Page 1 P-2612HW Series 802.11g Wireless ADSL VoIP IAD Default Login Details IP Address http://192.168.1.1 User Login User Name: user Password: user Administrator User Name: admin Login Password: 1234 Firmware Version 3.70 Edition 2, 5/2009 www.zyxel.com www.zyxel.com Copyright © 2009 ZyXEL Communications Corporation...
Page 3: About This User's Guide
If you cannot contact your vendor, then contact a ZyXEL office for the region in which you bought the device. See http://www.zyxel.com/ web/contact_us.php for contact information. Please have the following information ready when you contact an office. P-2612HW Series User’s Guide...
Page 4 About This User's Guide • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it. P-2612HW Series User’s Guide...
Page 5: Document Conventions
Syntax Conventions • The P-2612HW Series may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 6 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Computer Notebook computer Server DSLAM Firewall Telephone Switch Router P-2612HW Series User’s Guide...
Page 7: Safety Warnings
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. P-2612HW Series User’s Guide...
Page 8 Safety Warnings P-2612HW Series User’s Guide...
Page 9: Table Of Contents
Universal Plug-and-Play (UPnP) ..................... 369 Maintenance, Troubleshooting and Specifications ............383 System ............................. 385 Logs ............................391 Call History ..........................407 Tools ............................413 Diagnostic ..........................433 Troubleshooting ........................437 Product Specifications ......................445 Appendices and Index ......................457 P-2612HW Series User’s Guide...
Page 10 Contents Overview P-2612HW Series User’s Guide...
Page 11: Table Of Contents
2.2.2 Navigation Panel ......................34 2.2.3 Main Window ......................38 2.2.4 Status Bar ........................38 Chapter 3 Wizards ............................ 39 3.1 Overview ..........................39 3.2 Internet Access Wizard Setup ..................... 39 3.2.1 Manual Configuration ....................42 P-2612HW Series User’s Guide...
Page 12 Chapter 6 WAN Setup..........................99 6.1 Overview ..........................99 6.1.1 What You Can Do in the WAN Screens ..............99 6.1.2 What You Need to Know About WAN ..............100 6.1.3 Before You Begin ..................... 100 P-2612HW Series User’s Guide...
Page 13 Chapter 8 Wireless LAN......................... 137 8.1 Overview ..........................137 8.1.1 What You Can Do in the Wireless LAN Screens ............137 8.1.2 What You Need to Know About Wireless ..............138 8.1.3 Before You Start ....................... 140 P-2612HW Series User’s Guide...
Page 14 9.5.3 How NAT Works ....................... 180 9.5.4 NAT Application ......................182 9.5.5 NAT Mapping Types ....................182 Chapter 10 Voice............................185 10.1 Overview .......................... 185 10.1.1 What You Can Do in the VoIP Screens ..............185 P-2612HW Series User’s Guide...
Page 15 12.1.2 What You Need to Know About Firewall ..............230 12.1.3 Firewall Rule Setup Example ................. 230 12.2 The Firewall General Screen ................... 234 12.3 The Firewall Rule Screen ....................236 12.3.1 Configuring Firewall Rules ..................237 P-2612HW Series User’s Guide...
Page 16 14.9 IPSec VPN Technical Reference ..................277 14.9.1 IPSec Architecture ....................278 14.9.2 IPSec and NAT ....................... 278 14.9.3 VPN, NAT, and NAT Traversal ................279 14.9.4 Encapsulation ......................281 14.9.5 IKE Phases ......................282 14.9.6 Negotiation Mode ....................283 P-2612HW Series User’s Guide...
Page 17 17.1.2 What You Need to Know About 802.1Q/1P ............325 17.1.3 802.1Q/1P Example ....................327 17.2 The 802.1Q/1P Group Setting Screen ................332 17.2.1 Editing 802.1Q/1P Group Setting ................333 17.3 The 802.1Q/1P Port Setting Screen ................335 P-2612HW Series User’s Guide...
Page 18 21.1 Overview ......................... 369 21.1.1 What You Can Do in the UPnP Screen ..............369 21.1.2 What You Need to Know About UPnP ..............369 21.2 The UPnP Screen ......................371 21.3 Installing UPnP in Windows Example ................371 P-2612HW Series User’s Guide...
Page 19 25.1.2 What You Need To Know About Tools ..............413 25.1.3 Before You Begin ....................415 25.1.4 Tool Examples ......................415 25.2 Firmware Upgrade Screen .................... 420 25.3 The Configuration Screen ....................423 25.3.1 Reset to Factory Defaults ..................425 P-2612HW Series User’s Guide...
Page 20 27.6.2 Incoming Calls ......................443 Chapter 28 Product Specifications ......................445 Part IV: Appendices and Index ............457 Appendix A Setting Up Your Computer’s IP Address ............459 Appendix B Pop-up Windows, JavaScripts and Java Permissions ........485 P-2612HW Series User’s Guide...
Page 21 Table of Contents Appendix C IP Addresses and Subnetting ................495 Appendix D Wireless LANs ....................507 Appendix E Common Services..................... 531 Appendix F Legal Information ....................535 Index............................537 P-2612HW Series User’s Guide...
Page 22 Table of Contents P-2612HW Series User’s Guide...
Page 23: Introduction
Introduction Introducing the ZyXEL Device (25) Introducing the Web Configurator (31) Wizards (39) Tutorial (57)
Page 25: Introducing The Zyxel Device
Introducing the ZyXEL Device 1.1 Overview The P-2612HW Series is an Integrated Access Device (IAD) that combines an ADSL2+ router with Voice over IP (VoIP) communication capabilities to allow you to use a traditional analog telephone to make Internet calls. By integrating DSL and NAT, you are provided with ease of installation and high-speed, shared Internet access.
Page 26 Use QoS to efficiently manage traffic on your network by giving priority to certain types of traffic and/or to particular computers. For example, you could make sure that the ZyXEL Device gives voice over Internet calls high priority, and/or limit bandwidth devoted to the boss’s excessive file downloading. P-2612HW Series User’s Guide...
Page 27: Voip Features
User’s Guide. • SPTGEN. SPTGEN is a text configuration file that allows you to configure the device by uploading an SPTGEN file. This is especially convenient if you need to configure many devices of the same type. P-2612HW Series User’s Guide...
Page 28: Good Habits For Managing The Zyxel Device
The ZyXEL Device has an Ethernet connection with a device on the Local Area Network (LAN). Blinking The ZyXEL Device is sending/receiving data to /from the LAN. The ZyXEL Device does not have an Ethernet connection with the LAN. P-2612HW Series User’s Guide...
Page 29: The Reset Button
Refer to the Quick Start Guide for information on hardware connections. 1.5 The RESET Button If you forget your password or cannot access the web configurator, you will need to use the RESET button at the back of the device to reload the factory-default P-2612HW Series User’s Guide...
Page 30: The Wlan Button
• Press the WLAN button for five seconds to turn on WPS. See Section 8.9.5.1 on page 161 for more on using WPS to configure your wireless clients. P-2612HW Series User’s Guide...
Page 31: Introducing The Web Configurator
Note: This document uses the screenshots of P-2612HW-F1 for examples. 2.1.1 Accessing the Web Configurator Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). Launch your web browser. Type "192.168.1.1" as the URL. P-2612HW Series User’s Guide...
Page 32 If you have changed the password, enter your password and click Login. Figure 4 Password Screen Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. P-2612HW Series User’s Guide...
Page 33: Web Configurator Main Screen
• B - navigation panel • C - main window • D - status bar 2.2.1 Title Bar The title bar allows you to change the language and provides some icons in the upper right corner. P-2612HW Series User’s Guide...
Page 34: Navigation Panel
Setup) settings. Use this screen to configure your WDS (Wireless Distribution System) links between the ZyXEL Device and other wireless APs. Scheduling Use this screen to configure when the ZyXEL Device enables or disables the wireless LAN. P-2612HW Series User’s Guide...
Page 35 URL. Schedule Use this screen to set the days and times for your device to perform content filtering. Trusted Use this screen to exclude a range of users on the LAN from content filtering. P-2612HW Series User’s Guide...
Page 36 WAN. Class Setup Use this screen to define a classifier. Monitor Use this screen to view each queue’s statistics. Dynamic DNS This screen allows you to use a static hostname alias for a dynamic IP address. P-2612HW Series User’s Guide...
Page 37 Use this screen to backup and restore your device’s configuration (settings) or reset the factory default settings. Restart This screen allows you to reboot the ZyXEL Device without turning the power off. Diagnostic General Use this screen to test the connections to other devices. P-2612HW Series User’s Guide...
Page 38: Main Window
Right after you log in, the Status screen is displayed. See Chapter 5 on page 89 for more information about the Status screen. 2.2.4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated. P-2612HW Series User’s Guide...
Page 39: Wizards
WAN switch to the WAN side and the WAN mode is Ethernet WAN in the WAN screen. Click INTERNET/WIRELESS SETUP to configure the system for Internet access and wireless connection. Figure 6 Wizard Welcome Your ZyXEL device attempts to detect your DSL connection and your connection type. P-2612HW Series User’s Guide...
Page 40 The following screen displays if a PPPoE or PPPoA connection is detected. Enter your Internet account information (username, password and/or service name) exactly as provided by your ISP. Then click Next and see Section 3.3 on page 46 for wireless connection wizard setup. Figure 8 Auto-Detection: PPPoE P-2612HW Series User’s Guide...
Page 41 The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to Section 3.2.1 on page 42 on how to manually configure the ZyXEL Device for Internet access. Figure 9 Auto Detection: Failed P-2612HW Series User’s Guide...
Page 42: Manual Configuration
Internet access information in the wizard screen exactly as your service provider gave it to you. Leave the defaults in any fields for which you were not given information. Figure 10 Internet Access Wizard Setup: ISP Parameters P-2612HW Series User’s Guide...
Page 43 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 3.3 on page 46 for wireless connection wizard setup. P-2612HW Series User’s Guide...
Page 44 Enter the password associated with the user name above. Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. P-2612HW Series User’s Guide...
Page 45 Enter the IP addresses of the DNS servers. The DNS servers are passed to Server the DHCP clients along with the IP address and the subnet mask. Second DNS As above. Server Back Click Back to go back to the previous wizard screen. P-2612HW Series User’s Guide...
Page 46: Wireless Connection Wizard Setup
See the back panel for the ZyXEL Device’s unique wireless SSID (network name) and WPA-PSK encryption key. Unless you want to use other wireless settings, you can close the wizard after you configure the Internet connection. P-2612HW Series User’s Guide...
Page 47 Select the check box to turn on the wireless LAN. Back Click Back to display the previous screen. Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. P-2612HW Series User’s Guide...
Page 48 WEP encryption key (if WEP is enabled), WPA-PSK (if WPA-PSK is enabled) for wireless communication. This screen varies depending on the security mode you selected in the previous screen. Fill in the field (if available) and click Next. P-2612HW Series User’s Guide...
Page 49: Manually Assign A Wpa-Psk Key
You need to configure an authentication server to do this. Back Click Back to display the previous screen. Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. P-2612HW Series User’s Guide...
Page 50: Manually Assign A Wep Key
Click Back to display the previous screen. Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. Click Apply to save your wireless LAN settings. Figure 20 Wireless LAN Setup 3 P-2612HW Series User’s Guide...
Page 51: Voip Setup Wizard
VoIP service provider (the company that lets you make phone calls over the Internet) did not provide any information. See Chapter 10 on page 185 Chapter 11 on page 221 for more information. Note: You must have a SIP account before you can use this wizard. P-2612HW Series User’s Guide...
Page 52: Sip Settings
127 printable ASCII Extended set characters. Authentication User Name Enter the user name for registering this SIP account, exactly as it was given to you. You can use up to 95 printable ASCII characters. P-2612HW Series User’s Guide...
Page 53: Registration Complete
Click this to close this screen and return to the main screen. 3.4.2 Registration Complete This screen depends on whether or not the ZyXEL Device successfully registered your SIP account(s). Figure 23 VoIP Setup Wizard > Registration Complete (Success) P-2612HW Series User’s Guide...
Page 54 Figure 24 VoIP Setup Wizard > Registration Complete (Fail) The following table describes the labels in this screen. Table 13 VoIP Setup Wizard > Registration Complete (Fail) LABEL DESCRIPTION < Back Click this to go to the previous screen. P-2612HW Series User’s Guide...
Page 55 Click this if you want the ZyXEL Device to try to register your SIP account(s) again. Exit Click this to close this screen and return to the main screen. The ZyXEL Device saves the information you provided. P-2612HW Series User’s Guide...
Page 56 Chapter 3 Wizards P-2612HW Series User’s Guide...
Page 57: Tutorial
An access point (AP) or wireless router is referred to as the “AP” and a computer with a wireless network card or USB adapter is referred to as the “wireless client” here. The M-302 utility screens are used here as an example. The screens may vary slightly for different models. P-2612HW Series User’s Guide...
Page 58: Configuring The Ap
Make sure Active Wireless LAN is selected. Enter “SSID_Example3” as the SSID and select a channel which is not used by another AP. Set security mode to WPA-PSK and enter “ThisismyWPA-PSKpre-sharedkey” in the Pre-Shared Key field. Click Apply. P-2612HW Series User’s Guide...
Page 59 Figure 26 AP: Wireless LAN > AP > Advanced Setup Open the Status screen. Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status. Figure 27 AP: Status P-2612HW Series User’s Guide...
Page 60: Configuring The Wireless Client
IDentity (SSID) and WPA-PSK pre-shared key. In this example, the SSID is “SSID_Example3” and the pre-shared key is “ThisismyWPA-PSKpre-sharedkey”. After you install the ZyXEL utility and then insert the wireless client, follow the steps below to connect to a network using the Site Survey screen. P-2612HW Series User’s Guide...
Page 61 Use the Next button to move on to the next screen. You can use the Back button at any time to return to the previous screen, or the Exit button to return to the Site Survey screen. Figure 30 ZyXEL Utility: Security Settings P-2612HW Series User’s Guide...
Page 62 If you are able to access the web site, your wireless connection is successfully configured. If you cannot access the web site, try changing the encryption type in the Security Settings screen, check the Troubleshooting section of this User's Guide or contact your network administrator. P-2612HW Series User’s Guide...
Page 63: Creating And Using A Profile
Figure 34 ZyXEL Utility: Add New Profile Give the profile a descriptive name (of up to 32 printable ASCII characters). Select Infrastructure and either manually enter or select the AP's SSID in the Scan Info table and click Select. P-2612HW Series User’s Guide...
Page 64 This screen varies depending on the encryption method you selected in the previous screen. Enter the pre-shared key and leave the encryption type at the default setting. Figure 36 ZyXEL Utility: Profile Encryption In the next screen, leave both boxes selected. Figure 37 Profile: Wireless Protocol Settings. P-2612HW Series User’s Guide...
Page 65 11 If you cannot access the Internet go back to the Profile screen, select the profile you are using and click Edit. Check the details you entered previously. Also, refer to the Troubleshooting section of this User's Guide or contact your network administrator if necessary. P-2612HW Series User’s Guide...
Page 66: Using Nat With Multiple Public Ip Addresses
