Page 1 P-2602HW(L) Series 802.11g Wireless ADSL2+ VoIP IAD P-2602H Series ADSL2+ VoIP IAD User’s Guide Version 3.40 7/2006 Edition 1...
Page 4: Certifications
P-2602H(W)(L)-DxA Series User’s Guide Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 5: Safety Warnings
For your safety, be sure to read and follow all warning notices and instructions. • To reduce the risk of fire, use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Do NOT open the device or unit. Opening or removing covers can expose you to dangerous high voltage points or other risks.
Page 6: Zyxel Limited Warranty
P-2602H(W)(L)-DxA Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever...
Page 7: Customer Support
+36-1-3259100 +7-3272-590-698 www.zyxel.kz +7-3272-590-689 1-800-255-4101 www.us.zyxel.com +1-714-632-0882 +1-714-632-0858 ftp.us.zyxel.com REGULAR MAIL ZyXEL Communications Corp. 6 Innovation Road II Science Park Hsinchu 300 Taiwan ZyXEL Costa Rica Plaza Roble Escazú Etapa El Patio, Tercer Piso San José, Costa Rica ZyXEL Communications Czech s.r.o.
Page 8 +46-31-744-7701 www.ua.zyxel.com +380-44-494-49-32 +44-1344 303044 www.zyxel.co.uk 08707 555779 (UK only) +44-1344 303034 ftp.zyxel.co.uk REGULAR MAIL ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway ZyXEL Communications ul. Okrzei 1A 03-715 Warszawa Poland ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279...
Page 9: Table Of Contents
Copyright ... 3 Certifications ... 4 Safety Warnings ... 5 ZyXEL Limited Warranty... 6 Customer Support... 7 Table of Contents ... 9 List of Figures ... 23 List of Tables ... 29 Preface ... 35 Chapter 1 Getting To Know the ZyXEL Device... 37 1.1 Introducing the P-2602H(W)(L)-Dx Series ...37 1.2 Features ...38 1.3 Wireless Features (“W”...
Page 10 P-2602H(W)(L)-DxA Series User’s Guide 2.2.3 Main Window ...55 2.2.4 Status Bar ...55 Chapter 3 Internet and Wireless Setup Wizard ... 57 3.1 Introduction ...57 3.2 Internet Access Wizard Setup ...57 3.2.1 Manual Configuration ...59 3.3 Wireless Connection Wizard Setup ...65 3.3.1 Manually Assign a WPA key ...67 3.3.2 Manually Assign a WEP key...68 Chapter 4...
Page 11 7.1.4 IP Address Assignment ...95 7.1.4.1 IP Assignment with PPPoA or PPPoE Encapsulation ...95 7.1.4.2 IP Assignment with RFC 1483 Encapsulation ...95 7.1.4.3 IP Assignment with ENET ENCAP Encapsulation ...95 7.1.5 Nailed-Up Connection (PPP) ...95 7.1.6 NAT ...95 7.2 Metric ...96 7.3 Traffic Shaping ...96 7.3.1 ATM Traffic Classes ...97 7.3.1.1 Constant Bit Rate (CBR) ...97...
Page 12 P-2602H(W)(L)-DxA Series User’s Guide 9.2 Wireless Security Overview ...122 9.2.1 SSID ...122 9.2.2 MAC Address Filter ...122 9.2.3 User Authentication ...123 9.2.4 Encryption ...123 9.2.5 One-Touch Intelligent Security Technology (OTIST) ...124 9.3 Wireless Performance Overview ...124 9.3.1 Quality of Service (QoS) ...124 9.4 Additional Wireless Terms ...125 9.5 General WLAN Screen ...125 9.5.1 No Security ...126...
Page 13 11.2.1 SIP Identities ...151 11.2.1.1 SIP Number ...151 11.2.1.2 SIP Service Domain ...152 11.2.2 SIP Call Progression ...152 11.2.3 SIP Servers ...152 11.2.3.1 SIP User Agent ...153 11.2.3.2 SIP Proxy Server ...153 11.2.3.3 SIP Redirect Server ...154 11.2.3.4 SIP Register Server ...154 11.3 SIP Settings Screen ...154 11.3.1 RTP ...156 11.4 Pulse Code Modulation ...156...
Page 14 P-2602H(W)(L)-DxA Series User’s Guide 11.15.3 USA Type Supplementary Services ...170 11.15.3.1 USA Call Hold ...170 11.15.3.2 USA Call Waiting ...171 11.15.3.3 USA Call Transfer ...171 11.15.3.4 USA Three-Way Conference ...171 11.16 Phone Region Screen ...171 11.17 Speed Dial ...172 11.17.1 Peer-to-Peer Calls ...172 11.18 Speed Dial Screen ...173 11.19 Incoming Call Policy Screen ...174 11.20 PSTN Line Screen (“L”...
Page 15 13.7 Packet Filtering Vs Firewall ...191 13.7.1 Packet Filtering: ...191 13.7.1.1 When To Use Filtering ...192 13.7.2 Firewall ...192 13.7.2.1 When To Use The Firewall ...192 Chapter 14 Firewall Configuration ... 193 14.1 Access Methods ...193 14.2 Firewall Policies Overview ...193 14.3 Rule Logic Overview ...194 14.3.1 Rule Checklist ...194 14.3.2 Security Ramifications ...194...
Page 16 P-2602H(W)(L)-DxA Series User’s Guide 16.1.1 IPSec ...215 16.1.2 Security Association ...215 16.1.3 Other Terminology ...215 16.1.3.1 Encryption ...215 16.1.3.2 Data Confidentiality ...216 16.1.3.3 Data Integrity ...216 16.1.3.4 Data Origin Authentication ...216 16.1.4 VPN Applications ...216 16.2 IPSec Architecture ...216 16.2.1 IPSec Algorithms ...217 16.2.2 Key Management ...217 16.3 Encapsulation ...217 16.3.1 Transport Mode ...218...
Page 17 17.18 Telecommuter VPN/IPSec Examples ...244 17.18.1 Telecommuters Sharing One VPN Rule Example ...244 17.18.2 Telecommuters Using Unique VPN Rules Example ...245 17.19 VPN and Remote Management ...247 Chapter 18 Static Route ... 249 18.1 Static Route 18.2 Configuring Static Route ...249 18.2.1 Static Route Edit ...250 Chapter 19 Bandwidth Management ...
Page 18 P-2602H(W)(L)-DxA Series User’s Guide 21.1.3 System Timeout ...268 21.2 WWW ...268 21.3 Telnet ...269 21.4 Configuring Telnet ...269 21.5 Configuring FTP ...270 21.6 SNMP ...271 21.6.1 Supported MIBs ...272 21.6.2 SNMP Traps ...273 21.6.3 Configuring SNMP ...273 21.7 Configuring DNS ...275 21.8 Configuring ICMP ...275 Chapter 22 Universal Plug-and-Play (UPnP) ...
Page 19 25.4 Firmware Upgrade Screen ...302 25.5 Backup and Restore ...304 25.5.1 Backup Configuration ...305 25.5.2 Restore Configuration ...305 25.5.3 Reset to Factory Defaults ...307 25.6 Restart ...307 25.7 Using FTP or TFTP to Back Up Configuration ...308 25.7.1 Using the FTP Commands to Back Up Configuration ...308 25.7.2 FTP Command Configuration Backup Example ...308 25.7.3 Configuration Backup Using GUI-based FTP Clients ...309 25.7.4 Backup Configuration Using TFTP ...309...
Page 20 P-2602H(W)(L)-DxA Series User’s Guide P-2602HWL Series Power Adaptor Specifications... 336 Appendix B Splitters and Microfilters ... 339 Connecting a POTS Splitter ... 339 Telephone Microfilters ... 339 ZyXEL Device With ISDN... 340 Appendix C Setting up Your Computer’s IP Address... 341 Windows 95/98/Me...
Page 21 RADIUS... 366 Types of RADIUS Messages ... 366 Types of Authentication... 367 EAP-MD5 (Message-Digest Algorithm 5) ... 367 EAP-TLS (Transport Layer Security) ... 368 EAP-TTLS (Tunneled Transport Layer Service) ... 368 PEAP (Protected EAP) ... 368 LEAP... 368 Dynamic WEP Key Exchange ... 368 WPA ...
Page 22 P-2602H(W)(L)-DxA Series User’s Guide Internal SPTGEN Overview ... 395 The Configuration Text File Format... 395 Internal SPTGEN File Modification - Important Points to Remember ... 395 Internal SPTGEN FTP Download Example... 396 Internal SPTGEN FTP Upload Example ... 397 Command Examples... 419 Index...
Page 23: List Of Figures
P-2602H(W)(L)-DxA Series User’s Guide List of Figures Figure 1 Internet Access Application ... 44 Figure 2 Internet Telephony Service Provider Application ... 45 Figure 3 Peer-to-peer Calling ... 45 Figure 4 Firewall Application ... 46 Figure 5 LAN-to-LAN Application ... 46 Figure 6 LEDs ...
Page 24 P-2602H(W)(L)-DxA Series User’s Guide Figure 39 Bandwidth Management Wizard: General Information ... 80 Figure 40 Bandwidth Management Wizard: Service Configuration ... 80 Figure 41 Bandwidth Management Wizard: Complete ... 81 Figure 42 Status Screen ... 83 Figure 43 Any IP Table ... 86 Figure 44 WLAN Status ...
Page 25 P-2602H(W)(L)-DxA Series User’s Guide Figure 82 Port Forwarding Rule Setup ... 148 Figure 83 Network > NAT > ALG ... 149 Figure 84 SIP User Agent ... 153 Figure 85 SIP Proxy Server ... 153 Figure 86 SIP Redirect Server ... 154 Figure 87 SIP >...
Page 26 P-2602H(W)(L)-DxA Series User’s Guide Figure 125 Two Phases to Set Up the IPSec SA ... 234 Figure 126 Advanced VPN Policies ... 237 Figure 127 VPN: Manual Key ... 240 Figure 128 VPN: SA Monitor ... 243 Figure 129 VPN: Global Setting ... 244 Figure 130 Telecommuters Sharing One VPN Rule Example ...
Page 27 P-2602H(W)(L)-DxA Series User’s Guide Figure 168 E-mail Log Example ... 300 Figure 169 Firmware Upgrade ... 303 Figure 170 Firmware Upload In Progress ... 303 Figure 171 Network Temporarily Disconnected ... 304 Figure 172 Error Message ... 304 Figure 173 Configuration ... 305 Figure 174 Configuration Upload Successful ...
Page 28 P-2602H(W)(L)-DxA Series User’s Guide Figure 211 Macintosh OS X: Apple Menu ... 350 Figure 212 Macintosh OS X: Network ... 351 Figure 213 Peer-to-Peer Communication in an Ad-hoc Network ... 361 Figure 214 Basic Service Set ... 362 Figure 215 Infrastructure WLAN ... 363 Figure 216 RTS/CTS ...
Page 29: List Of Tables
P-2602H(W)(L)-DxA Series User’s Guide List of Tables Table 1 Models Covered ... 37 Table 2 ADSL Standards ... 38 Table 3 IEEE 802.11g ... 42 Table 4 LEDs ... 47 Table 5 Web Configurator Icons in the Title Bar ... 53 Table 6 Navigation Panel Summary ...
Page 30 P-2602H(W)(L)-DxA Series User’s Guide Table 39 Wireless: WPA(2)-PSK ... 129 Table 40 Wireless: WPA(2) ... 130 Table 41 Wireless LAN: Advanced ... 132 Table 42 Network > Wireless LAN > OTIST ... 133 Table 43 MAC Address Filter ... 136 Table 44 Wireless LAN: QoS ...
Page 31 P-2602H(W)(L)-DxA Series User’s Guide Table 82 VPN and NAT ... 226 Table 83 Local ID Type and Content Fields ... 228 Table 84 Peer ID Type and Content Fields ... 228 Table 85 Matching ID Type and Content Configuration Example ... 229 Table 86 Mismatching ID Type and Content Configuration Example ...
Page 32 P-2602H(W)(L)-DxA Series User’s Guide Table 125 Troubleshooting Starting Up Your Device ... 319 Table 126 Troubleshooting the LAN ... 319 Table 127 Troubleshooting the WAN ... 320 Table 128 Troubleshooting Accessing Your Device ... 321 Table 129 Troubleshooting Telephone ... 329 Table 130 Device Specifications ...
Page 33 P-2602H(W)(L)-DxA Series User’s Guide Table 168 RTP Logs ... 389 Table 169 FSM Logs: Caller Side ... 389 Table 170 FSM Logs: Callee Side ... 389 Table 171 PSTN Logs ... 389 Table 172 RFC-2408 ISAKMP Payload Types ... 390 Table 173 Abbreviations Used in the Example Internal SPTGEN Screens Table ...
Page 34 P-2602H(W)(L)-DxA Series User’s Guide List of Tables...
Page 35: Preface
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 36: Graphics Icons Key
P-2602H(W)(L)-DxA Series User’s Guide • Mouse action sequences are denoted using a right angle bracket ( > ). For example, “In Windows, click Start > Settings > Control Panel” means first click the Start button, then point your mouse pointer to Settings and then click Control Panel. •...
Page 37: Getting To Know The Zyxel Device
Getting To Know the ZyXEL This chapter describes the key features and applications of your device Introducing the P-2602H(W)(L)-Dx Series The P-2602H(W)(L)-DxA series are Integrated Access Devices (IADs) that combine an ADSL2+ router with Voice over IP (VoIP) communication capabilities to allow you to use a traditional analog or ISDN telephone to make Internet calls.
Page 38: Features
P-2602H(W)(L)-DxA Series User’s Guide Models with “3” as the next to the last character (like the P-2602HWL-D3A) denote a device that works over ISDN (Integrated Services Digital Network). Models with “1” or “7” as the next to the last character (like the P-2602HWL-D1A or the P-2602HWL-D7A) denote a device that works over T-ISDN (UR-2).
Page 39: Auto Firmware Upgrade
PSTN Line (“L” models only) You can connect a PSTN line to your device. You can receive incoming PSTN phone calls even while someone else is making VoIP phone calls. You can dial a (prefix) number to make an outgoing PSTN call. You can still make PSTN phone calls if your device loses power. Note: When the ZyXEL Device does not have power, only the phone connected to the PHONE 1 port can be used for making calls.
Page 40 P-2602H(W)(L)-DxA Series User’s Guide Network Address Translation (NAT) Network Address Translation (NAT) allows the translation of an Internet protocol address used within one network (for example a private IP address used in a local network) to a different IP address known within another network (for example a public IP address used on the Internet).
Page 41: Echo Cancellation
Echo Cancellation You device supports G.168, an ITU-T standard for eliminating the echo caused by the sound of your voice reverberating in the telephone receiver while you talk. QoS (Quality of Service) Quality of Service (QoS) mechanisms help to provide better service on a per-flow basis. Your device supports Type of Service (ToS) tagging and Differentiated Services (DiffServ) tagging.
Page 42: Wireless Features ("W" Models Only)
P-2602H(W)(L)-DxA Series User’s Guide Multiple PVC (Permanent Virtual Circuits) Support Your device supports up to 8 Permanent Virtual Circuits (PVC’s). IP Alias IP alias allows you to partition a physical network into logical networks over the same Ethernet interface. Your device supports three logical LAN interfaces via its single physical Ethernet interface with the your device itself as the gateway for each LAN network.
