Download Print this page

ZyXEL Communications P-2608HWL-Dx Series User Manual

802.11g wireless adsl2+ voip iad

Hide thumbs Also See for P-2608HWL-Dx Series:

Quick start manual (9 pages)

Table of Contents

Advertisement

Quick Links

Download this manual

P-2608HWL-Dx Series

802.11g Wireless ADSL2+ VoIP IAD

User's Guide

Version 3.40

10/2006

Edition 1

Table of Contents

Advertisement

Chapters

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the P-2608HWL-Dx Series and is the answer not in the manual?

Questions and answers

Summary of Contents for ZyXEL Communications P-2608HWL-Dx Series

Page 1 P-2608HWL-Dx Series 802.11g Wireless ADSL2+ VoIP IAD User’s Guide Version 3.40 10/2006 Edition 1...
Page 3: Copyright
ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
Page 4: Federal Communications Commission (Fcc) Interference Statement
P-2608HWL-Dx Series User’s Guide Federal Communications Commission (FCC) Interference Statement The device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
Page 5 1 Go to http://www.zyxel.com. 2 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page. Certifications P-2608HWL-Dx Series User’s Guide...
Page 6: Safety Warnings
P-2608HWL-Dx Series User’s Guide For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids.
Page 7 P-2608HWL-Dx Series User’s Guide This product is recyclable. Dispose of it properly. Safety Warnings...
Page 8: Zyxel Limited Warranty
P-2608HWL-Dx Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During...
Page 9: Customer Support
FRANCE support@zyxel.de GERMANY sales@zyxel.de support@zyxel.hu HUNGARY info@zyxel.hu http://zyxel.kz/support sales@zyxel.kz KAZAKHSTAN support@zyxel.com NORTH AMERICA sales@zyxel.com Customer Support P-2608HWL-Dx Series User’s Guide Customer Support TELEPHONE WEB SITE FTP SITE www.zyxel.com www.europe.zyxel.com +886-3-578-2439 ftp.zyxel.com ftp.europe.zyxel.com +506-2017878 www.zyxel.co.cr +506-2015098 ftp.zyxel.co.cr +420-241-091-350 www.zyxel.cz...
Page 10 P-2608HWL-Dx Series User’s Guide METHOD SUPPORT E-MAIL SALES E-MAIL LOCATION support@zyxel.no NORWAY sales@zyxel.no info@pl.zyxel.com POLAND http://zyxel.ru/support RUSSIA sales@zyxel.ru support@zyxel.es SPAIN sales@zyxel.es support@zyxel.se SWEDEN sales@zyxel.se support@ua.zyxel.com +380-44-247-69-78 UKRAINE sales@ua.zyxel.com support@zyxel.co.uk UNITED KINGDOM sales@zyxel.co.uk +” is the (prefix) number you enter to make an international telephone call.
Page 11: Table Of Contents
2.2.2 Navigation Panel ...49 2.2.3 Status Bar ...52 Chapter 3 Internet and Wireless Setup Wizard ... 53 3.1 Introduction ...53 3.2 Internet Access Wizard Setup ...53 3.2.1 Manual Configuration ...55 Table of Contents P-2608HWL-Dx Series User’s Guide Table of Contents...
Page 12 P-2608HWL-Dx Series User’s Guide 3.3 Wireless Connection Wizard Setup ...60 3.3.1 Automatically assign a WPA key ...63 3.3.2 Manually Assign a WPA key ...63 3.3.3 Manually Assign a WEP key...63 Chapter 4 VoIP Wizard And Example ... 67 4.1 Introduction ...67 4.2 VoIP Wizard Setup ...67...
Page 13 Wireless LAN ... 119 9.1 Wireless Network Overview ...119 9.2 Wireless Security Overview ...120 9.2.1 SSID ...120 9.2.2 MAC Address Filter ...120 9.2.3 User Authentication ...120 9.2.4 Encryption ...121 9.2.5 One-Touch Intelligent Security Technology (OTIST) ...122 Table of Contents P-2608HWL-Dx Series User’s Guide...
Page 14 P-2608HWL-Dx Series User’s Guide 9.3 Wireless Performance Overview ...122 9.3.1 Quality of Service (QoS) ...122 9.4 Additional Wireless Terms ...122 9.5 General Wireless LAN Screen ...123 9.5.1 No Security ...124 9.5.2 WEP Encryption Screen ...125 9.5.3 WPA(2)-PSK ...126 9.5.4 WPA(2) Authentication Screen ...128 9.5.5 Wireless LAN Advanced Setup...129...
Page 15 12.1.3.2 Europe Type Supplementary Phone Services ...168 12.1.3.3 USA Type Supplementary Services ...170 12.2 Phone Screens ...171 12.2.1 Analog Phone Screen...171 12.2.2 Advanced Analog Phone Setup Screen ...172 12.2.3 Common Phone Settings Screen ...174 12.2.4 Phone Region Screen...174 Table of Contents P-2608HWL-Dx Series User’s Guide...
Page 16 P-2608HWL-Dx Series User’s Guide Chapter 13 Phone Book ... 177 13.1 Phone Book Overview ...177 13.2 Speed Dial Screen ...177 13.3 Incoming Call Policy Screen ...179 13.4 Group Ring Screen ...181 Chapter 14 PSTN Line ... 185 14.1 PSTN Line Overview ...185 14.2 PSTN Line Screen ...185...
Page 17 18.1.1 IKE SA Overview ...222 18.1.1.1 IP Addresses of the ZyXEL Device and Remote IPSec Router ..222 18.1.1.2 IKE SA Proposal ...223 18.1.1.3 Diffie-Hellman (DH) Key Exchange ...223 18.1.1.4 Authentication ...224 18.1.1.5 Extended Authentication ...225 Table of Contents P-2608HWL-Dx Series User’s Guide ...202...
Page 18 P-2608HWL-Dx Series User’s Guide 18.1.2 Additional Topics for IKE SA ...226 18.1.2.1 Negotiation Mode ...226 18.1.2.2 VPN, NAT and NAT Traversal ...226 18.1.3 IPSec SA Overview ...227 18.1.3.1 Local Network and Remote Network ...228 18.1.3.2 Active Protocol ...228 18.1.3.3 Encapsulation ...228 18.1.3.4 IPSec SA Proposal and Perfect Forward Secrecy ...229...
Page 19 23.1 Remote Management Overview ...293 23.1.1 Remote Management Limitations ...293 23.1.2 Remote Management and NAT ...294 23.1.3 System Timeout ...294 23.2 Introduction to HTTPS ...294 23.3 WWW ...295 23.4 Telnet ...296 23.5 Configuring Telnet ...297 Table of Contents P-2608HWL-Dx Series User’s Guide ...273 ...287...
Page 20 P-2608HWL-Dx Series User’s Guide 23.6 Configuring FTP ...298 23.7 SNMP ...299 23.7.1 Supported MIBs ...300 23.7.2 SNMP Traps ...300 23.7.3 Configuring SNMP ...300 23.8 Configuring DNS ...302 23.9 Configuring ICMP ...302 23.10 TR-069 ...304 Chapter 24 Universal Plug-and-Play (UPnP) ... 307 24.1 Introducing Universal Plug and Play ...307...
Page 21 29.5 Telephone Problems ...359 Appendix A Product Specifications ... 361 Specification Tables... 361 Firmware Specifications ... 361 P-2608HW/HWL-Dx Series Power Adaptor Specifications ... 366 Appendix B Setting up Your Computer’s IP Address... 367 Table of Contents P-2608HWL-Dx Series User’s Guide...
Page 22 P-2608HWL-Dx Series User’s Guide Windows 95/98/Me... 367 Configuring ... 369 Verifying Settings ... 370 Windows 2000/NT/XP ... 370 Verifying Settings ... 374 Macintosh OS 8/9... 374 Verifying Settings ... 376 Macintosh OS X ... 376 Verifying Settings ... 377 Appendix C IP Addresses and Subnetting ...
Page 23 The Configuration Text File Format... 415 Internal SPTGEN File Modification - Important Points to Remember ... 415 Internal SPTGEN FTP Download Example... 416 Internal SPTGEN FTP Upload Example ... 417 Command Examples... 438 Index... 441 Table of Contents P-2608HWL-Dx Series User’s Guide...
Page 24 P-2608HWL-Dx Series User’s Guide Table of Contents...
Page 25: List Of Figures
P-2608HWL-Dx Series User’s Guide List of Figures Figure 1 ZyXEL Device’s VoIP Features ... 41 Figure 2 Internet Access ... 42 Figure 3 LEDs ... 42 Figure 4 Password Screen ... 46 Figure 5 Change Password Screen ... 46 Figure 6 Factory Default Certificate ... 47 Figure 7 Wizard or Advanced Screen ...
Page 26 P-2608HWL-Dx Series User’s Guide Figure 39 Bandwidth Management Wizard: Complete ... 77 Figure 40 Status Screen ... 79 Figure 41 Any IP Table ... 82 Figure 42 WLAN Status ... 83 Figure 43 Packet Statistics ... 84 Figure 44 VoIP Statistics ... 85 Figure 45 Example of Traffic Shaping ...
Page 27 P-2608HWL-Dx Series User’s Guide Figure 82 Edit Address Mapping Rule ... 148 Figure 83 Network > NAT > ALG ... 150 Figure 84 SIP User Agent ... 153 Figure 85 SIP Proxy Server ... 153 Figure 86 SIP Redirect Server ... 154 Figure 87 STUN ...
Page 28 P-2608HWL-Dx Series User’s Guide Figure 125 VPN: Transport and Tunnel Mode Encapsulation ... 228 Figure 126 VPN Setup ... 231 Figure 127 Edit VPN Policies ... 233 Figure 128 Advanced VPN Policies ... 238 Figure 129 VPN: Manual Key ... 241 Figure 130 VPN: SA Monitor ...
Page 29 P-2608HWL-Dx Series User’s Guide Figure 168 Configuring UPnP ... 308 Figure 169 Add/Remove Programs: Windows Setup: Communication ... 310 Figure 170 Add/Remove Programs: Windows Setup: Communication: Components Figure 171 Network Connections ... 311 Figure 172 Windows Optional Networking Components Wizard ... 311 Figure 173 Networking Services ...
Page 30 P-2608HWL-Dx Series User’s Guide Figure 210 Java (Sun) ... 359 Figure 211 WIndows 95/98/Me: Network: Configuration ... 368 Figure 212 Windows 95/98/Me: TCP/IP Properties: IP Address ... 369 Figure 213 Windows 95/98/Me: TCP/IP Properties: DNS Configuration ... 370 Figure 214 Windows XP: Start Menu ... 371 Figure 215 Windows XP: Control Panel ...
Page 31 P-2608HWL-Dx Series User’s Guide Figure 253 Internal SPTGEN FTP Download Example ... 417 Figure 254 Internal SPTGEN FTP Upload Example ... 417 List of Figures...
Page 32 P-2608HWL-Dx Series User’s Guide List of Figures...
Page 33: List Of Tables
P-2608HWL-Dx Series User’s Guide List of Tables Table 1 Models Covered ... 41 Table 2 LEDs ... 43 Table 3 Web Configurator Icons in the Title Bar ... 49 Table 4 Navigation Panel Summary ... 49 Table 5 Internet Access Wizard Setup: ISP Parameters ... 56 Table 6 Internet Connection with PPPoE ...
Page 34 P-2608HWL-Dx Series User’s Guide Table 39 Wireless: WPA(2) ... 128 Table 40 Wireless LAN: Advanced ... 130 Table 41 Network > Wireless LAN > OTIST ... 131 Table 42 MAC Address Filter ... 134 Table 43 Wireless LAN: QoS ... 135 Table 44 Application Priority Configuration ...
Page 35 Table 118 SNMP Traps ... 300 Table 119 Remote Management: SNMP ... 301 Table 120 Remote Management: DNS ... 302 Table 121 Remote Management: ICMP ... 303 Table 122 TR-069 Commands ... 304 List of Tables P-2608HWL-Dx Series User’s Guide...
Page 36 P-2608HWL-Dx Series User’s Guide Table 123 Configuring UPnP ... 309 Table 124 System General Setup ... 320 Table 125 System Time Setting ... 321 Table 126 View Log ... 326 Table 127 Log Settings ... 327 Table 128 SMTP Error Messages ... 329 Table 129 Filename Conventions ...
Page 37 P-2608HWL-Dx Series User’s Guide Table 166 CDR Logs ... 406 Table 167 PPP Logs ... 406 Table 168 UPnP Logs ... 407 Table 169 Content Filtering Logs ... 407 Table 170 Attack Logs ... 407 Table 171 802.1X Logs ... 408 Table 172 ACL Setting Notes ...
