Every effort has been made to ensure that the information in this manual is accurate. Related Documentation • Quick Start Guide The Quick Start Guide shows how to connect the managed device • More Information Go to support.zyxel.com to find other information on the XMG XMG3512-B10A User’s Guide...
Quick Start ............................31 3.1 Overview ............................31 3.2 Quick Start Setup ..........................31 Chapter 4 Tutorials ...............................34 4.1 Overview ............................34 4.2 Setting Up an ADSL PPPoE Connection ..................34 4.3 Setting Up a Secure Wireless Network ..................37 XMG3512-B10A User’s Guide...
Page 6
6.6 Technical Reference ........................78 Chapter 7 Wireless ...............................84 7.1 Overview ............................84 7.1.1 What You Can Do in this Chapter ..................84 7.1.2 What You Need to Know ..................... 84 7.2 The General Screen ........................85 XMG3512-B10A User’s Guide...
Page 7
8.9 Technical Reference ........................123 8.9.1 LANs, WANs and the XMG ....................123 8.9.2 DHCP Setup ......................... 124 8.9.3 DNS Server Addresses ......................124 Chapter 9 Routing ..............................125 9.1 Overview ............................125 9.2 The Routing Screen ........................125 XMG3512-B10A User’s Guide...
Page 8
11.6 The ALG Screen .......................... 159 11.7 The Address Mapping Screen ....................159 11.7.1 Add/Edit Address Mapping Rule ..................160 11.8 The Sessions Screen ........................161 11.9 Technical Reference ........................162 11.9.1 NAT Definitions ........................162 11.9.2 What NAT Does ......................... 162 XMG3512-B10A User’s Guide...
Page 9
15.3 The Media Server Screen ......................180 Chapter 16 Firewall ..............................182 16.1 Overview ............................. 182 16.1.1 What You Can Do in this Chapter ................... 182 16.1.2 What You Need to Know ....................183 16.2 The Firewall Screen ........................183 XMG3512-B10A User’s Guide...
Page 10
Log ..............................204 21.1 Overview ............................. 204 21.1.1 What You Can Do in this Chapter ................... 204 21.1.2 What You Need To Know ....................204 21.2 The System Log Screen ......................205 21.3 The Security Log Screen ......................205 XMG3512-B10A User’s Guide...
Page 11
27.2 The System Screen ........................218 Chapter 28 User Account............................219 28.1 Overview ............................ 219 28.2 The User Account Screen ......................219 28.2.1 The User Account Add/Edit Screen ................219 Chapter 29 Remote Management ........................221 29.1 Overview ............................. 221 XMG3512-B10A User’s Guide...
Page 12
35.3 The Reboot Screen ........................237 Chapter 36 Diagnostic............................238 36.1 Overview ............................. 238 36.1.1 What You Can Do in this Chapter ................... 238 36.2 What You Need to Know ......................238 36.3 Ping & TraceRoute & NsLookup ....................239 XMG3512-B10A User’s Guide...
Page 13
37.5 USB Device Connection ......................248 37.6 UPnP ............................. 248 Part III: Appendices ..................249 Appendix A Customer Support ..................... 250 Appendix B Wireless LANs....................... 256 Appendix C Services........................269 Appendix D Legal Information ...................... 273 Index ..............................282 XMG3512-B10A User’s Guide...
XMG to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the XMG. You could simply restore your last configuration. 1.4 Applications for the XMG Here are some example uses for which the XMG is well suited. XMG3512-B10A User’s Guide...
> Ethernet WAN screen and then connect the LAN port to the broadband modem or router. This way, you can access the Internet via an Ethernet connection and still use the QoS, Firewall and parental control functions on the XMG. XMG3512-B10A User’s Guide...
Use the built-in USB 2.0 port to share files on a USB memory stick or a USB hard drive (B). You can connect one USB hard drive to the XMG at a time. Use FTP to access the files on the USB device. XMG3512-B10A User’s Guide...
USB device (B) connected to the XMG’s USB port (without having to copy them to another computer). Figure 5 USB Media Server Application 1.5 LEDs (Lights) The following graphic displays the labels of the LEDs. XMG3512-B10A User’s Guide...
Page 19
The DSL line is down. Green The XMG has a successful connection on the WAN. Blinking The XMG is sending or receiving data to/from the WAN. The XMG does not detect a SFP connection to the WAN. XMG3512-B10A User’s Guide...
Page 20
Section 7.5 on page 93 The 5 GHz wireless network is not activated. Amber The 2.4 Ghz or 5 GHz wireless network and WPS are enabled. Both 2.4 Ghz or 5 GHz wireless network and WPS are disabled. XMG3512-B10A User’s Guide...
Press the WPS button on another WPS-enabled device within range of the XMG. The WiFi LED flashes orange while the XMG sets up a WPS connection with the other wireless device. Once the connection is successfully made, the WPS LED shines green. XMG3512-B10A User’s Guide...
Make sure the screws are fastened well enough to hold the weight of the XMG with the connection cables. Align the holes on the back of the XMG with the screws on the wall. Hang the XMG on the screws. XMG3512-B10A User’s Guide...
Page 23
Chapter 1 Introducing the XMG Figure 8 Wall Mounting Example XMG3512-B10A User’s Guide...
1234 in the password screen and click Login. If you have changed the password, enter your password and click Login. Figure 9 The following screen displays if you have not yet changed your password. Enter a new password, retype it to confirm and click Apply. XMG3512-B10A User’s Guide...
Page 25
After you finished or closed the Quick Start Wizard screen, the Network Map page appears. Figure 11 Click Status to display the Status screen, where you can view the XMG’s interface and system information. XMG3512-B10A User’s Guide...
2.2.1 Title Bar The title bar provides some icons in the upper right corner. The icons provide the following functions. Table 3 Web Configurator Icons in the Title Bar ICON DESCRIPTION Language: Select the language you prefer. XMG3512-B10A User’s Guide...
STB devices when they request IP addresses. Wake on LAN Use this screen to remotely turn on a device on the local network. TFTP Server Name Configure a TFTP server name which is sent to clients using DHCP option XMG3512-B10A User’s Guide...
Page 28
(such as parental control) is enforced. Certificates Local Certificates Use this screen to view a summary list of certificates and manage certificates and certification requests. Trusted CA Use this screen to view and manage the list of the trusted CAs. XMG3512-B10A User’s Guide...
Page 29
Use this screen to configure up to two mail servers and sender addresses Notification Notification on the XMG. Log Setting Log Setting Use this screen to change your XMG’s log settings. Firmware Firmware Use this screen to upload firmware to your XMG. Upgrade Upgrade XMG3512-B10A User’s Guide...
Page 30
Use this screen to configure CFM (Connectivity Fault Management) MD (maintenance domain) and MA (maintenance association), perform connectivity tests and view test reports. OAM Ping Use this screen to view information to help you identify problems with the DSL connection. XMG3512-B10A User’s Guide...
Select the time zone of your location. Click Next. Figure 13 Quick Start - Welcome Enter your Internet connection information in this screen. The screen and fields to enter may vary depending on your current connection type. Click Next. XMG3512-B10A User’s Guide...
Page 32
Turn the wireless LAN on or off. If you keep it on, record the security settings so you can configure your wireless clients to connect to the XMG. Click Save. Figure 15 Quick Start - Wireless Setting Your XMG saves your settings and attempts to connect to the Internet. Click Close to complete the setup. XMG3512-B10A User’s Guide...
Click Network Setting > Broadband to open the following screen. Click Add New WAN Interface. In this example, the DSL connection has the following information. General Name MyDSLConnection Type ADSL over ATM Connection Mode Routing Encapsulation PPPoE XMG3512-B10A User’s Guide...
Page 35
Then select DNS as Static and enter the DNS server addresses provided to you, such as 192.168.5.2 (DNS server1)/192.168.5.1 (DNS server2). Leave the rest of the fields to the default settings. Click Apply to save your settings. XMG3512-B10A User’s Guide...