Page 43: Wep Encryption
Table 3 IEEE 802.11g DATA RATE (MBPS) 5.5 / 11 6/9/12/18/24/36/48/54 Note: Your device may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs. IEEE 802.11g+ Wireless LAN Your device supports IEEE 802.11g+ to allow any ZyXEL WLAN devices that also support IEEE 802.1g+ to associate with the ZyXEL Device at higher transmission speeds than with...
Page 44: Applications For The Zyxel Device
P-2602H(W)(L)-DxA Series User’s Guide 1.4 Applications for the ZyXEL Device Here are some example uses for which the ZyXEL Device is well suited. 1.4.1 Internet Access Your device is the ideal high-speed Internet access solution. It supports the TCP/IP protocol, which the Internet uses exclusively.
Page 45: Make Peer-To-Peer Calls
Figure 2 Internet Telephony Service Provider Application 1.4.3 Make Peer-to-peer Calls You can call directly to someone’s IP address without using a SIP proxy server. Peer-to-peer calls are also called “Point to Point” or “IP-to-IP” calls. You must know the peer’s IP address in order to do this.
Page 46: Lan To Lan Application
P-2602H(W)(L)-DxA Series User’s Guide Figure 4 Firewall Application 1.4.5 LAN to LAN Application You can use your device to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application is shown as follows. Figure 5 LAN-to-LAN Application Chapter 1 Getting To Know the ZyXEL Device...
Page 47: Leds
1.4.6 LEDs Figure 6 LEDs The following table describes your device’s LEDs. Table 4 LEDs COLOR POWER Green None ETHERNET Green None WLAN Green (“W” models only) None Chapter 1 Getting To Know the ZyXEL Device P-2602H(W)(L)-DxA Series User’s Guide STATUS DESCRIPTION Your device is receiving power and functioning properly.
Page 48 P-2602H(W)(L)-DxA Series User’s Guide Table 4 LEDs (continued) COLOR Green None INTERNET Green None PHONE 1, 2 Green Orange None Refer to the Quick Start Guide for information on hardware connections. STATUS DESCRIPTION Your device has a DSL connection. Blinking Your device is initializing the DSL line.
Page 49: Introducing The Web Configurator
This chapter describes how to access and navigate the web configurator. 2.1 Web Configurator Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions.
Page 50: Figure 7 Password Screen
P-2602H(W)(L)-DxA Series User’s Guide Figure 7 Password Screen 5 The following screen displays if you have not yet changed your password. It is highly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.
Page 51: The Reset Button
Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes. If this happens, log in again. Figure 9 Wizard or Advanced Screen 2.1.2 The RESET Button You can use the RESET button at the back of the device to turn the wireless LAN off or on. You can also use it to activate OTIST in order to assign your wireless security settings to wireless clients.
Page 52: Web Configurator Main Screen
P-2602H(W)(L)-DxA Series User’s Guide 2.2 Web Configurator Main Screen Figure 10 Main Screen As illustrated above, the main screen is divided into these parts: • A - title bar • B - navigation panel • C - main window • D - status bar 2.2.1 Title Bar The title bar allows you to change the language and provides some icons in the upper right corner.
Page 53: Navigation Panel
The icons provide the following functions. Table 5 Web Configurator Icons in the Title Bar ICON DESCRIPTION Help: Click this icon to open up help screens. Wizards: Click this icon to go to the configuration wizards. See for more information. Logout: Click this icon to log out of the web configurator.
Page 54 P-2602H(W)(L)-DxA Series User’s Guide Table 6 Navigation Panel Summary LINK Phone Analog Phone Common Region Phone Book Incoming Call Policy Speed Dial PSTN Line General (“L” models only) Security Firewall General Rules Anti Probing Threshold Content Filter Keyword Schedule Trusted Setup Monitor VPN Global...
Page 55: Main Window
Table 6 Navigation Panel Summary LINK Remote MGMT WWW Telnet SNMP ICMP UPnP General Maintenance System General Time Setting Logs View Log Log Settings Tools Firmware Configuration Restart Diagnostic General DSL Line 2.2.3 Main Window The main window displays information and configuration fields. It is discussed in the rest of this document.
Page 56 P-2602H(W)(L)-DxA Series User’s Guide Chapter 2 Introducing the Web Configurator...
Page 57: Internet And Wireless Setup Wizard
Internet and Wireless Setup This chapter provides information on the Wizard Setup screens for Internet access in the web configurator. 3.1 Introduction Use the wizard setup screens to configure your system for Internet access with the information given to you by your ISP. Note: See the advanced menu chapters for background information on these fields.
Page 58: Figure 12 Wizard Welcome
P-2602H(W)(L)-DxA Series User’s Guide Figure 12 Wizard Welcome 3 Your ZyXEL device attempts to detect your DSL connection and your connection type. Figure 13 Auto Detection: No DSL Connection b The following screen displays if a PPPoE or PPPoA connection is The following screen appears if a connection is not detected.
Page 59: Manual Configuration
Figure 14 Auto-Detection: PPPoE Figure 15 Auto Detection: Failed 3.2.1 Manual Configuration 1 If the ZyXEL Device fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen exactly as your Chapter 3 Internet and Wireless Setup Wizard P-2602H(W)(L)-DxA Series User’s Guide The following screen appears if the ZyXEL device detects a...
Page 60: Figure 16 Internet Access Wizard Setup: Isp Parameters
P-2602H(W)(L)-DxA Series User’s Guide SIP provider gave it to you. Leave the defaults in any fields for which you were not given information. Figure 16 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 7 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION...
Page 61: Figure 17 Internet Connection With Pppoe
Table 7 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Next Click Next to continue to the next wizard screen. The next wizard screen you see depends on what protocol you chose above. Exit Click Exit to close the wizard screen without saving your changes. 2 The next wizard screen varies depending on what mode and encapsulation type you use.
Page 62: Figure 18 Internet Connection With Rfc 1483
P-2602H(W)(L)-DxA Series User’s Guide Figure 18 Internet Connection with RFC 1483 The following table describes the fields in this screen. Table 9 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field.
Page 63: Figure 20 Internet Connection With Pppoa
The following table describes the fields in this screen. Table 10 Internet Connection with ENET ENCAP LABEL DESCRIPTION Obtain an IP A static IP address is a fixed IP that your ISP gives you. A dynamic IP address is not Address fixed;...
Page 64: Figure 21 Connection Test Failed-1
P-2602H(W)(L)-DxA Series User’s Guide Table 11 Internet Connection with PPPoA (continued) LABEL DESCRIPTION Back Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. •...
Page 65: Wireless Connection Wizard Setup
3.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. Figure 23 Connection Test Successful 2 Use this screen to activate the wireless LAN and OTIST.
Page 66: Figure 25 Wireless Lan
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 12 Wireless LAN Setup Wizard 1 LABEL Active Enable OTIST Setup Key Back Next Exit 3 Configure your wireless settings in this screen. Click Next. Figure 25 Wireless LAN The following table describes the labels in this screen.
Page 67: Manually Assign A Wpa Key
Table 13 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Security Select Automatically assign a WPA key (only available if you enable OTIST) if you want OTIST to configure a WPA key for you. Select Manually assign a WPA-PSK key to configure a Pre-Shared Key (WPA-PSK). Choose this option only if your wireless clients support WPA.
Page 68: Manually Assign A Wep Key
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 14 Manually Assign a WPA key LABEL DESCRIPTION Pre-Shared Type from 8 to 63 case-sensitive ASCII characters. You can set up the most secure wireless connection by configuring WPA in the wireless LAN screens. You need to configure an authentication server to do this.
Page 69: Figure 28 Wireless Lan Setup 3
The following table describes the labels in this screen. Table 15 Manually Assign a WEP key LABEL DESCRIPTION The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission. Enter any 5, 13 or 29 ASCII characters or 10, 26 or 58 hexadecimal characters ("0-9", "A-F") for a 64-bit, 128-bit or 256-bit WEP key respectively.
Page 70: Figure 29 Internet Access And Wlan Wizard Setup Complete
P-2602H(W)(L)-DxA Series User’s Guide Figure 29 Internet Access and WLAN Wizard Setup Complete 7 Launch your web browser and navigate to www.zyxel.com. Internet access is just the beginning. Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features.
Page 71: Voip Wizard And Example
VoIP Wizard And Example This chapter shows you how to configure your SIP account(s) and make a VoIP phone call. 4.1 Introduction The ZyXEL Device has Voice over IP (VoIP) communication capabilities that allow you to use a traditional analog telephone to make Internet calls. You can configure the ZyXEL Device to use up to two SIP based VoIP accounts.
Page 72: Figure 31 Select A Mode
P-2602H(W)(L)-DxA Series User’s Guide Figure 31 Select a Mode 2 Click VOICE OVER INTERNET SETUP to configure your SIP settings. Figure 32 Wizard: Welcome Chapter 4 VoIP Wizard And Example...
Page 73: Figure 33 Voip Wizard Configuration
3 Fill in the VOICE OVER INTERNET SETUP wizard screen with the information provided by your VoIP service provider. Your VoIP service provider supplies you with the following information. When you are finished, click Apply. Table 16 Sample SIP Account Information INFORMATION FROM VOIP SERVICE PROVIDER...
Page 74: Figure 34 Sip Registration Test
P-2602H(W)(L)-DxA Series User’s Guide Table 17 VoIP Wizard Configuration LABEL SIP Service Domain User Name Password Check here to set up SIP2 settings. Back Apply Exit 4 Your ZyXEL Device will attempt to register your SIP account with your VoIP service provider.
Page 75: Figure 35 Voip Wizard Fail
Figure 35 VoIP Wizard Fail 6 This screen displays if your SIP account registration was successful. Click Return to Wizard Main Page if you want to use another configuration wizard. Click Go to Advanced Setup page or Finish to close the wizard and go to the main web configurator screens.
Page 76 P-2602H(W)(L)-DxA Series User’s Guide Chapter 4 VoIP Wizard And Example...
Page 77: Bandwidth Management Wizard
Bandwidth Management Wizard This chapter shows you how to configure basic bandwidth management using the wizard screens. 5.1 Introduction Bandwidth management allows you to control the amount of bandwidth going out through the ZyXEL Device’s WAN port and prioritize the distribution of the bandwidth according to service bandwidth requirements.
Page 78: Bandwidth Management Wizard Setup
P-2602H(W)(L)-DxA Series User’s Guide Table 18 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION NetMeeting A multimedia communications product from Microsoft that enables groups to (H.323) teleconference and videoconference over the Internet. NetMeeting supports VoIP, text chat sessions, a whiteboard, and file transfers and application sharing. NetMeeting uses H.323.
Page 79: Figure 37 Select A Mode
Figure 37 Select a Mode 2 Click BANDWIDTH MANAGEMENT SETUP. Figure 38 Wizard: Welcome 3 Activate bandwidth management and select to allocate bandwidth to packets based on the packet size or services. Chapter 5 Bandwidth Management Wizard P-2602H(W)(L)-DxA Series User’s Guide...
Page 80: Figure 39 Bandwidth Management Wizard: General Information
P-2602H(W)(L)-DxA Series User’s Guide Figure 39 Bandwidth Management Wizard: General Information The following fields describe the label in this screen. Table 19 Bandwidth Management Wizard: General Information LABEL DESCRIPTION Active Select the Active check box to have the ZyXEL Device apply bandwidth management to traffic going out through the ZyXEL Device’s WAN, LAN or WLAN port.
Page 81: Figure 41 Bandwidth Management Wizard: Complete
The following table describes the labels in this screen. Table 20 Bandwidth Management Wizard: Service Configuration LABEL DESCRIPTION Active Select Active to enable bandwidth management for service specified traffic. Select an entry’s Active check box to turn on bandwidth management for the service/ application.
Page 82 P-2602H(W)(L)-DxA Series User’s Guide Chapter 5 Bandwidth Management Wizard...
Page 83: Chapter 6 Status Screens
Use the Status screens to look at the current status of the device, system resources, interfaces (LAN and WAN), and SIP accounts. You can also register and unregister SIP accounts. The Status screen also provides detailed information from Any IP and DHCP and statistics from VoIP, bandwidth management, and traffic.
Page 84: Table 21 Status Screen
P-2602H(W)(L)-DxA Series User’s Guide Each field is described in the following table. Table 21 Status Screen LABEL DESCRIPTION Refresh Interval Enter how often you want the ZyXEL Device to update this screen. Apply Click this to update this screen immediately. Device Information Host Name This field displays the ZyXEL Device system name.
Page 85 Table 21 Status Screen LABEL DESCRIPTION Security Firewall This displays whether or not the ZyXEL Device’s firewall is activated. Click this to go to the screen where you can change it. Content Filter This displays whether or not the ZyXEL Device’s content filtering is activated. Click this to go to the screen where you can change it.
Page 86: Any Ip Table
P-2602H(W)(L)-DxA Series User’s Guide Table 21 Status Screen LABEL DESCRIPTION Bandwidth Click this link to view the ZyXEL Device’s bandwidth usage and allotments. See Status Section 19.9 on page VPN Status Click this link to view the ZyXEL Device’s current VPN connections. See 17.16 on page Packet Click this link to view port status and packet specific statistics.
Page 87: Wlan Status ("W" Models Only)
Each field is described in the following table. Table 22 Any IP Table LABEL DESCRIPTION This field is a sequential value. It is not associated with a specific entry. IP Address This field displays the IP address of each computer that is using the ZyXEL Device but is in a different subnet than the ZyXEL Device.
Page 88: Figure 45 Packet Statistics
P-2602H(W)(L)-DxA Series User’s Guide Figure 45 Packet Statistics The following table describes the fields in this screen. Table 24 Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/Time This field displays your ZyXEL Device’s present date and time.
Page 89: Voip Statistics
Table 24 Packet Statistics (continued) LABEL DESCRIPTION Up Time This field displays the elapsed time this port has been up. LAN Port Statistics Ethernet This field displays either Ethernet (LAN ports) or Wireless (WLAN port). Status For the LAN ports, this field displays Down (line is down) or Up (line is up or connected).
Page 90: Table 25 Voip Statistics
P-2602H(W)(L)-DxA Series User’s Guide Each field is described in the following table. Table 25 VoIP Statistics LABEL DESCRIPTION SIP Status Account This column displays each SIP account in the ZyXEL Device. Registration This field displays the current registration status of the SIP account. You can change this in the Status screen.
Page 91 Table 25 VoIP Statistics LABEL DESCRIPTION Tx B/s This field displays how quickly the ZyXEL Device has transmitted packets in the current call. The rate is the average number of bytes transmitted per second. Rx B/s This field displays how quickly the ZyXEL Device has received packets in the current call.
Page 92 P-2602H(W)(L)-DxA Series User’s Guide Chapter 6 Status Screens...
Page 93: Chapter 7 Wan Setup
This chapter describes how to configure WAN settings. 7.1 WAN Overview A WAN (Wide Area Network) is an outside connection to another network or the Internet. 7.1.1 Encapsulation Be sure to use the encapsulation method required by your ISP. The ZyXEL Device supports the following methods.
Page 94: Pppoa
P-2602H(W)(L)-DxA Series User’s Guide By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 95: Ip Address Assignment
7.1.4 IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP.
Page 96: Metric
P-2602H(W)(L)-DxA Series User’s Guide 7.2 Metric The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1" for directly connected networks. The number must be between "1"...
Page 97: Atm Traffic Classes
Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more cells (up to the MBS) can be sent at the PCR again. If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate.
Page 98: Unspecified Bit Rate (Ubr)
P-2602H(W)(L)-DxA Series User’s Guide The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level.
