardware Features ......................16 1.6 Using the WPS Button ........................17...
Page 5 4.9.1 Configuring ATM QoS for Multiple WAN Connections .............52 4.9.2 Configuring Port Binding ......................55 4.10 Configuring QoS to Prioritize Traffic ....................56 4.11 Access the AMG1312-T Series from the Internet Using DDNS ............59 4.11.1 Registering a DDNS Account on www.dyndns.org ..............59 4.11.2 Configuring DDNS on Your AMG1312-T Series ..............60 4.11.3 Testing the DDNS Setting ......................60...
Page 6 7.10.8 WiFi Protected Setup (WPS) ....................108 Chapter 8 Home Networking ..........................115 8.1 Overview ............................115 8.1.1 What You Can Do in the LAN Screens .................. 115 8.1.2 What You Need To Know ....................... 116 8.1.3 Before You Begin ........................117 AMG1312-T Series User’s Guide...
Page 7 8.6 The IPv6 LAN Setup Screen ......................122 8.7 The File Sharing Screen .........................125 8.7.1 The User Edit Screen ......................126 8.8 Home Networking Technical Reference ..................128 8.8.1 LANs, WANs and the AMG1312-T Series ................128 8.8.2 DHCP Setup ..........................128 8.8.3 DNS Server Addresses ......................128 8.8.4 LAN TCP/IP ...........................129 8.8.5 RIP Setup ..........................130...
Page 8 14.1.2 What You Need to Know About Filtering ................163 14.2 The IP/MAC Filter Screen ......................163 14.3 IPv6/MAC Filter ..........................166 Chapter 15 Firewall ..............................168 15.1 Overview ............................168 15.1.1 What You Can Do in the Firewall Screens ................168 AMG1312-T Series User’s Guide...
Page 9 18.1.1 What You Can Do in this Chapter ..................194 18.1.2 What You Need To Know .....................194 18.2 The System Log Screen ........................195 Chapter 19 Traffic Status .............................196 19.1 Overview ............................196 19.1.1 What You Can Do in this Chapter ..................196 AMG1312-T Series User’s Guide...
Page 10 25.1.2 What You Need to Know About Remote Management ............211 25.2 The WWW Screen ........................211 25.2.1 Configuring the WWW Screen ..................... 211 25.3 The Telnet Screen .........................213 25.4 The FTP Screen ..........................213 25.5 The SNMP Screen ........................214 25.5.1 Configuring SNMP .......................215 AMG1312-T Series User’s Guide...
Page 11 26.3 The DSL Line Screen ........................222 Chapter 27 Troubleshooting..........................224 27.1 Power, Hardware Connections, and LEDs ..................224 27.2 AMG1312-T Series Access and Login ..................225 27.3 Internet Access ..........................227 Appendix A Setting up Your Computer’s IP Address ...............229 Appendix B IP Addresses and Subnetting..................249 Appendix C Pop-up Windows, JavaScripts and Java Permissions ..........257...
Page 12: User's Guide
User’s Guide...
Page 14: Introduction
Introduction 1.1 Overview The AMG1312-T Series is an ADSL2+ router. By integrating DSL and NAT, you are provided with ease of installation and high-speed, shared Internet access. The AMG1312-T Series is also a complete security solution with a robust firewall and content filtering.
Page 15: Applications For The Amg1312-T Series
Here are some example uses for which the AMG1312-T Series is well suited. 1.4.1 Internet Access Your AMG1312-T Series provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack. Computers can connect to the AMG1312-T Series’s Ethernet ports (or wirelessly).
Page 16: General Hardware Features
The following table describes the LEDs. Table 1 LED Descriptions COLOR STATUS DESCRIPTION Green The AMG1312-T Series is receiving power and ready for use. Blinking The AMG1312-T Series is self-testing. (POWER) The AMG1312-T Series detected an error while self-testing, or there is a device malfunction.
Page 17: Using The Wps Button
1.6 Using the WPS Button You can also use the WPS button to quickly set up a secure wireless connection between the AMG1312-T Series and a WPS-compatible client by adding one device at a time. To activate WPS: Make sure the POWER LED is on and not blinking.
Page 18: The Reset Button
Chapter 1 Introduction Press the WPS button on another WPS-enabled device within range of the AMG1312-T Series. The WPS LED should flash while the AMG1312-T Series sets up a WPS connection with the other wireless device. Once the connection is successfully made, the WPS LED shines green.
Page 19: Introducing The Web Configurator
Internet Explorer. 2.1.1 Accessing the Web Configurator Make sure your AMG1312-T Series hardware is properly connected (refer to the Quick Start Guide). Launch your web browser. Type "192.168.1.1" as the URL.
Page 20 Chapter 2 Introducing the Web Configurator Figure 4 Password Screen Note: For security reasons, the AMG1312-T Series automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. The following screen displays if you have not yet changed your password. It is strongly recommended you change the default password.
Page 21 Chapter 2 Introducing the Web Configurator Figure 6 Connection Status Click System Info to display the System Info screen, where you can view the AMG1312-T Series’s interface and system information. AMG1312-T Series User’s Guide...
Page 22: The Web Configurator Layout
Click Connection Status > System Info to show the following screen. Figure 7 Web Configurator Layout Screen As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel AMG1312-T Series User’s Guide...
Page 23: Title Bar
Chapter 2 Introducing the Web Configurator 2.2.1 Title Bar The title bar shows the following icon in the upper right corner. Click this icon to log out of the web configurator. AMG1312-T Series User’s Guide...
Page 24: Main Window
AMG1312-T Series’s ports. The connected ports are in color and disconnected ports are gray. 2.2.3 Navigation Panel Use the menu items on the navigation panel to open screens to configure AMG1312-T Series features. The following table describes each menu item. Table 2 Navigation Panel Summary...
Page 25 Use this screen to view the configured firewall rules and add, edit or remove a firewall rule. Use this screen to set the thresholds that the AMG1312-T Series uses to determine when to start dropping sessions that are not fully established (half-open sessions).
Page 26 AMG1312-T Series’s CA-signed certificates. Trusted CA Use this screen to save CA certificates to the AMG1312-T Series. System Monitor Use this screen to view the logs for the level that you selected. You can export or e-mail the logs.
Page 27: Internet / Wireless Setup Wizard
Wizard. Click INTERNET/WIRELESS SETUP to configure the system for Internet access and wireless connection. Select your Time Zone from the drop-down menu, and click Next. Figure 8 Wizard Welcome AMG1312-T Series User’s Guide...
Page 28 Enter the IP address of the AMG1312-T Series. Default Gateway Enter the default gateway of the ZyXEL Device. Primary DNS Enter the primary DNS server IP address for the AMG1312-T Series. Server Secondary DNS Enter the secondary DNS server IP address for the AMG1312-T Series.
Page 29 You must specify a gateway IP address (supplied by your ISP) when you use ENET ENCAP in the Encapsulation field in the previous screen. Primary DNS Server Enter the primary DNS server IP address for the AMG1312-T Series. Secondary DNS Enter the secondary DNS server IP address for the AMG1312-T Series.
Page 30 IP Address Enter the IP address of the AMG1312-T Series. Primary DNS Server Enter the primary DNS server IP address for the AMG1312-T Series. Secondary DNS Enter the secondary DNS server IP address for the AMG1312-T Series. Server Back Click this to return to the previous screen without saving.
Page 31 IP Address Enter the IP address of the AMG1312-T Series. Primary DNS Enter the primary DNS server IP address for the AMG1312-T Series. Server Secondary Enter the secondary DNS server IP address for the AMG1312-T Series.
Page 32 Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless LAN. Network If you change this field on the AMG1312-T Series, make sure all wireless stations use the Name(SSID) same SSID in order to access the network.
Page 33 Refer to the rest of this guide for more detailed information on the complete range of AMG1312-T Series features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. AMG1312-T Series User’s Guide...
Page 34: Tutorials
AMG1312-T Series’s hardware connection. Connect one end of a DSL cable to the DSL port of your AMG1312-T Series. The other end should be connected to the DSL port in your house or a DSL router/modem provided by your ISP.
Page 35: Account Configuration
My DSL Multiplex IPv6/IPv4 Dual Enabled Stack Auto Authentication Others IP Address: Obtain IP Address Automatically DNS Server: Obtained From ISP IPv6 Address: Obtain IPv6 Address Automatically DHCP IPv6: DHCP DHCP PD: Enable WAN Identifier Type: EUI64 AMG1312-T Series User’s Guide...
Page 36: Ipv6 Address Configuration
Go to Network Setting > Broadband, enter or select these values and click Apply. This completes your DSL WAN connection setting. 4.3 IPv6 Address Configuration If the ISP’s network supports IPv6, the ISP may assign an IPv6 address to the AMG1312-T Series automatically. AMG1312-T Series User’s Guide...
Page 37: Setting Up A Secure Wireless Network
Obtain an IP Address Automatically. In the DHCP IPv6 field select DHCP to obtain an IPv6 address from a DHCPv6 server. In the DHCP PD field select Enable to have the AMG1312-T Series pass the WAN prefix to LAN hosts. The LAN hosts can then use the prefix to generate their IPv6 addresses.
Page 38: Using Wps
Thomas can now use the WPS feature to establish a wireless connection between his notebook and the AMG1312-T Series (see Section 4.4.2 on page 38). He can also use the notebook’s wireless client to search for the AMG1312-T Series (see Section 4.4.3 on page 42). 4.4.2 Using WPS This section shows you how to set up a wireless network using WPS.
Page 39 AMG1312-T Series. Push Button Configuration (PBC) Make sure that your AMG1312-T Series is turned on and your notebook is within the cover range of the wireless signal. Make sure that you have installed the wireless client driver and utility in your notebook.
Page 40: Wireless Client
COMMUNICATION PIN Configuration When you use the PIN configuration method, you need to use both the AMG1312-T Series’s web config ur at or and the wireless client’s utility. Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number.
Page 41 AMG1312-T Series’s WPS screen within two minutes. The AMG1312-T Series authenticates the wireless client and sends the proper configuration settings to the wireless client. This may take up to two minutes. The wireless client is then able to communicate with the AMG1312-T Series securely.
Page 42: Connecting Wirelessly To Your Amg1312-T Series
COMMUNICATION 4.4.3 Connecting Wirelessly to your AMG1312-T Series This section describes how to connect wirelessly to your AMG1312-T Series. The connection procedure is shown here using Windows XP as an example. Right-click the wireless adapter icon which appears in the bottom right of your computer monitor.