Page 36
You should see a summary of your new DSL connection setup in the Broadband screen as follows. Try to connect to a website to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens. XMG3512-B10A User’s Guide...
802.11b/g/n Mixed Click Network Setting > Wireless to open the General screen. Select More Secure as the security level and WPA2-PSK as the security mode. Configure the screen using the provided parameters (see page 37). Click Apply. XMG3512-B10A User’s Guide...
Page 38
Thomas can now use the WPS feature to establish a wireless connection between his notebook and the XMG (see Section 4.3.2 on page 39). He can also use the notebook’s wireless client to search for the XMG (see Section 4.3.3 on page 42). XMG3512-B10A User’s Guide...
Both buttons have exactly the same function: you can use one or the other. Note: It doesn’t matter which button is pressed first. You must press the second button within two minutes of pressing the first one. XMG3512-B10A User’s Guide...
Page 40
Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number. Log into XMG’s web configurator and go to the Network Setting > Wireless > WPS screen. Enable the WPS function and click Apply. XMG3512-B10A User’s Guide...
Page 41
This may take up to two minutes. The wireless client is then able to communicate with the XMG securely. The following figure shows you how to set up a wireless network and its security on a XMG and a wireless client by using PIN method. XMG3512-B10A User’s Guide...
Use the wireless adapter’s utility installed on the notebook to search for the “Example” SSID. Then enter the “DoNotStealMyWirelessNetwork” pre-shared key to establish an wireless Internet connection. Note: The XMG supports IEEE 802.11b and IEEE 802.11g wireless clients. Make sure that your notebook or computer’s wireless adapter supports one of these standards. XMG3512-B10A User’s Guide...
Pre-Shared Key ForCompanyOnly 123456789 guest123 Click Network Setting > Wireless to open the General screen. Use this screen to set up the company’s general wireless network group. Configure the screen using the provided parameters and click Apply. XMG3512-B10A User’s Guide...
Page 44
Chapter 4 Tutorials Click Network Setting > Wireless > Guest/More AP to open the following screen. Click the Edit icon to configure the second wireless network group. Configure the screen using the provided parameters and click OK. XMG3512-B10A User’s Guide...
Page 45
Chapter 4 Tutorials In the Guest/More AP screen, click the Edit icon to configure the third wireless network group.Configure the screen using the provided parameters and click Apply. XMG3512-B10A User’s Guide...
In order to extend your Intranet and control traffic flowing directions, you may connect a router to the XMG’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings. XMG3512-B10A User’s Guide...
Page 47
This tutorial uses the following example IP settings: Table 5 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS The XMG’s WAN 172.16.1.1 The XMG’s LAN 192.168.1.1 IP Type IPv4 Use Interface VDSL/ppp1.1 192.168.1.34 R’s N1 192.168.1.253 XMG3512-B10A User’s Guide...
Now B should be able to receive traffic from A. You may need to additionally configure B’s firewall settings to allow specific traffic to pass through. 4.6 Configuring QoS Queue and Class Setup This section contains tutorials on how you can configure the QoS screen. XMG3512-B10A User’s Guide...
Page 49
10,000 kbps (or leave this blank to have the XMG automatically determine this figure). Click Apply. Tutorial: Advanced > QoS Click Queue Setup > Add new Queue to create a new queue. In the screen that opens, check Active and enter or select the following values: • Name: E-mail • Interface: WAN XMG3512-B10A User’s Guide...
Page 50
• Weight: 8 • Rate Limit: 5,000 (kbps) Tutorial: Advanced > QoS > Queue Setup Click Classification Setup > Add new Classification to create a new class. Check Active and follow the settings as shown in the screen below. XMG3512-B10A User’s Guide...
Page 51
This maps e-mail traffic coming from port 25 to the highest priority, which you have created in the previous screen (see the IP Protocol field). This also maps your computer’s IP address and MAC address to the E-mail queue (see the Source fields). XMG3512-B10A User’s Guide...
XMG’s Web Configurator Status page. Then you will need to configure the same account and host name on the XMG later. 4.7.2 Configuring DDNS on Your XMG Configure the following settings in the Network Setting > DNS > Dynamic DNS screen. XMG3512-B10A User’s Guide...
Josephine’s computer connects wirelessly to the Internet through the XMG. Thomas decides to use the Security > MAC Filter screen to grant wireless network access to his computer but not to Josephine’s computer. XMG3512-B10A User’s Guide...
Josephine and others not listed in this screen will no longer be able to access the Internet through the XMG. 4.9 Access Your Shared Files From a Computer Here is how to use an FTP program to access a file storage device connected to the XMG’s USB port. XMG3512-B10A User’s Guide...
Page 55
In FileZilla enter the IP address of the XMG (the default is 192.168.1.1), your account’s user name and password and port 21 and click Quickconnect. A screen asking for password authentication appears. File Sharing via Windows Explorer Once you log in the USB device displays in the folder. XMG3512-B10A User’s Guide...
You can use the Status screen to look at the current status of the XMG, system resources, and interfaces (LAN, WAN, and WLAN). 5.2 The Network Map Screen Use this screen to view the network connection status of the device and its clients. A warning message appears if there is a connection problem. XMG3512-B10A User’s Guide...
If you prefer to view the status in a list, click List View in the Viewing mode selection box. You can configure how often you want the XMG to update this screen in Refresh interval. Figure 18 XMG3512-B10A User’s Guide...
This field displays the current subnet mask in the WAN. MAC Address This shows the WAN Ethernet adapter MAC (Media Access Control) Address of your XMG. Primary DNS This field displays the first DNS server address assigned by the ISP. server XMG3512-B10A User’s Guide...
Page 60
If memory usage does get close to 100%, the XMG is probably becoming unstable, and you should restart the device. See Section 35.2 on page 235, or turn off the device (unplug the power) for a few seconds. XMG3512-B10A User’s Guide...
Page 61
For the Ethernet WAN and LAN interfaces, this displays the port speed and duplex setting. For the DSL interface, it displays the downstream and upstream transmission rate. For the WLAN interface, it displays the maximum transmission rate or N/A with WLAN disabled. XMG3512-B10A User’s Guide...
CONNECTION DSL LINK TYPE MODE ENCAPSULATION CONNECTION SETTINGS ADSL/VDSL over Routing PPPoE PPP information, IPv4/IPv6 IP address, routing feature, DNS server, VLAN, and MTU IPoE IPv4/IPv6 IP address, routing feature, DNS server, VLAN, and MTU Bridge VLAN XMG3512-B10A User’s Guide...
IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 IP addresses. The XMG can use IPv4/IPv6 dual stack to connect to IPv4 and IPv6 networks, and supports IPv6 rapid deployment (6RD). XMG3512-B10A User’s Guide...
Page 64
Border Relay router (BR in the figure) to connect to the native IPv6 Internet. The local network can also use IPv4 services. The XMG uses it’s configured IPv4 WAN IP to route IPv4 traffic to the IPv4 Internet. XMG3512-B10A User’s Guide...
ISP (IPv6) IPv6 Internet IPv6 IPv6 IPv4 IPv4 in IPv6 AFTR IPv4 Internet 6.1.3 Before You Begin You need to know your Internet access settings such as encapsulation and WAN IP address. Get this information from your ISP. XMG3512-B10A User’s Guide...
Click Add New WAN Interface in the Broadband screen or the Edit icon next to an existing WAN interface to configure a WAN connection. The screen varies depending on the interface type, mode, encapsulation, and IPv6/IPv4 mode you select. XMG3512-B10A User’s Guide...
Figure 24 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) The following table describes the labels in this screen. Table 9 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) LABEL DESCRIPTION General Name Specify a descriptive name for this connection. XMG3512-B10A User’s Guide...