Page 99: Figure 48 Internet Access Setup (Pppoe)
Figure 48 Internet Access Setup (PPPoE) The following table describes the labels in this screen. Table 26 Internet Access Setup LABEL General Mode Encapsulation User Name Password Service Name Multiplexing Virtual Circuit ID Chapter 7 WAN Setup P-2602H(W)(L)-DxA Series User’s Guide DESCRIPTION Select Routing (default) from the drop-down list box if your ISP allows multiple computers to share an Internet account.
Page 100 P-2602H(W)(L)-DxA Series User’s Guide Table 26 Internet Access Setup (continued) LABEL IP Address IP Address Subnet Mask (ENET ENCAP encapsulation only) Gateway IP address (ENET ENCAP encapsulation only) DNS Server First DNS Server Second DNS Server Third DNS Server Connection (PPPoA and PPPoE encapsulation only) Nailed-Up...
Page 101: Advanced Internet Access Setup
Table 26 Internet Access Setup (continued) LABEL Cancel Advanced Setup 7.5.1 Advanced Internet Access Setup To edit your ZyXEL Device's advanced WAN settings, click the Advanced Setup button in the Internet Access Setup screen. The screen appears as shown. Figure 49 Advanced Internet Access Setup The following table describes the labels in this screen.
Page 102: Wan More Connections
P-2602H(W)(L)-DxA Series User’s Guide Table 27 Advanced Internet Access Setup (continued) LABEL DESCRIPTION Peak Cell Rate Divide the DSL line rate (bps) by 424 (the size of an ATM cell) to find the Peak Cell Rate (PCR). This is the maximum rate at which the sender can send cells. Type the PCR here.
Page 103: Traffic Redirect
Figure 50 WAN More Connections The following table describes the labels in this screen. Table 28 Advanced Internet Access Setup LABEL DESCRIPTION This is an index number indicating the number of the corresponding connection. Active This field indicates whether the connection is active or not. Name This is the name you gave to the Internet connection.
Page 104: Figure 51 Traffic Redirect Example
P-2602H(W)(L)-DxA Series User’s Guide Figure 51 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN. Use IP alias to configure the LAN into two or three logical networks with the ZyXEL Device itself as the gateway for each LAN network.
Page 105: Wan Backup Setup
7.8 WAN Backup Setup To configure your ZyXEL Device’s WAN backup, click Network > WAN > WAN Backup Setup. The following table describes the labels in this screen. Table 29 WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
Page 106 P-2602H(W)(L)-DxA Series User’s Guide Table 29 WAN Backup Setup (continued) LABEL DESCRIPTION Timeout Type the number of seconds (3 recommended) for your ZyXEL Device to wait for a ping response from one of the IP addresses in the Check WAN IP Address field before timing out the request.
Page 107: Chapter 8 Lan Setup
This chapter describes how to configure LAN settings. 8.1 LAN Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is a computer network limited to the immediate area, usually the same building or floor of a building.
Page 108: Dhcp Setup
P-2602H(W)(L)-DxA Series User’s Guide 8.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients.
Page 109: Dns Server Address Assignment
8.1.4 DNS Server Address Assignment Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a computer before you can access it. There are two ways that an ISP disseminates the DNS server addresses.
Page 110: Private Ip Addresses
P-2602H(W)(L)-DxA Series User’s Guide 8.2.1.1 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP addresses specifically for private networks: •...
Page 111: Multicast
8.2.3 Multicast Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender - 1 recipient) or Broadcast (1 sender - everybody on the network). Multicast delivers IP packets to a group of hosts on the network - not everybody and not just 1. IGMP (Internet Group Multicast Protocol) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data.
Page 112: How Any Ip Works
P-2602H(W)(L)-DxA Series User’s Guide Figure 54 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the ZyXEL Device’s IP address. Note: You must enable NAT/SUA to use the Any IP feature on the ZyXEL Device.
Page 113: Configuring Lan Ip
After all the routing information is updated, the computer can access the ZyXEL Device and the Internet as if it is in the same subnet as the ZyXEL Device. 8.3 Configuring LAN IP Click Network > LAN to open the IP screen. See information.
Page 114: Figure 56 Advanced Lan Setup
P-2602H(W)(L)-DxA Series User’s Guide Figure 56 Advanced LAN Setup The following table describes the labels in this screen. Table 31 Advanced LAN Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only. RIP Version Select the RIP version from RIP-1, RIP-2B and RIP-2M.
Page 115: Dhcp Setup
8.4 DHCP Setup Click Network > DHCP Setup to open this screen. Use this screen to configure the DNS server information that the ZyXEL Device sends to the DHCP client devices on the LAN. Figure 57 DHCP Setup The following table describes the labels in this screen. Table 32 DHCP Setup LABEL DHCP Setup...
Page 116: Lan Client List
P-2602H(W)(L)-DxA Series User’s Guide Table 32 DHCP Setup LABEL First DNS Server Second DNS Server Third DNS Server Apply Cancel 8.5 LAN Client List This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses. Every Ethernet device has a unique MAC (Media Access Control) address.
Page 117: Lan Ip Alias
The following table describes the labels in this screen. Table 33 LAN Client List LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify. MAC Address Enter the MAC address of a computer on your LAN.
Page 118: Figure 59 Physical Network & Partitioned Logical Networks
P-2602H(W)(L)-DxA Series User’s Guide Figure 59 Physical Network & Partitioned Logical Networks Click Network > LAN > IP Alias to open the following screen. Use this screen to change your ZyXEL Device’s IP alias settings. Figure 60 LAN IP Alias The following table describes the labels in this screen.
Page 119 Table 34 LAN IP Alias LABEL DESCRIPTION RIP Direction RIP (Routing Information Protocol, RFC 1058 and RFC 1389) allows a router to exchange routing information with other routers. The RIP Direction field controls the sending and receiving of RIP packets. Select the RIP direction from Both/In Only/Out Only/None.
Page 120 P-2602H(W)(L)-DxA Series User’s Guide Chapter 8 LAN Setup...
Page 121: Chapter 9 Wireless Lan
This chapter discusses how to configure the wireless network settings in your ZyXEL Device. See the appendices for more detailed information about wireless networks.This chapter applies to the “W” models only. 9.1 Wireless Network Overview The following figure provides an example of a wireless network. Figure 61 Example of a Wireless Network The wireless network is the part in the blue circle.
Page 122: Wireless Security Overview
P-2602H(W)(L)-DxA Series User’s Guide Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information. • Every device in the same wireless network must use security compatible with the AP. Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network.
Page 123: User Authentication
9.2.3 User Authentication Authentication is the process of verifying whether a wireless device is allowed to use the wireless network. You can make every user log in to the wireless network before they can use it. However, every device in the wireless network has to support IEEE 802.1x to do this. For wireless networks, you can store the user names and passwords for each user in a RADIUS server.
Page 124: One-Touch Intelligent Security Technology (Otist)
P-2602H(W)(L)-DxA Series User’s Guide When you select WPA2 or WPA2-PSK in your ZyXEL Device, you can also select an option (WPA compatible) to support WPA as well. In this case, if some of the devices support WPA and some support WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the ZyXEL Device.
Page 125: Additional Wireless Terms
9.4 Additional Wireless Terms The following table describes wireless network terms and acronyms used in the ZyXEL Device. TERM Intra-BSS Traffic RTS/CTS Threshold Preamble Authentication Max. Frame Burst Fragmentation Threshold Roaming 9.5 General WLAN Screen Note: If you are configuring the ZyXEL Device from a computer connected to the wireless LAN and you change the ZyXEL Device’s SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm.
Page 126: No Security
P-2602H(W)(L)-DxA Series User’s Guide Figure 62 Wireless LAN: General The following table describes the general wireless LAN labels in this screen. Table 36 Wireless LAN: General LABEL DESCRIPTION Active Wireless Click the check box to activate wireless LAN. Network (Service Set IDentity) The SSID identifies the Service Set with which a wireless Name(SSID) station is associated.
Page 127: Wep Encryption Screen
Note: If you do not enable any wireless security on your ZyXEL Device, your network is accessible to any wireless networking device that is within range. Figure 63 Wireless: No Security The following table describes the labels in this screen. Table 37 Wireless No Security LABEL DESCRIPTION...
Page 128: Wpa(2)-Psk
P-2602H(W)(L)-DxA Series User’s Guide Figure 64 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 38 Wireless: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box. Passphrase Enter a Passphrase (up to 32 printable characters) and clicking Generate.
Page 129: Figure 65 Wireless: Wpa(2)-Psk
Figure 65 Wireless: WPA(2)-PSK The following table describes the wireless LAN security labels in this screen. Table 39 Wireless: WPA(2)-PSK LABEL DESCRIPTION Security Mode Choose WPA-PSK or WPA2-PSK from the drop-down list box. WPA Compatible This field is only available for WPA2-PSK. Select this if you want the ZyXEL Device to support WPA-PSK and WPA2-PSK simultaneously.
Page 130: Wpa(2) Authentication Screen
P-2602H(W)(L)-DxA Series User’s Guide 9.5.4 WPA(2) Authentication Screen In order to configure and enable WPA Authentication; click the Wireless LAN link under Network to display the Wireless screen. Select WPA or WPA2 from the Security list. Figure 66 Wireless: WPA(2) The following table describes the wireless LAN security labels in this screen.
Page 131: Wireless Lan Advanced Setup
Table 40 Wireless: WPA(2) LABEL DESCRIPTION Idle Timeout The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour).
Page 132: Figure 67 Advanced
P-2602H(W)(L)-DxA Series User’s Guide Figure 67 Advanced The following table describes the labels in this screen. Table 41 Wireless LAN: Advanced LABEL DESCRIPTION Wireless Advanced Setup RTS/CTS Enter a value between 0 and 2432. If you select the G+ Enhanced checkbox a value Threshold of 4096 is displayed.
Page 133: Otist Screen
9.6 OTIST Screen Use this screen to set up and start OTIST on the ZyXEL Device in your wireless network.To open this screen, click Network > Wireless LAN > OTIST. Figure 68 Network > Wireless LAN > OTIST The following table describes the labels in this screen. Table 42 Network >...
Page 134: Figure 69 Example: Wireless Client Otist Screen
P-2602H(W)(L)-DxA Series User’s Guide Figure 69 Example: Wireless Client OTIST Screen To start OTIST in the device, click Start in this screen. Note: You must click Start in the ZyXEL Device and in the wireless device(s) within three minutes of each other. You can start OTIST in the wireless devices and the ZyXEL Device in any order.
Page 135: Notes On Otist
Figure 72 OTIST: In Progress on the Wireless Device These screens close when the transfer is complete. 9.6.1 Notes on OTIST 1 If you enable OTIST in a wireless device, you see this screen each time you start the utility. Click Yes to search for an OTIST-enabled AP (in other words, the ZyXEL Device).
Page 136: Mac Filter
P-2602H(W)(L)-DxA Series User’s Guide 9.7 MAC Filter To change your ZyXEL Device’s MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. Figure 74 MAC Address Filter The following table describes the labels in this menu. Table 43 MAC Address Filter LABEL DESCRIPTION...
Page 137: Qos Screen
Table 43 MAC Address Filter LABEL DESCRIPTION MAC Address Enter the MAC addresses of the wireless station that are allowed or denied access to the ZyXEL Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
Page 138: Application Priority Configuration
P-2602H(W)(L)-DxA Series User’s Guide Table 44 Wireless LAN: QoS LABEL WMM QoS Policy Name Service Dest Port Priority Modify Apply 9.8.1 Application Priority Configuration To edit a WMM QoS application entry, click the edit icon under Modify. The following screen displays. Figure 76 Application Priority Configuration DESCRIPTION Select Default to have the ZyXEL Device automatically give a service a...
Page 139: Table 45 Application Priority Configuration
Appendix 31 on page 371 following table describes the fields in this screen. Table 45 Application Priority Configuration LABEL Application Priority Configuration Name Service Dest Port Priority Apply Cancel Chapter 9 Wireless LAN P-2602H(W)(L)-DxA Series User’s Guide for a list of commonly-used services and destination ports. The DESCRIPTION Type a description of the application priority.
Page 140 P-2602H(W)(L)-DxA Series User’s Guide Chapter 9 Wireless LAN...
Page 141: Network Address Translation (Nat) Screens
Network Address Translation This chapter discusses how to configure NAT on the ZyXEL Device. 10.1 NAT Overview NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 142: What Nat Does
P-2602H(W)(L)-DxA Series User’s Guide 10.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 143: Nat Application
10.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. Figure 78 NAT Application With IP Alias 10.1.5 NAT Mapping Types NAT supports five types of IP/port mapping.
Page 144: Sua (Single User Account) Versus Nat
P-2602H(W)(L)-DxA Series User’s Guide Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these types. Table 47 NAT Mapping Types TYPE One-to-One Many-to-One (SUA/PAT) Many-to-Many Overload Many-to-Many No Overload Server 10.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 145: Port Forwarding
Figure 79 NAT General The following table describes the labels in this screen. Table 48 NAT General LABEL DESCRIPTION Active Select this check box to enable NAT. Network Address Translation (NAT) SUA Only Select this radio button if you have just one public WAN IP address for your ZyXEL Device.
Page 146: Default Server Ip Address
P-2602H(W)(L)-DxA Series User’s Guide You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers.
Page 147: Configuring Port Forwarding
10.5 Configuring Port Forwarding Note: If you do not assign a Default Server IP address, the ZyXEL Device discards all packets received for ports that are not specified here or in the remote management setup. Click Network > NAT > Port Forwarding to open the following screen. Appendix F on page 371 Figure 81 Port Forwarding The following table describes the fields in this screen.
Page 148: Port Forwarding Rule Edit
P-2602H(W)(L)-DxA Series User’s Guide Table 49 Port Forwarding LABEL Modify Click the edit icon to go to the screen where you can edit the port forwarding rule. Click the delete icon to delete an existing port forwarding rule. Note that subsequent address mapping rules move up by one when you take this action.
Page 149: Sip Alg
Table 50 Port Forwarding Rule Setup (continued) LABEL Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. 10.5.2 SIP ALG Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream.
Page 150 P-2602H(W)(L)-DxA Series User’s Guide Chapter 10 Network Address Translation (NAT) Screens...
Page 151: Chapter 11 Voice
This chapter provides background information on VoIP and SIP and explains how to configure your device’s voice settings. 11.1 Introduction to VoIP VoIP is the sending of voice signals over the Internet Protocol. This allows you to make phone calls and send faxes over the Internet at a fraction of the cost of using the traditional circuit- switched telephone network.
Page 152: Sip Service Domain
P-2602H(W)(L)-DxA Series User’s Guide 11.2.1.2 SIP Service Domain The SIP service domain of the VoIP service provider is the domain name in a SIP URI. For example, if the SIP address is 1122334455@VoIP-provider.com, then “VoIP-provider.com” is the SIP service domain. 11.2.2 SIP Call Progression The following figure displays the basic steps in the setup and tear down of a SIP call.
Page 153: Sip User Agent
11.2.3.1 SIP User Agent A SIP user agent can make and receive VoIP telephone calls. This means that SIP can be used for peer-to-peer communications even though it is a client-server protocol. In the following figure, either A or B can act as a SIP user agent client to initiate a call. A and B can also both act as a SIP user agent to receive the call.
Page 154: Sip Redirect Server
P-2602H(W)(L)-DxA Series User’s Guide 11.2.3.3 SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server.
Page 155: Figure 87 Sip > Sip Settings
Figure 87 SIP > SIP Settings Each field is described in the following table. Table 53 SIP > SIP Settings LABEL DESCRIPTION SIP Account Select the SIP account you want to see in this screen. If you change this field, the screen automatically refreshes.
