Download Print this page

ZyXEL Communications P-2602H User Manual

ZyXEL Communications P-2602H User Manual

P-2602h series adsl2+ voip iad

Hide thumbs Also See for P-2602H:

User manual (550 pages)

,

Firmware release notes (36 pages)

,

Specifications (2 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

P-2602HW(L) Series

802.11g Wireless ADSL2+ VoIP IAD

P-2602H Series

ADSL2+ VoIP IAD

User's Guide

Version 3.40

12/2006

Edition 2

www.zyxel.com

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the P-2602H and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications P-2602H

Page 1 P-2602HW(L) Series 802.11g Wireless ADSL2+ VoIP IAD P-2602H Series ADSL2+ VoIP IAD User’s Guide Version 3.40 12/2006 Edition 2 www.zyxel.com...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw P-2602H(W)(L)-DxA User’s Guide About This User's Guide...
Page 4: Warnings And Notes
“k” for kilo may denote “1000” or “1024”, “M” for mega may denote “1000000” or “1048576” and so on. • “e.g.,” is a shorthand for “for instance”, and “i.e.,” means “that is” or “in other words”. P-2602H(W)(L)-DxA User’s Guide...
Page 5 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Server Telephone P-2602H(W)(L)-DxA User’s Guide Computer Notebook computer DSLAM Firewall Switch...
Page 6: Safety Warnings
• Use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s). This product is recyclable. Dispose of it properly. Safety Warnings P-2602H(W)(L)-DxA User’s Guide...
Page 7 Safety Warnings P-2602H(W)(L)-DxA User’s Guide...
Page 8 Safety Warnings P-2602H(W)(L)-DxA User’s Guide...
Page 9: Table Of Contents
Remote Management Configuration ... 303 Universal Plug-and-Play (UPnP) ... 313 Maintenance and Troubleshooting ... 325 System ... 327 Logs ... 331 Tools ... 345 Diagnostic ... 357 Troubleshooting ... 361 Appendices and Index ... 369 P-2602H(W)(L)-DxA User’s Guide Contents Overview Contents Overview...
Page 10 Contents Overview P-2602H(W)(L)-DxA User’s Guide...
Page 11: Table Of Contents
2.1 Web Configurator Overview ... 47 2.1.1 Accessing the Web Configurator ... 47 2.2 Web Configurator Main Screen ... 50 2.2.1 Title Bar ... 50 2.2.2 Navigation Panel ... 51 2.2.3 Main Window ... 53 P-2602H(W)(L)-DxA User’s Guide Table of Contents Table of Contents...
Page 12 6.4 Packet Statistics ... 87 6.5 VoIP Statistics ... 89 Chapter 7 WAN Setup... 93 7.1 WAN Overview ... 93 7.1.1 Encapsulation ... 93 7.1.2 Multiplexing ... 94 7.1.3 VPI and VCI ... 94 7.1.4 IP Address Assignment ... 94 P-2602H(W)(L)-DxA User’s Guide...
Page 13 9.2.5 One-Touch Intelligent Security Technology (OTIST) ... 120 9.3 Wireless Performance Overview ... 120 9.3.1 Quality of Service (QoS) ... 120 9.4 Additional Wireless Terms ... 120 9.5 General WLAN Screen ... 121 9.5.1 No Security ... 122 P-2602H(W)(L)-DxA User’s Guide Table of Contents...
Page 14 11.2.3 SIP Servers ... 150 11.2.4 RTP ... 152 11.2.5 Pulse Code Modulation ... 152 11.2.6 Voice Coding ... 152 11.2.7 PSTN Call Setup Signaling ... 153 11.2.8 MWI (Message Waiting Indication) ... 153 11.2.9 Custom Tones (IVR) ... 153 P-2602H(W)(L)-DxA User’s Guide...
Page 15 12.6 Trunking Peer Call Screen ... 179 12.7 Trunking Call Rule Screen ... 181 12.8 VoIP Trunking Example: VoIP to PSTN ... 183 12.8.1 Background Information ... 183 12.8.2 Configuration Details: Outgoing ... 183 12.8.3 Configuration Details: Incoming ... 184 P-2602H(W)(L)-DxA User’s Guide Table of Contents...
Page 16 14.6 Guidelines for Enhancing Security with Your Firewall ... 204 14.6.1 Security In General ... 204 14.7 Packet Filtering Vs Firewall ... 205 14.7.1 Packet Filtering: ... 205 14.7.2 Firewall ... 205 Chapter 15 Firewall Configuration ... 207 P-2602H(W)(L)-DxA User’s Guide...
Page 17 17.2 IPSec Architecture ... 232 17.2.1 IPSec Algorithms ... 233 17.2.2 Key Management ... 233 17.3 Encapsulation ... 233 17.3.1 Transport Mode ... 234 17.3.2 Tunnel Mode ... 234 17.4 IPSec and NAT ... 234 P-2602H(W)(L)-DxA User’s Guide Table of Contents ... 216...
Page 18 19.2 Self-signed Certificates ... 264 19.3 Configuration Summary ... 264 19.4 My Certificates ... 265 19.5 My Certificate Import ... 266 19.5.1 Certificate File Formats ... 267 19.6 My Certificate Create ... 268 19.7 My Certificate Details ... 270 P-2602H(W)(L)-DxA User’s Guide...
Page 19 Remote Management Configuration ... 303 23.1 Remote Management Overview ... 303 23.1.1 Remote Management Limitations ... 304 23.1.2 Remote Management and NAT ... 304 23.1.3 System Timeout ... 304 23.2 WWW ... 304 P-2602H(W)(L)-DxA User’s Guide Table of Contents ... 281...
Page 20 26.1.1 Alerts and Logs ... 331 26.2 Viewing the Logs ... 331 26.3 Configuring Log Settings ... 332 26.4 SMTP Error Messages ... 334 26.4.1 Example E-mail Log ... 335 26.5 Log Descriptions ... 336 Chapter 27 Tools... 345 P-2602H(W)(L)-DxA User’s Guide...
Page 21 29.5 Problems With Multiple SIP Accounts ... 366 29.5.1 Outgoing Calls ... 366 29.5.2 Incoming Calls ... 367 Part V: Appendices and Index ... 369 Appendix A Product Specifications... 371 P-2602H(W)(L)-DxA User’s Guide ... 347 ... 354 Table of Contents...
Page 22 Appendix D IP Addresses and Subnetting ... 399 Appendix E Wireless LANs ... 407 Appendix F Services ... 417 Appendix G Command Interpreter ... 421 Appendix H Internal SPTGEN ... 425 Appendix I Legal Information... 449 Appendix J Customer Support ... 453 Index... 457 P-2602H(W)(L)-DxA User’s Guide...
Page 23: List Of Figures
Figure 33 Wizard: Welcome ... 72 Figure 34 VoIP Wizard Configuration ... 73 Figure 35 SIP Registration Test ... 74 Figure 36 VoIP Wizard Fail ... 74 Figure 37 VoIP Wizard Finish ... 75 Figure 38 Select a Mode ... 77 P-2602H(W)(L)-DxA User’s Guide...
Page 24 Figure 77 How NAT Works ... 138 Figure 78 NAT Application With IP Alias ... 139 Figure 79 NAT General ... 141 Figure 80 Multiple Servers Behind NAT Example ... 142 Figure 81 Port Forwarding ... 143 P-2602H(W)(L)-DxA User’s Guide...
Page 25 Figure 119 SYN Flood ... 199 Figure 120 Smurf Attack ... 199 Figure 121 Stateful Inspection ... 201 Figure 122 Firewall: General ... 210 Figure 123 Firewall Rules ... 212 Figure 124 Firewall: Edit Rule ... 214 P-2602H(W)(L)-DxA User’s Guide...
Page 26 Figure 163 Trusted Remote Host Details ... 282 Figure 164 Directory Servers ... 285 Figure 165 Directory Server Add and Edit ... 286 Figure 166 Example of Static Routing Topology ... 287 Figure 167 Static Route ... 288 P-2602H(W)(L)-DxA User’s Guide...
Page 27 Figure 205 Firmware Upload In Progress ... 348 Figure 206 Network Temporarily Disconnected ... 348 Figure 207 Error Message ... 348 Figure 208 Configuration ... 349 Figure 209 Configuration Upload Successful ... 350 Figure 210 Network Temporarily Disconnected ... 350 P-2602H(W)(L)-DxA User’s Guide...
Page 28 Figure 248 Peer-to-Peer Communication in an Ad-hoc Network ... 407 Figure 249 Basic Service Set ... 408 Figure 250 Infrastructure WLAN ... 409 Figure 251 RTS/CTS ... 410 Figure 252 Displaying Log Categories Example ... 422 Figure 253 Displaying Log Parameters Example ... 422 P-2602H(W)(L)-DxA User’s Guide...
Page 29 Figure 255 Invalid Parameter Entered: Command Line Example ... 426 Figure 256 Valid Parameter Entered: Command Line Example ... 426 Figure 257 Internal SPTGEN FTP Download Example ... 427 Figure 258 Internal SPTGEN FTP Upload Example ... 427 P-2602H(W)(L)-DxA User’s Guide...
Page 30 List of Figures P-2602H(W)(L)-DxA User’s Guide...
Page 31: List Of Tables
Table 33 Wireless LAN: General ... 122 Table 34 Wireless No Security ... 123 Table 35 Wireless: Static WEP Encryption ... 124 Table 36 Wireless: WPA(2)-PSK ... 124 Table 37 Wireless: WPA(2) ... 126 Table 38 Wireless LAN: Advanced ... 127 P-2602H(W)(L)-DxA User’s Guide...
Page 32 Table 76 Legal NetBIOS Commands ... 200 Table 77 Legal SMTP Commands ... 200 Table 78 Firewall: General ...211 Table 79 Firewall Rules ... 212 Table 80 Firewall: Edit Rule ... 214 Table 81 Customized Services ... 216 P-2602H(W)(L)-DxA User’s Guide...
Page 33 Table 119 Application and Subnet-based Bandwidth Management Example ... 293 Table 120 Bandwidth Management Priorities ... 293 Table 121 Bandwidth Management: General ... 294 Table 122 Bandwidth Management: Rule Setup ... 294 Table 123 Bandwidth Management Rule Configuration ... 296 Table 124 Dynamic DNS ... 300 P-2602H(W)(L)-DxA User’s Guide...
Page 34 Table 162 General Commands for GUI-based FTP Clients ... 352 Table 163 General Commands for GUI-based TFTP Clients ... 353 Table 164 Diagnostic: General ... 357 Table 165 Diagnostic: DSL Line ... 358 Table 166 Hardware Specifications ... 371 Table 167 Firmware Specifications ... 371 P-2602H(W)(L)-DxA User’s Guide...
Page 35 Table 193 Menu 21.1 Filter Set #1 ... 439 Table 194 Menu 21.1 Filer Set #2, ... 442 Table 195 Menu 23 System Menus ... 446 Table 196 Menu 24.11 Remote Management Control ... 448 Table 197 Command Examples ... 448 P-2602H(W)(L)-DxA User’s Guide...
Page 36 List of Tables P-2602H(W)(L)-DxA User’s Guide...
Page 37: Part I Introduction
Introduction Introducing the ZyXEL Device (39) Introducing the Web Configurator (47)
Page 39: Introducing The Zyxel Device
ZyXEL Device. 1.1 Overview The P-2602H(W)(L)-DxA series are Integrated Access Devices (IADs) that combine an ADSL2+ router with Voice over IP (VoIP) communication capabilities to allow you to use a traditional analog or ISDN telephone to make Internet calls. By integrating DSL and NAT, you are provided with ease of installation and high-speed, shared Internet access.
Page 40: Ways To Manage The Zyxel Device
• Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters. • Write down the password and put it in a safe place. P-2602H(W)(L)-DxA User’s Guide...
Page 41: Applications For The Zyxel Device
VoIP call server forwards calls to PSTN phones (E) through a trunking gateway (D) to the PSTN network. The VoIP call server forwards calls to IP phones (F) through the Internet. P-2602H(W)(L)-DxA User’s Guide Chapter 1 Introducing the ZyXEL Device...
Page 42: Make Peer-To-Peer Calls
Your device provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs. P-2602H(W)(L)-DxA User’s Guide...
Page 43: Lan To Lan Application
1.4.5 LAN to LAN Application You can use your device to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application is shown as follows. Figure 5 LAN-to-LAN Application P-2602H(W)(L)-DxA User’s Guide Chapter 1 Introducing the ZyXEL Device...
Page 44: Leds
The Ethernet port is not connected. Your device is ready, but is not sending/receiving data through the wireless LAN. Blinking Your device is sending/receiving data through the wireless LAN. The wireless LAN is not ready or has failed. P-2602H(W)(L)-DxA User’s Guide...
Page 45: The Reset Button
RESET button for five seconds and release it. The WLAN LED should flash while the device uses OTIST to send wireless settings to OTIST clients.(“W” models only) P-2602H(W)(L)-DxA User’s Guide Chapter 1 Introducing the ZyXEL Device STATUS DESCRIPTION Your device has a DSL connection.
Page 46 To set the device back to the factory default settings, press the RESET button for ten seconds or until the POWER LED begins to blink and then release it. When the POWER LED begins to blink, the defaults have been restored and the device restarts. P-2602H(W)(L)-DxA User’s Guide...
Page 47: Introducing The Web Configurator
If you haven’t changed the password yet, you can just click Login. Click Cancel to revert to the default password in the password field. If you have changed the password, enter your password and click Login. P-2602H(W)(L)-DxA User’s Guide Introducing the Web Configurator...
Page 48: Figure 7 Password Screen
Figure 8 Change Password Screen 6 Click Apply in the Replace Certificate screen to create a certificate using your ZyXEL Device’s MAC address that will be specific to this device. P-2602H(W)(L)-DxA User’s Guide...
Page 49: Figure 9 Replace Certificate Screen
For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes (default). If this happens, log in again. Figure 10 Wizard or Advanced Screen P-2602H(W)(L)-DxA User’s Guide Chapter 2 Introducing the Web Configurator Chapter 3 Section 2.2 on page 50...
Page 50: Web Configurator Main Screen
Help: Click this icon to open up help screens. Wizards: Click this icon to go to the configuration wizards. See Logout: Click this icon to log out of the web configurator. for more information. Chapter 3 on page P-2602H(W)(L)-DxA User’s Guide...
Page 51: Navigation Panel
SIP Settings Phone Analog Phone Common Region P-2602H(W)(L)-DxA User’s Guide Chapter 2 Introducing the Web Configurator FUNCTION This screen contains administrative and system-related information. Use this screen to configure ISP parameters, WAN IP address assignment, DNS servers and other advanced properties.
Page 52 Use this screen to configure bandwidth management on an interface. Use this screen to define a bandwidth rule. Use this screen to view the ZyXEL Device’s bandwidth usage and allotments. P-2602H(W)(L)-DxA User’s Guide...
Page 53: Main Window
2.2.4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated. P-2602H(W)(L)-DxA User’s Guide Chapter 2 Introducing the Web Configurator FUNCTION This screen allows you to use a static hostname alias for a dynamic IP address.
Page 54 Chapter 2 Introducing the Web Configurator P-2602H(W)(L)-DxA User’s Guide...
Page 55: Wizard
Wizard Internet and Wireless Setup Wizard (57) VoIP Wizard And Example (71) Bandwidth Management Wizard (77)
Page 57: Internet And Wireless Setup Wizard
1 After you enter the password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( web configurator to go to the wizards. P-2602H(W)(L)-DxA User’s Guide Wizard ) in the top right corner of the...
Page 58: Figure 12 Select A Mode
ISP. See more details. If you would like to skip your Internet setup and configure the wireless LAN settings, leave Yes selected and click Next. Section 3.2.1 on page 60 P-2602H(W)(L)-DxA User’s Guide...
Page 59: Figure 14 Auto Detection: No Dsl Connection
3c The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to manually configure the ZyXEL Device for Internet access. P-2602H(W)(L)-DxA User’s Guide Chapter 3 Internet and Wireless Setup Wizard Section 3.3 on page 65 Section 3.2.1 on page 60...
Page 60: Manual Configuration
1 If the ZyXEL Device fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen exactly as your service provider gave it to you. Leave the defaults in any fields for which you were not given information. P-2602H(W)(L)-DxA User’s Guide...
Page 61: Figure 17 Internet Access Wizard Setup: Isp Parameters
2 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 3.3 on page 65 P-2602H(W)(L)-DxA User’s Guide Chapter 3 Internet and Wireless Setup Wizard for wireless connection wizard setup...
Page 62: Figure 18 Internet Connection With Pppoe
Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. Figure 19 Internet Connection with RFC 1483 P-2602H(W)(L)-DxA User’s Guide...
Page 63: Figure 20 Internet Connection With Enet Encap
Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP Server clients along with the IP address and the subnet mask. Second DNS As above. Server Back Click Back to go back to the previous wizard screen. P-2602H(W)(L)-DxA User’s Guide Chapter 3 Internet and Wireless Setup Wizard...