192.168.1.39 192.168.1.13 <---> 1.2.3.6 (1-1) Other outgoing LAN traffic ---> 1.2.3.4 (M-1) Incoming traffic <--- 1.2.3.4 (Server) Internet 1.2.3.4 192.168.1.39 1.2.3.5 192.168.1.1 1.2.3.6 1.2.3.7 Mail 192.168.1.12 192.168.1.13 To set up this network, we are going to: P-2612HW Series User’s Guide...
Page 67: Configuring The Wan Connection With A Static Ip Address
DNS Server 1.2.1.1 1.2.1.2 Follow the steps below to configure your ZyXEL Device for Internet access using PPPoE in this example. Figure 41 Tutorial Example: WAN Connection with a Static Public IP Address Internet 192.168.1.1 1.2.3.4 P-2612HW Series User’s Guide...
Page 68 IP address (“1.2.3.4” in this example). Configure the IP address of the DNS server the ZyXEL Device can query to resolve domain names. Select UserDefined and enter the first and second DNS server’s IP addresses given by your ISP. P-2612HW Series User’s Guide...
Page 69 Chapter 4 Tutorial Click Apply to save your changes. Figure 42 Tutorial Example: WAN Screen P-2612HW Series User’s Guide...
Page 70: Public Ip Address Mapping
(192.168.1.12) and mail server (192.168.1.13) to different static public IP addresses. The many-to-one rule maps a public IP address (1.2.3.4, that is, the ZyXEL Device’s WAN IP address) to outgoing LAN traffic. It allows other local P-2612HW Series User’s Guide...
Page 71 Click Network > NAT > General. Enable NAT and select Full Feature as you have multiple public IP addresses to map to private IP addresses. Click Apply. Figure 45 Tutorial Example: NAT > NAT Overview Click the Address Mapping tab. P-2612HW Series User’s Guide...
Page 72 Select the One-to-One type and enter 192.168.1.12 as the local start IP address and 1.2.3.5 as the global start IP address. Click Apply. Figure 47 Tutorial Example: NAT Address Mapping Edit: One-to-One (1) Click the second rule’s Edit icon ( P-2612HW Series User’s Guide...
Page 73 Select the Many-to-One type and enter 192.168.1.1 as the local start IP address, 192.168.1.254 as the local end IP address and 1.2.3.4 as the global start IP address. Click Apply. Figure 49 Tutorial Example: NAT Address Mapping Edit: Many-to-One P-2612HW Series User’s Guide...
Page 74: Forwarding Traffic From The Wan To A Local Computer
In this example, you want to forward FTP traffic using port 21 to the computer with the IP address of 192.168.1.39. Figure 51 Tutorial Example: Forwarding Incoming FTP Traffic to a Local Computer Mapping rules: Incoming traffic <--- 1.2.3.4 (Server) 192.168.1.39 Internet 1.2.3.4 192.168.1.39 1.2.3.5 1.2.3.6 1.2.3.7 Mail 192.168.1.12 192.168.1.13 P-2612HW Series User’s Guide...
Page 75: Allow Wan-To-Lan Traffic Through The Firewall
LAN, you need to configure a firewall rule to allow it. In this example, you create the firewall rules to allow traffic from the WAN to the following servers on the LAN: • Web server P-2612HW Series User’s Guide...
Page 76 192.168.1.39 Mail 192.168.1.12 192.168.1.13 Click Security > Firewall. Make sure the firewall is enabled and traffic from the WAN to the LAN is dropped. Figure 55 Tutorial Example: Firewall > General Go to the Rules screen. P-2612HW Series User’s Guide...
Page 77 Select Any in the Destination Address List box and click Delete. Select Single Address as the destination address type. Enter “192.168.1.12” and click Add >>. Figure 57 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Web Server P-2612HW Series User’s Guide...
Page 78 Select Any(All) in the Available Services box on the left, and click Add >> to add it to the Selected Services box on the right. Click Apply. Figure 58 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Web Server P-2612HW Series User’s Guide...
Page 79 Select Any in the Destination Address List box and click Delete. Select Single Address as the destination address type. Enter “192.168.1.13” and click Add. Figure 59 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for Mail Server P-2612HW Series User’s Guide...
Page 80 Select Any(All) in the Available Services box on the left, and click Add >> to add it to the Selected Services box on the right. Click Apply. Figure 60 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for Mail Server P-2612HW Series User’s Guide...
Page 81 Select Any in the Destination Address List box and click Delete. Select Single Address as the destination address type. Enter “192.168.1.39” and click Add. Figure 61 Tutorial Example: Firewall Rule: WAN to LAN Address Edit for FTP Server P-2612HW Series User’s Guide...
Page 82 >> to add it to the Selected Services box on the right. Click Apply. Figure 62 Tutorial Example: Firewall Rule: WAN to LAN Service Edit for FTP Server 11 When you are done, the Rules screen looks as shown. Figure 63 Tutorial Example: Firewall Rules Done P-2612HW Series User’s Guide...
Page 83: Testing The Connections
(192.168.1.12) and web server (192.168.1.13) respectively. The first and second public IP addresses are mapped to other outgoing LAN traffic. See Section 4.3.3 on page 70 for more information about IP address mapping. P-2612HW Series User’s Guide...
Page 84: How To Make A Voip Call
To use a registered SIP account, you should have applied for a SIP account with the VoIP service provider. 4.5.1.1 SIP Account Registration Follow the steps below to register and activate your SIP account. Make sure your ZyXEL Device is connected to the Internet. Open the web configurator. P-2612HW Series User’s Guide...
Page 85 (connected to the first phone port) use the registered SIP1 account to make outgoing calls. Select the SIP1 check box in the Incoming Call apply to section to have the phone (connected to the first phone port) receive phone calls for the SIP1 account. P-2612HW Series User’s Guide...
Page 86 Make sure you connect a telephone to the first phone port on the ZyXEL Device. Make sure the ZyXEL Device is on and connected to the Internet. Pick up the phone receiver. Dial the VoIP phone number you want to call. P-2612HW Series User’s Guide...
Page 87: Advanced
Advanced Status Screens (89) WAN Setup (99) LAN Setup (121) Wireless LAN (137) Network Address Translation (NAT) (169) Voice (185) Phone Usage (221) Firewall (229) Content Filtering (251) VPN (257) Certificates (291) Static Route (321) 802.1Q/1P (325) Quality of Service (QoS) (337) Dynamic DNS Setup (353) Remote Management Configuration (357) Universal Plug-and-Play (UPnP) (369)
Page 89: Status Screens
Any IP and DHCP and statistics from VoIP, and traffic. 5.1 Status Screen Click Status to open this screen. The screen varies slightly depending on the WAN mode you set using the DSL/WAN switch. Figure 67 Status Screen (ADSL WAN mode) P-2612HW Series User’s Guide...
Page 90 Version to the screen where you can change it. This field is not available when the WAN mode is Ethernet WAN. Firmware Version This field displays the current version of the device’s DSL modem code. Information P-2612HW Series User’s Guide...
Page 91 Click this to go to the screen where you can change it. Content This displays whether or not the ZyXEL Device’s content filtering is Filter activated. Click this to go to the screen where you can change it. System Status P-2612HW Series User’s Guide...
Page 92 For the WLAN interface, it displays the maximum transmission rate when WLAN is enabled or N/A when WLAN is disabled. Summary Client List Click this link to view current DHCP client information. See Section 7.3 on page 126. P-2612HW Series User’s Guide...
Page 93 SIP account when you turn on the ZyXEL Device or when you activate it. This field displays the account number and service domain of the SIP account. You can change these in VoIP > SIP > SIP Settings. P-2612HW Series User’s Guide...
Page 94: Any Ip Table
Click this to update this screen. 5.3 WLAN Status Click Status > WLAN Status to access this screen. Use this screen to view the wireless stations that are currently associated to the ZyXEL Device. Figure 70 WLAN Status P-2612HW Series User’s Guide...
Page 95: Packet Statistics
Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. The screen varies slightly depending on the WAN mode you set using the DSL/WAN switch. Figure 71 Packet Statistics P-2612HW Series User’s Guide...
Page 96 Type the time interval for the browser to refresh system statistics. Set Interval Click this to apply the new poll interval you entered in the Poll Interval field above. Stop Click this button to halt the refreshing of the system statistics. P-2612HW Series User’s Guide...
Page 97: Voip Statistics
This field indicates whether or not there are any messages waiting for Waiting the SIP account. Last Incoming This field displays the last number that called the SIP account. It Number displays N/A if no number has ever dialed the SIP account. P-2612HW Series User’s Guide...
Page 98 Set Interval. Set Interval Click this to make the ZyXEL Device update the screen based on the amount of time you specified in Poll Interval. Stop Click this to make the ZyXEL Device stop updating the screen. P-2612HW Series User’s Guide...
Page 99: Wan Setup
Internet access connections. • Use the WAN Backup Setup screen (Section 6.4 on page 112) to set up a backup gateway that helps forward traffic to its destination when the default WAN connection is down. P-2612HW Series User’s Guide...
Page 100: What You Need To Know About Wan
WAN. • See Chapter 4 on page 57 for WAN tutorials. 6.1.3 Before You Begin You need to know your Internet access settings such as encapsulation and WAN IP address. Get this information from your ISP. P-2612HW Series User’s Guide...
Page 101: The Internet Access Setup Screen
Use this screen to change your ZyXEL Device’s WAN settings. Click Network > WAN > Internet Access Setup. The screen differs by the WAN mode and encapsulation you select. Figure 74 Network > WAN > Internet Access Setup (PPPoE) P-2612HW Series User’s Guide...
Page 102 The valid range for the VPI is 0 to 255. Enter the VPI assigned to you. The valid range for the VCI is 32 to 65535 (0 to 31 is reserved for local management of ATM traffic). Enter the VCI assigned to you. IP Address P-2612HW Series User’s Guide...
Page 103 Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click this button to display the Advanced WAN Setup screen and edit more details of your WAN setup. P-2612HW Series User’s Guide...
Page 104: Advanced Internet Access Setup
(packets sent to every computer). IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it. P-2612HW Series User’s Guide...
Page 105: The More Connections Screen
To configure additional Internet access connections click Network > WAN > More Connections. The screen differs by the encapsulation you select. When you use the WAN > Internet Access Setup screen to set up Internet P-2612HW Series User’s Guide...
Page 106 Internet access setup. Click the Remove icon to delete the Internet access setup from your connection list. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW Series User’s Guide...
Page 107: More Connections Edit
Table 22 Network > WAN > More Connections: Edit LABEL DESCRIPTION Active Select the check box to activate or clear the check box to deactivate this connection. Name Enter a unique, descriptive name of up to 13 ASCII characters for this connection. P-2612HW Series User’s Guide...
Page 108 If you use RFC 1483, enter the IP address given by your ISP in the IP Address field. Subnet Mask Enter a subnet mask in dotted decimal notation. Gateway IP address Specify a gateway IP address (supplied by your ISP). P-2612HW Series User’s Guide...
Page 109 Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click this button to display the More Connections Advanced Setup screen and edit more details of your WAN setup. P-2612HW Series User’s Guide...
Page 110: Configuring More Connections Advanced Setup
Select VBR-RT (real-time Variable Bit Rate) type for applications with bursty connections that require closely controlled delay and delay variation. Select VBR-nRT (non real-time Variable Bit Rate) type for connections that do not require closely controlled delay and delay variation. P-2612HW Series User’s Guide...
Page 111 For PPPoE, the MTU value is 1492. For PPPoA and RFC 1483, the MTU is 65535. Back Click Back to return to the previous screen. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW Series User’s Guide...
Page 112: The Wan Backup Setup Screen
Type the number of times (2 recommended) that your ZyXEL Device may ping the IP addresses configured in the Check WAN IP Address field without getting a response before switching to a WAN backup connection (or a different WAN backup connection). P-2612HW Series User’s Guide...
Page 113: Wan Technical Reference
6.5 WAN Technical Reference This section provides some technical background information about the topics covered in this chapter. 6.5.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods. P-2612HW Series User’s Guide...
Page 114: Enet Encap
6.5.1.4 RFC 1483 RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5 (AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit (LLC-based multiplexing) and the second P-2612HW Series User’s Guide...
Page 115: Multiplexing
If you have a dynamic IP, then the IP Address and Gateway IP Address fields are not applicable (N/A). If you have a static IP, then you only need to fill in the IP Address field and not the Gateway IP Address field. P-2612HW Series User’s Guide...
Page 116: Nailed-Up Connection (Ppp)
"1" and the traffic-redirect route has a metric of "2", then the normal route acts as the primary default route. If the normal route fails to connect to the Internet, the ZyXEL Device tries the traffic- redirect route next. P-2612HW Series User’s Guide...
Page 117: Traffic Shaping
The following figure illustrates the relationship between PCR, SCR and MBS. Figure 80 Example of Traffic Shaping 6.5.8.1 ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. P-2612HW Series User’s Guide...
Page 118 The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers. However, UBR doesn't guarantee any bandwidth and only delivers traffic when the network has spare bandwidth. An example application is background file transfer. P-2612HW Series User’s Guide...
Page 119: Traffic Redirect
(Subnet 2). Configure filters that allow packets from the protected LAN (Subnet 1) to the backup gateway (Subnet 2). Figure 82 Traffic Redirect LAN Setup Subnet 1 192.168.1.0 - 192.168.1.24 Internet Backup Gateway Subnet 2 192.168.2.0 - 192.168.2.24 P-2612HW Series User’s Guide...
Page 120 Chapter 6 WAN Setup P-2612HW Series User’s Guide...
Page 121: Lan Setup
126) to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. • Use the IP Alias screen (Section 7.4 on page 128) to change your ZyXEL Device’s IP alias settings. P-2612HW Series User’s Guide...
Page 122: What You Need To Know About Lan
DHCP Client List screen. 7.2 The LAN IP Screen Click Network > LAN to open the IP screen. See Section 7.1 on page 121 background information. Use this screen to set the Local Area Network IP address P-2612HW Series User’s Guide...
Page 123 DHCP requests and responses between the remote server and the clients. Enter the IP address of the actual, remote DHCP server in the Remote DHCP Server field in this case. When DHCP is used, the following items need to be set: P-2612HW Series User’s Guide...
Page 124: The Advanced Lan Setup Screen
Click this button to display the Advanced LAN Setup screen and edit more details of your LAN setup. 7.2.1 The Advanced LAN Setup Screen RIP (Routing Information Protocol) allows a router to exchange routing information with other routers. P-2612HW Series User’s Guide...
Page 125: Configuring The Advanced Lan Setup Screen
Select the RIP version from RIP-1, RIP-2B and RIP-2M. Multicast IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a multicast group. The ZyXEL Device supports both IGMP version 1 (IGMP-v1) and IGMP-v2. Select None to disable it. P-2612HW Series User’s Guide...
Page 126: The Lan Client List Screen
Use this table to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. P-2612HW Series User’s Guide...
Page 127 Click the modify icon to have the IP address field editable and change Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Refresh Click Refresh to reload the DHCP table. P-2612HW Series User’s Guide...
Page 128: The Lan Ip Alias Screen
Note: Make sure that the subnets of the logical networks do not overlap. Click Network > LAN > IP Alias to open the following screen. Use this screen to change your ZyXEL Device’s IP alias settings. Figure 87 Network > LAN > IP Alias P-2612HW Series User’s Guide...
Page 129: Lan Technical Reference
Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 7.5 LAN Technical Reference This section provides some technical background information about the topics covered in this chapter. P-2612HW Series User’s Guide...
Page 130: Lans, Wans And The Zyxel Device
DHCP are passed to the client machines along with the assigned IP address and subnet mask. There are two ways that an ISP disseminates the DNS server addresses. P-2612HW Series User’s Guide...
Page 131: Tcp/Ip