Page 156: Rtp
P-2602H(W)(L)-DxA Series User’s Guide Table 53 SIP > SIP Settings LABEL DESCRIPTION SIP Service Enter the SIP service domain name. In the full SIP URI, this is the part after the @ Domain symbol. You can use up to 127 printable ASCII Extended set characters. Send Caller ID Select this if you want to send identification when you make VoIP phone calls.
Page 157: Pstn Call Setup Signaling
11.6 PSTN Call Setup Signaling Dual-Tone MultiFrequency (DTMF) signaling uses pairs of frequencies (one lower frequency and one higher frequency) to set up calls. It is also known as Touch Tone®. Each of the keys on a DTMF telephone corresponds to a different pair of frequencies. Pulse dialing sends a series of clicks to the local phone office in order to dial numbers.
Page 158: Listening To Custom Tones
P-2602H(W)(L)-DxA Series User’s Guide 4 You can continue to add, listen to, or delete tones, or you can hang up the receiver when you are done. 11.8.0.2 Listening to Custom Tones Do the following to listen to a custom tone: 1 Pick up the phone and press “****”...
Page 159: Figure 88 Voip > Sip Settings > Advanced
P-2602H(W)(L)-DxA Series User’s Guide Figure 88 VoIP > SIP Settings > Advanced Chapter 11 Voice...
Page 160: Table 55 Voip > Sip Settings > Advanced
P-2602H(W)(L)-DxA Series User’s Guide Each field is described in the following table. Table 55 VoIP > SIP Settings > Advanced LABEL DESCRIPTION SIP Account This field displays the SIP account you see in this screen. SIP Server Set- tings URL Type Select whether or not to include the SIP service domain name when the ZyXEL Device sends the SIP number.
Page 161 Table 55 VoIP > SIP Settings > Advanced LABEL DESCRIPTION DTMF Mode Control how the ZyXEL Device handles the tones that your telephone makes when you push its buttons. You should use the same mode your VoIP service provider uses. RFC 2833 - send the DTMF tones in RTP packets.
Page 162: Quality Of Service (Qos)
P-2602H(W)(L)-DxA Series User’s Guide Table 55 VoIP > SIP Settings > Advanced LABEL DESCRIPTION Back Click this to return to the SIP Settings screen without saving your changes. Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value.
Page 163: Vlan
The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network. Based on the marking rule, different kinds of traffic can be marked for different priorities of forwarding. Resources can then be allocated according to the DSCP values and the configured policies.
Page 164: Phone
P-2602H(W)(L)-DxA Series User’s Guide Table 56 SIP > QoS LABEL DESCRIPTION Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. 11.11 Phone You can configure the volume, echo cancellation and VAD settings for each individual phone port on the ZyXEL Device.
Page 165: Analog Phone Screen
11.13 Analog Phone Screen Use this screen to control which SIP accounts and PSTN line each phone uses. To access this screen, click VoIP > Phone > Analog Phone. Figure 91 Phone > Analog Phone Each field is described in the following table. Table 57 Phone >...
Page 166: Advanced Analog Phone Setup Screen
P-2602H(W)(L)-DxA Series User’s Guide Table 57 Phone > Analog Phone LABEL DESCRIPTION Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. Advanced Setup Click this to edit the advanced settings for this phone port.
Page 167: Common Phone Settings Screen
Table 58 Phone > Analog Phone > Advanced LABEL DESCRIPTION Dialing Interval Select Dialing Interval Enter the number of seconds the ZyXEL Device should wait after you stop dialing Select numbers before it makes the phone call. The value depends on how quickly you dial phone numbers.
Page 168: Supplementary Phone Services Overview
P-2602H(W)(L)-DxA Series User’s Guide 11.15 Supplementary Phone Services Overview Supplementary services such as call hold, call waiting, call transfer, … are generally available from your VoIP service provider. The ZyXEL Device supports the following services: • Call Hold • Call Waiting •...
Page 169: European Call Hold
Table 60 European Flash Key Commands COMMAND SUB-COMMAND Flash Flash Flash *98# 11.15.2.1 European Call Hold Call hold allows you to put a call (A) on hold by pressing the flash key. If you have another call, press the flash key and then “2” to switch back and forth between caller A and B by putting either one on hold.
Page 170: European Three-Way Conference
P-2602H(W)(L)-DxA Series User’s Guide 2 When you hear the dial tone, dial “*98#” followed by the number to which you want to transfer the call. to operate the Intercom. 3 After you hear the ring signal or the second party answers it, hang up the phone. 11.15.2.4 European Three-Way Conference Use the following steps to make three-way conference calls.
Page 171: Usa Call Waiting
11.15.3.2 USA Call Waiting This allows you to place a call on hold while you answer another incoming call on the same telephone (directory) number. If there is a second call to your telephone number, you will hear a call waiting tone. Press the flash key to put the first call on hold and answer the second call.
Page 172: Speed Dial
P-2602H(W)(L)-DxA Series User’s Guide Figure 94 VoIP > Phone > Region Each field is described in the following table. Table 62 VoIP > Phone > Region LABEL DESCRIPTION Region Settings Select the place in which the ZyXEL Device is located. Call Service Mode Select the mode for supplementary phone services (call hold, call waiting, call transfer and three-way conference calls) that your VoIP service provider supports.
Page 173: Speed Dial Screen
11.18 Speed Dial Screen You have to create speed-dial entries if you want to make peer-to-peer calls or call SIP numbers that use letters. You can also create speed-dial entries for frequently-used SIP phone numbers. Use this screen to add, edit, or remove speed-dial numbers for outgoing calls. To access this screen, click VoIP >...
Page 174: Incoming Call Policy Screen
P-2602H(W)(L)-DxA Series User’s Guide Table 63 Phone Book > Speed Dial LABEL DESCRIPTION Speed Dial Phone Use this section to look at all the speed-dial entries and to erase them. Book Speed Dial This field displays the speed-dial number you should dial to use this entry. Number This field displays the SIP number the ZyXEL Device calls when you dial the speed-dial number.
Page 175: Figure 96 Phone Book > Incoming Call Policy
Figure 96 Phone Book > Incoming Call Policy You can create two sets of call-forwarding rules. Each one is stored in a call-forwarding table. Each field is described in the following table. Table 64 Phone Book > Incoming Call Policy LABEL DESCRIPTION Table Number...
Page 176: Pstn Line Screen ("L" Models Only)
P-2602H(W)(L)-DxA Series User’s Guide Table 64 Phone Book > Incoming Call Policy LABEL DESCRIPTION Advanced Setup The ZyXEL Device checks these rules before it checks the rules in the Forward to Number section. This field is a sequential value, and it is not associated with a specific rule. The sequence is important, however.
Page 177: Figure 97 Pstn Line > General
Figure 97 PSTN Line > General Each field is described in the following table. Table 65 PSTN Line > General LABEL DESCRIPTION PSTN Line Pre-fix Enter 1 - 7 numbers you dial before you dial the phone number, if you want to Number make a regular phone call while one of your SIP accounts is registered.
Page 178 P-2602H(W)(L)-DxA Series User’s Guide Chapter 11 Voice...
Page 179: Chapter 12 Phone Usage
This chapter describes how to use a phone connected to your ZyXEL Device for basic tasks. 12.1 Dialing a Telephone Number The PHONE LED turns green when your SIP account is registered. Dial a SIP number like “12345” on your phone’s keypad. Use speed dial entries (see that use letters.
Page 180: Auto Firmware Upgrade
P-2602H(W)(L)-DxA Series User’s Guide 12.5 Auto Firmware Upgrade During auto-provisioning, the ZyXEL Device checks to see if there is a newer firmware version. If newer firmware is available, the ZyXEL Device plays a recording when you pick up your phone’s handset. Press “*99#”...
Page 181: Chapter 13 Firewalls
This chapter gives some background information on firewalls and introduces the ZyXEL Device firewall. 13.1 Firewall Overview Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from one room to another. The networking term “firewall” is a system or group of systems that enforces an access-control policy between two networks.
Page 182: Application-Level Firewalls
P-2602H(W)(L)-DxA Series User’s Guide 13.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have a number of general advantages over the default mode of permitting application traffic directly to internal hosts: Information hiding prevents the names of internal systems from being made known via DNS...
Page 183: Denial Of Service Attacks
• The LAN (Local Area Network) port attaches to a network of computers, which needs security from the outside world. These computers will have access to Internet services such as e-mail, FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service.
Page 184: Types Of Dos Attacks
P-2602H(W)(L)-DxA Series User’s Guide Table 66 Common IP Ports Telnet SMTP 13.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification. 3 Brute-force attacks that flood a network with useless data.
Page 185: Figure 100 Syn Flood
Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established. •...
Page 186: Icmp Vulnerability
P-2602H(W)(L)-DxA Series User’s Guide Figure 101 Smurf Attack 13.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 67 ICMP Commands That Trigger Alerts REDIRECT TIMESTAMP_REQUEST TIMESTAMP_REPLY ADDRESS_MASK_REQUEST ADDRESS_MASK_REPLY 13.4.2.2 Illegal Commands (NetBIOS and SMTP) The only legal NetBIOS commands are the following - all others are illegal.
Page 187: Traceroute
13.4.2.3 Traceroute Traceroute is a utility used to determine the path a packet takes between two endpoints. Sometimes when a packet filter firewall is configured incorrectly an attacker can traceroute the firewall gaining knowledge of the network topology inside the firewall. Often, many DoS attacks also employ a technique known as "IP Spoofing"...
Page 188: Stateful Inspection Process
P-2602H(W)(L)-DxA Series User’s Guide The previous figure shows the ZyXEL Device’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked.
Page 189: Tcp Security
• Allow certain types of traffic from the Internet to specific hosts on the LAN. • Allow access to a Web server to everyone but competitors. • Restrict use of certain protocols, such as Telnet, to authorized users on the LAN. These custom rules work by evaluating the network traffic’s Source IP address, Destination IP address, IP protocol type, and comparing these to rules set by the administrator.
Page 190: Upper Layer Protocols
P-2602H(W)(L)-DxA Series User’s Guide A similar situation exists for ICMP, except that the ZyXEL Device is even more restrictive. Specifically, only outgoing echoes will allow incoming echo replies, outgoing address mask requests will allow incoming address mask replies, and outgoing timestamp requests will allow incoming timestamp replies.
Page 191: Packet Filtering Vs Firewall
• Encourage your company or organization to develop a comprehensive security plan. Good network administration takes into account what hackers can do and prepares against attacks. The best defense against hackers and crackers is information. Educate all employees about the importance of security and how to minimize risk. Produce lists like this one! •...
Page 192: When To Use Filtering
P-2602H(W)(L)-DxA Series User’s Guide 13.7.1.1 When To Use Filtering • To block/allow LAN packets by their MAC addresses. • To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets. • To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the specific inside host/network "A"...
Page 193: Firewall Configuration
This chapter shows you how to enable and configure the ZyXEL Device firewall. 14.1 Access Methods The web configurator is, by far, the most comprehensive firewall configuration tool your ZyXEL Device has to offer. For this reason, it is recommended that you configure your firewall using the web configurator.
Page 194: Rule Logic Overview
P-2602H(W)(L)-DxA Series User’s Guide Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them. For example, you may create rules to: •...
Page 195: Key Fields For Configuring Rules
4 Does a rule that allows Internet users access to resources on the LAN create a security vulnerability? For example, if FTP ports (TCP 20, 21) are allowed from the Internet to the LAN, Internet users may be able to connect to computers with running FTP servers. 5 Does this rule conflict with any existing rules? 6 Once these questions have been answered, adding rules is simply a matter of plugging the information into the correct fields in the web configurator screens.
Page 196: Lan To Wan Rules
P-2602H(W)(L)-DxA Series User’s Guide 14.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non- restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN.
Page 197: Firewall Rules Summary
The following table describes the labels in this screen. Table 70 Firewall: General LABEL DESCRIPTION Active Firewall Select this check box to activate the firewall. The ZyXEL Device performs access control and protects against Denial of Service (DoS) attacks when the firewall is activated.
Page 198: Figure 104 Firewall Rules
P-2602H(W)(L)-DxA Series User’s Guide Figure 104 Firewall Rules The following table describes the labels in this screen. Table 71 Firewall Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is currently using.
Page 199: Configuring Firewall Rules
Table 71 Firewall Rules (continued) LABEL DESCRIPTION This field shows you whether a log is created when packets match this rule (Yes) or not (No). Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Remove icon to delete an existing firewall rule.
Page 200: Figure 105 Firewall: Edit Rule
P-2602H(W)(L)-DxA Series User’s Guide Figure 105 Firewall: Edit Rule Chapter 14 Firewall Configuration...
Page 201: Table 72 Firewall: Edit Rule
The following table describes the labels in this screen. Table 72 Firewall: Edit Rule LABEL DESCRIPTION Active Select this option to enable this firewall rule. Action for Matched Use the drop-down list box to select whether to discard (Drop), deny and send Packet an ICMP destination-unreachable message to the sender of (Reject) or allow the passage of (Permit) packets that match this rule.
Page 202: Customized Services
P-2602H(W)(L)-DxA Series User’s Guide 14.6.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website. See Customized Services link while editing a firewall rule to configure a custom service port. This displays the following screen.
Page 203: Example Firewall Rule
Figure 107 Firewall: Configure Customized Services The following table describes the labels in this screen. Table 74 Firewall: Configure Customized Services LABEL DESCRIPTION Service Name Type a unique name for your custom port. Service Type Choose the IP port (TCP, UDP or TCP/UDP) that defines your customized port from the drop down list box.
Page 204: Figure 108 Firewall Example: Rules
P-2602H(W)(L)-DxA Series User’s Guide Figure 108 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
Page 205: Figure 110 Firewall Example: Edit Rule: Destination Address
P-2602H(W)(L)-DxA Series User’s Guide Figure 110 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box.
Page 206: Figure 111 Firewall Example: Edit Rule: Select Customized Services
P-2602H(W)(L)-DxA Series User’s Guide Figure 111 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Page 207: Dos Thresholds
Figure 112 Firewall Example: Rules: MyService 14.8 DoS Thresholds For DoS attacks, the ZyXEL Device uses thresholds to determine when to drop sessions that do not become fully established. These thresholds apply globally to all sessions. You can use the default threshold values, or you can change them to values more suitable to your security requirements.
Page 208: Half-Open Sessions
P-2602H(W)(L)-DxA Series User’s Guide You should make any changes to the threshold values before you continue configuring firewall rules. 14.8.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "half- open"...
Page 209: Configuring Firewall Thresholds
14.8.3 Configuring Firewall Thresholds The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall, and Threshold to bring up the next screen. Figure 113 Firewall: Threshold The following table describes the labels in this screen.
Page 210 P-2602H(W)(L)-DxA Series User’s Guide Table 75 Firewall: Threshold (continued) LABEL DESCRIPTION Maximum This is the number of existing half-open Incomplete Low sessions that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number.
Page 211: Chapter 15 Content Filtering
This chapter covers how to configure content filtering. 15.1 Content Filtering Overview Internet content filtering allows you to create and enforce Internet access policies tailored to your needs. Content filtering gives you the ability to block web sites that contain key words (that you specify) in the URL.
Page 212: Configuring The Schedule
P-2602H(W)(L)-DxA Series User’s Guide The following table describes the labels in this screen. Table 76 Content Filter: Keyword LABEL Active Keyword Blocking Block Websites that contain these keywords in the URL: Delete Clear All Keyword Add Keyword Apply Cancel 15.3 Configuring the Schedule To set the days and times for the ZyXEL Device to perform content filtering, click Security >...