Page 43 Chapter 4 Tutorials Tutorial: Status Select the AMG1312-T Series’s SSID name and click Connect (A). The SSID “SecureWirelessNetwork” is given here as an example. Tutorial: Status You are prompted to enter a password. Enter it and click Connect. Tutorial: Status You may have to wait several minutes while your computer connects to the wireless network.
Page 44: Configuring The Mac Address Filter For Restricting Wireless Internet Access
Congratulations! Your computer is now ready to connect to the Internet wirelessly through your AMG1312-T Series. Note: If you cannot connect wirelessly to the AMG1312-T Series, check you have selected the correct SSID and entered the correct security key. If that does not work, ensure your wireless network adapter is enabled by clicking on the wireless adapter icon and clicking Enable.
Page 45: Setting Up Nat Forwarding For A Game Server
4.6 Setting Up NAT Forwarding for a Game Server Thomas manages a Doom server on a computer behind the AMG1312-T Series. In order for players on the Internet (like A in the figure below) coming through the default WAN connection (PVC0) to communicate with the Doom server, Thomas can use port forwarding.
Page 46: Port Forwarding
D=192.168.1.34 port 666 4.6.1 Port Forwarding Thomas needs to configure the port settings and IP address on the AMG1312-T Series. Traffic should be forwarded to port 666 of the Doom server computer which has an IP address of 192.168.1.34. Thomas may set up the port settings by configuring the port settings for the Doom server computer (see Section 11.3 on page 149...
Page 47: Configuring Firewall Rules To Allow A Specified Service
Enter the IP address of the Doom server (192.168.1.34 for this example). The screen should look as follows. Click Apply. The port forwarding settings you configured appear in the table. The AMG1312-T Series forwards port 666 traffic to the computer with IP address 192.168.1.34.
Page 48 The Add New Firewall Rule screen will appear. Click the Edit Customized Services button to access the following screen. Click Add and configure the following settings. In this tutorial, a hypothetical port 123 is allowed. Click OK. Service Name My_Service Service Type Port Number AMG1312-T Series User’s Guide...
Page 49 Tutorial: Advanced > QoS > Queue Setup In the Add New Firewall Rule screen, select Active. In the Available Services field, select the service you configured, My_Service. Click OK. Tutorial: Advanced > QoS > Queue Setup AMG1312-T Series User’s Guide...
Page 50: Configuring Static Route For Routing To Another Network
Series’s WAN default gateway by default. In this case, B will never receive the traffic. You need to specify a static routing rule on the AMG1312-T Series to specify R as the router in charge of forwarding traffic to N2. In this case, the AMG1312-T Series routes traffic from A to R and then R routes the traffic to B.
Page 51 192.168.10.2 192.168.10.33 To configure a static route to route traffic from N1 to N2: Log into the AMG1312-T Series’s Web Configurator. Click Network Setting > Static Route. Click Edit on a new rule in the Static Route screen. Configure the Static Route Setup screen using the following settings: Type 192.168.10.0 and subnet mask 255.255.255.0 for the destination, N2.
Page 52: Port Binding Configuration
4.9.1 Configuring ATM QoS for Multiple WAN Connections This example shows an application for multiple WAN connections with different ATM QoS Settings. More than one WAN connection on the AMG1312-T Series may be configured to record traffic statistics or calculate service charges.
Page 53 Chapter 4 Tutorials To configure bandwidth for the data connection, select UBR with PCR in the ATM QoS Type field. Click Apply. AMG1312-T Series User’s Guide...
Page 54 ATM QoS Type field. Set the Peak Cell Rate as 4717 (divide the bandwidth 2mbps by 424) and set both the Sustain Cell Rate and Maximum Burst Size as 4716 (which is less than the peak cell rate). Click Apply to save the settings. AMG1312-T Series User’s Guide...
Page 55: Configuring Port Binding
Access the port binding screen by clicking Network Setting > Port Binding, and select Activated Port Binding to turn on the port binding feature. Click the Port Binding tab, specify the Group Index and select the ports to include in the port binding group. Click Apply. AMG1312-T Series User’s Guide...
Page 56: Configuring Qos To Prioritize Traffic
• Note the MAC address (AA:FF:AA:FF:AA:FF for example) of your computer and map it to queue Note: QoS is applied to traffic flowing out of the AMG1312-T Series. Traffic that does not match this class is assigned a priority queue based on the internal QoS mapping table on the AMG1312-T Series.
Page 57 Select Active and follow the settings as shown in the screen below. Then click OK. Note that you have to select TCP in the IP Protocol field first, then you can configure the source port range setting. AMG1312-T Series User’s Guide...
Page 58 Chapter 4 Tutorials Tutorial: Advanced > QoS > Class Setup AMG1312-T Series User’s Guide...
Page 59: Access The Amg1312-T Series From The Internet Using Ddns
4.11 Access the AMG1312-T Series from the Internet Using DDNS If you connect your AMG1312-T Series to the Internet and it uses a dynamic WAN IP address, it is inconvenient for you to manage the device from the Internet. The AMG1312-T Series’s WAN IP address changes dynamically.
Page 60: Configuring Ddns On Your Amg1312-T Series
• Hostname: zyxelrouter.dyndns.org • Service Type: Host with IP address • IP Address: Enter the WAN IP address that your AMG1312-T Series is currently using. You can find the IP address on the AMG1312-T Series’s Web Configurator Status page. Then you will need to configure the same account and host name on the AMG1312-T Series later.
Page 61: Technical Reference
Technical Reference...
Page 63: Connection Status And System Info Screens
If you prefer to view the status in a list, click List View in the Viewing mode selection box. You can configure how often you want the AMG1312-T Series to update this screen in Refresh Interval.
Page 64: The System Info Screen
In Icon View, if you want to view information about a client, click the client’s name and then click on Info. In List View, you can also view the client’s information. 5.3 The System Info Screen Click Connection Status > System Info to open this screen. Figure 17 System Info Screen AMG1312-T Series User’s Guide...
Page 65 This is the primary/secondary DNS server IP address assigned to the AMG1312-T Series. Secondary IPv6 Global This is the current IPv6 address of the AMG1312-T Series in the WAN. Click this to go to the screen where you can change it. IPv6 Prefix This is the current IPv6 prefix length in the WAN.
Page 66 This field displays what DHCP services the AMG1312-T Series is providing to the LAN. Choices are: Server - The AMG1312-T Series is a DHCP server in the LAN. It assigns IP addresses to other computers in the LAN. Relay - The AMG1312-T Series acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients.
Page 67 This field displays how long the DSL connection has been active. Time System Up This field displays how long the AMG1312-T Series has been running since it last started up. Time The AMG1312-T Series starts up when you plug it in, when you restart it (Maintenance >...
Page 68: Broadband
H A PT ER Broadband 6.1 Overview This chapter describes the AMG1312-T Series’s Broadband screens. Use these screens to configure your AMG1312-T Series for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet.
Page 69: Before You Begin
Chapter 6 Broadband WAN IP Address The WAN IP address is an IP address for the AMG1312-T Series, which makes it accessible from an outside network. It is used by the AMG1312-T Series to communicate with other devices in other networks.
Page 70 Chapter 6 Broadband Figure 19 Network Setting > Broadband > Internet Connection > Auto Sync Up AMG1312-T Series User’s Guide...
Page 71 VC or LLC. IPv6/IPv4 Dual Stack If you select Enable, the AMG1312-T Series can connect to IPv4 and IPv6 networks and choose the protocol for applications according to the address type. If you select Disable, the AMG1312-T Series will operate in IPv4 mode.
Page 72 IPv6 Address Obtain an IP Address Select this option if you want to have the AMG1312-T Series use the IPv6 prefix from Automatically the connected router’s Router Advertisement (RA) to generate an IPv6 address.
Page 73: Advanced Setup
This feature allows you to set some LAN port(s) and/or SSID(s) to be in bridge mode with the WAN interface, while other LAN port(s) and SSID(s) can still use Firewall, DHCP server and NAT on the AMG1312-T Series. Enable Con-current Select this option to bridge traffic between the WAN interface and certain Ethernet port(s) and/or SSID(s).
Page 74 IGMP-v3. Select None to disable it. MLD Proxy Select the version of MLD proxy (v1 or v2) to have the AMG1312-T Series act as for this connection. This allows the AMG1312-T Series to get subscription information and maintain a joined member list for each multicast group. It can reduce multicast traffic significantly.
Page 75: The More Connections Screen
For PPPoA and RFC 1483, the MTU is 65535. 6.3 The More Connections Screen The AMG1312-T Series allows you to configure more than one Internet access connection. To configure additional Internet access connections click Network Setting > Broadband > More Connections.
Page 76: More Connections Edit
Click the Remove icon to delete the Internet access setup from your connection list. 6.3.1 More Connections Edit Use this screen to configure a connection. Click the edit icon in the More Connections screen to display the following screen. AMG1312-T Series User’s Guide...
Page 77 The following table describes the labels in this screen. Table 14 Network Setting > Broadband > More Connections: Edit LABEL DESCRIPTION General Active Select the check box to activate or clear the check box to deactivate this connection. AMG1312-T Series User’s Guide...
Page 78 Select Router from the drop-down list box if your ISP allows multiple computers to share an Internet account. If you select Bridge, the AMG1312-T Series will forward any packet that it does not route to this remote node; otherwise, the packets are discarded.
Page 79: Configuring More Connections Advanced Setup
Chapter 6 Broadband 6.3.2 Configuring More Connections Advanced Setup Use this screen to edit your AMG1312-T Series's advanced WAN settings. Click the Advanced Setup arrow icon in the More Connections Edit screen. The screen appears as shown. Figure 23 Network Setting > Broadband > More Connections: Edit: Advanced Setup The following table describes the labels in this screen.
Page 80: The 3G Backup Screen
6.4 The 3G Backup Screen The USB ports (at the left side panel of the AMG1312-T Series) allow you to attach a 3G dongle to wirelessly connect to a 3G network for Internet access. You can have the AMG1312-T Series use the 3G WAN connection as a backup.
Page 81 DESCRIPTION General 3G Backup Select Enable to have the AMG1312-T Series use the 3G connection as your WAN or a backup when the wired WAN connection fails. Card This field displays the manufacturer and model name of your 3G card if you inserted one in description the AMG1312-T Series.
Page 82: Wan Technical Reference
