Page 1 P-2602HWLNI Series 802.11g Wireless ADSL2+ 4-Port VoIP IAD User’s Guide Version 3.40 9/2007 Edition 2 DEFAULT LOGIN IP Address Administrator Name Administrator Password User Name User Password http://192.168.1.1 admin admin user 1234 www.zyxel.com...
Page 3: About This User's Guide
Help us help you. Send all User Guide-related comments, questions or suggestions for improvement to the following address, or use e-mail instead. Thank you! The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. E-mail: techwriters@zyxel.com.tw P-2602HWLNI User’s Guide About This User's Guide...
Page 4: Document Conventions
Syntax Conventions • The P-2602HWLNI may be referred to as the “ZyXEL Device”, the “device”, the “system” or the “product” in this User’s Guide. • Product labels, screen names, field labels and field choices are all in bold font.
Page 5 Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The ZyXEL Device icon is not an exact representation of your device. ZyXEL Device Server Telephone P-2602HWLNI User’s Guide Computer Notebook computer DSLAM Firewall Switch...
Page 6: Safety Warnings
• Use only No. 26 AWG (American Wire Gauge) or larger telecommunication line cord. • Antenna Warning! This device meets ETSI and FCC certification requirements when using the included antenna(s). Only use the included antenna(s). This product is recyclable. Dispose of it properly. Safety Warnings P-2602HWLNI User’s Guide...
Page 7 Safety Warnings P-2602HWLNI User’s Guide...
Page 8 Safety Warnings P-2602HWLNI User’s Guide...
Page 9: Table Of Contents
VPN Screens ... 275 Certificates ... 301 Advanced ... 325 Static Route ... 327 Bandwidth Management ... 331 Dynamic DNS Setup ... 339 Remote Management Configuration ... 343 Universal Plug-and-Play (UPnP) ... 361 P-2602HWLNI User’s Guide Contents Overview Contents Overview...
Page 10 Contents Overview Maintenance and Troubleshooting ... 373 System ... 375 Call History ... 381 Logs ... 387 Troubleshooting ... 401 Tools ... 407 Diagnostic ... 419 Product Specifications ... 423 Appendices and Index ... 433 P-2602HWLNI User’s Guide...
Page 11: Table Of Contents
2.1 Web Configurator Overview ... 49 2.1.1 Accessing the Web Configurator ... 49 2.2 Login Types ... 50 2.2.1 User Access ... 50 2.2.2 Administrator Access ... 50 2.3 Web Configurator Main Screen ... 52 P-2602HWLNI User’s Guide Table of Contents Table of Contents...
Page 12 6.2 Any IP Table ... 91 6.3 WLAN Status ... 92 6.4 Packet Statistics ... 92 6.5 VoIP Statistics ... 94 6.6 LED Status ... 96 Part III: Network... 99 Chapter 7 WAN Setup... 101 7.1 WAN Overview ... 101 P-2602HWLNI User’s Guide...
Page 13 Wireless LAN... 129 9.1 Wireless Network Overview ... 129 9.2 Wireless Security Overview ... 130 9.2.1 SSID ... 130 9.2.2 MAC Address Filter ... 130 9.2.3 User Authentication ... 130 9.2.4 Encryption ... 131 P-2602HWLNI User’s Guide Table of Contents...
Page 14 10.4.3 Configuring Servers Behind Port Forwarding (Example) ... 160 10.5 Configuring Port Forwarding ... 161 10.5.1 Port Forwarding Rule Edit ... 162 10.6 Address Mapping ... 163 10.6.1 Address Mapping Rule Edit ... 164 Part IV: VoIP ... 167 P-2602HWLNI User’s Guide...
Page 15 11.14 Phone Services Overview ... 194 11.14.1 The Flash Key ... 195 11.14.2 Europe Type Supplementary Phone Services ... 195 11.14.3 USA Type Supplementary Services ... 196 11.15 Phone Region Screen ... 198 11.16 Speed Dial ... 198 P-2602HWLNI User’s Guide Table of Contents...
Page 16 Phone Usage ... 227 13.1 Dialing a Telephone Number ... 227 13.2 Using Speed Dial to Dial a Telephone Number ... 227 13.3 Internal Calls ... 227 13.3.1 Phone Book ... 228 13.3.2 Call Transfer ... 228 P-2602HWLNI User’s Guide...
Page 17 15.2 General Firewall Policy Overview ... 245 15.3 Rule Logic Overview ... 246 15.3.1 Rule Checklist ... 246 15.3.2 Security Ramifications ... 246 15.3.3 Key Fields For Configuring Rules ... 247 15.4 Connection Direction ... 247 P-2602HWLNI User’s Guide Table of Contents...
Page 18 17.4 IPSec and NAT ... 272 Chapter 18 VPN Screens... 275 18.1 VPN/IPSec Overview ... 275 18.2 IPSec Algorithms ... 275 18.2.1 AH (Authentication Header) Protocol ... 275 18.2.2 ESP (Encapsulating Security Payload) Protocol ... 275 18.3 My IP Address ... 276 P-2602HWLNI User’s Guide...
Page 19 19.10 Trusted CA Details ... 314 19.11 Trusted Remote Hosts ... 316 19.12 Verifying a Trusted Remote Host’s Certificate ... 318 19.12.1 Trusted Remote Host Certificate Fingerprints ... 318 19.13 Trusted Remote Hosts Import ... 319 P-2602HWLNI User’s Guide Table of Contents...
Page 20 23.1.1 Remote Management Limitations ... 344 23.1.2 Remote Management and NAT ... 344 23.1.3 System Timeout ... 344 23.2 Introduction to HTTPS ... 345 23.3 HTTP ... 346 23.4 Telnet ... 347 23.5 Configuring Telnet ... 347 ... 319 P-2602HWLNI User’s Guide...
Page 21 25.1.1 General Setup ... 375 25.2 Time Setting ... 377 Chapter 26 Call History ... 381 26.1 Call History Overview ... 381 26.2 Viewing the Call History Summary ... 381 26.3 Viewing Call History ... 382 P-2602HWLNI User’s Guide Table of Contents...
Page 22 29.9 FTP and TFTP Firmware and Configuration File Uploads ... 416 29.9.1 FTP File Upload Command from the DOS Prompt Example ... 417 29.9.2 FTP Session Example of Firmware File Upload ... 417 29.9.3 TFTP File Upload ... 417 ... 409 ... 416 P-2602HWLNI User’s Guide...
Page 23 Appendix B Pop-up Windows, JavaScripts and Java Permissions ... 447 Appendix C IP Addresses and Subnetting ... 453 Appendix D Wireless LANs ... 461 Appendix E Services ... 475 Appendix F Legal Information ... 479 Appendix G Customer Support ... 483 Index... 489 P-2602HWLNI User’s Guide Table of Contents...
Page 24 Table of Contents P-2602HWLNI User’s Guide...
Page 25: List Of Figures
Figure 33 Wizard: Welcome ... 79 Figure 34 SIP Server Profile Selection ... 79 Figure 35 VoIP Wizard Configuration ... 80 Figure 36 SIP Registration Test ... 81 Figure 37 VoIP Wizard Fail ... 81 Figure 38 VoIP Wizard Finish ... 81 P-2602HWLNI User’s Guide...
Page 26 Figure 77 OTIST: In Progress on the ZyXEL Device ... 142 Figure 78 OTIST: In Progress on the Wireless Device ... 143 Figure 79 Start OTIST? ... 143 Figure 80 MAC Address Filter ... 144 Figure 81 Wireless LAN: Association List ... 145 P-2602HWLNI User’s Guide...
Page 27 Figure 121 PSTN Phone To VoIP Phone ... 214 Figure 122 PSTN Phone To PSTN Phone via VoIP ... 214 Figure 123 VoIP > Trunking > General ... 214 Figure 124 VoIP > Trunking > Peer Call ... 216 P-2602HWLNI User’s Guide...
Page 28 Figure 163 Advanced VPN Policies ... 290 Figure 164 VPN: Manual Key ... 293 Figure 165 VPN: SA Monitor ... 296 Figure 166 VPN: Global Setting ... 297 Figure 167 Telecommuters Sharing One VPN Rule Example ... 298 P-2602HWLNI User’s Guide...
Page 29 Figure 206 SSH Example 1: Store Host Key ... 357 Figure 207 SSH Example 2: Test ... 358 Figure 208 SSH Example 2: Log in ... 358 Figure 209 Secure FTP: Firmware Upload Example ... 359 Figure 210 Configuring UPnP ... 362 P-2602HWLNI User’s Guide...
Page 30 Figure 249 WIndows 95/98/Me: Network: Configuration ... 436 Figure 250 Windows 95/98/Me: TCP/IP Properties: IP Address ... 437 Figure 251 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ... 438 Figure 252 Windows XP: Start Menu ... 439 Figure 253 Windows XP: Control Panel ... 439 P-2602HWLNI User’s Guide...
Page 31 Figure 273 Peer-to-Peer Communication in an Ad-hoc Network ... 461 Figure 274 Basic Service Set ... 462 Figure 275 Infrastructure WLAN ... 463 Figure 276 RTS/CTS ... 464 Figure 277 WPA(2) with RADIUS Application Example ... 471 Figure 278 WPA(2)-PSK Authentication ... 472 P-2602HWLNI User’s Guide...
Page 32 List of Figures P-2602HWLNI User’s Guide...
Page 33: List Of Tables
Table 34 Types of Encryption for Each Type of Authentication ... 131 Table 35 Additional Wireless Terms ... 133 Table 36 Wireless LAN: General ... 134 Table 37 Wireless No Security ... 135 Table 38 Wireless: Static WEP Encryption ... 136 P-2602HWLNI User’s Guide...
Page 34 Table 77 PSTN Line > General ... 207 Table 78 ISDN Line > General ... 207 Table 79 VoIP > Fixed Line Numbers Screen ... 210 Table 80 Matching Incoming and Outgoing Authentication ... 212 Table 81 Call Rules ... 213 P-2602HWLNI User’s Guide...
Page 35 Table 119 My Certificate Details ... 310 Table 120 Trusted CAs ... 312 Table 121 Trusted CA Import ... 313 Table 122 Trusted CA Details ... 315 Table 123 Trusted Remote Hosts ... 317 Table 124 Trusted Remote Host Import ... 319 P-2602HWLNI User’s Guide...
Page 36 Table 162 PPP Logs ... 395 Table 163 UPnP Logs ... 395 Table 164 Content Filtering Logs ... 395 Table 165 Attack Logs ... 395 Table 166 802.1X Logs ... 396 Table 167 ACL Setting Notes ... 397 P-2602HWLNI User’s Guide...
Page 37 Table 200 IEEE 802.11g ... 465 Table 201 Wireless Security Levels ... 466 Table 202 Comparison of EAP Authentication Types ... 469 Table 203 Wireless Security Relational Matrix ... 472 Table 204 Examples of Services ... 475 P-2602HWLNI User’s Guide...
Page 38 List of Tables P-2602HWLNI User’s Guide...
Page 39: Introduction
Introduction Introducing the ZyXEL Device (41) Introducing the Web Configurator (49)
Page 41: Introducing The Zyxel Device
• “I” denotes the ISDN (Integrated Services Digital Network) line feature. A device that includes both “L” and “I” in the model name can support either a PSTN line or a ISDN line, but not both at the same time. P-2602HWLNI User’s Guide...
Page 42: Ways To Manage The Zyxel Device
If you forget your password, you will have to reset the ZyXEL Device to its factory default settings. If you backed up an earlier configuration file, you would not have to totally re-configure the ZyXEL Device. You could simply restore your last configuration. P-2602HWLNI User’s Guide...
Page 43: Applications For The Zyxel Device
VoIP. Your device then sends your call to the Internet and the ITSP’s SIP server (C). The VoIP call server forwards calls to PSTN phones (E) through a trunking gateway (D) to the PSTN network. The VoIP call server forwards calls to IP phones (F) through the Internet. P-2602HWLNI User’s Guide Chapter 1 Introducing the ZyXEL Device...
Page 44: Make Peer-To-Peer Calls
Your device provides protection from attacks by Internet hackers. By default, the firewall blocks all incoming traffic from the WAN. The firewall supports TCP/UDP inspection and DoS (Denial of Services) detection and prevention, as well as real time alerts, reports and logs. P-2602HWLNI User’s Guide...
Page 45: Lan To Lan Application
1.4.5 LAN to LAN Application You can use your device to connect two geographically dispersed networks over the ADSL line. A typical LAN-to-LAN application is shown as follows. Figure 5 LAN-to-LAN Application P-2602HWLNI User’s Guide Chapter 1 Introducing the ZyXEL Device...
Page 46: Leds
The Ethernet port is not connected. Your device is ready, but is not sending/receiving data through the wireless LAN. Blinking Your device is sending/receiving data through the wireless LAN. The wireless LAN is not ready or has failed. P-2602HWLNI User’s Guide...
Page 47: The Reset Button
To turn the wireless LAN off or on, press the RESET button for one second and release it. The WLAN LED should change from on to off or vice versa. (“W” models only) P-2602HWLNI User’s Guide Chapter 1 Introducing the ZyXEL Device...
Page 48 To set the device back to the factory default settings, press the RESET button for ten seconds or until the POWER LED begins to blink and then release it. When the POWER LED begins to blink, the defaults have been restored and the device restarts. P-2602HWLNI User’s Guide...
Page 49: Introducing The Web Configurator
1 Make sure your ZyXEL Device hardware is properly connected (refer to the Quick Start Guide). 2 Launch your web browser. 3 Type "192.168.1.1" as the URL. 4 A password screen displays. P-2602HWLNI User’s Guide Introducing the Web Configurator if you need to make sure these functions are allowed in Internet...
Page 50: Login Types
Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now. Chapter 2 on page 57 Section 2.2.2 on page P-2602HWLNI User’s Guide for more...
Page 51: Figure 8 Change Password Screen
Select the check box if you always want to go directly to the advanced screens. The main screen appears after you click Apply. See information. • Click Exit if you want to log out. P-2602HWLNI User’s Guide Chapter 2 Introducing the Web Configurator Chapter 3 Section 2.3 on page 52...
Page 52: Web Configurator Main Screen
(default). If this happens, log in again. Figure 10 Wizard or Advanced Screen 2.3 Web Configurator Main Screen Figure 11 Main Screen As illustrated above, the main screen is divided into these parts: P-2602HWLNI User’s Guide...
Page 53: Title Bar
Connections WAN Backup Setup DHCP Setup Client List IP Alias P-2602HWLNI User’s Guide Chapter 2 Introducing the Web Configurator Chapter 2 on page 57 for more information. FUNCTION This screen contains administrative and system-related information. Use this screen to configure ISP parameters, WAN IP address assignment, DNS servers and other advanced properties.
Page 54 ISDN line using Multiple Subscriber Numbers (MSNs). Use this screen to enable trunking on your ZyXEL Device. Use this screen to configure peer device authentication for trunking calls. Use this screen to configure forwarding rules on your ZyXEL Device for trunking calls. P-2602HWLNI User’s Guide...
Page 55 MGMT Rule Setup Monitor Dynamic DNS Dynamic DNS P-2602HWLNI User’s Guide Chapter 2 Introducing the Web Configurator FUNCTION Use this screen to activate/deactivate the firewall and the default action to take on network traffic going in specific directions. This screen shows a summary of the firewall rules, and allows you to edit/ add a firewall rule.
Page 56 This screen allows you to reboot the ZyXEL Device without turning the power off. Use this screen to test the connections to other devices. These screen displays information to help you identify problems with the DSL connection. P-2602HWLNI User’s Guide...
Page 57: Table 5 Available Features
Management Wizard System Statistics Network Wireless LAN VoIP Phone Phone Book PSTN Line ISDN Line P-2602HWLNI User’s Guide Chapter 2 Introducing the Web Configurator FEATURE USER Internet Access Setup More Connections WAN Backup Setup DHCP Setup Client List IP Alias...
Page 58 Keyword Schedule Trusted Setup Monitor VPN Global Setting My Certificates Trusted CAs Trusted Remote Hosts Directory Servers Static Route Rule Setup Monitor Dynamic DNS HTTP Telnet SNMP ICMP General General Time Setting View Log Log Settings ADMINISTRATOR P-2602HWLNI User’s Guide...
Page 59: Main Window
Right after you log in, the Status screen is displayed. See information about the Status screen. 2.3.4 Status Bar Check the status bar when you click Apply or OK to verify that the configuration has been updated. P-2602HWLNI User’s Guide Chapter 2 Introducing the Web Configurator FEATURE USER Summary...
Page 60 Chapter 2 Introducing the Web Configurator P-2602HWLNI User’s Guide...
Page 61: Wizards And Status
Wizards and Status Internet and Wireless Setup Wizard (63) VoIP Wizard (77) Bandwidth Management Wizard (83) Status Screens (87)
Page 63: Internet And Wireless Setup Wizard
1 After you enter the password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( web configurator to go to the wizards. P-2602HWLNI User’s Guide Wizard ) in the top right corner of the...
Page 64: Figure 12 Select A Mode
ISP. See more details. If you would like to skip your Internet setup and configure the wireless LAN settings, leave Yes selected and click Next. Section 3.2.1 on page 66 P-2602HWLNI User’s Guide...
Page 65: Figure 14 Auto Detection: No Dsl Connection
3c The following screen appears if the ZyXEL device detects a connection but not the connection type. Click Next and refer to manually configure the ZyXEL Device for Internet access. P-2602HWLNI User’s Guide Chapter 3 Internet and Wireless Setup Wizard Section 3.3 on page 71 Section 3.2.1 on page 66...
Page 66: Manual Configuration
1 If the ZyXEL Device fails to detect your DSL connection type but the physical line is connected, enter your Internet access information in the wizard screen exactly as your service provider gave it to you. Leave the defaults in any fields for which you were not given information. P-2602HWLNI User’s Guide...
Page 67: Figure 17 Internet Access Wizard Setup: Isp Parameters
2 The next wizard screen varies depending on what mode and encapsulation type you use. All screens shown are with routing mode. Configure the fields and click Next to continue. See Section 3.3 on page 71 P-2602HWLNI User’s Guide Chapter 3 Internet and Wireless Setup Wizard for wireless connection wizard setup...