Page 68
(IAD) you want the XMG to add in the DHCP Discovery packets that go to the DHCP server. DHCP This field displays when editing an existing WAN interface. Type the DHCP Unique Identifier (DUID) option 61 you want the XMG to add in the DHCP Discovery packets that go to the DHCP server. DUID XMG3512-B10A User’s Guide...
Page 69
This is available only when you select IPv6 Only in the IPv4/IPv6 Mode field. Select Enable to let local computers use IPv4 through an ISP’s IPv6 network. DS-Lite Relay Specify the transition router’s IPv6 address. Server IP XMG3512-B10A User’s Guide...
Page 70
XMG to get subscription information and maintain a joined member list for each multicast group. It can reduce multicast traffic significantly. Apply as Default Select this option to have the XMG use the WAN interface of this connection as the system Gateway default gateway. XMG3512-B10A User’s Guide...
If you select ADSL/VDSL over PTM or Ethernet as the interface type, the following screen appears. Figure 25 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL/VDSL over PTM -Bridge Mode) XMG3512-B10A User’s Guide...
Page 72
Figure 26 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL over ATM-Bridge Mode) The following table describes the fields in this screen. Table 11 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL over ATM-Bridge Mode) LABEL DESCRIPTION General Name Enter a service name of the connection. XMG3512-B10A User’s Guide...
Rate Adaptation) functions. The XMG supports the PhyR retransmission scheme. PhyR is a retransmission scheme designed to provide protection against noise on the DSL line. It improves voice, video and data transmission resilience by utilizing a retransmission buffer. XMG3512-B10A User’s Guide...
Page 75
ADSL2+. It has a long reach performance, and unlike VDSL systems it is not limited to short local loops. VDSL Profile VDSL2 profiles differ in the width of the frequency band used to transmit the broadband signal. Profiles that use a wider frequency band can deliver higher maximum speeds. XMG3512-B10A User’s Guide...
Select Enable to convert the fourth Ethernet LAN port to the Ethernet WAN port. Otherwise, select Disable. Apply Click Apply to save your changes back to the XMG. Cancel Click Cancel to return to the previous configuration. XMG3512-B10A User’s Guide...
This shows the certificate used for this authentication. This displays N/A when there is no certificate assigned. Trusted CA This shows the Trusted CA used for this authentication. This displays N/A when there is no Trusted CA assigned. Modify Click this icon to edit an item. XMG3512-B10A User’s Guide...
The following section contains additional technical information about the XMG features described in this chapter. Encapsulation Be sure to use the encapsulation method required by your ISP. The XMG can work in bridge mode or routing mode. When the XMG is in routing mode, it supports the following methods. XMG3512-B10A User’s Guide...
In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for example, VC1 carries IP, etc. VC-based multiplexing may be dominant in environments where dynamic creation of large numbers of ATM VCs is fast and economical. XMG3512-B10A User’s Guide...
These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent. CBR traffic is generally time-sensitive (doesn't tolerate delay). CBR is used for connections that XMG3512-B10A User’s Guide...
VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain. XMG3512-B10A User’s Guide...
The XMG can get the DNS server addresses in the following ways. The ISP tells you the DNS server addresses, usually in the form of an information sheet, when you sign up. If your ISP gives you DNS server addresses, manually enter them in the DNS server fields. XMG3512-B10A User’s Guide...
Page 83
(start from the left) in the address compose the network address. The prefix length is written as “/x” where x is a number. For example, 2001:db8:1a2b:15::1a2f:0/32 means that the first 32 bits (2001:db8) is the subnet prefix. XMG3512-B10A User’s Guide...
Apply to confirm. You must then change the wireless settings of your computer to match the XMG’s new settings. Click Network Setting > Wireless to open the General screen. Figure 32 Network Setting > Wireless > General XMG3512-B10A User’s Guide...
Page 86
Or you can select No Security to allow any client to associate this network without any data encryption or authentication. See the following sections for more details about this field. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. XMG3512-B10A User’s Guide...
Note: WEP is not available when you set the wireless band to 5GHz. In order to configure and enable WEP encryption, click Network Setting > Wireless to display the General screen, then select Basic as the security level. XMG3512-B10A User’s Guide...
WPA2-PSK. The WPA2-PSK security mode is a newer, more robust version of the WPA encryption standard. It offers slightly better security, although the use of PSK makes it less robust than it could be. Note: WPA-PSK is not available if you enable WPS before you configure them. XMG3512-B10A User’s Guide...
Update Timer all clients. 7.3 The Guest/More AP Screen This screen allows you to enable and configure multiple Basic Service Sets (BSSs) on the XMG. Click Network Setting > Wireless > Guest/More AP. The following screen displays. XMG3512-B10A User’s Guide...
Click the Edit icon to configure the SSID profile. 7.3.1 Edit Guest/More AP Use this screen to edit an SSID profile. Click the Edit icon next to an SSID in the Guest/More AP screen. The following screen displays. XMG3512-B10A User’s Guide...
Page 91
Select this to create Guest WLANs for home and external clients. Select the WLAN type in the Access Scenario field. Access Scenario If you select Home Guest, clients connecting to the same SSID can communicate with each other directly. If you select External Guest, clients are blocked from connecting to each other directly. XMG3512-B10A User’s Guide...
MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02. You need to know the MAC addresses of the devices to configure this screen. XMG3512-B10A User’s Guide...
WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices. Both devices must support WPS. See Section 7.9.8.3 on page 106 for more information about WPS. XMG3512-B10A User’s Guide...
Page 94
PIN to the XMG. Method 3 Use this section to set up a WPS wireless network by entering the PIN of the XMG into the client. Select Enable and click Apply to activate WPS method 3 on the XMG. XMG3512-B10A User’s Guide...
The XMG wakes up periodically to check for incoming data. Note: This works only if the wireless device to which the XMG is connected also supports this feature. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. XMG3512-B10A User’s Guide...
Delivery Traffic Indication Message (DTIM) is the time period after which broadcast and multicast packets are transmitted to mobile clients in the Power Saving mode. A high DTIM value can cause clients to lose connectivity with the network. This value can be set from 1 to 255. XMG3512-B10A User’s Guide...
Note: The Scan button only works when the XMG uses 20MHz for the wireless channel width. You can go to the General screen, click the more link, and Network Setting > Wireless > then change the channel width setting in the Bandwidth field. XMG3512-B10A User’s Guide...
• An “infrastructure” type of network has one or more access points and one or more wireless clients. The wireless clients connect to the access points. • An “ad-hoc” type of network is one in which there is no access point. Wireless clients connect to one another in order to exchange information. XMG3512-B10A User’s Guide...
Page 99
When you create a network, you must select a channel to use. Since the available unlicensed spectrum varies from one country to another, the number of available channels also varies. XMG3512-B10A User’s Guide...
For example, if your mother owns a 1970 Dodge Challenger and her favorite movie is XMG3512-B10A User’s Guide...
Page 101
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. XMG3512-B10A User’s Guide...
Problems with absorption occur when physical objects (such as thick walls) are between the two radios, muffling the signal. XMG3512-B10A User’s Guide...
• You must use different keys for different BSSs. If two wireless devices have different BSSIDs (they are in different BSSs), but have the same keys, they may hear each other’s communications (but not communicate with each other). • MBSSID should not replace but rather be used in conjunction with 802.1x security. XMG3512-B10A User’s Guide...
(see the device’s User’s Guide for how to do this - for the XMG, see Section 7.6 on page 95). Press the button on one of the devices (it doesn’t matter which). For the XMG you must press the WPS button for more than five seconds. XMG3512-B10A User’s Guide...
Page 105
If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful. The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method. XMG3512-B10A User’s Guide...
If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly. The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. XMG3512-B10A User’s Guide...
When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information. XMG3512-B10A User’s Guide...
Page 108
In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead. XMG3512-B10A User’s Guide...
If this happens, open the access point’s configuration interface and look at the list of associated clients (usually displayed by MAC address). It does not matter if the access XMG3512-B10A User’s Guide...