Page 64: Figure 21 Internet Connection With Pppoa
• If the user name and/or password you entered for PPPoE or PPPoA connection are not correct, the screen displays as shown next. Click Back to Username and Password setup to go back to the screen where you can modify them. P-2602H(W)(L)-DxA User’s Guide...
Page 65: Wireless Connection Wizard Setup
After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. P-2602H(W)(L)-DxA User’s Guide Chapter 3 Internet and Wireless Setup Wizard...
Page 66: Figure 24 Connection Test Successful
OTIST Setup Key on the ZyXEL Device and wireless clients. Click Back to display the previous screen. Click Next to proceed to the next screen. Click Exit to close the wizard screen without saving. P-2602H(W)(L)-DxA User’s Guide...
Page 67: Figure 26 Wireless Lan
4 This screen varies depending on the security mode you selected in the previous screen. Fill in the field (if available) and click Next. P-2602H(W)(L)-DxA User’s Guide Chapter 3 Internet and Wireless Setup Wizard for more information.
Page 68: Manually Assign A Wpa Key
Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 3.3.2 Manually Assign a WEP Key Choose Manually assign a WEP key to setup WEP Encryption parameters. Figure 28 Manually Assign a WEP key P-2602H(W)(L)-DxA User’s Guide...
Page 69: Figure 29 Wireless Lan Setup 3
6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard setup. No wireless LAN settings display if you chose not to configure wireless LAN settings. P-2602H(W)(L)-DxA User’s Guide Chapter 3 Internet and Wireless Setup Wizard...
Page 70: Figure 30 Internet Access And Wlan Wizard Setup Complete
Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. P-2602H(W)(L)-DxA User’s Guide...
Page 71: Voip Wizard And Example
1 After you enter the password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( web configurator to display the wizard main screen. P-2602H(W)(L)-DxA User’s Guide ) in the top right corner of the...
Page 72: Figure 32 Select A Mode
11223344 is your SIP number. This is the part that comes before the “@” symbol in your SIP account address. SIPA- Account.com is your SIP server domain. a.b.c.d a.b.c.d is the IP address or domain name of your SIP server. P-2602H(W)(L)-DxA User’s Guide...
Page 73: Figure 34 Voip Wizard Configuration
SIP Server Address SIP Service Domain User Name Password Check here to set up SIP2 settings. P-2602H(W)(L)-DxA User’s Guide Chapter 4 VoIP Wizard And Example EXAMPLE VALUES DESCRIPTION VoIPUser This is the username you use to login to your SIP account.
Page 74: Figure 35 Sip Registration Test
Advanced Setup page or Finish to close the wizard and go to the main web configurator screens. DESCRIPTION Click Back to return to the previous screen. Click Apply to complete the wizard setup and save your configuration. Click Exit to close the wizard without saving your settings. P-2602H(W)(L)-DxA User’s Guide...
Page 75: Figure 37 Voip Wizard Finish
You dial a prefix number, provided to you by your VoIP service provider, followed by a regular phone number. To find out more information about configuring your VoIP features and making non-VoIP calls see P-2602H(W)(L)-DxA User’s Guide Chapter 4 VoIP Wizard And Example Chapter 11 on page 149.
Page 76 Chapter 4 VoIP Wizard And Example P-2602H(W)(L)-DxA User’s Guide...
Page 77: Bandwidth Management Wizard
1 After you enter the password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( web configurator to display the wizard main screen. Figure 38 Select a Mode 2 Click BANDWIDTH MANAGEMENT SETUP. P-2602H(W)(L)-DxA User’s Guide ) in the top right corner of the...
Page 78: Figure 39 Wizard: Welcome
Click Back to display the previous screen. Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 4 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration. P-2602H(W)(L)-DxA User’s Guide...
Page 79: Figure 41 Bandwidth Management Wizard: Complete
Chapter 5 Bandwidth Management Wizard Figure 41 Bandwidth Management Wizard: Complete P-2602H(W)(L)-DxA User’s Guide...
Page 80 Chapter 5 Bandwidth Management Wizard P-2602H(W)(L)-DxA User’s Guide...
Page 81: Advanced
Advanced Status Screens (83) WAN Setup (93) LAN Setup (105) Wireless LAN (117) Network Address Translation (NAT) Screens (137) Voice (149) VoIP Trunking (175) Phone Usage (191) Firewalls (195) Firewall Configuration (207) Content Filtering (227) Introduction to IPSec (231) VPN Screens (237) Certificates (263) Static Route (287) Bandwidth Management (291)
Page 83: Status Screens
(LAN and WAN), and SIP accounts. You can also register and unregister SIP accounts. The Status screen also provides detailed information from Any IP and DHCP and statistics from VoIP, bandwidth management, and traffic. 6.1 Status Screen Click Status to open this screen. Figure 42 Status Screen P-2602H(W)(L)-DxA User’s Guide Status Screens...
Page 84: Table 17 Status Screen
LAN. Click this to go to the screen where you can change it. Channel This is the channel number used by the ZyXEL Device now. Security This displays the type of security mode the ZyXEL Device is using in the wireless LAN. P-2602H(W)(L)-DxA User’s Guide...
Page 85 Bandwidth Click this link to view the ZyXEL Device’s bandwidth usage and allotments. See Status Section 21.8 on page P-2602H(W)(L)-DxA User’s Guide Chapter 6 Status Screens Section 27.6 on page 351, or turn off the device Section 8.6 on page Section 6.3 on page...
Page 86: Any Ip Table
The second field displays Registered. Click Register to have the ZyXEL Device attempt to register the SIP account with the SIP server. The second field displays the reason the account is not registered. Section Section 6.4 on Section 6.5 on page P-2602H(W)(L)-DxA User’s Guide...
Page 87: Wlan Status ("W" Models Only)
Click Status > Packet Statistics to access this screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. P-2602H(W)(L)-DxA User’s Guide Chapter 6 Status Screens...
Page 88: Figure 45 Packet Statistics
This field displays the number of error packets on this port. This field displays the number of bytes transmitted in the last second. This field displays the number of bytes received in the last second. This field displays the elapsed time this port has been up. P-2602H(W)(L)-DxA User’s Guide...
Page 89: Voip Statistics
Click Status > VoIP Statistics to access this screen. Figure 46 VoIP Statistics Each field is described in the following table. Table 21 VoIP Statistics LABEL DESCRIPTION SIP Status Account This column displays each SIP account in the ZyXEL Device. P-2602H(W)(L)-DxA User’s Guide Chapter 6 Status Screens...
Page 90 The rate is the average number of bytes transmitted per second. Rx B/s This field displays how quickly the ZyXEL Device has received packets in the current call. The rate is the average number of bytes transmitted per second. P-2602H(W)(L)-DxA User’s Guide...
Page 91 Click this to make the ZyXEL Device update the screen based on the amount of time you specified in Poll Interval. Stop Click this to make the ZyXEL Device stop updating the screen. P-2602H(W)(L)-DxA User’s Guide Chapter 6 Status Screens...
Page 92 Chapter 6 Status Screens P-2602H(W)(L)-DxA User’s Guide...
Page 93: Wan Setup
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access. P-2602H(W)(L)-DxA User’s Guide WAN Setup...
Page 94: Multiplexing
The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP. However the encapsulation method assigned influences your choices for IP address and ENET ENCAP gateway. P-2602H(W)(L)-DxA User’s Guide...
Page 95: Nailed-Up Connection (Ppp)
ZyXEL Device uses the following pre-defined priorities: • Normal route: designated by the ISP (see • Traffic-redirect route (see • WAN-backup route, also called dial-backup (see P-2602H(W)(L)-DxA User’s Guide Section 7.5 on page Section 7.7 on page 102) Section 7.8 on page...
Page 96: Traffic Shaping
If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate. The following figure illustrates the relationship between PCR, SCR and MBS. Figure 47 Example of Traffic Shaping P-2602H(W)(L)-DxA User’s Guide...
Page 97: Atm Traffic Classes
Zero configuration for Internet access is disabled when • the ZyXEL Device is in bridge mode • you set the ZyXEL Device to use a static (fixed) WAN IP address. P-2602H(W)(L)-DxA User’s Guide Chapter 7 WAN Setup...
Page 98: Internet Access Setup
ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. (PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. (PPPoE only) Type the name of your PPPoE service here. P-2602H(W)(L)-DxA User’s Guide...
Page 99 The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Connect on Select Connect on Demand when you don't want the connection up all the time Demand and specify an idle time-out in the Max Idle Timeout field. P-2602H(W)(L)-DxA User’s Guide Chapter 7 WAN Setup...
Page 100: Advanced Internet Access Setup
Demand. The default setting is 0, which means the Internet session will not timeout. Click Apply to save the changes. Click Cancel to begin configuring this screen afresh. Click this button to display the Advanced WAN Setup screen and edit more details of your WAN setup. P-2602H(W)(L)-DxA User’s Guide...
Page 101: Wan More Connections
The ZyXEL Device allows you to configure more than one Internet access connection. To configure additional Internet access connections click Network > WAN > More Connections. The screen differs by the encapsulation you select. P-2602H(W)(L)-DxA User’s Guide Chapter 7 WAN Setup...
Page 102: Traffic Redirect
Click Cancel to begin configuring this screen afresh. 7.7 Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below. Figure 51 Traffic Redirect Example P-2602H(W)(L)-DxA User’s Guide...
Page 103: Wan Backup Setup
(Subnet 1) to the backup gateway (Subnet 2). Figure 52 Traffic Redirect LAN Setup 7.8 WAN Backup Setup Use this screen to configure your ZyXEL Device’s WAN backup. Click Network > WAN > WAN Backup Setup. P-2602H(W)(L)-DxA User’s Guide Chapter 7 WAN Setup...
Page 104: Table 25 Wan Backup Setup
ZyXEL Device automatically forwards traffic to this IP address if the ZyXEL Device's Internet connection terminates. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. configure at least one IP address here. Check WAN IP Address. P-2602H(W)(L)-DxA User’s Guide...
Page 105: Lan Setup
WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 53 LAN and WAN IP Addresses P-2602H(W)(L)-DxA User’s Guide LAN Setup to configure the LAN screens.
Page 106: Dhcp Setup
If your ISP gives you explicit DNS servers, make sure that you enter their IP addresses in the LAN Setup screen. 8.3 LAN TCP/IP The ZyXEL Device has built-in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability. P-2602H(W)(L)-DxA User’s Guide...
Page 107: Ip Address And Subnet Mask
Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, “Address Allocation for Private Internets” and RFC 1466, “Guidelines for Management of IP Address Space”. P-2602H(W)(L)-DxA User’s Guide Chapter 8 LAN Setup...
Page 108: Rip Setup
After that, the ZyXEL Device periodically updates this information. IP multicasting can be enabled/disabled on the ZyXEL Device LAN and/or WAN interfaces in the web configurator (LAN; WAN). Select None to disable IP multicasting on these interfaces. P-2602H(W)(L)-DxA User’s Guide...
Page 109: Any Ip
IP routing table is defined on IP Ethernet devices (the ZyXEL Device) to decide which hop to use, to help forward data along to its specified destination. P-2602H(W)(L)-DxA User’s Guide Chapter 8 LAN Setup...
Page 110: Configuring Lan Ip
255.255.255.0 (factory default). Your ZyXEL Device automatically computes the subnet mask based on the IP Address you enter, so do not change this field unless you are instructed to do so. Click Apply to save your changes back to the ZyXEL Device. for background P-2602H(W)(L)-DxA User’s Guide...
Page 111: Configuring Advanced Lan Setup
PPPoE or PPTP, NetBIOS packets cause unwanted calls. TCP/IP) However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN. P-2602H(W)(L)-DxA User’s Guide Chapter 8 LAN Setup...
Page 112: Dhcp Setup
DHCP requests and responses between the remote server and the clients. Enter the IP address of the actual, remote DHCP server in the Remote DHCP Server field in this case. When DHCP is used, the following items need to be set: P-2602H(W)(L)-DxA User’s Guide...
Page 113: Lan Client List
00:A0:C5:00:00:02. Click Network > LAN > Client List to open the following screen. Use this screen to change your ZyXEL Device’s static DHCP settings. P-2602H(W)(L)-DxA User’s Guide Chapter 8 LAN Setup...
Page 114: Lan Ip Alias
Click the modify icon to have the IP address field editable and change it. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to begin configuring this screen afresh. Click Refresh to reload the DHCP table. P-2602H(W)(L)-DxA User’s Guide...
Page 115: Figure 59 Physical Network & Partitioned Logical Networks
The following figure shows a LAN divided into subnets A, B, and C. Figure 59 Physical Network & Partitioned Logical Networks Click Network > LAN > IP Alias to open the following screen. Use this screen to change your ZyXEL Device’s IP alias settings. Figure 60 LAN IP Alias P-2602H(W)(L)-DxA User’s Guide...
Page 116: Table 30 Lan Ip Alias
By default, RIP direction is set to Both and the Version set to RIP-1. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to begin configuring this screen afresh. P-2602H(W)(L)-DxA User’s Guide...
Page 117: Wireless Lan
• Every device in the same wireless network must use the same SSID. The SSID is the name of the wireless network. It stands for Service Set IDentity. • If two wireless networks overlap, they should use a different channel. P-2602H(W)(L)-DxA User’s Guide Wireless LAN...
Page 118: Wireless Security Overview
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. ; for P-2602H(W)(L)-DxA User’s Guide...
Page 119: Encryption
Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. P-2602H(W)(L)-DxA User’s Guide Chapter 9 Wireless LAN RADIUS SERVER...
Page 120: One-Touch Intelligent Security Technology (Otist)
Enable this to improve the performance of both pure IEEE 802.11g and mixed IEEE 802.11b/g networks. Maximum Frame Burst sets the maximum time that the ZyXEL Device transmits IEEE 802.11g wireless traffic only. for more details. P-2602H(W)(L)-DxA User’s Guide...
Page 121: General Wlan Screen
Device’s new settings. Click Network > Wireless LAN to open the Wireless LAN General screen. Figure 62 Wireless LAN: General P-2602H(W)(L)-DxA User’s Guide DESCRIPTION A small fragmentation threshold is recommended for busy networks, while a larger threshold provides faster performance if the network is not very busy.
Page 122: No Security
LAN and you change the ZyXEL Device’s SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the ZyXEL Device’s new settings. P-2602H(W)(L)-DxA User’s Guide...
Page 123: Wep Encryption Screen
9.5.2 WEP Encryption Screen In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen. Select Static WEP from the Security Mode list. Figure 64 Wireless: Static WEP Encryption P-2602H(W)(L)-DxA User’s Guide Chapter 9 Wireless LAN...