6.5 WAN Technical Reference This section provides some technical background information about the topics covered in this chapter. 6.5.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The AMG1312-T Series supports the following methods. AMG1312-T Series User’s Guide...
Page 83: Multiplexing
By implementing PPPoE directly on the AMG1312-T Series (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the AMG1312-T Series does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 84: Vpi And Vci
Address and Gateway IP Address fields as supplied by your ISP. However for a dynamic IP, the AMG1312-T Series acts as a DHCP client on the WAN port and so the IP Address and Gateway IP Address fields are not applicable (N/A) as the DHCP server assigns them to the AMG1312-T Series.
Page 85: Nat
If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate. The following figure illustrates the relationship between PCR, SCR and MBS. Figure 26 Example of Traffic Shaping AMG1312-T Series User’s Guide...
Page 86: Atm Traffic Classes
The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers. However, UBR doesn't guarantee any bandwidth and only delivers traffic when the network has spare bandwidth. An example application is background file transfer. AMG1312-T Series User’s Guide...
Page 87: Wireless Lan
Section 7.3 on page 94) to set up multiple wireless networks on your AMG1312-T Series and/or set up a guest wireless network on your AMG1312-T Seriesto allow associated wireless clients to access the Internet. • Use the MAC Authentication screen to allow or deny wireless clients based on their MAC addresses from connecting to the AMG1312-T Series (Section 7.4 on page...
Page 88: What You Need To Know About Wireless
Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode. Note: If you are configuring the AMG1312-T Series from a computer connected to the wireless LAN and you change the AMG1312-T Series’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.
Page 89 SSIDs or wired LAN devices through the AMG1312-T Series. Select both Client Isolation and MBSSID/LAN Isolation to allow this SSID’s wireless clients to only connect to the Internet through the AMG1312-T Series. Channel Set the operating channel manually by selecting a channel from the Channel Selection Selection list or use Auto to have it automatically determine a channel to use.
Page 90: No Security
Select No Security to allow wireless stations to communicate with the access points without any data encryption or authentication. Note: If you do not enable any wireless security on your AMG1312-T Series, your network is accessible to any wireless networking device that is within range.
Page 91: More Secure (Wpa(2)-Psk)
The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the AMG1312-T Series and the connecting client share a common password in order to validate the connection. This type of encryption, while robust, is not as strong as WPA, WPA2 or even WPA2-PSK.
Page 92: Wpa(2) Authentication
Encryption This field displays the encryption type for data encryption. If you choose WPA-PSK as the security mode, the AMG1312-T Series uses TKIP for data encryption. If you choose WPA2-PSK as the security mode and enable WPA-PSK Compatible, the AMG1312-T Series uses either TKIP and AES (TKIPAES MIX) for data encryption.
Page 93 RADIUS server, the reauthentication timer on the RADIUS server has priority. WPA Compatible This field is only available for WPA2. Select this if you want the AMG1312-T Series to support WPA and WPA2 simultaneously. AMG1312-T Series User’s Guide...
Page 94: The More/Guest Ap Screen
SSID is not active. SSID An SSID profile is the set of parameters relating to one of the AMG1312-T Series’s BSSs. The SSID (Service Set IDentifier) identifies the Service Set with which a wireless device is associated.
Page 95 Select Basic (WEP) or More Secure (WPA(2)-PSK, WPA(2)) to add security on this wireless network. The wireless clients which want to associate to this network must have same wireless security settings as the AMG1312-T Series. After you select to use a security, additional options appears in this screen.
Page 96: The Mac Authentication Screen
You need to know the MAC addresses of the devices to configure this screen. Use this screen to view your AMG1312-T Series’s MAC filter settings and add new MAC filter rules. Click Network Setting > Wireless > MAC Authentication. The screen appears as shown.
Page 97: The Wps Screen
Chapter 7 Wireless LAN 7.5 The WPS Screen Use this screen to configure WiFi Protected Setup (WPS) on your AMG1312-T Series. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices. Both devices must support WPS.
Page 98 PIN in the configuration utility of the device you want to connect to using WPS. The PIN is not necessary when you use WPS push-button method. Click the Generate New PIN button to have the AMG1312-T Series create a new PIN. Status...
Page 99: The Wds Screen
This is the index number of the individual WDS link. Active Select this to activate the link between the AMG1312-T Series and the peer device to which this entry refers. When you do not select the check box this link is down.
Page 100: The Wmm Screen
LABEL DESCRIPTION Enable WMM of Use the checkboxes to determine whether to have the AMG1312-T Series automatically SSID1~4 give a service a priority level according to the ToS value in the IP header of packets it sends for a wireless network. WMM QoS (WiFi MultiMedia Quality of Service) gives high priority to voice and video, which makes them run more smoothly.
Page 101: The Advanced Screen
2346. Output Power Set the output power of the AMG1312-T Series. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs. Select one of the following: 100%, 75%, 50% or 25%.
Page 102: Wireless Lan Technical Reference
AMG1312-T Series might be reduced. Channel Width Select whether the AMG1312-T Series uses a wireless channel width of 20MHz or Auto. If Auto is selected, the AMG1312-T Series will use 40MHz if it is supported. A standard 20MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300 Mbps.
Page 103 The wireless network is the part in the blue circle. In this wireless network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your AMG1312-T Series is the AP. Every wireless network must follow these basic guidelines.
Page 104: Additional Wireless Terms
A preamble affects the timing in your wireless network. There are two preamble modes: long and short. If a device uses a different preamble mode than the AMG1312-T Series does, it cannot communicate with the AMG1312-T Series. Authentication The process of verifying whether a wireless device is allowed to use the wireless network.
Page 105 User’s Guide or other documentation. You can use the MAC address filter to tell the AMG1312-T Series which devices are allowed or not allowed to use the wireless network. If a device is allowed to use the wireless network, it still has to have the correct information (SSID, channel, and security).
Page 106: Signal Problems
When you select WPA2 or WPA2-PSK in your AMG1312-T Series, you can also select an option (WPA compatible) to support WPA as well. In this case, if some of the devices support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the AMG1312-T Series.
Page 107: Bss
• You must use different keys for different BSSs. If two wireless devices have different BSSIDs (they are in different BSSs), but have the same keys, they may hear each other’s communications (but not communicate with each other). AMG1312-T Series User’s Guide...
Page 108: Wireless Distribution System (Wds)
AP 2 7.10.8 WiFi Protected Setup (WPS) Your AMG1312-T Series supports WiFi Protected Setup (WPS), which is an easy way to set up a secure wireless network. WPS is an industry standard specification, defined by the WiFi Alliance. WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually.
Page 109 Section 7.6 on page 99). Press the button on one of the devices (it doesn’t matter which). For the AMG1312-T Series you must press the WPS button for more than three seconds. Within two minutes, press the button on the other device. The registrar sends the network name (SSID) and security key through an secure connection to the enrollee.
Page 110: How Wps Works
If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly. The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. AMG1312-T Series User’s Guide...
Page 111 When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information. AMG1312-T Series User’s Guide...
Page 112 In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. AMG1312-T Series User’s Guide...
Page 113 If this happens, open the access point’s configuration interface and look at the list of associated clients (usually displayed by MAC address). It does not matter if the AMG1312-T Series User’s Guide...
Page 114 Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. AMG1312-T Series User’s Guide...
Page 115: Home Networking
• Use the IP Alias screen (Section 8.4 on page 120) to change your AMG1312-T Series’s IP alias settings. • Use the UPnP screen to enable UPnP and UPnP NAT traversal on the AMG1312-T Series (Section 8.5 on page 121).
Page 116: What You Need To Know
DHCP A DHCP (Dynamic Host Configuration Protocol) server can assign your AMG1312-T Series an IP address, subnet mask, DNS and other routing information when it's turned on. DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa.
Page 117: Before You Begin
8.2 The LAN Setup Screen Use this screen to set the Local Area Network IP address, subnet mask and advanced networking settings such as RIP, multicast of your AMG1312-T Series. Click Network Setting > Home Networking to open the LAN Setup screen.
Page 118 DESCRIPTION LAN IP Setup IP Address Enter the LAN IP address you want to assign to your AMG1312-T Series in dotted decimal notation, for example, 192.168.1.1 (factory default). Subnet Mask Type the subnet mask of your network in dotted decimal notation, for example 255.255.255.0 (factory default).
Page 119: The Static Dhcp Screen
DHCP client. If set to Disable, the DHCP server will be disabled. If set to DHCP Relay, the AMG1312-T Series acts as a surrogate DHCP server and relays DHCP requests and responses between the remote server and the clients. Enter the IP address of the actual, remote DHCP server in the Remote DHCP Server field in this case.
Page 120: The Ip Alias Screen
IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The AMG1312-T Series supports multiple logical LAN interfaces via its physical Ethernet interface with the AMG1312-T Series itself as the gateway for the LAN network. AMG1312-T Series User’s Guide...
Page 121: Configuring The Lan Ip Alias Screen
116 for more information on UPnP. Use the following screen to enable or disable the UPnP function on your AMG1312-T Series. Click Network Setting > Home Networking > UPnP to display the screen shown next. Figure 52 Network Setting > Home Networking > UPnP...
Page 122: The Ipv6 Lan Setup Screen
Cancel Click Cancel to exit this screen without saving. 8.6 The IPv6 LAN Setup Screen Use this screen to configure the IPv6 settings for your AMG1312-T Series’s LAN interface. See Appendix E on page 277 for background information about IPv6.
Page 123 Static Select this option to configure a fixed IPv6 address for the AMG1312-T Series’s LAN IPv6 address. Static IPv6 If you select static IPv6 address, enter the IPv6 address prefix that the AMG1312-T Address Series uses for the LAN IPv6 address.