Page 68: Figure 18 Internet Connection With Pppoe
Click Back to go back to the previous wizard screen. Apply Click Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. Figure 19 Internet Connection with RFC 1483 P-2602HWLNI User’s Guide...
Page 69: Figure 20 Internet Connection With Enet Encap
Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP Server clients along with the IP address and the subnet mask. Second DNS As above. Server Back Click Back to go back to the previous wizard screen. P-2602HWLNI User’s Guide Chapter 3 Internet and Wireless Setup Wizard...
Page 70: Figure 21 Internet Connection With Pppoa
• If the user name and/or password you entered for PPPoE or PPPoA connection are not correct, the screen displays as shown next. Click Back to Username and Password setup to go back to the screen where you can modify them. P-2602HWLNI User’s Guide...
Page 71: Wireless Connection Wizard Setup
After you configure the Internet access information, use the following screens to set up your wireless LAN. 1 Select Yes and click Next to configure wireless settings. Otherwise, select No and skip to Step 6. P-2602HWLNI User’s Guide Chapter 3 Internet and Wireless Setup Wizard...
Page 72: Figure 24 Connection Test Successful
OTIST Setup Key on the ZyXEL Device and wireless clients. Click Back to display the previous screen. Click Next to proceed to the next screen. Click Exit to close the wizard screen without saving. P-2602HWLNI User’s Guide...
Page 73: Figure 26 Wireless Lan
4 This screen varies depending on the security mode you selected in the previous screen. Fill in the field (if available) and click Next. P-2602HWLNI User’s Guide Chapter 3 Internet and Wireless Setup Wizard for more information.
Page 74: Manually Assign A Wpa-Psk Key
Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 3.3.2 Manually Assign a WEP Key Choose Manually assign a WEP key to setup WEP Encryption parameters. Figure 28 Manually Assign a WEP Key P-2602HWLNI User’s Guide...
Page 75: Figure 29 Wireless Lan Setup 3
6 Use the read-only summary table to check whether what you have configured is correct. Click Finish to complete and save the wizard setup. No wireless LAN settings display if you chose not to configure wireless LAN settings. P-2602HWLNI User’s Guide Chapter 3 Internet and Wireless Setup Wizard...
Page 76: Figure 30 Internet Access And Wlan Wizard Setup Complete
Refer to the rest of this guide for more detailed information on the complete range of ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. P-2602HWLNI User’s Guide...
Page 77: Voip Wizard
4.2 VoIP Wizard Setup Use the wizard setup screens to set up your SIP account with the information given to you by your ISP and register your SIP account. P-2602HWLNI User’s Guide VoIP Wizard Chapter 11 on page 178 to configure the others.
Page 78: Figure 32 Select A Mode
Apply. Otherwise, click the wizard icon ( web configurator to display the wizard main screen. Figure 32 Select a Mode 2 Click VOICE OVER INTERNET SETUP to configure your SIP settings. ) in the top right corner of the P-2602HWLNI User’s Guide...
Page 79: Figure 33 Wizard: Welcome
Apply. Contact your VoIP service provider if you do not have this information. If your selected a preconfigured SIP profile, just enter your SIP number, user name and password. Leave the remaining fields at default. P-2602HWLNI User’s Guide Chapter 4 VoIP Wizard...
Page 80: Figure 35 Voip Wizard Configuration
Click Back to return to the previous screen. Click Apply to complete the wizard setup and save your configuration. Click Exit to close the wizard without saving your settings. 11223344@SIPA- P-2602HWLNI User’s Guide...
Page 81: Figure 36 Sip Registration Test
8 To call other VoIP users, you need to have their SIP numbers and ensure that their SIP accounts are registered and active. You can use your VoIP service provider’s dialing plan to call SIP numbers. P-2602HWLNI User’s Guide Chapter 4 VoIP Wizard Chapter 28 on page 401...
Page 82 You dial a prefix number, provided to you by your VoIP service provider, followed by a regular phone number. To find out more information about configuring your VoIP features and making non-VoIP calls see Chapter 11 on page 169. P-2602HWLNI User’s Guide...
Page 83: Bandwidth Management Wizard
1 After you enter the password to access the web configurator, select Go to Wizard setup and click Apply. Otherwise, click the wizard icon ( web configurator to display the wizard main screen. Figure 39 Select a Mode 2 Click BANDWIDTH MANAGEMENT SETUP. P-2602HWLNI User’s Guide ) in the top right corner of the...
Page 84: Figure 40 Wizard: Welcome
Click Back to display the previous screen. Next Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 4 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration. P-2602HWLNI User’s Guide...
Page 85: Figure 42 Bandwidth Management Wizard: Complete
Chapter 5 Bandwidth Management Wizard Figure 42 Bandwidth Management Wizard: Complete P-2602HWLNI User’s Guide...
Page 86 Chapter 5 Bandwidth Management Wizard P-2602HWLNI User’s Guide...
Page 87: Status Screens
(LAN and WAN), and SIP accounts. You can also register and unregister SIP accounts. The Status screen also provides detailed information from Any IP and DHCP and statistics from VoIP, bandwidth management, and traffic. 6.1 Status Screen Click Status to open this screen. P-2602HWLNI User’s Guide Status Screens...
Page 88: Figure 43 Status Screen
This field displays the ZyXEL Device system name. It is used for identification. You can change this in the Maintenance > System > General screen’s System Name field. Model This is the model name of your device. Number P-2602HWLNI User’s Guide...
Page 89 Uptime started up. The ZyXEL Device starts up when you plug it in, when you restart it (Maintenance > Tools > Restart), or when you reset it (see 47). P-2602HWLNI User’s Guide Chapter 6 Status Screens Section 1.6 on page...
Page 90 Section 29.6 on page 337. 295. Chapter 21 on page 413, or turn off the device Section 8.6 on page Section 6.2 on page Section 6.3 on page Section Section 6.4 on Section 6.5 on page Section 6.5 on page P-2602HWLNI User’s Guide...
Page 91: Any Ip Table
Device but is in a different subnet than the ZyXEL Device. Refresh Click this to update this screen. P-2602HWLNI User’s Guide Click Unregister to delete the SIP account’s registration in the SIP server. This does not cancel your SIP account, but it deletes the mapping between your SIP identity and your IP address or domain name.
Page 92: Wlan Status
6.4 Packet Statistics Click Status > Packet Statistics to access this screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. P-2602HWLNI User’s Guide...
Page 93: Figure 46 Packet Statistics
This field displays the number of bytes transmitted in the last second. Rx B/s This field displays the number of bytes received in the last second. Up Time This field displays the elapsed time this port has been up. LAN Port Statistics P-2602HWLNI User’s Guide Chapter 6 Status Screens...
Page 94: Voip Statistics
Type the time interval for the browser to refresh system statistics. Click this to apply the new poll interval you entered in the Poll Interval field above. Click this button to halt the refreshing of the system statistics. P-2602HWLNI User’s Guide...
Page 95 The rate is the average number of bytes transmitted per second. Rx B/s This field displays how quickly the ZyXEL Device has received packets in the current call. The rate is the average number of bytes transmitted per second. P-2602HWLNI User’s Guide Chapter 6 Status Screens...
Page 96: Led Status
The wireless LAN is enabled. Your ZyXEL Device’s SSID (Service Set IDentity) displays. When the wireless LAN is disabled, it displays Inactive. The corresponding LAN port has a successful Ethernet connection. The corresponding LAN port does not have a successful Ethernet connection. P-2602HWLNI User’s Guide...
Page 97 Phone 1 Green Phone 2 Poll Interval (s) Set Interval Stop P-2602HWLNI User’s Guide Chapter 6 Status Screens DESCRIPTION The ZyXEL Device has a successful Internet connection. This field displays the current IP address of the ZyXEL Device in the WAN.
Page 98 Chapter 6 Status Screens P-2602HWLNI User’s Guide...
Page 99: Network
Network WAN Setup (101) LAN Setup (117) Wireless LAN (129) Network Address Translation (NAT) Screens (155)
Page 101: Wan Setup
By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access. P-2602HWLNI User’s Guide WAN Setup...
Page 102: Multiplexing
The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP. However the encapsulation method assigned influences your choices for IP address and ENET ENCAP gateway. P-2602HWLNI User’s Guide...
Page 103: Nailed-Up Connection (Ppp)
ZyXEL Device uses the following pre-defined priorities: • Normal route: designated by the ISP (see • Traffic-redirect route (see • WAN-backup route, also called dial-backup (see P-2602HWLNI User’s Guide Section 7.5 on page Section 7.9 on page 114) Section 7.10 on page...
Page 104: Traffic Shaping
If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that correlates to your upstream line rate. The following figure illustrates the relationship between PCR, SCR and MBS. Figure 49 Example of Traffic Shaping P-2602HWLNI User’s Guide...
Page 105: Atm Traffic Classes
Zero configuration for Internet access is disabled when • the ZyXEL Device is in bridge mode • you set the ZyXEL Device to use a static (fixed) WAN IP address. P-2602HWLNI User’s Guide Chapter 7 WAN Setup...
Page 106: Internet Access Setup
ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. (PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. (PPPoE only) Type the name of your PPPoE service here. P-2602HWLNI User’s Guide...
Page 107 The ZyXEL Device will try to bring up the connection automatically if it is disconnected. Connect on Select Connect on Demand when you don't want the connection up all the time Demand and specify an idle time-out in the Max Idle Timeout field. P-2602HWLNI User’s Guide Chapter 7 WAN Setup...
Page 108: Advanced Internet Access Setup
Demand. The default setting is 0, which means the Internet session will not timeout. Click Apply to save the changes. Click Cancel to begin configuring this screen afresh. Click this button to display the Advanced WAN Setup screen and edit more details of your WAN setup. P-2602HWLNI User’s Guide...
Page 109: Wan More Connections
The ZyXEL Device allows you to configure more than one Internet access connection. To configure additional Internet access connections click Network > WAN > More Connections. The screen differs by the encapsulation you select. P-2602HWLNI User’s Guide Chapter 7 WAN Setup...
Page 110: More Connections Edit
Click the delete icon to remove the Internet access setup from your connection list. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. 7.7 More Connections Edit Click the edit icon in the More Connections screen to configure a node. P-2602HWLNI User’s Guide...
Page 111: Figure 53 More Connections Edit
ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. Password (PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. P-2602HWLNI User’s Guide Chapter 7 WAN Setup...
Page 112 Click Back to return to the previous screen. Click Apply to save the changes. Click Cancel to begin configuring this screen afresh. Click this button to edit RIP, multicast and ATM QoS settings. for details) and type that P-2602HWLNI User’s Guide...
Page 113: More Connections Edit Advanced
Type the MBS, which is less than 65535. Back Click Back to return to the previous screen. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. P-2602HWLNI User’s Guide Chapter 7 WAN Setup...
Page 114: Traffic Redirect
(Subnet 2). Configure filters that allow packets from the protected LAN (Subnet 1) to the backup gateway (Subnet 2). Figure 56 Traffic Redirect LAN Setup 7.10 WAN Backup Setup Use this screen to configure your ZyXEL Device’s WAN backup. Click Network > WAN > WAN Backup Setup. P-2602HWLNI User’s Guide...
Page 115: Figure 57 Wan Backup Setup
ZyXEL Device times out the number of times specified in the Fail Tolerance field. Use a higher value in this field if your network is busy or congested. P-2602HWLNI User’s Guide configure at least one IP address here. Chapter 7 WAN Setup...
Page 116 Type the IP address of your backup gateway in dotted decimal notation. The ZyXEL Device automatically forwards traffic to this IP address if the ZyXEL Device's Internet connection terminates. Apply Click Apply to save the changes. Cancel Click Cancel to begin configuring this screen afresh. Check WAN IP Address. P-2602HWLNI User’s Guide...
Page 117: Lan Setup
WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 58 LAN and WAN IP Addresses P-2602HWLNI User’s Guide LAN Setup for information on configuring the LAN screens.
Page 118: Dhcp Setup
DHCP client capability. 8.3.1 IP Address and Subnet Mask Similar to the way houses on a street share a common street name, so too do computers on a LAN share one common network number. P-2602HWLNI User’s Guide...
Page 119 Regardless of your particular situation, do not create an arbitrary IP address; always follow the guidelines above. For more information on address assignment, please refer to RFC 1597, “Address Allocation for Private Internets” and RFC 1466, “Guidelines for Management of IP Address Space”. P-2602HWLNI User’s Guide Chapter 8 LAN Setup...
Page 120: Rip Setup
After that, the ZyXEL Device periodically updates this information. IP multicasting can be enabled/disabled on the ZyXEL Device LAN and/or WAN interfaces in the web configurator (LAN; WAN). Select None to disable IP multicasting on these interfaces. P-2602HWLNI User’s Guide...
Page 121: Any Ip
IP routing table is defined on IP Ethernet devices (the ZyXEL Device) to decide which hop to use, to help forward data along to its specified destination. P-2602HWLNI User’s Guide Chapter 8 LAN Setup...
Page 122: Configuring Lan Ip
255.255.255.0 (factory default). Your ZyXEL Device automatically computes the subnet mask based on the IP Address you enter, so do not change this field unless you are instructed to do so. Click Apply to save your changes back to the ZyXEL Device. for background P-2602HWLNI User’s Guide...
Page 123: Configuring Advanced Lan Setup
PPPoE or PPTP, NetBIOS packets cause unwanted calls. TCP/IP) However it may sometimes be necessary to allow NetBIOS packets to pass through to the WAN in order to find a computer on the WAN. P-2602HWLNI User’s Guide Chapter 8 LAN Setup...
Page 124: Dhcp Setup
DHCP requests and responses between the remote server and the clients. Enter the IP address of the actual, remote DHCP server in the Remote DHCP Server field in this case. When DHCP is used, the following items need to be set: P-2602HWLNI User’s Guide...
Page 125: Lan Client List
00:A0:C5:00:00:02. Click Network > LAN > Client List to open the following screen. Use this screen to change your ZyXEL Device’s static DHCP settings. P-2602HWLNI User’s Guide Chapter 8 LAN Setup...
Page 126: Lan Ip Alias
Click the modify icon to have the IP address field editable and change it. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to begin configuring this screen afresh. Click Refresh to reload the DHCP table. P-2602HWLNI User’s Guide...
Page 127: Figure 64 Physical Network & Partitioned Logical Networks
The following figure shows a LAN divided into subnets A, B, and C. Figure 64 Physical Network & Partitioned Logical Networks Click Network > LAN > IP Alias to open the following screen. Use this screen to change your ZyXEL Device’s IP alias settings. Figure 65 LAN IP Alias P-2602HWLNI User’s Guide...
Page 128: Table 33 Lan Ip Alias
By default, RIP direction is set to Both and the Version set to RIP-1. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to begin configuring this screen afresh. P-2602HWLNI User’s Guide...
Page 129: Wireless Lan
• Every device in the same wireless network must use the same SSID. The SSID is the name of the wireless network. It stands for Service Set IDentity. • If two wireless networks overlap, they should use a different channel. P-2602HWLNI User’s Guide Wireless LAN...
Page 130: Wireless Security Overview
Some wireless devices, such as scanners, can detect wireless networks but cannot use wireless networks. These kinds of wireless devices might not have MAC addresses. Hexadecimal characters are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, and F. ; for P-2602HWLNI User’s Guide...