Page 124: Wpa(2)-Psk
Table 36 Wireless: WPA(2)-PSK LABEL Security Mode WPA Compatible DESCRIPTION Choose WPA-PSK or WPA2-PSK from the drop-down list box. This field is only available for WPA2-PSK. Select this if you want the ZyXEL Device to support WPA-PSK and WPA2-PSK simultaneously. P-2602H(W)(L)-DxA User’s Guide...
Page 125: Wpa(2) Authentication Screen
In order to configure and enable WPA Authentication; click the Wireless LAN link under Network to display the Wireless screen. Select WPA or WPA2 from the Security list. P-2602H(W)(L)-DxA User’s Guide server, the reauthentication timer on the RADIUS server has priority.
Page 126: Figure 66 Wireless: Wpa(2)
WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the WPA Group Key Update Timer is also supported in WPA-PSK mode. The ZyXEL Device default is 1800 seconds (30 minutes). P-2602H(W)(L)-DxA User’s Guide...
Page 127: Wireless Lan Advanced Setup
The following table describes the labels in this screen. Table 38 Wireless LAN: Advanced LABEL DESCRIPTION Wireless Advanced Setup RTS/CTS Enter a value between 0 and 2432. If you select the G+ Enhanced checkbox a value Threshold of 4096 is displayed. P-2602H(W)(L)-DxA User’s Guide Chapter 9 Wireless LAN...
Page 128: Otist Screen
Network > Wireless LAN > OTIST. Ensure that your network’s SSID is fewer than 23 characters in length before you start OTIST. Click WIRELESS > General to change your network’s SSID. Figure 68 Network > Wireless LAN > OTIST P-2602H(W)(L)-DxA User’s Guide...
Page 129: Figure 69 Example: Wireless Client Otist Screen
ZyXEL Device in any order. After you click Start in the ZyXEL Device, the following screen appears (in the ZyXEL Device). P-2602H(W)(L)-DxA User’s Guide DESCRIPTION Type a key (password) 8 ASCII characters long. Note: If you change the OTIST setup key in the ZyXEL Device, you must change it on the wireless devices too.
Page 130: Notes On Otist
9.6.1 Notes on OTIST 1 If you enable OTIST in a wireless device, you see this screen each time you start the utility. Click Yes to search for an OTIST-enabled AP (in other words, the ZyXEL Device). P-2602H(W)(L)-DxA User’s Guide...
Page 131: Mac Filter
OTIST on the AP and ALL wireless devices again. 9.7 MAC Filter Use this screen to change your ZyXEL Device’s MAC filter settings. Click Network > Wireless LAN > MAC Filter. The screen appears as shown. P-2602H(W)(L)-DxA User’s Guide Chapter 9 Wireless LAN...
Page 132: Figure 74 Mac Address Filter
ZyXEL Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-2602H(W)(L)-DxA User’s Guide...
Page 133: Qos Screen
WMM QoS Policy Name Service Dest Port P-2602H(W)(L)-DxA User’s Guide DESCRIPTION Select the check box to enable WMM QoS on the ZyXEL Device. Select Default to have the ZyXEL Device automatically give a service a priority level according to the ToS value in the IP header of packets it sends.
Page 134: Application Priority Configuration
Click the Remove icon to delete an application entry. Click Apply to save your changes back to the ZyXEL Device. for a list of commonly-used services and destination ports. The DESCRIPTION Type a description of the application priority. P-2602H(W)(L)-DxA User’s Guide...
Page 135 LABEL Service Dest Port Priority Apply Cancel P-2602H(W)(L)-DxA User’s Guide DESCRIPTION The following is a description of the applications you can prioritize with WMM QoS. Select a service from the drop-down list box. • E-Mail Electronic mail consists of messages sent through a computer network to specific groups or individuals.
Page 136 Chapter 9 Wireless LAN P-2602H(W)(L)-DxA User’s Guide...
Page 137: Network Address Translation (Nat) Screens
This refers to the packet address (source or destination) as the packet travels on the LAN. Global This refers to the packet address (source or destination) as the packet travels on the WAN. NAT never changes the IP address (either local or global) of an outside host. P-2602H(W)(L)-DxA User’s Guide (NAT) Screens...
Page 138: Network Address Translation (Nat) Screens
Figure 77 How NAT Works 10.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. Table 44 on page 140), P-2602H(W)(L)-DxA User’s Guide...
Page 139: Nat Mapping Types
• Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. P-2602H(W)(L)-DxA User’s Guide Chapter 10 Network Address Translation (NAT) Screens...
Page 140: Sua (Single User Account) Versus Nat
IGA1 ILA2 IGA1 … ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 Table 44 on page P-2602H(W)(L)-DxA User’s Guide 140.
Page 141: Port Forwarding
(for example both FTP and web service), it might be better to specify a range of port numbers. You can allocate a server IP address that corresponds to a port or a range of ports. P-2602H(W)(L)-DxA User’s Guide Chapter 10 Network Address Translation (NAT) Screens...
Page 142: Default Server Ip Address
192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 80 Multiple Servers Behind NAT Example Appendix F on page 417. Please P-2602H(W)(L)-DxA User’s Guide...
Page 143: Configuring Port Forwarding
This is the first port number that identifies a service. End Port This is the last port number that identifies a service. P-2602H(W)(L)-DxA User’s Guide Chapter 10 Network Address Translation (NAT) Screens for port numbers commonly used for particular services.
Page 144: Port Forwarding Rule Edit
Enter the inside IP address of the server here. Address Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2602H(W)(L)-DxA User’s Guide...
Page 145: Address Mapping
IP address from your ISP. You can only do this for Many-to-One and Server mapping types. Global End IP This is the ending Inside Global IP Address (IGA). This field is N/A for One-to-one, Many-to-One and Server mapping types. P-2602H(W)(L)-DxA User’s Guide Chapter 10 Network Address Translation (NAT) Screens...
Page 146: Address Mapping Rule Edit
10.6.1 Address Mapping Rule Edit To edit an address mapping rule, click the rule’s edit icon in the Address Mapping screen to display the screen shown next. P-2602H(W)(L)-DxA User’s Guide...
Page 147: Figure 84 Edit Address Mapping Rule
Back Click Back to return to the previous screen. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2602H(W)(L)-DxA User’s Guide Chapter 10 Network Address Translation (NAT) Screens DESCRIPTION...
Page 148: Sip Alg
DESCRIPTION Select this to make sure SIP (VoIP) works correctly with port-forwarding and address-mapping rules. Click this to save your changes and to apply them to the ZyXEL Device. Click this to return to previously saved configuration. P-2602H(W)(L)-DxA User’s Guide...
Page 149: Voice
The SIP number is the part of the SIP URI that comes before the “@” symbol. A SIP number can use letters like in an e-mail address (johndoe@your-ITSP.com for example) or numbers like a telephone number (1122334455@VoIP-provider.com for example). P-2602H(W)(L)-DxA User’s Guide Voice...
Page 150: Sip Call Progression
A or B can act as a SIP user agent client to initiate a call. A and B can also both act as a SIP user agent to receive the call. 2. Ringing 3. OK 5.Dialogue (voice traffic) 7. OK P-2602H(W)(L)-DxA User’s Guide...
Page 151: Figure 86 Sip User Agent
1 Client device A sends a call invitation for C to the SIP redirect server (B). 2 The SIP redirect server sends the invitation back to A with C’s IP address (or domain name). 3 Client device A then sends the call invitation to client device C. P-2602H(W)(L)-DxA User’s Guide Chapter 11 Voice...
Page 152: Figure 88 Sip Redirect Server
The more similar the audio sample is to the prediction, the less space needed to describe it. G.726 operates at 16, 24, 32 or 40 kbps. P-2602H(W)(L)-DxA User’s Guide...
Page 153: Pstn Call Setup Signaling
11.2.9.2 Listening to Custom Tones Do the following to listen to a custom tone: The ZyXEL Device does not support pulse dialing at the time of writing. P-2602H(W)(L)-DxA User’s Guide DESCRIPTION 128 seconds for all custom tones combined 20 seconds You can record up to 8 different custom tones but the total time must be 128 seconds or less.
Page 154: Quality Of Service (Qos)
DSCP is backward compatible with the three precedence bits in the ToS octet so that non- DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping. The ZyXEL Device does not support DiffServ at the time of writing. P-2602H(W)(L)-DxA User’s Guide...
Page 155: Vlan Tagging
Use this screen to maintain basic information about each SIP account. You can also enable and disable each SIP account. To access this screen, click VoIP > SIP > SIP Settings. Figure 90 SIP > SIP Settings P-2602H(W)(L)-DxA User’s Guide Unused (2-bit)
Page 156: Advanced Sip Setup Screen
Click this to save your changes and to apply them to the ZyXEL Device. Click this to set every field in this screen to its last-saved value. Click this to edit the advanced settings for this SIP account. The Advanced SIP Setup screen appears. P-2602H(W)(L)-DxA User’s Guide...
Page 157: Figure 91 Voip > Sip Settings > Advanced
Each field is described in the following table. Table 54 VoIP > SIP Settings > Advanced LABEL DESCRIPTION SIP Account This field displays the SIP account you see in this screen. SIP Server Settings P-2602H(W)(L)-DxA User’s Guide Chapter 11 Voice...
Page 158 PCM - send the DTMF tones in the voice data stream. This method works best when you are using a codec that does not use compression (like G.711). Codecs that use compression (like G.729 and G.726) can distort the tones. SIP INFO - send the DTMF tones in SIP messages. P-2602H(W)(L)-DxA User’s Guide...
Page 159 Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. P-2602H(W)(L)-DxA User’s Guide Section 11.2.9 on page 153 for more information. Section 11.2.9 on page 153 Section 11.2.9 on page 153...
Page 160: Sip Qos Screen
VLAN tags. Otherwise, clear this field. Click this to save your changes and to apply them to the ZyXEL Device. Click this to set every field in this screen to its last-saved value. P-2602H(W)(L)-DxA User’s Guide...
Page 161: Comfort Noise Generation
Select this if you want to receive phone calls for the SIP2 account on this phone port. If you select more than one source for incoming calls, there is no way to distinguish between them when you receive phone calls. P-2602H(W)(L)-DxA User’s Guide Chapter 11 Voice...
Page 162: Advanced Analog Phone Setup Screen
Click this to save your changes and to apply them to the ZyXEL Device. Click this to set every field in this screen to its last-saved value. Click this to edit the advanced settings for this phone port. The Advanced Analog Phone Setup screen appears. P-2602H(W)(L)-DxA User’s Guide...
Page 163: Common Phone Settings Screen
Click this to set every field in this screen to its last-saved value. 11.10 Common Phone Settings Screen Use this screen to activate and deactivate immediate dialing and set up call fallback. To access this screen, click VoIP > Phone > Common. P-2602H(W)(L)-DxA User’s Guide Chapter 11 Voice...
Page 164: Phone Services Overview
ZyXEL Device uses the phone port’s registered SIP account to make the call. Click this to save your changes and to apply them to the ZyXEL Device. Click this to set every field in this screen to its last-saved value. Section 11.14 on page 170) P-2602H(W)(L)-DxA User’s Guide...
Page 165: The Flash Key
*98# 11.11.2.1 European Call Hold Call hold allows you to put a call (A) on hold by pressing the flash key. P-2602H(W)(L)-DxA User’s Guide DESCRIPTION Put a current call on hold to place a second call. Switch back to the call (if there is no second call).
Page 166: Usa Type Supplementary Services
(one is on-line, the other is on hold), press the flash key and press “2”. 11.11.3 USA Type Supplementary Services This section describes how to use supplementary phone services with the USA Type Call Service Mode. Commands for supplementary services are listed in the table below. P-2602H(W)(L)-DxA User’s Guide...
Page 167: Table 60 Usa Flash Key Commands
7 If you want to separate the activated three-way conference into two individual connections again, press the flash key. This time the party B is on-line and party A is on hold. P-2602H(W)(L)-DxA User’s Guide DESCRIPTION Put a current call on hold to place a second call. After the second call is successful, press the flash key again to have a three-way conference call.
Page 168: Phone Region Screen
You might have to subscribe to these services to use them. Contact your VoIP service provider. Click this to save your changes and to apply them to the ZyXEL Device. Click this to set every field in this screen to its last-saved value. P-2602H(W)(L)-DxA User’s Guide...
Page 169: Figure 97 Phone Book > Speed Dial
This field is blank, if the speed-dial entry uses one of your SIP accounts. Otherwise, this field shows the IP address or domain name of the SIP server or other party. (This field corresponds with the Type field in the Speed Dial section.) P-2602H(W)(L)-DxA User’s Guide Chapter 11 Voice...
Page 170: Incoming Call Policy Screen
Dial section, where you can change it. Click the Remove icon to erase this speed-dial entry. Click this to erase all the speed-dial entries. Click this to set every field in this screen to its last-saved value. P-2602H(W)(L)-DxA User’s Guide...
Page 171: Table 63 Phone Book > Incoming Call Policy
Forward to Number section. Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. P-2602H(W)(L)-DxA User’s Guide Chapter 11 Voice...
Page 172: Distinctive Ring Screen
Select this if you want to activate the distinctive ring feature. You also have to Ring enable individual entries. Test the Ring Use the drop down list box to select the ring tone you would like to hear. P-2602H(W)(L)-DxA User’s Guide...
Page 173: Pstn Line ("L" Models Only)
PHONE 1 port can be used for making calls. Ensure you know which phone this is, so that in case of emergency you can make outgoing calls. P-2602H(W)(L)-DxA User’s Guide number is part of any of the groups assigned above before checking the incoming line.
Page 174: Pstn Line Screen ("L" Models Only)
The number (1 - 9) is not a speed-dial number. It is just a sequential value that is not associated with any phone number. Click this to save your changes and to apply them to the ZyXEL Device. Click this to set every field in this screen to its last-saved value. P-2602H(W)(L)-DxA User’s Guide...
Page 175: Voip Trunking
PIN (Personal Identification Number). Your ZyXEL Device can be configured so that it prompts callers to enter a PIN (via the phone pad) in order to process any call forwarding requests. P-2602H(W)(L)-DxA User’s Guide VoIP Trunking...
Page 176: Peer Call Authentication
Table 66 Matching Incoming and Outgoing Authentication ACCOUNT DETAILS Outgoing Authentication Username Password Incoming Authentication Username Password LOCAL PEER DEVICE REMOTE PEER DEVICE localDeviceA localDeviceB passwordA passwordB userone localDeviceA userpassword passwordA P-2602H(W)(L)-DxA User’s Guide...
Page 177: Call Rules