Page 110
Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP. XMG3512-B10A User’s Guide...
• Use the Wake on LAN screen to remotely turn on a device on the network. (Section 8.7 on page 122). • Use the TFTP Server Name screen to set a TFTP server address which is passed to the clients using DHCP option 66. (Section 8.8 on page 123). XMG3512-B10A User’s Guide...
UPnP devices and enable exchange of simple product and service descriptions. NAT traversal allows the following: • Dynamic port mapping • Learning public IP addresses XMG3512-B10A User’s Guide...
IP address of your XMG. Enter the IP subnet mask into the Subnet Mask field. Unless instructed otherwise it is best to leave this alone, the configurator will automatically compute a subnet mask based upon the IP address you entered. XMG3512-B10A User’s Guide...
Page 114
Chapter 8 Home Networking Click Apply to save your settings. Figure 50 Network Setting > Home Networking > LAN Setup XMG3512-B10A User’s Guide...
Page 115
Select Static if you have the IP address of a DNS server. DNS Server 1/2 This field is only available when you select Static in the DNS field. Enter the first and second DNS (Domain Name System) server IP addresses the XMG passes to the DHCP clients. XMG3512-B10A User’s Guide...
Page 116
Select User-Defined if you have the IPv6 address of a DNS server. Enter the DNS server IPv6 addresses the XMG passes to the DHCP clients. Select None if you do not want to configure IPv6 DNS servers. XMG3512-B10A User’s Guide...
Click the Edit icon to have the IP address field editable and change it. Click the Delete icon to delete a static DHCP entry. A window displays asking you to confirm that you want to delete the selected entry. XMG3512-B10A User’s Guide...
IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use. page 112 for more information on UPnP. XMG3512-B10A User’s Guide...
Activate UPnP on the XMG. Make sure the computer is connected to a LAN port of the XMG. Turn on your computer and the XMG. Click the start icon, Control Panel and then the Network and Sharing Center. XMG3512-B10A User’s Guide...
Page 120
Select Turn on network discovery and click Save Changes. Network discovery allows your computer to find other computers and devices on the network and other computers on the network to find your computer. This makes it easier to share files and printers. XMG3512-B10A User’s Guide...
Enter the public IPv4 subnet mask provided by your ISP. Offer Public IP Select Enable to enable the XMG to provide public IP addresses by DHCP server. by DHCP Enable ARP Select Enable to enable the ARP (Address Resolution Protocol) proxy. Proxy XMG3512-B10A User’s Guide...
You need to know the MAC address of the LAN device. It may be on a label on the device or in its documentation. Click Network Setting > Home Networking > Wake on LAN to open this screen. Figure 56 Network Setting > Home Networking > Wake on LAN XMG3512-B10A User’s Guide...
LANs, WANs and the XMG The actual physical connection determines whether the XMG ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. XMG3512-B10A User’s Guide...
Please note that DNS proxy works only when the ISP uses the IPCP DNS server extensions. It does not mean you can leave the DNS servers out of the DHCP setup under all circumstances. If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the DHCP Setup screen. XMG3512-B10A User’s Guide...
9.2 The Routing Screen Use this screen to view and configure the static route rules on the XMG. Click Network Setting > Routing > Static Route to open the following screen. Figure 60 Network Setting > Routing > Static Route XMG3512-B10A User’s Guide...
Use this screen to add or edit a static route. Click Add new static route in the Routing screen or the Edit icon next to the static route you want to edit. The screen shown next appears. Figure 61 Routing: Add/Edit XMG3512-B10A User’s Guide...
A gray bulb signifies that this DNS route is not active. Domain Name This is the host name or domain name of the DNS route entry. WAN Interface This is the WAN connection through which the XMG forwards DNS requests for this domain name. XMG3512-B10A User’s Guide...
Policy-based routing is applied to outgoing packets, prior to the normal routing. You can use source-based policy forwarding to direct traffic from different users through different connections or distribute traffic among multiple paths for load sharing. XMG3512-B10A User’s Guide...
Page 129
This is the WAN interface through which the traffic is routed. Modify Click the Edit icon to edit this policy. Click the Delete icon to remove a policy from the XMG. A window displays asking you to confirm that you want to delete the policy. XMG3512-B10A User’s Guide...
Broadband screens. Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. 9.5 RIP Routing Information Protocol (RIP, RFC 1058 and RFC 1389) allows a device to exchange routing information with other routers. XMG3512-B10A User’s Guide...
Select the check box to set the XMG to not send the route information to the default gateway. Gateway Apply Click Apply to save your changes back to the XMG. Cancel Click Cancel to restore your previously saved settings. XMG3512-B10A User’s Guide...
• Use the Shaper Setup screen to limit outgoing traffic transmission rate on the selected interface (Section 10.6 on page 142). • Use the Policer Setup screen to control incoming traffic transmission rate and bursts (Section 10.7 on page 143). XMG3512-B10A User’s Guide...
(or queues). Your XMG uses the Token Bucket algorithm to allow a certain amount of large bursts while keeping a limit at the average rate. Traffic Rate Traffic Rate Time Time (Before Traffic Shaping) (After Traffic Shaping) XMG3512-B10A User’s Guide...
Click Network Setting > QoS > General to open the screen as shown next. Use this screen to enable or disable QoS and set the upstream bandwidth. See Section 10.1 on page 132 for more information. Figure 67 Network Settings > QoS > General XMG3512-B10A User’s Guide...
Cancel Click Cancel to restore your previously saved settings. 10.4 The Queue Setup Screen Click Network Setting > QoS > Queue Setup to open the screen as shown next. Use this screen to configure QoS queue assignment. XMG3512-B10A User’s Guide...
Page 136
This shows the maximum transmission rate allowed for traffic on this queue. Modify Click the Edit icon to edit the queue. Click the Delete icon to delete an existing queue. Note that subsequent rules move up by one when you take this action. XMG3512-B10A User’s Guide...
(packets are transmitted out of it). Rate Limit Specify the maximum transmission rate (in Kbps) allowed for traffic on this queue. Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. XMG3512-B10A User’s Guide...
Click the Delete icon to delete an existing classifier. Note that subsequent rules move up by one when you take this action. 10.5.1 Add/Edit QoS Class Click Add New Classification in the Classification Setup screen or the Edit icon next to a classifier to open the following screen. XMG3512-B10A User’s Guide...
Page 139
Chapter 10 Quality of Service (QoS) Figure 71 Classification Setup: Add/Edit XMG3512-B10A User’s Guide...
Page 140
For example, if you set the MAC address to 00:13:49:00:00:00 and the mask to ff:ff:ff:00:00:00, a packet with a MAC address of 00:13:49:12:34:56 matches this criteria. Exclude Select this option to exclude the packets that match the specified criteria from this classifier. Others XMG3512-B10A User’s Guide...
Page 141
If you select Remove, the XMG deletes the VLAN ID of the frames before forwarding them out. If you select Add, the XMG treat all matched traffic untagged and add a second VLAN ID. If you select Unchange, the XMG keep the VLAN ID in the packets. XMG3512-B10A User’s Guide...
Rate Limit (kbps) This shows the average rate limit of traffic bursts for this shaper. Modify Click the Edit icon to edit the shaper. Click the Delete icon to delete an existing shaper. Note that subsequent rules move up by one when you take this action. XMG3512-B10A User’s Guide...
The following table describes the labels in this screen. Table 51 Network Setting > QoS > Policer Setup LABEL DESCRIPTION Add new Policer Click this to create a new entry. This is the index number of the entry. XMG3512-B10A User’s Guide...
Figure 75 Policer Setup: Add/Edit The following table describes the labels in this screen. Table 52 Policer Setup: Add/Edit LABEL DESCRIPTION Active Select to enable or disable this policer. Name Enter the descriptive name of this policer. XMG3512-B10A User’s Guide...