Page 38 P-2608HWL-Dx Series User’s Guide List of Tables...
Page 39: Related Documentation
Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
Page 40: Graphics Icons Key
P-2608HWL-Dx Series User’s Guide • The P-2608HWL-Dx series may be referred to as the ”ZyXEL Device” or the “device” in this user’s guide. This refers to all models (ADSL over POTS, ADSL over ISDN and ADSL over T-ISDN) unless specifically identified.
Page 41: Getting To Know The Zyxel Device
This chapter introduces the main features and applications of the ZyXEL Device. 1.1 Overview The P-2608HWL-Dx series are Integrated Access Devices (IADs) that combine an ADSL2+ router with Voice over IP (VoIP) communication capabilities. This guide covers the following models.
Page 42: Dsl Router
P-2608HWL-Dx Series User’s Guide 1.1.2 DSL Router Your ZyXEL Device is an ideal solution for fast Internet access. Computers can connect to the ZyXEL Device’s LAN ports (or wirelessly) and use it as a gateway to the Internet. Figure 2 Internet Access You can also configure firewall and content filtering on the ZyXEL Device for secure Internet access.
Page 43: Table 2 Leds
None PHONE 1-8 Green Orange None Chapter 1 Getting To Know the ZyXEL Device P-2608HWL-Dx Series User’s Guide STATUS DESCRIPTION Your device is receiving power and functioning properly. Blinking Your device is rebooting and performing a self-test. Your device is not receiving enough power.
Page 44 P-2608HWL-Dx Series User’s Guide Chapter 1 Getting To Know the ZyXEL Device...
Page 45: Introducing The Web Configurator
Cancel to revert to the default password in the password field. If you have changed the password, enter your password and click Login. Chapter 2 Introducing the Web Configurator P-2608HWL-Dx Series User’s Guide H A P T E R Introducing the Web...
Page 46: Figure 4 Password Screen
P-2608HWL-Dx Series User’s Guide Figure 4 Password Screen 5 The following screen displays if you have not yet changed your password. It is highly recommended you change the default password. Enter a new password, retype it to confirm and click Apply; alternatively click Ignore to proceed to the main menu if you do not want to change the password now.
Page 47: Figure 6 Factory Default Certificate
Note: For security reasons, the ZyXEL Device automatically logs you out if you do not use the web configurator for five minutes. If this happens, log in again. Figure 7 Wizard or Advanced Screen Chapter 2 Introducing the Web Configurator P-2608HWL-Dx Series User’s Guide Chapter 3 Section 2.2 on page 48...
Page 48: The Reset Button
P-2608HWL-Dx Series User’s Guide 2.1.2 The RESET Button You can use the RESET button on the side of the device to reboot the device. If you forget your password or cannot access the web configurator, you will need to use the RESET button to reload the factory-default configuration file.
Page 49: Title Bar
DHCP Setup Client List IP Alias Chapter 2 Introducing the Web Configurator P-2608HWL-Dx Series User’s Guide FUNCTION This screen contains administrative and system-related information. Use this screen to configure ISP parameters, WAN IP address assignment, DNS servers and other advanced properties.
Page 50 P-2608HWL-Dx Series User’s Guide Table 4 Navigation Panel Summary LINK Wireless LAN General OTIST MAC Filter General Port Forwarding Address Mapping Use this screen to configure network address translation mapping rules. VoIP SIP Settings Phone Analog Phone Common Region Phone Book...
Page 51 Logs View Log Log Settings Chapter 2 Introducing the Web Configurator P-2608HWL-Dx Series User’s Guide FUNCTION Use this screen to configure each VPN tunnel. Use this screen to look at the current status of each VPN tunnel. Use this screen to allow NetBIOS traffic through VPN tunnels.
Page 52: Status Bar
P-2608HWL-Dx Series User’s Guide Table 4 Navigation Panel Summary LINK Tools Firmware Configuration Restart Diagnostic General DSL Line Main Window The main window displays information and configuration fields. It is discussed in the rest of this document. Right after you log in, the Status screen is displayed. See information about the Status screen.
Page 53: Chapter 3 Internet And Wireless Setup Wizard
2 Click INTERNET/WIRELESS SETUP to configure the system for Internet access and wireless connection. Chapter 3 Internet and Wireless Setup Wizard P-2608HWL-Dx Series User’s Guide H A P T E R Wizard ) in the top right corner of the web...
Page 54: Figure 10 Wizard Welcome
P-2608HWL-Dx Series User’s Guide Figure 10 Wizard Welcome 3 Your ZyXEL Device attempts to detect your DSL connection and your connection type. The following screen appears if a connection is not detected. Check your hardware connections and click Restart the Internet/Wireless Setup Wizard to return to the wizard welcome screen or click Manually configure your Internet connection if you want to set up the connection manually.
Page 55: Manual Configuration
Internet access information in the wizard screen exactly as your SIP gave it to you. Leave the defaults in any fields for which you were not given information. Chapter 3 Internet and Wireless Setup Wizard P-2608HWL-Dx Series User’s Guide Section 3.2.1 on page 55...
Page 56: Figure 14 Internet Access Wizard Setup: Isp Parameters
P-2608HWL-Dx Series User’s Guide Figure 14 Internet Access Wizard Setup: ISP Parameters The following table describes the fields in this screen. Table 5 Internet Access Wizard Setup: ISP Parameters LABEL DESCRIPTION Mode From the Mode drop-down list box, select Routing (default) if your ISP allows multiple computers to share an Internet account.
Page 57: Figure 15 Internet Connection With Pppoe
Click Apply to save your changes back to the ZyXEL Device. Exit Click Exit to close the wizard screen without saving your changes. Figure 16 Internet Connection with RFC 1483 Chapter 3 Internet and Wireless Setup Wizard P-2608HWL-Dx Series User’s Guide for wireless connection wizard setup...
Page 58: Figure 17 Internet Connection With Enet Encap
P-2608HWL-Dx Series User’s Guide The following table describes the fields in this screen. Table 7 Internet Connection with RFC 1483 LABEL DESCRIPTION IP Address This field is available if you select Routing in the Mode field. Type your ISP assigned IP address in this field.
Page 59: Figure 18 Internet Connection With Pppoa
• If the user name and/or password you entered for PPPoE or PPPoA connection are not correct, the screen displays as shown next. Click Back to Username and Password setup to go back to the screen where you can modify them. Chapter 3 Internet and Wireless Setup Wizard P-2608HWL-Dx Series User’s Guide...
Page 60: Wireless Connection Wizard Setup
P-2608HWL-Dx Series User’s Guide Figure 19 Connection Test Failed-1 • If the following screen displays, check if your account is activated or click Restart the Internet/Wireless Setup Wizard to verify your Internet access settings. Figure 20 Connection Test Failed-2. 3.3 Wireless Connection Wizard Setup After you configure the Internet access information, use the following screens to set up your wireless LAN.
Page 61: Figure 21 Connection Test Successful
OTIST Setup Key on the ZyXEL Device and wireless clients. Click Back to display the previous screen. Click Next to proceed to the next screen. Click Exit to close the wizard screen without saving. P-2608HWL-Dx Series User’s Guide...
Page 62: Figure 23 Wireless Lan
P-2608HWL-Dx Series User’s Guide 3 Configure your wireless settings in this screen. Click Next. Figure 23 Wireless LAN The following table describes the labels in this screen. Table 11 Wireless LAN Setup Wizard 2 LABEL DESCRIPTION Network Enter a descriptive name (up to 32 printable 7-bit ASCII characters) for the wireless Name(SSID) LAN.
Page 63: Automatically Assign A Wpa Key
Click Next to proceed to the next screen. Exit Click Exit to close the wizard screen without saving. 3.3.3 Manually Assign a WEP key Choose Manually assign a WEP key to setup WEP Encryption parameters. Chapter 3 Internet and Wireless Setup Wizard P-2608HWL-Dx Series User’s Guide...
Page 64: Figure 25 Manually Assign A Wep Key
P-2608HWL-Dx Series User’s Guide Figure 25 Manually Assign a WEP key The following table describes the labels in this screen. Table 13 Manually Assign a WEP key LABEL DESCRIPTION The WEP keys are used to encrypt data. Both the ZyXEL Device and the wireless stations must use the same WEP key for data transmission.
Page 65: Figure 26 Wireless Lan Setup 3
ZyXEL Device features. If you cannot access the Internet, open the web configurator again to confirm that the Internet settings you configured in the wizard setup are correct. Chapter 3 Internet and Wireless Setup Wizard P-2608HWL-Dx Series User’s Guide...
Page 66 P-2608HWL-Dx Series User’s Guide Chapter 3 Internet and Wireless Setup Wizard...
Page 67: Voip Wizard And Example
Apply. Otherwise, click the wizard icon ( configurator to display the wizard main screen. Chapter 4 VoIP Wizard And Example P-2608HWL-Dx Series User’s Guide H A P T E R ) in the top right corner of the web...
Page 68: Figure 29 Select A Mode
P-2608HWL-Dx Series User’s Guide Figure 29 Select a Mode 2 Click VOICE OVER INTERNET SETUP to configure your SIP settings. Figure 30 Wizard: Welcome Chapter 4 VoIP Wizard And Example...
Page 69: Figure 31 Voip Wizard Configuration
Type the IP address or domain name of the SIP server in this field. It doesn’t matter whether the SIP server is a proxy, redirect or register server. You can use up to 95 ASCII characters. P-2608HWL-Dx Series User’s Guide...
Page 70: Figure 32 Sip Registration Test
P-2608HWL-Dx Series User’s Guide Table 15 VoIP Wizard Configuration LABEL SIP Service Domain User Name Password Check here to set up SIP2 settings. Back Apply Exit 4 Your ZyXEL Device will attempt to register your SIP account with your VoIP service provider.
Page 71: Figure 33 Voip Wizard Fail
You dial a prefix number, provided to you by your VoIP service provider, followed by a regular phone number. Note: To find out more information about configuring your VoIP features and making non VoIP calls see Chapter 4 VoIP Wizard And Example P-2608HWL-Dx Series User’s Guide Chapter 10 on page 119.
Page 72 P-2608HWL-Dx Series User’s Guide Chapter 4 VoIP Wizard And Example...