12.4.2 PSTN Phone To VoIP Phone A PSTN phone A makes a call to the ZyXEL Device B. B connects A to a VoIP phone C over the IP network. P-2602H(W)(L)-DxA User’s Guide PATTERN CALL RULE Set up a peer call to a remote peer device to 1555 forward calls starting with the numbers 1555.
Page 178: Pstn Phone To Pstn Phone Via Voip
VoIP Trunking requires the following additional configuration in the VoIP > SIP > SIP Settings > Advanced Setup screen: Voice Compression field needs to be set to G.729 and DTMF Mode field needs to be set to SIP INFO. Figure 105 VoIP > Trunking > General P-2602H(W)(L)-DxA User’s Guide...
Page 179: Trunking Peer Call Screen
Use this screen to set up outgoing authentication accounts for forwarding calls through peer devices (without proxy) and incoming authentication accounts for forwarding calls from peer devices. To access this screen, click VoIP > Trunking > Peer Call. P-2602H(W)(L)-DxA User’s Guide Chapter 12 VoIP Trunking...
Page 180: Figure 106 Voip > Trunking > Peer Call
Enter the username needed to authenticate at the remote peer device. The remote peer device must have the same username in an incoming authentication entry in order to authenticate your connection. Enter up to 32 alphanumeric characters. P-2602H(W)(L)-DxA User’s Guide...
Page 181: Trunking Call Rule Screen
12.7 Trunking Call Rule Screen Use this screen to set up rules that determine which peer VoIP device your call will be forwarded to. To access this screen, click VoIP > Trunking > Call Rule. P-2602H(W)(L)-DxA User’s Guide Chapter 12 VoIP Trunking...
Page 182: Figure 107 Voip > Trunking > Call Rule
This account is used to direct your call to the correct remote peer device and to authenticate you. Select None to disable this forwarding rule. Click this to apply your settings to the ZyXEL Device. Click this to reset the fields. P-2602H(W)(L)-DxA User’s Guide...
Page 183: Voip Trunking Example: Voip To Pstn
IP address of the branch office ZyXEL Device. This must be a non-proxy IP address. The numbers are the phone numbers of the sales team members. This can be configured in the VoIP > Phone Book > Speed Dial screen. P-2602H(W)(L)-DxA User’s Guide Chapter 12 VoIP Trunking...
Page 184: Configuration Details: Incoming
This consists of a username and password. This account must match the username and password of the outgoing authentication account of the headquarters’ ZyXEL Device. This can be configured in the VoIP > Trunking > Peer Call screen. P-2602H(W)(L)-DxA User’s Guide...
Page 185: Call Progression
12.9 VoIP Trunking Example: PSTN to PSTN via VoIP This example shows how to configure a PSTN to PSTN call with a VoIP link. It also shows how call rules can be used to automate VoIP trunking. P-2602H(W)(L)-DxA User’s Guide Chapter 12 VoIP Trunking BRANCH OFFICE The remote peer device forwards the call to Sales1.
Page 186: Background Information
ZyXEL Device) for the PSTN caller to initiate VoIP trunking by dialing another number. It waits 3 seconds between dialing digits before it determines that the entire phone number is entered. These settings can be configured in the VoIP > Trunking > General screen. P-2602H(W)(L)-DxA User’s Guide...
Page 187: Figure 113 Pstn To Pstn Example: General Configuration
(“5555”) of “Sales1” telephone number. The account name is the name of the outgoing authentication account created in the Speed Dial screen (“CityB”). This setting can be configured in the VoIP > Trunking > Call Rule screen. P-2602H(W)(L)-DxA User’s Guide Chapter 12 VoIP Trunking...
Page 188: Configuration Details: Incoming
The call is initiated by the manager dialing into the headquarter’s ZyXEL Device via PSTN. In this scenario a VoIP link is established between headquarters and the branch office and then the call is forwarded to Sales1 using PSTN. P-2602H(W)(L)-DxA User’s Guide...
Page 189: Table 72 Pstn To Pstn: Voip Trunking Call Progression
The remote peer device confirms that the username and password match an account in its incoming authentication list. Sales1 picks up and the call commences. P-2602H(W)(L)-DxA User’s Guide Chapter 12 VoIP Trunking BRANCH OFFICE The remote peer device forwards the call to Sales1.
Page 190 Chapter 12 VoIP Trunking P-2602H(W)(L)-DxA User’s Guide...
Page 191: Phone Usage
Hang up the receiver. 2 Pick up another phone’s receiver. Press “#97#” followed by the same number you entered before to continue the call. P-2602H(W)(L)-DxA User’s Guide Phone Usage Section 11.13 on page 168) for peer-to-peer calls or SIP numbers...
Page 192: Checking The Zyxel Device's Ip Address
See Section 13.6 on page 192. Use these to upload or not upload new firmware to the ZyXEL Device, if requested by your service provider. See Section 13.6 on page 192. P-2602H(W)(L)-DxA User’s Guide 375.
Page 193 One shot caller ID display One shot Call Waiting Disable Activate or deactivate call waiting on the next call only. One shot Call Waiting Enable P-2602H(W)(L)-DxA User’s Guide Chapter 13 Phone Usage DESCRIPTION Transfer a call to another phone. See Section 11.11.2 on...
Page 194 Chapter 13 Phone Usage P-2602H(W)(L)-DxA User’s Guide...
Page 195: Firewalls
• Stateful Inspection Firewalls 14.2.1 Packet Filtering Firewalls Packet filtering firewalls restrict access based on the source/destination computer network address of a packet and the type of application. P-2602H(W)(L)-DxA User’s Guide Firewalls to configure default firewall settings. to view firewall rules.
Page 196: Application-Level Firewalls
FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service. for more information on stateful inspection. P-2602H(W)(L)-DxA User’s Guide...
Page 197: Denial Of Service Attacks
If the person configuring or managing the computer is not careful, a hacker could attack it over an unprotected port. Some of the most common IP ports are: Table 74 Common IP Ports Telnet SMTP P-2602H(W)(L)-DxA User’s Guide HTTP POP3 Chapter 14 Firewalls...
Page 198: Types Of Dos Attacks
ACK comes back or when an internal timer (which is set at relatively long intervals) terminates the three-way handshake. Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable for legitimate users. P-2602H(W)(L)-DxA User’s Guide...
Page 199: Figure 119 Syn Flood
"intermediary" network, but will also congest the network of the spoofed source IP address, known as the "victim" network. This flood of broadcast traffic consumes all available bandwidth, making communications impossible. Figure 120 Smurf Attack P-2602H(W)(L)-DxA User’s Guide Chapter 14 Firewalls...
Page 200: Stateful Inspection
This “remembering” is called saving the state. When the outside system responds to your request, the firewall compares the received packets with the saved state to determine if they REDIRECT TIMESTAMP_REQUEST TIMESTAMP_REPLY ADDRESS_MASK_REQUEST ADDRESS_MASK_REPLY ETRN EXPN HELO SAML SEND SOML HELP MAIL NOOP TURN VRFY P-2602H(W)(L)-DxA User’s Guide...
Page 201: Stateful Inspection Process
WAN interface's inbound extended access list. This temporary access list entry is designed to permit inbound packets of the same connection as the outbound packet just inspected. 5 The outbound packet is forwarded out through the interface. P-2602H(W)(L)-DxA User’s Guide Chapter 14 Firewalls...
Page 202: Stateful Inspection On Your Zyxel Device
If an initiation packet originates on the WAN, this means that someone is trying to make a connection from the Internet into the LAN. Except in a few special cases (see "Upper Layer Protocols" shown next), these packets are dropped and logged. P-2602H(W)(L)-DxA User’s Guide...
Page 203: Udp/Icmp Security
Any protocol that operates in this way must be supported on a case-by-case basis. You can use the web configurator’s Custom Ports feature to do this. P-2602H(W)(L)-DxA User’s Guide Chapter 14 Firewalls...
Page 204: Guidelines For Enhancing Security With Your Firewall
• If you use “chat rooms” or IRC sessions, be careful with any information you reveal to strangers. • If your system starts exhibiting odd behavior, contact your ISP. Some hackers will set off hacks that cause your system to slowly become unstable or unusable. P-2602H(W)(L)-DxA User’s Guide...
Page 205: Packet Filtering Vs Firewall
• To prevent DoS attacks and prevent hackers cracking your network. • A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required. P-2602H(W)(L)-DxA User’s Guide Chapter 14 Firewalls...
Page 206 • Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. • The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. P-2602H(W)(L)-DxA User’s Guide...
Page 207: Firewall Configuration
• WAN to WAN/ Router This prevents computers on the WAN from using the ZyXEL Device as a gateway to communicate with other computers on the WAN and/or managing the ZyXEL Device. P-2602H(W)(L)-DxA User’s Guide • WAN to LAN • WAN to WAN/ Router...
Page 208: Rule Logic Overview
Internet to the LAN, it is better to allow only certain machines on the Internet to access the LAN. 15.3.2 Security Ramifications 1 Once the logic of the rule has been defined, it is critical to consider the security ramifications created by the rule: P-2602H(W)(L)-DxA User’s Guide...
Page 209: Key Fields For Configuring Rules
LAN). Similarly, WAN to WAN/ Router and DMZ to DMZ/ Router polices apply in the same way to the WAN and DMZ ports. P-2602H(W)(L)-DxA User’s Guide Chapter 15 Firewall Configuration for more information on predefined services.
Page 210: Lan To Wan Rules
Click Security > Firewall to display the following screen. Activate the firewall by selecting the Active Firewall check box as seen in the following screen. Refer to Section 14.1 on page 195 Figure 122 Firewall: General Chapter 26 on page 331 for more information. P-2602H(W)(L)-DxA User’s Guide Figure 124...
Page 211: Firewall Rules Summary
Click Security > Firewall > Rules to bring up the following screen. This screen displays a list of the configured firewall rules. Note the order in which the rules are listed. P-2602H(W)(L)-DxA User’s Guide Chapter 15 Firewall Configuration directly to a LAN computer without passing through the router.
Page 212: Figure 123 Firewall Rules
(Reject) or allows the passage of packets (Permit). Schedule This field tells you whether a schedule is specified (Yes) or not (No). This field shows you whether a log is created when packets match this rule (Yes) or not (No). for more information. P-2602H(W)(L)-DxA User’s Guide...
Page 213: Configuring Firewall Rules
In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels. P-2602H(W)(L)-DxA User’s Guide Chapter 15 Firewall Configuration for more information.
Page 214: Figure 124 Firewall: Edit Rule
Select this option to enable this firewall rule. Use the drop-down list box to select whether to discard (Drop), deny and send an ICMP destination-unreachable message to the sender of (Reject) or allow the passage of (Permit) packets that match this rule. P-2602H(W)(L)-DxA User’s Guide...
Page 215 Click Back to return to the previous screen. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. P-2602H(W)(L)-DxA User’s Guide Chapter 15 Firewall Configuration Appendix F on page 417 for more information on services available.
Page 216: Customized Services
Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one. This action displays the following screen. Refer to Section 14.1 on page 195 Appendix F on page 417 for some examples. Click the Edit for more information. for more information. P-2602H(W)(L)-DxA User’s Guide...
Page 217: Example Firewall Rule
15.7 Example Firewall Rule The following Internet firewall rule example allows a hypothetical “MyService” connection from the Internet. 1 Click Security > Firewall > Rules. 2 Select WAN to LAN in the Packet Direction field. P-2602H(W)(L)-DxA User’s Guide Chapter 15 Firewall Configuration...
Page 218: Figure 127 Firewall Example: Rules
6 Click an index number to display the Customized Services Config screen and configure the screen as follows and click Apply. Figure 128 Edit Custom Port Example 7 Select Any in the Destination Address box and then click Delete. 8 Configure the destination address screen as follows and click Add. P-2602H(W)(L)-DxA User’s Guide...
Page 219: Figure 129 Firewall Example: Edit Rule: Destination Address
9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box. P-2602H(W)(L)-DxA User’s Guide...
Page 220: Figure 130 Firewall Example: Edit Rule: Select Customized Services
Figure 130 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. P-2602H(W)(L)-DxA User’s Guide...
Page 221: Dos Thresholds
You should make any changes to the threshold values before you continue configuring firewall rules. P-2602H(W)(L)-DxA User’s Guide Chapter 15 Firewall Configuration to configure thresholds.
Page 222: Half-Open Sessions
The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall, and Threshold to bring up the next screen. Figure 118 on page 198). For UDP, "half-open" P-2602H(W)(L)-DxA User’s Guide...
Page 223: Figure 132 Firewall: Threshold
The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number. P-2602H(W)(L)-DxA User’s Guide Chapter 15 Firewall Configuration DEFAULT VALUES 80 existing half-open sessions. 100 half-open sessions per minute.
Page 224: Firewall Commands
100, and to stop deleting half-open sessions with the number of existing half- open sessions drops below 80. 30 existing half-open TCP sessions. to turn on P-2602H(W)(L)-DxA User’s Guide...
Page 225 P-2602H(W)(L)-DxA User’s Guide Commands DESCRIPTION Displays the firewall log type and count. Clears the firewall log count. Dumps the last 64 bytes of packets that the firewall has dropped. Displays the firewall’s dynamic rules.
Page 226 Chapter 15 Firewall Configuration P-2602H(W)(L)-DxA User’s Guide...
Page 227: Content Filtering
URL http://www.website.com/bad.html, even if it is not included in the Filter List. To have your ZyXEL Device block Web sites containing keywords in their URLs, click Security > Content Filter. The screen appears as shown. Figure 133 Content Filter: Keyword P-2602H(W)(L)-DxA User’s Guide Content Filtering...
Page 228: Configuring The Schedule
When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to return to the previously saved settings. P-2602H(W)(L)-DxA User’s Guide...
Page 229: Configuring Trusted Computers
Trusted User IP Range From Apply Cancel P-2602H(W)(L)-DxA User’s Guide DESCRIPTION Type the IP address of a computer (or the beginning IP address of a specific range of computers) on the LAN that you want to exclude from content filtering.
Page 230 Chapter 16 Content Filtering P-2602H(W)(L)-DxA User’s Guide...
Page 231: Introduction To Ipsec
"ciphertext" (scrambled text) using a "key". The key and clear text are processed by the encryption operation, which leads to the data scrambling that makes encryption secure. Decryption is the opposite of encryption: it is a mathematical operation that transforms “ciphertext” to plaintext. Decryption also requires a key. P-2602H(W)(L)-DxA User’s Guide Introduction to IPSec...
Page 232: Vpn Applications
A VPN tunnel may be created to add support for unsupported emerging IP applications. Chapter 1 on page 37 17.2 IPSec Architecture The overall IPSec architecture is shown as follows. for an example of a VPN application. P-2602H(W)(L)-DxA User’s Guide...