A VLAN tag includes the 12-bit VLAN ID and 3-bit user priority. The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process the frame across the network. XMG3512-B10A User’s Guide...
Page 146
The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different kinds of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. XMG3512-B10A User’s Guide...
• A packet arrives. The packet is marked green and can be transmitted if the number of tokens in the CBS bucket is equal to or greater than the size of the packet (in bytes). • After a packet is transmitted, a number of tokens corresponding to the packet size is removed from the CBS bucket. XMG3512-B10A User’s Guide...
Page 149
• If the PBS bucket has enough tokens, the XMG checks the CBS bucket. The packet is marked green and can be transmitted if the number of tokens in the CBS bucket is equal to or greater than the size of the packet (in bytes). Otherwise, the packet is marked yellow. XMG3512-B10A User’s Guide...
IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side. XMG3512-B10A User’s Guide...
(B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. XMG3512-B10A User’s Guide...
Page 152
Port Protocol This shows the IP protocol supported by this virtual server, whether it is TCP, UDP, or TCP/UDP. Modify Click the Edit icon to edit this rule. Click the Delete icon to delete an existing rule. XMG3512-B10A User’s Guide...
To forward only one port, enter the port number again in the End Port field. To forward a series of ports, enter the start port number here and the end port number in the End Port field. XMG3512-B10A User’s Guide...
Click this to add a new NAT application rule. Application This is the index number of the entry. Application This field shows the type of application that the service forwards. Forwarded WAN Interface This field shows the WAN interface through which the service is forwarded. XMG3512-B10A User’s Guide...
Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in XMG3512-B10A User’s Guide...
Page 156
UDP (User Datagram Protocol) or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol). Click Network Setting > NAT > Port Triggering to open the following screen. Use this screen to view your XMG’s trigger port settings. Figure 82 Network Setting > NAT > Port Triggering XMG3512-B10A User’s Guide...
11.4.1 Add/Edit Port Triggering Rule This screen lets you create new port triggering rules. Click Add new rule in the Port Triggering screen or click a rule’s Edit icon to open the following screen. Figure 83 Port Triggering: Add/Edit XMG3512-B10A User’s Guide...
Note: If you do not assign a Default Server Address, the XMG discards all packets received for ports that are not specified in the NAT Port Forwarding screen. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. XMG3512-B10A User’s Guide...
11.7.1 Add/Edit Address Mapping Rule To add or edit an address mapping rule, click Add new rule or the rule’s edit icon in the Address Mapping screen to display the screen shown next. Figure 87 Address Mapping: Add/Edit XMG3512-B10A User’s Guide...
With heavy peer-to-peer application use, lower this number to ensure no single client uses too many of the available NAT sessions. Apply Click this to save your changes on this screen. Cancel Click this to exit this screen without saving any changes. XMG3512-B10A User’s Guide...
One and Many-to-Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your XMG filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT). XMG3512-B10A User’s Guide...
Inside Global Address (ILA) Address (IGA) 192.168.1.11 192.168.1.10 11.9.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the XMG can communicate with three distinct WAN networks. XMG3512-B10A User’s Guide...
Page 164
Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the XMG3512-B10A User’s Guide...
Page 165
You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 91 Multiple Servers Behind NAT Example A=192.168.1.33 192.168.1.1 B=192.168.1.34 IP address assigned by ISP C=192.168.1.35 D=192.168.1.36 XMG3512-B10A User’s Guide...
Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname. XMG3512-B10A User’s Guide...
You can manually add or edit the XMG’s DNS name and IP address entry. Click Add New DNS Entry in the DNS Entry screen or the Edit icon next to the entry you want to edit. The screen shown next appears. Figure 93 DNS Entry: Add/Edit XMG3512-B10A User’s Guide...
Last Updated Time This shows the last time the IP address the Dynamic DNS provider has associated with the hostname was updated. Current Dynamic This shows the IP address your Dynamic DNS provider has currently associated with the hostname. XMG3512-B10A User’s Guide...
Page 169
Chapter 12 DNS Table 70 Network Setting > DNS > > Dynamic DNS (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. XMG3512-B10A User’s Guide...
The following table describes the fields in this screen. Table 71 Network Setting > Vlan Group LABEL DESCRIPTION Add New Vlan Click this button to create a new VLAN group. Group This is the index number of the VLAN group. XMG3512-B10A User’s Guide...
Select Tx Tagging to tag outgoing traffic from the associated LAN port with the VLAN ID number entered above. Click OK to save your changes back to the XMG. Cancel Click Cancel to exit this screen without saving. XMG3512-B10A User’s Guide...
(meaning it is a Windows 2000 DHCP client) is assigned the IP address 192.168.2.2 and uses the WAN VDSL_PoE/ppp0.1 interface. Figure 98 Interface Grouping Application Default: ETH 2~4 192.168.1.x/24 eth10.0 VDSL_PoE/ppp0.1 192.168.2.x/24 DHCP Vendor ID option: MSFT 5.0 XMG3512-B10A User’s Guide...
Click the Add New Interface Group button in the Interface Grouping screen to open the following screen. Use this screen to create a new interface group. Note: An interface can belong to only one group at a time. XMG3512-B10A User’s Guide...
Page 174
Interfaces list and use the left arrow to move them to the interface list on the left to add the interfaces to this group. Available LAN Interfaces To remove a LAN or wireless LAN interface from the interface list on the left, use the right-facing arrow. XMG3512-B10A User’s Guide...
Select this option to be able to use wildcards in the Vendor Class Identifier configured for DHCP wildcard option 60. DHCP Option 61 Select this and enter the device identity of the matched traffic. DHCP Option Select this and enter vendor specific information of the matched traffic. XMG3512-B10A User’s Guide...
Page 176
Class VLAN Group Select this and the VLAN group of the matched traffic from the drop-down list box. Click OK to save your changes back to the XMG. Cancel Click Cancel to exit this screen without saving. XMG3512-B10A User’s Guide...
• Use the Media Server screen to enable or disable the sharing of media files (Section 15.3 on page 180). 15.1.2 What You Need To Know The following terms and concepts may help as you read this chapter. XMG3512-B10A User’s Guide...
Use this screen to set up file sharing through the XMG. The XMG’s LAN users can access the shared folder (or share) from the USB device inserted in the XMG. To access this screen, click Network Setting > USB Service > File Sharing. XMG3512-B10A User’s Guide...
Use this screen to create a user account that can access the secured shares on the USB device. To access this screen, click the Add New User button in the Network Setting > USB Service > File Sharing screen. XMG3512-B10A User’s Guide...
The media server is enabled by default with the video, photo, and music shares published. To change your XMG’s media server settings, click Network Setting > USB Service > Media Server. The screen appears as shown. XMG3512-B10A User’s Guide...
Page 181
Media Library Enter the path clients use to access the media files on a USB storage device connected to the Path XMG. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. XMG3512-B10A User’s Guide...
• Use the Access Control screen to view and configure incoming/outgoing filtering rules (Section 16.4 on page 186). • Use the DoS screen to activate protection against Denial of Service (DoS) attacks (.Section 16.5 on page 188). XMG3512-B10A User’s Guide...
Use this screen to set the security level of the firewall on the XMG. Firewall rules are grouped based on the direction of travel of packets to which they apply. Click Security > Firewall to display the General screen. XMG3512-B10A User’s Guide...
IANA (Internet Assigned Number Authority) website. See Appendix C on page 269 for some examples. Click Security > Firewall > Protocol to display the following screen. Figure 108 Security > Firewall > Protocol XMG3512-B10A User’s Guide...
Type a single port number or the range of port numbers that define your customized service. Protocol This field is displayed if you select Other as the protocol. Number Enter the protocol number of your customized port. XMG3512-B10A User’s Guide...
Click the Move To icon to change the order of the rule. Enter the number in the # field. 16.4.1 Add/Edit an ACL Rule Click Add new ACL rule or the Edit icon next to an existing ACL rule in the Access Control screen. The following screen displays. XMG3512-B10A User’s Guide...