Page 73: Bandwidth Management Wizard
UNIX environments. It operates over TCP/IP networks. Its primary function is to allow users to log into remote host systems. Telnet uses TCP port 23. Chapter 5 Bandwidth Management Wizard P-2608HWL-Dx Series User’s Guide H A P T E R...
Page 74: Bandwidth Management Wizard Setup
P-2608HWL-Dx Series User’s Guide Table 16 Media Bandwidth Management Setup: Services (continued) SERVICE DESCRIPTION NetMeeting A multimedia communications product from Microsoft that enables groups to (H.323) teleconference and videoconference over the Internet. NetMeeting supports VoIP, text chat sessions, a whiteboard, and file transfers and application sharing.
Page 75: Figure 36 Wizard: Welcome
Click Exit to close the wizard screen without saving. 4 Use the next wizard screen to select the services that you want to apply bandwidth management and select the priorities that you want to apply to the services listed. Chapter 5 Bandwidth Management Wizard P-2608HWL-Dx Series User’s Guide...
Page 76: Figure 38 Bandwidth Management Wizard: Service Configuration
P-2608HWL-Dx Series User’s Guide Figure 38 Bandwidth Management Wizard: Service Configuration The following table describes the labels in this screen. Table 18 Bandwidth Management Wizard: Service Configuration LABEL DESCRIPTION Active Select Active to enable bandwidth management for service specified traffic.
Page 77: Figure 39 Bandwidth Management Wizard: Complete
P-2608HWL-Dx Series User’s Guide 5 Follow the on-screen instructions and click Finish to complete the wizard setup and save your configuration. Figure 39 Bandwidth Management Wizard: Complete Chapter 5 Bandwidth Management Wizard...
Page 78 P-2608HWL-Dx Series User’s Guide Chapter 5 Bandwidth Management Wizard...
Page 79: Chapter 6 Status Screens
Status screen also provides detailed information from Any IP and DHCP and statistics from VoIP, bandwidth management, and traffic. 6.1 Status Screen Click Status to open this screen. Figure 40 Status Screen Chapter 6 Status Screens P-2608HWL-Dx Series User’s Guide H A P T E R Status Screens...
Page 80: Table 19 Status Screen
P-2608HWL-Dx Series User’s Guide Each field is described in the following table. Table 19 Status Screen LABEL DESCRIPTION Refresh Interval Enter how often you want the ZyXEL Device to update this screen. Apply Click this to update this screen immediately.
Page 81 Bandwidth Click this link to view the ZyXEL Device’s bandwidth usage and allotments. See Status Section 21.10 on page Chapter 6 Status Screens P-2608HWL-Dx Series User’s Guide Section 8.5 on page Section 6.3 on page 287. Section 2.1.2 on page Chapter 21 on page Section 6.2 on page...
Page 82: Any Ip Table
P-2608HWL-Dx Series User’s Guide Table 19 Status Screen LABEL DESCRIPTION VPN Status Click this link to view the ZyXEL Device’s current VPN connections. See 18.6 on page Packet Click this link to view port status and packet specific statistics. See...
Page 83: Wlan Status
Click Status > Packet Statistics to access this screen. Read-only information here includes port status and packet specific statistics. Also provided are "system up time" and "poll interval(s)". The Poll Interval(s) field is configurable. Chapter 6 Status Screens P-2608HWL-Dx Series User’s Guide...
Page 84: Figure 43 Packet Statistics
P-2608HWL-Dx Series User’s Guide Figure 43 Packet Statistics The following table describes the fields in this screen. Table 22 Packet Statistics LABEL DESCRIPTION System Monitor System up Time This is the elapsed time the system has been up. Current Date/Time This field displays your ZyXEL Device’s present date and time.
Page 85: Voip Statistics
Click this to apply the new poll interval you entered in the Poll Interval field above. Stop Click this button to halt the refreshing of the system statistics. 6.5 VoIP Statistics Click Status > VoIP Statistics to access this screen. Figure 44 VoIP Statistics Chapter 6 Status Screens P-2608HWL-Dx Series User’s Guide...
Page 86: Table 23 Voip Statistics
P-2608HWL-Dx Series User’s Guide Each field is described in the following table. Table 23 VoIP Statistics LABEL DESCRIPTION SIP Status Account This column displays each SIP account in the ZyXEL Device. Registration This field displays the current registration status of the SIP account. You can change this in the Status screen.
Page 87 Click this to make the ZyXEL Device update the screen based on the amount of time you specified in Poll Interval. Stop Click this to make the ZyXEL Device stop updating the screen. Chapter 6 Status Screens P-2608HWL-Dx Series User’s Guide...
Page 88 P-2608HWL-Dx Series User’s Guide Chapter 6 Status Screens...
Page 89: Chapter 7 Wan Setup
Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site. Chapter 7 WAN Setup P-2608HWL-Dx Series User’s Guide H A P T E R WAN Setup...
Page 90: Pppoa
P-2608HWL-Dx Series User’s Guide By implementing PPPoE directly on the ZyXEL Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the ZyXEL Device does that part of the task. Furthermore, with NAT, all of the LANs’ computers will have access.
Page 91: Ip Address Assignment
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network. Chapter 7 WAN Setup P-2608HWL-Dx Series User’s Guide...
Page 92: Metric
P-2608HWL-Dx Series User’s Guide 7.2 Metric The metric represents the "cost of transmission". A router determines the best route for transmission by choosing a path with the lowest "cost". RIP routing uses hop count as the measurement of cost, with a minimum of "1" for directly connected networks. The number must be between "1"...
Page 93: Atm Traffic Classes
PCR is specified) but is only available when data is being sent. An example of an VBR-RT connection would be video conferencing. Video conferencing requires real-time data transfers and the bandwidth requirement varies in proportion to the video image's changing dynamics. Chapter 7 WAN Setup P-2608HWL-Dx Series User’s Guide...
Page 94: Unspecified Bit Rate (Ubr)
P-2608HWL-Dx Series User’s Guide The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical on LANs. PCR and MBS define the burst levels, SCR defines the minimum level.
Page 95: Figure 46 Internet Access Setup (Pppoe)
ISP assigned. If assigned a name in the form user@domain where domain identifies a service name, then enter both components exactly as given. (PPPoA and PPPoE encapsulation only) Enter the password associated with the user name above. (PPPoE only) Type the name of your PPPoE service here. P-2608HWL-Dx Series User’s Guide...
Page 96 P-2608HWL-Dx Series User’s Guide Table 24 Internet Access Setup (continued) LABEL Multiplexing Virtual Circuit ID IP Address Subnet Mask (ENET ENCAP encapsulation only) Gateway IP address (ENET ENCAP encapsulation only) DNS Server First DNS Server Second DNS Server Third DNS Server...
Page 97: Advanced Internet Access Setup
Demand. The default setting is 0, which means the Internet session will not timeout. Click Apply to save the changes. Click Cancel to begin configuring this screen afresh. Click this button to display the Advanced WAN Setup screen and edit more details of your WAN setup. P-2608HWL-Dx Series User’s Guide...
Page 98: Wan More Connections
P-2608HWL-Dx Series User’s Guide Table 25 Advanced Internet Access Setup (continued) LABEL DESCRIPTION ATM QoS Type Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select UBR (Unspecified Bit Rate) for applications that are non-time sensitive, such as e-mail.
Page 99: Wan More Connections Modify Screen
7.6.1 WAN More Connections Modify Screen Use this screen to modify or create additional WAN connections. Click the Modify icon in the Network > WAN > More Connections screen to edit your WAN connections. Chapter 7 WAN Setup P-2608HWL-Dx Series User’s Guide...
Page 100: Figure 49 Wan More Connections > Modify
P-2608HWL-Dx Series User’s Guide Figure 49 WAN More Connections > Modify The following table describes the labels in this screen. Table 27 WAN More Connections > Modify LABEL DESCRIPTION General Active Use this checkbox to activate or deactivate this WAN connection.
Page 101 Click this button to display the Advanced Setup screen and edit more details of your additional WAN connections. See information on this screen. Chapter 7 WAN Setup P-2608HWL-Dx Series User’s Guide Section 10.1 on page 139 for more details. Section 7.5.1 on page 97...
Page 102: Traffic Redirect
P-2608HWL-Dx Series User’s Guide 7.7 Traffic Redirect Traffic redirect forwards traffic to a backup gateway when the ZyXEL Device cannot connect to the Internet. An example is shown in the figure below. Figure 50 Traffic Redirect Example The following network topology allows you to avoid triangle route security issues when the backup gateway is connected to the LAN.
Page 103: Wan Backup Setup
Figure 51 Traffic Redirect LAN Setup 7.8 WAN Backup Setup To configure your ZyXEL Device’s WAN backup, click Network > WAN > WAN Backup Setup. Chapter 7 WAN Setup P-2608HWL-Dx Series User’s Guide...
Page 104: Table 28 Wan Backup Setup
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 28 WAN Backup Setup LABEL DESCRIPTION Backup Type Select the method that the ZyXEL Device uses to check the DSL connection. Select DSL Link to have the ZyXEL Device check if the connection to the DSLAM is up.
Page 105: Chapter 8 Lan Setup
WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next. Figure 52 LAN and WAN IP Addresses Chapter 8 LAN Setup P-2608HWL-Dx Series User’s Guide H A P T E R LAN Setup to configure the LAN screens.
Page 106: Dhcp Setup
P-2608HWL-Dx Series User’s Guide 8.1.2 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the ZyXEL Device as a DHCP server or disable it. When configured as a server, the ZyXEL Device provides the TCP/IP configuration for the clients.
Page 107: Dns Server Address Assignment
IP address that you entered. You don't need to change the subnet mask computed by the ZyXEL Device unless you are instructed to do otherwise. Chapter 8 LAN Setup P-2608HWL-Dx Series User’s Guide...
Page 108: Private Ip Addresses
P-2608HWL-Dx Series User’s Guide 8.2.1.1 Private IP Addresses Every machine on the Internet must have a unique address. If your networks are isolated from the Internet, for example, only between your two branch offices, you can assign any IP addresses to the hosts without problems. However, the Internet Assigned Numbers Authority...