Page 213: Configuring Trusted Computers
The following table describes the labels in this screen. Table 77 Content Filter: Schedule LABEL DESCRIPTION Schedule Select Block Everyday to make the content filtering active everyday. Otherwise, select Edit Daily to Block and configure which days of the week (or everyday) and which time of the day you want the content filtering to be active.
Page 214 P-2602H(W)(L)-DxA Series User’s Guide Chapter 15 Content Filtering...
Page 215: Chapter 16 Introduction To Ipsec
This chapter introduces the basics of IPSec VPNs. 16.1 VPN Overview A VPN (Virtual Private Network) provides secure communications between sites without the expense of leased site-to-site lines. A secure VPN is a combination of tunneling, encryption, authentication, access control and auditing technologies/services used to transport traffic over the Internet or any insecure network that uses the TCP/IP protocol suite for communication.
Page 216: Data Confidentiality
P-2602H(W)(L)-DxA Series User’s Guide Figure 117 Encryption and Decryption 16.1.3.2 Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. 16.1.3.3 Data Integrity The IPSec receiver can validate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.
Page 217: Ipsec Algorithms
Figure 118 IPSec Architecture 16.2.1 IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
Page 218: Transport Mode
P-2602H(W)(L)-DxA Series User’s Guide Figure 119 Transport and Tunnel Mode IPSec Encapsulation 16.3.1 Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
Page 219: Table 79 Vpn And Nat
NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted.
Page 220 P-2602H(W)(L)-DxA Series User’s Guide Chapter 16 Introduction to IPSec...
Page 221: Chapter 17 Vpn Screens
This chapter introduces the VPN screens. See viewing logs and the appendix for IPSec log descriptions. 17.1 VPN/IPSec Overview Use the screens documented in this chapter to configure rules for VPN connections and manage VPN connections. 17.2 IPSec Algorithms The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an IPSec VPN.
Page 222: My Ip Address
P-2602H(W)(L)-DxA Series User’s Guide Table 80 AH and ESP DES (default) Data Encryption Standard (DES) is a widely used method of data encryption using a private (secret) key. DES applies a 56-bit key to each 64-bit block of data. 3DES Triple DES (3DES) is a variant of DES, which iterates three times with three separate keys ENCRYPTION...
Page 223: Secure Gateway Address
17.4 Secure Gateway Address Secure Gateway Address is the WAN IP address or domain name of the remote IPSec router (secure gateway). If the remote secure gateway has a static WAN IP address, enter it in the Secure Gateway Address field. You may alternatively enter the remote secure gateway’s domain name (if it has one) in the Secure Gateway Address field.
Page 224: Figure 121 Vpn Setup
P-2602H(W)(L)-DxA Series User’s Guide Figure 121 VPN Setup The following table describes the fields in this screen. Table 81 VPN Setup LABEL DESCRIPTION This is the VPN policy index number. Click a number to edit VPN policies. Active This field displays whether the VPN policy is active or not. A Yes signifies that this VPN policy is active.
Page 225: Keep Alive
Table 81 VPN Setup LABEL DESCRIPTION Remote This is the IP address(es) of computer(s) on the remote network behind the remote Address IPSec router. This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In this case only the remote IPSec router can initiate the VPN. The same (static) IP address is displayed twice when the Remote Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Single.
Page 226: Vpn, Nat, And Nat Traversal
P-2602H(W)(L)-DxA Series User’s Guide 17.7 VPN, NAT, and NAT Traversal NAT is incompatible with the AH protocol in both transport and tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet, but a NAT device between the IPSec endpoints rewrites the source or destination address.
Page 227: Remote Dns Server
Y* - This is supported in the ZyXEL Device if you enable NAT traversal. 17.8 Remote DNS Server In cases where you want to use domain names to access Intranet servers on a remote network that has a DNS server, you must identify that DNS server. You cannot use DNS servers on the LAN or from the ISP since these DNS servers cannot resolve domain names to private IP addresses on the remote network The following figure depicts an example where three VPN tunnels are created from ZyXEL...
Page 228: Table 83 Local Id Type And Content Fields
P-2602H(W)(L)-DxA Series User’s Guide Regardless of the ID type and content configuration, the ZyXEL Device does not allow you to save multiple active rules with overlapping local and remote IP addresses. With main mode (seeSection 17.12.1 on page provide identity protection. In this case the ZyXEL Device can only distinguish between up to 12 different incoming SAs that connect from remote IPSec routers that have dynamic WAN IP addresses.
Page 229: Id Type And Content Examples
17.9.1 ID Type and Content Examples Two IPSec routers must have matching ID type and content configuration in order to set up a VPN tunnel. The two ZyXEL Devices in this example can complete negotiation and establish a VPN tunnel. Table 85 Matching ID Type and Content Configuration Example ZYXEL DEVICE A Local ID type: E-mail...
Page 230: Figure 124 Edit Vpn Policies
P-2602H(W)(L)-DxA Series User’s Guide Figure 124 Edit VPN Policies The following table describes the fields in this screen. Table 87 Edit VPN Policies LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. This option determines whether a VPN rule is applied before a packet leaves the firewall.
Page 231 Table 87 Edit VPN Policies LABEL DESCRIPTION NAT Traversal This function is available if the VPN protocol is ESP. Select this check box if you want to set up a VPN tunnel when there are NAT routers between the ZyXEL Device and remote IPSec router. The remote IPSec router must also enable NAT traversal, and the NAT routers have to forward UDP port 500 packets to the remote IPSec router behind the NAT router.
Page 232 P-2602H(W)(L)-DxA Series User’s Guide Table 87 Edit VPN Policies LABEL DESCRIPTION Remote Remote IP addresses must be static and correspond to the remote IPSec router's configured local IP addresses. The remote fields do not apply when the Secure Gateway IP Address field is configured to 0.0.0.0. In this case only the remote IPSec router can initiate the VPN.
Page 233 Table 87 Edit VPN Policies LABEL DESCRIPTION Peer ID Type Select IP to identify the remote IPSec router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address. Content The configuration of the peer content depends on the peer ID type.
Page 234: Ike Phases
P-2602H(W)(L)-DxA Series User’s Guide Table 87 Edit VPN Policies LABEL DESCRIPTION Encryption Select DES, 3DES, AES or NULL from the drop-down list box. Algorithm When you use one of these encryption algorithms for data communications, both the sending device and the receiving device must use the same secret key, which can be used to encrypt and decrypt the message or to generate and verify a message authentication code.
Page 235: Negotiation Mode
• Choose an encryption algorithm. • Choose an authentication algorithm. • Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2). • Set the IKE SA lifetime. This field allows you to determine how long an IKE SA should stay up before it times out. An IKE SA times out when the IKE SA lifetime period expires.
Page 236: Diffie-Hellman (Dh) Key Groups
P-2602H(W)(L)-DxA Series User’s Guide 17.12.2 Diffie-Hellman (DH) Key Groups Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA setup to establish session keys. 768-bit (Group 1 - DH1) and 1024-bit (Group 2 – DH2) Diffie-Hellman groups are supported.
Page 237: Figure 126 Advanced Vpn Policies
Figure 126 Advanced VPN Policies The following table describes the fields in this screen. Table 88 Advanced VPN Policies LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
Page 238 P-2602H(W)(L)-DxA Series User’s Guide Table 88 Advanced VPN Policies LABEL DESCRIPTION Negotiation Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation.
Page 239: Manual Key Setup
Table 88 Advanced VPN Policies LABEL DESCRIPTION Authentication Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and Algorithm SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower.
Page 240: Figure 127 Vpn: Manual Key
P-2602H(W)(L)-DxA Series User’s Guide Figure 127 VPN: Manual Key The following table describes the fields in this screen. Table 89 VPN: Manual Key LABEL DESCRIPTION IPSec Setup Active Select this check box to activate this VPN policy. Name Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces.
Page 241 Table 89 VPN: Manual Key (continued) LABEL DESCRIPTION DNS Server (for If there is a private DNS server that services the VPN, type its IP address here. IPSec VPN) The ZyXEL Device assigns this additional DNS server to the ZyXEL Device 's DHCP clients that have IP addresses in this IPSec rule's range of local addresses.
Page 242: Viewing Sa Monitor
P-2602H(W)(L)-DxA Series User’s Guide Table 89 VPN: Manual Key (continued) LABEL DESCRIPTION My IP Address Enter the WAN IP address of your ZyXEL Device. The VPN tunnel has to be rebuilt if this IP address changes. The following applies if this field is configured as 0.0.0.0: The ZyXEL Device uses the current ZyXEL Device WAN IP address (static or dynamic) to set up the VPN tunnel.
Page 243: Figure 128 Vpn: Sa Monitor
When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. Device renegotiate an IPSec SA when the SA lifetime expires, even if there is no traffic. Figure 128 VPN: SA Monitor The following table describes the fields in this screen.
Page 244: Configuring Global Setting
P-2602H(W)(L)-DxA Series User’s Guide 17.17 Configuring Global Setting To change your ZyXEL Device’s global settings, click VPN and then Global Setting. The screen appears as shown. Figure 129 VPN: Global Setting The following table describes the fields in this screen. Table 91 VPN: Global Setting LABEL Windows Networking...
Page 245: Telecommuters Using Unique Vpn Rules Example
Figure 130 Telecommuters Sharing One VPN Rule Example Table 92 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS My IP Address: 0.0.0.0 (dynamic IP address assigned by the ISP) Secure Gateway IP Public static IP address Address: Local IP Address: Telecommuter A: 192.168.2.12 Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15...
Page 246: Figure 131 Telecommuters Using Unique Vpn Rules Example
P-2602H(W)(L)-DxA Series User’s Guide Figure 131 Telecommuters Using Unique VPN Rules Example Table 93 Telecommuters Using Unique VPN Rules Example TELECOMMUTERS All Telecommuter Rules: My IP Address 0.0.0.0 Secure Gateway Address: bigcompanyhq.com Remote IP Address: 192.168.1.10 Peer ID Type: E-mail Peer ID Content: bob@bigcompanyhq.com Telecommuter A (telecommutera.dydns.org) Local ID Type: IP...
Page 247: Vpn And Remote Management
17.19 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote Management) to allow access for that service. Chapter 17 VPN Screens P-2602H(W)(L)-DxA Series User’s Guide...
Page 248 P-2602H(W)(L)-DxA Series User’s Guide Chapter 17 VPN Screens...
Page 249: Chapter 18 Static Route
This chapter shows you how to configure static routes for your ZyXEL Device. 18.1 Static Route Each remote node specifies only the network to which the gateway is directly connected, and the ZyXEL Device has no knowledge of the networks beyond. For instance, the ZyXEL Device knows about network N2 in the following figure through remote node Router 1.
Page 250: Static Route Edit
P-2602H(W)(L)-DxA Series User’s Guide Figure 133 Static Route The following table describes the labels in this screen. Table 94 Static Route LABEL DESCRIPTION This is the number of an individual static route. Active This field shows whether this static route is active (Yes) or not (No). Name This is the name that describes or identifies this route.
Page 251: Figure 134 Static Route Edit
Figure 134 Static Route Edit The following table describes the labels in this screen. Table 95 Static Route Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Route Name Enter the name of the IP static route. Leave this field blank to delete this static route. Destination IP This parameter specifies the IP network address of the final destination.
Page 252 P-2602H(W)(L)-DxA Series User’s Guide Chapter 18 Static Route...
Page 253: Chapter 19 Bandwidth Management
Bandwidth Management This chapter contains information about configuring bandwidth management, editing rules and viewing the ZyXEL Device’s bandwidth management logs. 19.1 Bandwidth Management Overview ZyXEL’s Bandwidth Management allows you to specify bandwidth management rules based on an application and/or subnet. You can allocate specific amounts of bandwidth capacity (bandwidth budgets) to different bandwidth rules.
Page 254: Application And Subnet-Based Bandwidth Management
P-2602H(W)(L)-DxA Series User’s Guide The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 135 Subnet-based Bandwidth Management Example 19.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application.
Page 255: Fairness-Based Scheduler
19.5.2 Fairness-based Scheduler The ZyXEL Device divides bandwidth equally among bandwidth classes when using the fairness-based scheduler; thus preventing one bandwidth class from using all of the interface’s bandwidth. 19.6 Maximize Bandwidth Usage The maximize bandwidth usage option (see Device to divide up any available bandwidth on the interface (including unallocated bandwidth and any allocated bandwidth that a class is not using) among the bandwidth classes that require more bandwidth.
Page 256: Maximize Bandwidth Usage Example
P-2602H(W)(L)-DxA Series User’s Guide 19.6.2 Maximize Bandwidth Usage Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each bandwidth class’s bandwidth budget. The classes are set up based on subnets. The interface is set to 10240 kbps. Each subnet is allocated 2048 kbps.
Page 257: Fairness-Based Allotment Of Unused And Unbudgeted Bandwidth
• Research requires more bandwidth but only gets its budgeted 2048 kbps because all of the unbudgeted and unused bandwidth goes to the higher priority sales and marketing classes. 19.6.2.2 Fairness-based Allotment of Unused and Unbudgeted Bandwidth The following table shows the amount of bandwidth that each class gets. Table 99 Fairness-based Allotment of Unused and Unbudgeted Bandwidth Example BANDWIDTH CLASSES AND ALLOTMENTS Root Class: 10240 kbps...
Page 258: Figure 136 Bandwidth Management: Summary
P-2602H(W)(L)-DxA Series User’s Guide Enable bandwidth management on an interface and set the maximum allowed bandwidth for that interface. Figure 136 Bandwidth Management: Summary The following table describes the labels in this screen. Table 101 Media Bandwidth Management: Summary LABEL DESCRIPTION Interface These read-only labels represent the physical interfaces.
Page 259: Bandwidth Management Rule Setup
Table 101 Media Bandwidth Management: Summary (continued) LABEL DESCRIPTION Select this check box to have the ZyXEL Device divide up all of the interface’s Bandwidth unallocated and/or unused bandwidth among the bandwidth classes that require Usage bandwidth. Do not select this if you want to reserve bandwidth for traffic that does not match a bandwidth class or you want to limit the transmission speed of this interface (see the Speed field description).
Page 260: Rule Configuration
P-2602H(W)(L)-DxA Series User’s Guide Table 102 Bandwidth Management: Rule Setup (continued) LABEL DESCRIPTION Bandwidth (kbps) Specify the maximum bandwidth allowed for the rule in kbps. The recommendation is a setting between 20 kbps and 20000 kbps for an individual rule. If you want to leave some bandwidth for traffic that does not match a bandwidth filter, make sure that the interface’s root class has more bandwidth than the sum of the bandwidths of the interface’s bandwidth management rules.
Page 261: Table 103 Bandwidth Management Rule Configuration
Appendix F on page 371 describes the labels in this screen. Table 103 Bandwidth Management Rule Configuration LABEL Rule Configuration Rule Name BW Budget Priority Use All Managed Bandwidth Filter Configuration Service Destination Address Enter the destination IP address in dotted decimal notation. Destination Subnet Netmask Destination Port...
Page 262: Bandwidth Monitor
P-2602H(W)(L)-DxA Series User’s Guide Table 103 Bandwidth Management Rule Configuration (continued) LABEL Source Subnet Netmask Source Port Protocol Back Apply Cancel 19.9 Bandwidth Monitor To view the ZyXEL Device’s bandwidth usage, click Advanced > Bandwidth MGMT > Monitor. The screen appears as shown. Select an interface from the drop-down list box to view the bandwidth usage of its bandwidth rules.
Page 263: Chapter 20 Dynamic Dns Setup
This chapter discusses how to configure your ZyXEL Device to use Dynamic DNS. 20.1 Dynamic DNS Overview Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect.