Page 124 Select this to have the AMG1312-T Series indicate to hosts to obtain network settings config flag (such as prefix and DNS settings) through DHCPv6. Clear this to have the AMG1312-T Series indicate to hosts that DHCPv6 is not available and they should use the prefix in the router advertisement message. Other...
Page 125: The File Sharing Screen
Use this field to Enable or Disable DHCPv6 server on the AMG1312-T Series. Server DNSv6 Select the DNS role (Proxy or Relay) that you want the AMG1312-T Series to act in Mode the IPv6 LAN network. Alternatively, select Manual and specify the DNS servers’ IPv6 address in the fields below.
Page 126: The User Edit Screen
This is the name of a user who is allowed to access the secured shares on the USB device. Modify Click the Edit icon to modify the user account. Click the Delete icon to remove the user account from the AMG1312-T Series. Apply Click this to save your changes to the AMG1312-T Series.
Page 127 Table 38 Network Setting > Home Networking > File Sharing > Edit LABEL DESCRIPTION Active Select Active to edit user file sharing through the AMG1312-T Series. User Name Type in the user name of 5 to 15 keyboard characters in length. New Password Type in the new password of 5 to 15 keyboard characters in length.
Page 128: Home Networking Technical Reference
DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the AMG1312-T Series as a DHCP server or disable it. When configured as a server, the AMG1312-T Series provides the TCP/IP configuration for the clients.
Page 129: Lan Tcp/Ip
The subnet mask specifies the network number portion of an IP address. Your AMG1312-T Series will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the AMG1312-T Series unless you are instructed to do otherwise.
Page 130: Rip Setup
• Both - the AMG1312-T Series will broadcast its routing table periodically and incorporate the RIP information that it receives. • In Only - the AMG1312-T Series will not send any RIP packets but will accept all RIP packets received.
Page 131 (including gateways). All hosts must join the 224.0.0.1 group in order to participate in IGMP. The address 224.0.0.2 is assigned to the multicast routers group. At start up, the AMG1312-T Series queries all directly connected networks to gather group membership. After that, the AMG1312-T Series periodically updates this information. IP multicasting can be enabled/disabled on the AMG1312-T Series LAN and/or WAN interfaces in the web configurator (LAN;...
Page 132: Static Route
9.1 Overview The AMG1312-T Series usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the AMG1312-T Series send data to devices not reachable through the default gateway, use static routes.
Page 133: What You Can Do In The Static Route Screens
Click the Edit icon to go to the screen where you can set up a static route on the AMG1312-T Series. Click the Delete icon to remove a static route from the AMG1312-T Series. A window displays asking you to confirm that you want to delete the route.
Page 134: Ipv6 Static Route
The following table describes the labels in this screen. Table 41 Network Setting > Static Route > IPv6 Static Route LABEL DESCRIPTION Add new static Click this to configure a new IPv6 static route. route This is the number of an individual static route. AMG1312-T Series User’s Guide...
Page 135: Ipv6 Static Route Edit
Click the Edit icon to go to the screen where you can set up a static route on the AMG1312-T Series. Click the Remove icon to remove a static route from the AMG1312-T Series. A window displays asking you to confirm that you want to delete the route.
Page 136: Quality Of Service (Qos)
Quality of Service (QoS) 10.1 Overview Use the QoS screen to set up your AMG1312-T Series to use QoS for traffic management. Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control bandwidth. QoS allows the AMG1312-T Series to group and prioritize application traffic and fine-tune network performance.
Page 137: What You Need To Know About Qos
10.2 The Quality of Service General Screen Use this screen to enable or disable QoS and set the upstream bandwidth. Click Network Setting > QoS > General to open the screen as shown next. Figure 63 Network Setting > QoS > General AMG1312-T Series User’s Guide...
Page 138: The Queue Screen
A gray bulb signifies that this queue is not active. Name This shows the descriptive name of this queue. Interface This shows the name of the AMG1312-T Series’s interface through which traffic in this queue passes. Priority This shows the priority of this queue.
Page 139: Adding A Qos Queue
Weight Select the weight (from 1 to 8) of this queue. If two queues have the same priority level, the AMG1312-T Series divides the bandwidth across the queues according to their weights. Queues with larger weights get more bandwidth than queues with smaller weights.
Page 140: The Class Setup Screen
(such as Telnet) to form a flow. You can give different priorities to traffic that the AMG1312-T Series forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly. Similarly, give low priority to many large file downloads so that they do not reduce the quality of other applications.
Page 141 Chapter 10 Quality of Service (QoS) Figure 67 QoS > Class Setup Add/Edit AMG1312-T Series User’s Guide...
Page 142 If you select TCP/UDP, TCP or UDP in the IP Protocol field, select the check box and enter the port number(s) of the source. MAC Address Select the check box and enter the destination MAC address of the packet. AMG1312-T Series User’s Guide...
Page 143 Select the interface through which traffic that matches the rule is forwarded out. If you select Unchange, the AMG1312-T Series forwards traffic of this class according to the default routing table. If traffic of this class comes from a WAN interface and is in a queue that forwards traffic through the LAN/WLAN interface, the AMG1312-T Series ignores the setting here.
Page 144: The Qos Game List Screen
VLAN ID that you specify in the Ethernet Priority and VLAN ID fields. If you select Same, the AMG1312-T Series keep the Ethernet Priority and VLAN ID in the packets. To configure the Ethernet Priority, you can either select a priority number in the first...
Page 145: Qos Technical Reference
IP precedence uses three bits of the eight-bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence. Zero is the lowest priority level and seven is the highest. AMG1312-T Series User’s Guide...
Page 146: Automatic Priority Queue Assignment
Chapter 10 Quality of Service (QoS) 10.6.3 Automatic Priority Queue Assignment If you enable QoS on the AMG1312-T Series, the AMG1312-T Series can automatically base on the IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class.
Page 147: Network Address Translation (Nat)
• Use the DMZ screen to configure a default server (Section 11.4 on page 152). • Use the ALG screen to enable and disable the NAT and SIP (VoIP) ALG in the AMG1312-T Series Section 11.5 on page 152). 11.1.2 What You Need To Know About NAT...
Page 148: The Nat General Screen
NAT to open the following screen. Note: You must create an IP filter rule in addition to setting up NAT, to allow traffic from the WAN to be forwarded through the AMG1312-T Series. Figure 69 Network Setting > NAT > General The following table describes the labels in this screen.
Page 149: The Port Forwarding Screen
Note: If you do not assign a Default Server IP address, the AMG1312-T Series discards all packets received for ports that are not specified here or in the remote management setup.
Page 150: Port Forwarding Rule Add/Edit
11.3.2 Port Forwarding Rule Add/Edit Use this screen to add or edit a port forwarding rule. Click the Add new rule button or a rule’s edit icon in the Port Forwarding screen to display the screen as shown next. AMG1312-T Series User’s Guide...
Page 151 Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. AMG1312-T Series User’s Guide...
Page 152: The Dmz Screen
When the AMG1312-T Series registers with the SIP register server, the SIP ALG translates the AMG1312-T Series’s private IP address inside the SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your AMG1312-T Series is behind a SIP ALG.
Page 153: Nat Technical Reference
Chapter 11 Network Address Translation (NAT) Use this screen to enable and disable the SIP (VoIP) ALG in the AMG1312-T Series. To access this screen, click Network Settings > NAT > ALG. Figure 74 Network Setting > NAT > ALG The following table describes the fields in this screen.
Page 154: What Nat Does
Table 57 on page 156), NAT offers the additional benefit of firewall protection. With no servers defined, your AMG1312-T Series filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
Page 155: Nat Mapping Types
11.6.5 NAT Mapping Types NAT supports five types of IP/port mapping. They are: • One to One: In One-to-One mode, the AMG1312-T Series maps one local IP address to one global IP address. • Many to One: In Many-to-One mode, the AMG1312-T Series maps multiple local IP addresses to one global IP address.
Page 156 ILA2 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 AMG1312-T Series User’s Guide...
Page 157: Port Binding
PVC connections. The first PVC (PVC0) is for non time-sensitive data traffic. The second and third PVCs (PVC1 and PVC2) are for time sensitive Media-On-Demand (MOD) video traffic and VoIP traffic, respectively. Figure 77 Port Binding Groups Data PVC0 PVC1 VoIP PVC2 AMG1312-T Series User’s Guide...
Page 158: What You Can Do In The Port Binding Screens
Apply Add the selected port binding group configuration. 12.3 The Port Binding Screen Use this screen to set up port binding groups. Click Network Setting > Port Binding > Port Binding to display the following screen. AMG1312-T Series User’s Guide...
Page 159: Port Binding Summary Screen
Use this screen to view configured port binding groups. In the Port Binding screen, click the Port Binding Summary button in the Group Summary section to display the following screen. Figure 80 Network Setting > Port Binding > Port Binding Summary AMG1312-T Series User’s Guide...
Page 160 The following table describes the labels in this screen. Table 60 Network Setting > Port Binding > Port Binding Summary LABEL DESCRIPTION Group ID This field displays the group index number. Group port This field displays the ports included in the group. AMG1312-T Series User’s Guide...
Page 161: Dynamic Dns Setup
If you have a private WAN IP address, then you cannot use Dynamic DNS. 13.2 The Dynamic DNS Screen Use this screen to change your AMG1312-T Series’s DDNS. Click Network Setting > Dynamic DNS. The screen appears as shown. AMG1312-T Series User’s Guide...
Page 162 This is the website of your Dynamic DNS service provider. Host Name Type the domain name assigned to your AMG1312-T Series by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (",").
Page 163: Filters
“http://www.zyxel.com”. URL and IP Filter Structure The URL, IP and IPv6 filters have individual rule indexes. The AMG1312-T Series allows you to configure each type of filter with its own respective set of rules. 14.2 The IP/MAC Filter Screen Use this screen to create and apply IP and MAC filters.
Page 164 0 to 65535. This field is ignored if it is 0. Destination IP Address Enter the destination IP address of the packets you wish to filter. This field is ignored if it is 0.0.0.0. AMG1312-T Series User’s Guide...