Let's say you select 192.168.1.0 as the network number; which covers 254 individual addresses, from 192.168.1.1 to 192.168.1.254 (zero and 255 are reserved). In other words, the first three numbers specify the network number while the last number identifies an individual computer on that network. P-2612HW Series User’s Guide...
Page 132: Rip Setup
• In Only - the ZyXEL Device will not send any RIP packets but will accept all RIP packets received. • Out Only - the ZyXEL Device will send out RIP packets but will not accept any RIP packets received. P-2612HW Series User’s Guide...
Page 133: Multicast
ZyXEL Device to be in the same subnet to allow the computer to access the Internet (through the ZyXEL Device). In cases where your computer is required to use a static IP address in another network, you may need to manually P-2612HW Series User’s Guide...
Page 134 Control or MAC address, on the local area network. IP routing table is defined on IP Ethernet devices (the ZyXEL Device) to decide which hop to use, to help forward data along to its specified destination. P-2612HW Series User’s Guide...
Page 135 IP routing table so it can properly forward packets intended for the computer. After all the routing information is updated, the computer can access the ZyXEL Device and the Internet as if it is in the same subnet as the ZyXEL Device. P-2612HW Series User’s Guide...
Page 136 Chapter 7 LAN Setup P-2612HW Series User’s Guide...
Page 137: Wireless Lan
Figure 90 Example of a Wireless Network Ethernet 8.1.1 What You Can Do in the Wireless LAN Screens This chapter describes the ZyXEL Device’s Network > Wireless LAN screens. Use these screens to set up your ZyXEL Device’s wireless connection. P-2612HW Series User’s Guide...
Page 138: What You Need To Know About Wireless
Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information. Wireless Network Construction Wireless networks consist of wireless clients, access points and bridges. • A wireless client is a radio connected to a user’s computer. P-2612HW Series User’s Guide...
Page 139 MAC Address Filter Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address consists of twelve hexadecimal characters (0-9, and A to F), and it is usually written in the following format: “0A:A0:00:BB:CC:DD”. P-2612HW Series User’s Guide...
Page 140: Before You Start
LAN and you change the ZyXEL Device’s SSID or security settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the ZyXEL Device’s new settings. P-2612HW Series User’s Guide...
Page 141 Security See the following sections for more details about this field. Mode Static WEP, WPA and WPA2 are available only when WPS is disabled. Apply Click Apply to save your changes back to the ZyXEL Device. P-2612HW Series User’s Guide...
Page 142: No Security
Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 92 Network > Wireless LAN > AP: No Security P-2612HW Series User’s Guide...
Page 143: Wep Encryption
WEP key for data transmission. If you want to manually set the WEP key, enter any 5 or 13 characters (ASCII string) or 10 or 26 hexadecimal characters ("0-9", "A-F") for a 64- bit or 128-bit WEP key respectively. P-2612HW Series User’s Guide...
Page 144: Wpa(2)-Psk
The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific credentials. Type a pre-shared key from 8 to 63 case-sensitive ASCII characters (including spaces and symbols). P-2612HW Series User’s Guide...
Page 145 WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA(2)-PSK mode. The ZyXEL Device default is 1800 seconds (30 minutes). P-2612HW Series User’s Guide...
Page 146: Wpa(2) Authentication Screen
LABEL DESCRIPTION Security Mode Choose WPA or WPA2 from the drop-down list box. WPA Compatible This field is only available for WPA2. Select this if you want the ZyXEL Device to support WPA and WPA2 simultaneously. P-2612HW Series User’s Guide...
Page 147 Shared Secret Enter a password (up to 31 alphanumeric characters) as the key to be shared between the external accounting server and the ZyXEL Device. The key must be the same on the external accounting server and your ZyXEL Device. The key is not sent over the network. P-2612HW Series User’s Guide...
Page 148: Wireless Lan Advanced Setup
ZyXEL Device might be reduced. Back Click this to return to the previous screen without saving changes. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-2612HW Series User’s Guide...
Page 149: More Ap Screen
Click the Edit icon to configure the SSID profile. Click the Remove icon to delete the SSID profile. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-2612HW Series User’s Guide...
Page 150: More Ap Edit
Back Click this to return to the previous screen without saving changes. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-2612HW Series User’s Guide...
Page 151: Mac Filter
ZyXEL Device Select Allow to permit access to the ZyXEL Device, MAC addresses not listed will be denied access to the ZyXEL Device. This is the index number of the MAC address. P-2612HW Series User’s Guide...
Page 152: Wps
This shows the PIN (Personal Identification Number) of the ZyXEL Device. Enter this PIN in the configuration utility of the device you want to connect to using WPS. The PIN is not necessary when you use WPS push-button method. P-2612HW Series User’s Guide...
Page 153: Wps Station
Use this screen to set up a WPS wireless network using either Push Button Configuration (PBC) or PIN Configuration. Click Network > Wireless LAN >WPS Station. The following screen displays. Figure 101 Network > Wireless LAN > WPS Station P-2612HW Series User’s Guide...
Page 154: Wds Screen
Note: WDS security is independent of the security settings between the ZyXEL Device and any wireless clients. At the time of writing, WDS is compatible with some ZyXEL Devices only. Not all models support WDS links. Check your other ZyXEL Device’s documentation. P-2612HW Series User’s Guide...
Page 155 Enter a Pre-Shared Key (PSK) from 8 to 63 case-sensitive ASCII characters (including spaces and symbols). Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-2612HW Series User’s Guide...
Page 156: Scheduling Screen
For example, if you decide to turn off the wireless LAN everyday, but you set an exception from 12:00 to 1:30. Then the wireless LAN is only available from 12:00 to 1:30 everyday. Apply Click this to save your changes. Reset Click this to restore your previously saved settings. P-2612HW Series User’s Guide...
Page 157: Wireless Lan Technical Reference
Normally, the ZyXEL Device acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the ZyXEL Device does not broadcast the SSID. In addition, you should change the default SSID to something that is difficult to guess. P-2612HW Series User’s Guide...
Page 158: Mac Address Filter
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. P-2612HW Series User’s Guide...
Page 159 ZyXEL Device. Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. P-2612HW Series User’s Guide...
Page 160: Mbssid
Internet connection, but can establish a WDS link with access point AP 2, which does. When AP 1 has a WDS link with AP 2, the notebook computer can access the Internet through AP 2. Figure 104 WDS Link Example Internet AP 1 AP 2 P-2612HW Series User’s Guide...
Page 161: Wifi Protected Setup
(SSID) and security key through an secure connection to the enrollee. If you need to make sure that WPS worked, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. P-2612HW Series User’s Guide...
Page 162: Pin Configuration
On a computer connected to the wireless client, try to connect to the Internet. If you can connect, WPS was successful. If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. P-2612HW Series User’s Guide...
Page 163: How Wps Works
PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2-PSK is used depends on the standards supported by the devices. If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly. P-2612HW Series User’s Guide...
Page 164 It will be the registrar in all subsequent WPS connections in which it is involved. If you want a configured AP to act as an enrollee, you must reset it to its factory defaults. P-2612HW Series User’s Guide...
Page 165 CLIENT 1 ENROLLEE CLIENT 2 In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access P-2612HW Series User’s Guide...
Page 166: Limitations Of Wps
(if the device supports this feature). Then, you can enter the key into the non-WPS device and join the network as normal (the non-WPS device must also support WPA-PSK or WPA2-PSK). P-2612HW Series User’s Guide...
Page 167 Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. P-2612HW Series User’s Guide...
Page 168 Chapter 8 Wireless LAN P-2612HW Series User’s Guide...
Page 169: Network Address Translation (Nat)
IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side. P-2612HW Series User’s Guide...
Page 170: Nat General Setup
NAT. 9.2 NAT General Setup Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyXEL Device. P-2612HW Series User’s Guide...
Page 171 NAT sessions. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-2612HW Series User’s Guide...
Page 172: Port Forwarding
Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP P-2612HW Series User’s Guide...
Page 173: Configuring The Port Forwarding Screen
9.3.1 Configuring the Port Forwarding Screen Click Network > NAT > Port Forwarding to open the following screen. Appendix E on page 531 for port numbers commonly used for particular services. Figure 112 Network > NAT > Port Forwarding P-2612HW Series User’s Guide...
Page 174 Click the delete icon to delete an existing port forwarding rule. Note that subsequent address mapping rules move up by one when you take this action. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to return to the previous configuration. P-2612HW Series User’s Guide...
Page 175: Port Forwarding Rule Edit
Enter the inside IP address of the server here. Address Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW Series User’s Guide...
Page 176: Address Mapping
One-to-one and Server mapping types. Global Start This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. You can only do this for Many-to-One and Server mapping types. P-2612HW Series User’s Guide...
Page 177: Address Mapping Rule Edit
9.4.1 Address Mapping Rule Edit To edit an address mapping rule, click the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 115 Network > NAT > Address Mapping > Edit P-2612HW Series User’s Guide...
Page 178: Sip Alg
ZyXEL Device registers with the SIP register server, the SIP ALG translates the ZyXEL Device’s private IP address inside the SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your ZyXEL Device is behind a SIP ALG. P-2612HW Series User’s Guide...
Page 179: Nat Technical Reference
IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside P-2612HW Series User’s Guide...
Page 180: What Nat Does
IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses P-2612HW Series User’s Guide...
Page 181 NAT Table Inside Local Inside Global IP Address IP Address 192.168.1.10 IGA 1 192.168.1.13 192.168.1.11 IGA 2 192.168.1.12 IGA 3 192.168.1.13 IGA 4 192.168.1.12 192.168.1.10 IGA1 Internet Inside Local Inside Global Address (ILA) Address (IGA) 192.168.1.11 192.168.1.10 P-2612HW Series User’s Guide...
Page 182: Nat Application
• Many to One: In Many-to-One mode, the ZyXEL Device maps multiple local IP addresses to one global IP address. This is equivalent to SUA (for instance, PAT, port address translation), ZyXEL’s Single User Account feature that previous ZyXEL routers supported (the SUA Only option in today’s routers). P-2612HW Series User’s Guide...
Page 183 IGA1 … Many-to-Many Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … Many-to-Many No Overload ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 P-2612HW Series User’s Guide...
Page 184 Chapter 9 Network Address Translation (NAT) P-2612HW Series User’s Guide...
Page 185: Voice
(Section 10.9 on page 199) to change settings that depend on the country you are in. • Use the Speed Dial screen (Section 10.10 on page 200) to set up shortcuts for dialing frequently-used (VoIP) phone numbers. P-2612HW Series User’s Guide...
Page 186: What You Need To Know About Voip
How to Find Out More Chapter 4 on page 57 for a tutorial showing how to set up these screens in an example scenario. P-2612HW Series User’s Guide...
Page 187: Before You Begin
ZyXEL Device knows to which phone port it should forward an incoming VoIP call. You must use speed dial to make peer-to-peer VoIP calls. Section 10.5 on page 194 for how to map a SIP account to a phone port. P-2612HW Series User’s Guide...
Page 188 It does not matter whether the SIP server is a proxy, redirect or register server. SIP Server Port Enter the SIP server’s listening port number, if your VoIP service provider gave you one. Otherwise, keep the default value. P-2612HW Series User’s Guide...
Page 189 Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. Advanced Setup Click this to edit the advanced settings for this SIP account. The Advanced SIP Setup screen appears. P-2612HW Series User’s Guide...
Page 190: The Advanced Sip Setup Screen
Click VoIP > SIP > SIP Settings to open the SIP Settings screen. Select a SIP account and click Advanced Setup to open the Advanced SIP Setup screen. Use this screen to maintain advanced settings for each SIP account. Figure 120 VoIP > SIP Settings > Advanced P-2612HW Series User’s Guide...
Page 191 G.726 operates at 16, 24, 32 or 40 kbps. By contrast, G.729 only requires 8 kbps. The ZyXEL Device must use the same codec as the peer. When two SIP devices start a SIP session, they must agree on a codec. P-2612HW Series User’s Guide...
Page 192 Select which call forwarding table you want the ZyXEL Device to use for Table incoming calls. You set up these tables in VoIP > Phone Book > Incoming Call Policy. Back Click this to return to the SIP Settings screen without saving your changes. P-2612HW Series User’s Guide...
Page 193: The Sip Qos Screen
VLAN tags. Otherwise, clear this field. Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. P-2612HW Series User’s Guide...
Page 194: The Analog Phone Screen
Use this screen to configure the volume, echo cancellation and VAD (Voice Activity Detection) settings for each individual phone port on the ZyXEL Device. You can also select which SIP account to use for making outgoing calls. P-2612HW Series User’s Guide...
Page 195: Configuring The Advanced Analog Phone Screen
10.6.1 Configuring the Advanced Analog Phone Screen To access this screen, click Advanced Setup in VoIP > Phone > Analog Phone. Figure 123 VoIP > Phone > Analog Phone > Advanced P-2612HW Series User’s Guide...
Page 196 ZyXEL Device to automatically dial in this field. Back Click this to return to the Analog Phone screen without saving your changes. Apply Click this to save your changes. Cancel Click this to set every field in this screen to its last-saved value. P-2612HW Series User’s Guide...
Page 197: The Phone Settings Ext. Table Screen
ZyXEL Device. Phone Use these fields to assign extension numbers to the phones connected to the ZyXEL Device. This is an index number of the phone to be assigned an extension number. P-2612HW Series User’s Guide...
Page 198: The Common Phone Settings Screen
Click this to set every field in this screen to its last-saved value. 10.8 The Common Phone Settings Screen Use this screen to activate and deactivate immediate dialing. To access this screen, click VoIP > Phone > Common. Figure 125 VoIP > Phone > Common P-2612HW Series User’s Guide...
Page 199: The Phone Region Screen
Use this screen to maintain settings that depend on which region of the world the ZyXEL Device is in. To access this screen, click VoIP > Phone > Region. Figure 126 VoIP > Phone > Region P-2612HW Series User’s Guide...
Page 200: The Speed Dial Screen
In peer-to-peer calls, you call another VoIP device directly without going through a VoIP service provider’s SIP server. Select Non-Proxy (Use IP or URL) in the Type column and enter the callee’s IP address or domain name. The ZyXEL Device P-2612HW Series User’s Guide...
Page 201 Click this to use the information in the Speed Dial section to update the Speed Dial Phone Book section. Speed Dial Use this section to look at all the speed-dial entries and to erase them. Phone Book P-2612HW Series User’s Guide...
Page 202 Speed Dial section, where you can change it. Click the Remove icon to erase this speed-dial entry. Clear Click this to erase all the speed-dial entries. Cancel Click this to set every field in this screen to its last-saved value. P-2612HW Series User’s Guide...
Page 203: Incoming Call Policy Screen
Select this if you want the ZyXEL Device to forward all incoming calls to Forward to the specified phone number, regardless of other rules in the Forward Number to Number Setup section. Specify the phone number in the field on the right. P-2612HW Series User’s Guide...
Page 204 Forward to Number section. Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. P-2612HW Series User’s Guide...