Page 264: Figure 140 Dynamic Dns
P-2602H(W)(L)-DxA Series User’s Guide Figure 140 Dynamic DNS The following table describes the fields in this screen. Table 104 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider. Dynamic DNS Select the type of service that you are registered for from your Dynamic DNS Type...
Page 265 Table 104 Dynamic DNS (continued) LABEL DESCRIPTION Dynamic DNS Select this option only when there are one or more NAT routers between the ZyXEL server auto Device and the DDNS server. This feature has the DDNS server automatically detect IP detect and use the IP address of the NAT router that has a public IP address.
Page 266 P-2602H(W)(L)-DxA Series User’s Guide Chapter 20 Dynamic DNS Setup...
Page 267: Remote Management Configuration
This chapter provides information on configuring remote management. 21.1 Remote Management Overview Remote management allows you to determine which services/protocols can access which ZyXEL Device interface (if any) from which computers. Note: When you configure remote management to allow management from the WAN, you still need to configure a firewall rule to allow access.
Page 268: Remote Management And Nat
P-2602H(W)(L)-DxA Series User’s Guide • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately. • There is already another remote management session with an equal or higher priority running.
Page 269: Telnet
The following table describes the labels in this screen. Table 105 Remote Management: WWW LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Page 270: Configuring Ftp
P-2602H(W)(L)-DxA Series User’s Guide Figure 143 Remote Management: Telnet The following table describes the labels in this screen. Table 106 Remote Management: Telnet LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 271: Snmp
Figure 144 Remote Management: FTP The following table describes the labels in this screen. Table 107 Remote Management: FTP LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. Access Status Select the interface(s) through which a computer may access the ZyXEL Device using this service.
Page 272: Supported Mibs
P-2602H(W)(L)-DxA Series User’s Guide Figure 145 SNMP Management Model An SNMP managed network consists of two main types of component: agents and a manager. An agent is a management software module that resides in a managed device (the ZyXEL Device). An agent translates the local management information from the managed device into a form compatible with SNMP.
Page 273: Snmp Traps
21.6.2 SNMP Traps The ZyXEL Device will send traps to the SNMP manager when any one of the following events occurs: Table 108 SNMP Traps TRAP # TRAP NAME coldStart (defined in RFC-1215) warmStart (defined in RFC-1215) authenticationFailure (defined in RFC-1215) whyReboot (defined in ZYXEL- MIB)
Page 274: Figure 146 Remote Management: Snmp
P-2602H(W)(L)-DxA Series User’s Guide Figure 146 Remote Management: SNMP The following table describes the labels in this screen. Table 109 Remote Management: SNMP LABEL SNMP Port Access Status Secured Client IP SNMP Configuration Get Community Set Community Trap Community Destination Apply Cancel DESCRIPTION...
Page 275: Configuring Dns
21.7 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to Chapter 8 on page 107 To change your ZyXEL Device’s DNS settings, click Advanced > Remote MGMT > DNS. The screen appears as shown.
Page 276: Figure 148 Remote Management: Icmp
P-2602H(W)(L)-DxA Series User’s Guide If an outside user attempts to probe an unsupported port on your ZyXEL Device, an ICMP response packet is automatically returned. This allows the outside user to know the ZyXEL Device exists. Your ZyXEL Device supports anti-probing, which prevents the ICMP response packet from being sent.
Page 277: Universal Plug-And-Play (Upnp)
Universal Plug-and-Play (UPnP) This chapter introduces the UPnP feature in the web configurator. 22.1 Introducing Universal Plug and Play Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network.
Page 278: Cautions With Upnp
P-2602H(W)(L)-DxA Series User’s Guide 22.1.3 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. When a UPnP device joins a network, it announces its presence with a multicast message.
Page 279: Installing Upnp In Windows Example
The following table describes the fields in this screen. Table 112 Configuring UPnP LABEL Active the Universal Plug and Play (UPnP) Feature Allow users to make configuration changes through UPnP Allow UPnP to pass through Firewall Apply Cancel 22.3 Installing UPnP in Windows Example This section shows how to install UPnP in Windows Me and Windows XP.
Page 280: Figure 150 Add/Remove Programs: Windows Setup: Communication
P-2602H(W)(L)-DxA Series User’s Guide Figure 150 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 151 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next. 5 Restart the computer when prompted.
Page 281: Figure 152 Network Connections
Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. 1 Click Start and Control Panel. 2 Double-click Network Connections. 3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components ….
Page 282: Using Upnp In Windows Xp Example
P-2602H(W)(L)-DxA Series User’s Guide Figure 154 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 22.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device.
Page 283: Figure 155 Network Connections
P-2602H(W)(L)-DxA Series User’s Guide Figure 155 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Figure 156 Internet Connection Properties Chapter 22 Universal Plug-and-Play (UPnP)
Page 284: Figure 157 Internet Connection Properties: Advanced Settings
P-2602H(W)(L)-DxA Series User’s Guide 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 157 Internet Connection Properties: Advanced Settings Figure 158 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Page 285: Figure 159 System Tray Icon
Figure 159 System Tray Icon 7 Double-click on the icon to display your current Internet connection status. Figure 160 Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the ZyXEL Device without finding out the IP address of the ZyXEL Device first.
Page 286: Figure 161 Network Connections
P-2602H(W)(L)-DxA Series User’s Guide Figure 161 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. Chapter 22 Universal Plug-and-Play (UPnP)
Page 287: Figure 162 Network Connections: My Network Places
P-2602H(W)(L)-DxA Series User’s Guide Figure 162 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 163 Network Connections: My Network Places: Properties: Example Chapter 22 Universal Plug-and-Play (UPnP)
Page 288 P-2602H(W)(L)-DxA Series User’s Guide Chapter 22 Universal Plug-and-Play (UPnP)
Page 289: Chapter 23 System
Use this screen to configure the ZyXEL Device’s time and date settings. 23.1 General Setup and System Name General Setup contains administrative and system-related information. System Name is for identification purposes. However, because some ISPs check this name you should enter your computer's "Computer Name".
Page 290: Figure 164 System General Setup
P-2602H(W)(L)-DxA Series User’s Guide Figure 164 System General Setup The following table describes the labels in this screen. Table 113 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name”...
Page 291: Time Setting
23.2 Time Setting To change your ZyXEL Device’s time and date, click Maintenance > System > Time Setting. The screen appears as shown. Use this screen to configure the ZyXEL Device’s time based on your local time zone. Figure 165 System Time Setting The following table describes the fields in this screen.
Page 292 P-2602H(W)(L)-DxA Series User’s Guide Table 114 System Time Setting (continued) LABEL DESCRIPTION New Time This field displays the last updated time from the time server or the last time configured manually. (hh:mm:ss) When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply.
Page 293 Table 114 System Time Setting (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Enable Daylight Saving. The o'clock field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the last Sunday of October.
Page 294 P-2602H(W)(L)-DxA Series User’s Guide Chapter 23 System...
Page 295: Chapter 24 Logs
This chapter contains information about configuring general log settings and viewing the ZyXEL Device’s logs. Refer to the appendix for example log message explanations. 24.1 Logs Overview The web configurator allows you to choose which categories of events and/or alerts to have the ZyXEL Device log and then display the logs or have the ZyXEL Device send them to an administrator (as e-mail) or to a syslog server.
Page 296: Configuring Log Settings
P-2602H(W)(L)-DxA Series User’s Guide Figure 166 View Log The following table describes the fields in this screen. Table 115 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box. Select a category of logs to view;...
Page 297: Figure 167 Log Settings
Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many e- mails being sent. Figure 167 Log Settings The following table describes the fields in this screen.
Page 298 P-2602H(W)(L)-DxA Series User’s Guide Table 116 Log Settings LABEL DESCRIPTION Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyXEL Device sends. Not all ZyXEL Device models have this field. Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field.
Page 299: Smtp Error Messages
24.4 SMTP Error Messages If there are difficulties in sending e-mail the following error message appears. “SMTP action request failed. ret= ??". The “??"are described in the following table. Table 117 SMTP Error Messages -1 means ZyXEL Device out of socket -2 means tcp SYN fail -3 means smtp server OK fail -4 means HELO fail...
Page 300: Figure 168 E-Mail Log Example
P-2602H(W)(L)-DxA Series User’s Guide Figure 168 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 | 09:54:03 |UDP src port:00520 dest port:00520 2|Apr 7 00 |From:192.168.1.131 | 09:54:17 |UDP src port:00520 dest port:00520 3|Apr 7 00 |From:192.168.1.6...
Page 301: Chapter 25 Tools
This chapter explains how to upload new firmware, manage configuration files and restart your ZyXEL Device. Note: Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR ZyXEL Device. 25.1 Introduction Use the instructions in this chapter to change the device’s configuration file or upgrade its firmware.
Page 302: File Maintenance Over Wan
P-2602H(W)(L)-DxA Series User’s Guide This is a sample FTP session saving the current configuration to the computer file “ ”. config.cfg If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the ZyXEL Device only recognizes “rom-0” and “ras”.
Page 303: Figure 169 Firmware Upgrade
Figure 169 Firmware Upgrade The following table describes the labels in this screen. Table 119 Firmware Upgrade LABEL DESCRIPTION Current Firmware This is the present Firmware version and the date created. Version File Path Type in the location of the file you want to upload in this field or click Browse ... to find it.
Page 304: Backup And Restore
P-2602H(W)(L)-DxA Series User’s Guide The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 171 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear.
Page 305: Backup Configuration
Figure 173 Configuration 25.5.1 Backup Configuration Backup Configuration allows you to back up (save) the ZyXEL Device’s current configuration to a file on your computer. Once your ZyXEL Device is configured and functioning properly, it is highly recommended that you back up your configuration file before making configuration changes.
Page 306: Figure 174 Configuration Upload Successful
P-2602H(W)(L)-DxA Series User’s Guide After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. Figure 174 Configuration Upload Successful The ZyXEL Device automatically restarts in this time causing a temporary network disconnect.
Page 307: Reset To Factory Defaults
25.5.3 Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears. Figure 177 Reset Warning Message Figure 178 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your ZyXEL Device.
Page 308: Using Ftp Or Tftp To Back Up Configuration
P-2602H(W)(L)-DxA Series User’s Guide 25.7 Using FTP or TFTP to Back Up Configuration This section covers how to use FTP or TFTP to save your device’s configuration file to your computer. 25.7.1 Using the FTP Commands to Back Up Configuration 1 Launch the FTP client on your computer.
Page 309: Configuration Backup Using Gui-Based Ftp Clients
25.7.3 Configuration Backup Using GUI-based FTP Clients The following table describes some of the commands that you may see in GUI-based FTP clients. Table 121 General Commands for GUI-based FTP Clients COMMAND Host Address Login Type Transfer Type Initial Remote Directory Initial Local Directory 25.7.4 Backup Configuration Using TFTP The ZyXEL Device supports the up/downloading of the firmware and the configuration file...
Page 310: Tftp Command Configuration Backup Example
P-2602H(W)(L)-DxA Series User’s Guide 25.7.5 TFTP Command Configuration Backup Example The following is an example TFTP command: tftp [-i] host get rom-0 config.rom where “ ” specifies binary image transfer mode (use this mode when transferring binary files), “ ” is the ZyXEL Device IP address, “ host , name of the configuration file on the ZyXEL Device) to the file destination on the rom-0...
Page 311: Restore Using Ftp Session Example
Note: WARNING! Do not interrupt the file transfer process as this may PERMANENTLY DAMAGE YOUR device. When the Restore Configuration process is complete, the device will automatically restart. 25.8.1 Restore Using FTP Session Example Figure 181 Restore Using FTP Session Example ftp>...
Page 312: Ftp Session Example Of Firmware File Upload
P-2602H(W)(L)-DxA Series User’s Guide 0 config.rom” transfers the configuration file on the device to your computer and renames it “config.rom.” See earlier in this chapter for more information on filename conventions. 7 Enter “quit” to exit the ftp prompt. 25.9.2 FTP Session Example of Firmware File Upload Figure 182 FTP Session Example of Firmware File Upload 331 Enter PASS command Password:...
Page 313: Tftp Upload Command Example
Note that the telnet connection must be active and the device in CI mode before and during the TFTP transfer. For details on TFTP commands (see following example), please consult the documentation of your TFTP client program. For UNIX, use “get” to transfer from the device to the computer, “put”...
Page 314 P-2602H(W)(L)-DxA Series User’s Guide Chapter 25 Tools...
Page 315: Chapter 26 Diagnostic
These read-only screens display information to help you identify problems with the ZyXEL Device. 26.1 General Diagnostic Click Maintenance > Diagnostic to open the screen shown next. Figure 183 Diagnostic: General The following table describes the fields in this screen. Table 123 Diagnostic: General LABEL DESCRIPTION...
Page 316: Figure 184 Diagnostic: Dsl Line
P-2602H(W)(L)-DxA Series User’s Guide Figure 184 Diagnostic: DSL Line The following table describes the fields in this screen. Table 124 Diagnostic: DSL Line LABEL ATM Status Click this button to view your DSL connection’s Asynchronous Transfer Mode (ATM) statistics. ATM is a networking technology that provides high-speed data transfer. ATM uses fixed-size packets of information called cells.
Page 317 Table 124 Diagnostic: DSL Line (continued) LABEL DSL Line Status Click this button to view statistics about the DSL connections. noise margin downstream is the signal to noise ratio for the downstream part of the connection (coming into the ZyXEL Device from the ISP). It is measured in decibels.
Page 318 P-2602H(W)(L)-DxA Series User’s Guide Chapter 26 Diagnostic...
Page 319: Chapter 27 Troubleshooting
This chapter covers potential problems and the corresponding remedies. 27.1 Problems Starting Up the ZyXEL Device Table 125 Troubleshooting Starting Up Your Device PROBLEM CORRECTIVE ACTION None of the Make sure that the ZyXEL Device’s power adaptor is connected to the ZyXEL Device lights turn on and plugged in to an appropriate power source.
Page 320: Problems With The Wan
P-2602H(W)(L)-DxA Series User’s Guide 27.3 Problems with the WAN Table 127 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL light is Check the telephone wire and connections between the ZyXEL Device DSL port off. and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service.
Page 321: Problems Accessing The Zyxel Device
27.4 Problems Accessing the ZyXEL Device Table 128 Troubleshooting Accessing Your Device PROBLEM CORRECTIVE ACTION I cannot The username is “admin”. The default password is “1234”. The Password and access the Username fields are case-sensitive. Make sure that you enter the correct password ZyXEL Device.
Page 322: Internet Explorer Pop-Up Blockers
P-2602H(W)(L)-DxA Series User’s Guide • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. 27.4.1.1 Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device. Either disable pop-up blocking (enabled by default in Windows XP SP (Service Pack) 2) or allow pop-up blocking and create an exception for your device’s IP address.
Page 323: Figure 186 Internet Options
Figure 186 Internet Options 3 Click Apply to save this setting. 27.4.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Page 324: Figure 187 Internet Options
P-2602H(W)(L)-DxA Series User’s Guide Figure 187 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Chapter 27 Troubleshooting...
Page 325: Javascripts
Figure 188 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 27.4.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
Page 326: Figure 189 Internet Options
P-2602H(W)(L)-DxA Series User’s Guide Figure 189 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
Page 327: Java Permissions
Figure 190 Security Settings - Java Scripting 27.4.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
Page 328: Figure 191 Security Settings - Java
P-2602H(W)(L)-DxA Series User’s Guide Figure 191 Security Settings - Java 27.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window.