Page 165 This is the destination port number. Protocol This is the upper layer protocol. Apply Click this to apply your changes. Delete Click this to remove the filter rule. Cancel Click this to restore your previously saved settings. AMG1312-T Series User’s Guide...
Page 166: Ipv6/Mac Filter
::. Source Prefix Length Enter the prefix length for the source IPv6 address Destination IPv6 Address Enter the destination IPv6 address of the packets you wish to filter. This field is ignored if it is ::. AMG1312-T Series User’s Guide...
Page 167 This is the (upper layer) protocol that defines the service to which this rule applies. By default it is ICMPv6. Apply Click this to apply your changes. Delete Click this to remove the filter rule. Cancel Click this to restore your previously saved settings. AMG1312-T Series User’s Guide...
Page 168: Firewall
HAPTER Firewall 15.1 Overview This chapter shows you how to enable the AMG1312-T Series firewall. Use the firewall to protect your AMG1312-T Series and network from attacks by hackers on the Internet and control access to it. The firewall: • allows traffic that originates from your LAN computers to go to all other networks.
Page 169: What You Need To Know About Firewall
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The AMG1312-T Series is pre-configured to automatically detect and thwart all known DoS attacks.
Page 170: The Firewall General Screen
Chapter 15 Firewall Anti-Probing If an outside user attempts to probe an unsupported port on your AMG1312-T Series, an ICMP response packet is automatically returned. This allows the outside user to know the AMG1312-T Series exists. The AMG1312-T Series supports anti-probing, which prevents the ICMP response packet from being sent.
Page 171: The Default Action Screen
Use this screen to set the default action that the firewall takes on packets that do not match any of the firewall rules. Click Security > Firewall > Default Action to display the following screen. Figure 86 Security > Firewall > Default Action AMG1312-T Series User’s Guide...
Page 172 Firewall rules are grouped based on the direction of travel of packets to which they apply. For example, LAN to Router means packets traveling from a computer/subnet on the LAN to the AMG1312-T Series itself. Default Action Use the drop-down list boxes to select the default action that the firewall is to take on packets that are traveling in the selected direction and do not match any of the firewall rules.
Page 173: The Rules Screen
LABEL DESCRIPTION Firewall Rules Storage This read-only bar shows how much of the AMG1312-T Series's memory for Space in Use recording firewall rules it is currently using. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
Page 174: The Rules Add Screen
Destination Interface This column displays the destination interface to which this firewall rule applies. This is the interface through which the traffic is destined to leave the AMG1312-T Series. Please note that a blank source interface is equivalent to Any.
Page 175 Maximum Burst Set the maximum number of packets that can be sent at the peak rate. Number This field determines if a log for packets that match the rule is created or not. Rules/Destination Address AMG1312-T Series User’s Guide...
Page 176: Customized Services
Destination Interface Specify a destination interface to which this firewall rule applies. This is the interface through which the traffic is destined to leave the AMG1312-T Series. Please note that a blank source interface is equivalent to any. Services...
Page 177: Customized Service Add/Edit
Use this screen to add a customized rule or edit an existing rule. Click Add or the Edit icon next to a rule number in the Firewall Customized Services screen to display the following screen. Figure 90 Security > Firewall > Rules: Edit: Edit Customized Services: Add/Edit AMG1312-T Series User’s Guide...
Page 178 Back Click this to return to the previous screen without saving. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. Delete Click this to delete the current rule. AMG1312-T Series User’s Guide...
Page 179: The Dos Screen
The following table describes the labels in this screen. Table 70 Security > Firewall > Dos LABEL DESCRIPTION Denial of Services Enable this to protect against DoS attacks. The AMG1312-T Series will drop sessions that surpass maximum thresholds. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings.
Page 180: Configuring Firewall Thresholds
Tune these parameters when you believe the AMG1312-T Series has been receiving DoS attacks that are not recorded in the logs or the logs show that the AMG1312-T Series is classifying normal traffic as DoS attacks. Factors influencing choices for threshold values are: The maximum number of opened sessions.
Page 181: Firewall Technical Reference
Your customized rules take precedence and override the AMG1312-T Series’s default settings. The AMG1312-T Series checks the source IP address, destination IP address and IP protocol type of network traffic against the firewall rules (in the order you list them). When the traffic matches a rule, the AMG1312-T Series takes the action specified in the rule.
Page 182: Guidelines For Enhancing Security With Your Firewall
WAN to access devices on the LAN. • WAN to Router By default the AMG1312-T Series stops computers on the WAN from managing the AMG1312-T Series. You could configure one of these rules to allow a WAN computer to manage the AMG1312-T Series.
Page 183: Security Considerations
Internet (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the AMG1312-T Series’s LAN IP address), the “triangle route” (also called asymmetrical route) problem may occur. The steps below describe the “triangle route”...
Page 184 A computer on the LAN initiates a connection by sending out a SYN packet to a receiving server on the WAN. The AMG1312-T Series reroutes the SYN packet through Gateway A on the LAN to the WAN. The reply from the WAN goes directly to the computer on the LAN without going through the AMG1312-T Series.
Page 185 Chapter 15 Firewall Figure 96 IP Alias Subnet 1 ISP 1 ISP 2 Subnet 2 AMG1312-T Series User’s Guide...
Page 186: Parental Control
16.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the AMG1312-T Series performs parental control on a specific user. 16.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules.
Page 187: Add/Edit Parental Control Rule
Figure 98 Add/Edit Parental Control Rule The following table describes the fields in this screen. Table 73 Parental Control: Add/Edit LABEL DESCRIPTION General Active Select the checkbox to activate this parental control rule. AMG1312-T Series User’s Guide...
Page 188 Click the Edit icon to go to the screen where you can edit the rule. Click the Delete icon to delete an existing rule. Blocked Site/URL Enter the URL of web sites or URL keywords to which the AMG1312-T Series blocks access. Apply Click Apply to save your changes.
Page 189: Certificate
• Use the Local Certificates screen to view and import the AMG1312-T Series’s CA-signed certificates (Section 17.3 on page 189). • The Trusted CA screen lets you save the certificates of trusted CAs to the AMG1312-T Series (Section 17.4 on page 191). 17.2 What You Need to Know The following terms and concepts may help as you read through this chapter.
Page 190 This field applies to the SSH certificate. This shows the file format of the current certificate. Replace Click this to replace the certificate(s) and save your changes back to the AMG1312-T Series. Reset Click this to clear your settings. AMG1312-T Series User’s Guide...
Page 191: The Trusted Ca Screen
Use this screen to view a summary list of certificates of the certification authorities that you have set the AMG1312-T Series to accept as trusted. The AMG1312-T Series accepts any valid certificate signed by a certification authority on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certification authorities.
Page 192: View Certificate
Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the AMG1312-T Series to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority.
Page 193 (via floppy disk for example). Back Click this to return to the previous screen. AMG1312-T Series User’s Guide...
Page 194: Logs
The web configurator allows you to choose which categories of events and/or alerts to have the AMG1312-T Series log and then display the logs or have the AMG1312-T Series send them to an administrator (as e-mail) or to a syslog server.
Page 195: The System Log Screen
Level Select a severity level from the drop-down list box. This filters search results according to the severity level you have selected. When you select a severity, the AMG1312-T Series searches through all logs of that severity or higher. Refresh Click this to renew the log screen.
Page 196: Traffic Status
196). • Use the LAN screen to view the LAN traffic statistics (Section 19.3 on page 197). • Use the NAT screen to view the NAT status of the AMG1312-T Series’s client(s) (Section 19.4 on page 198). 19.2 The WAN Status Screen Click System Monitor >...
Page 197: The Lan Status Screen
Table 81 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Refresh Select how often you want the AMG1312-T Series to update this screen from the Interval(s) drop-down list box. Set Interval Click this button to apply the new poll interval you entered in the Refresh Interval field.
Page 198: The Nat Screen
LABEL DESCRIPTION Refresh Interval Select how often you want the AMG1312-T Series to update this screen from the drop- down list box. Set Interval Click this button to apply the new poll interval you entered in the Refresh Interval field.
Page 199: User Account
Type your new system password (up to 30 characters). Note that as you type a password, the screen displays a (*) for each character you type. After you change the password, use the new password to access the AMG1312-T Series. Retype to Type the new password again for confirmation.
Page 200: Client
The AMG1312-T Series supports TR-069 Amendment 1 (CPE WAN Management Protocol Release 2.0) and TR-069 Amendment 2 (CPE WAN Management Protocol v1.1, Release 3.0). TR-069 is a protocol that defines how your AMG1312-T Series (ZD) can be managed via a management server (MS) such as ZyXEL’s Vantage Access.
Page 201 Disable to not allow the AMG1312-T Series to be managed by a management server. ACS URL Type the IP address or domain name of the management server. If the AMG1312-T Series is behind a NAT router that assigns it a private IP address, you will have to configure a NAT port forwarding rule on the NAT router.
Page 202: System Settings
Click this to restore your previously saved settings. 22.3 The Time Screen Use this screen to configure the AMG1312-T Series’s time based on your local time zone. To change your AMG1312-T Series’s time and date, click Maintenance > System > Time Setting. The screen appears as shown.
Page 203 When you set Time and Date Setup to Manual, enter the new date in this field and then click Apply. Get from Time Select this radio button to have the AMG1312-T Series get the time and date from the Server time server you specified below.
Page 204 In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. AMG1312-T Series User’s Guide...
Page 205: Firmware Upgrade
HAPTER Firmware Upgrade 23.1 Overview This chapter explains how to upload new firmware to your AMG1312-T Series. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your AMG1312-T Series.