Page 205: Sip Prefix Screen
This field displays the SIP service domain name you entered when configuring this SIP account. Click this to use the information in the SIP Selection by Prefix section to update the SIP Prefix Phone Book section. P-2612HW Series User’s Guide...
Page 206: Sip Technical Reference
Internet. SIP signaling is separate from the media for which it handles sessions. The media that is exchanged during the session can use a different path from that of the P-2612HW Series User’s Guide...
Page 207 A SIP registration has a limited lifespan. The User Agent Client must renew its registration within this lifespan. If it does not do so, the registration data will be deleted from the SIP registrar's database and the connection broken. P-2612HW Series User’s Guide...
Page 208 In the following example, you want to use client device A to call someone who is using client device C. The client device (A in the figure) sends a call invitation to the SIP proxy server (B). P-2612HW Series User’s Guide...
Page 209 C. Client device A sends a call invitation for C to the SIP redirect server (B). The SIP redirect server sends the invitation back to A with C’s IP address (or domain name). P-2612HW Series User’s Guide...
Page 210 SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call. A calls B. Table 64 SIP Call Progression 1. INVITE 2. Ringing P-2612HW Series User’s Guide...
Page 211 The response to the request goes to all the proxy servers through which the request passed, in reverse sequence. Once the session is set up, session traffic is sent between the UAs directly, bypassing all the proxy servers in between. P-2612HW Series User’s Guide...
Page 212 User Agent 1 sends a SIP INVITE request to Proxy 1. This message is an invitation to User Agent 2 to participate in a SIP telephone call. Proxy 1 sends a response indicating that it is trying to complete the request. P-2612HW Series User’s Guide...
Page 213 Dual-Tone MultiFrequency (DTMF) signaling uses pairs of frequencies (one lower frequency and one higher frequency) to set up calls. It is also known as Touch Tone®. Each of the keys on a DTMF telephone corresponds to a different pair of frequencies. P-2612HW Series User’s Guide...
Page 214 You can continue to add, listen to, or delete tones, or you can hang up the receiver when you are done. Listening to Custom Tones Do the following to listen to a custom tone: The ZyXEL Device does not support pulse dialing at the time of writing. P-2612HW Series User’s Guide...
Page 215: Quality Of Service (Qos)
In addition, applications do not have to request a particular service or give advanced notice of where the traffic is going. The ZyXEL Device does not support DiffServ at the time of writing. P-2612HW Series User’s Guide...
Page 216: Phone Services Overview
VoIP service provider. The ZyXEL Device supports the following services: • Call Hold • Call Waiting • Making a Second Call • Call Transfer • Call Forwarding (see Section 10.11 on page 203) P-2612HW Series User’s Guide...
Page 217 1. Switch back and forth between two calls. 2. Put a current call on hold to answer an incoming call. 3. Separate the current three-way conference call into two individual calls (one is on-line, the other is on hold). P-2612HW Series User’s Guide...
Page 218 Do the following to transfer an incoming call (that you have answered) to another phone. Press the flash key to put the caller on hold. When you hear the dial tone, dial “*98#” followed by the number to which you want to transfer the call. to operate the Intercom. P-2612HW Series User’s Guide...
Page 219 If you have another call, press the flash key to switch back and forth between caller A and B by putting either one on hold. If you hang up the phone but a caller is still on hold, there will be a remind ring. P-2612HW Series User’s Guide...
Page 220 If you want to go back to the three-way conversation, press the flash key again. If you want to separate the activated three-way conference into two individual connections again, press the flash key. This time the party B is on-line and party A is on hold. P-2612HW Series User’s Guide...
Page 221: Phone Usage
11.4 Using Call Park and Pickup Do the following to put a call on hold on one phone and continue it on another (connected to the ZyXEL Device). This feature may not be supported by all service providers. P-2612HW Series User’s Guide...
Page 222: Checking The Zyxel Device's Ip Address
(if your service provider activates this feature). If newer firmware is available, the ZyXEL Device plays a recording when you pick up your phone’s handset. • Press “*99#” to upgrade the ZyXEL Device’s firmware. • Press “#99#” to not upgrade the ZyXEL Device’s firmware. P-2612HW Series User’s Guide...
Page 223: Phone Services Overview
You can invoke all the supplementary services by using the flash key. 11.7.2 Europe Type Supplementary Phone Services This section describes how to use supplementary phone services with the Europe Type Call Service Mode. Commands for supplementary services are listed in the table below. P-2612HW Series User’s Guide...
Page 224 If there is a second call to a telephone number, you will hear a call waiting tone. Take one of the following actions. • Reject the second call. Press the flash key and then press “0”. P-2612HW Series User’s Guide...
Page 225: Usa Type Supplementary Services
(one is on-line, the other is on hold), press the flash key and press “2”. 11.7.3 USA Type Supplementary Services This section describes how to use supplementary phone services with the USA Type Call Service Mode. Commands for supplementary services are listed in the table below. P-2612HW Series User’s Guide...
Page 226 Intercom. After you hear the ring signal or the second party answers it, hang up the phone. 11.7.3.4 USA Three-Way Conference Use the following steps to make three-way conference calls. P-2612HW Series User’s Guide...
Page 227: Phone Functions Summary
Use these to allow you to put a call on hold while answering another, or to turn this function off. See #41# Disable call waiting Section 11.7.2 on page 223 (Europe type) and Section 11.7.3 on page 225 (USA type). P-2612HW Series User’s Guide...
Page 228 203. One shot Call Waiting Activate or deactivate call waiting on the next call Disable only. See Section 11.7.2 on page 223 (Europe type) Section 11.7.3 on page 225 (USA type) One shot Call Waiting Enable P-2612HW Series User’s Guide...
Page 229: Firewall
• Use the Rules screen (Section 12.3 on page 236) to view the configured firewall rules and add, edit or remove a firewall rule. P-2612HW Series User’s Guide...
Page 230: What You Need To Know About Firewall
• See Section 12.5 on page 245 for advanced technical information on firewall. 12.1.3 Firewall Rule Setup Example The following Internet firewall rule example allows a hypothetical “MyService” connection from the Internet. P-2612HW Series User’s Guide...
Page 231 Click an index number to display the Customized Services Config screen and configure the screen as follows and click Apply. Figure 137 Edit Custom Port Example Select Any in the Destination Address List box and then click Delete. P-2612HW Series User’s Guide...
Page 232 Configure the destination address screen as follows and click Add. Figure 138 Firewall Example: Edit Rule: Destination Address Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. P-2612HW Series User’s Guide...
Page 233 Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box. Figure 139 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. P-2612HW Series User’s Guide...
Page 234: The Firewall General Screen
10.0.0.15 on the LAN. Figure 140 Firewall Example: Rules: MyService 12.2 The Firewall General Screen Use this screen to configure the firewall settings. Click Security > Firewall to display the following screen. Figure 141 Security > Firewall > General P-2612HW Series User’s Guide...
Page 235 Expand... Click this to display more information. Basic... Click this to display less information. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-2612HW Series User’s Guide...
Page 236: The Firewall Rule Screen
This is your firewall rule number. The ordering of your rules is important as rules are applied in turn. Active This field displays whether a firewall is turned on or not. Select the check box to enable the rule. Clear the check box to disable the rule. P-2612HW Series User’s Guide...
Page 237: Configuring Firewall Rules
Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 12.3.1 Configuring Firewall Rules Refer to Section 12.1.2 on page 230 for more information. P-2612HW Series User’s Guide...
Page 238 Use this screen to configure firewall rules. In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels. Figure 143 Security > Firewall > Rules > Edit P-2612HW Series User’s Guide...
Page 239 This field determines if a log for packets that match the rule is created Information or not. Go to the Log Settings page and select the Access Control logs category to have the ZyXEL Device record these logs. Alert P-2612HW Series User’s Guide...
Page 240: Customized Services
This shows the IP protocol (TCP, UDP or TCP/UDP) that defines your customized service. Port This is the port number or range that defines your customized service. Back Click this to return to the Firewall Edit Rule screen. P-2612HW Series User’s Guide...
Page 241: Configuring A Customized Service
Click this to delete the current rule. 12.4 The Firewall Threshold Screen For DoS attacks, the ZyXEL Device uses thresholds to determine when to start dropping sessions that do not become fully established (half-open sessions). These thresholds apply globally to all sessions. P-2612HW Series User’s Guide...
Page 242: Threshold Values
Type of traffic for certain servers. Reduce the threshold values if your network is slower than average for any of these factors (especially if you have servers that are slow or handle many tasks and are often busy). P-2612HW Series User’s Guide...
Page 243: Configuring Firewall Thresholds
This is the rate of new half-open sessions per minute that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open sessions as necessary, until the rate of new connection attempts drops below this number. P-2612HW Series User’s Guide...
Page 244 Delete the oldest half open session when a new connection request reached comes. threshold Deny new connection requests for the number of minutes that you specify (between 1 and 255). Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-2612HW Series User’s Guide...
Page 245: Firewall Technical Reference
These rules specify which computers on the WAN can access which computers or services on the LAN. Note: You also need to configure NAT port forwarding (or full featured NAT address mapping rules) to allow computers on the WAN to access devices on the LAN. P-2612HW Series User’s Guide...
Page 246: Guidelines For Enhancing Security With Your Firewall
Protect against IP spoofing by making sure the firewall is active. Keep the firewall in a secured (locked) room. P-2612HW Series User’s Guide...
Page 247: Security Considerations
Ethernet devices. You may have more than one connection to the Internet (through one or more ISPs). If an alternate gateway is on the LAN (and its IP address is in the same subnet as the ZyXEL Device’s LAN IP address), the “triangle P-2612HW Series User’s Guide...
Page 248 ZyXEL Device to your LAN. The following steps describe such a scenario. A computer on the LAN initiates a connection by sending a SYN packet to a receiving server on the WAN. P-2612HW Series User’s Guide...
Page 249 The reply from the WAN goes to the ZyXEL Device. The ZyXEL Device then sends it to the computer on the LAN in Subnet 1. Figure 150 IP Alias Subnet 1 ISP 1 Internet ISP 2 Subnet 2 P-2612HW Series User’s Guide...
Page 250 Chapter 12 Firewall P-2612HW Series User’s Guide...
Page 251: Content Filtering
13.1.3 Before You Begin To use the Trusted screen, you need the IP addresses of devices on your network. See the LAN section (Section 13.4 on page 256) for more information. P-2612HW Series User’s Guide...
Page 252: Content Filtering Example
Click Security > Content Filter > Schedule to display the following screen. Click Edit Daily to Block and select all weekdays. Under Start Time and End Time, type the times for blocking to begin and end (4pm ~ 7pm in this example). P-2612HW Series User’s Guide...
Page 253 Click Security > Content Filter > Trusted to display the following screen. In the Start IP Address and End IP Address fields, type 192.168.1.3. Click Apply. Figure 153 Security > Content Filter > Trusted: Example That finishes setting up keyword blocking on the home computer. P-2612HW Series User’s Guide...
Page 254: The Keyword Screen
Repeat this procedure to add other keywords. Up to 64 keywords are allowed. When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request. P-2612HW Series User’s Guide...
Page 255: The Schedule Screen
Start TIme Enter the time when you want the content filtering to take effect in hour- minute format. End Time Enter the time when you want the content filtering to stop in hour-minute format. P-2612HW Series User’s Guide...
Page 256: The Trusted Screen
LAN that you want to exclude from content filtering. Leave this field blank if you want to exclude an individual computer. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-2612HW Series User’s Guide...
Page 257: Vpn
• Use the Monitor screen (Section 14.7 on page 275) to display and manage the current active VPN connections. • Use the VPN Global Setting screen (Section 14.8 on page 277) to allow NetBIOS packets passing through the VPN connection. P-2612HW Series User’s Guide...
Page 258: What You Need To Know About Ipsec Vpn
• The ZyXEL Device uses the current ZyXEL Device WAN IP address (static or dynamic) to set up the VPN tunnel. Secure Gateway Address Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router (secure gateway). P-2612HW Series User’s Guide...
Page 259: Before You Begin
Section 14.9 on page 277 for advanced technical information on IPSec VPN. 14.1.3 Before You Begin If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote MGMT) to allow access for that service. P-2612HW Series User’s Guide...
Page 260: Vpn Setup Screen
Click Security > VPN to open the VPN Setup screen. This is a menu of your IPSec rules (tunnels). The IPSec summary menu is read-only. Edit a VPN by selecting an index number and then configuring its associated submenus. Figure 160 Security > VPN > Setup P-2612HW Series User’s Guide...
Page 261 Click the Remove icon to remove an existing VPN configuration. Apply Click this to save your changes and apply them to the ZyXEL Device. Cancel Click this return your settings to their last saved values. P-2612HW Series User’s Guide...
Page 262: The Vpn Edit Screen
Table 82 Security > VPN > Setup > Edit LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall. P-2612HW Series User’s Guide...
Page 263 (static) IP address, in a range of computers on your LAN behind your ZyXEL Device. When the Local Address Type field is configured to Subnet, this is a (static) IP address on the LAN behind your ZyXEL Device. P-2612HW Series User’s Guide...
Page 264 Local ID Type Select IP to identify this ZyXEL Device by its IP address. Select DNS to identify this ZyXEL Device by a domain name. Select E-mail to identify this ZyXEL Device by an e-mail address. P-2612HW Series User’s Guide...
Page 265 DNS or E-mail ID type in the following situations: When there is a NAT router between the two IPSec routers. When you want the ZyXEL Device to distinguish between VPN connection requests that come in from remote IPSec routers with dynamic WAN IP addresses. P-2612HW Series User’s Guide...
Page 266 Security > Certificates screens, or click the My Certificates link. My Certificates Click this to go to the Security > Certificates > My Certificates screen. If you do not click Apply first, your VPN settings will not be saved. P-2612HW Series User’s Guide...
Page 267 Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Advanced Setup Click Advanced Setup to configure more detailed settings of your IKE key management. P-2612HW Series User’s Guide...
Page 268: Configuring Advanced Ike Settings
Enter a port number in this field to define a port range. This port number must be greater than that specified in the previous field. If Local Start Port is left at 0, End will also remain at 0. P-2612HW Series User’s Guide...
Page 269 Key Group You must choose a key group for phase 1 IKE setup. DH1 (default) refers to Diffie-Hellman Group 1 a 768 bit random number. DH2 refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number. P-2612HW Series User’s Guide...
Page 270 Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device and return to the VPN-IKE screen. Cancel Click Cancel to return to the VPN-IKE screen without saving your changes. P-2612HW Series User’s Guide...