Page 109: Multicast
Internet without changing the network settings, even when the IP addresses of the computer and the ZyXEL Device are not in the same subnet. Chapter 8 LAN Setup P-2608HWL-Dx Series User’s Guide...
Page 110: How Any Ip Works
P-2608HWL-Dx Series User’s Guide Figure 53 Any IP Example The Any IP feature does not apply to a computer using either a dynamic IP address or a static IP address that is in the same subnet as the ZyXEL Device’s IP address.
Page 111: Configuring Lan Ip
8.3.1 Configuring Advanced LAN Setup To edit your ZyXEL Device's advanced LAN settings, click the Advanced Setup button in the LAN IP screen. The screen appears as shown. Chapter 8 LAN Setup P-2608HWL-Dx Series User’s Guide Section 8.1 on page 105 for background...
Page 112: Figure 55 Advanced Lan Setup
P-2608HWL-Dx Series User’s Guide Figure 55 Advanced LAN Setup The following table describes the labels in this screen. Table 30 Advanced LAN Setup LABEL DESCRIPTION RIP & Multicast Setup RIP Direction Select the RIP direction from None, Both, In Only and Out Only.
Page 113: Dhcp Setup
This field specifies the size, or count of the IP address pool. This field specifies the IP address of a remote DHCP server on your LAN. The ZyXEL Device passes a DNS (Domain Name System) server IP address to the DHCP clients. P-2608HWL-Dx Series User’s Guide...
Page 114: Lan Client List
P-2608HWL-Dx Series User’s Guide Table 31 DHCP Setup LABEL First DNS Server Second DNS Server Third DNS Server Apply Reset 8.5 LAN Client List This table allows you to assign IP addresses on the LAN to specific individual computers based on their MAC Addresses.
Page 115: Lan Ip Alias
When you use IP alias, you can also configure firewall rules to control access between the LAN's logical networks (subnets). Note: Make sure that the subnets of the logical networks do not overlap. The following figure shows a LAN divided into subnets A, B, and C. Chapter 8 LAN Setup P-2608HWL-Dx Series User’s Guide...
Page 116: Figure 58 Physical Network & Partitioned Logical Networks
P-2608HWL-Dx Series User’s Guide Figure 58 Physical Network & Partitioned Logical Networks Click Network > LAN > IP Alias to open the following screen. Use this screen to change your ZyXEL Device’s IP alias settings. Figure 59 LAN IP Alias The following table describes the labels in this screen.
Page 117 By default, RIP direction is set to Both and the Version set to RIP-1. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Chapter 8 LAN Setup P-2608HWL-Dx Series User’s Guide...
Page 118 P-2608HWL-Dx Series User’s Guide Chapter 8 LAN Setup...
Page 119: Chapter 9 Wireless Lan
Like radio stations or television channels, each wireless network uses a specific channel, or frequency, to send and receive information. • Every device in the same wireless network must use security compatible with the AP. Chapter 9 Wireless LAN P-2608HWL-Dx Series User’s Guide H A P T E R Wireless LAN...
Page 120: Wireless Security Overview
P-2608HWL-Dx Series User’s Guide Security stops unauthorized devices from using the wireless network. It can also protect the information that is sent in the wireless network. 9.2 Wireless Security Overview The following sections introduce different types of wireless security you can set up in the wireless network.
Page 121: Encryption
WPA2, you should set up WPA2-PSK or WPA2 (depending on the type of wireless network login) and select the WPA compatible option in the ZyXEL Device. Chapter 9 Wireless LAN RADIUS Server No Security Static WEP WPA-PSK WPA2-PSK WPA2 P-2608HWL-Dx Series User’s Guide section...
Page 122: One-Touch Intelligent Security Technology (Otist)
P-2608HWL-Dx Series User’s Guide Many types of encryption use a key to protect the information in the wireless network. The longer the key, the stronger the encryption. Every device in the wireless network must have the same key. 9.2.5 One-Touch Intelligent Security Technology (OTIST) With ZyXEL’s OTIST, you set up the SSID and the encryption (WEP or WPA-PSK) on the...
Page 123: General Wireless Lan Screen
If you have two or more ZyXEL Devices (or other wireless access points) on your wireless network, you can enable this option so that wireless devices can change locations without having to log in again. This is useful for devices, such as notebooks, that move around a lot. P-2608HWL-Dx Series User’s Guide...
Page 124: No Security
P-2608HWL-Dx Series User’s Guide The following table describes the general wireless LAN labels in this screen. Table 35 Wireless LAN: General LABEL DESCRIPTION Active Wireless Click the check box to activate wireless LAN. Network (Service Set IDentity) The SSID identifies the Service Set with which a wireless Name(SSID) station is associated.
Page 125: Wep Encryption Screen
Choose No Security from the drop-down list box. 9.5.2 WEP Encryption Screen In order to configure and enable WEP encryption; click Network > Wireless LAN to display the General screen. Select Static WEP from the Security Mode list. Chapter 9 Wireless LAN P-2608HWL-Dx Series User’s Guide...
Page 126: Wpa(2)-Psk
P-2608HWL-Dx Series User’s Guide Figure 63 Wireless: Static WEP Encryption The following table describes the wireless LAN security labels in this screen. Table 37 Wireless: Static WEP Encryption LABEL DESCRIPTION Security Mode Choose Static WEP from the drop-down list box.
Page 127: Figure 64 Wireless: Wpa(2)-Psk
Setting of the Group Key Update Timer is also supported in WPA- PSK mode. The ZyXEL Device default is 1800 seconds (30 minutes). Chapter 9 Wireless LAN P-2608HWL-Dx Series User’s Guide server, the reauthentication timer on the RADIUS server has priority.
Page 128: Wpa(2) Authentication Screen
P-2608HWL-Dx Series User’s Guide 9.5.4 WPA(2) Authentication Screen In order to configure and enable WPA Authentication; click the Wireless LAN link under Network to display the Wireless screen. Select WPA or WPA2 from the Security list. Figure 65 Wireless: WPA(2) The following table describes the wireless LAN security labels in this screen.
Page 129: Wireless Lan Advanced Setup
Device. The key is not sent over the network. 9.5.5 Wireless LAN Advanced Setup To configure advanced wireless settings, click the Advanced Setup button in the General screen. The screen appears as shown. Chapter 9 Wireless LAN P-2608HWL-Dx Series User’s Guide...
Page 130: Otist Screen
P-2608HWL-Dx Series User’s Guide Figure 66 Advanced The following table describes the labels in this screen. Table 40 Wireless LAN: Advanced LABEL DESCRIPTION Wireless Advanced Setup RTS/CTS Enter a value between 0 and 2432. If you select the G+ Enhanced checkbox a value Threshold of 4096 is displayed.
Page 131: Figure 67 Network > Wireless Lan > Otist
Note: You must click Start in the ZyXEL Device and in the wireless device(s) within three minutes of each other. You can start OTIST in the wireless devices and the ZyXEL Device in any order. P-2608HWL-Dx Series User’s Guide...
Page 132: Figure 68 Example: Wireless Client Otist Screen
P-2608HWL-Dx Series User’s Guide Figure 68 Example: Wireless Client OTIST Screen To start OTIST in the device, click Start in this screen. Note: You must click Start in the ZyXEL Device and in the wireless device(s) within three minutes of each other. You can start OTIST in the wireless devices and the ZyXEL Device in any order.
Page 133: Notes On Otist
5 If you configure OTIST to generate a WPA-PSK key, this key changes each time you run OTIST. Therefore, if a new wireless device joins your wireless network, you need to run OTIST on the AP and ALL wireless devices again. Chapter 9 Wireless LAN P-2608HWL-Dx Series User’s Guide...
Page 134: Mac Filter
P-2608HWL-Dx Series User’s Guide 9.7 MAC Filter To change your ZyXEL Device’s MAC filter settings, click Network > Wireless LAN > MAC Filter. The screen appears as shown. Figure 73 MAC Address Filter The following table describes the labels in this menu.
Page 135: Qos Screen
WMM QoS. This table only appears if you select Application Priority in WMM QoS Policy. This is the number of an individual application entry. P-2608HWL-Dx Series User’s Guide...
Page 136: Application Priority Configuration
P-2608HWL-Dx Series User’s Guide Table 43 Wireless LAN: QoS LABEL Name Service Dest Port Priority Modify Apply 9.8.1 Application Priority Configuration To edit a WMM QoS application entry, click the edit icon under Modify. The following screen displays. Figure 74 Application Priority Configuration Appendix A on page 387 following table describes the fields in this screen.
Page 137 Select a priority from the drop-down list box. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to return to the previous screen. P-2608HWL-Dx Series User’s Guide...
Page 138 P-2608HWL-Dx Series User’s Guide Chapter 9 Wireless LAN...
Page 139: Network Address Translation (Nat) Screens
This refers to the packet address (source or destination) as the packet travels on the WAN. NAT never changes the IP address (either local or global) of an outside host. Chapter 10 Network Address Translation (NAT) Screens P-2608HWL-Dx Series User’s Guide H A P T E R (NAT) Screens...
Page 140: What Nat Does
P-2608HWL-Dx Series User’s Guide 10.1.2 What NAT Does In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Page 141: Nat Application
IP address to a unique global IP address. • Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world. Chapter 10 Network Address Translation (NAT) Screens P-2608HWL-Dx Series User’s Guide...
Page 142: Sua (Single User Account) Versus Nat
P-2608HWL-Dx Series User’s Guide Port numbers do NOT change for One-to-One and Many-to-Many No Overload NAT mapping types. The following table summarizes these types. Table 46 NAT Mapping Types TYPE One-to-One Many-to-One (SUA/PAT) Many-to-Many Overload Many-to-Many No Overload Server 10.2 SUA (Single User Account) Versus NAT SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-One and Server.
Page 143: Port Forwarding
A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world. Chapter 10 Network Address Translation (NAT) Screens P-2608HWL-Dx Series User’s Guide...