Page 206 Chapter 23 Firmware Upgrade Figure 113 Firmware Uploading The AMG1312-T Series automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 114 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.
Page 207: Backup/Restore
Backup Configuration allows you to back up (save) the AMG1312-T Series’s current configuration to a file on your computer. Once your AMG1312-T Series is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 208 T Series to its factory defaults. The following warning screen appears. Figure 118 Reset Warning Message Wait until the AMG1312-T Series’s login screen appears. You can also press the RESET button on the rear panel to reset the factory defaults of your AMG1312-T Series. Refer to Section 1.7 on page...
Page 209: The Reboot Screen
Chapter 24 Backup/Restore 24.3 The Reboot Screen System restart allows you to reboot the AMG1312-T Series remotely without turning the power off. You may need to do this if the AMG1312-T Series hangs, for example. Click Maintenance > Reboot. Click the Reboot button to have the AMG1312-T Series reboot. This does not affect the AMG1312-T Series's configuration.
Page 210: Remote Management
Remote management allows you to determine which services/protocols can access which AMG1312-T Series interface (if any) from which computers. The following figure shows remote management of the AMG1312-T Series coming in from the WAN. Figure 120 Remote Management From the WAN...
Page 211: What You Need To Know About Remote Management
• Use the AMG1312-T Series’s LAN IP address when configuring from the LAN. 25.2 The WWW Screen Use this screen to specify how to connect to the AMG1312-T Series from a web browser, such as Internet Explorer. 25.2.1 Configuring the WWW Screen Click Maintenance >...
Page 212 LABEL DESCRIPTION Server Port This displays the service port number for accessing the AMG1312-T Series using HTTP or HTTPS. If the number is grayed out, it is not editable. Server Access Select the interface(s) through which a computer may access the AMG1312-T Series using this service.
Page 213: The Telnet Screen
Click this to restore your previously saved settings. 25.4 The FTP Screen You can use FTP (File Transfer Protocol) to upload and download the AMG1312-T Series’s firmware and configuration files. Please see the User’s Guide chapter on firmware and configuration file maintenance for details.
Page 214: The Snmp Screen
Address AMG1312-T Series using this service. Select All to allow any computer to access the AMG1312-T Series using this service. Choose Range to just allow the computer(s) with an IP address in the range that you specify to access the AMG1312-T Series using this service.
Page 215: Configuring Snmp
SNMP allows a manager and agents to communicate for the purpose of accessing these objects. 25.5.1 Configuring SNMP To change your AMG1312-T Series’s SNMP settings, click Maintenance > RemoteMGMT > SNMP tab. The screen appears as shown. AMG1312-T Series User’s Guide...
Page 216 This displays the port the SNMP agent listens on. If the number is grayed out, it is not editable. Server Access Select the interface(s) through which a computer may access the AMG1312-T Series using this service. Secured Client IP A secured client is a “trusted” computer that is allowed to access the SNMP agent on the Address AMG1312-T Series.
Page 217: The Dns Screen
Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Use this screen to set from which IP address the AMG1312-T Series will accept DNS queries and on which interface it can send them your AMG1312-T Series’s DNS settings. This feature is not available when the AMG1312-T Series is set to bridge mode.
Page 218: The Ssh Screen
LABEL DESCRIPTION Respond to Ping on The AMG1312-T Series will not respond to any incoming Ping requests when Disable is selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply to incoming WAN Ping requests. Otherwise select LAN & WAN to reply to both incoming LAN and WAN Ping requests.
Page 219: Ssh Example
Table 95 Maintenance > RemoteMGMT > SSH LABEL DESCRIPTION Server Port This displays the service port number for accessing the AMG1312-T Series. If the number is grayed out, it is not editable. Server Access Select the interface(s) through which a computer may access the AMG1312-T Series using this service.
Page 220 Chapter 25 Remote Management A window displays prompting you to store the host key in your computer. Click Yes to continue. Enter your user name and password. The command line interface displays. AMG1312-T Series User’s Guide...
Page 221: Diagnostic
Click this to ping the IP address that you entered. PingV6 Click this to ping the IPv6 address that you entered. TracerouteV6 Click this to display the route path and transmission delays between the AMG1312-T Series to the IPv6 address that you entered. AMG1312-T Series User’s Guide...
Page 222: The Dsl Line Screen
Click this to start the ATM loopback test. Make sure you have configured at least one PVC Test with proper VPIs/VCIs before you begin this test. The AMG1312-T Series sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the AMG1312-T Series.
Page 223 (coming into the AMG1312-T Series from the ISP). It is measured in decibels. The higher the number the more signal and less noise there is.
Page 224: Troubleshooting
Make sure you are using the power adaptor or cord included with the AMG1312-T Series. Make sure the power adaptor or cord is connected to the AMG1312-T Series and plugged in to an appropriate power source. Make sure the power source is turned on.
Page 225: Amg1312-T Series Access And Login
Windows computers, click Start > Run, enter cmd, and then enter ipconfig. The IP address of the Default Gateway might be the IP address of the AMG1312-T Series (it depends on the network), so enter this IP address in your Internet browser.
Page 226 Lock] is not on. You cannot log in to the web configurator while someone is using Telnet to access the AMG1312-T Series. Log out of the AMG1312-T Series in the other session, or ask the person who is logged in to log out.
Page 227: Internet Access
Check the signal strength. If the signal strength is low, try moving your computer closer to the AMG1312-T Series if possible, and look around to see if there are any devices that might be interfering with the wireless network (for example, microwaves, other wireless networks, and so on).
Page 228 If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Check the settings for QoS. If it is disabled, you might consider activating it. If it is enabled, you might consider raising or lowering the priority for some applications. AMG1312-T Series User’s Guide...
Page 229: Appendix A Setting Up Your Computer's Ip Address
After the appropriate TCP/IP components are installed, configure the TCP/IP settings in order to "communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the AMG1312-T Series’s LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window.
Page 230 • If your IP address is dynamic, select Obtain an IP address automatically. • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. AMG1312-T Series User’s Guide...
Page 231 • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). Figure 133 Windows 95/98/Me: TCP/IP Properties: DNS Configuration Click the Gateway tab. AMG1312-T Series User’s Guide...
Page 232 Click OK to save and close the TCP/IP Properties window. Click OK to close the Network window. Insert the Windows CD if prompted. Turn on your AMG1312-T Series and restart your computer when prompted. Verifying Settings Click Start and then Run.
Page 233 Figure 135 Windows XP: Control Panel Right-click Local Area Connection and then click Properties. Figure 136 Windows XP: Control Panel: Network Connections: Properties Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. AMG1312-T Series User’s Guide...
Page 234 • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. • Click Advanced. Figure 138 Windows XP: Internet Protocol (TCP/IP) Properties AMG1312-T Series User’s Guide...
Page 235 • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. AMG1312-T Series User’s Guide...
Page 236 Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window. Close the Network Connections window (Network and Dial-up Connections in Windows 2000/NT). 11 Turn on your AMG1312-T Series and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt.
Page 237 In the Control Panel, double-click Network and Internet. Figure 142 Windows Vista: Control Panel Click Network and Sharing Center. Figure 143 Windows Vista: Network And Internet Click Manage network connections. Figure 144 Windows Vista: Network and Sharing Center AMG1312-T Series User’s Guide...
Page 238 Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 146 Windows Vista: Local Area Connection Properties The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General tab). • If you have a dynamic IP address click Obtain an IP address automatically. AMG1312-T Series User’s Guide...
Page 239 (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. AMG1312-T Series User’s Guide...
Page 240 • If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. AMG1312-T Series User’s Guide...
Page 241 10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window. 11 Click Close to close the Local Area Connection Properties window. Close the Network Connections window. 13 Turn on your AMG1312-T Series and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt.
Page 242 Figure 150 Macintosh OS 8/9: Apple Menu Select Ethernet built-in from the Connect via list. Figure 151 Macintosh OS 8/9: TCP/IP For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: AMG1312-T Series User’s Guide...
Page 243 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your AMG1312-T Series in the Router address box. Close the TCP/IP Control Panel. Click Save if prompted, to save changes to your configuration.
Page 244 • Type your IP address in the IP Address box. • Type your subnet mask in the Subnet mask box. • Type the IP address of your AMG1312-T Series in the Router address box. Click Apply Now and close the window.
Page 245 • If you have a static IP address, click Statically set IP Addresses and fill in the Address, Subnet mask, and Default Gateway Address fields. Click OK to save the changes and close the Ethernet Device General screen. AMG1312-T Series User’s Guide...
Page 246 (where eth0 is the name of the Ethernet card). Open the configuration file with any plain text editor. • If you have a dynamic IP address, enter in the BOOTPROTO= field. The following figure dhcp shows an example. AMG1312-T Series User’s Guide...
Page 247: Verifying Settings
Shutting down interface eth0: [OK] Shutting down loopback interface: [OK] Setting network parameters: [OK] Bringing up loopback interface: [OK] Bringing up interface eth0: [OK] Verifying Settings Enter ifconfig in a terminal screen to check your TCP/IP properties. AMG1312-T Series User’s Guide...
Page 248 Bcast:172.23.19.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:730412 (713.2 Kb) TX bytes:1570 (1.5 Kb) Interrupt:10 Base address:0x1000 [root@localhost]# AMG1312-T Series User’s Guide...
Page 249: Appendix B Ip Addresses And Subnetting
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. AMG1312-T Series User’s Guide...
Page 250 Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. AMG1312-T Series User’s Guide...