Page 271: Manual Key Setup
VPN gateway to the local VPN gateway. The local VPN gateway then uses the network, encryption and key values that the administrator associated with the SPI to establish the tunnel. Current ZyXEL implementation assumes identical outgoing and incoming SPIs. P-2612HW Series User’s Guide...
Page 272: Configuring Manual Key
IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. P-2612HW Series User’s Guide...
Page 273 Use the drop-down menu to choose Single, Range, or Subnet. Select Type Single with a single IP address. Select Range for a specific range of IP addresses. Select Subnet to specify IP addresses on a network by their subnet mask. P-2612HW Series User’s Guide...
Page 274 Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for maximum security. P-2612HW Series User’s Guide...
Page 275: Viewing Sa Monitor
When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. See Section P-2612HW Series User’s Guide...
Page 276 This field displays the security protocol, encryption algorithm, and Algorithm authentication algorithm used in each VPN tunnel. Disconnect Select one of the security associations, and then click Disconnect to stop that security association. Refresh Click Refresh to display the current active VPN connection(s). P-2612HW Series User’s Guide...
Page 277: Configuring Vpn Global Setting
Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 14.9 IPSec VPN Technical Reference This section provides some technical background information about the topics covered in this chapter. P-2612HW Series User’s Guide...
Page 278: Ipsec Architecture
Read this section if you are running IPSec on a host computer behind the ZyXEL Device. NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data P-2612HW Series User’s Guide...
Page 279: Vpn, Nat, And Nat Traversal
NAT is not normally compatible with ESP in transport mode either, but the ZyXEL Device’s NAT Traversal feature provides a way to handle this. NAT traversal P-2612HW Series User’s Guide...
Page 280 Table 88 VPN and NAT SECURITY MODE PROTOCOL Transport Tunnel Transport Tunnel Y* - This is supported in the ZyXEL Device if you enable NAT traversal. P-2612HW Series User’s Guide...
Page 281: Encapsulation
VPN gateway. • Inside header: The inside IP header contains the destination IP address of the final system behind the VPN gateway. The security protocol appears after the outer IP header and before the inside IP header. P-2612HW Series User’s Guide...
Page 282: Ike Phases
• Choose an authentication algorithm • Choose whether to enable Perfect Forward Secrecy (PFS) using Diffie-Hellman public-key cryptography – see Appendix D on page 507. Select None (the default) to disable PFS. • Choose Tunnel mode or Transport mode. P-2612HW Series User’s Guide...
Page 283: Negotiation Mode
14.9.8 Remote DNS Server In cases where you want to use domain names to access Intranet servers on a remote network that has a DNS server, you must identify that DNS server. You P-2612HW Series User’s Guide...
Page 284: Id Type And Content
(seeSection 14.9.12 on page 286 for a telecommuter configuration example). Regardless of the ID type and content configuration, the ZyXEL Device does not allow you to save multiple active rules with overlapping local and remote IP addresses. P-2612HW Series User’s Guide...
Page 285: Id Type And Content Examples
IP address or what you configure in the Secure Gateway Address field below. 14.9.9.1 ID Type and Content Examples Two IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. P-2612HW Series User’s Guide...
Page 286: Pre-Shared Key
The following examples show how multiple telecommuters can make VPN connections to a single ZyXEL Device at headquarters. The telecommuters use IPSec routers with dynamic WAN IP addresses. The ZyXEL Device at headquarters has a static public IP address. P-2612HW Series User’s Guide...
Page 287: Telecommuters Sharing One Vpn Rule Example
Telecommuters can each use a separate VPN rule to simultaneously access a ZyXEL Device at headquarters. They can use different IPSec parameters. The local IP addresses (or ranges of addresses) of the rules configured on the ZyXEL Device P-2612HW Series User’s Guide...
Page 288 Peer ID Content: bob@bigcompanyhq.com Telecommuter A Headquarters ZyXEL Device Rule 1: (telecommutera.dydns.org) Local ID Type: IP Peer ID Type: IP Local ID Content: 192.168.2.12 Peer ID Content: 192.168.2.12 Local IP Address: 192.168.2.12 Secure Gateway Address: telecommuter1.com Remote Address 192.168.2.12 P-2612HW Series User’s Guide...
Page 289 Remote Address 192.168.3.2 Telecommuter C Headquarters ZyXEL Device Rule 3: (telecommuterc.dydns.org) Local ID Type: E-mail Peer ID Type: E-mail Local ID Content: myVPN@myplace.com Peer ID Content: myVPN@myplace.com Local IP Address: 192.168.4.15 Secure Gateway Address: telecommuterc.com Remote Address 192.168.4.15 P-2612HW Series User’s Guide...
Page 290 Chapter 14 VPN P-2612HW Series User’s Guide...
Page 291: Certificates
There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. You can use the ZyXEL Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority. P-2612HW Series User’s Guide...
Page 292 Device can check a peer’s certificate against a directory server’s list of revoked certificates. The framework of servers, software, procedures and policies that handles keys is called PKI (public-key infrastructure). Advantages of Certificates Certificates offer the following benefits. P-2612HW Series User’s Guide...
Page 293: Verifying A Certificate
Browse to where you have the certificate saved on your computer. Make sure that the certificate has a “.cer” or “.crt” file name extension. Figure 173 Certificates on Your Computer P-2612HW Series User’s Guide...
Page 294 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields. The secure method may very based on your situation. Possible examples would be over the telephone or through an HTTPS connection. P-2612HW Series User’s Guide...
Page 295: My Certificates
SELF represents a self-signed certificate. *SELF represents the default self-signed certificate, which the ZyXEL Device uses to sign imported trusted remote host certificates. CERT represents a certificate issued by a certification authority. P-2612HW Series User’s Guide...
Page 296 Click Import to open a screen where you can save the certificate that you have enrolled from a certification authority from your computer to the ZyXEL Device. Refresh Click Refresh to display the current validity status of the certificates. P-2612HW Series User’s Guide...
Page 297: My Certificate Details
If it is a self-signed certificate, you can also set the ZyXEL Device to use the certificate to sign the imported trusted remote host certificates. Figure 176 Security > Certificates > My Certificates > Details P-2612HW Series User’s Guide...
Page 298 This field displays the type of algorithm that was used to sign the Algorithm certificate. The ZyXEL Device uses rsa-pkcs1-sha1 (RSA public- private key encryption algorithm and the SHA1 hash algorithm). Some certification authorities may use rsa-pkcs1-md5 (RSA public- private key encryption algorithm and the MD5 hash algorithm). P-2612HW Series User’s Guide...
Page 299 You can only import a certificate that matches a corresponding certification request that was generated by the ZyXEL Device (the certification request contains the private key). The certificate you import replaces the corresponding request in the My Certificates screen. P-2612HW Series User’s Guide...
Page 300 ZyXEL Device. Note: Be careful not to convert a binary file to text during the transfer process. It is easy for this to occur since many programs use text files by default. P-2612HW Series User’s Guide...
Page 301: Using The My Certificate Import Screen
Click Cancel to clear your settings. 15.4 My Certificate Create Click Security > Certificates > My Certificates > Create to open the My Certificate Create screen. Use this screen to have the ZyXEL Device create a P-2612HW Series User’s Guide...
Page 302 Organizational Unit Type up to 127 characters to identify the organizational unit or department to which the certificate owner belongs. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. P-2612HW Series User’s Guide...
Page 303 Public Key Infrastructure X.509 working group of the Internet Engineering Task Force (IETF) and is specified in RFC 2510. CA Server Address Enter the IP address (or URL) of the certification authority server. P-2612HW Series User’s Guide...
Page 304: Trusted Cas
This screen displays a summary list of certificates of the certification authorities that you have set the ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being P-2612HW Series User’s Guide...
Page 305 Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired. P-2612HW Series User’s Guide...
Page 306: Trusted Ca Import
ZyXEL Device. Note: You must remove any spaces from the certificate’s filename before you can import the certificate. Figure 180 Security > Certificates > Trusted CA > Import P-2612HW Series User’s Guide...
Page 307: Trusted Ca Details
Click the details icon to open the Trusted CA Details screen. Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyXEL Device to check a P-2612HW Series User’s Guide...
Page 308 Chapter 15 Certificates certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. Figure 181 Security > Certificates > Trusted CA > Details P-2612HW Series User’s Guide...
Page 309 (RSA public-private key encryption algorithm and the MD5 hash algorithm). Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable. P-2612HW Series User’s Guide...
Page 310 ZyXEL Device to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority. Cancel Click Cancel to quit and return to the Trusted CAs screen. P-2612HW Series User’s Guide...
Page 311: Trusted Remote Hosts
ZyXEL Device that the ZyXEL Device uses to sign the signed trusted remote host certificates. Certificate) This field displays the certificate index number. The certificates are listed in alphabetical order. Name This field displays the name used to identify this certificate. P-2612HW Series User’s Guide...
Page 312: Trusted Remote Host Certificate Details
Click this button to display the current validity status of the certificates. 15.9 Trusted Remote Host Certificate Details Click Security > Certificates > Trusted Remote Hosts to open the Trusted Remote Hosts screen. Click the details icon to open the Trusted Remote Host P-2612HW Series User’s Guide...
Page 313 For a trusted host, the list consists of the end entity’s own certificate and the default self-signed certificate that the ZyXEL Device uses to sign remote host certificates. Refresh Click Refresh to display the certification path. P-2612HW Series User’s Guide...
Page 314 ZyXEL Device has signed the certificate; thus causing this value to be different from that of the remote hosts actual certificate. See Section 15.1.3 on page 293 for how to verify a remote host’s certificate. P-2612HW Series User’s Guide...
Page 315: Trusted Remote Hosts Import
Click Security > Certificates > Trusted Remote Hosts to open the Trusted Remote Hosts screen and then click Import to open the Trusted Remote Host Import screen. Follow the instructions in this screen to save a trusted host’s certificate to the ZyXEL Device. P-2612HW Series User’s Guide...
Page 316: Directory Servers
Device. If you decide to have the ZyXEL Device check incoming certificates against the issuing certification authority’s list of revoked certificates, the ZyXEL Device first checks the server(s) listed in the CRL Distribution Points field of the P-2612HW Series User’s Guide...
Page 317 Note that subsequent certificates move up by one when you take this action. Click Add to open a screen where you can configure information about a directory server so that the ZyXEL Device can access it. P-2612HW Series User’s Guide...
Page 318: Directory Server Add And Edit
Login The ZyXEL Device may need to authenticate itself in order to assess the directory server. Type the login name (up to 31 ASCII characters) from the entity maintaining the directory server (usually a certification authority). P-2612HW Series User’s Guide...
Page 319 Click Back to return to the Directory Servers screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to quit configuring this screen. At the time of writing, LDAP is the only choice of directory server access protocol. P-2612HW Series User’s Guide...
Page 320 Chapter 15 Certificates P-2612HW Series User’s Guide...
Page 321: Static Route
Figure 187 Example of Static Routing Topology Internet 16.1.1 What You Can Do in the Static Route Screens Use the Static Route screens (Section 16.2 on page 322) to view and configure IP static routes on the ZyXEL Device. P-2612HW Series User’s Guide...
Page 322: Configuring Static Route
Click the Remove icon to remove a static route from the ZyXEL Device. A window displays asking you to confirm that you want to delete the route. Apply Click this to apply your changes to the ZyXEL Device. Cancel Click this to return to the previously saved configuration. P-2612HW Series User’s Guide...
Page 323: Static Route Edit
Back Click Back to return to the previous screen without saving. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW Series User’s Guide...
Page 324 Chapter 16 Static Route P-2612HW Series User’s Guide...
Page 325: Q/1P
17.1.2 What You Need to Know About 802.1Q/1P IEEE 802.1P Priority IEEE 802.1P specifies the user priority field and defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service. P-2612HW Series User’s Guide...
Page 326 (recall that a port can belong to multiple VLANs). If the tagging on the egress port is enabled for the VID of a frame, then the frame is transmitted as a tagged frame; otherwise, it is transmitted as an untagged frame. P-2612HW Series User’s Guide...
Page 327: Q/1P Example
In the VLAN ID field type in 2 to identify the VLAN group. Select PVC1 from the Default Gateway drop-down list box. In the Control field, select Fixed for LAN1, LAN2 and PVC1 to be permanent members of the VLAN group. P-2612HW Series User’s Guide...
Page 328 Click Advanced > 802.1Q/1P > Port Setting to display the following screen. Type 2 in the 802.1Q PVID column for LAN1, LAN2 and PVC1. Select 7 from the 802.1P Priority drop-down list box for LAN1, LAN2 and PVC1. P-2612HW Series User’s Guide...
Page 329 SSID1 and SSID2 are two wireless networks. You want to create medium priority for this type of traffic, so you want to group these ports and PVC3 into one VLAN (VLAN4). PVC3 priority is set to medium level of service. P-2612HW Series User’s Guide...
Page 330 Chapter 17 802.1Q/1P Follow the same steps as in VLAN2 to configure the settings for VLAN3 and VLAN4. The summary screen should display as follows. Figure 194 Advanced > 802.1Q/1P > Group Setting: Example P-2612HW Series User’s Guide...
Page 331 Chapter 17 802.1Q/1P The port screen should look like this. Figure 195 Advanced > 802.1Q/1P > Port Setting: Example This completes the 802.1Q/1P setup. P-2612HW Series User’s Guide...
Page 332: The 802.1Q/1P Group Setting Screen
Enter the ID number of a VLAN group. All interfaces (ports, SSIDs and PVCs) are in the management VLAN by default. If you disable the management VLAN, you will not be able to access the ZyXEL Device. P-2612HW Series User’s Guide...
Page 333: Editing 802.1Q/1P Group Setting
Click the Remove button to delete the VLAN group. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. 17.2.1 Editing 802.1Q/1P Group Setting Use this screen to configure the settings for each VLAN group. P-2612HW Series User’s Guide...
Page 334 Assign a VLAN ID for the VLAN group. The valid VID range is between 1 and 4094. Default Select the default gateway for the VLAN group. Gateway Ports This field displays the types of ports available to join the VLAN group. P-2612HW Series User’s Guide...
Page 335: The 802.1Q/1P Port Setting Screen
17.3 The 802.1Q/1P Port Setting Screen Use this screen to configure the PVID and assign traffic priority for each port. Click Advanced > 802.1Q/1P > Port Setting to display the following screen. Figure 198 Advanced > 802.1Q/1P > Port Setting P-2612HW Series User’s Guide...
Page 336 PVC. Select Same if you do not want to modify the priority. You may choose a priority level from 0-7, with 0 being the lowest level and 7 being the highest level. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. P-2612HW Series User’s Guide...
Page 337: Quality Of Service (Qos)
• Use the Class Setup screen (Section 18.3 on page 343) to set up classifiers to sort traffic into different flows and assign priority and define actions to be performed for a classified traffic flow. P-2612HW Series User’s Guide...
Page 338: What You Need To Know About Qos
(6) to VoIP traffic from the LAN interface, so that voice traffic would not get delayed when there is network congestion. Traffic from the boss’s IP address (192.168.1.23 for example) is mapped to queue 5. Traffic that does not match P-2612HW Series User’s Guide...