Page 131: Encryption
Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. P-2602HWLNI User’s Guide Chapter 9 Wireless LAN RADIUS SERVER...
Page 132: One-Touch Intelligent Security Technology (Otist)
WDS link with access point AP-2, which does. When AP-1 has a WDS link with AP-2, the notebook computer can access the Internet through AP-2. Figure 67 Example of a WDS Link Section 9.6 on page 140 for more details. P-2602HWLNI User’s Guide...
Page 133: Additional Wireless Terms
ZyXEL Device’s new settings. Click Network > Wireless LAN to open the Wireless LAN General screen. P-2602HWLNI User’s Guide DESCRIPTION This describes direct communication (not through the ZyXEL Device) between two wireless devices within a wireless network.
Page 134: No Security
LAN and you change the ZyXEL Device’s SSID or WEP settings, you will lose your wireless connection when you press Apply to confirm. You must then change the wireless settings of your computer to match the ZyXEL Device’s new settings. P-2602HWLNI User’s Guide...
Page 135: Wep Encryption Screen
The following table describes the labels in this screen. Table 37 Wireless No Security LABEL DESCRIPTION Security Mode Choose No Security from the drop-down list box. 9.5.2 WEP Encryption Screen Select Static WEP from the Security Mode list. P-2602HWLNI User’s Guide Chapter 9 Wireless LAN...
Page 136: Wpa(2)-Psk
10, 26 or 58 hexadecimal characters ("0-9", "A-F") for a 40/64-bit, 128-bit or 256-bit WEP key respectively. 9.5.3 WPA(2)-PSK In order to configure and enable WPA(2)-PSK authentication; click Network > Wireless LAN to display the General screen. Select WPA-PSK or WPA2-PSK from the Security Mode list. P-2602HWLNI User’s Guide...
Page 137: Figure 71 Wireless: Wpa(2)-Psk
WEP key for an AP and all stations in a WLAN on a periodic basis. Setting of the Group Key Update Timer is also supported in WPA- PSK mode. The ZyXEL Device default is 1800 seconds (30 minutes). P-2602HWLNI User’s Guide server, the reauthentication timer on the RADIUS server has priority.
Page 138: Wpa(2) Authentication Screen
The ZyXEL Device automatically disconnects a wireless station from the wired network after a period of inactivity. The wireless station needs to enter the username and password again before access to the wired network is allowed. The default time interval is 3600 seconds (or 1 hour). P-2602HWLNI User’s Guide...
Page 139: Wireless Lan Advanced Setup
Device. The key is not sent over the network. 9.5.5 Wireless LAN Advanced Setup To configure advanced wireless settings, click the Advanced Setup button in the General screen. The screen appears as shown. Figure 73 Wireless LAN: Advanced P-2602HWLNI User’s Guide Chapter 9 Wireless LAN...
Page 140: Otist Screen
Use this screen to set up and start OTIST on the ZyXEL Device in your wireless network. To open this screen, click Network > Wireless LAN > OTIST. Ensure that your network’s SSID is fewer than 23 characters in length before you start OTIST. Click Wireless LAN > General to change your network’s SSID. P-2602HWLNI User’s Guide...
Page 141: Figure 74 Network > Wireless Lan > Otist
2 Click the Adapter tab. 3 Select the OTIST check box, and enter the same Setup Key as the ZyXEL Device. 4 Click Save. P-2602HWLNI User’s Guide DESCRIPTION Type a key (password) 8 ASCII characters long. Note: If you change the OTIST setup key in the ZyXEL Device, you must change it on the wireless devices too.
Page 142: Figure 75 Example: Wireless Client Otist Screen
Review the settings, and click OK. The ZyXEL Device begins transferring OTIST settings. The following screens appear in the ZyXEL Device and in the wireless devices. Figure 77 OTIST: In Progress on the ZyXEL Device P-2602HWLNI User’s Guide...
Page 143: Notes On Otist
ZyXEL Device and the network. You can allow or prohibit specific devices based on their MAC addresses. Click Network > Wireless LAN > MAC Filter. The screen appears as shown. P-2602HWLNI User’s Guide Chapter 9 Wireless LAN...
Page 144: Figure 80 Mac Address Filter
ZyXEL Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to reload the previous configuration for this screen. P-2602HWLNI User’s Guide...
Page 145: Association List
The QoS screen allows you to automatically give a service (such as e-mail, VoIP or FTP) a priority level. Click Network > Wireless LAN > QoS. The following screen displays. P-2602HWLNI User’s Guide DESCRIPTION This is the index number of an associated wireless station.
Page 146: Figure 82 Wireless Lan: Qos
Mid - Typically used for applications that do not fit into another priority. For example, Internet surfing. Low - Typically used for non-critical “background” applications, such as large file transfers and print jobs that should not affect other applications. P-2602HWLNI User’s Guide...
Page 147: Application Priority Configuration
Table 46 Application Priority Configuration LABEL Application Priority Configuration Name P-2602HWLNI User’s Guide DESCRIPTION Click the Edit icon to open the Application Priority Configuration screen. Modify an existing application entry or create a application entry in the Application Priority Configuration screen.
Page 148: Wds Screen
Select a priority from the drop-down list box. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to return to the previous screen. P-2602HWLNI User’s Guide...
Page 149: Static Wep
Cancel 9.10.1 Static WEP Choose Static WEP from the Security Mode list. P-2602HWLNI User’s Guide DESCRIPTION This is the index number of the individual WDS link. Select this to activate the link between the ZyXEL Device and the peer device to which this entry refers.
Page 150: Wpa-Psk
All ASCII characters (including spaces and symbols) are allowed. • The common, transmission key and reception key are connected by '+' the plus sign. The following example shows how to set up a WDS link between wireless APs using WPA- PSK with TKIP. P-2602HWLNI User’s Guide...
Page 151: Figure 86 Example: Wds Link Using Wpa-Psk With Tkip
• The transmission key “33333333” of AP-2 is exactly the same as the reception key “33333333” of AP-3. To access this screen, choose WPA-PSK from the Security Mode list. Figure 87 Wireless LAN > WDS > WPA-PSK P-2602HWLNI User’s Guide Chapter 9 Wireless LAN...
Page 152: Wpa2-Psk
Eight-character reception key (rx): this must be the same as the next AP’s transmission key. All ASCII characters (including spaces and symbols) are allowed. • The common, transmission key and reception key are connected by '+' the plus sign. P-2602HWLNI User’s Guide...
Page 153: Table 50 Wireless Lan > Wds > Wpa2-Psk
The Pre-Shared key (PSK) is used to encrypt data. All the wireless APs (including the ZyXEL Device) must use the same Pre-Shared key for data transmission. Enter a Pre-Shared key that consists of 16 ASCII characters (including spaces and symbols). P-2602HWLNI User’s Guide Chapter 9 Wireless LAN...
Page 154 Chapter 9 Wireless LAN P-2602HWLNI User’s Guide...
Page 155: Network Address Translation (Nat) Screens
This refers to the packet address (source or destination) as the packet travels on the LAN. Global This refers to the packet address (source or destination) as the packet travels on the WAN. NAT never changes the IP address (either local or global) of an outside host. P-2602HWLNI User’s Guide (NAT) Screens...
Page 156: What Nat Does
Figure 89 How NAT Works 10.1.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. Table 52 on page 158), P-2602HWLNI User’s Guide...
Page 157: Nat Mapping Types
• Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. P-2602HWLNI User’s Guide Chapter 10 Network Address Translation (NAT) Screens...
Page 158: Sua (Single User Account) Versus Nat
IGA1 ILA2 IGA1 … ILA1 IGA1 ILA2 IGA2 ILA3 IGA1 ILA4 IGA2 … ILA1 IGA1 ILA2 IGA2 ILA3 IGA3 … Server 1 IP IGA1 Server 2 IP IGA1 Server 3 IP IGA1 Table 52 on page P-2602HWLNI User’s Guide 158.
Page 159: Port Forwarding
(for example both FTP and web service), it might be better to specify a range of port numbers. You can allocate a server IP address that corresponds to a port or a range of ports. P-2602HWLNI User’s Guide Chapter 10 Network Address Translation (NAT) Screens...
Page 160: Default Server Ip Address
192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 92 Multiple Servers Behind NAT Example Appendix E on page 475. Please P-2602HWLNI User’s Guide...
Page 161: Configuring Port Forwarding
This is the first port number that identifies a service. End Port This is the last port number that identifies a service. P-2602HWLNI User’s Guide Chapter 10 Network Address Translation (NAT) Screens for port numbers commonly used for particular services.
Page 162: Port Forwarding Rule Edit
Enter the inside IP address of the server here. Address Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2602HWLNI User’s Guide...
Page 163: Address Mapping
This is the end Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This field is N/A for One-to-one and Server mapping types. P-2602HWLNI User’s Guide Chapter 10 Network Address Translation (NAT) Screens...
Page 164: Address Mapping Rule Edit
10.6.1 Address Mapping Rule Edit To edit an address mapping rule, click the rule’s edit icon in the Address Mapping screen to display the screen shown next. P-2602HWLNI User’s Guide...
Page 165: Figure 96 Edit Address Mapping Rule
Back Click Back to return to the previous screen. Apply Click Apply to save your changes to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2602HWLNI User’s Guide Chapter 10 Network Address Translation (NAT) Screens DESCRIPTION...
Page 166 Chapter 10 Network Address Translation (NAT) Screens P-2602HWLNI User’s Guide...
Page 167: Voip
VoIP Voice (169) VoIP Trunking (211) Phone Usage (227)
Page 169: Voice
The SIP number is the part of the SIP URI that comes before the “@” symbol. A SIP number can use letters like in an e-mail address (johndoe@your-ITSP.com for example) or numbers like a telephone number (1122334455@VoIP-provider.com for example). P-2602HWLNI User’s Guide Voice...
Page 170: Sip Servers
In the following example, you want to use client device A to call someone who is using client device C. 1 The client device (A in the figure) sends a call invitation to the SIP proxy server (B). 2 The SIP proxy server forwards the call invitation to C. P-2602HWLNI User’s Guide...
Page 171: Figure 98 Sip Proxy Server
1 Client device A sends a call invitation for C to the SIP redirect server (B). 2 The SIP redirect server sends the invitation back to A with C’s IP address (or domain name). 3 Client device A then sends the call invitation to client device C. P-2602HWLNI User’s Guide Chapter 11 Voice...
Page 172: Figure 99 Sip Redirect Server
SIP registrations (and subsequent SIP requests) require a username and password for authorization. These credentials are validated via a challenge / response system using the HTTP digest mechanism (as detailed in RFC3261, "SIP: Session Initiation Protocol"). 170) are represented by the UA, and knows the IP P-2602HWLNI User’s Guide...
Page 173: Rtp
The response to the request goes to all the proxy servers through which the request passed, in reverse sequence. Once the session is set up, session traffic is sent between the UAs directly, bypassing all the proxy servers in between. P-2602HWLNI User’s Guide Chapter 11 Voice 2. Ringing 3.
Page 174: Figure 100 Sip Call Through Proxy Servers
User Agent 1 via Proxy 1. PROXY 1 & PROXY 1 PROXY 2 Invite 100 Trying 100 Trying 180 Ringing 180 Ringing 200 OK PROXY 2 UA 2 UA 2 Invite 180 Ringing 200 OK 200 OK P-2602HWLNI User’s Guide...
Page 175: Voice Coding
(beeping) dial tone when you have a voice message(s). Your VoIP service provider must have a messaging system that sends message waiting status SIP packets as defined in RFC 3842. The ZyXEL Device does not support pulse dialing at the time of writing. P-2602HWLNI User’s Guide Chapter 11 Voice...
Page 176: Custom Tones (Ivr)
DESCRIPTION 128 seconds for all custom tones combined 20 seconds You can record up to 8 different custom tones but the total time must be 128 seconds or less. P-2602HWLNI User’s Guide...
Page 177: Type Of Service (Tos)
VLAN group. Some ISPs use the VLAN tag to identify voice traffic and give it priority over other traffic. The ZyXEL Device does not support DiffServ at the time of writing. P-2602HWLNI User’s Guide Unused (2-bit) Chapter 11 Voice...
Page 178: Sip Settings Screen
LABEL SIP Account SIP Settings for how to map a SIP account to a phone port. DESCRIPTION Select the SIP account you want to see in this screen. If you change this field, the screen automatically refreshes. P-2602HWLNI User’s Guide...
Page 179: Advanced Sip Setup Screen
Click VoIP > SIP > SIP Settings to open the SIP Settings screen. Select a SIP account and click Advanced Setup to open the Advanced SIP Setup screen. Use this screen to maintain advanced settings for each SIP account. P-2602HWLNI User’s Guide Chapter 11 Voice...
Page 180: Figure 103 Voip > Sip Settings > Advanced
Figure 103 VoIP > SIP Settings > Advanced Each field is described in the following table. Table 62 VoIP > SIP Settings > Advanced LABEL SIP Account SIP Server Settings DESCRIPTION This field displays the SIP account you see in this screen. P-2602HWLNI User’s Guide...
Page 181 SIP INFO - send the DTMF tones in SIP messages. Outbound Proxy P-2602HWLNI User’s Guide enter the port number at the beginning of the range in the Start Port field. enter the port number at the end of the range in the End Port field.
Page 182: Sip Qos Screen
Click this to save your changes and to apply them to the ZyXEL Device. Click this to set every field in this screen to its last-saved value. for more information. for more information. for more information. Section 11.2.10 on page 176 for more P-2602HWLNI User’s Guide...
Page 183: Phone
When the ZyXEL Device does not have power, only the phone connected to the PHONE 1 port can be used for making calls. Ensure you know which phone this is, so that in case of emergency you can make outgoing calls. P-2602HWLNI User’s Guide Chapter 11 Voice...
Page 184: Isdn Line
11.8.1 PHONE Port Call Types You can use the analog phones connected to the ZyXEL Device’s PHONE 1 and PHONE 2 ports to make and receive three kinds of call: P-2602HWLNI User’s Guide...
Page 185: Configuring The Analog Phone Screen
VoIP > ISDN Line screen to configure the prefix number for ISDN calls (see Section 11.22 on page Click VoIP > Phone > Analog Phone. The following screen displays. P-2602HWLNI User’s Guide 178) before making Internet phone calls. Section 11.23.1 on page 208). If you have MSNs from your ISDN Section 11.21 on page...
Page 186: Figure 105 Phone > Analog Phone
Note: The MSN number refers to the MSN mapping entries you configure in the VoIP > Fixed Line Numbers screen. Configure these entries first. Use this section to configure the type of calls you can receive on a phone connected to this PHONE port. P-2602HWLNI User’s Guide...
Page 187: Advanced Analog Phone Setup Screen
Use this screen to edit advanced settings for each phone port. To access this screen, click Advanced Setup in VoIP > Phone > Analog Phone. P-2602HWLNI User’s Guide entries you configure in the VoIP > Fixed Line Numbers screen. Configure these entries first.
Page 188: Figure 106 Phone > Analog Phone > Advanced
G.711. Select this if the ZyXEL Device should send fax messages as UDP or TCP/IP packets through IP networks. This provides better quality, but it may have inter- operability problems. The peer devices must also use T.38. P-2602HWLNI User’s Guide...
Page 189: Isdn Phone
Telephone Network) line connected to the PSTN/ISDN port on the ZyXEL Device. • ISDN (Integrated Services Digital Network) phone calls. These calls are made and received using an ISDN line connected to the PSTN/ISDN port on the ZyXEL Device. P-2602HWLNI User’s Guide 178) before making Internet phone calls. Chapter 11 Voice...
Page 190: Configuring The Isdn Phone Screen
If you select more than one source for incoming calls, there is no way to distinguish between them when you receive phone calls. Click this to save your changes. Click this to set every field in this screen to its last-saved value. P-2602HWLNI User’s Guide...
Page 191: Common Phone Settings Screen
11.12 Ext. Table You can assign extension numbers to phones connected to the ZyXEL Device, and make internal calls between these phones. For information on making internal calls, refer to 13.3 on page 227. P-2602HWLNI User’s Guide Chapter 11 Voice Section...