Page 144: Default Server Ip Address
P-2608HWL-Dx Series User’s Guide You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers.
Page 145: Configuring Port Forwarding
End Port This is the last port number that identifies a service. Server IP Address This is the server’s IP address. Chapter 10 Network Address Translation (NAT) Screens P-2608HWL-Dx Series User’s Guide for port numbers commonly used for particular services. DESCRIPTION...
Page 146: Port Forwarding Rule Edit
P-2608HWL-Dx Series User’s Guide Table 48 Port Forwarding LABEL Modify Click the edit icon to go to the screen where you can edit the port forwarding rule. Click the delete icon to delete an existing port forwarding rule. Note that subsequent address mapping rules move up by one when you take this action.
Page 147: Address Mapping
DESCRIPTION This is the rule index number. Local Start IP This is the starting Inside Local IP Address (ILA). Local IP addresses are N/A for Server port mapping. Chapter 10 Network Address Translation (NAT) Screens P-2608HWL-Dx Series User’s Guide DESCRIPTION...
Page 148: Address Mapping Rule Edit
P-2608HWL-Dx Series User’s Guide Table 50 Address Mapping Rules (continued) LABEL DESCRIPTION Local End IP This is the end Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address.
Page 149: Sip Alg
SIP ALG. Use this screen to enable and disable the SIP (VoIP) ALG in the ZyXEL Device. To access this screen, click Network > NAT > ALG. Chapter 10 Network Address Translation (NAT) Screens P-2608HWL-Dx Series User’s Guide DESCRIPTION...
Page 150: Figure 83 Network > Nat > Alg
P-2608HWL-Dx Series User’s Guide Figure 83 Network > NAT > ALG Each field is described in the following table. Table 52 Network > NAT > ALG LABEL DESCRIPTION Enable SIP ALG Select this to make sure SIP (VoIP) works correctly with port-forwarding and address-mapping rules.
Page 151: Chapter 11 Sip
The SIP number is the part of the SIP URI that comes before the “@” symbol. A SIP number can use letters like in an e-mail address (johndoe@your-ITSP.com for example) or numbers like a telephone number (1122334455@VoIP-provider.com for example). Chapter 11 SIP P-2608HWL-Dx Series User’s Guide H A P T E R...
Page 152: Sip Service Domain
P-2608HWL-Dx Series User’s Guide 11.1.3.2 SIP Service Domain The SIP service domain of the VoIP service provider (the company that lets you make phone calls over the Internet) is the domain name in a SIP URI. For example, if the SIP address is 1122334455@VoIP-provider.com, then “VoIP-provider.com”...
Page 153: Sip User Agent
1 The client device (A in the figure) sends a call invitation to the SIP proxy server (B). 2 The SIP proxy server forwards the call invitation to C. Figure 85 SIP Proxy Server Chapter 11 SIP P-2608HWL-Dx Series User’s Guide...
Page 154: Sip Redirect Server
P-2608HWL-Dx Series User’s Guide 11.1.5.3 SIP Redirect Server A SIP redirect server accepts SIP requests, translates the destination address to an IP address and sends the translated IP address back to the device that sent the request. Then the client device that originally sent the request can send requests to the IP address that it received back from the redirect server.
Page 155: Nat And Sip
ZyXEL Device’s SIP packets and sends them to the ZyXEL Device. 3 The ZyXEL Device uses the public IP address and port number in the SIP packets that it sends to the SIP server (C). Chapter 11 SIP P-2608HWL-Dx Series User’s Guide 149. Chapter 10 on page...
Page 156: Outbound Proxy
P-2608HWL-Dx Series User’s Guide Figure 87 STUN 11.1.7.4 Outbound Proxy Your VoIP service provider may host a SIP outbound proxy server to handle all of the ZyXEL Device’s VoIP traffic. This allows the ZyXEL Device to work with any type of NAT router and eliminates the need for STUN or a SIP ALG.
Page 157: Mwi (Message Waiting Indication)
11.1.11.3 Deleting Custom Tones Do the following to delete a custom tone: Chapter 11 SIP P-2608HWL-Dx Series User’s Guide DESCRIPTION 120 seconds for all custom tones combined 20 seconds You can record up to 8 different custom tones but the total time must be...
Page 158: Quality Of Service (Qos)
P-2608HWL-Dx Series User’s Guide 1 Pick up the phone and press “****” on your phone’s keypad and wait for the message that says you are in the configuration menu. 2 Press a number from 1301~1308 followed by the “#” key to delete the tone of your choice.
Page 159: Vlan
(the company that lets you make phone calls over the Internet) should provide this. You can also enable and disable each SIP account. To access this screen, click VoIP > SIP > SIP Settings. Chapter 11 SIP P-2608HWL-Dx Series User’s Guide...
Page 160: Figure 89 Voip > Sip > Sip Settings
P-2608HWL-Dx Series User’s Guide Figure 89 VoIP > SIP > SIP Settings Each field is described in the following table. Table 55 VoIP > SIP > SIP Settings LABEL DESCRIPTION SIP Account Select the SIP account you want to see in this screen. If you change this field, the screen automatically refreshes.
Page 161: Advanced Sip Setup Screen
Setup screen appears. 11.2.2 Advanced SIP Setup Screen Use this screen to maintain advanced settings for each SIP account. To access this screen, click Advanced Setup in VoIP > SIP > SIP Settings. Chapter 11 SIP P-2608HWL-Dx Series User’s Guide...
Page 162: Figure 90 Voip > Sip > Sip Settings > Advanced
P-2608HWL-Dx Series User’s Guide Figure 90 VoIP > SIP > SIP Settings > Advanced Each field is described in the following table. Table 56 VoIP > SIP Settings > Advanced LABEL DESCRIPTION SIP Account This field displays the SIP account you see in this screen.
Page 163 Start Port field enter the port number at the end of the range in the End Port field. G.711A is typically used in Europe. G.711u is typically used in North America and Japan. P-2608HWL-Dx Series User’s Guide...
Page 164 P-2608HWL-Dx Series User’s Guide Table 56 VoIP > SIP Settings > Advanced LABEL DESCRIPTION Enable Select this if your VoIP service provider has a SIP outbound server to handle voice calls. This allows the ZyXEL Device to work with any type of NAT router and eliminates the need for STUN or a SIP ALG.
Page 165: Sip Qos Screen
Otherwise, clear this field. Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. Chapter 11 SIP P-2608HWL-Dx Series User’s Guide...
Page 166 P-2608HWL-Dx Series User’s Guide Chapter 11 SIP...
Page 167: Chapter 12 Phone
VoIP service provider. The ZyXEL Device supports the following services: • Call Hold • Call Waiting • Making a Second Call • Call Transfer • Call Forwarding • Three-Way Conference • Internal Calls Chapter 12 Phone P-2608HWL-Dx Series User’s Guide H A P T E R Phone...
Page 168: The Flash Key
P-2608HWL-Dx Series User’s Guide Note: To take full advantage of the supplementary phone services available though the ZyXEL Device's phone ports, you may need to subscribe to the services from your VoIP service provider. 12.1.3.1 The Flash Key Flashing means to press the hook for a short period of time (a few hundred milliseconds) before releasing it.
Page 169: European Call Waiting
4 Hang up the phone to drop the connection. 5 If you want to separate the activated three-way conference into two individual connections (one is on-line, the other is on hold), press the flash key and press “2”. Chapter 12 Phone P-2608HWL-Dx Series User’s Guide...
Page 170: Usa Type Supplementary Services
P-2608HWL-Dx Series User’s Guide 12.1.3.3 USA Type Supplementary Services This section describes how to use supplementary phone services with the USA Type Call Service Mode. Commands for supplementary services are listed in the table below. After pressing the flash key, if you do not issue the sub-command before the default sub- command timeout (2 seconds) expires or issue an invalid sub-command, the current operation will be aborted.
Page 171: Phone Screens
Use these screens to configure your phone settings. 12.2.1 Analog Phone Screen Use this screen to control which SIP accounts and PSTN line each phone uses. To access this screen, click VoIP > Phone > Analog Phone. Chapter 12 Phone P-2608HWL-Dx Series User’s Guide...
Page 172: Advanced Analog Phone Setup Screen
P-2608HWL-Dx Series User’s Guide Figure 92 VoIP > Phone > Analog Phone Each field is described in the following table. Table 60 VoIP > Phone > Analog Phone LABEL DESCRIPTION Phone Port Select the phone port you want to see in this screen. If you change this field, the Settings screen automatically refreshes.
Page 173: Figure 93 Voip > Phone > Analog Phone > Advanced
Click this to return to the Analog Phone screen without saving your changes. Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. Chapter 12 Phone P-2608HWL-Dx Series User’s Guide...
Page 174: Common Phone Settings Screen
P-2608HWL-Dx Series User’s Guide 12.2.3 Common Phone Settings Screen Use this screen to activate and deactivate immediate dialing. To access this screen, click VoIP > Phone > Common. Figure 94 VoIP > Phone > Common Each field is described in the following table.
Page 175: Figure 95 Voip > Phone > Region
You might have to subscribe to these services to use them. Contact your VoIP service provider. Apply Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click this to set every field in this screen to its last-saved value. Chapter 12 Phone P-2608HWL-Dx Series User’s Guide...
Page 176 P-2608HWL-Dx Series User’s Guide Chapter 12 Phone...
Page 177: Chapter 13 Phone Book
Use this screen to add, edit, or remove speed-dial numbers for outgoing calls. To access this screen, click VoIP > Phone Book > Speed Dial. Chapter 13 Phone Book P-2608HWL-Dx Series User’s Guide H A P T E R Phone Book...
Page 178: Figure 96 Phone Book > Speed Dial
P-2608HWL-Dx Series User’s Guide Figure 96 Phone Book > Speed Dial Each field is described in the following table. Table 64 Phone Book > Speed Dial LABEL DESCRIPTION Speed Dial Use this section to create or edit speed-dial entries. Speed Dial Select the speed-dial number you want to use for this phone number.
Page 179: Incoming Call Policy Screen
13.3 Incoming Call Policy Screen Use this screen to maintain rules for handling incoming calls. You can block, redirect, or accept them. To access this screen, click VoIP > Phone Book > Incoming Call Policy. Chapter 13 Phone Book P-2608HWL-Dx Series User’s Guide...