Page 187
If you want to configure a customized protocol, select Specific Service. Protocol This field is displayed only when you select Specific Protocol in Select Protocol. Choose the IP port (TCP/UDP, TCP, UDP, ICMP, or ICMPv6) that defines your customized port from the drop-down list box. XMG3512-B10A User’s Guide...
The following table describes the labels in this screen. Table 84 Security > Firewall > DoS LABEL DESCRIPTION DoS Protection Select Enable to enable protection against DoS attacks. Blocking Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. XMG3512-B10A User’s Guide...
17.2 The MAC Filter Screen Use this screen to allow wireless and LAN clients access to the XMG. Click Security > MAC Filter. The screen appears as shown. Figure 113 Security > MAC Filter XMG3512-B10A User’s Guide...
Page 190
Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc. Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. XMG3512-B10A User’s Guide...
This shows the day(s) and time on which parental control is enabled. Schedule Network Service This shows whether the network service is configured. If not, None will be shown. Website This shows whether the website block is configured. If not, None will be shown. Blocked XMG3512-B10A User’s Guide...
Use this screen to configure a restricted access schedule and/or URL filtering settings to block the users on your network from accessing certain web sites. Figure 115 Parental Control Rule: Add/Edit Rule XMG3512-B10A User’s Guide...
Page 193
This shows the URL of web site or URL keyword to which the XMG blocks or allows access. Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Delete icon to delete an existing rule. XMG3512-B10A User’s Guide...
Page 194
Select the transport layer protocol used for the service. Choices are TCP, UDP, or TCP & UDP. Port Enter the port of the service. If you have chosen a pre-defined service in the Service Name field, this field will not be configurable. XMG3512-B10A User’s Guide...
Page 195
Site/URL Keyword Enter a keyword and click OK to have the XMG to block access to the website URLs that contain the keyword Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. XMG3512-B10A User’s Guide...
19.2.1 Add/Edit a Schedule Click the Add New Rule button in the Scheduler Rule screen or click the Edit icon next to a schedule rule to open the following screen. Use this screen to configure a restricted access schedule. XMG3512-B10A User’s Guide...
Page 197
Enter the time period of each day, in 24-hour format, during which the rule will be enforced. Range Description Enter a description for this scheduler rule. Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. XMG3512-B10A User’s Guide...
20.3 The Local Certificates Screen Click Security > Certificates to open the Local Certificates screen. This is the XMG’s summary list of certificates and certification requests. Figure 121 Security > Certificates > Local Certificates XMG3512-B10A User’s Guide...
20.3.1 Create Certificate Request Click Security > Certificates > Local Certificates and then Create Certificate Request to open the following screen. Use this screen to have the XMG generate a certification request. Figure 122 Create Certificate Request XMG3512-B10A User’s Guide...
20.3.2 Load Signed Certificate After you create a certificate request and have it signed by a Certificate Authority, in the Local Certificates screen click the certificate request’s Load Signed icon to import the signed certificate into the XMG. XMG3512-B10A User’s Guide...
This field displays general information about the certificate. ca means that a Certification Authority signed the certificate. Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C). XMG3512-B10A User’s Guide...
Type in the location of the certificate you want to upload in this field or click Choose File to find Path Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. XMG3512-B10A User’s Guide...
CODE SEVERITY Emergency: The system is unusable. Alert: Action must be taken immediately. Critical: The system condition is critical. Error: There is an error condition on the system. Warning: There is a warning condition on the system. XMG3512-B10A User’s Guide...
This field states the reason for the log. 21.3 The Security Log Screen Use the Security Log screen to see the security-related logs for the categories that you select. Click System Monitor > Log > Security Log to open the following screen. XMG3512-B10A User’s Guide...
Page 206
This field displays the severity level of the log that the device is to send to this syslog server. Category This field displays the type of the log. Messages This field states the reason for the log. XMG3512-B10A User’s Guide...
Table 101 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Refresh Interval Select how often you want the XMG to update this screen. Connected This shows the name of the WAN interface that is currently connected. Interface Packets Sent XMG3512-B10A User’s Guide...
Table 102 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Refresh Interval Select how often you want the XMG to update this screen. Interface This shows the LAN or WLAN interface. Bytes Sent This indicates the number of bytes transmitted on this interface. XMG3512-B10A User’s Guide...
This displays what percentage of NAT sessions the XMG can support is currently being used by all connected hosts. You can also see the number of active NAT sessions and the maximum number of NAT sessions the XMG can support. XMG3512-B10A User’s Guide...
ARP updates the ARP Table for future reference and then sends the packet to the MAC address that replied. 23.2 ARP Table Screen Use the ARP table to view IP-to-MAC address mapping(s). To open this screen, click System Monitor > ARP Table. Figure 133 System Monitor > ARP Table XMG3512-B10A User’s Guide...
Page 211
This is the learned IPv4 or IPv6 address of a device connected to a port. Address MAC Address This is the MAC address of the device with the listed IP address. Device This is the type of interface used by the device. XMG3512-B10A User’s Guide...
This indicates the destination IPv4 address or IPv6 address and prefix of this route. Gateway This indicates the IPv4 address or IPv6 address of the gateway that helps forward this route’s traffic. Subnet Mask This indicates the destination subnet mask of the IPv4 route. XMG3512-B10A User’s Guide...
Page 213
LAN interface where x can be 0~3 to represent LAN1 to LAN4 respectively. ptm0 indicates a DSL WAN interface using IPoE, IPoA or in bridge mode. ethx indicates an Ethernet WAN interface using IPoE or in bridge mode. ppp0 indicates a WAN interface using PPPoE or PPPoA. XMG3512-B10A User’s Guide...
Use this screen to look at the current list of multicast groups the XMG has joined and which ports have joined it. To open this screen, click System Monitor > Multicast Status > MLD Status. Figure 136 System Monitor > Multicast Status > MLD Status XMG3512-B10A User’s Guide...
Page 215
Source List This is the list of IP addresses that are allowed or not allowed to receive the multicast group’s traffic depending on the filter mode. Member This is the list of members in the multicast group. XMG3512-B10A User’s Guide...
This displays the type of traffic the DSL port is sending and receiving. Inactive displays if the DSL port is not currently sending or receiving traffic. Link Uptime This displays how long the port has been running (or connected) since the last time it was started. XMG3512-B10A User’s Guide...
Page 217
This is a subset of ES. This is the number of UnAvailable Seconds. This is the number of Loss Of Signal seconds. This is the number of Loss Of Frame seconds. This is the number of Loss of Margin seconds. XMG3512-B10A User’s Guide...
Type a hostname for your XMG. Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes. Domain Name Type a Domain name for your host XMG. Apply Click Apply to save your changes. Cancel Click Cancel to abandon this screen without saving. XMG3512-B10A User’s Guide...
Click the Delete icon to remove the entry. 28.2.1 The User Account Add/Edit Screen Click Add New Account or the Edit icon of an existing account in the Maintenance > User Account to open the following screen. XMG3512-B10A User’s Guide...
Page 220
Retry Times. Group Specify whether this user will have Administrator or User privleges. Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. XMG3512-B10A User’s Guide...
Select the Enable check box for the corresponding services that you want to allow access to the XMG from the LAN/WLAN. Select the Enable check box for the corresponding services that you want to allow access to the XMG from all WAN connections. XMG3512-B10A User’s Guide...
Use this screen to configure a public IP address which is allowed to access the XMG. Click the Add Trust Domain button in the Maintenance > Remote Management > Turst Domain screen to open the following screen. XMG3512-B10A User’s Guide...
Page 223
Enter a public IPv4 IP address which is allowed to access the service on the XMG from the WAN. Apply Click Apply to save your changes back to the XMG. Cancel Click Cancel to exit this screen without saving. XMG3512-B10A User’s Guide...