Page 251 The following table shows some possible subnet masks using both notations. Table 101 Alternative Subnet Mask Notation ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.128 1000 0000 255.255.255.192 1100 0000 AMG1312-T Series User’s Guide...
Page 252 The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub- networks, A and B. AMG1312-T Series User’s Guide...
Page 253 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address (Decimal) 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 00000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.1 192.168.1.0 Broadcast Address: Highest Host ID: 192.168.1.62 192.168.1.63 AMG1312-T Series User’s Guide...
Page 254 Similarly, use a 27-bit mask to create eight subnets (000, 001, 010, 011, 100, 101, 110 and 111). The following table shows IP address last octet values for each subnet. Table 106 Eight Subnets SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS AMG1312-T Series User’s Guide...
Page 255 192.168.255.0. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. You must also enable Network Address Translation (NAT) on the AMG1312-T Series. AMG1312-T Series User’s Guide...
Page 256 Appendix B IP Addresses and Subnetting Once you have decided on the network number, pick an IP address for your AMG1312-T Series that is easy to remember (for instance, 192.168.1.1) but make sure that no other device on your network is using that IP address.
Page 257: Appendix C Pop-Up Windows, Javascripts And Java Permissions
You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. In Internet Explorer, select Tools, Internet Options, Privacy. Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. AMG1312-T Series User’s Guide...
Page 258 Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab. Select Settings…to open the Pop-up Blocker Settings screen. AMG1312-T Series User’s Guide...
Page 259 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. Click Add to move the IP address to the list of Allowed sites. Figure 169 Pop-up Blocker Settings AMG1312-T Series User’s Guide...
Page 260 Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). Click OK to close the window. AMG1312-T Series User’s Guide...
Page 261 From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window. AMG1312-T Series User’s Guide...
Page 262 JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. Click OK to close the window. Figure 173 Java (Sun) AMG1312-T Series User’s Guide...
Page 263 You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 174 Mozilla Firefox: Tools > Options Click Content to show the screen below. Select the check boxes as shown in the following screen. Figure 175 Mozilla Firefox Content Security AMG1312-T Series User’s Guide...
Page 264: Appendix D Wireless Lans
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. AMG1312-T Series User’s Guide...
Page 265 An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. AMG1312-T Series User’s Guide...
Page 266 (AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. AMG1312-T Series User’s Guide...
Page 267 If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. AMG1312-T Series User’s Guide...
Page 268 Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. Wireless security methods available on the AMG1312-T Series are data encryption, wireless client authentication, restricting access by device MAC address and hiding the AMG1312-T Series identity.
Page 269 Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the AMG1312-T Series and on all wireless clients that you want to associate with it. IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features.
Page 270 For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. AMG1312-T Series User’s Guide...
Page 271 The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed. AMG1312-T Series User’s Guide...
Page 272 Cipher block chaining Message authentication code Protocol (CCMP). TKIP uses 128-bit keys that are dynamically generated and distributed by the authentication server. AES (Advanced Encryption Standard) is a block cipher that uses a 256-bit mathematical algorithm AMG1312-T Series User’s Guide...
Page 273 Windows XP, Funk Software's Odyssey client. The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero Configuration" wireless client. However, you must run Windows XP to use it. AMG1312-T Series User’s Guide...
Page 274 The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. AMG1312-T Series User’s Guide...
Page 275: Security Parameters Summary
The antenna also operates in reverse by capturing RF signals from the air. Positioning the antennas properly increases the range and coverage area of a wireless LAN. AMG1312-T Series User’s Guide...
Page 276 For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. AMG1312-T Series User’s Guide...
Page 277: Appendix E Ipv6
A link-local unicast address has a predefined prefix of fe80::/10. The link-local unicast address format is as follows. Table 113 Link-local Unicast Address Format 1111 1110 10 Interface ID 10 bits 54 bits 64 bits AMG1312-T Series User’s Guide...
Page 278 All DHCP severs on a local site. FF05:0:0:0:0:0:1:3 The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group. Table 115 Reserved Multicast Address MULTICAST ADDRESS FF00:0:0:0:0:0:0:0 FF01:0:0:0:0:0:0:0 FF02:0:0:0:0:0:0:0 FF03:0:0:0:0:0:0:0 FF04:0:0:0:0:0:0:0 FF05:0:0:0:0:0:0:0 FF06:0:0:0:0:0:0:0 FF07:0:0:0:0:0:0:0 AMG1312-T Series User’s Guide...
Page 279 When IPv6 is enabled on a device, its interface automatically generates a link-local address (beginning with fe80). When the interface is connected to a network with a router and the AMG1312-T Series is set to automatically obtain an IPv6 network prefix from the router for the interface, it generates another AMG1312-T Series User’s Guide...
Page 280 The DHCP relay agent can add the remote identification (remote-ID) option and the interface-ID option to the Relay-Forward DHCPv6 messages. The remote-ID option carries a user-defined string, In IPv6, all network interfaces can be associated with several addresses. AMG1312-T Series User’s Guide...
Page 281 Prefix delegation enables an IPv6 router to use the IPv6 prefix (network address) received from the ISP (or a connected uplink router) for its LAN. The AMG1312-T Series uses the received IPv6 prefix (for example, 2001:db2::/48) to generate its LAN IP address. Through sending Router Advertisements (RAs) regularly by multicast, the AMG1312-T Series passes the IPv6 prefix information to its LAN hosts.
Page 282 Appendix E IPv6 On the AMG1312-T Series, you can either set up a configured tunnel or an automatic 6to4 tunnel. The following describes each method. Configured Tunnel A configured tunnel is a point-to-point tunnelling mechanism that encapsulates an IPv6 address with an IPv4 address.
Page 283 Install Dibbler and select the DHCPv6 client option on your computer. After the installation is complete, select Start > All Programs > Dibbler-DHCPv6 > Client Install as service. Select Start > Control Panel > Administrative Tools > Services. Double click Dibbler - a DHCPv6 client. AMG1312-T Series User’s Guide...
Page 284 To enable IPv6 in Windows 7: Select Control Panel > Network and Sharing Center > Local Area Connection. Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. Click OK to save the change. AMG1312-T Series User’s Guide...
Page 285 IPv4 Address... : 172.16.100.61 Subnet Mask ... : 255.255.255.0 Default Gateway ..: fe80::213:49ff:feaa:7125%11 172.16.100.254 AMG1312-T Series User’s Guide...
Page 286: Appendix F Services
• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number. • If the Protocol is USER, this is the IP protocol number. • Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. AMG1312-T Series User’s Guide...
Page 287 This is another popular Internet chat program. MSN Messenger 1863 Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDP The Network Basic Input/Output System is used for communication between TCP/UDP computers in a LAN. TCP/UDP TCP/UDP AMG1312-T Series User’s Guide...
Page 288 Internet. SMTP enables you to move messages from one e-mail server to another. SMTPS This is a more secure version of SMTP that runs over SSL. SNMP TCP/UDP Simple Network Management Program. SNMP-TRAPS TCP/UDP Traps for use with the SNMP (RFC:1215). AMG1312-T Series User’s Guide...
Page 289 UNIX environments. It operates over TCP/ IP networks. Its primary function is to allow users to log into remote host systems. VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the application. user- defined AMG1312-T Series User’s Guide...
Page 290: Appendix G Legal Information
This publication is subject to change without notice. Trademarks ZyNOS (ZyXEL Network Operating System) is a registered trademark of ZyXEL Communications, Inc. Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners.
Page 291 Hierbij verklaart ZyXEL dat het toestel uitrusting in overeenstemming is met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EC. [Maltese] Hawnhekk, ZyXEL, jiddikjara li dan tagħmir jikkonforma mal-ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC. AMG1312-T Series User’s Guide...
Page 292 Postaux et des Télécommunications (IBPT). Visitez http://www.ibpt.be pour de plus amples détails. Denmark In Denmark, the band 5150 - 5350 MHz is also allowed for outdoor usage. I Danmark må frekvensbåndet 5150 - 5350 også anvendes udendørs. Italy AMG1312-T Series User’s Guide...
Page 293 Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. AMG1312-T Series User’s Guide...
Page 294: Index
Asynchronous Transfer Mode, see ATM viewing channel 75, 79 interference 74, 79 channel, wireless LAN 74, 79, 86 75, 79 client list status Command Line Interface, see CLI authentication 104, 105 RADIUS server compatibility, WDS automatic logout configuration backup AMG1312-T Series User’s Guide...
Page 295 116, 128, 217 address types documentation anti-probing related customized services 176, 178 Domain Name System, see DNS DDoS default action three-way handshake thresholds 170, 179, 180 thresholds 170, 179, 180 DSCP ICMP DSL connections, status LAND attack AMG1312-T Series User’s Guide...
Page 296 Internet Assigned Numbers Authority DHCP see IANA 116, 119, 128 116, 128 IBSS IGMP ICMP 170, 217 IP address 116, 117, 129 IEEE 802.11g IP alias configuration IGMP MAC address 69, 118, 130 multicast 118, 130 importing trusted CAs AMG1312-T Series User’s Guide...
Page 297 Pairwise Master Key (PMK) 273, 274 Multiple BSS, see MBSSID passwords multiplexing 71, 78, 83 LLC-based 74, 79, 85 VC-based Peak Cell Rate, see PCR PIN, WPS example Ping of Death port binding nailed-up connection 73, 84 activation AMG1312-T Series User’s Guide...
Page 298 RADIUS static route 133, 135 message types messages wizard shared secret key shaping traffic RADIUS server Simple Network Management Protocol, see SNMP registration SNMP product agents related documentation Manager remote management managers network components AMG1312-T Series User’s Guide...
Page 299 68, 71, 78 170, 179, 180 IGMP IP address 69, 72, 78, 84 time mode 71, 78 TR-069 75, 80 multicast trademarks 69, 74 multiplexing 71, 78, 83 traffic shaping nailed-up connection 73, 84 example triangle route solutions AMG1312-T Series User’s Guide...
Page 300 101, 104 limitations 97, 108, 110 MAC address filter 96, 105 activation MBSSID example preamble 101, 104 limitations RADIUS server scheduling example security push button 17, 108 SSID status activation 99, 108 compatibility example wizard AMG1312-T Series User’s Guide...