Page 180: Figure 97 Phone Book > Incoming Call Policy
P-2608HWL-Dx Series User’s Guide Figure 97 Phone Book > Incoming Call Policy You can create two sets of call-forwarding rules. Each one is stored in a call-forwarding table. Each field is described in the following table. Table 65 Phone Book > Incoming Call Policy...
Page 181: Group Ring Screen
You can also configure different rings for calls coming into various SIP accounts, coming into the PSTN line and internal calls. To access this screen, click VoIP > Phone Book > Group Ring. Chapter 13 Phone Book P-2608HWL-Dx Series User’s Guide...
Page 182: Figure 98 Phone Book > Group Ring
P-2608HWL-Dx Series User’s Guide Figure 98 Phone Book > Group Ring Each field is described in the following table. Table 66 Phone Book > Group Ring LABEL DESCRIPTION Active Select this if you want to activate the group ring feature. You also have to enable individual entries.
Page 183 Click this to save your changes and to apply them to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Chapter 13 Phone Book P-2608HWL-Dx Series User’s Guide number is part of any of the groups assigned above before checking which SIP account the call is coming to.
Page 184 P-2608HWL-Dx Series User’s Guide Chapter 13 Phone Book...
Page 185: Chapter 14 Pstn Line
Use this screen to set up the PSTN line you use to make regular phone calls. To access this screen, click VoIP > PSTN Line > General. Chapter 14 PSTN Line P-2608HWL-Dx Series User’s Guide H A P T E R PSTN Line...
Page 186: Figure 99 Voip > Pstn Line > General
P-2608HWL-Dx Series User’s Guide Figure 99 VoIP > PSTN Line > General Each field is described in the following table. Table 67 VoIP > PSTN Line > General LABEL DESCRIPTION PSTN Line Pre-fix Enter 1 - 7 telephone keys (0 - 9, #, *) you dial before you dial the phone number, if...
Page 187: Chapter 15 Firewalls
15.2.1 Packet Filtering Firewalls Packet filtering firewalls restrict access based on the source/destination computer network address of a packet and the type of application. Chapter 15 Firewalls P-2608HWL-Dx Series User’s Guide H A P T E R Firewalls to configure default firewall settings.
Page 188: Application-Level Firewalls
P-2608HWL-Dx Series User’s Guide 15.2.2 Application-level Firewalls Application-level firewalls restrict access by serving as proxies for external servers. Since they use programs written for specific Internet services, such as HTTP, FTP and telnet, they can evaluate network packets for valid application-specific data. Application-level gateways have...
Page 189: Denial Of Service Attacks
If the person configuring or managing the computer is not careful, a hacker could attack it over an unprotected port. Some of the most common IP ports are: Chapter 15 Firewalls P-2608HWL-Dx Series User’s Guide...
Page 190: Types Of Dos Attacks
P-2608HWL-Dx Series User’s Guide Table 68 Common IP Ports Telnet SMTP 15.4.2 Types of DoS Attacks There are four types of DoS attacks: 1 Those that exploit bugs in a TCP/IP implementation. 2 Those that exploit weaknesses in the TCP/IP specification.
Page 191: Figure 102 Syn Flood
"intermediary" network, but will also congest the network of the spoofed source IP address, known as the "victim" network. This flood of broadcast traffic consumes all available bandwidth, making communications impossible. Chapter 15 Firewalls P-2608HWL-Dx Series User’s Guide...
Page 192: Icmp Vulnerability
P-2608HWL-Dx Series User’s Guide Figure 103 Smurf Attack 15.4.2.1 ICMP Vulnerability ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert: Table 69 ICMP Commands That Trigger Alerts REDIRECT TIMESTAMP_REQUEST TIMESTAMP_REPLY ADDRESS_MASK_REQUEST ADDRESS_MASK_REPLY 15.4.2.2 Illegal Commands (NetBIOS and SMTP)
Page 193: Traceroute
LAN that originates from the Internet. In summary, stateful inspection: • Allows all sessions originating from the LAN (local network) to the WAN (Internet). • Denies all sessions originating from the WAN to the LAN. Figure 104 Stateful Inspection Chapter 15 Firewalls P-2608HWL-Dx Series User’s Guide...
Page 194: Stateful Inspection Process
P-2608HWL-Dx Series User’s Guide The previous figure shows the ZyXEL Device’s default firewall rules in action as well as demonstrates how stateful inspection works. User A can initiate a Telnet session from within the LAN and responses to this request are allowed. However other Telnet traffic initiated from the WAN is blocked.
Page 195: Tcp Security
For a short period of time, UDP packets from the WAN that have matching IP and UDP information will be allowed back in through the firewall. Chapter 15 Firewalls P-2608HWL-Dx Series User’s Guide...
Page 196: Upper Layer Protocols
P-2608HWL-Dx Series User’s Guide A similar situation exists for ICMP, except that the ZyXEL Device is even more restrictive. Specifically, only outgoing echoes will allow incoming echo replies, outgoing address mask requests will allow incoming address mask replies, and outgoing timestamp requests will allow incoming timestamp replies.
Page 197: Packet Filtering Vs Firewall
• Packet filtering is a powerful tool, yet can be complex to configure and maintain, especially if you need a chain of rules to filter a service. • Packet filtering only checks the header portion of an IP packet. Chapter 15 Firewalls P-2608HWL-Dx Series User’s Guide...
Page 198: When To Use Filtering
P-2608HWL-Dx Series User’s Guide 15.7.1.1 When To Use Filtering • To block/allow LAN packets by their MAC addresses. • To block/allow special IP packets which are neither TCP nor UDP, nor ICMP packets. • To block/allow both inbound (WAN to LAN) and outbound (LAN to WAN) traffic between the specific inside host/network "A"...
Page 199: Firewall Configuration
You may define additional rules and sets or modify existing ones but please exercise extreme caution in doing so. Chapter 16 Firewall Configuration H A P T E R Firewall Configuration • WAN to LAN • WAN to WAN/ Router P-2608HWL-Dx Series User’s Guide...
Page 200: Rule Logic Overview
P-2608HWL-Dx Series User’s Guide Note: If you configure firewall rules without a good understanding of how they work, you might inadvertently introduce security risks to the firewall and to the protected network. Make sure you test your rules after you configure them.
Page 201: Key Fields For Configuring Rules
LAN-to-LAN (the policies that control routing between two subnets on the LAN). Similarly, WAN to WAN/ Router polices apply in the same way to the WAN port. Chapter 16 Firewall Configuration Appendix D on page 387 for more information on predefined services. P-2608HWL-Dx Series User’s Guide...
Page 202: Lan To Wan Rules
P-2608HWL-Dx Series User’s Guide 16.4.1 LAN to WAN Rules The default rule for LAN to WAN traffic is that all users on the LAN are allowed non- restricted access to the WAN. When you configure a LAN to WAN rule, you in essence want to limit some or all users from accessing certain services on the WAN.
Page 203: Firewall Rules Summary
Click Security > Firewall > Rules to bring up the following screen. This screen displays a list of the configured firewall rules. Note the order in which the rules are listed. Chapter 16 Firewall Configuration P-2608HWL-Dx Series User’s Guide directly to a LAN computer without passing through the router. See Appendix F on page 399 route topology and how to deal with this problem.
Page 204: Figure 106 Firewall Rules
P-2608HWL-Dx Series User’s Guide Figure 106 Firewall Rules The following table describes the labels in this screen. Table 73 Firewall Rules LABEL DESCRIPTION Firewall Rules This read-only bar shows how much of the ZyXEL Device's memory for recording Storage Space firewall rules it is currently using.
Page 205: Configuring Firewall Rules
In the Rules screen, select an index number and click Add or click a rule’s Edit icon to display this screen and refer to the following table for information on the labels. Chapter 16 Firewall Configuration P-2608HWL-Dx Series User’s Guide for more information.
Page 206: Figure 107 Firewall: Edit Rule
P-2608HWL-Dx Series User’s Guide Figure 107 Firewall: Edit Rule Chapter 16 Firewall Configuration...
Page 207: Table 74 Firewall: Edit Rule
Select the check box to have the ZyXEL Device generate an alert when the rule to Administrator is matched. When Matched Back Click Back to return to the previous screen. Chapter 16 Firewall Configuration P-2608HWL-Dx Series User’s Guide Appendix D on page 387 for more information on services available.
Page 208: Customized Services
P-2608HWL-Dx Series User’s Guide Table 74 Firewall: Edit Rule (continued) LABEL DESCRIPTION Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to exit this screen without saving. 16.6.2 Customized Services Configure customized services and port numbers not predefined by the ZyXEL Device. For a comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number Authority) website.
Page 209: Configuring A Customized Service
Click Delete to delete the current rule. 16.7 Example Firewall Rule The following Internet firewall rule example allows a hypothetical “MyService” connection from the Internet. 1 Click Security > Firewall > Rules. Chapter 16 Firewall Configuration P-2608HWL-Dx Series User’s Guide for more information.
Page 210: Figure 110 Firewall Example: Rules
P-2608HWL-Dx Series User’s Guide 2 Select WAN to LAN in the Packet Direction field. Figure 110 Firewall Example: Rules 3 In the Rules screen, select the index number after that you want to add the rule. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
Page 211: Figure 112 Firewall Example: Edit Rule: Destination Address
P-2608HWL-Dx Series User’s Guide Figure 112 Firewall Example: Edit Rule: Destination Address 9 Use the Add >> and Remove buttons between Available Services and Selected Services list boxes to configure it as follows. Click Apply when you are done. Note: Custom services show up with an “*” before their names in the Services list box and the Rules list box.
Page 212: Figure 113 Firewall Example: Edit Rule: Select Customized Services