Page 329: Telephone Problems
Figure 192 Java (Sun) 27.5 Telephone Problems Table 129 Troubleshooting Telephone PROBLEM CORRECTIVE ACTION The telephone port Check the telephone connections and telephone wire. won’t work or the Make sure you have the VoIP SIP Settings screen properly configured. telephone lacks a dial tone.
Page 330: Problems With Multiple Sip Accounts
P-2602H(W)(L)-DxA Series User’s Guide 27.6 Problems With Multiple SIP Accounts You can set up two SIP accounts on your ZyXEL Device and your ZyXEL Device is equipped with two phone ports. By default your ZyXEL Device uses SIP account 1 with both phone ports for outgoing calls, and it uses SIP accounts 1 and 2 for incoming calls.
Page 331: Incoming Calls
27.6.2 Incoming Calls The following example shows the default behavior of your ZyXEL Device for incoming calls when two SIP accounts are configured and you are using two phones. When a call comes in from your SIP account 1, the phones connected to both phone port 1 and phone port 2 ring. Similarly, when a call comes in from your SIP account 2, the phones connected to both phone port 1 and phone port 2 ring.
Page 332 P-2602H(W)(L)-DxA Series User’s Guide Chapter 27 Troubleshooting...
Page 333: Product Specifications
See also Chapter 1 on page 37 Specification Tables Table 130 Device Specifications Default IP Address Default Subnet Mask Default Password DHCP Server IP Pool Static DHCP Addresses Dimensions Weight Power Specification Built-in Switch PHONE Ports PSTN Line port (“L” models only) RESET Button Antenna...
Page 334: Table 131 Firmware Specifications
P-2602H(W)(L)-DxA Series User’s Guide Table 131 Firmware Specifications ADSL Standards Other Protocol Support Management Support ITU G.992.1 G.dmt (Annex B, U-R2) EOC specified in ITU-T G.992.1 ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL 2/2+ AnnexM ADSL2+ (G.992.5) Reach-Extended ADSL (RE ADSL) SRA (Seamless Rate Adaptation) Auto-negotiating rate adaptation ADSL physical connection ATM AAL5 (ATM Adaptation Layer type 5)
Page 335 Table 131 Firmware Specifications (continued) Wireless (“W” models only) Firewall NAT/SUA Content Filtering Static Routes Appendix A Product Specifications P-2602H(W)(L)-DxA Series User’s Guide IEEE 802.11g Compliance Frequency Range: 2.4 GHz ISM Band Advanced Orthogonal Frequency Division Multiplexing (OFDM) Data Rates: 54Mbps, 11Mbps, 5.5Mbps, 2Mbps, and 1 Mbps Auto Fallback Turn on-off WLAN by reset button (press 1s on reset button to turn on or turn off the WLAN;...
Page 336: P-2602Hwl Series Power Adaptor Specifications
P-2602H(W)(L)-DxA Series User’s Guide Table 131 Firmware Specifications (continued) Voice Features Other Features P-2602HWL Series Power Adaptor Specifications Table 132 P-2602HWL Series Power Adaptor Specifications NORTH AMERICAN PLUG STANDARDS AC Power Adapter Model Input Power Output Power Power Consumption Safety Standards EUROPEAN PLUG STANDARDS AC Power Adapter Model...
Page 337 Table 132 P-2602HWL Series Power Adaptor Specifications (continued) Input Power Output Power Power Consumption Safety Standards UNITED KINGDOM PLUG STANDARDS AC Power Adapter Model Input Power Output Power Power Consumption Safety Standards Appendix A Product Specifications P-2602H(W)(L)-DxA Series User’s Guide AC 100~240Volts/50/60Hz/0.5A AC 100~240Volts/50/60Hz/0.6A DC 18Volts/1A...
Page 338 P-2602H(W)(L)-DxA Series User’s Guide Appendix A Product Specifications...
Page 339: Splitters And Microfilters
This appendix tells you how to install a POTS splitter or a telephone microfilter. Connecting a POTS Splitter When you use the Full Rate (G.dmt) ADSL standard, you can use a POTS (Plain Old Telephone Service) splitter to separate the telephone and ADSL signals. This allows simultaneous Internet access and telephone service on the same line.
Page 340: Zyxel Device With Isdn
P-2602H(W)(L)-DxA Series User’s Guide 1 Connect a phone cable from the wall jack to the single jack end of the Y- Connector. 2 Connect a cable from the double jack end of the Y-Connector to the “wall side” of the microfilter.
Page 341: Setting Up Your Computer's Ip Address
Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/ IP on your computer.
Page 342: Figure 200 Windows 95/98/Me: Network: Configuration
P-2602H(W)(L)-DxA Series User’s Guide Figure 200 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 343: Configuring
3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. Configuring 1 In the Network window Configuration tab, select your network adapter's TCP/IP entry and click Properties 2 Click the IP Address tab.
Page 344: Verifying Settings
P-2602H(W)(L)-DxA Series User’s Guide Figure 202 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted. 7 Turn on your ZyXEL Device and restart your computer when prompted.
Page 345: Figure 203 Windows Xp: Start Menu
Figure 203 Windows XP: Start Menu 2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 204 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix C Setting up Your Computer’s IP Address P-2602H(W)(L)-DxA Series User’s Guide...
Page 346: Figure 205 Windows Xp: Control Panel: Network Connections: Properties
P-2602H(W)(L)-DxA Series User’s Guide Figure 205 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 206 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 347: Figure 207 Windows Xp: Advanced Tcp/Ip Settings
• Figure 207 Windows XP: Advanced TCP/IP Settings 6 If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
Page 348: Verifying Settings
P-2602H(W)(L)-DxA Series User’s Guide 7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • • Figure 208 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click OK to close the Local Area Connection Properties window. 10Turn on your ZyXEL Device and restart your computer (if prompted).
Page 349: Macintosh Os 8/9
Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 209 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Appendix C Setting up Your Computer’s IP Address P-2602H(W)(L)-DxA Series User’s Guide...
Page 350: Verifying Settings
P-2602H(W)(L)-DxA Series User’s Guide Figure 210 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: • • • • 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration.
Page 351: Verifying Settings
2 Click Network in the icon bar. • • • 3 For dynamically assigned settings, select Using DHCP from the Configure list. Figure 212 Macintosh OS X: Network 4 For statically assigned settings, do the following: • • • • 5 Click Apply Now and close the window.
Page 352 P-2602H(W)(L)-DxA Series User’s Guide Appendix C Setting up Your Computer’s IP Address...
Page 353: Ip Addresses And Subnetting
IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. You use subnet masks to subdivide a network into smaller logical networks. Introduction to IP Addresses An IP address has two parts: the network number and the host ID. Routers use the network number to send packets to the correct network, while the host ID identifies a single device on the network.
Page 354: Table 133 Classes Of Ip Addresses
P-2602H(W)(L)-DxA Series User’s Guide The following table shows the network number and host ID arrangement for classes A, B and Table 133 Classes of IP Addresses IP ADDRESS OCTET 1 Class A Network number Class B Network number Class C Network number An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 for example).
Page 355: Subnet Masks
Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number.
Page 356: Example: Two Subnets
P-2602H(W)(L)-DxA Series User’s Guide Table 136 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.240 255.255.255.248 255.255.255.252 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used. Example: Two Subnets As an example, you have a class “C”...
Page 357: Example: Four Subnets
Table 138 Subnet 1 (continued) IP/SUBNET MASK Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.127 Table 139 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask Subnet Mask (Binary) Subnet Address: 192.168.1.128 Broadcast Address: 192.168.1.255 Host IDs of all zeros represent the subnet itself and host IDs of all ones are the broadcast address for that subnet, so the actual number of hosts available on each subnet in the example above is 2 –...
Page 358: Example Eight Subnets
P-2602H(W)(L)-DxA Series User’s Guide Table 140 Subnet 1 (continued) IP/SUBNET MASK Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.63 Table 141 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.64 Broadcast Address: 192.168.1.127 Table 142 Subnet 3 IP/SUBNET MASK IP Address IP Address (Binary)
Page 359: Subnetting With Class A And Class B Networks
The following table shows class C IP address last octet values for each subnet. Table 144 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS The following table is a summary for class “C” subnet planning. Table 145 Class C Subnet Planning NO.
Page 360: Table 146 Class B Subnet Planning
P-2602H(W)(L)-DxA Series User’s Guide The following table is a summary for class “B” subnet planning. Table 146 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS 255.255.128.0 (/17) 255.255.192.0 (/18) 255.255.224.0 (/19) 255.255.240.0 (/20) 255.255.248.0 (/21) 255.255.252.0 (/22) 255.255.254.0 (/23) 255.255.255.0 (/24) 255.255.255.128 (/25)
Page 361: Appendix E Wireless Lans
Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless stations (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an Ad-hoc network or Independent Basic Service Set (IBSS).
Page 362: Ess
P-2602H(W)(L)-DxA Series User’s Guide Figure 214 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS). This type of wireless LAN topology is called an Infrastructure WLAN.
Page 363: Channel
Figure 215 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by IEEE 802.11a/b/g wireless devices. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a different channel than an adjacent AP (access point) to reduce interference.
Page 364: Fragmentation Threshold
P-2602H(W)(L)-DxA Series User’s Guide Figure 216 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 365: Preamble Type
A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size.
Page 366: Ieee 802.1X
P-2602H(W)(L)-DxA Series User’s Guide IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: •...
Page 367: Types Of Authentication
• Access-Challenge Sent by a RADIUS server requesting more information in order to allow access. The access point sends a proper response from the user and then sends another Access- Request message. The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: •...
Page 368: Eap-Tls (Transport Layer Security)
P-2602H(W)(L)-DxA Series User’s Guide EAP-TLS (Transport Layer Security) With EAP-TLS, digital certifications are needed by both the server and the wireless stations for mutual authentication. The server presents a certificate to the client. After validating the identity of the server, the client sends a different certificate to the server. The exchange of certificates is done in the open before a secured tunnel is created.
Page 369: Wpa
For added security, certificate-based authentications (EAP-TLS, EAP-TTLS and PEAP) use dynamic keys for data encryption. They are often deployed in corporate environments, but for public deployment, a simple user name and password pair is more practical. The following table is a comparison of the features of authentication types. Table 148 Comparison of EAP Authentication Types Mutual Authentication Certificate –...
Page 370: Security Parameters Summary
P-2602H(W)(L)-DxA Series User’s Guide The Message Integrity Check (MIC) is designed to prevent an attacker from capturing data packets, altering them and resending them. The MIC provides a strong mathematical function in which the receiver and the transmitter each compute and then compare the MIC. If they do not match, it is assumed that the data has been tampered with and the packet is dropped.
Page 371: Services
The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service. If this is TCP/UDP, then the service uses the same port number with TCP and UDP.
Page 372 P-2602H(W)(L)-DxA Series User’s Guide Table 150 Examples of Services (continued) NAME HTTP HTTPS ICMP IGMP (MULTICAST) IMAP4 IMAP4S MSN Messenger NetBIOS NEW-ICQ NEWS NNTP PING POP3 POP3S PPTP PPTP_TUNNEL (GRE) PROTOCOL PORT(S) DESCRIPTION Hyper Text Transfer Protocol - a client/ server protocol for the world wide web.
Page 373 Table 150 Examples of Services (continued) NAME RCMD REAL_AUDIO REXEC RLOGIN ROADRUNNER RTELNET RTSP SFTP SMTP SMTPS SNMP SNMP-TRAPS SQL-NET SSDP STRM WORKS SYSLOG TACACS TELNET Appendix F Services P-2602H(W)(L)-DxA Series User’s Guide PROTOCOL PORT(S) DESCRIPTION Remote Command Service. 7070 A streaming audio service that enables real time sound over the web.
Page 374 P-2602H(W)(L)-DxA Series User’s Guide Table 150 Examples of Services (continued) NAME TFTP VDOLIVE PROTOCOL PORT(S) DESCRIPTION Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol).
Page 375: Appendix G Firewall Commands
Sys Firewall Commands The following describes the firewall commands. See the Command Interpreter appendix for information on the command structure. these commands must be preceded by them. For example, type firewall. Table 151 Sys Firewall Command disp active <yes|no> disp clear pktdump dynamicrule...
Page 376 P-2602H(W)(L)-DxA Series User’s Guide Appendix G Firewall Commands...
Page 377: Appendix H Triangle Route
The Ideal Setup When the firewall is on, your ZyXEL Device acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the ZyXEL Device to protect your LAN against attacks. Figure 217 Ideal Setup The “Triangle Route”...
Page 378: The "Triangle Route" Solutions
P-2602H(W)(L)-DxA Series User’s Guide Figure 218 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.
Page 379: Gateways On The Wan Side
Gateways on the WAN Side A second solution to the “triangle route” problem is to put all of your network gateways on the WAN side as the following figure shows. This ensures that all incoming network traffic passes through your ZyXEL Device to your LAN. Therefore your LAN is protected. Figure 220 Gateways on the WAN Side Appendix H Triangle Route P-2602H(W)(L)-DxA Series User’s Guide...
Page 380 P-2602H(W)(L)-DxA Series User’s Guide Appendix H Triangle Route...
Page 381: Appendix I Log Descriptions
This appendix provides descriptions of example log messages. Table 152 System Maintenance Logs LOG MESSAGE Time calibration is successful Time calibration failed WAN interface gets IP: %s DHCP client IP expired DHCP server assigns %s Successful WEB login WEB login failed Successful TELNET login TELNET login failed Successful FTP login...
Page 382: Table 153 System Error Logs
P-2602H(W)(L)-DxA Series User’s Guide Table 152 System Maintenance Logs (continued) LOG MESSAGE Successful HTTPS login HTTPS login failed Table 153 System Error Logs LOG MESSAGE %s exceeds the max. number of session per host! setNetBIOSFilter: calloc error readNetBIOSFilter: calloc error WAN connection is down.
Page 383: Table 155 Tcp Reset Logs
Table 155 TCP Reset Logs LOG MESSAGE Under SYN flood attack, sent TCP RST Exceed TCP MAX incomplete, sent TCP RST Peer TCP state out of order, sent TCP RST Firewall session time out, sent TCP RST Exceed MAX incomplete, sent TCP RST Access block, sent TCP Table 156 Packet Filter Logs...
Page 384: Table 158 Cdr Logs
P-2602H(W)(L)-DxA Series User’s Guide Table 157 ICMP Logs (continued) LOG MESSAGE Triangle route packet forwarded: ICMP Packet without a NAT table entry blocked: ICMP Unsupported/out-of-order ICMP: ICMP Router reply ICMP packet: ICMP Table 158 CDR Logs LOG MESSAGE board %d line %d channel %d, call %d, %s C01 Outgoing Call dev=%x ch=%x %s board %d line %d channel %d,...
Page 385: Table 160 Upnp Logs
Table 160 UPnP Logs LOG MESSAGE UPnP pass through Firewall Table 161 Content Filtering Logs LOG MESSAGE %s: block keyword For type and code details, see Table 162 Attack Logs LOG MESSAGE attack [ TCP | UDP | IGMP | ESP | GRE | OSPF ] attack ICMP (type:%d, code:%d) land [ TCP | UDP | IGMP |...
Page 386: Table 163 802.1X Logs
P-2602H(W)(L)-DxA Series User’s Guide Table 162 Attack Logs (continued) LOG MESSAGE ip spoofing - no routing entry ICMP (type:%d, code:%d) vulnerability ICMP (type:%d, code:%d) traceroute ICMP (type:%d, code:%d) Table 163 802.1X Logs LOG MESSAGE Local User Database accepts user. Local User Database reports user credential error.