Page 192: Figure 109 Voip > Phone > Ext. Table
ISDN phones connected to the ISDN PHONE port on the ZyXEL Device. To access this screen, click VoIP > Phone > Ext. Table. Make sure each Extension Number you configure in the Ext. Table screen is unique. Figure 109 VoIP > Phone > Ext. Table P-2602HWLNI User’s Guide...
Page 193: Advanced Ext. Table Setup Screen
11.13 Advanced Ext. Table Setup Screen You can create call-forwarding rules for internal calls. To access this screen, click Advanced in a phone extension entry in the VoIP > Phone > Ext. Table P-2602HWLNI User’s Guide calls, use the existing MSNs. Chapter 11 Voice...
Page 194: Phone Services Overview
Click this to return to the Ext. Table Setup Screen. Click this to save your changes. Click this to set every field in this screen to its last-saved value. Section 11.17 on page 200) P-2602HWLNI User’s Guide...
Page 195: The Flash Key
Flash *98# 11.14.2.1 European Call Hold Call hold allows you to put a call (A) on hold by pressing the flash key. P-2602HWLNI User’s Guide Section 13.3 on page 227) DESCRIPTION Put a current call on hold to place a second call.
Page 196: Usa Type Supplementary Services
(one is on-line, the other is on hold), press the flash key and press “2”. 11.14.3 USA Type Supplementary Services This section describes how to use supplementary phone services with the USA Type Call Service Mode. Commands for supplementary services are listed in the table below. P-2602HWLNI User’s Guide...
Page 197: Table 71 Usa Flash Key Commands
(with party A on-line and party B on hold), press the flash key. 6 If you want to go back to the three-way conversation, press the flash key again. P-2602HWLNI User’s Guide DESCRIPTION Put a current call on hold to place a second call. After the second call is successful, press the flash key again to have a three-way conference call.
Page 198: Phone Region Screen
You might have to subscribe to these services to use them. Contact your VoIP service provider. Click this to save your changes and to apply them to the ZyXEL Device. Click this to set every field in this screen to its last-saved value. P-2602HWLNI User’s Guide...
Page 199: Figure 112 Phone Book > Speed Dial
Use this section to look at all the speed-dial entries and to erase them. Book Speed Dial This field displays the speed-dial number you should dial to use this entry. Number This field displays the SIP number the ZyXEL Device calls when you dial the speed-dial number. P-2602HWLNI User’s Guide Chapter 11 Voice...
Page 200: Incoming Call Policy Screen
Dial section, where you can change it. Click the Remove icon to erase this speed-dial entry. Click this to erase all the speed-dial entries. Click this to set every field in this screen to its last-saved value. P-2602HWLNI User’s Guide...
Page 201: Table 74 Phone Book > Incoming Call Policy
Forward to Number section. Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. P-2602HWLNI User’s Guide Chapter 11 Voice...
Page 202: Distinctive Ring Screen
SIP accounts, coming into the PSTN line and internal calls. The configuration in the Distinctive Ring screen only applies to analog phones connected to the ZyXEL Device. To access this screen, click VoIP > Phone Book > Distinctive Ring. P-2602HWLNI User’s Guide...
Page 203: Figure 114 Phone Book > Distinctive Ring
Select the ring for callers in your VIP group. This is a read only index number for the phone numbers you assign to different groups. Enable Select this to enable your selected distinctive ring for this phone number. P-2602HWLNI User’s Guide Chapter 11 Voice...
Page 204: Sip Prefix Screen
ZyXEL Device uses default SIP settings to make the call. Click VoIP > Phone Book > SIP Prefix. The following screen displays. number is part of any of the groups assigned above before checking the incoming line. P-2602HWLNI User’s Guide...
Page 205: Figure 115 Phone Book > Sip Prefix
Use this field to edit or erase the SIP prefix entry. Click the Edit icon to copy the information for this SIP prefix entry into the SIP Prefix section, where you can change it. Click the Remove icon to erase this SIP prefix entry. P-2602HWLNI User’s Guide Chapter 11 Voice...
Page 206: Pstn Line
11.21 PSTN Line Screen Use this screen to set up the PSTN line you use to make regular phone calls. To access this screen, click VoIP > PSTN Line > General. Figure 116 PSTN Line > General P-2602HWLNI User’s Guide...
Page 207: Isdn Line Screen
For example, you should enter emergency numbers. The number (1 - 9) is not a speed-dial number. It is just a sequential value that is not associated with any phone number. P-2602HWLNI User’s Guide Chapter 11 Voice...
Page 208: Fixed Line Numbers
• Carol connects her analog phone to the ZyXEL Device’s PHONE 1 port, and David connects his to the PHONE 2 port. They connect the ISDN line to the PSTN/ISDN port. Section 11.23.1 on page 209. 208. The MSNs you enter here Section P-2602HWLNI User’s Guide...
Page 209: Receiving Analog Calls With Digital Phones
MSN. Refer to the documentation supplied by your phone’s manufacturer for details. Now, when your ZyXEL Device receives an analog (PSTN) call, your ISDN phone rings. 11.23.3 Configuring the Fixed Line Numbers Screen Click VoIP > Fixed Line Numbers. The following screen displays. P-2602HWLNI User’s Guide Chapter 11 Voice 207).
Page 210: Figure 118 Voip > Fixed Line Numbers Screen
Enter details of the device you want to use with this MSN (for example “personal phone” or “business phone”). This field is for your reference only. Click this button to save your changes. Click this button to set the fields in this screen to their last-saved values. P-2602HWLNI User’s Guide...
Page 211: Voip Trunking
PIN (Personal Identification Number). Your ZyXEL Device can be configured so that it prompts callers to enter a PIN (via the phone pad) in order to process any call forwarding requests. P-2602HWLNI User’s Guide VoIP Trunking...
Page 212: Peer Call Authentication
Table 80 Matching Incoming and Outgoing Authentication ACCOUNT DETAILS Outgoing Authentication Username Password Incoming Authentication Username Password LOCAL PEER DEVICE REMOTE PEER DEVICE localDeviceA localDeviceB passwordA passwordB userone localDeviceA userpassword passwordA P-2602HWLNI User’s Guide...
Page 213: Call Rules
12.4.2 PSTN Phone To VoIP Phone A PSTN phone A makes a call to the ZyXEL Device B. B connects A to a VoIP phone C over the IP network. P-2602HWLNI User’s Guide PATTERN CALL RULE Set up a peer call to a remote peer device to 1555 forward calls starting with the numbers 1555.
Page 214: Pstn Phone To Pstn Phone Via Voip
VoIP Trunking requires the following additional configuration in the VoIP > SIP > SIP Settings > Advanced Setup screen: Voice Compression field needs to be set to G.729 and DTMF Mode field needs to be set to SIP INFO. Figure 123 VoIP > Trunking > General P-2602HWLNI User’s Guide...
Page 215: Trunking Peer Call Screen
Use this screen to set up outgoing authentication accounts for forwarding calls through peer devices and incoming authentication accounts for forwarding calls from peer devices. To access this screen, click VoIP > Trunking > Peer Call. P-2602HWLNI User’s Guide Chapter 12 VoIP Trunking...
Page 216: Figure 124 Voip > Trunking > Peer Call
Enter the username needed to authenticate at the remote peer device. The remote peer device must have the same username in an incoming authentication entry in order to authenticate your connection. Enter up to 32 alphanumeric characters. P-2602HWLNI User’s Guide...
Page 217: Trunking Call Rule Screen
12.7 Trunking Call Rule Screen Use this screen to set up rules that determine which peer VoIP device your call will be forwarded to. To access this screen, click VoIP > Trunking > Call Rule. P-2602HWLNI User’s Guide Chapter 12 VoIP Trunking...
Page 218: Figure 125 Voip > Trunking > Call Rule
This account is used to direct your call to the correct remote peer device and to authenticate you. Select None to disable this forwarding rule. Click this to apply your settings to the ZyXEL Device. Click this to reset the fields. P-2602HWLNI User’s Guide...
Page 219: Voip Trunking Example: Voip To Pstn
IP address of the branch office ZyXEL Device. This must be a non-proxy IP address. The numbers are the phone numbers of the sales team members. This can be configured in the VoIP > Phone Book > Speed Dial screen. P-2602HWLNI User’s Guide Chapter 12 VoIP Trunking...
Page 220: Configuration Details: Incoming
This consists of a username and password. This account must match the username and password of the outgoing authentication account of the headquarters’ ZyXEL Device. This can be configured in the VoIP > Trunking > Peer Call screen. P-2602HWLNI User’s Guide...
Page 221: Call Progression
12.9 VoIP Trunking Example: PSTN to PSTN via VoIP This example shows how to configure a PSTN to PSTN call with a VoIP link. It also shows how call rules can be used to automate VoIP trunking. P-2602HWLNI User’s Guide Chapter 12 VoIP Trunking BRANCH OFFICE The remote peer device forwards the call to Sales1.
Page 222: Background Information
ZyXEL Device) for the PSTN caller to initiate VoIP trunking by dialing another number. It waits 3 seconds between dialing digits before it determines that the entire phone number is entered. These settings can be configured in the VoIP > Trunking > General screen. P-2602HWLNI User’s Guide...
Page 223: Figure 131 Pstn To Pstn Example: General Configuration
(“5555”) of “Sales1” telephone number. The account name is the name of the outgoing authentication account created in the Speed Dial screen (“CityB”). This setting can be configured in the VoIP > Trunking > Call Rule screen. P-2602HWLNI User’s Guide Chapter 12 VoIP Trunking...
Page 224: Configuration Details: Incoming
The call is initiated by the manager dialing into the headquarter’s ZyXEL Device via PSTN. In this scenario a VoIP link is established between headquarters and the branch office and then the call is forwarded to Sales1 using PSTN. P-2602HWLNI User’s Guide...
Page 225: Table 86 Pstn To Pstn: Voip Trunking Call Progression
The remote peer device confirms that the username and password match an account in its incoming authentication list. Sales1 picks up and the call commences. P-2602HWLNI User’s Guide Chapter 12 VoIP Trunking BRANCH OFFICE The remote peer device forwards the call to Sales1.
Page 226 Chapter 12 VoIP Trunking P-2602HWLNI User’s Guide...
Page 227: Phone Usage
The ZyXEL Device supports the following functions for internal calls: • Phone Book • Call Transfer • Call Forwarding P-2602HWLNI User’s Guide Phone Usage Section 11.16 on page 198) for peer-to-peer calls or SIP numbers Section 11.12 on page 191...
Page 228: Phone Book
When you hear the dial tone, dial “*01” followed by the number to which you want the call to be forwarded. When you do not need the follow me function, dial “#01” to cancel this rule. 191. Advanced > screen. P-2602HWLNI User’s Guide...
Page 229: Call Pickup
If newer firmware is available, the ZyXEL Device plays a recording when you pick up your phone’s handset. Press “*99#” to upgrade the ZyXEL Device’s firmware. Press “#99#” to not upgrade the ZyXEL Device’s firmware. P-2602HWLNI User’s Guide Chapter 13 Phone Usage...
Page 230 Chapter 13 Phone Usage P-2602HWLNI User’s Guide...
Page 231: Security
Security Firewalls (233) Firewall Configuration (245) Content Filtering (265) Introduction to IPSec (269) VPN Screens (275) Certificates (301)
Page 233: Firewalls
• Stateful Inspection Firewalls 14.2.1 Packet Filtering Firewalls Packet filtering firewalls restrict access based on the source/destination computer network address of a packet and the type of application. P-2602HWLNI User’s Guide Firewalls to configure default firewall settings. to view firewall rules.
Page 234: Application-Level Firewalls
FTP, and the World Wide Web. However, “inbound access” will not be allowed unless you configure remote management or create a firewall rule to allow a remote host to use a specific service. for more information on stateful inspection. P-2602HWLNI User’s Guide...
Page 235: Denial Of Service Attacks
If the person configuring or managing the computer is not careful, a hacker could attack it over an unprotected port. Some of the most common IP ports are: Table 87 Common IP Ports Telnet SMTP P-2602HWLNI User’s Guide HTTP POP3 Chapter 14 Firewalls...
Page 236: Types Of Dos Attacks
ACK comes back or when an internal timer (which is set at relatively long intervals) terminates the three-way handshake. Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable for legitimate users. P-2602HWLNI User’s Guide...
Page 237: Figure 137 Syn Flood
"intermediary" network, but will also congest the network of the spoofed source IP address, known as the "victim" network. This flood of broadcast traffic consumes all available bandwidth, making communications impossible. Figure 138 Smurf Attack P-2602HWLNI User’s Guide Chapter 14 Firewalls...
Page 238: Stateful Inspection
This “remembering” is called saving the state. When the outside system responds to your request, the firewall compares the received packets with the saved state to determine if they REDIRECT TIMESTAMP_REQUEST TIMESTAMP_REPLY ADDRESS_MASK_REQUEST ADDRESS_MASK_REPLY ETRN EXPN HELO SAML SEND SOML HELP MAIL NOOP TURN VRFY P-2602HWLNI User’s Guide...
Page 239: Stateful Inspection Process
WAN interface's inbound extended access list. This temporary access list entry is designed to permit inbound packets of the same connection as the outbound packet just inspected. 5 The outbound packet is forwarded out through the interface. P-2602HWLNI User’s Guide Chapter 14 Firewalls...
Page 240: Stateful Inspection On Your Zyxel Device
If an initiation packet originates on the WAN, this means that someone is trying to make a connection from the Internet into the LAN. Except in a few special cases (see "Upper Layer Protocols" shown next), these packets are dropped and logged. P-2602HWLNI User’s Guide...
Page 241: Udp/Icmp Security
Any protocol that operates in this way must be supported on a case-by-case basis. You can use the web configurator’s Custom Ports feature to do this. P-2602HWLNI User’s Guide Chapter 14 Firewalls...
Page 242: Guidelines For Enhancing Security With Your Firewall
• If you use “chat rooms” or IRC sessions, be careful with any information you reveal to strangers. • If your system starts exhibiting odd behavior, contact your ISP. Some hackers will set off hacks that cause your system to slowly become unstable or unusable. P-2602HWLNI User’s Guide...
Page 243: Packet Filtering Vs Firewall
• To prevent DoS attacks and prevent hackers cracking your network. • A range of source and destination IP addresses as well as port numbers can be specified within one firewall rule making the firewall a better choice when complex rules are required. P-2602HWLNI User’s Guide Chapter 14 Firewalls...
Page 244 • Use the firewall if you need routine e-mail reports about your system or need to be alerted when attacks occur. • The firewall can block specific URL traffic that might occur in the future. The URL can be saved in an Access Control List (ACL) database. P-2602HWLNI User’s Guide...
Page 245: Firewall Configuration
• WAN to WAN/ Router This prevents computers on the WAN from using the ZyXEL Device as a gateway to communicate with other computers on the WAN and/or managing the ZyXEL Device. P-2602HWLNI User’s Guide • WAN to LAN • WAN to WAN/ Router...
Page 246: Rule Logic Overview
Internet to the LAN, it is better to allow only certain machines on the Internet to access the LAN. 15.3.2 Security Ramifications 1 Once the logic of the rule has been defined, it is critical to consider the security ramifications created by the rule: P-2602HWLNI User’s Guide...
Page 247: Key Fields For Configuring Rules
LAN). Similarly, WAN to WAN/ Router and DMZ to DMZ/ Router polices apply in the same way to the WAN and DMZ ports. P-2602HWLNI User’s Guide Chapter 15 Firewall Configuration for more information on predefined services.
Page 248: Lan To Wan Rules
Click Security > Firewall to display the following screen. Activate the firewall by selecting the Active Firewall check box as seen in the following screen. Refer to Section 14.1 on page 233 Figure 140 Firewall: General Chapter 27 on page 387 for more information. P-2602HWLNI User’s Guide Figure 142...
Page 249: Firewall Rules Summary