P-2608HWL-Dx Series User’s Guide Figure 113 Firewall Example: Edit Rule: Select Customized Services On completing the configuration procedure for this Internet firewall rule, the Rules screen should look like the following. Rule 1 allows a “MyService” connection from the WAN to IP addresses 10.0.0.10 through 10.0.0.15 on the LAN.
Page 213: Dos Thresholds
If your network is slower than average for any of these factors (especially if you have servers that are slow or handle many tasks and are often busy), then the default values should be reduced. Chapter 16 Firewall Configuration P-2608HWL-Dx Series User’s Guide to configure thresholds.
Page 214: Half-Open Sessions
P-2608HWL-Dx Series User’s Guide You should make any changes to the threshold values before you continue configuring firewall rules. 16.8.2 Half-Open Sessions An unusually high number of half-open sessions (either an absolute number or measured as the arrival rate) could indicate that a Denial of Service attack is occurring. For TCP, "half- open"...
Page 215: Configuring Firewall Thresholds
ZyXEL Device deletes half-open sessions as required to accommodate new connection attempts. Chapter 16 Firewall Configuration P-2608HWL-Dx Series User’s Guide DEFAULT VALUES 80 existing half-open sessions. 100 half-open sessions per minute. The above numbers cause the...
Page 216 P-2608HWL-Dx Series User’s Guide Table 77 Firewall: Threshold (continued) LABEL DESCRIPTION Maximum This is the number of existing half-open Incomplete Low sessions that causes the firewall to stop deleting half-open sessions. The ZyXEL Device continues to delete half-open requests as necessary, until the number of existing half-open sessions drops below this number.
Page 217: Chapter 17 Content Filtering
To have your ZyXEL Device block Web sites containing keywords in their URLs, click Security > Content Filter. The screen appears as shown. Figure 116 Content Filter: Keyword Chapter 17 Content Filtering P-2608HWL-Dx Series User’s Guide H A P T E R Content Filtering...
Page 218: Configuring The Schedule
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 78 Content Filter: Keyword LABEL Active Keyword Blocking Block Websites that contain these keywords in the URL: Delete Clear All Keyword Add Keyword Apply Cancel 17.3 Configuring the Schedule To set the days and times for the ZyXEL Device to perform content filtering, click Security >...
Page 219: Configuring Trusted Computers
From Apply Cancel Chapter 17 Content Filtering P-2608HWL-Dx Series User’s Guide DESCRIPTION Type the IP address of a computer (or the beginning IP address of a specific range of computers) on the LAN that you want to exclude from content filtering.
Page 220 P-2608HWL-Dx Series User’s Guide Chapter 17 Content Filtering...
Page 221: Chapter 18 Ipsec Vpn
IPSec SA through which the ZyXEL Device and remote IPSec router can send data between computers on the local network and remote network. This is illustrated in the following figure. Chapter 18 IPSec VPN P-2608HWL-Dx Series User’s Guide H A P T E R IPSec VPN...
Page 222: Ike Sa Overview
P-2608HWL-Dx Series User’s Guide Figure 120 VPN: IKE SA and IPSec SA In this example, a computer in network A is exchanging data with a computer in network B. Inside networks A and B, the data is transmitted the same way data is normally transmitted in the networks.
Page 223: Ike Sa Proposal
For example, DH2 keys (1024 bits) are more secure than DH1 keys (768 bits), but DH2 encryption keys take longer to encrypt and decrypt. Chapter 18 IPSec VPN P-2608HWL-Dx Series User’s Guide Section 18.1.1.3 on page 223 for more...
Page 224: Authentication
P-2608HWL-Dx Series User’s Guide 18.1.1.4 Authentication Before the ZyXEL Device and remote IPSec router establish an IKE SA, they have to verify each other’s identity. This process is based on pre-shared keys and router identities. In main mode, the ZyXEL Device and remote IPSec router authenticate each other in steps 5 and 6, as illustrated below.
Page 225: Extended Authentication
ZyXEL Device to check a user name and password that is provided by the remote IPSec router. Chapter 18 IPSec VPN P-2608HWL-Dx Series User’s Guide REMOTE IPSEC ROUTER Local ID type: IP Local ID content: 1.1.1.2...
Page 226: Additional Topics For Ike Sa
P-2608HWL-Dx Series User’s Guide 18.1.2 Additional Topics for IKE SA This section provides more information about IKE SA. 18.1.2.1 Negotiation Mode There are two negotiation modes: main mode and aggressive mode. Main mode provides better security, while aggressive mode is faster.
Page 227: Ipsec Sa Overview
Note: An IPSec SA stays connected even if the underlying IKE SA is not available anymore. This section introduces the key components of IPSec SA. Chapter 18 IPSec VPN P-2608HWL-Dx Series User’s Guide for more information about active protocols.)
Page 228: Local Network And Remote Network
P-2608HWL-Dx Series User’s Guide 18.1.3.1 Local Network and Remote Network In IPSec SA terminology, the local network, the one(s) connected to the ZyXEL Device, may be called the local policy. Similarly, the remote network, the one(s) connected to the remote IPSec router, may be called the remote policy.
Page 229: Ipsec Sa Proposal And Perfect Forward Secrecy
IKE SAs and some characteristics of IPSec SAs. There are also some differences between IPSec SAs using manual keys and other types of SAs. Chapter 18 IPSec VPN P-2608HWL-Dx Series User’s Guide Section 18.1.1.2 on page 223),...
Page 230: Vpn Setup Screen
P-2608HWL-Dx Series User’s Guide 18.1.4.1.1 IPSec SA Proposal using Manual Keys In IPSec SAs using manual keys, you can only specify one encryption algorithm and one authentication algorithm. You cannot specify several proposals. There is no DH key exchange, so you have to provide the encryption key and the authentication key the ZyXEL Device and remote IPSec router use.
Page 231: Figure 126 Vpn Setup
Range. A (static) IP address and a subnet mask are displayed when the Local Address Type field in the VPN-IKE (or VPN-Manual Key) screen is configured to Subnet. Chapter 18 IPSec VPN P-2608HWL-Dx Series User’s Guide...
Page 232: Editing Vpn Policies
P-2608HWL-Dx Series User’s Guide Table 83 VPN Setup LABEL DESCRIPTION Remote This is the IP address(es) of computer(s) on the remote network behind the remote Address IPSec router. This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In this case only the remote IPSec router can initiate the VPN.
Page 233: Figure 127 Edit Vpn Policies
Select Yes to have the ZyXEL Device automatically reinitiate the SA after the SA lifetime times out, even if there is no traffic. The remote IPSec router must also have keep alive enabled in order for this feature to work. Chapter 18 IPSec VPN P-2608HWL-Dx Series User’s Guide...
Page 234 P-2608HWL-Dx Series User’s Guide Table 84 Edit VPN Policies LABEL DESCRIPTION NAT Traversal This function is available if the VPN protocol is ESP. Select this check box if you want to set up a VPN tunnel when there are NAT routers between the ZyXEL Device and remote IPSec router.
Page 235 VPN tunnel when using dial backup or the LAN IP address when using traffic redirect. See traffic redirect. Chapter 18 IPSec VPN P-2608HWL-Dx Series User’s Guide Chapter 7 on page 89 for details on dial backup and...
Page 236 P-2608HWL-Dx Series User’s Guide Table 84 Edit VPN Policies LABEL DESCRIPTION Peer ID Type Select IP to identify the remote IPSec router by its IP address. Select DNS to identify the remote IPSec router by a domain name. Select E-mail to identify the remote IPSec router by an e-mail address.
Page 237: Configuring Advanced Ike Settings
Advanced Setup Click Advanced Setup to configure more detailed settings of your IKE key management. 18.4 Configuring Advanced IKE Settings Click Advanced in the Chapter 18 IPSec VPN Edit VPN Policies screen to open this screen. P-2608HWL-Dx Series User’s Guide...
Page 238: Figure 128 Advanced Vpn Policies
P-2608HWL-Dx Series User’s Guide Figure 128 Advanced VPN Policies The following table describes the fields in this screen. Table 85 Advanced VPN Policies LABEL DESCRIPTION VPN - IKE Protocol Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any protocol.
Page 239 This implementation of AES uses a 128-bit key. AES is faster than 3DES. Select NULL to set up a tunnel without encryption. When you select NULL, you do not enter an encryption key. Chapter 18 IPSec VPN P-2608HWL-Dx Series User’s Guide...
Page 240: Configuring Manual Key
P-2608HWL-Dx Series User’s Guide Table 85 Advanced VPN Policies LABEL DESCRIPTION Authentication Select SHA1 or MD5 from the drop-down list box. MD5 (Message Digest 5) and Algorithm SHA1 (Secure Hash Algorithm) are hash algorithms used to authenticate packet data. The SHA1 algorithm is generally considered stronger than MD5, but is slower.
Page 241: Figure 129 Vpn: Manual Key
IKE key management. Type a number (base 10) from 1 to 999999 for the Security Parameter Index. Encapsulation Select Tunnel mode or Transport mode from the drop-down list box. Mode Chapter 18 IPSec VPN P-2608HWL-Dx Series User’s Guide...
Page 242 P-2608HWL-Dx Series User’s Guide Table 86 VPN: Manual Key (continued) LABEL DESCRIPTION DNS Server (for If there is a private DNS server that services the VPN, type its IP address here. IPSec VPN) The ZyXEL Device assigns this additional DNS server to the ZyXEL Device 's DHCP clients that have IP addresses in this IPSec rule's range of local addresses.
Page 243: Viewing Sa Monitor
This screen displays active VPN connections. Use Refresh to display active VPN connections. This screen is read-only. The following table describes the fields in this tab. Chapter 18 IPSec VPN P-2608HWL-Dx Series User’s Guide Chapter 7 on page 89 for details on dial backup and...
Page 244: Figure 130 Vpn: Sa Monitor
P-2608HWL-Dx Series User’s Guide When there is outbound traffic but no inbound traffic, the SA times out automatically after two minutes. A tunnel with no outbound or inbound traffic is "idle" and does not timeout until the SA lifetime period expires. See Device renegotiate an IPSec SA when the SA lifetime expires, even if there is no traffic.
Page 245: Configuring Global Setting
Select this check box to send NetBIOS packets through the VPN connection. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to begin configuring this screen afresh. P-2608HWL-Dx Series User’s Guide...