Examples of variables include such as number of packets received, node port status etc. A Management Information Base (MIB) is a collection of managed objects. SNMP allows a manager and agents to communicate for the purpose of accessing these objects. XMG3512-B10A User’s Guide...
Page 225
Enter the SNMP system contact. Trap Destination Type the IP address of the station to send your SNMP traps to. Apply Click this to save your changes back to the XMG. Cancel Click this to restore your previously saved settings. XMG3512-B10A User’s Guide...
The following table describes the fields in this screen. Table 116 Maintenance > Time LABEL DESCRIPTION Current Date/Time Current Time This field displays the time of your XMG. Each time you reload this page, the XMG synchronizes the time with the time server. XMG3512-B10A User’s Guide...
Page 227
2 in the Time field because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. XMG3512-B10A User’s Guide...
Remove Click this button to delete the selected entry(ies). 32.2.1 E-mail Notification Edit Click the Add button in the E-mail Notification screen. Use this screen to configure the required information for sending e-mail via a mail server. XMG3512-B10A User’s Guide...
Page 229
Select STARTTLS to upgrade a plain text connection to a secure connection using SSL/TLS. Click this button to save your changes and return to the previous screen. Cancel Click this button to exit this screen without saving. XMG3512-B10A User’s Guide...
You can configure where the XMG sends logs and which logs and/or immediate alerts the XMG records in the Logs Setting screen. 33.2 The Log Settings Screen To change your XMG’s log settings, click Maintenance > Logs Setting. The screen appears as shown. Figure 149 Maintenance > Logs Setting XMG3512-B10A User’s Guide...
• You may edit the subject title. • The date format here is Day-Month-Year. • The date format here is Month-Day-Year. The time format is Hour-Minute-Second. • "End of Log" message shows that a complete log has been sent. XMG3512-B10A User’s Guide...
Page 232
|<1,02> 127|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |match |forward | 10:05:17 |UDP src port:00520 dest port:00520 |<1,02> 128|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |match |forward | 10:05:30 |UDP src port:00520 dest port:00520 |<1,02> End of Firewall Log XMG3512-B10A User’s Guide...
Upgrade Current This is the present Firmware version and the date created. Firmware Version File Path Type in the location of the file you wasnt to upload in this field or click Choose File to find it. XMG3512-B10A User’s Guide...
Page 234
The XMG automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 153 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. XMG3512-B10A User’s Guide...
The backup configuration file will be useful in case you need to return to your previous settings. Click Backup to save the XMG’s current configuration to your computer. XMG3512-B10A User’s Guide...
If the upload was not successful, the following screen will appear. Click OK to go back to the Configuration screen. Figure 156 Configuration Upload Error Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the XMG to its factory defaults. The following warning screen appears. XMG3512-B10A User’s Guide...
System restart allows you to reboot the XMG remotely without turning the power off. You may need to do this if the XMG hangs, for example. Click Maintenance > Reboot. Click Reboot to have the XMG reboot. This does not affect the XMG's configuration. Figure 159 Maintenance > Reboot XMG3512-B10A User’s Guide...
If an MEP port does not respond to the source MEP, this may indicate a fault. Administrators can take further action to check and resume services from the fault according to the line connectivity status report. XMG3512-B10A User’s Guide...
Click this button to perform a DNS lookup on the IP address of a computer you enter. 36.4 802.1ag Click Maintenance > Diagnostic > 802.1ag to open the following screen. Use this screen to perform CFM actions. XMG3512-B10A User’s Guide...
OAM (Operation, Administration and Maintenance) F4 or F5 loopback test on a PVC. The XMG sends an OAM F4 or F5 packet to the DSLAM or ATM switch and then returns it to the XMG. The test result then displays in the text box. XMG3512-B10A User’s Guide...
Page 241
Note: The DSLAM to which the XMG is connected must also support ATM F4 and/or F5 to use this test. Note: This screen is available only when you configure an ATM layer-2 interface. Figure 163 Maintenance > Diagnostic > OAM Ping XMG3512-B10A User’s Guide...
Page 242
Press this to perform an OAM F4 segment loopback test. F4 end-end Press this to perform an OAM F4 end-to-end loopback test. F5 segment Press this to perform an OAM F5 segment loopback test. F5 end-end Press this to perform an OAM F5 end-to-end loopback test. XMG3512-B10A User’s Guide...
Make sure you understand the normal behavior of the LED. See Section 1.5 on page Check the hardware connections. Inspect your cables for damage. Contact the vendor to replace any damaged cables. Turn the XMG off and on. XMG3512-B10A User’s Guide...
If it is possible to log in from another interface, check the service control settings for HTTP and HTTPS (Maintenance > Remote MGMT). Reset the device to its factory defaults, and try to access the XMG with the default IP address. See Section 1.6 on page XMG3512-B10A User’s Guide...
Ignore the suggestions about your browser. 37.3 Internet Access I cannot access the Internet. Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page XMG3512-B10A User’s Guide...
Page 246
(Network Setting > Interface Grouping). If you set up a WAN connection using bridging service, make sure you turn off the DHCP feature in the LAN screen to have the clients get WAN IP addresses directly from your ISP’s DHCP server. XMG3512-B10A User’s Guide...
Internet. What is a Server Set ID (SSID)? An SSID is a name that uniquely identifies a wireless network. The AP and all the clients within a wireless network must use the same SSID. XMG3512-B10A User’s Guide...
When using UPnP and the XMG reboots, my computer cannot detect UPnP and refresh My Network Places > Local Network. Disconnect the Ethernet cable from the XMG’s LAN port or from your computer. Re-connect the Ethernet cable. The Local Area Connection icon for UPnP disappears in the screen. Restart your computer. XMG3512-B10A User’s Guide...
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • Zyxel Communications Corporation • http://www.zyxel.com Asia China • Zyxel Communications (Shanghai) Corp. Zyxel Communications (Beijing) Corp. Zyxel Communications (Tianjin) Corp. • http://www.zyxel.cn India • Zyxel Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
Page 252
Appendix A Customer Support Belgium • Zyxel Communications B.V. • http://www.zyxel.com/be/nl/ • http://www.zyxel.com/be/fr/ Bulgaria • Zyxel България • http://www.zyxel.com/bg/bg/ Czech Republic • Zyxel Communications Czech s.r.o • http://www.zyxel.cz Denmark • Zyxel Communications A/S • http://www.zyxel.dk Estonia • Zyxel Estonia • http://www.zyxel.com/ee/et/ Finland •...
Page 253
• Zyxel Communications Poland • http://www.zyxel.pl Romania • Zyxel Romania • http://www.zyxel.com/ro/ro Russia • Zyxel Russia • http://www.zyxel.ru Slovakia • Zyxel Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • Zyxel Communications ES Ltd • http://www.zyxel.es Sweden • Zyxel Communications • http://www.zyxel.se Switzerland •...
Page 254
Appendix A Customer Support • http://www.zyxel.ch/ Turkey • Zyxel Turkey A.S. • http://www.zyxel.com.tr • Zyxel Communications UK Ltd. • http://www.zyxel.co.uk Ukraine • Zyxel Ukraine • http://www.ua.zyxel.com Latin America Argentina • Zyxel Communication Corporation • http://www.zyxel.com/ec/es/ Brazil • Zyxel Communications Brasil Ltda.
Page 255
Appendix A Customer Support North America • Zyxel Communications, Inc. - North America Headquarters • http://www.zyxel.com/us/en/ Oceania Australia • Zyxel Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za XMG3512-B10A User’s Guide...
Intra-BSS traffic is traffic between wireless clients in the BSS. When Intra-BSS is enabled, wireless client A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. XMG3512-B10A User’s Guide...
Page 257
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. XMG3512-B10A User’s Guide...
Page 258
(AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. XMG3512-B10A User’s Guide...
If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. XMG3512-B10A User’s Guide...
Page 260
Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. XMG3512-B10A User’s Guide...
In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access. XMG3512-B10A User’s Guide...
Page 262
Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 XMG3512-B10A User’s Guide...