Click Security > Firewall > Rules to bring up the following screen. This screen displays a list of the configured firewall rules. Note the order in which the rules are listed. P-2602HWLNI User’s Guide Chapter 15 Firewall Configuration directly to a LAN computer without passing through the router.
Page 250: Figure 141 Firewall Rules
(Reject) or allows the passage of packets (Permit). Schedule This field tells you whether a schedule is specified (Yes) or not (No). This field shows you whether a log is created when packets match this rule (Yes) or not (No). for more information. P-2602HWLNI User’s Guide...
Page 251: Configuring Firewall Rules
In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels. P-2602HWLNI User’s Guide Chapter 15 Firewall Configuration for more information.
Page 252: Figure 142 Firewall: Edit Rule
Select this option to enable this firewall rule. Use the drop-down list box to select whether to discard (Drop), deny and send an ICMP destination-unreachable message to the sender of (Reject) or allow the passage of (Permit) packets that match this rule. P-2602HWLNI User’s Guide...
Page 253 Click Back to return to the previous screen. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. P-2602HWLNI User’s Guide Chapter 15 Firewall Configuration Appendix E on page 475 for more information on services available.
Page 254: Customized Services
Click a rule number in the Firewall Customized Services screen to create a new custom port or edit an existing one. This action displays the following screen. Refer to Section 14.1 on page 233 Appendix E on page 475 for some examples. Click the Edit for more information. for more information. P-2602HWLNI User’s Guide...
Page 255: Example Firewall Rule
15.7 Example Firewall Rule The following Internet firewall rule example allows a hypothetical “MyService” connection from the Internet. 1 Click Security > Firewall > Rules. 2 Select WAN to LAN in the Packet Direction field. P-2602HWLNI User’s Guide Chapter 15 Firewall Configuration...
Page 256: Figure 145 Firewall Example: Rules
6 Click an index number to display the Customized Services Config screen and configure the screen as follows and click Apply. Figure 146 Edit Custom Port Example 7 Select Any in the Destination Address box and then click Delete. 8 Configure the destination address screen as follows and click Add. P-2602HWLNI User’s Guide...
Page 257: Figure 147 Firewall Example: Edit Rule: Destination Address
9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Custom services show up with an “*” before their names in the Services list box and the Rules list box. P-2602HWLNI User’s Guide...
Page 258: Figure 148 Firewall Example: Edit Rule: Select Customized Services
Figure 148 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN. P-2602HWLNI User’s Guide...
Page 259: Dos Thresholds
You should make any changes to the threshold values before you continue configuring firewall rules. P-2602HWLNI User’s Guide Chapter 15 Firewall Configuration to configure thresholds.
Page 260: Half-Open Sessions
The ZyXEL Device also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values specified for the threshold and timeout apply to all TCP connections. Click Firewall, and Threshold to bring up the next screen. Figure 136 on page 236). For UDP, "half-open" P-2602HWLNI User’s Guide...
Page 261: Figure 150 Firewall: Threshold
The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number. P-2602HWLNI User’s Guide Chapter 15 Firewall Configuration DEFAULT VALUES 80 existing half-open sessions. 100 half-open sessions per minute.
Page 262: Firewall Commands
100, and to stop deleting half-open sessions with the number of existing half- open sessions drops below 80. 30 existing half-open TCP sessions. to turn on P-2602HWLNI User’s Guide...
Page 263 P-2602HWLNI User’s Guide Commands DESCRIPTION Displays the firewall log type and count. Clears the firewall log count. Dumps the last 64 bytes of packets that the firewall has dropped. Displays the firewall’s dynamic rules.
Page 264 Chapter 15 Firewall Configuration P-2602HWLNI User’s Guide...
Page 265: Content Filtering
URL http://www.website.com/bad.html, even if it is not included in the Filter List. To have your ZyXEL Device block Web sites containing keywords in their URLs, click Security > Content Filter. The screen appears as shown. Figure 151 Content Filter: Keyword P-2602HWLNI User’s Guide Content Filtering...
Page 266: Configuring The Schedule
When you try to access a web page containing a keyword, you will get a message telling you that the content filter is blocking this request. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to return to the previously saved settings. P-2602HWLNI User’s Guide...
Page 267: Configuring Trusted Computers
Start IP Address End IP Address Apply Cancel P-2602HWLNI User’s Guide DESCRIPTION Type the single IP address of a computer (or the beginning IP address of a specific range of computers) on the LAN that you want to exclude from content filtering.
Page 268 Chapter 16 Content Filtering P-2602HWLNI User’s Guide...
Page 269: Introduction To Ipsec
"ciphertext" (scrambled text) using a "key". The key and clear text are processed by the encryption operation, which leads to the data scrambling that makes encryption secure. Decryption is the opposite of encryption: it is a mathematical operation that transforms “ciphertext” to plaintext. Decryption also requires a key. P-2602HWLNI User’s Guide Introduction to IPSec...
Page 270: Vpn Applications
LAN, remote users will be able to access all computers that use private IP addresses on the LAN. • Unsupported IP Applications A VPN tunnel may be created to add support for unsupported emerging IP applications. 17.2 IPSec Architecture The overall IPSec architecture is shown as follows. P-2602HWLNI User’s Guide...
Page 271: Ipsec Algorithms
Key management allows you to determine whether to use IKE (ISAKMP) or manual key configuration in order to set up a VPN. 17.3 Encapsulation The two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. P-2602HWLNI User’s Guide Chapter 17 Introduction to IPSec seeSection 18.2...
Page 272: Transport Mode
NAT is incompatible with the AH protocol in both Transport and Tunnel mode. An IPSec VPN using the AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted. P-2602HWLNI User’s Guide...
Page 273: Table 101 Vpn And Nat
"original header plus original payload," which is unchanged by a NAT device. Transport mode ESP with authentication is not compatible with NAT. Table 101 VPN and NAT SECURITY PROTOCOL P-2602HWLNI User’s Guide Chapter 17 Introduction to IPSec MODE Transport Tunnel...
Page 274 Chapter 17 Introduction to IPSec P-2602HWLNI User’s Guide...
Page 275: Vpn Screens
An added feature of the ESP is payload padding, which further protects communications by concealing the size of the packet being transmitted. P-2602HWLNI User’s Guide VPN Screens Chapter 27 on page 387 for information on...
Page 276: My Ip Address
160-bit digest to authenticate packet data. MD5 (default) MD5 (Message Digest 5) produces a 128-bit digest to authenticate packet data. SHA1 SHA1 (Secure Hash Algorithm) produces a 160-bit digest to authenticate packet data. for details on dial backup and traffic redirect. P-2602HWLNI User’s Guide...
Page 277: Dynamic Secure Gateway Address
Click Security and VPN to open the VPN Setup screen. This is a menu of your IPSec rules (tunnels). The IPSec summary menu is read-only. Edit a VPN by selecting an index number and then configuring its associated submenus. P-2602HWLNI User’s Guide Chapter 18 VPN Screens 297for configuration examples).
Page 278: Figure 158 Vpn Setup
Local Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Range. A (static) IP address and a subnet mask are displayed when the Local Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Subnet. P-2602HWLNI User’s Guide...
Page 279: Keep Alive
As a result, the VPN device at the receiving end finds a mismatch between the hash value and the data and assumes that the data has been maliciously altered. P-2602HWLNI User’s Guide Chapter 18 VPN Screens Section 18.12 on page...
Page 280: Remote Dns Server
DNS server, you must identify that DNS server. You cannot use DNS servers on the LAN or from the ISP since these DNS servers cannot resolve domain names to private IP addresses on the remote network Figure 159 on page MODE Transport Tunnel Transport Tunnel 280, when P-2602HWLNI User’s Guide...
Page 281: Id Type And Content
SAs. The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP address, domain name, or e-mail address. P-2602HWLNI User’s Guide (seeSection 18.12.1 on page (seeSection 18.18 on page 297...
Page 282: Id Type And Content Examples
The domain name or e-mail address that you use in the Content field is used for identification purposes only and does not need to be a real domain name or e-mail address. ZYXEL DEVICE B Local ID type: IP Local ID content: 1.1.1.2 Peer ID type: E-mail Peer ID content: tom@yourcompany.com P-2602HWLNI User’s Guide...
Page 283: Pre-Shared Key
18.11 Editing VPN Policies Click an Edit icon in the P-2602HWLNI User’s Guide ZYXEL DEVICE B Local ID type: IP Local ID content: 1.1.1.10...
Page 284: Figure 161 Edit Vpn Policies
NAT traversal, and the NAT routers have to forward UDP port 500 packets to the remote IPSec router behind the NAT router. Type up to 32 characters to identify this VPN policy. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces. P-2602HWLNI User’s Guide...
Page 285 IPSec router. When the Remote Address Type field is configured to Subnet, enter a (static) IP address on the network behind the remote IPSec router. P-2602HWLNI User’s Guide Chapter 18 VPN Screens...
Page 286 When there is a NAT router between the two IPSec routers. When you want the ZyXEL Device to distinguish between VPN connection requests that come in from remote IPSec routers with dynamic WAN IP addresses. for details on dial backup and P-2602HWLNI User’s Guide...
Page 287 Click Advanced to configure more detailed settings of your IKE key management. Back Click Back to return to the previous screen. Apply Click Apply to save your changes back to the ZyXEL Device. P-2602HWLNI User’s Guide Chapter 18 VPN Screens...
Page 288: Ike Phases
• Choose Tunnel mode or Transport mode. DESCRIPTION Click Cancel to begin configuring this screen afresh. Click Advanced Setup to configure more detailed settings of your IKE key management. Section 18.12.3 on page 289. Select None (the default) to disable P-2602HWLNI User’s Guide...
Page 289: Negotiation Mode
SA setup (by bypassing the Diffie-Hellman key exchange). 18.13 Configuring Advanced IKE Settings Click Advanced Setup in the P-2602HWLNI User’s Guide Edit VPN Policies screen to open this screen. Chapter 18 VPN Screens...
Page 290: Figure 163 Advanced Vpn Policies
If Remote Start Port is left at 0, End will also remain at 0. Select Main or Aggressive from the drop-down list box. Multiple SAs connecting through a secure gateway must have the same negotiation mode. P-2602HWLNI User’s Guide...
Page 291 SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower. Select MD5 for minimal security and SHA-1 for maximum security. P-2602HWLNI User’s Guide Chapter 18 VPN Screens...
Page 292: Manual Key Setup
Click Back to return to the previous screen. Click Apply to save your changes back to the ZyXEL Device and return to the VPN-IKE screen. Click Cancel to return to the VPN-IKE screen without saving your changes. P-2602HWLNI User’s Guide...
Page 293: Figure 164 Vpn: Manual Key
IKE key management. Type a number (base 10) from 1 to 999999 for the Security Parameter Index. Encapsulation Select Tunnel mode or Transport mode from the drop-down list box. Mode P-2602HWLNI User’s Guide Chapter 18 VPN Screens...
Page 294 (static) IP address, in a range of computers on the network behind the remote IPSec router. When the Remote Address Type field is configured to Subnet, enter a subnet mask on the network behind the remote IPSec router. P-2602HWLNI User’s Guide...
Page 295: Viewing Sa Monitor
A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections. Use Refresh to display active VPN connections. This screen is read-only. The following table describes the fields in this tab. P-2602HWLNI User’s Guide Chapter 18 VPN Screens Chapter 7 on page 101...
Page 296: Figure 165 Vpn: Sa Monitor
Disconnect Select one of the security associations, and then click Disconnect to stop that security association. Refresh Click Refresh to display the current active VPN connection(s). Section 18.6 on page 279on keep alive to have the ZyXEL P-2602HWLNI User’s Guide...
Page 297: Configuring Global Setting
WAN IP addresses of their IPSec routers. The telecommuters must all use the same IPSec parameters but the local IP addresses (or ranges of addresses) should not overlap. P-2602HWLNI User’s Guide DESCRIPTION NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that enable a computer to find other computers.
Page 298: Telecommuters Using Unique Vpn Rules Example
Telecommuter B: 192.168.3.2 Telecommuter C: 192.168.4.15 192.168.1.10 Section 18.12.1 on page HEADQUARTERS Public static IP address 0.0.0.0 With this IP address only the telecommuter can initiate the IPSec tunnel. 192.168.1.10 0.0.0.0 (N/A) 289), the ZyXEL Device can P-2602HWLNI User’s Guide...
Page 299: Figure 168 Telecommuters Using Unique Vpn Rules Example
Local ID Content: telecommuterb.com Local IP Address: 192.168.3.2 Telecommuter C (telecommuterc.dydns.org) Local ID Type: E-mail Local ID Content: myVPN@myplace.com Local IP Address: 192.168.4.15 P-2602HWLNI User’s Guide Chapter 18 VPN Screens HEADQUARTERS All Headquarters Rules: My IP Address: bigcompanyhq.com Local IP Address: 192.168.1.10 Local ID Type: E-mail Local ID Content: bob@bigcompanyhq.com...
Page 300: Vpn And Remote Management
Chapter 18 VPN Screens 18.19 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Remote Management) to allow access for that service. P-2602HWLNI User’s Guide...
Page 301: Certificates
A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has expired or been revoked. P-2602HWLNI User’s Guide Certificates...
Page 302: Advantages Of Certificates
Use the Trusted CAs screens to save CA certificates to the ZyXEL Device. Use the Trusted Remote Hosts screens to import self-signed certificates. Use the Directory Servers screen to configure a list of addresses of directory servers (that contain lists of valid and revoked certificates). P-2602HWLNI User’s Guide...
Page 303: My Certificates
This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country). It is recommended that each certificate have unique subject information. P-2602HWLNI User’s Guide Chapter 19 Certificates...
Page 304: My Certificate Import
Click Import to open a screen where you can save the certificate that you have enrolled from a certification authority from your computer to the ZyXEL Device. Click Refresh to display the current validity status of the certificates. P-2602HWLNI User’s Guide...
Page 305: Certificate File Formats
Type in the location of the file you want to upload in this field or click Browse to find it. Browse Click Browse to find the certificate file you want to upload. Back Click Back to return to the previous screen. P-2602HWLNI User’s Guide Chapter 19 Certificates...
Page 306: My Certificate Create
The domain name or e- mail address can be up to 31 ASCII characters. The domain name or e-mail address is for identification purposes only and can be any string. P-2602HWLNI User’s Guide...
Page 307 CA Server Address CA Certificate Request Authentication P-2602HWLNI User’s Guide DESCRIPTION Type up to 127 characters to identify the organizational unit or department to which the certificate owner belongs. You may use any character, including spaces, but the ZyXEL Device drops trailing spaces.
Page 308: My Certificate Details
Type the key that the certification authority gave you. Click Apply to begin certificate or certification request generation. Click Cancel to quit and return to the My Certificates screen. 303). Click the edit icon to open the My Certificate Details screen. Use P-2602HWLNI User’s Guide...
Page 309: Figure 173 My Certificate Details
Chapter 19 Certificates Figure 173 My Certificate Details P-2602HWLNI User’s Guide...
Page 310: Table 119 My Certificate Details
This field displays the type of algorithm that was used to generate the certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). P-2602HWLNI User’s Guide...
Page 311: Trusted Cas
ZyXEL Device to accept as trusted. The ZyXEL Device accepts any valid certificate signed by a certification authority on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certification authorities. P-2602HWLNI User’s Guide Chapter 19 Certificates...