Page 233: Ipsec Algorithms
Key management allows you to determine whether to use IKE (ISAKMP) or manual key configuration in order to set up a VPN. 17.3 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. P-2602H(W)(L)-DxA User’s Guide Chapter 17 Introduction to IPSec seeSection 18.2...
Page 234: Transport Mode
NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted. P-2602H(W)(L)-DxA User’s Guide...
Page 235: Table 88 Vpn And Nat
"original header plus original payload," which is unchanged by a NAT device. Transport mode ESP with authentication is not compatible with NAT. Table 88 VPN and NAT SECURITY PROTOCOL P-2602H(W)(L)-DxA User’s Guide Chapter 17 Introduction to IPSec MODE Transport Tunnel...
Page 236 Chapter 17 Introduction to IPSec P-2602H(W)(L)-DxA User’s Guide...
Page 237: Vpn Screens
An added feature of the ESP is payload padding, which further protects communications by concealing the size of the packet being transmitted. P-2602H(W)(L)-DxA User’s Guide VPN Screens Chapter 26 on page 331 for information on...
Page 238: My Ip Address
160-bit digest to authenticate packet data. MD5 (default) MD5 (Message Digest 5) produces a 128-bit digest to authenticate packet data. SHA1 SHA1 (Secure Hash Algorithm) produces a 160-bit digest to authenticate packet data. for details on dial backup and traffic redirect. P-2602H(W)(L)-DxA User’s Guide...
Page 239: Dynamic Secure Gateway Address
Click Security and VPN to open the VPN Setup screen. This is a menu of your IPSec rules (tunnels). The IPSec summary menu is read-only. Edit a VPN by selecting an index number and then configuring its associated submenus. P-2602H(W)(L)-DxA User’s Guide Chapter 18 VPN Screens 259for configuration examples).
Page 240: Figure 140 Vpn Setup
Local Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Range. A (static) IP address and a subnet mask are displayed when the Local Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Subnet. P-2602H(W)(L)-DxA User’s Guide...
Page 241: Keep Alive
As a result, the VPN device at the receiving end finds a mismatch between the hash value and the data and assumes that the data has been maliciously altered. P-2602H(W)(L)-DxA User’s Guide Chapter 18 VPN Screens Section 18.12 on page...
Page 242: Remote Dns Server
DNS server, you must identify that DNS server. You cannot use DNS servers on the LAN or from the ISP since these DNS servers cannot resolve domain names to private IP addresses on the remote network Figure 141 on page MODE Transport Tunnel Transport Tunnel P-2602H(W)(L)-DxA User’s Guide 242, when...
Page 243: Id Type And Content
SAs. The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP address, domain name, or e-mail address. P-2602H(W)(L)-DxA User’s Guide (seeSection 18.12.1 on page (seeSection 18.18 on page 259...
Page 244: Id Type And Content Examples
The domain name or e-mail address that you use in the Content field is used for identification purposes only and does not need to be a real domain name or e-mail address. ZYXEL DEVICE B Local ID type: IP Local ID content: 1.1.1.2 Peer ID type: E-mail Peer ID content: tom@yourcompany.com P-2602H(W)(L)-DxA User’s Guide...
Page 245: Pre-Shared Key
18.11 Editing VPN Policies Click an Edit icon in the P-2602H(W)(L)-DxA User’s Guide ZYXEL DEVICE B Local ID type: IP Local ID content: 1.1.1.10...
Page 246: Figure 143 Edit Vpn Policies
NAT traversal, and the NAT routers have to forward UDP port 500 packets to the remote IPSec router behind the NAT router. Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. P-2602H(W)(L)-DxA User’s Guide...
Page 247 IPSec router. When the Remote Address Type field is configured to Subnet, enter a (static) IP address on the network behind the remote IPSec router. P-2602H(W)(L)-DxA User’s Guide Chapter 18 VPN Screens...
Page 248 When there is a NAT router between the two IPSec routers. When you want the ZyXEL Device to distinguish between VPN connection requests that come in from remote IPSec routers with dynamic WAN IP addresses. for details on dial backup and P-2602H(W)(L)-DxA User’s Guide...
Page 249 Click Advanced to configure more detailed settings of your IKE key management. Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. P-2602H(W)(L)-DxA User’s Guide Chapter 18 VPN Screens...
Page 250: Ike Phases
• Choose Tunnel mode or Transport mode. DESCRIPTION Click Cancel to begin configuring this screen afresh. Click Advanced Setup to configure more detailed settings of your IKE key management. Section 18.12.3 on page 251. Select None (the default) to disable P-2602H(W)(L)-DxA User’s Guide...
Page 251: Negotiation Mode
SA setup (by bypassing the Diffie-Hellman key exchange). 18.13 Configuring Advanced IKE Settings Click Advanced Setup in the P-2602H(W)(L)-DxA User’s Guide Edit VPN Policies screen to open this screen. Chapter 18 VPN Screens...
Page 252: Figure 145 Advanced Vpn Policies
If Remote Start Port is left at 0, End will also remain at 0. Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. P-2602H(W)(L)-DxA User’s Guide...
Page 253 SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for maximum security. P-2602H(W)(L)-DxA User’s Guide Chapter 18 VPN Screens...
Page 254: Manual Key Setup
Click Back to return to the previous screen. Click Apply to save your changes back to the ZyXEL Device and return to the VPN-IKE screen. Click Cancel to return to the VPN-IKE screen without saving your changes. P-2602H(W)(L)-DxA User’s Guide...
Page 255: Figure 146 Vpn: Manual Key
IKE key management. Type a number (base 10) from 1 to 999999 for the Security Parameter Index. Encapsulation Select Tunnel mode or Transport mode from the drop-down list box. Mode P-2602H(W)(L)-DxA User’s Guide Chapter 18 VPN Screens...
Page 256 (static) IP address, in a range of computers on the network behind the remote IPSec router. When the Remote Address Type field is configured to Subnet, enter a subnet mask on the network behind the remote IPSec router. P-2602H(W)(L)-DxA User’s Guide...
Page 257: Viewing Sa Monitor
A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections. Use Refresh to display active VPN connections. This screen is read-only. The following table describes the fields in this tab. P-2602H(W)(L)-DxA User’s Guide Chapter 18 VPN Screens Chapter 7 on page 93...
Page 258: Figure 147 Vpn: Sa Monitor
Disconnect Select one of the security associations, and then click Disconnect to stop that security association. Refresh Click Refresh to display the current active VPN connection(s). Section 18.6 on page 241on keep alive to have the ZyXEL P-2602H(W)(L)-DxA User’s Guide...
Page 259: Configuring Global Setting
WAN IP addresses of their IPSec routers. The telecommuters must all use the same IPSec parameters but the local IP addresses (or ranges of addresses) should not overlap. P-2602H(W)(L)-DxA User’s Guide DESCRIPTION NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that enable a computer to find other computers.
Page 260: Telecommuters Using Unique Vpn Rules Example
Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 192.168.1.10 Section 18.12.1 on page HEADQUARTERS Public static IP address 0.0.0.0 With this IP address only the telecommuter can initiate the IPSec tunnel. 192.168.1.10 0.0.0.0 (N/A) 251), the ZyXEL Device can P-2602H(W)(L)-DxA User’s Guide...
Page 261: Figure 150 Telecommuters Using Unique Vpn Rules Example
Local ID Content: telecommuterb.com Local IP Address: 192.168.3.2 Telecommuter C (telecommuterc.dydns.org) Local ID Type: E-mail Local ID Content: myVPN@myplace.com Local IP Address: 192.168.4.15 P-2602H(W)(L)-DxA User’s Guide Chapter 18 VPN Screens HEADQUARTERS All Headquarters Rules: My IP Address: bigcompanyhq.com Local IP Address: 192.168.1.10 Local ID Type: E-mail Local ID Content: bob@bigcompanyhq.com...
Page 262: Vpn And Remote Management
Chapter 18 VPN Screens 18.19 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote Management) to allow access for that service. P-2602H(W)(L)-DxA User’s Guide...
Page 263: Certificates
A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has expired or been revoked. P-2602H(W)(L)-DxA User’s Guide Certificates...
Page 264: Advantages Of Certificates
Use the Trusted CAs screens to save CA certificates to the ZyXEL Device. Use the Trusted Remote Hosts screens to import self-signed certificates. Use the Directory Servers screen to configure a list of addresses of directory servers (that contain lists of valid and revoked certificates). P-2602H(W)(L)-DxA User’s Guide...
Page 265: My Certificates
Subject field. Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable. P-2602H(W)(L)-DxA User’s Guide Chapter 19 Certificates...
Page 266: My Certificate Import
Click Import to open a screen where you can save the certificate that you have enrolled from a certification authority from your computer to the ZyXEL Device. Click Refresh to display the current validity status of the certificates. P-2602H(W)(L)-DxA User’s Guide...
Page 267: Certificate File Formats
Click Browse to find the certificate file you want to upload. Back Click Back to return to the previous screen. Apply Click Apply to save the certificate on the ZyXEL Device. Cancel Click Cancel to clear your settings. P-2602H(W)(L)-DxA User’s Guide Chapter 19 Certificates...
Page 268: My Certificate Create
ZyXEL Device drops trailing spaces. Type up to 127 characters to identify the company or group to which the certificate owner belongs. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. P-2602H(W)(L)-DxA User’s Guide...
Page 269 CA Certificate Request Authentication Apply Cancel P-2602H(W)(L)-DxA User’s Guide DESCRIPTION Type up to 127 characters to identify the nation where the certificate owner is located. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. Select a number from the drop-down list box to determine how many bits the key should use (512 to 2048).
Page 270: My Certificate Details
ZyXEL Device uses to sign the trusted remote host certificates that you import to the ZyXEL Device. 265). Click the edit icon to open the My Certificate Details screen. Use P-2602H(W)(L)-DxA User’s Guide...
Page 271: Figure 155 My Certificate Details
Chapter 19 Certificates Figure 155 My Certificate Details P-2602H(W)(L)-DxA User’s Guide...
Page 272: Table 106 My Certificate Details
This field displays the type of algorithm that was used to generate the certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). P-2602H(W)(L)-DxA User’s Guide...
Page 273: Trusted Cas
ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certification authorities. P-2602H(W)(L)-DxA User’s Guide Chapter 19 Certificates...
Page 274: Figure 156 Trusted Cas
Lists for the certificates that it has issued and you have selected the Issues certificate revocation lists (CRL) check box in the certificate’s details screen to have the ZyXEL Device check the CRL before trusting any certificates issued by the certification authority. Otherwise the field displays “No”. P-2602H(W)(L)-DxA User’s Guide...
Page 275: Trusted Ca Import
Click Browse to find the certificate file you want to upload. Apply Click Apply to save the certificate on the ZyXEL Device. Cancel Click Cancel to quit and return to the Trusted CAs screen. P-2602H(W)(L)-DxA User’s Guide Chapter 19 Certificates...
Page 276: Trusted Ca Details
ZyXEL Device to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. Figure 158 Trusted CA Details P-2602H(W)(L)-DxA User’s Guide...
Page 277: Table 109 Trusted Ca Details
This field displays the type of algorithm that was used to generate the certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). P-2602H(W)(L)-DxA User’s Guide Chapter 19 Certificates...
Page 278: Trusted Remote Hosts
ZyXEL Device to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority. Click Cancel to quit and return to the Trusted CAs screen. P-2602H(W)(L)-DxA User’s Guide...
Page 279: Figure 159 Trusted Remote Hosts
Click Import to open a screen where you can save the certificate of a remote host (which you trust) from your computer to the ZyXEL Device. Refresh Click this button to display the current validity status of the certificates. P-2602H(W)(L)-DxA User’s Guide Chapter 19 Certificates...
Page 280: Verifying A Trusted Remote Host's Certificate
3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. Figure 161 Certificate Details Verify (over the phone for example) that the remote host has the same information in the Thumbprint Algorithm and Thumbprint fields. P-2602H(W)(L)-DxA User’s Guide...
Page 281: Trusted Remote Hosts Import
Click Security > Certificates > Trusted Remote Hosts to open the Trusted Remote Hosts screen. Click the details icon to open the Trusted Remote Host Details screen. Use this screen to view in-depth information about the trusted remote host’s certificate and/or change the certificate’s name. P-2602H(W)(L)-DxA User’s Guide Chapter 19 Certificates...
Page 282: Figure 163 Trusted Remote Host Details
Chapter 19 Certificates Figure 163 Trusted Remote Host Details P-2602H(W)(L)-DxA User’s Guide...
Page 283: Table 112 Trusted Remote Host Details
Subject Alternative Name Key Usage Basic Constraint P-2602H(W)(L)-DxA User’s Guide DESCRIPTION This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Page 284: Directory Servers
Click Apply to save your changes back to the ZyXEL Device. You can only change the name of the certificate. Click Cancel to quit configuring this screen and return to the Trusted Remote Hosts screen. for how to verify a remote host’s for how to verify a remote host’s P-2602H(W)(L)-DxA User’s Guide...
Page 285: Directory Server Add And Edit
Click Security > Certificates > Directory Servers to open the Directory Servers screen. Click Add (or the details icon) to open the Directory Server Add screen. Use this screen to configure information about a directory server that the ZyXEL Device can access. P-2602H(W)(L)-DxA User’s Guide Chapter 19 Certificates...
Page 286: Figure 165 Directory Server Add And Edit
Type the password (up to 31 ASCII characters) from the entity maintaining the directory server (usually a certification authority). Click Back to return to the Directory Servers screen. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to quit configuring this screen. P-2602H(W)(L)-DxA User’s Guide...
Page 287: Static Route
ZyXEL Device about the networks beyond the remote nodes. Figure 166 Example of Static Routing Topology 20.2 Configuring Static Route Click Advanced > Static Route to open the Static Route screen. P-2602H(W)(L)-DxA User’s Guide Static Route...
Page 288: Static Route Edit
Click this to return to the previously saved configuration. 20.2.1 Static Route Edit Select a static route index number and click Edit. The screen shown next appears. Use this screen to configure the required information for a static route. P-2602H(W)(L)-DxA User’s Guide...
Page 289: Figure 168 Static Route Edit
Back Click Back to return to the previous screen without saving. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2602H(W)(L)-DxA User’s Guide Chapter 20 Static Route...