Page 339 QoS mapping table on the ZyXEL Device. Figure 199 QoS Example VoIP: Queue 6 50 Mbps Internet Boss: Queue 5 IP=192.168.1.23 Figure 200 QoS Class Example: VoIP -1 P-2612HW Series User’s Guide...
Page 340 Chapter 18 Quality of Service (QoS) Figure 201 QoS Class Example: VoIP -2 Figure 202 QoS Class Example: Boss -1 P-2612HW Series User’s Guide...
Page 341: The Qos General Screen
Figure 203 QoS Class Example: Boss -2 18.2 The QoS General Screen Click Advanced > QoS to open the screen as shown next. Use this screen to enable or disable QoS, and select to have the ZyXEL Device automatically assign P-2612HW Series User’s Guide...
Page 342 IEEE 802.1p priority level, IP precedence and/or packet length. See Section 18.5.4 on page 351 for more information. If you select OFF, traffic which does not match a class is mapped to queue two. P-2612HW Series User’s Guide...
Page 343: The Class Setup Screen
Active Select the check box to enable this classifier. Name This is the name of the classifier. Interface This shows the interface from which traffic of this classifier should come. P-2612HW Series User’s Guide...
Page 344 Click the Edit icon to go to the screen where you can edit the classifier. Click the Remove icon to delete an existing classifier. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW Series User’s Guide...
Page 345: The Class Configuration Screen
Chapter 18 Quality of Service (QoS) 18.3.1 The Class Configuration Screen Click the Add button or the Edit icon in the Modify field to configure a classifier. Figure 206 Advanced > QoS > Class Setup > Add P-2612HW Series User’s Guide...
Page 346 Select Same to keep the DSCP fields in the packets. Select Auto to map the DSCP value to 802.1 priority level automatically. Select Mark to set the DSCP field with the value you configure in the field provided. P-2612HW Series User’s Guide...
Page 347 Select the check box and enter the port number of the destination. 0 means any source port number. See Appendix E on page 531 for some common services and port numbers. Select the check box and enter the destination MAC address of the packet. P-2612HW Series User’s Guide...
Page 348 Select this option to set this classifier for TCP ACK (acknowledgement) packets. Back Click Back to go to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW Series User’s Guide...
Page 349: The Qos Monitor Screen
Click this button to apply the new poll interval you entered in the Poll Interval(s) field. Stop Click Stop to stop refreshing statistics. 18.5 QoS Technical Reference This section provides some technical background information about the topics covered in this chapter. P-2612HW Series User’s Guide...
Page 350: Ieee 802.1Q Tag
18.5.3 DiffServ QoS is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types. P-2612HW Series User’s Guide...
Page 351: Automatic Priority Queue Assignment
IEEE 802.1p priority level, IP precedence and/or packet length to assign priority to traffic which does not match a class. The following table shows you the internal layer-2 and layer-3 QoS mapping on the ZyXEL Device. On the ZyXEL Device, traffic assigned to higher priority queues P-2612HW Series User’s Guide...
Page 352 TOS (IP IP PACKET QUEUE DSCP (ETHERNET PRECEDENCE) LENGTH (BYTE) PRIORITY) 000000 000000 >1100 001110 250~1100 001100 001010 001000 010110 010100 010010 010000 011110 <250 011100 011010 011000 100110 100100 100010 100000 101110 101000 110000 111000 P-2612HW Series User’s Guide...
Page 353: Dynamic Dns Setup
IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname. If you have a private WAN IP address, then you cannot use Dynamic DNS. P-2612HW Series User’s Guide...
Page 354: Configuring Dynamic Dns
Type the domain name assigned to your ZyXEL Device by your Dynamic DNS provider. You can specify up to two host names in the field separated by a comma (","). User Name Type your user name. Password Type the password assigned to you. P-2612HW Series User’s Guide...
Page 355 Type the IP address of the host name(s). Use this if you have a static IP IP Address address. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW Series User’s Guide...
Page 356 Chapter 19 Dynamic DNS Setup P-2612HW Series User’s Guide...
Page 357: Remote Management Configuration
Note: When you choose WAN only or LAN & WAN, you still need to configure a firewall rule to allow access. To disable remote management of a service, select Disable in the corresponding Access Status field. P-2612HW Series User’s Guide...
Page 358: What You Can Do In The Remote Management Screens
• There is already another remote management session with an equal or higher priority running. You may only have one remote management session running at one time. • There is a firewall rule that blocks it. P-2612HW Series User’s Guide...
Page 359: The Www Screen
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service. P-2612HW Series User’s Guide...
Page 360: The Telnet Screen
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service. P-2612HW Series User’s Guide...
Page 361: The Ftp Screen
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service. P-2612HW Series User’s Guide...
Page 362: The Snmp Screen
(SNMPv2). The next figure illustrates an SNMP management operation. Note: SNMP is only available if TCP/IP is configured. Figure 213 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. P-2612HW Series User’s Guide...
Page 363 SNMP get or set requirements with the wrong community (password). whyReboot (defined in ZYXEL- A trap is sent with the reason of restart before MIB) rebooting when the system is going to restart (warm start). P-2612HW Series User’s Guide...
Page 364: Configuring Snmp
You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service. P-2612HW Series User’s Guide...
Page 365: The Dns Screen
Click Advanced > Remote MGMT > DNS to change your ZyXEL Device’s DNS settings. Use this screen to set from which IP address the ZyXEL Device will accept DNS queries and on which interface it can send them your ZyXEL Device’s DNS P-2612HW Series User’s Guide...
Page 366: The Icmp Screen
ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent. This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. P-2612HW Series User’s Guide...
Page 367 TCP reset packet for a blocked TCP packet (or an ICMP port-unreachable packet for a blocked UDP packets) or just drop the packets without sending a response packet. P-2612HW Series User’s Guide...
Page 368 Chapter 20 Remote Management Configuration Table 125 Advanced > Remote Management > ICMP LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW Series User’s Guide...
Page 369: Universal Plug-And-Play (Upnp)
UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following: • Dynamic port mapping • Learning public IP addresses • Assigning lease times to mappings P-2612HW Series User’s Guide...
Page 370 ZyXEL has achieved UPnP certification from the Universal Plug and Play Forum UPnP™ Implementers Corp. (UIC). ZyXEL's UPnP implementation supports Internet Gateway Device (IGD) 1.0. See the following sections for examples of installing and using UPnP. P-2612HW Series User’s Guide...
Page 371: The Upnp Screen
Click Apply to save the setting to the ZyXEL Device. Cancel Click Cancel to return to the previously saved settings. 21.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP. P-2612HW Series User’s Guide...
Page 372 Follow the steps below to install the UPnP in Windows Me. Click Start and Control Panel. Double-click Add/Remove Programs. Click the Windows Setup tab and select Communication in the Components selection box. Click Details. Figure 218 Add/Remove Programs: Windows Setup: Communication P-2612HW Series User’s Guide...
Page 373 Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections. In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 220 Network Connections P-2612HW Series User’s Guide...
Page 374 Chapter 21 Universal Plug-and-Play (UPnP) The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. Figure 221 Windows Optional Networking Components Wizard P-2612HW Series User’s Guide...
Page 375: Using Upnp In Windows Xp Example
Make sure the computer is connected to a LAN port of the ZyXEL Device. Turn on your computer and the ZyXEL Device. Auto-discover Your UPnP-enabled Network Device Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. P-2612HW Series User’s Guide...
Page 376 Chapter 21 Universal Plug-and-Play (UPnP) Right-click the icon and select Properties. Figure 223 Network Connections P-2612HW Series User’s Guide...
Page 377 Chapter 21 Universal Plug-and-Play (UPnP) In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Figure 224 Internet Connection Properties P-2612HW Series User’s Guide...
Page 378 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 225 Internet Connection Properties: Advanced Settings Figure 226 Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. P-2612HW Series User’s Guide...
Page 379 IP address of the ZyXEL Device first. This comes helpful if you do not know the IP address of the ZyXEL Device. Follow the steps below to access the web configurator. Click Start and then Control Panel. Double-click Network Connections. P-2612HW Series User’s Guide...
Page 380 Chapter 21 Universal Plug-and-Play (UPnP) Select My Network Places under Other Places. Figure 229 Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. P-2612HW Series User’s Guide...
Page 381 Figure 230 Network Connections: My Network Places Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 231 Network Connections: My Network Places: Properties: Example P-2612HW Series User’s Guide...
Page 382 Chapter 21 Universal Plug-and-Play (UPnP) P-2612HW Series User’s Guide...
Page 383: Maintenance, Troubleshooting And Specifications
Maintenance, Troubleshooting and Specifications System (385) Logs (391) Tools (413) Diagnostic (433) Troubleshooting (437) Product Specifications (445)
Page 385: System
A LAN (local area network) is typically a network which covers a small area, made up of computers and other devices which share resources such as Internet access and printers. P-2612HW Series User’s Guide...
Page 386: The General Screen
Enter the domain name (if you know it) here. If you leave this field blank, the ISP may assign a domain name via DHCP. The domain name entered by you is given priority over the ISP assigned domain name. P-2612HW Series User’s Guide...
Page 387 After you change the password, use the new password to access the ZyXEL Device. Retype to Type the new password again for confirmation. Confirm Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW Series User’s Guide...
Page 388: The Time Setting Screen
Time Zone and Daylight Saving at the same time, the new time and date you entered has priority and the Time Zone and Daylight Saving settings do not affect it. P-2612HW Series User’s Guide...
Page 389 European Union you would select Last, Sunday, March. The time you type in the o'clock field depends on your time zone. In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). P-2612HW Series User’s Guide...
Page 390 Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2612HW Series User’s Guide...
Page 391: Logs
Click Maintenance > Logs to open the View Log screen. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen (see Section 23.3 on page 392). P-2612HW Series User’s Guide...
Page 392: The Log Settings Screen
23.3 The Log Settings Screen Use the Log Settings screen to configure to where the ZyXEL Device is to send logs; the schedule for when the ZyXEL Device is to send the logs and which logs P-2612HW Series User’s Guide...
Page 393 Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many e-mails being sent. Figure 235 Maintenance > Logs > Log Settings P-2612HW Series User’s Guide...
Page 394 Select this to delete all the logs after the ZyXEL Device sends an E-mail of sending mail the logs. Syslog The ZyXEL Device sends a log to an external syslog server. Logging Active Click Active to enable syslog logging. P-2612HW Series User’s Guide...
Page 395: Smtp Error Messages
The following is an example of a log sent by e-mail. • You may edit the subject title. • The date format here is Day-Month-Year. • The date format here is Month-Day-Year. The time format is Hour-Minute- Second. P-2612HW Series User’s Guide...
Page 396: Log Descriptions
Someone has logged on to the router via telnet. Successful TELNET login Someone has failed to log on to the router via telnet. TELNET login failed Someone has logged on to the router via ftp. Successful FTP login P-2612HW Series User’s Guide...
Page 397 The router failed to allocate memory for the NetBIOS readNetBIOSFilter: calloc filter settings. error A WAN connection is down. You cannot access the WAN connection is down. network through this interface. P-2612HW Series User’s Guide...
Page 398 Firewall session time firewall session timed out.Default timeout values:ICMP out, sent TCP RST idle timeout (s): 60UDP idle timeout (s): 60TCP connection (three way handshaking) timeout (s): 30TCP FIN-wait timeout (s): 60TCP idle (established) timeout (s): 3600 P-2612HW Series User’s Guide...
Page 399 The firewall does not support this kind of ICMP Unsupported/out-of-order ICMP: packets or the ICMP packets are out of order. ICMP The router sent an ICMP reply packet to the Router reply ICMP packet: ICMP sender. P-2612HW Series User’s Guide...
Page 400 UPnP packets can pass through the firewall. UPnP pass through Firewall Table 141 Content Filtering Logs LOG MESSAGE DESCRIPTION The content of a requested web page matched a user defined %s: block keyword keyword. The system forwarded web content. P-2612HW Series User’s Guide...
Page 401 A user was not authenticated by the RADIUS RADIUS rejects user. Pls check Server. Please check the RADIUS Server. RADIUS Server. The router logged out a user whose session User logout because of session expired. timeout expired. P-2612HW Series User’s Guide...
Page 402 TYPE CODE DESCRIPTION Echo Reply Echo reply message Destination Unreachable Net unreachable Host unreachable Protocol unreachable Port unreachable A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed P-2612HW Series User’s Guide...
Page 403 The “devID” is the last three characters of the MAC address of the router’s LAN port. The “cat” is the same as the category in the router’s logs. P-2612HW Series User’s Guide...
Page 404 VoIP call to the listed destination. Ph[Phone Port] -> Outgoing Call Number A VoIP phone call made from a phone connected to the VoIP Call End Phone[Phone listed phone port has terminated. Port] P-2612HW Series User’s Guide...
Page 405 Please refer to RFC 2408 for detailed information on each type. Table 151 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID P-2612HW Series User’s Guide...
Page 406 Chapter 23 Logs P-2612HW Series User’s Guide...
Page 407: Call History
Click Maintenance > Call History to open the Summary screen. Use the Summary screen to view a summary of the calls performed via the ZyXEL Device within a certain period. Figure 237 Maintenance > Call History > Summary P-2612HW Series User’s Guide...
Page 408: Viewing The Call History
The call history buffer can hold up to 150 entries. When the call history buffer fills, old records are deleted as new ones are added. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order. Figure 238 Maintenance > Call History > Call History P-2612HW Series User’s Guide...
Page 409: Configuring Call History Settings
24.4 Configuring Call History Settings Use the Call History Settings screen to configure to where the ZyXEL Device is to send call records and the schedule for when the ZyXEL Device is to send or save the call records. P-2612HW Series User’s Guide...
Page 410 ZyXEL Device sends. Not all ZyXEL Device have this field. Send Call The ZyXEL Device sends logs to the e-mail address specified in this field. History to If this field is left blank, the ZyXEL Device does not send logs via e-mail. P-2612HW Series User’s Guide...
Page 411 Use the drop down list box to select which day of the week to save the Saving Call records. History Time for Enter the time of the day in 24-hour format (for example 23:00 equals Saving Call 11:00 pm) to save the records. History P-2612HW Series User’s Guide...
Page 412 Select which day of a month (from 1 to 28) on which the “Last Month” Every Month summary of call history (displays in the Summary screen) starts. Apply Click Apply to save your customized settings and exit this screen. Ó Cancel Click Cancel to return to the previously saved settings. P-2612HW Series User’s Guide...
Page 413: Tools
25.1.2 What You Need To Know About Tools Filename Conventions The configuration file (often called the romfile or rom-0) contains the factory default settings in the menus such as password, DHCP Setup, and TCP/IP Setup. It P-2612HW Series User’s Guide...