As long as the passwords match, a wireless client will be granted access to a WLAN. If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. XMG3512-B10A User’s Guide...
Page 264
AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it. XMG3512-B10A User’s Guide...
A WPA(2)-PSK application looks as follows. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). XMG3512-B10A User’s Guide...
In general, antennas should be mounted as high as practically possible and free of obstructions. In point-to–point application, position both antennas at the same height and in a direct line of sight to each other to attain the best performance. XMG3512-B10A User’s Guide...
Page 268
For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. XMG3512-B10A User’s Guide...
• If the Protocol is TCP, UDP, or TCP/UDP, this is the IP port number. • If the Protocol is USER, this is the IP protocol number. • Description: This is a brief explanation of the applications that use this service or the situations in which this service is used. XMG3512-B10A User’s Guide...
Page 270
Microsoft Networks’ messenger service uses this protocol. NetBIOS TCP/UDP The Network Basic Input/Output System is used for communication between computers in a LAN. TCP/UDP TCP/UDP TCP/UDP NEW-ICQ 5190 An Internet chat program. NEWS A protocol for news groups. XMG3512-B10A User’s Guide...
Page 271
SSDP 1900 The Simple Service Discovery Protocol supports Universal Plug-and-Play (UPnP). TCP/UDP Secure Shell Remote Login Program. STRM WORKS 1558 Stream Works Protocol. SYSLOG Syslog allows you to send system logs to a UNIX server. XMG3512-B10A User’s Guide...
Page 272
Internet and in UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems. VDOLIVE 7000 A videoconferencing solution. The UDP port number is specified in the application. user- defined XMG3512-B10A User’s Guide...
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 274
TYPE FABRICANT GAIN CONNECTEUR Dipole ACON -0.54 Ipex Lorsque la fonction sans fil 5G fonctionnant en5150-5250 MHz and 5725-5850 MHz est activée pour ce produit , il est nécessaire de porter une attention particulière aux choses suivantes XMG3512-B10A User’s Guide...
Par la présente ZyXEL déclare que l'appareil équipements est conforme aux exigences essentielles et aux autres dispositions (French) pertinentes de la directive 1999/5/EC. Hrvatski ZyXEL ovime izjavljuje da je radijska oprema tipa u skladu s Direktivom 1999/5/EC. (Croatian) XMG3512-B10A User’s Guide...
The outdoor usage of the 2.4 GHz band requires an authorization from the Electronic Communications Office. Please check http:// www.esd.lv for more details. • 2.4 GHz frekvenèu joslas izmantoðanai ârpus telpâm nepiecieðama atïauja no Elektronisko sakaru direkcijas. Vairâk informâcijas: http:// www.esd.lv. XMG3512-B10A User’s Guide...
Évitez d'utiliser ce produit (autre qu'un type sans fil) pendant un orage. Il peut y avoir un risque de choc électrique de la foudre. • Toujours débrancher toutes les lignes téléphoniques de la prise murale avant de réparer ou de démonter ce produit. XMG3512-B10A User’s Guide...
Page 278
Symbolen innebär att enligt lokal lagstiftning ska produkten och/eller dess batteri kastas separat från hushållsavfallet. När den här produkten når slutet av sin livslängd ska du ta den till en återvinningsstation. Vid tiden för kasseringen bidrar du till en bättre miljö och mänsklig hälsa genom att göra dig av med den på ett återvinningsställe. XMG3512-B10A User’s Guide...
Page 279
Appendix D Legal Information Environmental Product Declaration XMG3512-B10A User’s Guide...
Page 280
Various symbols are used in this product to ensure correct usage, to prevent danger to the user and others, and to prevent property damage. The meaning of these symbols are described below. It is important that you read these descriptions thoroughly and fully understand the contents. XMG3512-B10A User’s Guide...
This product contains in part some free software distributed under GPL license terms and/or GPL like licenses. Open source licenses are provided with the firmware package. You can download the latest firmware at www.zyxel.com. To obtain the source code covered under those Licenses, please contact support@zyxel.com.tw to get it. XMG3512-B10A User’s Guide...
Internet access media server activation iTunes server applications, NAT ARP Table 210, 212 authentication 100, 101 RADIUS server backup configuration Basic Service Set, See BSS Basic Service Set, see BSS blinking LEDs Broadband broadcast 103, 256 example XMG3512-B10A User’s Guide...
Page 283
LAN client list configuration backup firewalls reset restoring static route 78, 126, 128, 167 Connectivity Check Messages, see CCMs contact information copyright CoS technologies creating certificates CTS (Clear to Send) XMG3512-B10A User’s Guide...
Page 284
Domain Name Domain Name System, see DNS Domain Name System. See DNS. DS field DS, dee differentiated services DSCP dynamic DNS wildcard Dynamic Host Configuration Protocol, see DHCP dynamic WEP key exchange DYNDNS wildcard EAP Authentication ECHO e-mail XMG3512-B10A User’s Guide...
Page 285
MAC address 92, 101 Finger firewalls add protocols configuration DDoS LAND attack Ping of Death SYN attack firmware version forwarding ports fragmentation threshold 96, 100, 259 151, 164 General wireless LAN screen hidden node HTTP XMG3512-B10A User’s Guide...
Page 286
NAT applications IPv6 addressing 64, 83 prefix 64, 83 prefix delegation prefix length 64, 83 iTunes server client list DHCP 112, 124 112, 124 IP address 112, 113 MAC address status subnet mask 112, 113 LAND attack XMG3512-B10A User’s Guide...
Page 287
Maintenance End Point, see MEP Management Information Base (MIB) managing the device good habits Maximum Burst Size (MBS) MBSSID media server activation iTunes server MTU (Multi-Tenant Unit) multicast Multiple BSS, see MBSSID multiplexing LLC-based VC-based multiprotocol encapsulation XMG3512-B10A User’s Guide...
Page 288
Pairwise Master Key (PMK) 264, 266 passwords Peak Cell Rate (PCR) Per-Hop Behavior, see PHB PIN, WPS example Ping of Death Point-to-Point Tunneling Protocol, see PPTP POP3 port forwarding ports PPPoE Benefits PPTP preamble 97, 100 preamble mode prefix delegation XMG3512-B10A User’s Guide...
Page 289
RFC 1483 RFC 3164 router features Routing Information Protocol. See RIP RTS (Request To Send) threshold 258, 259 RTS threshold 96, 100 security wireless LAN Security Log Security Parameter Index, see SPI service access control 221, 222 XMG3512-B10A User’s Guide...
Page 290
MBSSID static route 125, 130, 228 configuration 78, 126, 128, 167 example static VLAN status firmware version wireless LAN status indicators subnet mask Sustained Cell Rate (SCR) SYN attack syslog protocol severity levels system firmware version passwords XMG3512-B10A User’s Guide...
Page 291
Two Rate Three Color Marker, see trTCM unicast Universal Plug and Play, see UPnP upgrading firmware UPnP cautions NAT traversal USB features Vendor ID Virtual Circuit (VC) Virtual Local Area Network See VLAN VLAN Introduction number of possible VIDs priority frame XMG3512-B10A User’s Guide...
Page 292
84, 98 authentication 100, 101 example channel encryption example fragmentation threshold 96, 100 limitations MAC address filter 92, 101 MBSSID preamble 97, 100 RADIUS server RTS/CTS threshold 96, 100 security SSID activation status WPA-PSK 104, 106 example limitations XMG3512-B10A User’s Guide...
Page 293
RADIUS application example WPA2 user authentication vs WPA2-PSK wireless client supplicant with RADIUS application example WPA2-Pre-Shared Key WPA2-PSK 263, 264 application example WPA-PSK 102, 263, 264 application example 104, 106 example limitations example push button ZyXEL Family Safety page XMG3512-B10A User’s Guide...
Need help?
Do you have a question about the XMG3512-B10A and is the answer not in the manual?
Questions and answers