Page 290 Chapter 20 Static Route P-2602H(W)(L)-DxA User’s Guide...
Page 291: Bandwidth Management
Time-sensitive applications include both those that require a low level of latency (delay) and a low level of jitter (variations in delay) such as Voice over IP or Internet gaming, and those for which jitter alone is a problem such as Internet radio or streaming video. P-2602H(W)(L)-DxA User’s Guide...
Page 292: Subnet-Based Bandwidth Management
The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 169 Subnet-based Bandwidth Management Example TIME TYPICAL PACKET SIZE SENSITIVITY (BYTES) High < 250 High 60 ~ 90 Medium 300 ~ 600 1500 ATC PRIORITY ATC_High ATC_Medium ATC_Low P-2602H(W)(L)-DxA User’s Guide...
Page 293: Application And Subnet-Based Bandwidth Management
Click Advanced > Bandwidth MGMT to open the screen as shown next. Use this screen to enable or disable bandwidth management, and to enable or disable automatic traffic classification. Figure 170 Bandwidth Management: General P-2602H(W)(L)-DxA User’s Guide Chapter 21 Bandwidth Management FROM SUBNET A FROM SUBNET B...
Page 294: Bandwidth Management Rule Setup
Select a service for your rule or you can select User define to go to the screen where you can define your own. Select a priority from the drop down list box. Choose High, Mid or Low. P-2602H(W)(L)-DxA User’s Guide...
Page 295: Rule Configuration
Click the Edit icon or User defined in the Service field to configure a bandwidth management rule. Use bandwidth rules to allocate specific amounts of bandwidth capacity (bandwidth budgets) to specific applications and/or subnets. Figure 172 Bandwidth Management Rule Configuration P-2602H(W)(L)-DxA User’s Guide Chapter 21 Bandwidth Management...
Page 296: Table 123 Bandwidth Management Rule Configuration
Enter the destination subnet mask. This field is N/A if you do not specify a Source Address. Refer to the appendix for more information on IP subnetting. A blank source port means any source port number. Appendix F on page 417 for some P-2602H(W)(L)-DxA User’s Guide...
Page 297: Bandwidth Monitor
The gray section of the bar represents the percentage of unused bandwidth and the blue color represents the percentage of bandwidth in use. Figure 173 Bandwidth Management: Monitor P-2602H(W)(L)-DxA User’s Guide Chapter 21 Bandwidth Management Appendix F on page 417 for some...
Page 298 Chapter 21 Bandwidth Management P-2602H(W)(L)-DxA User’s Guide...
Page 299: Dynamic Dns Setup
Section 22.2 on page 299 22.2 Configuring Dynamic DNS To change your ZyXEL Device’s DDNS, click Advanced > Dynamic DNS. The screen appears as shown. Section 22.1 on page 299 P-2602H(W)(L)-DxA User’s Guide Dynamic DNS Setup for configuration instruction. for more information.
Page 300: Figure 174 Dynamic Dns
Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line. IP Address Update Policy Use WAN IP Select this option to update the IP address of the host name(s) to the WAN IP Address address. P-2602H(W)(L)-DxA User’s Guide...
Page 301 Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2602H(W)(L)-DxA User’s Guide address if there is an HTTP proxy server between the ZyXEL Device and the DDNS server. Chapter 22 Dynamic DNS Setup...
Page 302 Chapter 22 Dynamic DNS Setup P-2602H(W)(L)-DxA User’s Guide...
Page 303: Remote Management Configuration
WAN, you still need to configure a firewall rule to allow access. You may manage your ZyXEL Device from a remote location via: • Internet (WAN only) • ALL (LAN and WAN) • LAN only, • Neither (Disable). P-2602H(W)(L)-DxA User’s Guide Remote Management Configuration...
Page 304: Remote Management Limitations
The management session does not time out when a statistics screen is polling. 23.2 WWW To change your ZyXEL Device’s World Wide Web settings, click Advanced > Remote MGMT to display the WWW screen. P-2602H(W)(L)-DxA User’s Guide...
Page 305: Telnet
You can configure your ZyXEL Device for remote Telnet access as shown next. The administrator uses Telnet from a computer on a remote network to access the ZyXEL Device. Figure 177 Telnet Configuration on a TCP/IP Network P-2602H(W)(L)-DxA User’s Guide Chapter 23 Remote Management Configuration...
Page 306: Configuring Telnet
Section 27.7 on page 351 have an FTP client. To change your ZyXEL Device’s FTP settings, click Advanced > Remote MGMT > FTP tab. The screen appears as shown. for details. To use this feature, your computer must P-2602H(W)(L)-DxA User’s Guide...
Page 307: Snmp
ZyXEL Device through the network. The ZyXEL Device supports SNMP version one (SNMPv1) and version two (SNMPv2). The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. P-2602H(W)(L)-DxA User’s Guide Chapter 23 Remote Management Configuration...
Page 308: Supported Mibs
• Trap - Used by the agent to inform the manager of some events. 23.6.1 Supported MIBs The ZyXEL Device supports MIB II, which is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. P-2602H(W)(L)-DxA User’s Guide...
Page 309: Snmp Traps
To change your ZyXEL Device’s SNMP settings, click Advanced > Remote MGMT > SNMP. The screen appears as shown. Figure 181 Remote Management: SNMP P-2602H(W)(L)-DxA User’s Guide Chapter 23 Remote Management Configuration DESCRIPTION A trap is sent after booting (power on).
Page 310: Configuring Dns
Type the IP address of the station to send your SNMP traps to. Click Apply to save your customized settings and exit this screen. Click Cancel to begin configuring this screen afresh. Chapter 8 on page 105 for background information. P-2602H(W)(L)-DxA User’s Guide...
Page 311: Configuring Icmp
This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. If you want your device to respond to pings and requests for unauthorized services, you may also need to configure the firewall anti probing settings to match. P-2602H(W)(L)-DxA User’s Guide Chapter 23 Remote Management Configuration...
Page 312: Figure 183 Remote Management: Icmp
ICMP port-unreachable packet for a blocked UDP packets or just drop the packets without sending a response packet. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. P-2602H(W)(L)-DxA User’s Guide...
Page 313: Universal Plug-And-Play (Upnp)
The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. P-2602H(W)(L)-DxA User’s Guide for configuration instructions.
Page 314: Upnp And Zyxel
ZyXEL Device, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. P-2602H(W)(L)-DxA User’s Guide...
Page 315: Installing Upnp In Windows Example
Figure 185 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. P-2602H(W)(L)-DxA User’s Guide Chapter 24 Universal Plug-and-Play (UPnP) DESCRIPTION Select this check box to allow traffic from UPnP-enabled applications to bypass the firewall.
Page 316: Figure 186 Add/Remove Programs: Windows Setup: Communication: Components
3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 187 Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. P-2602H(W)(L)-DxA User’s Guide...
Page 317: Figure 188 Windows Optional Networking Components Wizard
5 In the Networking Services window, select the Universal Plug and Play check box. Figure 189 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. P-2602H(W)(L)-DxA User’s Guide Chapter 24 Universal Plug-and-Play (UPnP)
Page 318: Using Upnp In Windows Xp Example
1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. Figure 190 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. P-2602H(W)(L)-DxA User’s Guide...
Page 319: Figure 191 Internet Connection Properties
Chapter 24 Universal Plug-and-Play (UPnP) Figure 191 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. P-2602H(W)(L)-DxA User’s Guide...
Page 320: Figure 192 Internet Connection Properties: Advanced Settings
5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. P-2602H(W)(L)-DxA User’s Guide...
Page 321: Figure 194 System Tray Icon
ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. P-2602H(W)(L)-DxA User’s Guide Chapter 24 Universal Plug-and-Play (UPnP)
Page 322: Figure 196 Network Connections
Chapter 24 Universal Plug-and-Play (UPnP) Figure 196 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. P-2602H(W)(L)-DxA User’s Guide...
Page 323: Figure 197 Network Connections: My Network Places
Figure 197 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 198 Network Connections: My Network Places: Properties: Example P-2602H(W)(L)-DxA User’s Guide...
Page 324 Chapter 24 Universal Plug-and-Play (UPnP) P-2602H(W)(L)-DxA User’s Guide...
Page 325: Maintenance And Troubleshooting
Maintenance and Troubleshooting System (327) Logs (331) Tools (345) Diagnostic (357) Troubleshooting (361)
Page 327: System
DHCP from the ISP is used. While you must enter the host name (System Name), the domain name can be assigned from the ZyXEL Device via DHCP. Click Maintenance > System to open the General screen. P-2602H(W)(L)-DxA User’s Guide System...
Page 328: Figure 199 System General Setup
ZyXEL Device. Retype to Type the new password again for confirmation. Confirm Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2602H(W)(L)-DxA User’s Guide...
Page 329: Time Setting
This field displays the last updated time from the time server or the last time configured manually. (hh:mm:ss) When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply. P-2602H(W)(L)-DxA User’s Guide Chapter 25 System...
Page 330 In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Click Apply to save your changes back to the ZyXEL Device. Click Cancel to begin configuring this screen afresh. P-2602H(W)(L)-DxA User’s Guide...
Page 331: Logs
Log entries in red indicate alerts. The log wraps around and deletes the old entries after it fills. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order. P-2602H(W)(L)-DxA User’s Guide Logs Section 26.3 on page...
Page 332: Configuring Log Settings
Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many e- mails being sent. Section 26.1 on page 331 for more information. P-2602H(W)(L)-DxA User’s Guide...
Page 333: Figure 202 Log Settings
ZyXEL Device sends. Not all ZyXEL Device models have this field. Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail. P-2602H(W)(L)-DxA User’s Guide Chapter 26 Logs...
Page 334: Smtp Error Messages
Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to return to the previously saved settings. 26.4 SMTP Error Messages If there are difficulties in sending e-mail the following error message appears. Daily Weekly Hourly When Log is Full None. P-2602H(W)(L)-DxA User’s Guide...
Page 335: Example E-Mail Log
127|Apr 7 00 |From:192.168.1.131 | 10:05:17 |UDP src port:00520 dest port:00520 128|Apr 7 00 |From:192.168.1.1 | 10:05:30 |UDP src port:00520 dest port:00520 End of Firewall Log P-2602H(W)(L)-DxA User’s Guide To:192.168.1.255 |default policy |<1,00> To:192.168.1.255 |default policy |<1,00> To:10.10.10.10 |match |<1,01>...
Page 336: Log Descriptions
Someone has failed to log on to the router’s SSH server. Someone has logged on to the router's web configurator interface using HTTPS protocol. Someone has failed to log on to the router's web configurator interface using HTTPS protocol. P-2602H(W)(L)-DxA User’s Guide...
Page 337: Table 139 System Error Logs
Peer TCP state out of order, sent TCP RST Firewall session time out, sent TCP RST P-2602H(W)(L)-DxA User’s Guide DESCRIPTION This attempt to create a NAT session exceeds the maximum number of NAT session table entries allowed to be created per host.
Page 338: Table 142 Packet Filter Logs
(3 is for dial-up, 6 is for PPPoE, 10 is for PPTP). "channel" or “ch” is the call channel ID.For example,"board 0 line 0 channel 0, call 3, C01 Outgoing Call dev=6 ch=0 "Means the router has dialed to the PPPoE server 3 times. P-2602H(W)(L)-DxA User’s Guide...
Page 339: Table 145 Ppp Logs
[ TCP | UDP | IGMP | ESP | GRE | OSPF ] land ICMP (type:%d, code:%d) P-2602H(W)(L)-DxA User’s Guide DESCRIPTION The PPPoE, PPTP or dial-up call is connected. The PPPoE, PPTP or dial-up call was disconnected. DESCRIPTION The PPP connection’s Link Control Protocol stage has started.
Page 340: Table 149 802.1X Logs
The local user database only supports the EAP-MD5 method. A user tried to use another authentication method and was not authenticated. The router logged out a user whose session expired. The router logged out a user who ended the session. P-2602H(W)(L)-DxA User’s Guide...
Page 341: Table 150 Acl Setting Notes
A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench P-2602H(W)(L)-DxA User’s Guide DESCRIPTION The router logged out a user from which there was no authentication response. The router logged out a user whose idle timeout period expired.
Page 342: Table 152 Syslog Logs
DESCRIPTION The listed SIP account was successfully registered with a SIP register server. An attempt to register the listed SIP account with a SIP register server was not successful. P-2602H(W)(L)-DxA User’s Guide...
Page 343: Table 154 Rtp Logs
Table 157 PSTN Logs LOG MESSAGE PSTN Call Start PSTN Call End PSTN Call Established P-2602H(W)(L)-DxA User’s Guide DESCRIPTION The listed SIP account’s registration was deleted from the SIP register server. An attempt to delete the listed SIP account’s registration from the SIP register server failed.
Page 344: Table 158 Rfc-2408 Isakmp Payload Types
RFC 2408 for detailed information on each type. Table 158 RFC-2408 ISAKMP Payload Types LOG DISPLAY PROP TRANS CER_REQ HASH NONCE NOTFY PAYLOAD TYPE Security Association Proposal Transform Key Exchange Identification Certificate Certificate Request Hash Signature Nonce Notification Delete Vendor ID P-2602H(W)(L)-DxA User’s Guide...
Page 345: Tools
DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom” filename extension. Once you have customized the ZyXEL Device's settings, they can be saved back to your computer under a filename of your choosing. P-2602H(W)(L)-DxA User’s Guide Tools...
Page 346: File Maintenance Over Wan
ROM file system, including your ZyXEL Device configurations, system-related data (including the default password), the error log and the trace log. This is the generic name for the ZyNOS firmware on the ZyXEL Device. P-2602H(W)(L)-DxA User’s Guide DESCRIPTION *.rom *.bin...
Page 347: Firmware Upgrade Screen
Click Upload to begin the upload process. This process may take up to two minutes. After you see the Firmware Upload in Progress screen, wait two minutes before logging into the ZyXEL Device again. P-2602H(W)(L)-DxA User’s Guide for upgrading firmware using FTP/TFTP commands. Chapter 27 Tools...
Page 348: Backup And Restore
Section 27.7 on page 351 using FTP/TFTP commands. Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next. Section 27.8 on page 354 for transferring configuration files P-2602H(W)(L)-DxA User’s Guide...
Page 349: Backup Configuration
Do not turn off the ZyXEL Device while configuration file upload is in progress. After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. P-2602H(W)(L)-DxA User’s Guide Chapter 27 Tools...
Page 350: Reset To Factory Defaults
Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears. Figure 212 Reset Warning Message for details on how to set up your computer’s IP address. P-2602H(W)(L)-DxA User’s Guide...