Page 312: Figure 174 Trusted Cas
Lists for the certificates that it has issued and you have selected the Issues certificate revocation lists (CRL) check box in the certificate’s details screen to have the ZyXEL Device check the CRL before trusting any certificates issued by the certification authority. Otherwise the field displays “No”. P-2602HWLNI User’s Guide...
Page 313: Trusted Ca Import
Click Browse to find the certificate file you want to upload. Apply Click Apply to save the certificate on the ZyXEL Device. Cancel Click Cancel to quit and return to the Trusted CAs screen. P-2602HWLNI User’s Guide Chapter 19 Certificates...
Page 314: Trusted Ca Details
ZyXEL Device to check a certification authority’s list of revoked certificates before trusting a certificate issued by the certification authority. Figure 176 Trusted CA Details P-2602HWLNI User’s Guide...
Page 315: Table 122 Trusted Ca Details
This field displays the type of algorithm that was used to generate the certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). P-2602HWLNI User’s Guide Chapter 19 Certificates...
Page 316: Trusted Remote Hosts
ZyXEL Device to check the CRL that the certification authority issues before trusting a certificate issued by the certification authority. Click Cancel to quit and return to the Trusted CAs screen. P-2602HWLNI User’s Guide...
Page 317: Figure 177 Trusted Remote Hosts
Click Import to open a screen where you can save the certificate of a remote host (which you trust) from your computer to the ZyXEL Device. Refresh Click this button to display the current validity status of the certificates. P-2602HWLNI User’s Guide Chapter 19 Certificates...
Page 318: Verifying A Trusted Remote Host's Certificate
3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields. Figure 179 Certificate Details Verify (over the phone for example) that the remote host has the same information in the Thumbprint Algorithm and Thumbprint fields. P-2602HWLNI User’s Guide...
Page 319: Trusted Remote Hosts Import
Click Security > Certificates > Trusted Remote Hosts to open the Trusted Remote Hosts screen. Click the details icon to open the Trusted Remote Host Details screen. Use this screen to view in-depth information about the trusted remote host’s certificate and/or change the certificate’s name. P-2602HWLNI User’s Guide Chapter 19 Certificates...
Page 320: Figure 181 Trusted Remote Host Details
Chapter 19 Certificates Figure 181 Trusted Remote Host Details P-2602HWLNI User’s Guide...
Page 321: Table 125 Trusted Remote Host Details
Subject Alternative Name Key Usage Basic Constraint P-2602HWLNI User’s Guide DESCRIPTION This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces).
Page 322: Directory Servers
Click Apply to save your changes back to the ZyXEL Device. You can only change the name of the certificate. Click Cancel to quit configuring this screen and return to the Trusted Remote Hosts screen. for how to verify a remote host’s for how to verify a remote host’s P-2602HWLNI User’s Guide...
Page 323: Directory Server Add And Edit
Click Security > Certificates > Directory Servers to open the Directory Servers screen. Click Add (or the details icon) to open the Directory Server Add screen. Use this screen to configure information about a directory server that the ZyXEL Device can access. P-2602HWLNI User’s Guide Chapter 19 Certificates...
Page 324: Figure 183 Directory Server Add And Edit
Type the password (up to 31 ASCII characters) from the entity maintaining the directory server (usually a certification authority). Click Back to return to the Directory Servers screen. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to quit configuring this screen. P-2602HWLNI User’s Guide...
Page 325: Advanced
Advanced Static Route (327) Bandwidth Management (331) Dynamic DNS Setup (339) Remote Management Configuration (343) Universal Plug-and-Play (UPnP) (361)
Page 327: Static Route
ZyXEL Device about the networks beyond the remote nodes. Figure 184 Example of Static Routing Topology 20.2 Configuring Static Route Click Advanced > Static Route to open the Static Route screen. P-2602HWLNI User’s Guide Static Route...
Page 328: Static Route Edit
Click this to return to the previously saved configuration. 20.2.1 Static Route Edit Select a static route index number and click Edit. The screen shown next appears. Use this screen to configure the required information for a static route. P-2602HWLNI User’s Guide...
Page 329: Figure 186 Static Route Edit
Back Click Back to return to the previous screen without saving. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2602HWLNI User’s Guide Chapter 20 Static Route...
Page 330 Chapter 20 Static Route P-2602HWLNI User’s Guide...
Page 331: Bandwidth Management
Time-sensitive applications include both those that require a low level of latency (delay) and a low level of jitter (variations in delay) such as Voice over IP or Internet gaming, and those for which jitter alone is a problem such as Internet radio or streaming video. P-2602HWLNI User’s Guide...
Page 332: Subnet-Based Bandwidth Management
The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 187 Subnet-based Bandwidth Management Example TIME TYPICAL PACKET SIZE SENSITIVITY (BYTES) High < 250 High 60 ~ 90 Medium 300 ~ 600 1500 ATC PRIORITY ATC_High ATC_Medium ATC_Low P-2602HWLNI User’s Guide...
Page 333: Application And Subnet-Based Bandwidth Management
Click Advanced > Bandwidth MGMT to open the screen as shown next. Use this screen to enable or disable bandwidth management, and to enable or disable automatic traffic classification. Figure 188 Bandwidth Management: General P-2602HWLNI User’s Guide Chapter 21 Bandwidth Management FROM SUBNET A FROM SUBNET B...
Page 334: Bandwidth Management Rule Setup
Select a service for your rule or you can select User define to go to the screen where you can define your own. Select a priority from the drop down list box. Choose High, Mid or Low. P-2602HWLNI User’s Guide...
Page 335: Rule Configuration
Use bandwidth rules to allocate specific amounts of bandwidth capacity (bandwidth budgets) to specific applications and/or subnets. Figure 190 Bandwidth Management Rule Configuration Appendix E on page 475 P-2602HWLNI User’s Guide Chapter 21 Bandwidth Management for a list of commonly-used services.
Page 336: Table 136 Bandwidth Management Rule Configuration
Enter the destination subnet mask. This field is N/A if you do not specify a Source Address. Refer to the appendix for more information on IP subnetting. A blank source port means any source port number. Appendix E on page 475 for some P-2602HWLNI User’s Guide...
Page 337: Bandwidth Monitor
The gray section of the bar represents the percentage of unused bandwidth and the blue color represents the percentage of bandwidth in use. Figure 191 Bandwidth Management: Monitor P-2602HWLNI User’s Guide Chapter 21 Bandwidth Management Appendix E on page 475 for some...
Page 338 Chapter 21 Bandwidth Management P-2602HWLNI User’s Guide...
Page 339: Dynamic Dns Setup
Section 22.2 on page 339 22.2 Configuring Dynamic DNS To change your ZyXEL Device’s DDNS, click Advanced > Dynamic DNS. The screen appears as shown. Section 22.1 on page 339 P-2602HWLNI User’s Guide Dynamic DNS Setup for configuration instruction. for more information.
Page 340: Figure 192 Dynamic Dns
Check with your Dynamic DNS service provider to have traffic redirected to a URL (that you can specify) while you are off line. IP Address Update Policy Use WAN IP Select this option to update the IP address of the host name(s) to the WAN IP Address address. P-2602HWLNI User’s Guide...
Page 341 Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2602HWLNI User’s Guide address if there is an HTTP proxy server between the ZyXEL Device and the DDNS server. Chapter 22 Dynamic DNS Setup...
Page 342 Chapter 22 Dynamic DNS Setup P-2602HWLNI User’s Guide...
Page 343: Remote Management Configuration
WAN, you still need to configure a firewall rule to allow access. You may manage your ZyXEL Device from a remote location via: • Internet (WAN only) • ALL (LAN and WAN) • LAN only, • Neither (Disable). P-2602HWLNI User’s Guide Remote Management Configuration...
Page 344: Remote Management Limitations
There is a default system management idle timeout of five minutes (three hundred seconds). The ZyXEL Device automatically logs you out if the management session remains idle for longer than this timeout period. The management session does not time out when a statistics screen is polling. P-2602HWLNI User’s Guide...
Page 345: Introduction To Https
Figure 194 HTTPS Implementation If you disable HTTP Server Access (Disable) in the REMOTE MGMT HTTP screen, then the ZyXEL Device blocks all HTTP connection attempts. P-2602HWLNI User’s Guide Chapter 23 Remote Management Configuration Chapter 19 on page 301 for more...
Page 346: Http
ZyXEL Device, for example 8443, then you must notify people who need to access the ZyXEL Device web configurator to use “https://ZyXEL Device IP Address:8443” as the URL. on importing certificates for details). Section Chapter 19 on P-2602HWLNI User’s Guide...
Page 347: Telnet
Telnet from a computer on a remote network to access the ZyXEL Device. Figure 196 Telnet Configuration on a TCP/IP Network 23.5 Configuring Telnet Click Advanced > Remote MGMT > Telnet tab to display the screen as shown. P-2602HWLNI User’s Guide Chapter 23 Remote Management Configuration...
Page 348: Configuring Ftp
Section 29.7 on page 413 have an FTP client. To change your ZyXEL Device’s FTP settings, click Advanced > Remote MGMT > FTP tab. The screen appears as shown. for details. To use this feature, your computer must P-2602HWLNI User’s Guide...
Page 349: Snmp
ZyXEL Device through the network. The ZyXEL Device supports SNMP version one (SNMPv1) and version two (SNMPv2). The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. P-2602HWLNI User’s Guide Chapter 23 Remote Management Configuration...
Page 350: Supported Mibs
• Trap - Used by the agent to inform the manager of some events. 23.7.1 Supported MIBs The ZyXEL Device supports MIB II, which is defined in RFC-1213 and RFC-1215. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. P-2602HWLNI User’s Guide...
Page 351: Snmp Traps
To change your ZyXEL Device’s SNMP settings, click Advanced > Remote MGMT > SNMP. The screen appears as shown. Figure 200 Remote Management: SNMP P-2602HWLNI User’s Guide Chapter 23 Remote Management Configuration DESCRIPTION A trap is sent after booting (power on).
Page 352: Configuring Dns
Type the IP address of the station to send your SNMP traps to. Click Apply to save your customized settings and exit this screen. Click Cancel to begin configuring this screen afresh. Chapter 8 on page 117 for background information. P-2602HWLNI User’s Guide...
Page 353: Configuring Icmp
This keeps outsiders from discovering your ZyXEL Device when unsupported ports are probed. If you want your device to respond to pings and requests for unauthorized services, you may also need to configure the firewall anti probing settings to match. P-2602HWLNI User’s Guide Chapter 23 Remote Management Configuration...
Page 354: Ssh
In the following figure, computer A on the Internet uses SSH to securely connect to the WAN port of the ZyXEL Device for a management session. P-2602HWLNI User’s Guide...
Page 355: How Ssh Works
After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server. P-2602HWLNI User’s Guide Chapter 23 Remote Management Configuration...
Page 356: Ssh Implementation On The Zyxel Device
My Certificates screen (Click My Certificates and see Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management. for details). Section 19.4 on page P-2602HWLNI User’s Guide...
Page 357: Secure Telnet Using Ssh Examples
This section describes how to access the ZyXEL Device using the OpenSSH client program that comes with most Linux distributions. 1 Test whether the SSH service is available on the ZyXEL Device. P-2602HWLNI User’s Guide Chapter 23 Remote Management Configuration...
Page 358: Secure Ftp Using Ssh Example
ZyXEL Device. Type “yes” and press [ENTER]. 2 Enter the password to login to the ZyXEL Device. 3 Use the “put” command to upload a new firmware to the ZyXEL Device. P-2602HWLNI User’s Guide...
Page 359: Figure 209 Secure Ftp: Firmware Upload Example
Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.1' (RSA1) to the list of known hosts. Administrator@192.168.1.1's password: sftp> put firmware.bin ras Uploading firmware.bin to /ras Read from remote host 192.168.1.1: Connection reset by peer Connection closed P-2602HWLNI User’s Guide...
Page 360 Chapter 23 Remote Management Configuration P-2602HWLNI User’s Guide...
Page 361: Universal Plug-And-Play (Upnp)
The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. P-2602HWLNI User’s Guide for configuration instructions.
Page 362: Upnp And Zyxel
ZyXEL Device, for example by using NAT traversal, UPnP applications automatically reserve a NAT forwarding port in order to communicate with another UPnP enabled device; this eliminates the need to manually configure port forwarding for the UPnP enabled application. P-2602HWLNI User’s Guide...
Page 363: Installing Upnp In Windows Example
Figure 211 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. P-2602HWLNI User’s Guide Chapter 24 Universal Plug-and-Play (UPnP) DESCRIPTION Select this check box to allow traffic from UPnP-enabled applications to bypass the firewall.
Page 364: Figure 212 Add/Remove Programs: Windows Setup: Communication: Components
3 In the Network Connections window, click Advanced in the main menu and select Optional Networking Components …. Figure 213 Network Connections 4 The Windows Optional Networking Components Wizard window displays. Select Networking Service in the Components selection box and click Details. P-2602HWLNI User’s Guide...
Page 365: Figure 214 Windows Optional Networking Components Wizard
5 In the Networking Services window, select the Universal Plug and Play check box. Figure 215 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. P-2602HWLNI User’s Guide Chapter 24 Universal Plug-and-Play (UPnP)
Page 366: Using Upnp In Windows Xp Example
1 Click Start and Control Panel. Double-click Network Connections. An icon displays under Internet Gateway. 2 Right-click the icon and select Properties. Figure 216 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. P-2602HWLNI User’s Guide...
Page 367: Figure 217 Internet Connection Properties
Chapter 24 Universal Plug-and-Play (UPnP) Figure 217 Internet Connection Properties 4 You may edit or delete the port mappings or click Add to manually add port mappings. P-2602HWLNI User’s Guide...
Page 368: Figure 218 Internet Connection Properties: Advanced Settings
5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. 6 Select Show icon in notification area when connected option and click OK. An icon displays in the system tray. P-2602HWLNI User’s Guide...
Page 369: Figure 220 System Tray Icon
ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. P-2602HWLNI User’s Guide Chapter 24 Universal Plug-and-Play (UPnP)
Page 370: Figure 222 Network Connections
Chapter 24 Universal Plug-and-Play (UPnP) Figure 222 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays. P-2602HWLNI User’s Guide...
Page 371: Figure 223 Network Connections: My Network Places
Figure 223 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 224 Network Connections: My Network Places: Properties: Example P-2602HWLNI User’s Guide...
Page 372 Chapter 24 Universal Plug-and-Play (UPnP) P-2602HWLNI User’s Guide...
Page 373: Maintenance And Troubleshooting
Maintenance and Troubleshooting System (375) Call History (381) Logs (387) Troubleshooting (401) Tools (407) Diagnostic (419) Product Specifications (423)
Page 375: System
DHCP from the ISP is used. While you must enter the host name (System Name), the domain name can be assigned from the ZyXEL Device via DHCP. Click Maintenance > System to open the General screen. P-2602HWLNI User’s Guide System...
Page 376: Figure 225 System General Setup
ZyXEL Device. Retype to Type the new password again for confirmation. Confirm Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2602HWLNI User’s Guide...
Page 377: Time Setting
Each time you reload this page, the ZyXEL Device synchronizes the time with the time server. Current Date This field displays the date of your ZyXEL Device. Each time you reload this page, the ZyXEL Device synchronizes the date with the time server. Time and Date Setup P-2602HWLNI User’s Guide Chapter 25 System...