ZyXEL Communications AMG1312-T Series User Manual

Contents Overview

Table of Contents

User's Guide

PART I User's Guide

Chapter 1 Introduction

Chapter 2 Introducing the Web Configurator

Chapter 3 Internet / Wireless Setup Wizard

Chapter 4 Tutorials

Technical Reference

Part II: Technical Reference

Chapter 5 Connection Status and System Info Screens

Chapter 6 Broadband

Chapter 7 Wireless LAN

Chapter 8 Home Networking

Chapter 9 Static Route

Chapter 10 Quality of Service (Qos)

Chapter 11

Network Address Translation (NAT)

Chapter 12 Port Binding

Chapter 13 Dynamic DNS Setup

Chapter 14 Filters

Chapter 15 Firewall

Chapter 16 Parental Control

Chapter 17 Certificate

Chapter 18 Logs

Chapter 19 Traffic Status

Chapter 20 User Account

Chapter 21 Client

Chapter 22 System Settings

Chapter 23 Firmware Upgrade

Chapter 24 Backup/Restore

Chapter 25 Remote Management

Chapter 26 Diagnostic

Chapter 27 Troubleshooting

Appendix A Setting up Your Computer's IP Address

Appendix B IP Addresses and Subnetting

Appendix C Pop-Up Windows, Javascripts and Java Permissions

Appendix D Wireless Lans

Appendix E Ipv6

Appendix F Services

Appendix G Legal Information

Index

Quick Links

Related Manuals for ZyXEL Communications AMG1312-T Series

Summary of Contents for ZyXEL Communications AMG1312-T Series