Page 351: Restart
6 Use “ ” to transfer files from the ZyXEL Device to the computer, for example, “ rom-0 config.rom P-2602H(W)(L)-DxA User’s Guide Section 1.6 on page 48 for more information on the RESET button. ” transfers the configuration file on the ZyXEL Device to your...
Page 352: Ftp Command Configuration Backup Example
ISP or service administrator has enabled this option. Normal. The server requires a unique User ID and Password to login. Transfer files in either ASCII (plain text format) or in binary mode. Specify the default remote directory (path). Specify the default local directory (path). P-2602H(W)(L)-DxA User’s Guide...
Page 353: Tftp Command Configuration Backup Example
Stop transfer of the file. Refer to Section 27.3 on page 346 over WAN. P-2602H(W)(L)-DxA User’s Guide ” to disable the management idle timeout, so the TFTP sys stdio 0 sys stdio 5” ” to transfer from the ZyXEL Device to the computer and ”...
Page 354: Using Ftp Or Tftp To Restore Configuration
FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. The following sections give examples of how to upload the firmware and the configuration files. to read about configurations that disallow TFTP and FTP P-2602H(W)(L)-DxA User’s Guide...
Page 355: Ftp File Upload Command From The Dos Prompt Example
1 Use telnet from your computer to connect to the device and log in. Because TFTP does not have any security checks, the device records the IP address of the telnet client and accepts TFTP requests only from this address. P-2602H(W)(L)-DxA User’s Guide to read about configurations that disallow TFTP and FTP Chapter 27 Tools...
Page 356: Tftp Upload Command Example
– name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the device). Commands that you may see in GUI-based TFTP clients are listed earlier in this chapter. P-2602H(W)(L)-DxA User’s Guide...
Page 357: Diagnostic
Type the IP address of a computer that you want to ping in order to test a connection. Address Ping Click this button to ping the IP address that you entered. 28.2 DSL Line Diagnostic Click Maintenance > Diagnostic > DSL Line to open the screen shown next. P-2602H(W)(L)-DxA User’s Guide Diagnostic...
Page 358: Figure 219 Diagnostic: Dsl Line
PVC with proper VPIs/VCIs before you begin this test. The ZyXEL Device sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the ZyXEL Device. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network. P-2602H(W)(L)-DxA User’s Guide...
Page 359 Capture All Logs Click this button to display information and statistics about your ZyXEL Device’s ATM statistics, DSL connection statistics, DHCP settings, firmware version, WAN and gateway IP address, VPI/VCI and LAN IP address. P-2602H(W)(L)-DxA User’s Guide Chapter 28 Diagnostic...
Page 360 Chapter 28 Diagnostic P-2602H(W)(L)-DxA User’s Guide...
Page 361: Troubleshooting
2 Check the hardware connections. See the Quick Start Guide. 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Turn the ZyXEL Device off and on. 5 If the problem continues, contact the vendor. P-2602H(W)(L)-DxA User’s Guide Troubleshooting Section 1.5 on page...
Page 362: Zyxel Device Access And Login
(Section 8.4.1 on page 111), make sure your computer is in the Appendix B on page 381. Your ZyXEL Device is a DHCP Appendix B on page Section 1.6 Section 1.6 107), use the new IP address. 381. P-2602H(W)(L)-DxA User’s Guide...
Page 363 See the troubleshooting suggestions for configurator. Ignore the suggestions about your browser. P-2602H(W)(L)-DxA User’s Guide Section 1.6 on page I cannot see or access the Login screen in the web I cannot see or access the Login screen in the web...
Page 364: Internet Access
Advanced Suggestions • Check the settings for bandwidth management. If it is disabled, you might consider activating it. If it is enabled, you might consider changing the allocations. Section 1.5 on page Section 1.5 on page P-2602H(W)(L)-DxA User’s Guide Section 1.5...
Page 365: Phone Calls And Voip
For example, if you set Phone 1 to use SIP account 1 and set Phone 2 to use SIP account 2, then you can use Phone 1 to call to SIP account 2's SIP number or Phone 2 to call to SIP account 1's SIP number. P-2602H(W)(L)-DxA User’s Guide Chapter 29 Troubleshooting...
Page 366: Problems With Multiple Sip Accounts
SIP account 1. Similarly, every time you place a call through phone port 2, you are using your SIP account 2. To apply these configuration changes you need to configure the Analog Phone screen. See Figure 221 Outgoing Calls: Individual Configuration Section 11.8 on page 161. P-2602H(W)(L)-DxA User’s Guide...
Page 367: Incoming Calls
SIP account 2, the phone connected to phone port 2 rings. To apply these configuration changes you need to configure the Analog Phone screen. See on page 161. Figure 223 Incoming Calls: Individual Configuration P-2602H(W)(L)-DxA User’s Guide Chapter 29 Troubleshooting Section 11.8...
Page 368 Chapter 29 Troubleshooting P-2602H(W)(L)-DxA User’s Guide...
Page 369: Appendices And Index
Appendices and Index Product Specifications (371) Setting up Your Computer’s IP Address (381) Pop-up Windows, JavaScripts and Java Permissions (393) IP Addresses and Subnetting (399) Wireless LANs (407) Services (417) Command Interpreter (421) Internal SPTGEN (425) Legal Information (449) Customer Support (453) Index (457)
Page 371: Appendix A Product Specifications
DHCP Server IP Pool Static DHCP Addresses Content Filtering Static Routes Device Management P-2602H(W)(L)-DxA User’s Guide (168 W) x (37 D) x (248 H) mm 390g 18VAC 1A Four auto-negotiating, auto MDI/MDI-X 10/100 Mbps RJ-45 Ethernet ports 2 RJ-11 FXS POTS ports.
Page 372 This allows you to decide whether a service (HTTP or FTP traffic for example) from a computer on a network (LAN or WAN for example) can access the ZyXEL Device. P-2602H(W)(L)-DxA User’s Guide...
Page 373 (RFC2516) Other PPPoE Features Dynamic DNS Support P-2602H(W)(L)-DxA User’s Guide Once you connect and turn on the device, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes.
Page 374 PPP (Point-to-Point Protocol) link layer protocol Transparent bridging for unsupported network layer protocols RIP I/RIP II ICMP ATM QoS SNMP v1 and v2c with MIB II support (RFC 1213) IP Multicasting IGMP v1 and v2 IGMP Proxy P-2602H(W)(L)-DxA User’s Guide...
Page 375: Voice Specifications
To take full advantage of the supplementary phone services available through the ZyXEL Device's phone ports, you may need to subscribe to the services from your VoIP service provider. P-2602H(W)(L)-DxA User’s Guide Embedded Web Configurator CLI (Command Line Interpreter) SNMP v1 & v2c with MIB II...
Page 376: Table 168 Voice Features
“####” to place a call to the phone(s) connected to the other port. If your service provider uses an auto provisioning server, you need to enter a personal identification number (supplied by your service provider) before you first use the feature. P-2602H(W)(L)-DxA User’s Guide...
Page 377 Quality of Service (QoS) mechanisms help to provide better service on a per- Service) flow basis. Your device supports Type of Service (ToS) tagging and Differentiated Services (DiffServ) tagging. This allows the device to tag voice frames so they can be prioritized over the network. P-2602H(W)(L)-DxA User’s Guide Appendix A Product Specifications...
Page 378: Table 169 Wireless Features
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security standard. Key differences between WPA and WEP are user authentication and improved data encryption. WPA 2 is a wireless security standard that defines stronger encryption, authentication and key management than WPA. P-2602H(W)(L)-DxA User’s Guide...
Page 379: Table 170 Ieee 802.11G
Your device may be prone to RF (Radio Frequency) interference from other 2.4 GHz devices such as microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs. P-2602H(W)(L)-DxA User’s Guide WMM (Wi-Fi MultiMedia) QoS (Quality of Service) allows you to prioritize wireless traffic according to the delivery requirements of individual services.
Page 380: Table 171 P-2602Hwl Series Power Adaptor Specifications
12 Watt max 12 Watt max TUV, CE(EN 60950 -1 ) TUV, CE(EN 60950-1) ADS18B-D 180100 MU18-2180100-B2 AC 100~240Volts/50/60Hz/0.5A AC 100~240Volts/50/60Hz/0.6A DC 18Volts/1A DC 18Volts/1A 12 Watt max 12 Watt max TUV, CE(EN 60950 -1 ) TUV, CE(EN 60950-1) P-2602H(W)(L)-DxA User’s Guide...
Page 381: Appendix B Setting Up Your Computer's Ip Address
If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device's LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window P-2602H(W)(L)-DxA User’s Guide Address...
Page 382: Installing Components
2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. P-2602H(W)(L)-DxA User’s Guide...
Page 383: Figure 225 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
• If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). P-2602H(W)(L)-DxA User’s Guide Appendix B Setting up Your Computer’s IP Address...
Page 384: Verifying Settings
2 In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. 3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP 1 For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. P-2602H(W)(L)-DxA User’s Guide...
Page 385: Figure 227 Windows Xp: Start Menu
2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 228 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-2602H(W)(L)-DxA User’s Guide Appendix B Setting up Your Computer’s IP Address...
Page 386: Figure 229 Windows Xp: Control Panel: Network Connections: Properties
• If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. P-2602H(W)(L)-DxA User’s Guide...
Page 387: Figure 231 Windows Xp: Advanced Tcp/Ip Settings
• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. P-2602H(W)(L)-DxA User’s Guide Appendix B Setting up Your Computer’s IP Address...
Page 388: Figure 232 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Network Connections, right-click a network connection, click Status and then click the Support tab. Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. " and then press [ENTER]. You can ipconfig P-2602H(W)(L)-DxA User’s Guide...
Page 389: Figure 233 Macintosh Os 8/9: Apple Menu
Figure 233 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 234 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. P-2602H(W)(L)-DxA User’s Guide Appendix B Setting up Your Computer’s IP Address...
Page 390: Macintosh Os X
2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. P-2602H(W)(L)-DxA User’s Guide...
Page 391: Figure 236 Macintosh Os X: Network
5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. P-2602H(W)(L)-DxA User’s Guide Appendix B Setting up Your Computer’s IP Address...
Page 392 Appendix B Setting up Your Computer’s IP Address P-2602H(W)(L)-DxA User’s Guide...
Page 393: Internet Explorer Pop-Up Blockers
1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 237 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. P-2602H(W)(L)-DxA User’s Guide...
Page 394: Figure 238 Internet Options: Privacy
Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. P-2602H(W)(L)-DxA User’s Guide...
Page 395: Figure 239 Internet Options: Privacy
3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 240 Pop-up Blocker Settings P-2602H(W)(L)-DxA User’s Guide Appendix C Pop-up Windows, JavaScripts and Java Permissions...
Page 396: Figure 241 Internet Options: Security
3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. P-2602H(W)(L)-DxA User’s Guide...
Page 397: Java Permissions
3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 243 Security Settings - Java P-2602H(W)(L)-DxA User’s Guide Appendix C Pop-up Windows, JavaScripts and Java Permissions...
Page 398: Figure 244 Java (Sun)
1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 244 Java (Sun) P-2602H(W)(L)-DxA User’s Guide...
Page 399: Appendix D Ip Addresses And Subnetting
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. P-2602H(W)(L)-DxA User’s Guide...
Page 400: Figure 245 Network Number And Host Id
For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. OCTET: OCTET: OCTET: (192) (168) 11000000 10101000 00000001 11111111 11111111 11111111 11000000 10101000 00000001 P-2602H(W)(L)-DxA User’s Guide 4TH OCTET 00000010 00000000 00000010...
Page 401: Table 173 Subnet Masks
255.255.255.128. The following table shows some possible subnet masks using both notations. Table 175 Alternative Subnet Mask Notation ALTERNATIVE SUBNET MASK NOTATION 255.255.255.0 255.255.255.128 P-2602H(W)(L)-DxA User’s Guide Appendix D IP Addresses and Subnetting 4TH OCTET OCTET OCTET 00000000 00000000 00000000...
Page 402: Figure 246 Subnetting Example: Before Subnetting
192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub- networks, A and B. ALTERNATIVE LAST OCTET NOTATION (BINARY) 1100 0000 1110 0000 1111 0000 1111 1000 1111 1100 LAST OCTET (DECIMAL) P-2602H(W)(L)-DxA User’s Guide...
Page 403: Figure 247 Subnetting Example: After Subnetting
IP Address (Decimal) IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.63 P-2602H(W)(L)-DxA User’s Guide Appendix D IP Addresses and Subnetting - 2 or 62 hosts for each subnet (a host ID of all NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111.
Page 404: Table 177 Subnet 2
Highest Host ID: 192.168.1.190 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111. Lowest Host ID: 192.168.1.193 Highest Host ID: 192.168.1.254 LAST FIRST ADDRESS ADDRESS P-2602H(W)(L)-DxA User’s Guide LAST OCTET BIT VALUE 01000000 11000000 LAST OCTET BIT VALUE 10000000 11000000 LAST OCTET BIT VALUE...
Page 405: Table 181 24-Bit Network Number Subnet Planning
The following table is a summary for subnet planning on a network with a 16-bit network number. Table 182 16-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS P-2602H(W)(L)-DxA User’s Guide Appendix D IP Addresses and Subnetting LAST FIRST ADDRESS ADDRESS SUBNET MASK NO.
Page 406: Configuring Ip Addresses
For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. SUBNET MASK NO. SUBNETS 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 NO. HOSTS PER SUBNET P-2602H(W)(L)-DxA User’s Guide...
Page 407: Wireless Lan Topologies
A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless station A and B can still access the wired network but cannot communicate with each other. P-2602H(W)(L)-DxA User’s Guide Wireless LANs...
Page 408: Figure 249 Basic Service Set
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless stations within the same ESS must have the same ESSID in order to communicate. P-2602H(W)(L)-DxA User’s Guide...
Page 409: Figure 250 Infrastructure Wlan
(AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. P-2602H(W)(L)-DxA User’s Guide Appendix E Wireless LANs...
Page 410: Fragmentation Threshold
AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. P-2602H(W)(L)-DxA User’s Guide...
Page 411: Preamble Type
It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: P-2602H(W)(L)-DxA User’s Guide MODULATION DBPSK (Differential Binary Phase Shift Keyed)
Page 412: Types Of Radius Messages