Page 414 (including the default password), the error log and the trace log. Firmware This is the generic name for the ZyNOS *.bin firmware on the ZyXEL Device. FTP Restrictions FTP will not work when: P-2612HW Series User’s Guide...
Page 415: Before You Begin
150 Opening data connection for STOR rom-0 226 File received OK 221 Goodbye for writing flash ftp: 16384 bytes sent in 0.06Seconds 273.07Kbytes/sec. ftp>quit Refer to Section 25.1.2 on page 413 to read about configurations that disallow TFTP and FTP over WAN. P-2612HW Series User’s Guide...
Page 416 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 1103936 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit P-2612HW Series User’s Guide...
Page 417 (firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the device). Commands that you may see in GUI-based TFTP clients are listed earlier in this chapter. P-2612HW Series User’s Guide...
Page 418 230 Logged in ftp> bin 200 Type I OK ftp> get rom-0 zyxel.rom 200 Port command okay 150 Opening data connection for STOR ras 226 File received OK ftp: 16384 bytes sent in 1.10Seconds 297.89Kbytes/sec. ftp> quit P-2612HW Series User’s Guide...
Page 419 Use the TFTP client (see the example below) to transfer files between the ZyXEL Device and the computer. The file name for the configuration file is “rom-0” (rom- zero, not capital o). P-2612HW Series User’s Guide...
Page 420: Firmware Upgrade Screen
ZyXEL Device. The upload process uses HTTP (Hypertext Transfer Protocol) and may take up to two minutes. After a successful upload, the system will reboot. See Section on page 416 upgrading firmware using FTP/TFTP commands. P-2612HW Series User’s Guide...
Page 421 Click Browse... to find the .bin file you want to upload. Remember that you must decompress compressed (.zip) files before you can upload them. Upload Click Upload to begin the upload process. This process may take up to two minutes. P-2612HW Series User’s Guide...
Page 422 After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen. Figure 246 Error Message P-2612HW Series User’s Guide...
Page 423: The Configuration Screen
The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the ZyXEL Device’s current configuration to your computer. P-2612HW Series User’s Guide...
Page 424 IP address (192.168.1.1). See Appendix A on page 459 for details on how to set up your computer’s IP address. P-2612HW Series User’s Guide...
Page 425: Reset To Factory Defaults
Figure 252 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device. Refer to Section 1.5 on page 29 for more information on the RESET button. P-2612HW Series User’s Guide...
Page 426: Restart
“get rom-0 config.rom” transfers the configuration file on the ZyXEL Device to your computer and renames it “config.rom”. See earlier in this chapter for more information on filename conventions. Enter “quit” to exit the ftp prompt. P-2612HW Series User’s Guide...
Page 427: Ftp Command Configuration Backup Example
25.5.4 Backup Configuration Using TFTP The ZyXEL Device supports the up/downloading of the firmware and the configuration file using TFTP (Trivial File Transfer Protocol) over LAN. Although TFTP should work over WAN as well, it is not recommended. P-2612HW Series User’s Guide...
Page 428: Tftp Command Configuration Backup Example
“host” is the ZyXEL Device IP address, “get” transfers the file source on the ZyXEL Device (rom-0, name of the configuration file on the ZyXEL Device) to the file destination on the computer and renames it config.rom. P-2612HW Series User’s Guide...
Page 429: Configuration Backup Using Gui-Based Tftp Clients
FTP is faster. Please note that you must wait for the system to automatically restart after the file transfer is complete. Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE your device. When the Restore Configuration process is complete, the device automatically restarts. P-2612HW Series User’s Guide...
Page 430: Restore Using Ftp Session Example
Enter “open”, followed by a space and the IP address of your device. Enter your username as requested (the default is “admin”). Press [ENTER] when prompted for a password. Enter “bin” to set transfer mode to binary. P-2612HW Series User’s Guide...
Page 431: Ftp Session Example Of Firmware File Upload
Use telnet from your computer to connect to the device and log in. Because TFTP does not have any security checks, the device records the IP address of the telnet client and accepts TFTP requests only from this address. P-2612HW Series User’s Guide...
Page 432: Tftp Upload Command Example
(firmware.bin – name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the device). Commands that you may see in GUI-based TFTP clients are listed earlier in this chapter. P-2612HW Series User’s Guide...
Page 433: Diagnostic
(Section 26.3 on page 434) to view the DSL line statistics and reset the ADSL line. 26.2 The General Diagnostic Screen Click Maintenance > Diagnostic to open the screen shown next. Figure 257 Maintenance > Diagnostic > General P-2612HW Series User’s Guide...
Page 434: The Dsl Line Diagnostic Screen
Click Maintenance > Diagnostic > DSL Line to open the screen shown next. This screen is not available when you set the WAN mode to Ethernet WAN in the WAN > Internet Access Setup screen using the DSL/WAN switch. Figure 258 Maintenance > Diagnostic > DSL Line P-2612HW Series User’s Guide...
Page 435 The ZyXEL Device sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the ZyXEL Device. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network. P-2612HW Series User’s Guide...
Page 436 Reset ADSL Line Successfully!" Capture All Click this button to display information and statistics about your ZyXEL Logs Device’s ATM statistics, DSL connection statistics, DHCP settings, firmware version, WAN and gateway IP address, VPI/VCI and LAN IP address. P-2612HW Series User’s Guide...
Page 437: Troubleshooting
Make sure the power source is turned Turn the ZyXEL Device off and on. If the problem continues, contact the vendor. One of the LEDs does not behave as expected. P-2612HW Series User’s Guide...
Page 438: Zyxel Device Access And Login
• If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I forgot the IP address for the ZyXEL Device. Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide. P-2612HW Series User’s Guide...
Page 439 Turn the ZyXEL Device off and on. If this does not work, you have to reset the device to its factory defaults. See Section 27.2 on page 437. P-2612HW Series User’s Guide...
Page 440: Internet Access
I cannot access the Internet anymore. I had access to the Internet (with the ZyXEL Device), but my Internet connection is not available anymore. Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.4 on page P-2612HW Series User’s Guide...
Page 441: Phone Calls And Voip
27.5 Phone Calls and VoIP The telephone port won’t work or the telephone lacks a dial tone. Check the telephone connections and telephone wire. I can access the Internet, but cannot make VoIP calls. P-2612HW Series User’s Guide...
Page 442: Multiple Sip Accounts
SIP accounts are configured and you are using two phones. When you place a call from phone port 1 or phone port 2, the ZyXEL Device will use SIP account 1. Figure 259 Outgoing Calls: Default PHONE 1 SIP 1 Internet PHONE 2 SIP 2 P-2612HW Series User’s Guide...
Page 443: Incoming Calls
SIP accounts are configured and you are using two phones. When a call comes in from your SIP account 1, the phones connected to both phone port 1 and phone port 2 ring. Similarly, when a call comes in from your P-2612HW Series User’s Guide...
Page 444 2 rings. To apply these configuration changes you need to configure the Analog Phone screen. See Section 10.5 on page 194. Figure 262 Incoming Calls: Individual Configuration PHONE 1 SIP 1 Internet PHONE 2 SIP 2 P-2612HW Series User’s Guide...
Page 445: Product Specifications
-20º ~ 60º C Operation Humidity 20% ~ 85% RH Storage Humidity 20% ~ 90% RH Distance between the 137.20mm centers of the holes (for wall-mounting) on the device’s back Screw size for wall- M4 tap mounting P-2612HW Series User’s Guide...
Page 446 Dynamic DNS With Dynamic DNS (Domain Name System) support, you can use Support a fixed URL, www.zyxel.com for example, with a dynamic IP address. You must register for this service with a Dynamic DNS service provider. P-2612HW Series User’s Guide...
Page 447 The ZyXEL Device VPN is based on the IPSec standard and is interoperable with other IPSec-based VPN products. The ZyXEL Device supports up to two simultaneous IPSec connections. Other PPPoE Features PPPoE idle time out PPPoE dial on demand P-2612HW Series User’s Guide...
Page 448 Auto-negotiating rate adaptation ADSL physical connection AAL5 (ATM Adaptation Layer type 5) Multi-protocol over AAL5 (RFC 2684/1483) PPP over ATM AAL5 (RFC 2364) PPP over Ethernet (RFC 2516) Multiple PPPoE VC-based and LLC-based multiplexing I.610 F4/F5 OAM P-2612HW Series User’s Guide...
Page 449 Note: To take full advantage of the supplementary phone services available through the ZyXEL Device's phone port, you may need to subscribe to the services from your VoIP service provider. Note: Not all features are supported by all service providers. Consult your service provider for more information. P-2612HW Series User’s Guide...
Page 450 You can then either reject the new incoming call, put your current call on hold and receive the new incoming call, or end the current call and receive the new incoming call. P-2612HW Series User’s Guide...
Page 451 Quality of Service (QoS) mechanisms help to provide better service Service) on a per-flow basis. Your device supports Type of Service (ToS) tagging and Differentiated Services (DiffServ) tagging. This allows the device to tag voice frames so they can be prioritized over the network. P-2612HW Series User’s Guide...
Page 452: Wireless Features
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security standard. Key differences between WPA and WEP are user authentication and improved data encryption. WPA2 WPA 2 is a wireless security standard that defines stronger encryption, authentication and key management than WPA. P-2612HW Series User’s Guide...
Page 453 The Point-to-Point Protocol (PPP) RFC 1723 RIP-2 (Routing Information Protocol) RFC 1901 SNMPv2c Simple Network Management Protocol version 2c RFC 2236 Internet Group Management Protocol, Version 2. RFC 2364 PPP over AAL5 (PPP over ATM over ADSL) P-2612HW Series User’s Guide...
Page 454: Power Adaptor Specifications
TR-069 DSL Forum Standard for CPE Wan Management. 1.363.5 Compliant AAL5 SAR (Segmentation And Re-assembly) Power Adaptor Specifications Table 169 Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model MT18-Y180100-A1 Input Power 120V~60Hz 0.5A P-2612HW Series User’s Guide...
Page 455 ZyXEL Device with the connection cables. Align the holes on the back of the ZyXEL Device with the screws on the wall. Hang the ZyXEL Device on the screws. Figure 263 Wall-mounting Example P-2612HW Series User’s Guide...
Page 456 Chapter 28 Product Specifications The following are dimensions of an M4 tap screw and masonry plug used for wall mounting. All measurements are in millimeters (mm). Figure 264 Masonry Plug and M4 Tap Screw P-2612HW Series User’s Guide...
Page 457: Appendices And Index
Appendices and Index Setting Up Your Computer’s IP Address (459) Pop-up Windows, JavaScripts and Java Permissions (485) IP Addresses and Subnetting (495) Wireless LANs (507) Common Services (531) Legal Information (535) Index (537)
Page 459: Appendix A Setting Up Your Computer's Ip Address
• Linux: Ubuntu 8 (GNOME) page 474 • Linux: openSUSE 10.3 (KDE) page 479 Windows XP/NT/2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT. P-2612HW Series User’s Guide...
Page 460 Appendix A Setting Up Your Computer’s IP Address Click Start > Control Panel. Figure 265 Windows XP: Start Menu In the Control Panel, click the Network Connections icon. Figure 266 Windows XP: Control Panel P-2612HW Series User’s Guide...
Page 461 Right-click Local Area Connection and then select Properties. Figure 267 Windows XP: Control Panel > Network Connections > Properties On the General tab, select Internet Protocol (TCP/IP) and then click Properties. Figure 268 Windows XP: Local Area Connection Properties P-2612HW Series User’s Guide...
Page 462 DNS server and an Alternate DNS server, if that information was provided. Click OK to close the Internet Protocol (TCP/IP) Properties window. Click OK to close the Local Area Connection Properties window. Verifying Settings Click Start > All Programs > Accessories > Command Prompt. P-2612HW Series User’s Guide...
Page 463: Windows Vista
Windows Vista This section shows screens from Windows Vista Professional. Click Start > Control Panel. Figure 270 Windows Vista: Start Menu In the Control Panel, click the Network and Internet icon. Figure 271 Windows Vista: Control Panel P-2612HW Series User’s Guide...
Page 464 Figure 273 Windows Vista: Network and Sharing Center Right-click Local Area Connection and then select Properties. Figure 274 Windows Vista: Network and Sharing Center Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue. P-2612HW Series User’s Guide...
Page 465 Appendix A Setting Up Your Computer’s IP Address Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties. Figure 275 Windows Vista: Local Area Connection Properties P-2612HW Series User’s Guide...
Page 466 DNS server and an Alternate DNS server, if that information was provided.Click Advanced. Click OK to close the Internet Protocol (TCP/IP) Properties window. 10 Click OK to close the Local Area Connection Properties window. Verifying Settings Click Start > All Programs > Accessories > Command Prompt. P-2612HW Series User’s Guide...
Page 467 Mac OS X: 10.3 and 10.4 The screens in this section are from Mac OS X 10.4 but can also apply to 10.3. Click Apple > System Preferences. Figure 277 Mac OS X 10.4: Apple Menu P-2612HW Series User’s Guide...
Page 468 In the System Preferences window, click the Network icon. Figure 278 Mac OS X 10.4: System Preferences When the Network preferences pane opens, select Built-in Ethernet from the network connection type list, and then click Configure. Figure 279 Mac OS X 10.4: Network Preferences P-2612HW Series User’s Guide...
Page 469 Figure 280 Mac OS X 10.4: Network Preferences > TCP/IP Tab. For statically assigned settings, do the following: • From the Configure IPv4 list, select Manually. • In the IP Address field, type your IP address. • In the Subnet Mask field, type your subnet mask. P-2612HW Series User’s Guide...
Page 470 Click Apply Now and close the window. Verifying Settings Check your TCP/IP properties by clicking Applications > Utilities > Network Utilities, and then selecting the appropriate Network Interface from the Info tab. Figure 282 Mac OS X 10.4: Network Utility P-2612HW Series User’s Guide...
Page 471 The screens in this section are from Mac OS X 10.5. Click Apple > System Preferences. Figure 283 Mac OS X 10.5: Apple Menu In System Preferences, click the Network icon. Figure 284 Mac OS X 10.5: Systems Preferences P-2612HW Series User’s Guide...
Page 472 From the Configure list, select Using DHCP for dynamically assigned settings. For statically assigned settings, do the following: • From the Configure list, select Manually. • In the IP Address field, enter your IP address. • In the Subnet Mask field, enter your subnet mask. P-2612HW Series User’s Guide...
Page 473 Appendix A Setting Up Your Computer’s IP Address • In the Router field, enter the IP address of your ZyXEL Device. Figure 286 Mac OS X 10.5: Network Preferences > Ethernet Click Apply and close the window. P-2612HW Series User’s Guide...
Page 474 The following screens use the default Ubuntu 8 installation. Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in GNOME: P-2612HW Series User’s Guide...
Page 475 When the Network Settings window opens, click Unlock to open the Authenticate window. (By default, the Unlock button is greyed out until clicked.) You cannot make changes to your configuration unless you first enter your admin password. Figure 289 Ubuntu 8: Network Settings > Connections P-2612HW Series User’s Guide...
Page 476 In the Authenticate window, enter your admin account name and password then click the Authenticate button. Figure 290 Ubuntu 8: Administrator Account Authentication In the Network Settings window, select the connection that you want to configure, then click Properties. Figure 291 Ubuntu 8: Network Settings > Connections P-2612HW Series User’s Guide...
Page 477 • In the Configuration list, select Static IP address if you have a static IP address. Fill in the IP address, Subnet mask, and Gateway address fields. Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen. P-2612HW Series User’s Guide...
Page 478 Figure 293 Ubuntu 8: Network Settings > DNS Click the Close button to apply the changes. Verifying Settings Check your TCP/IP properties by clicking System > Administration > Network Tools, and then selecting the appropriate Network device from the Devices P-2612HW Series User’s Guide...