Page 387: Table 164 Acl Setting Notes
Table 163 802.1X Logs (continued) LOG MESSAGE No Server to authenticate user. Local User Database does not find user`s credential. Table 164 ACL Setting Notes PACKET DIRECTION (L to W) (W to L) (L to L/ZyXEL Device) (W to W/ZyXEL Device) Table 165 ICMP Notes TYPE...
Page 388: Table 166 Syslog Logs
P-2602H(W)(L)-DxA Series User’s Guide Table 165 ICMP Notes (continued) TYPE CODE Table 166 Syslog Logs LOG MESSAGE <Facility*8 + Severity>Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" devID="<mac address last three numbers>" cat="<category> Table 167 SIP Logs LOG MESSAGE SIP Registration Success by SIP:SIP Phone Number SIP Registration Fail by SIP:SIP Phone Number...
Page 389: Table 168 Rtp Logs
Table 168 RTP Logs LOG MESSAGE Error, RTP init fail Error, Call fail: RTP connect fail Error, RTP connection cannot close Table 169 FSM Logs: Caller Side LOG MESSAGE VoIP Call Start Ph[Phone Port Number] <- Outgoing Call Number VoIP Call Established Ph[Phone Port] ->...
Page 390: Log Commands
1 Use the sys logs load configure which logs the ZyXEL Device is to record. 2 Use sys logs category Figure 221 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ? Valid commands are: exit wlan radius 8021x ras>...
Page 391: Displaying Logs
Figure 222 Displaying Log Parameters Example ras> sys logs category access Usage: [0:none/1:log/2:alert/3:both] ras> 4 Use sys logs category record. Use 0 to not record logs for that category, 1 to record only logs for that category, 2 to record only alerts for that category, and 3 to record both logs and alerts for that category. Not every parameter is available with every category.
Page 392: Log Command Example
P-2602H(W)(L)-DxA Series User’s Guide Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. Figure 223 Log Command Example ras> sys logs load ras> sys logs category access 3 ras>...
Page 393: Appendix J Command Interpreter
The following describes how to use the command interpreter. Telnet to the ZyXEL Device and enter the password to use the commands. See the included disk or zyxel.com for more detailed information on these commands. Note: Use of undocumented commands or misconfiguration can damage the unit and possibly render it unusable.
Page 394 P-2602H(W)(L)-DxA Series User’s Guide Appendix J Command Interpreter...
Page 395: Appendix K Internal Sptgen
Internal SPTGEN Overview Internal SPTGEN (System Parameter Table Generator) is a configuration text file useful for efficient configuration of multiple ZyXEL Devices. Internal SPTGEN lets you configure, save and upload multiple menus at the same time using just one configuration text file – eliminating the need to navigate and configure individual screens for each ZyXEL Device.
Page 396: Internal Sptgen Ftp Download Example
P-2602H(W)(L)-DxA Series User’s Guide Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 224 on page If you enter a parameter that is invalid in the Input column, the ZyXEL Device will not save the configuration and the command line will display the Field Identification Number.
Page 397: Internal Sptgen Ftp Upload Example
Figure 227 Internal SPTGEN FTP Download Example c:\ftp 192.168.1.1 220 PPP FTP version 1.0 ready at Sat Jan 1 03:22:12 2000 User (192.168.1.1:(none)): 331 Enter PASS command Password: 230 Logged in ftp>bin 200 Type I OK ftp> get rom-t ftp>bye c:\edit rom-t (edit the rom-t text file by a text editor and save it) Note: You can rename your “...
Page 398: Table 173 Abbreviations Used In The Example Internal Sptgen Screens Table
P-2602H(W)(L)-DxA Series User’s Guide This section covers ZyXEL Device Internal SPTGEN screens. Table 173 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number Field Name Parameter Values Allowed INPUT An example of what you may enter Applies to the ZyXEL Device.
Page 399 Table 175 Menu 3 30100014 = Output device filters Set 2 30100015 = Output device filters Set 3 30100016 = Output device filters Set 4 / Menu 3.2 TCP/IP and DHCP Ethernet Setup 30200001 = DHCP 30200002 = Client IP Pool Starting Address 30200003 = Size of Client IP Pool 30200004 =...
Page 400 P-2602H(W)(L)-DxA Series User’s Guide Table 175 Menu 3 30201006 = IP Alias #1 Incoming protocol filters Set 1 30201007 = IP Alias #1 Incoming protocol filters Set 2 30201008 = IP Alias #1 Incoming protocol filters Set 3 30201009 = IP Alias #1 Incoming protocol filters Set 4 30201010 =...
Page 401: Table 176 Menu 4 Internet Access Setup
Table 175 Menu 3 30500002 = Hide ESSID 30500003 = Channel ID 30500004 = RTS Threshold 30500005 = FRAG. Threshold 30500006 = 30500007 = Default Key 30500008 = WEP Key1 30500009 = WEP Key2 30500010 = WEP Key3 30500011 = WEP Key4 30500012 = Wlan Active...
Page 402 P-2602H(W)(L)-DxA Series User’s Guide Table 176 Menu 4 Internet Access Setup (continued) 40000000 = Configured 40000001 = 40000002 = Active 40000003 = ISP's Name 40000004 = Encapsulation 40000005 = Multiplexing 40000006 = VPI # 40000007 = VCI # 40000008 = Service Name 40000009 = My Login...
Page 403: Table 177 Menu 12
Table 176 Menu 4 Internet Access Setup (continued) 40000031= RIP Direction 40000032= RIP Version 40000033= Nailed-up Connection Table 177 Menu 12 / Menu 12.1.1 IP Static Route Setup 120101001 = IP Static Route set #1, Name 120101002 = IP Static Route set #1, Active 120101003 = IP Static Route set #1, Destination IP address...
Page 404 P-2602H(W)(L)-DxA Series User’s Guide Table 177 Menu 12 (continued) 120103005 = IP Static Route set #3, Gateway 120103006 = IP Static Route set #3, Metric 120103007 = IP Static Route set #3, Private / Menu 12.1.4 IP Static Route Setup 120104001 = IP Static Route set #4, Name 120104002 =...
Page 405 Table 177 Menu 12 (continued) 120107003 = IP Static Route set #7, Destination IP address 120107004 = IP Static Route set #7, Destination IP subnetmask 120107005 = IP Static Route set #7, Gateway 120107006 = IP Static Route set #7, Metric 120107007 = IP Static Route set #7, Private / Menu 12.1.8 IP Static Route Setup...
Page 406 P-2602H(W)(L)-DxA Series User’s Guide Table 177 Menu 12 (continued) 120111001 = IP Static Route set #11, Name 120111002 = IP Static Route set #11, Active 120111003 = IP Static Route set #11, Destination IP address 120111004 = IP Static Route set #11, Destination IP subnetmask 120111005 = IP Static Route set #11, Gateway...
Page 407: Table 178 Menu 15 Sua Server Setup
Table 177 Menu 12 (continued) */ Menu 12.1.15 IP Static Route Setup 120115001 = IP Static Route set #15, Name 120115002 = IP Static Route set #15, Active 120115003 = IP Static Route set #15, Destination IP address 120115004 = IP Static Route set #15, Destination IP subnetmask 120115005 =...
Page 408 P-2602H(W)(L)-DxA Series User’s Guide Table 178 Menu 15 SUA Server Setup (continued) 150000011 = SUA Server #3 Local IP address 150000012 = SUA Server #4 Active 150000013 = SUA Server #4 Protocol 150000014 = SUA Server #4 Port Start 150000015 = SUA Server #4 Port End 150000016 = SUA Server #4 Local IP address...
Page 409: Table 179 Menu 21.1 Filter Set #1
Table 178 Menu 15 SUA Server Setup (continued) 150000045 = SUA Server #10 Port End 150000046 = SUA Server #10 Local IP address 150000047 = SUA Server #11 Active 150000048 = SUA Server #11 Protocol 150000049 = SUA Server #11 Port Start 150000050 = SUA Server #11 Port End 150000051 =...
Page 410 P-2602H(W)(L)-DxA Series User’s Guide Table 179 Menu 21.1 Filter Set #1 (continued) 210101013 = IP Filter Set 1,Rule 1 Act Match 210101014 = IP Filter Set 1,Rule 1 Act Not Match / Menu 21.1.1.2 set #1, rule #2 210102001 = IP Filter Set 1,Rule 2 Type 210102002 = IP Filter Set 1,Rule 2 Active...
Page 411 Table 179 Menu 21.1 Filter Set #1 (continued) 210103009 = IP Filter Set 1,Rule 3 Src Subnet Mask 210103010 = IP Filter Set 1,Rule 3 Src Port 210103011 = IP Filter Set 1,Rule 3 Src Port Comp 210103013 = IP Filter Set 1,Rule 3 Act Match 210103014 = IP Filter Set 1,Rule 3 Act Not Match / Menu 21.1.1.4 set #1, rule #4...
Page 412 P-2602H(W)(L)-DxA Series User’s Guide Table 179 Menu 21.1 Filter Set #1 (continued) 210105006 = IP Filter Set 1,Rule 5 Dest Port 210105007 = IP Filter Set 1,Rule 5 Dest Port Comp 210105008 = IP Filter Set 1,Rule 5 Src IP Address 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask 210105010 =...
Page 413: Table 180 Menu 21.1 Filer Set #2
Table 180 Menu 21.1 Filer Set #2, / Menu 21.1 filter set #2, 210200001 = Filter Set 2, Nam / Menu 21.1.2.1 Filter set #2, rule #1 210201001 = IP Filter Set 2, Rule 1 Type 210201002 = IP Filter Set 2, Rule 1 Active 210201003 = IP Filter Set 2, Rule 1 Protocol 210201004 =...
Page 414 P-2602H(W)(L)-DxA Series User’s Guide Table 180 Menu 21.1 Filer Set #2, (continued) 210202007 = IP Filter Set 2, Rule 2 Dest Port Comp 210202008 = IP Filter Set 2, Rule 2 Src IP address 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask 210202010 = IP Filter Set 2,Rule 2 Src Port...
Page 415 Table 180 Menu 21.1 Filer Set #2, (continued) 210203014 = IP Filter Set 2,Rule 3 Act Not Match / Menu 21.1.2.4 Filter set #2, rule #4 210204001 = IP Filter Set 2, Rule 4 Type 210204002 = IP Filter Set 2, Rule 4 Active 210204003 = IP Filter Set 2, Rule 4 Protocol 210204004 =...
Page 416 P-2602H(W)(L)-DxA Series User’s Guide Table 180 Menu 21.1 Filer Set #2, (continued) 210205007 = IP Filter Set 2, Rule 5 Dest Port Comp 210205008 = IP Filter Set 2, Rule 5 Src IP address 210205009 = IP Filter Set 2, Rule 5 Src Subnet Mask 210205010 = IP Filter Set 2, Rule 5 Src Port...
Page 417: Table 181 Menu 23 System Menus
Table 180 Menu 21.1 Filer Set #2, (continued) 210206014 = IP Filter Set 2,Rule 6 Act Not Match 241100005 = FTP Server Access 241100006 = FTP Server Secured IP address 241100007 = WEB Server Port 241100008 = WEB Server Access 241100009 = WEB Server Secured IP address Table 181 Menu 23 System Menus...
Page 418: Table 182 Menu 24.11 Remote Management Control
P-2602H(W)(L)-DxA Series User’s Guide Table 181 Menu 23 System Menus (continued) 230400003 = Idle Timeout (in second) 230400004 = Authentication Databases 230400005 = Key Management Protocol 230400006 = Dynamic WEP Key Exchange 230400007 = 230400008 = WPA Mixed Mode 230400009 = Data Privacy for Broadcast/ Multicast packets 230400010 =...
Page 419: Command Examples
Command Examples The following are example Internal SPTGEN screens associated with the ZyXEL Device’s command interpreter commands. Table 183 Command Examples /ci command (for annex a): wan adsl opencmd 990000001 = ADSL OPMD /ci command (for annex B): wan adsl opencmd 990000001 = ADSL OPMD Appendix K Internal SPTGEN...
Page 420 P-2602H(W)(L)-DxA Series User’s Guide Appendix K Internal SPTGEN...
Page 421: Index
AAL5 ACK Message Address Assignment Address Resolution Protocol (ARP) ADSL standards ADSL2 AH Protocol 41, 149 alternative subnet mask notation Analysis-by-Synthesis Antenna Any IP 39, 111 How it works note Any IP Setup AP (Access Point) Application Layer Gateway 41, 149 Application-level Firewalls Applications Internet access...
Page 422 P-2602H(W)(L)-DxA Series User’s Guide CTS (Clear to Send) Custom Ports Creating/Editing Customized Services Customized services Data Confidentiality Data Integrity Data Origin Authentication DBPSK Default Default LAN IP Address Denial of Service 182, 183, 208 Destination Address DHCP 41, 108, 109, 263, 289 DHCP Client DHCP Relay DHCP Server...
Page 423 Custom Ports Enabling Firewall Vs Filters Guidelines For Enhancing Security Introduction LAN to WAN Rules Policies Rule Checklist Rule Logic Rule Security Ramifications Types When To Use Firmware firmware upload upload error Flash Key Flashing Fragmentation Threshold Frame Relay Frequency Range 146, 267, 270 File Upload FTP Restrictions...
Page 424 P-2602H(W)(L)-DxA Series User’s Guide IPSec IPSec Algorithms 217, 221 IPSec and NAT IPSec Architecture IPSec Passthrough IPSec Standard IPSec VPN Capability ISDN (Integrated Services Digital Network) ITSP ITU-T ITU-T G.992.1 Jitter Buffer Keep Alive Key Fields For Configuring Rules LAN Setup 93, 107 LAN TCP/IP LAN to WAN Rules...
Page 425 Packet Filtering Packet filtering When to use Packet Filtering Firewalls Pairwise Master Key (PMK) Peak Cell Rate (PCR) 96, 102 Peer to Peer Calls Peer-to-peer Calls Perfect Forward Secrecy Per-Hop Behavior Permanent Virtual Circuits PHB (Per-Hop Behavior) Phone Ping of Death Point to Point Calls Point to Point Protocol over ATM Adaptation Layer 5 (AAL5)
Page 426 P-2602H(W)(L)-DxA Series User’s Guide Safety Warnings Saving the State Scheduler Seamless Rate Adaptation Secure Gateway Address Security Association Security In General Security Parameter Index Security Parameters Security Ramifications Server 143, 144, 292 Service Service Set Service Type 203, 320 Services Session Description Protocol Session Initiating Protocol Session Initiation Protocol...
Page 427 TFTP and FTP over WAN TFTP Restrictions 267, 302 Three-Way Conference 170, 171 Three-Way Handshake Threshold Values Traceroute Traffic Redirect 103, 104 Traffic redirect 103, 106 Traffic shaping Transparent Bridging Transport Mode Triangle Triangle Route Solutions TTLS Tunnel Mode Type Of Service UBR (Unspecified Bit Rate) UDP/ICMP Security Uniform Resource Identifier...

ZyXEL Communications Network Device P-2602 User Manual

Chapter 1 Getting to Know the Zyxel Device

Chapter 2 Introducing the Web Configurator

Chapter 3 Internet and Wireless Setup Wizard

Chapter 4 Voip Wizard and Example

Chapter 5 Bandwidth Management Wizard

Chapter 6 Status Screens

Chapter 7 WAN Setup

Chapter 8 LAN Setup

Chapter 9 Wireless LAN

Chapter 10 Network Address Translation (NAT) Screens

Chapter 11 Voice

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications Network Device P-2602

Summary of Contents for ZyXEL Communications Network Device P-2602