The following types of RADIUS messages are exchanged between the access point and the RADIUS server for user accounting: • Accounting-Request Sent by the access point requesting accounting. • Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting. P-2602H(W)(L)-DxA User’s Guide...
Page 413: Types Of Authentication
For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2. P-2602H(W)(L)-DxA User’s Guide Appendix E Wireless LANs...
Page 414: Dynamic Wep Key Exchange
User Authentication WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless stations using an external RADIUS database. EAP-MD5 EAP-TLS EAP-TTLS Optional None Strong Strong Easy Hard Moderate P-2602H(W)(L)-DxA User’s Guide PEAP LEAP Optional Strong Moderate Moderate Moderate...
Page 415: Security Parameters Summary
Authentication Method/ key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 185 Wireless Security Relational Matrix AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL Open Open P-2602H(W)(L)-DxA User’s Guide ENCRYPTIO ENTER ENABLE IEEE 802.1X N METHOD MANUAL KEY None Enable with Dynamic WEP Key...
Page 416 Appendix E Wireless LANs Table 185 Wireless Security Relational Matrix (continued) AUTHENTICATION METHOD/ KEY MANAGEMENT PROTOCOL Shared WPA-PSK WPA-PSK ENCRYPTIO ENTER ENABLE IEEE 802.1X N METHOD MANUAL KEY Enable with Dynamic WEP Key Enable without Dynamic WEP Disable TKIP TKIP P-2602H(W)(L)-DxA User’s Guide...
Page 417: Appendix F Services
AUTH BOOTP_CLIENT BOOTP_SERVER CU-SEEME TCP/UDP TCP/UDP TCP/UDP User-Defined (IPSEC_TUNNEL) FINGER P-2602H(W)(L)-DxA User’s Guide Services PORT(S) DESCRIPTION The IPSEC AH (Authentication Header) tunneling protocol uses this service. 5190 AOL’s Internet Messenger service. Authentication protocol used by some servers. Border Gateway Protocol.
Page 418 POP3 server through a temporary connection (TCP/IP or other). This is a more secure version of POP3 that runs over SSL. 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel. P-2602H(W)(L)-DxA User’s Guide...
Page 419 SNMP-TRAPS TCP/UDP SQL-NET SSDP TCP/UDP STRM WORKS SYSLOG TACACS TELNET P-2602H(W)(L)-DxA User’s Guide Appendix F Services PORT(S) DESCRIPTION PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel. Remote Command Service. 7070 A streaming audio service that enables real time sound over the web.
Page 420 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). 7000 A videoconferencing solution. The UDP port number is specified in the application. user- defined P-2602H(W)(L)-DxA User’s Guide...
Page 421: Command Syntax
Type exit to leave the commands when finished. Log Commands This section provides some general examples of how to use the log commands. The items that dispay with your device may vary but the basic function should be the same. P-2602H(W)(L)-DxA User’s Guide Command Interpreter...
Page 422: Displaying Logs
1 Use the sys logs load configure which logs the ZyXEL Device is to record. 2 Use sys logs category Figure 252 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ? Valid commands are: wlan radius ras>...
Page 423: Log Command Example
RWARD Router reply ICMP packet: ICMP(type:3, code:1) 10|01/01/2000 09:40:04 |192.168.1.33:1199 RWARD Firewall default policy: TCP (L to W) 11|01/01/2000 09:40:04 |192.168.1.1:53 RWARD none: UDP P-2602H(W)(L)-DxA User’s Guide Appendix G Command Interpreter destination notes |192.168.1.33:1 |ACCESS FO |192.168.1.33:1 |ACCESS FO |192.168.1.33:1 |ACCESS FO |207.69.188.186:110...
Page 424 Appendix G Command Interpreter P-2602H(W)(L)-DxA User’s Guide...
Page 425: The Configuration Text File Format
DO NOT alter or delete any field except parameters in the Input column. This appendix introduces Internal SPTGEN. All menus shown in this appendix are example menus meant to show SPTGEN usage. Actual menus for your product may differ. P-2602H(W)(L)-DxA User’s Guide Internal SPTGEN parameter values allowed <0(No)| 1(Yes)>...
Page 426: Internal Sptgen Ftp Download Example
” sets the transfer mode to binary. ” transfers files from the ZyXEL Device to your ” is the configuration filename on the ZyXEL Device. rom-t " file using a text editor (do not use a word processor). You must leave Figure P-2602H(W)(L)-DxA User’s Guide...
Page 427: Figure 257 Internal Sptgen Ftp Download Example
Table 187 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Field Identification Number Field Name P-2602H(W)(L)-DxA User’s Guide ” file when you save it to your computer but it rom-t ” when you upload it to your ZyXEL Device. ” sets the transfer mode to binary.
Page 428: Table 188 Menu 1 General Setup
<0(No) | 1(Yes)> <Str> = Your Device <Str> <Str> <0(No) | 1(Yes)> <0(No) | 1(Yes)> <0(None) | 1(Server) | 2(Relay)> P-2602H(W)(L)-DxA User’s Guide INPUT = 256 = 256 = 256 = 256 = 256 = 256 = 256 = 256...
Page 429 IP Alias #1 Incoming protocol filters Set 3 30201009 = IP Alias #1 Incoming protocol filters Set 4 30201010 = IP Alias #1 Outgoing protocol filters Set 1 P-2602H(W)(L)-DxA User’s Guide Appendix H Internal SPTGEN 192.168.1.33 = 32 = 0.0.0.0 = 0.0.0.0 = 0.0.0.0 172.21.2.200 = 16 <0(None) |...
Page 430 = 256 = 256 = 256 = 256 = 256 = 256 INPUT Wireless <0(No) | 1(Yes)> <1|2|3|4|5|6| 7|8|9|10|11|1 2|13> <0 ~ 2432> = 2432 <256 ~ 2432> = 2432 <0(DISABLE) | 1(64-bit WEP) | 2(128-bit WEP)> P-2602H(W)(L)-DxA User’s Guide...
Page 431: Table 190 Menu 4 Internet Access Setup
40000000 = Configured 40000001 = 40000002 = Active 40000003 = ISP's Name 40000004 = Encapsulation 40000005 = Multiplexing P-2602H(W)(L)-DxA User’s Guide Appendix H Internal SPTGEN <1|2|3|4> = 0 <0(Disable) | 1(Enable)> INPUT <0(No) | 1(Yes)> <0(Allow) | 1(Deny)> 00:00:00:00: 00:00...
Page 432 = 256 = 256 = 256 = 256 = 256 = 256 <0(No) | 1(Yes)> <0(No) | 1(Yes)> <0(CBR) | (1 (UBR)> <0(None) | 1(Both) | 2(In Only) | 3(Out Only)> <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> <0(No) |1(Yes)> P-2602H(W)(L)-DxA User’s Guide...
Page 433 IP Static Route set #4, Active 120104003 = IP Static Route set #4, Destination IP address 120104004 = IP Static Route set #4, Destination IP subnetmask P-2602H(W)(L)-DxA User’s Guide Appendix H Internal SPTGEN INPUT <Str> <0(No) |1(Yes)> = 0.0.0.0 = 0.0.0.0 <0(No) |1(Yes)>...
Page 434: Table 191 Menu 12
<0(No) |1(Yes)> INPUT <Str> <0(No) |1(Yes)> = 0.0.0.0 = 0.0.0.0 <0(No) |1(Yes)> INPUT <Str> <0(No) |1(Yes)> = 0.0.0.0 = 0.0.0.0 <0(No) |1(Yes)> INPUT <Str> <0(No) |1(Yes)> = 0.0.0.0 = 0.0.0.0 <0(No) |1(Yes)> INPUT <Str> <0(No) |1(Yes)> = 0.0.0.0 P-2602H(W)(L)-DxA User’s Guide...
Page 435 IP Static Route set #11, Private */ Menu 12.1.12 IP Static Route Setup 120112001 = IP Static Route set #12, Name 120112002 = IP Static Route set #12, Active P-2602H(W)(L)-DxA User’s Guide Appendix H Internal SPTGEN = 0.0.0.0 <0(No) |1(Yes)> INPUT <Str>...
Page 436 = 0.0.0.0 = 0.0.0.0 <0(No) |1(Yes)> INPUT <Str> <0(No) |1(Yes)> = 0.0.0.0 = 0.0.0.0 <0(No) |1(Yes)> INPUT <Str> <0(No) |1(Yes)> = 0.0.0.0 = 0.0.0.0 <0(No) |1(Yes)> INPUT <Str> <0(No) |1(Yes)> = 0.0.0.0 = 0.0.0.0 <0(No) |1(Yes)> INPUT P-2602H(W)(L)-DxA User’s Guide...
Page 437: Table 192 Menu 15 Sua Server Setup
SUA Server #5 Port Start 150000020 = SUA Server #5 Port End 150000021 = SUA Server #5 Local IP address 150000022 = SUA Server #6 Active P-2602H(W)(L)-DxA User’s Guide Appendix H Internal SPTGEN <Str> <0(No) |1(Yes)> = 0.0.0.0 = 0.0.0.0 <0(No) |1(Yes)>...
Page 438 = 0.0.0.0 <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> = 0.0.0.0 <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> = 0.0.0.0 <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> = 0.0.0.0 <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> = 0.0.0.0 <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)> = 0.0.0.0 P-2602H(W)(L)-DxA User’s Guide...
Page 439: Table 193 Menu 21.1 Filter Set #1
210102006 = IP Filter Set 1,Rule 2 Dest Port 210102007 = IP Filter Set 1,Rule 2 Dest Port Comp 210102008 = IP Filter Set 1,Rule 2 Src IP address P-2602H(W)(L)-DxA User’s Guide Appendix H Internal SPTGEN INPUT <Str> INPUT <2(TCP/IP)>...
Page 440 <1(check next)|2(forward)| 3(drop)> <1(check next)|2(forward)| 3(drop)> INPUT <2(TCP/IP)> <0(No)|1(Yes)> = 0.0.0.0 = 139 <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0.0.0.0 <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> <1(check next)|2(forward)| 3(drop) <1(check next)|2(forward)| 3(drop) INPUT <2(TCP/IP)> <0(No)|1(Yes)> = 17 = 0.0.0.0 P-2602H(W)(L)-DxA User’s Guide...
Page 441 210105011 = IP Filter Set 1,Rule 5 Src Port Comp 210105013 = IP Filter Set 1,Rule 5 Act Match 210105014 = IP Filter Set 1,Rule 5 Act Not Match P-2602H(W)(L)-DxA User’s Guide Appendix H Internal SPTGEN = 137 <0(none)|1(equal) |2(not equal)|3(less)|4( greater)>...
Page 442: Table 194 Menu 21.1 Filer Set #2
IP Filter Set 2, Rule 1 Dest Port INPUT <2(TCP/IP)> <0(No)|1(Yes)> = 17 = 0.0.0.0 = 139 <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> = 0.0.0.0 <0(none)|1(equal) |2(not equal)|3(less)|4( greater)> <1(check next)|2(forward)| 3(drop)> <1(check next)|2(forward)| 3(drop)> INPUT <Str> NetBIOS_WAN INPUT <0(none)|2(TCP/ IP)> <0(No)|1(Yes)> = 0.0.0.0 = 137 P-2602H(W)(L)-DxA User’s Guide...
Page 443 IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port Comp 210202013 = IP Filter Set 2, Rule 2 Act Match P-2602H(W)(L)-DxA User’s Guide Appendix H Internal SPTGEN <0(none)|1(equal)| 2(not equal)|3(less)|4(g reater)> = 0.0.0.0 <0(none)|1(equal)|...
Page 444 INPUT <0(none)|2(TCP/ IP)> <0(No)|1(Yes)> = 0.0.0.0 = 139 <0(none)|1(equal)| 2(not equal)|3(less)|4(g reater)> = 0.0.0.0 <0(none)|1(equal)| 2(not equal)|3(less)|4(g reater)> <1(check next)|2(forward)|3 (drop)> <1(check next)|2(forward)|3 (drop)> INPUT <0(none)|2(TCP/ IP)> <0(No)|1(Ye s)> = 1 = 17 = 0.0.0.0 = 137 P-2602H(W)(L)-DxA User’s Guide...
Page 445 IP Filter Set 2, Rule 5 Src Port 210205011 = IP Filter Set 2, Rule 5 Src Port Comp 210205013 = IP Filter Set 2, Rule 5 Act Match P-2602H(W)(L)-DxA User’s Guide Appendix H Internal SPTGEN <0(none)|1(equal)| 2(not equal)|3(less)|4(g reater)>...
Page 446: Table 195 Menu 23 System Menus
<0(none)|2(TCP/ IP)> <0(No)|1(Yes)> = 17 = 0.0.0.0 = 139 <0(none)|1(equal)| 2(not equal)|3(less)|4(g reater)> = 0.0.0.0 <0(none)|1(equal)| 2(not equal)|3(less)|4(g reater)> <1(check next)|2(forward)|3 (drop)> <1(check next)|2(forward)|3 (drop)> <0(all)|1(none)|2( Lan)|3(Wan)> = 0.0.0.0 = 80 <0(all)|1(none)|2( Lan) |3(Wan)> = 0.0.0.0 INPUT P-2602H(W)(L)-DxA User’s Guide...
Page 447 230400008 = WPA Mixed Mode 230400009 = Data Privacy for Broadcast/ Multicast packets 230400010 = WPA Broadcast/Multicast Key Update Timer P-2602H(W)(L)-DxA User’s Guide Appendix H Internal SPTGEN = 1234 INPUT <0(No) | 1(Yes)> <0(No) | 1(Yes)> 192.168.1.32 = 1822 111111111111...
Page 448: Table 196 Menu 24.11 Remote Management Control
/ci command (for annex B): wan adsl opencmd 990000001 = ADSL OPMD INPUT = 23 <0(all)|1(none)|2( Lan)|3(Wan)> = 0.0.0.0 = 21 <0(all)|1(none)|2( Lan)|3(Wan)> = 0.0.0.0 = 80 <0(all)|1(none)|2( Lan) |3(Wan)> = 0.0.0.0 INPUT INPUT <0(glite)|1(t1.413 )|2(gdmt)|3(multim ode)> INPUT <0(etsi)|1(normal) |2(gdmt)|3(multimo de)> P-2602H(W)(L)-DxA User’s Guide...
Page 449: Appendix I Legal Information
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 450: Fcc Radiation Exposure Statement
This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. P-2602H(W)(L)-DxA User’s Guide...
Page 451: Zyxel Limited Warranty
Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-2602H(W)(L)-DxA User’s Guide Appendix I Legal Information...
Page 452 Appendix I Legal Information P-2602H(W)(L)-DxA User’s Guide...
Page 453: Appendix J Customer Support
José, Costa Rica Czech Republic • E-mail: info@cz.zyxel.com • Telephone: +420-241-091-350 • Fax: +420-241-091-359 • Web Site: www.zyxel.cz • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika P-2602H(W)(L)-DxA User’s Guide Customer Support...
Page 454 • Support E-mail: support@zyxel.fi • Sales E-mail: sales@zyxel.fi • Telephone: +358-9-4780-8411 • Fax: +358-9-4780 8448 • Web Site: www.zyxel.fi • Regular Mail: ZyXEL Communications Oy, Malminkaari 10, 00700 Helsinki, Finland France • E-mail: info@zyxel.fr • Telephone: +33-4-72-52-97-97 • Fax: +33-4-72-52-19-20 •...
Page 455 • Sales E-mail: sales@zyxel.com • Telephone: +1-800-255-4101, +1-714-632-0882 • Fax: +1-714-632-0858 • Web Site: www.us.zyxel.com • FTP Site: ftp.us.zyxel.com • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no •...
Page 456 Appendix J Customer Support • Web Site: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • Support E-mail: support@zyxel.se • Sales E-mail: sales@zyxel.se • Telephone: +46-31-744-7700 • Fax: +46-31-744-7701 • Web Site: www.zyxel.se • Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden Ukraine •...
Page 457: Index
192, 373 backup backup type bandwidth management bandwidth manager class configuration bandwidth manager monitor P-2602H(W)(L)-DxA User’s Guide bandwidth manager summary basic wireless security blocking time brute-force attack, BW budget BYE request CA (Certification Authority) call fallback...
Page 458 299, 373 Dynamic Host Configuration Protocol dynamic jitter buffer dynamic secure gateway address dynamic WEP key exchange DYNDNS wildcard EAP authentication EAP-MD5 echo cancellation 161, 377 e-mail log example emergency numbers encapsulated routing link protocol (ENET ENCAP) P-2602H(W)(L)-DxA User’s Guide...
Page 459 141, 306 file upload FTP restrictions P-2602H(W)(L)-DxA User’s Guide G.168 161, 377 G.711 G.726 G.729 G.992.1 G.992.3 G.992.4 G.992.5 general setup group ring 172, 376...
Page 460 Message Integrity Check (MIC) metric multicast multimedia multiple PVC support multiple SIP accounts multiple voice channels multiplexing LLC-based VC-based multiprotocol encapsulation music on hold my IP address 93, 105 96, 101 P-2602H(W)(L)-DxA User’s Guide...
Page 461 96, 101 peer call authentication, VoIP trunking peer IP peer port peer-to-peer calls Perfect Forward Secrecy per-hop behavior Permanent Virtual Circuits P-2602H(W)(L)-DxA User’s Guide PHB (Per-Hop Behavior) phone phone config phone functions pickup pincode ping of death PKI (Public-Key Infrastructure)
Page 462 SIP proxy server SIP redirect server SIP register server SIP server address SIP servers SIP service domain SIP URI SIP user agent SIP version 2 SMTP error messages smurf 160, 377 148, 378 148, 378 73, 149 73, 150 P-2602H(W)(L)-DxA User’s Guide...
Page 463 Temporal Key Integrity Protocol (TKIP) TFTP file upload TFTP and FTP over WAN TFTP restrictions three-way conference 166, 167 three-way handshake threshold values P-2602H(W)(L)-DxA User’s Guide traceroute trademarks traffic redirect traffic shaping transparent bridging transport mode trunking trunking, VoIP trusted CAs, and certificates...
Page 464 WEP (Wired Equivalent Privacy) WEP encryption Wi-Fi Protected Access (WPA) wireless LAN MAC address filtering WLAN interference security parameters zero configuration Internet access ZyNOS ZyNOS (ZyXEL Network Operating System) ZyNOS F/W version ZyXEL’s firewall introduction 97, 373 P-2602H(W)(L)-DxA User’s Guide...
Page 465 Index P-2602H(W)(L)-DxA User’s Guide...

This manual is also suitable for:

P-2602hw P-2602hw-d1a P-2602hw-d3a P-2602hw-d7a P-2602hwl-d1a P-2602hwl-d3a ... Show all