Page 479 The following screens use the default openSUSE 10.3 installation. Note: Make sure you are logged in as the root administrator. Follow the steps below to configure your computer IP address in the KDE: P-2612HW Series User’s Guide...
Page 480 Click K Menu > Computer > Administrator Settings (YaST). Figure 295 openSUSE 10.3: K Menu > Computer Menu When the Run as Root - KDE su dialog opens, enter the admin password and click OK. Figure 296 openSUSE 10.3: K Menu > Computer Menu P-2612HW Series User’s Guide...
Page 481 Figure 297 openSUSE 10.3: YaST Control Center When the Network Settings window opens, click the Overview tab, select the appropriate connection Name from the list, and then click the Configure button. Figure 298 openSUSE 10.3: Network Settings P-2612HW Series User’s Guide...
Page 482 Select Dynamic Address (DHCP) if you have a dynamic IP address. Select Statically assigned IP Address if you have a static IP address. Fill in the IP address, Subnet mask, and Hostname fields. Click Next to save the changes and close the Network Card Setup window. P-2612HW Series User’s Guide...
Page 483 If you know your DNS server IP address(es), click the Hostname/DNS tab in Network Settings and then enter the DNS server information in the fields provided. Figure 300 openSUSE 10.3: Network Settings Click Finish to save your settings and close the window. P-2612HW Series User’s Guide...
Page 484 From the Options sub-menu, select Show Connection Information. Figure 301 openSUSE 10.3: KNetwork Manager When the Connection Status - KNetwork Manager window opens, click the Statistics tab to see if your connection is working properly. Figure 302 openSUSE: Connection Status - KNetwork Manager P-2612HW Series User’s Guide...
Page 485: Appendix B Pop-Up Windows, Javascripts And Java Permissions
In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 303 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. P-2612HW Series User’s Guide...
Page 486 Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. In Internet Explorer, select Tools, Internet Options and then the Privacy tab. P-2612HW Series User’s Guide...
Page 487 Select Settings…to open the Pop-up Blocker Settings screen. Figure 305 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. P-2612HW Series User’s Guide...
Page 488 Figure 306 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. P-2612HW Series User’s Guide...
Page 489 Figure 307 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default). P-2612HW Series User’s Guide...
Page 490: Java Permissions
Figure 308 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. P-2612HW Series User’s Guide...
Page 491 Click OK to close the window. Figure 309 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. P-2612HW Series User’s Guide...
Page 492 Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears. Figure 311 Mozilla Firefox: Tools > Options P-2612HW Series User’s Guide...
Page 493 Appendix B Pop-up Windows, JavaScripts and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 312 Mozilla Firefox Content Security P-2612HW Series User’s Guide...
Page 494 Appendix B Pop-up Windows, JavaScripts and Java Permissions P-2612HW Series User’s Guide...
Page 495: Appendix C Ip Addresses And Subnetting
192.168.1.1). Each of these four parts is known as an octet. An octet is an eight-digit binary number (for example 11000000, which is 192 in decimal notation). Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. P-2612HW Series User’s Guide...
Page 496: Subnet Masks
Table 170 IP Address Network Number and Host ID Example OCTET: OCTET: OCTET: OCTET (192) (168) IP Address (Binary) 11000000 10101000 00000001 00000010 Subnet Mask (Binary) 11111111 11111111 11111111 00000000 Network Number 11000000 10101000 00000001 Host ID 00000010 P-2612HW Series User’s Guide...
Page 497 SUBNET MASK HOST ID SIZE HOSTS 8 bits 255.0.0.0 24 bits – 2 16777214 16 bits 255.255.0.0 16 bits – 2 65534 24 bits 255.255.255.0 8 bits – 2 29 bits 255.255.255.248 3 bits – 2 P-2612HW Series User’s Guide...
Page 498 In this example, the company network address is 192.168.1.0. The first three octets of the address (192.168.1) are the network number, and the remaining octet is the host ID, allowing a maximum of 2 – 2 or 254 possible hosts. P-2612HW Series User’s Guide...
Page 499 You can “borrow” one of the host ID bits to divide the network 192.168.1.0 into two separate sub-networks. The subnet mask is now 25 bits (255.255.255.128 or /25). The “borrowed” host ID bit can have a value of either 0 or 1, allowing two subnets; 192.168.1.0 /25 and 192.168.1.128 /25. P-2612HW Series User’s Guide...
Page 500 Similarly, to divide a 24-bit address into four subnets, you need to “borrow” two host ID bits to give four possible combinations (00, 01, 10 and 11). The subnet mask is 26 bits (11111111.11111111.11111111.11000000) or 255.255.255.192. P-2612HW Series User’s Guide...
Page 501 Table 177 Subnet 4 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE IP Address 192.168.1. IP Address (Binary) 11000000.10101000.00000001. 11000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: Lowest Host ID: 192.168.1.193 192.168.1.192 Broadcast Address: Highest Host ID: 192.168.1.254 192.168.1.255 P-2612HW Series User’s Guide...
Page 502 The following table is a summary for subnet planning on a network with a 16-bit network number. Table 180 16-bit Network Number Subnet Planning NO. “BORROWED” NO. HOSTS PER SUBNET MASK NO. SUBNETS HOST BITS SUBNET 255.255.128.0 (/17) 32766 255.255.192.0 (/18) 16382 P-2612HW Series User’s Guide...
Page 503 ZyXEL Device will compute the subnet mask automatically based on the IP address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise. P-2612HW Series User’s Guide...
Page 504 A has a static (or fixed) IP address that is the same as the IP address that a DHCP server assigns to computer B which is a DHCP client. Neither can access the Internet. This problem can be solved by assigning a different static IP P-2612HW Series User’s Guide...
Page 505 Conflicting Computer and Router IP Addresses Example More than one device can not use the same IP address. In the following example, the computer and the router’s LAN port both use 192.168.1.1 as the IP address. P-2612HW Series User’s Guide...
Page 506 Appendix C IP Addresses and Subnetting The computer cannot access the Internet. This problem can be solved by assigning a different IP address to the computer or the router’s LAN port. Figure 318 Conflicting Computer and Router IP Addresses Example P-2612HW Series User’s Guide...
Page 507: Appendix D Wireless Lans
(AP). Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate P-2612HW Series User’s Guide...
Page 508 This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN. The Access Points not only provide communication with the wired network but also mediate wireless network traffic in the immediate neighborhood. P-2612HW Series User’s Guide...
Page 509 A hidden node occurs when two stations are within range of the same access point, but are not within range of each other. The following figure illustrates a hidden node. Both stations (STA) are within range of the access point (AP) or P-2612HW Series User’s Guide...
Page 510 RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. Note: Enabling the RTS Threshold causes redundant network overhead that could negatively affect the throughput performance instead of providing a remedy. P-2612HW Series User’s Guide...
Page 511: Fragmentation Threshold
IEEE 802.11g is fully compatible with the IEEE 802.11b standard. This means an IEEE 802.11b adapter can interface directly with an IEEE 802.11g access point (and vice versa) at 11 Mbps or lower depending on range. IEEE 802.11g has P-2612HW Series User’s Guide...
Page 512 IEEE802.1x EAP with RADIUS Server Authentication Wi-Fi Protected Access (WPA) WPA2 Most Secure Note: You must enable the same wireless security settings on the ZyXEL Device and on all wireless clients that you want to associate with it. P-2612HW Series User’s Guide...
Page 513 The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user authentication: • Access-Request Sent by an access point requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access. P-2612HW Series User’s Guide...
Page 514 The wireless client ‘proves’ that it knows the password by encrypting the password with the challenge and sends back the information. Password is not sent in plain text. P-2612HW Series User’s Guide...
Page 515 However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. P-2612HW Series User’s Guide...
Page 516: Dynamic Wep Key Exchange
RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that only requires a single (identical) password entered into each access point, wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. P-2612HW Series User’s Guide...
Page 517 The common-password approach makes WPA(2)-PSK susceptible to brute-force password-guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption P-2612HW Series User’s Guide...
Page 518 The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly. A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and the client. P-2612HW Series User’s Guide...
Page 519 The AP checks each wireless client's password and allows it to join the network only if the password matches. The AP and wireless clients generate a common PMK (Pairwise Master Key). The key itself is not sent over the network, but is derived from the PSK and the SSID. P-2612HW Series User’s Guide...
Page 520: Security Parameters Summary
Enable without Dynamic WEP Open Enable with Dynamic WEP Key Enable without Dynamic WEP Disable Shared Enable with Dynamic WEP Key Enable without Dynamic WEP Disable TKIP/AES Enable WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable P-2612HW Series User’s Guide...
Page 521: Antenna Characteristics
Types of Antennas for WLAN There are two types of antennas used for wireless LAN applications. P-2612HW Series User’s Guide...
Page 522 Number that allows one device to authenticate the other) in each of the two devices. When WPS is activated on a device, it has two minutes to find another device that also has WPS activated. Then, the two devices connect and set up a secure network by themselves. P-2612HW Series User’s Guide...
Page 523 WPS in the area. However, you need to log into the configuration interfaces of both devices. Take the following steps to set up WPS using the PIN method. P-2612HW Series User’s Guide...
Page 524 On a computer connected to the wireless client, try to connect to the Internet. If you can connect, WPS was successful. If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. P-2612HW Series User’s Guide...
Page 525 Authentication Protocol) tunnel and sends the network name (SSID) and the WPA- PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2-PSK is used depends on the standards supported by the devices. If the registrar is P-2612HW Series User’s Guide...
Page 526 WPS, it becomes “configured”. A configured wireless client can still act as enrollee or registrar in subsequent WPS connections, but a configured access point can no longer act as enrollee. It will be the registrar in all P-2612HW Series User’s Guide...
Page 527 In this case, AP1 must be the registrar, since it is configured (it already has security information for the network). AP1 supplies the existing security information to Client 2. Figure 328 WPS: Example Network Step 2 REGISTRAR EXISTING CONNECTION CLIENT 1 ENROLLEE CLIENT 2 P-2612HW Series User’s Guide...
Page 528 (if the device supports this feature). Then, you can enter the key into the non-WPS device and join the network as normal (the non-WPS device must also support WPA-PSK or WPA2-PSK). P-2612HW Series User’s Guide...
Page 529 Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. P-2612HW Series User’s Guide...
Page 530 Appendix D Wireless LANs P-2612HW Series User’s Guide...
Page 531: Appendix E Common Services
Border Gateway Protocol. BOOTP_CLIENT DHCP Client. BOOTP_SERVER DHCP Server. CU-SEEME 7648 A popular videoconferencing solution from White Pines Software. 24032 TCP/UDP Domain Name Server, a service that matches web names (for example www.zyxel.com) to IP numbers. P-2612HW Series User’s Guide...
Page 532 ICMP echo requests to test whether or not a remote host is reachable. POP3 Post Office Protocol version 3 lets a client computer get e-mail from a POP3 server through a temporary connection (TCP/IP or other). P-2612HW Series User’s Guide...
Page 533 System). TELNET Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems. P-2612HW Series User’s Guide...
Page 534 NAME PROTOCOL PORT(S) DESCRIPTION TFTP Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). VDOLIVE 7000 Another videoconferencing solution. P-2612HW Series User’s Guide...
Page 535: Appendix F Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein.
Page 536: Zyxel Limited Warranty
Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-2612HW Series User’s Guide...
Page 537: Index
Address Resolution Protocol (ARP) backup type ADSL2 bandwidth management Advanced Encryption Standard, see AES Basic Service Set, see BSS 155, 517 blinking LEDs bridge mode alerts firewalls BYE request 178, 452 algorithms alternative subnet mask notation antenna directional P-2612HW Series User’s Guide...
Page 538 Class of Service adding/editing Class of Service, see CoS and certificates client-server protocol disclaimer codecs comfort noise generation 195, 451 122, 130, 365 command interface DNS Server configuration file for VPN host P-2612HW Series User’s Guide...
Page 539 RFC 1483 thresholds encryption triangle route 235, 247 solutions firmware auto upgrade Europe type call service mode 217, 223 upload Extended Service Set, see ESS upload error external accounting server version external antenna flash key 217, 223 P-2612HW Series User’s Guide...
Page 540 PPPoA or PPPoE IANA 132, 504 RFC 1483 IBSS IP alias 128, 448 ICMP IP multicasting ID type and content IP pool 124, 130 idle timeout 145, 147 IPSec IEEE 802.11b algorithms IEEE 802.11g 148, 511 architecture P-2612HW Series User’s Guide...
Page 541 MAC filter traversal 279, 369 tutorial Management Information Base, see MIB 66, 83 what it does management VLAN negotiation mode managing the device NetBIOS command interface good habits Network Address Translation, see NAT P-2612HW Series User’s Guide...
Page 542 Point-to-Point Protocol over Ethernet, see re-authentication timer 145, 147 PPPoE region ports registration, product power adaptor reinitialize ADSL line power specifications related documentation PPP (Point-to-Point Protocol) Link Layer remote hosts, and certificates Protocol remote management PPP over ATM AAL5 limitations P-2612HW Series User’s Guide...
Page 543 SNMP safety warnings 362, 449 manager scan MIBs schedules speed dial 200, 221 content filtering firewalls scheduling wireless LAN SSID 141, 149, 150 stateful inspection 105, 111, 117 static DHCP seamless rate adaptation static IP address P-2612HW Series User’s Guide...
Page 544 Virtual Local Area Network, see VLAN traffic redirect 113, 119 Virtual Path Identifier, see VPI traffic shaping Virtual Private Network, see VPN transparent bridging VLAN 216, 325 transport mode 802.1P priority 325, 336 triangle route activation 235, 247 solutions P-2612HW Series User’s Guide...
Page 545 145, 147 RTS/CTS threshold scheduling security parameters Web Configurator see also wireless. 50, 143, 452 TKIP Wi-Fi Protected Access, see WPA Windows Networking Wired Equivalent Privacy, see WEP WPA-PSK wireless 146, 452, 516 client configuration P-2612HW Series User’s Guide...
Page 546 WPA2-PSK wireless client supplicant with RADIUS application example WPA2-Pre-Shared Key, see WPA2-PSK WPA2-PSK 516, 517 application example WPA-PSK 49, 144, 517 application example ZyNOS F/W version firmware version ZyXEL Network Operating System, see ZyNOS P-2612HW Series User’s Guide...
Page 547 Index P-2612HW Series User’s Guide...

This manual is also suitable for:

P-2612hw-f1

ZyXEL Communications P-2612HW Series User Manual

About this User's Guide

Document Conventions

Safety Warnings

Contents Overview

Table of Contents

Introduction

PART I Introduction

Chapter 1 Introducing the Zyxel Device

Chapter 2 Introducing the Web Configurator

Chapter 3 Wizards

Chapter 4 Tutorial

Advanced

Part II: Advanced

Chapter 5 Status Screens

Chapter 6 WAN Setup

Chapter 7 LAN Setup

Chapter 8 Wireless LAN

Chapter 9 Network Address Translation (NAT)

Chapter 10 Voice

Chapter 11 Phone Usage

Chapter 12 Firewall

Chapter 13 Content Filtering

Chapter 14 VPN

Chapter 15 Certificates

Chapter 16 Static Route

Chapter 17 Q/1P

Chapter 18 Quality of Service (Qos)

Chapter 19 Dynamic DNS Setup

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications P-2612HW Series

Summary of Contents for ZyXEL Communications P-2612HW Series