Page 378 Last, Sunday, March. The time you type in the o'clock field depends on your time zone. In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). P-2602HWLNI User’s Guide...
Page 379 In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. P-2602HWLNI User’s Guide Chapter 25 System...
Page 380 Chapter 25 System P-2602HWLNI User’s Guide...
Page 381: Call History
Use the Summary screen to see the duration and packet statistics of incoming and outgoing PSTN calls and VoIP calls in the following time periods: today, yesterday, last week and last month. Click Maintenance > Call History > Summary. The following screen displays. P-2602HWLNI User’s Guide Call History...
Page 382: Viewing Call History
Click a column heading to sort the entries. A triangle indicates ascending or descending sort order. The ZyXEL Device records up to 150 phone calls and clears old records after it fills. Click Maintenance > Call History > Call History. The following screen displays. P-2602HWLNI User’s Guide...
Page 383: Figure 228 Call History > Call History
This field displays the number of packets transmitted during this phone call. Rs Packets This field displays the number of packets received during this phone call. Interface This field displays the interface used to make this phone call. P-2602HWLNI User’s Guide Chapter 26 Call History...
Page 384: Configuring Call History Settings
To change your ZyXEL Device’s call history settings, click Maintenance > Call History > Call History Settings. The screen appears as follows. Figure 229 Call History > Call History Settings P-2602HWLNI User’s Guide...
Page 385: Table 151 Call History > Call History Settings
For example, enter “5” as the start date of every month. You have a list of phone call records of one single month from 5th of the current month till 4th of next month. P-2602HWLNI User’s Guide Chapter 26 Call History...
Page 386 Chapter 26 Call History Table 151 Call History > Call History Settings LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to return to the previously saved settings. P-2602HWLNI User’s Guide...
Page 387: Logs
Log entries in red indicate alerts. The log wraps around and deletes the old entries after it fills. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order. P-2602HWLNI User’s Guide Logs Section 27.3 on page...
Page 388: Configuring Log Settings
Alerts are e-mailed as soon as they happen. Logs may be e-mailed as soon as the log is full. Selecting many alert and/or log categories (especially Access Control) may result in many e- mails being sent. Section 27.1 on page 387 for more information. P-2602HWLNI User’s Guide...
Page 389: Figure 231 Log Settings
ZyXEL Device sends. Not all ZyXEL Device models have this field. Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail. P-2602HWLNI User’s Guide Chapter 27 Logs...
Page 390: Smtp Error Messages
Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to return to the previously saved settings. 27.4 SMTP Error Messages If there are difficulties in sending e-mail the following error message appears. Daily Weekly Hourly When Log is Full None. P-2602HWLNI User’s Guide...
Page 391: Example E-Mail Log
127|Apr 7 00 |From:192.168.1.131 | 10:05:17 |UDP src port:00520 dest port:00520 128|Apr 7 00 |From:192.168.1.1 | 10:05:30 |UDP src port:00520 dest port:00520 End of Firewall Log P-2602HWLNI User’s Guide To:192.168.1.255 |default policy |<1,00> To:192.168.1.255 |default policy |<1,00> To:10.10.10.10 |match |<1,01>...
Page 392: Log Descriptions
Someone has failed to log on to the router’s SSH server. Someone has logged on to the router's web configurator interface using HTTPS protocol. Someone has failed to log on to the router's web configurator interface using HTTPS protocol. P-2602HWLNI User’s Guide...
Page 393: Table 156 System Error Logs
Peer TCP state out of order, sent TCP RST Firewall session time out, sent TCP RST P-2602HWLNI User’s Guide DESCRIPTION This attempt to create a NAT session exceeds the maximum number of NAT session table entries allowed to be created per host.
Page 394: Table 159 Packet Filter Logs
(3 is for dial-up, 6 is for PPPoE, 10 is for PPTP). "channel" or “ch” is the call channel ID.For example,"board 0 line 0 channel 0, call 3, C01 Outgoing Call dev=6 ch=0 "Means the router has dialed to the PPPoE server 3 times. P-2602HWLNI User’s Guide...
Page 395: Table 162 Ppp Logs
[ TCP | UDP | IGMP | ESP | GRE | OSPF ] land ICMP (type:%d, code:%d) P-2602HWLNI User’s Guide DESCRIPTION The PPPoE, PPTP or dial-up call is connected. The PPPoE, PPTP or dial-up call was disconnected. DESCRIPTION The PPP connection’s Link Control Protocol stage has started.
Page 396: Table 166 802.1X Logs
The local user database only supports the EAP-MD5 method. A user tried to use another authentication method and was not authenticated. The router logged out a user whose session expired. The router logged out a user who ended the session. P-2602HWLNI User’s Guide...
Page 397: Table 167 Acl Setting Notes
A packet that needed fragmentation was dropped because it was set to Don't Fragment (DF) Source route failed Source Quench P-2602HWLNI User’s Guide DESCRIPTION The router logged out a user from which there was no authentication response. The router logged out a user whose idle timeout period expired.
Page 398: Table 169 Syslog Logs
DESCRIPTION The listed SIP account was successfully registered with a SIP register server. An attempt to register the listed SIP account with a SIP register server was not successful. P-2602HWLNI User’s Guide...
Page 399: Table 171 Rtp Logs
Table 174 PSTN Logs LOG MESSAGE PSTN Call Start PSTN Call End PSTN Call Established P-2602HWLNI User’s Guide DESCRIPTION The listed SIP account’s registration was deleted from the SIP register server. An attempt to delete the listed SIP account’s registration from the SIP register server failed.
Page 400: Table 175 Rfc-2408 Isakmp Payload Types
RFC 2408 for detailed information on each type. Table 175 RFC-2408 ISAKMP Payload Types LOG DISPLAY PROP TRANS CER_REQ HASH NONCE NOTFY PAYLOAD TYPE Security Association Proposal Transform Key Exchange Identification Certificate Certificate Request Hash Signature Nonce Notification Delete Vendor ID P-2602HWLNI User’s Guide...
Page 401: Troubleshooting
2 Check the hardware connections. See the Quick Start Guide. 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Turn the ZyXEL Device off and on. 5 If the problem continues, contact the vendor. P-2602HWLNI User’s Guide Troubleshooting Section 1.5 on page...
Page 402: Zyxel Device Access And Login
(Section 8.4.1 on page 123), make sure your computer is in the Appendix A on page 435. Your ZyXEL Device is a DHCP Appendix A on page Section 1.6 Section 1.6 118), use the new IP address. 435. P-2602HWLNI User’s Guide...
Page 403 See the troubleshooting suggestions for configurator. Ignore the suggestions about your browser. P-2602HWLNI User’s Guide Section 1.6 on page I cannot see or access the Login screen in the web I cannot see or access the Login screen in the web...
Page 404: Internet Access
Advanced Suggestions • Check the settings for bandwidth management. If it is disabled, you might consider activating it. If it is enabled, you might consider changing the allocations. Section 1.5 on page Section 1.5 on page P-2602HWLNI User’s Guide Section 1.5...
Page 405: Phone Calls And Voip
Phone 1 to use SIP account 1 and set Phone 2 to use SIP account 2, then you can use Phone 1 to call to SIP account 2's SIP number or Phone 2 to call to SIP account 1's SIP number. P-2602HWLNI User’s Guide Chapter 28 Troubleshooting...
Page 406 Chapter 28 Troubleshooting P-2602HWLNI User’s Guide...
Page 407: Tools
DHCP Setup, TCP/IP Setup, etc. It arrives from ZyXEL with a “rom” filename extension. Once you have customized the ZyXEL Device's settings, they can be saved back to your computer under a filename of your choosing. P-2602HWLNI User’s Guide Tools...
Page 408: File Maintenance Over Wan
ROM file system, including your ZyXEL Device configurations, system-related data (including the default password), the error log and the trace log. This is the generic name for the ZyNOS firmware on the ZyXEL Device. P-2602HWLNI User’s Guide DESCRIPTION *.rom *.bin...
Page 409: Firmware Upgrade Screen
Click Upload to begin the upload process. This process may take up to two minutes. After you see the Firmware Upload in Progress screen, wait two minutes before logging into the ZyXEL Device again. P-2602HWLNI User’s Guide for upgrading firmware using FTP/TFTP commands. Chapter 29 Tools...
Page 410: Backup And Restore
Section 29.7 on page 413 using FTP/TFTP commands. Click Maintenance > Tools > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next. Section 29.8 on page 416 for transferring configuration files P-2602HWLNI User’s Guide...
Page 411: Backup Configuration
Do not turn off the ZyXEL Device while configuration file upload is in progress. After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. P-2602HWLNI User’s Guide Chapter 29 Tools...
Page 412: Reset To Factory Defaults
Click the Reset button to clear all user-entered configuration information and return the ZyXEL Device to its factory defaults. The following warning screen appears. Figure 241 Reset Warning Message for details on how to set up your computer’s IP address. P-2602HWLNI User’s Guide...
Page 413: Restart
6 Use “ ” to transfer files from the ZyXEL Device to the computer, for example, “ rom-0 config.rom P-2602HWLNI User’s Guide Section 1.6 on page 47 for more information on the RESET button. ” transfers the configuration file on the ZyXEL Device to your...
Page 414: Ftp Command Configuration Backup Example
ISP or service administrator has enabled this option. Normal. The server requires a unique User ID and Password to login. Transfer files in either ASCII (plain text format) or in binary mode. Specify the default remote directory (path). Specify the default local directory (path). P-2602HWLNI User’s Guide...
Page 415: Tftp Command Configuration Backup Example
Stop transfer of the file. Refer to Section 29.3 on page 408 over WAN. P-2602HWLNI User’s Guide ” to disable the management idle timeout, so the TFTP sys stdio 0 sys stdio 5” ” to transfer from the ZyXEL Device to the computer and ”...
Page 416: Using Ftp Or Tftp To Restore Configuration
FTP is the preferred method for uploading the firmware and configuration. To use this feature, your computer must have an FTP client. The following sections give examples of how to upload the firmware and the configuration files. to read about configurations that disallow TFTP and FTP P-2602HWLNI User’s Guide...
Page 417: Ftp File Upload Command From The Dos Prompt Example
1 Use telnet from your computer to connect to the device and log in. Because TFTP does not have any security checks, the device records the IP address of the telnet client and accepts TFTP requests only from this address. P-2602HWLNI User’s Guide to read about configurations that disallow TFTP and FTP Chapter 29 Tools...
Page 418: Tftp Upload Command Example
– name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the device). Commands that you may see in GUI-based TFTP clients are listed earlier in this chapter. P-2602HWLNI User’s Guide...
Page 419: Diagnostic
Type the IP address of a computer that you want to ping in order to test a connection. Address Ping Click this button to ping the IP address that you entered. 30.2 DSL Line Diagnostic Click Maintenance > Diagnostic > DSL Line to open the screen shown next. P-2602HWLNI User’s Guide Diagnostic...
Page 420: Figure 248 Diagnostic: Dsl Line
PVC with proper VPIs/VCIs before you begin this test. The ZyXEL Device sends an OAM F5 packet to the DSLAM/ATM switch and then returns it (loops it back) to the ZyXEL Device. The ATM loopback test is useful for troubleshooting problems with the DSLAM and ATM network. P-2602HWLNI User’s Guide...
Page 421 Capture All Logs Click this button to display information and statistics about your ZyXEL Device’s ATM statistics, DSL connection statistics, DHCP settings, firmware version, WAN and gateway IP address, VPI/VCI and LAN IP address. P-2602HWLNI User’s Guide Chapter 30 Diagnostic...
Page 422 Chapter 30 Diagnostic P-2602HWLNI User’s Guide...
Page 423: Product Specifications
Default Subnet Mask Default Password DHCP Server IP Pool Static DHCP Addresses Content Filtering Static Routes P-2602HWLNI User’s Guide DESCRIPTION 168 x 37 x 248 mm 390g 18VDC 1A Four auto-negotiating, auto MDI/MDI-X 10/100 Mbps RJ-45 Ethernet ports 2 RJ-11 FXS POTS ports.
Page 424 This allows you to decide whether a service (HTTP or FTP traffic for example) from a computer on a network (LAN or WAN for example) can access the ZyXEL Device. P-2602HWLNI User’s Guide...
Page 425 IP Policy Routing (IPPR) Traditionally, routing is based on the destination address only and the router Packet Filters P-2602HWLNI User’s Guide Once you connect and turn on the device, it automatically detects the Internet connection settings (such as the VCI/VPI numbers and the encapsulation method) from the ISP and makes the necessary configuration changes.
Page 426 Prevent Denial of Service attacks such as Ping of Death, SYN Flood, LAND, Smurf etc. Access Control of Service Content Filtering IP & Generic Packet Filtering Real time Attack Alerts and Logs Reports and logs SIP ALG passthrough P-2602HWLNI User’s Guide...
Page 427: Voice Specifications
With call return, you can place a call to the last number that called you (either answered or missed). The last incoming call can be through either SIP or PSTN. P-2602HWLNI User’s Guide Port Forwarding 1024 NAT sessions Multimedia application...
Page 428 Your device has a REN of three, so it can support three devices per telephone port. The built-in adaptive buffer helps to smooth out the variations in delay (jitter) for voice traffic. This helps ensure good voice quality for your conversations. P-2602HWLNI User’s Guide...
Page 429: Wireless Features (Wireless Devices Only)
IEEE 802.11g+ Wireless LAN External Antenna Wireless LAN MAC Address Filtering P-2602HWLNI User’s Guide Chapter 31 Product Specifications Your device supports IEEE 802.11g+ to allow any ZyXEL WLAN devices that also support IEEE 802.1g+ to associate with the ZyXEL Device at higher transmission speeds than with standard IEEE 802.11g.
Page 430: Ieee 802.11G Wireless Lan
Store up to 32 built-in user profiles using EAP-MD5 (Local User Database) External RADIUS server using EAP-MD5, TLS, TTLS OTIST (ZyXEL's One-Touch Intelligent Security Technology) MODULATION DBPSK (Differential Binary Phase Shift Keyed) DQPSK (Differential Quadrature Phase Shift Keying P-2602HWLNI User’s Guide...
Page 431: Power Adaptor Specifications
Safety Standards UNITED KINGDOM PLUG STANDARDS AC Power Adapter Model Input Power Output Power Power Consumption Safety Standards P-2602HWLNI User’s Guide MODULATION CCK (Complementary Code Keying) OFDM (Orthogonal Frequency Division Multiplexing) OEM (Original Equipment Manufacturer) ADS18B-W 180100 AC 100~240Volts/50/60Hz/0.5A DC 18Volts/1A...
Page 432 Chapter 31 Product Specifications P-2602HWLNI User’s Guide...
Page 433: Appendices And Index
VIII Appendices and Index Setting up Your Computer’s IP Address (435) Pop-up Windows, JavaScripts and Java Permissions (447) IP Addresses and Subnetting (453) Wireless LANs (461) Services (475) Legal Information (479) Customer Support (483) Index (489)
Page 435: Appendix A Setting Up Your Computer's Ip Address
If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the ZyXEL Device's LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window P-2602HWLNI User’s Guide Address...
Page 436: Figure 249 Windows 95/98/Me: Network: Configuration
2 Select Client and then click Add. 3 Select Microsoft from the list of manufacturers. 4 Select Client for Microsoft Networks from the list of network clients and then click 5 Restart your computer so the changes you made take effect. P-2602HWLNI User’s Guide...
Page 437: Figure 250 Windows 95/98/Me: Tcp/Ip Properties: Ip Address
• If you do not know your DNS information, select Disable DNS. • If you know your DNS information, select Enable DNS and type the information in the fields below (you may not need to fill them all in). P-2602HWLNI User’s Guide Appendix A Setting up Your Computer’s IP Address...
Page 438: Figure 251 Windows 95/98/Me: Tcp/Ip Properties: Dns Configuration
2 In the Run window, type "winipcfg" and then click OK to open the IP Configuration window. 3 Select your network adapter. You should see your computer's IP address, subnet mask and default gateway. Windows 2000/NT/XP 1 For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. P-2602HWLNI User’s Guide...
Page 439: Figure 252 Windows Xp: Start Menu
2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 253 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. P-2602HWLNI User’s Guide Appendix A Setting up Your Computer’s IP Address...
Page 440: Figure 254 Windows Xp: Control Panel: Network Connections: Properties
• If you have a dynamic IP address click Obtain an IP address automatically. • If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields. Click Advanced. P-2602HWLNI User’s Guide...
Page 441: Figure 256 Windows Xp: Advanced Tcp/Ip Settings
• If you know your DNS server IP address(es), click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields. P-2602HWLNI User’s Guide Appendix A Setting up Your Computer’s IP Address...
Page 442: Figure 257 Windows Xp: Internet Protocol (Tcp/Ip) Properties
Network Connections, right-click a network connection, click Status and then click the Support tab. Macintosh OS 8/9 1 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. " and then press [ENTER]. You can ipconfig P-2602HWLNI User’s Guide...
Page 443: Figure 258 Macintosh Os 8/9: Apple Menu
Figure 258 Macintosh OS 8/9: Apple Menu 2 Select Ethernet built-in from the Connect via list. Figure 259 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. P-2602HWLNI User’s Guide Appendix A Setting up Your Computer’s IP Address...
Page 444: Figure 260 Macintosh Os X: Apple Menu
2 Click Network in the icon bar. • Select Automatic from the Location list. • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. 3 For dynamically assigned settings, select Using DHCP from the Configure list. P-2602HWLNI User’s Guide...
Page 445: Figure 261 Macintosh Os X: Network
5 Click Apply Now and close the window. 6 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the Network window. P-2602HWLNI User’s Guide Appendix A Setting up Your Computer’s IP Address...
Page 446 Appendix A Setting up Your Computer’s IP Address P-2602HWLNI User’s Guide...
Page 447: Appendix B Pop-Up Windows, Javascripts And Java Permissions
1 In Internet Explorer, select Tools, Pop-up Blocker and then select Turn Off Pop-up Blocker. Figure 262 Pop-up Blocker You can also check if pop-up blocking is disabled in the Pop-up Blocker section in the Privacy tab. 1 In Internet Explorer, select Tools, Internet Options, Privacy. P-2602HWLNI User’s Guide...
Page 448: Figure 263 Internet Options: Privacy
Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. P-2602HWLNI User’s Guide...
Page 449: Figure 264 Internet Options: Privacy
3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.167.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 265 Pop-up Blocker Settings P-2602HWLNI User’s Guide Appendix B Pop-up Windows, JavaScripts and Java Permissions...
Page 450: Figure 266 Internet Options: Security
3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window. P-2602HWLNI User’s Guide...
Page 451: Figure 267 Security Settings - Java Scripting
3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Figure 268 Security Settings - Java P-2602HWLNI User’s Guide Appendix B Pop-up Windows, JavaScripts and Java Permissions...
Page 452: Figure 269 Java (Sun)
1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for <applet> under Java (Sun) is selected. 3 Click OK to close the window. Figure 269 Java (Sun) P-2602HWLNI User’s Guide...
Page 453: Appendix C Ip Addresses And Subnetting
Therefore, each octet has a possible range of 00000000 to 11111111 in binary, or 0 to 255 in decimal. The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. P-2602HWLNI User’s Guide...
Page 454: Figure 270 Network Number And Host Id
For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes. 1ST OCTET: OCTET: OCTET: (192) (168) 11000000 10101000 00000001 11111111 11111111 11111111 11000000 10101000 00000001 4TH OCTET 00000010 00000000 00000010 P-2602HWLNI User’s Guide...
Page 455: Table 190 Subnet Masks
255.255.255.128. The following table shows some possible subnet masks using both notations. Table 192 Alternative Subnet Mask Notation ALTERNATIVE SUBNET MASK NOTATION 255.255.255.0 255.255.255.128 P-2602HWLNI User’s Guide Appendix C IP Addresses and Subnetting 4TH OCTET OCTET OCTET 00000000 00000000 00000000...
Page 456: Figure 271 Subnetting Example: Before Subnetting
192.168.1.0 /25 and 192.168.1.128 /25. The following figure shows the company network after subnetting. There are now two sub- networks, A and B. ALTERNATIVE LAST OCTET NOTATION (BINARY) 1100 0000 1110 0000 1111 0000 1111 1000 1111 1100 LAST OCTET (DECIMAL) P-2602HWLNI User’s Guide...
Page 457: Figure 272 Subnetting Example: After Subnetting
IP Address (Decimal) IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.63 P-2602HWLNI User’s Guide Appendix C IP Addresses and Subnetting - 2 or 62 hosts for each subnet (a host ID of all NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111.
Page 458: Table 194 Subnet 2
NETWORK NUMBER 192.168.1. 11000000.10101000.00000001. 11111111.11111111.11111111. Lowest Host ID: 192.168.1.193 Highest Host ID: 192.168.1.254 LAST FIRST ADDRESS ADDRESS LAST OCTET BIT VALUE 01000000 11000000 LAST OCTET BIT VALUE 10000000 11000000 LAST OCTET BIT VALUE 11000000 11000000 BROADCAST ADDRESS P-2602HWLNI User’s Guide...
Page 459: Table 198 24-Bit Network Number Subnet Planning
The following table is a summary for subnet planning on a network with a 16-bit network number. Table 199 16-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS P-2602HWLNI User’s Guide Appendix C IP Addresses and Subnetting LAST FIRST ADDRESS ADDRESS SUBNET MASK NO.
Page 460: Configuring Ip Addresses
For more information on address assignment, please refer to RFC 1597, Address Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space. SUBNET MASK NO. SUBNETS 255.255.255.252 (/30) 16384 255.255.255.254 (/31) 32768 NO. HOSTS PER SUBNET P-2602HWLNI User’s Guide...
Page 461: Appendix D Wireless Lans
A and B can access the wired network and communicate with each other. When Intra-BSS is disabled, wireless client A and B can still access the wired network but cannot communicate with each other. P-2602HWLNI User’s Guide Wireless LANs...
Page 462: Figure 274 Basic Service Set
An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. P-2602HWLNI User’s Guide...
Page 463: Figure 275 Infrastructure Wlan
(AP) or wireless gateway, but out-of-range of each other, so they cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. P-2602HWLNI User’s Guide Appendix D Wireless LANs...
Page 464: Figure 276 Rts/Cts
AP will fragment the packet into smaller data frames. A large Fragmentation Threshold is recommended for networks not prone to interference while you should set a smaller threshold for busy networks or networks that are prone to interference. P-2602HWLNI User’s Guide...
Page 465: Table 200 Ieee 802.11G
6/9/12/18/24/36/48/54 Wireless Security Overview Wireless security is vital to your network to protect wireless communication between wireless clients, access points and the wired network. P-2602HWLNI User’s Guide MODULATION DBPSK (Differential Binary Phase Shift Keyed) DQPSK (Differential Quadrature Phase Shift Keying)
Page 466: Table 201 Wireless Security Levels
RADIUS is based on a client-server model that supports authentication, authorization and accounting. The access point is the client and the server is the RADIUS server. The RADIUS server handles the following tasks: • Authentication Determines the identity of the users. • Authorization P-2602HWLNI User’s Guide...
Page 467: Types Of Radius Messages
EAP to interact with an EAP-compatible RADIUS server, an access point helps a wireless station and a RADIUS server perform authentication. The type of authentication you use depends on the RADIUS server and an intermediary AP(s) that supports IEEE 802.1x. . P-2602HWLNI User’s Guide Appendix D Wireless LANs...
Page 468 However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication. EAP-GTC is implemented only by Cisco. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a Cisco implementation of IEEE 802.1x. P-2602HWLNI User’s Guide...
Page 469: Table 202 Comparison Of Eap Authentication Types
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not. Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2. P-2602HWLNI User’s Guide EAP-MD5 EAP-TLS EAP-TTLS...
Page 470 AP and does not need to go with the authentication process again. Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to perform IEEE 802.1x authentication with another AP before connecting to it. P-2602HWLNI User’s Guide...
Page 471: Wireless Client Wpa Supplicants
(PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). 2 The AP checks each wireless client's password and allows it to join the network only if the password matches. P-2602HWLNI User’s Guide Appendix D Wireless LANs...
Page 472: Figure 278 Wpa(2)-Psk Authentication
None Disable Enable without Dynamic WEP Key Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable Enable with Dynamic WEP Key Enable without Dynamic WEP Key Disable TKIP/AES Enable TKIP/AES Disable TKIP/AES Enable TKIP/AES Disable P-2602HWLNI User’s Guide...
Page 473: Antenna Characteristics
The angle of the beam determines the width of the coverage pattern. Angles typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for hallways and outdoor point-to-point applications. P-2602HWLNI User’s Guide Appendix D Wireless LANs...
Page 474 For a single AP application, place omni-directional antennas as close to the center of the coverage area as possible. For directional antennas, point the antenna in the direction of the desired coverage area. P-2602HWLNI User’s Guide...
Page 475: Table 204 Examples Of Services
AUTH BOOTP_CLIENT BOOTP_SERVER CU-SEEME TCP/UDP TCP/UDP TCP/UDP User-Defined (IPSEC_TUNNEL) FINGER P-2602HWLNI User’s Guide Services PORT(S) DESCRIPTION The IPSEC AH (Authentication Header) tunneling protocol uses this service. 5190 AOL’s Internet Messenger service. Authentication protocol used by some servers. Border Gateway Protocol.
Page 476: Appendix E Services
POP3 server through a temporary connection (TCP/IP or other). This is a more secure version of POP3 that runs over SSL. 1723 Point-to-Point Tunneling Protocol enables secure transfer of data over public networks. This is the control channel. P-2602HWLNI User’s Guide...
Page 477 SNMP-TRAPS TCP/UDP SQL-NET SSDP TCP/UDP STRM WORKS SYSLOG TACACS TELNET P-2602HWLNI User’s Guide Appendix E Services PORT(S) DESCRIPTION PPTP (Point-to-Point Tunneling Protocol) enables secure transfer of data over public networks. This is the data channel. Remote Command Service. 7070 A streaming audio service that enables real time sound over the web.
Page 478 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP, but uses the UDP (User Datagram Protocol) rather than TCP (Transmission Control Protocol). 7000 A videoconferencing solution. The UDP port number is specified in the application. user- defined P-2602HWLNI User’s Guide...
Page 480 This device has been designed for the WLAN 2.4 GHz network throughout the EC region and Switzerland, with restrictions in France. This Class B digital apparatus complies with Canadian ICES-003. Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada. Viewing Certifications 1 Go to http://www.zyxel.com. P-2602HWLNI User’s Guide...
Page 481: Zyxel Limited Warranty
Registration Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products. P-2602HWLNI User’s Guide Appendix F Legal Information...
Page 482 Appendix F Legal Information P-2602HWLNI User’s Guide...
Page 483: Appendix G Customer Support
• Sales E-mail: sales@zyxel.com.tw • Telephone: +886-3-578-3942 • Fax: +886-3-578-2439 • Web: www.zyxel.com, www.europe.zyxel.com • FTP: ftp.zyxel.com, ftp.europe.zyxel.com • Regular Mail: ZyXEL Communications Corp., 6 Innovation Road II, Science Park, Hsinchu 300, Taiwan Costa Rica • Support E-mail: soporte@zyxel.co.cr • Sales E-mail: sales@zyxel.co.cr •...
Page 484 Appendix G Customer Support • Regular Mail: ZyXEL Communications, Czech s.r.o., Modranská 621, 143 01 Praha 4 - Modrany, Ceská Republika Denmark • Support E-mail: support@zyxel.dk • Sales E-mail: sales@zyxel.dk • Telephone: +45-39-55-07-00 • Fax: +45-39-55-07-07 • Web: www.zyxel.dk • Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark Finland •...
Page 485 • Regular Mail: ZyXEL Malaysia Sdn Bhd., 1-02 & 1-03, Jalan Kenari 17F, Bandar Puchong Jaya, 47100 Puchong, Selangor Darul Ehsan, Malaysia North America • Support E-mail: support@zyxel.com • Support Telephone: +1-800-978-7222 • Sales E-mail: sales@zyxel.com • Sales Telephone: +1-714-632-0882 • Fax: +1-714-632-0858 • Web: www.zyxel.com P-2602HWLNI User’s Guide Appendix G Customer Support...
Page 486 Appendix G Customer Support • Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St., Anaheim, CA 92806- 2001, U.S.A. Norway • Support E-mail: support@zyxel.no • Sales E-mail: sales@zyxel.no • Telephone: +47-22-80-61-80 • Fax: +47-22-80-61-81 • Web: www.zyxel.no • Regular Mail: ZyXEL Communications A/S, Nils Hansens vei 13, 0667 Oslo, Norway Poland •...
Page 487 • Telephone: +44-1344-303044, 08707-555779 (UK only) • Fax: +44-1344-303034 • Web: www.zyxel.co.uk • FTP: ftp.zyxel.co.uk • Regular Mail: ZyXEL Communications UK Ltd., 11 The Courtyard, Eastern Road, Bracknell, Berkshire RG12 2XB, United Kingdom (UK) P-2602HWLNI User’s Guide Appendix G Customer Support...
Page 488 Appendix G Customer Support P-2602HWLNI User’s Guide...
Page 489: Index
Automatic Traffic Classifier see ATC auto-negotiating rate adaptation auto-provisioning 229, 425 backup P-2602HWLNI User’s Guide backup type bandwidth management bandwidth manager class configuration bandwidth manager monitor bandwidth manager summary Basic Service Set, See BSS basic wireless security...
Page 490 DSLAM (Digital Subscriber Line Access Multiplexer) DTMF DTMF detection and generation Dual-Tone MultiFrequency dynamic DNS dynamic jitter buffer dynamic secure gateway address dynamic WEP key exchange DYNDNS wildcard EAP Authentication EAP-MD5 echo cancellation e-mail log example Emergency Numbers 202, 428 184, 429 P-2602HWLNI User’s Guide...
Page 491 P-2602HWLNI User’s Guide 159, 348 file upload FTP restrictions G.168 184, 429 G.711 G.726 G.729 G.992.1 G.992.3 G.992.4 G.992.5...
Page 492 Telnet. See command interface. using the command interface. See command interface. Maximum Burst Size (MBS) max-incomplete high max-incomplete low Message Integrity Check (MIC) metric multicast 42, 184 multimedia multiple PVC support 101, 117 104, 109, 113 P-2602HWLNI User’s Guide...
Page 493 Pairwise Master Key (PMK) 470, 472 park password P-2602HWLNI User’s Guide change at login password change at login Peak Cell Rate (PCR) peer call authentication, VoIP trunking peer IP peer port peer-to-peer calls...
Page 494 Security Parameter Index server 157, 158, 378 service Service Set service type services Session Description Protocol Session Initiating Protocol Session Initiation Protocol silence suppression Single User Account (SUA) SIP account SIP accounts 463, 464 184, 429 P-2602HWLNI User’s Guide...
Page 495 118, 253, 454 subnetting supplementary services Sustain Cell Rate (SCR) 109, 113 Sustained Cell Rate (SCR) SYN flood 236, 237 SYN-ACK syntax conventions P-2602HWLNI User’s Guide syslog system name system timeout TCP maximum incomplete TCP security TCP/IP 235, 236 teardrop Telnet...
Page 496 WPA2-Pre-Shared Key WPA2-PSK application example WPA-PSK application example zero configuration Internet access ZyNOS ZyNOS (ZyXEL Network Operating System) ZyNOS F/W version ZyXEL’s firewall introduction 49, 241, 242, 247 137, 152, 153 469, 470 469, 470 105, 425 P-2602HWLNI User’s Guide...

This manual is also suitable for:

P-2602hwlni-d3a P-2602hwlni-d7a

ZyXEL Communications P-2602HWLNI User Manual

Chapter 1 Introducing the Zyxel Device

Chapter 2 Introducing the Web Configurator

Chapter 3 Internet and Wireless Setup Wizard

Chapter 4 Voip Wizard

Chapter 5 Bandwidth Management Wizard

Chapter 6 Status Screens

Chapter 7 WAN Setup

Chapter 8 LAN Setup

Chapter 9 Wireless LAN

Chapter 10 Network Address Translation (NAT) Screens

Chapter 11 Voice

Quick Links

Troubleshooting

Related Manuals for ZyXEL Communications P-2602HWLNI

Summary of Contents for ZyXEL Communications P-2602HWLNI