Page 246: Telecommuters Using Unique Vpn Rules Example
P-2608HWL-Dx Series User’s Guide Figure 132 Telecommuters Sharing One VPN Rule Example Table 89 Telecommuters Sharing One VPN Rule Example FIELDS TELECOMMUTERS My IP Address: 0.0.0.0 (dynamic IP address assigned by the ISP) Secure Gateway IP Public static IP address...
Page 247: Figure 133 Telecommuters Using Unique Vpn Rules Example
Local IP Address: 192.168.3.2 Telecommuter C (telecommuterc.dydns.org) Local ID Type: E-mail Local ID Content: myVPN@myplace.com Local IP Address: 192.168.4.15 Chapter 18 IPSec VPN P-2608HWL-Dx Series User’s Guide HEADQUARTERS All Headquarters Rules: My IP Address: bigcompanyhq.com Local IP Address: 192.168.1.10 Local ID Type: E-mail Local ID Content: bob@bigcompanyhq.com...
Page 248: Vpn And Remote Management
P-2608HWL-Dx Series User’s Guide 18.9 VPN and Remote Management If a VPN tunnel uses Telnet, FTP, WWW, then you should configure remote management (Advanced > Remote Management) to allow access for that service. Chapter 18 IPSec VPN...
Page 249: Chapter 19 Certificates
DES encryption algorithm. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority’s public key to verify the certificates. Chapter 19 Certificates P-2608HWL-Dx Series User’s Guide H A P T E R Certificates...
Page 250: Advantages Of Certificates
P-2608HWL-Dx Series User’s Guide A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has expired or been revoked. Certification authorities maintain directory servers with databases of valid and revoked certificates.
Page 251: My Certificates
The factory default certificate is common to all ZyXEL Devices that use certificates. ZyXEL recommends that you use this button to replace the factory default certificate with one that uses your ZyXEL Device's MAC address. Chapter 19 Certificates P-2608HWL-Dx Series User’s Guide...
Page 252 P-2608HWL-Dx Series User’s Guide Table 91 My Certificates (continued) LABEL DESCRIPTION This field displays the certificate index number. The certificates are listed in alphabetical order. Name This field displays the name used to identify this certificate. It is recommended that you give each certificate a unique name.
Page 253: My Certificate Import
PKS#7 file that contains a single certificate. • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form. Figure 136 My Certificate Import Chapter 19 Certificates P-2608HWL-Dx Series User’s Guide...
Page 254: My Certificate Create
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 92 My Certificate Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it.
Page 255: Table 93 My Certificate Create
You also need to fill in the Reference Number and Key if the certification authority requires them. P-2608HWL-Dx Series User’s Guide...
Page 256: My Certificate Details
P-2608HWL-Dx Series User’s Guide Table 93 My Certificate Create (continued) LABEL Enrollment Protocol CA Server Address CA Certificate Request Authentication Apply Cancel After you click Apply in the My Certificate Create screen, you see a screen that tells you the ZyXEL Device is generating the self-signed certificate or certification request.
Page 257: Figure 138 My Certificate Details
P-2608HWL-Dx Series User’s Guide Figure 138 My Certificate Details Chapter 19 Certificates...
Page 258: Table 94 My Certificate Details
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 94 My Certificate Details LABEL Name Property Default self-signed certificate which signs the imported remote host certificates. Certification Path Refresh Certificate Information Type Version Serial Number...
Page 259: Trusted Cas
Click Cancel to quit and return to the My Certificates screen. P-2608HWL-Dx Series User’s Guide...
Page 260: Figure 139 Trusted Cas
P-2608HWL-Dx Series User’s Guide Figure 139 Trusted CAs The following table describes the labels in this screen. Table 95 Trusted CAs LABEL DESCRIPTION PKI Storage This bar displays the percentage of the ZyXEL Device’s PKI storage space that is Space in Use currently in use.
Page 261: Trusted Ca Import
Click Browse to find the certificate file you want to upload. Apply Click Apply to save the certificate on the ZyXEL Device. Cancel Click Cancel to quit and return to the Trusted CAs screen. Chapter 19 Certificates P-2608HWL-Dx Series User’s Guide...
Page 262: Trusted Ca Details
P-2608HWL-Dx Series User’s Guide 19.10 Trusted CA Details Click Security > Certificates > Trusted CAs to open the Trusted CAs screen. Click the details icon to open the Trusted CA Details screen. Use this screen to view in-depth information about the certification authority’s certificate, change the certificate’s name and set whether or not you want the ZyXEL Device to check a certification authority’s list of revoked...
Page 263: Table 97 Trusted Ca Details
Not Yet Valid! message if the certificate has not yet become applicable. This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired. P-2608HWL-Dx Series User’s Guide...
Page 264: Trusted Remote Hosts
P-2608HWL-Dx Series User’s Guide Table 97 Trusted CA Details (continued) LABEL Key Algorithm Subject Alternative Name Key Usage Basic Constraint CRL Distribution Points MD5 Fingerprint SHA1 Fingerprint Certificate in PEM (Base-64) Encoded Format Export Apply Cancel 19.11 Trusted Remote Hosts Click Security >...
Page 265: Figure 142 Trusted Remote Hosts
Click Import to open a screen where you can save the certificate of a remote host (which you trust) from your computer to the ZyXEL Device. Refresh Click this button to display the current validity status of the certificates. Chapter 19 Certificates P-2608HWL-Dx Series User’s Guide...
Page 266: Verifying A Trusted Remote Host's Certificate
P-2608HWL-Dx Series User’s Guide 19.12 Verifying a Trusted Remote Host’s Certificate Certificates issued by certification authorities have the certification authority’s signature for you to check. Self-signed certificates only have the signature of the host itself. This means that you must be very careful when deciding to import (and thereby trust) a remote host’s self- signed certificate.
Page 267: Trusted Remote Hosts Import
Click the details icon to open the Trusted Remote Host Details screen. You can use this screen to view in-depth information about the trusted remote host’s certificate and/or change the certificate’s name. Chapter 19 Certificates P-2608HWL-Dx Series User’s Guide ZyXEL Device...
Page 268: Figure 146 Trusted Remote Host Details
P-2608HWL-Dx Series User’s Guide Figure 146 Trusted Remote Host Details Chapter 19 Certificates...
Page 269: Table 100 Trusted Remote Host Details
This field displays general information about the certificate. For example, Subject Type=CA means that this is a certification authority’s certificate and “Path Length Constraint=1” means that there can only be one certification authority in the certificate’s path. P-2608HWL-Dx Series User’s Guide...
Page 270: Directory Servers
P-2608HWL-Dx Series User’s Guide Table 100 Trusted Remote Host Details (continued) LABEL MD5 Fingerprint SHA1 Fingerprint Certificate in PEM (Base-64) Encoded Format Export Apply Cancel 19.15 Directory Servers Click Security > Certificates > Directory Servers to open the Directory Servers screen.
Page 271: Directory Server Add Or Edit
Click Security > Certificates > Directory Servers to open the Directory Servers screen. Click Add (or the details icon) to open the Directory Server Add screen. Use this screen to configure information about a directory server that the ZyXEL Device can access. Chapter 19 Certificates P-2608HWL-Dx Series User’s Guide...
Page 272: Figure 148 Directory Server Add
P-2608HWL-Dx Series User’s Guide Figure 148 Directory Server Add The following table describes the labels in this screen. Table 102 Directory Server Add LABEL DESCRIPTION Directory Service Setting Name Type up to 31 ASCII characters (spaces are not permitted) to identify this directory server.
Page 273: Chapter 20 Static Route
ZyXEL Device about the networks beyond the remote nodes. Figure 149 Example of Static Routing Topology 20.2 Configuring Static Route Click Advanced > Static Route to open the Static Route screen. Chapter 20 Static Route P-2608HWL-Dx Series User’s Guide H A P T E R Static Route...
Page 274: Static Route Edit
P-2608HWL-Dx Series User’s Guide Figure 150 Static Route The following table describes the labels in this screen. Table 103 Static Route LABEL DESCRIPTION This is the number of an individual static route. Active This field shows whether this static route is active (Yes) or not (No).
Page 275: Figure 151 Static Route Edit
Back Click Back to return to the previous screen without saving. Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Chapter 20 Static Route P-2608HWL-Dx Series User’s Guide...
Page 276 P-2608HWL-Dx Series User’s Guide Chapter 20 Static Route...
Page 277: Chapter 21 Bandwidth Management
You can create bandwidth classes based on individual applications (like VoIP, Web, FTP, E- mail and Video for example). 21.3 Subnet-based Bandwidth Management You can create bandwidth classes based on subnets. Chapter 21 Bandwidth Management P-2608HWL-Dx Series User’s Guide H A P T E R...
Page 278: Application And Subnet-Based Bandwidth Management
P-2608HWL-Dx Series User’s Guide The following figure shows LAN subnets. You could configure one bandwidth class for subnet A and another for subnet B. Figure 152 Subnet-based Bandwidth Management Example 21.4 Application and Subnet-based Bandwidth Management You could also create bandwidth classes based on a combination of a subnet and an application.
Page 279: Fairness-Based Scheduler
2 Leave some of the interface’s bandwidth unbudgeted. Make sure that the interface’s root class has more bandwidth than the sum of the bandwidths of the interface’s bandwidth management rules. Chapter 21 Bandwidth Management P-2608HWL-Dx Series User’s Guide Figure 153 on page 282) allows the ZyXEL...
Page 280: Maximize Bandwidth Usage Example
P-2608HWL-Dx Series User’s Guide 21.6.2 Maximize Bandwidth Usage Example Here is an example of a ZyXEL Device that has maximize bandwidth usage enabled on an interface. The following table shows each bandwidth class’s bandwidth budget. The classes are set up based on subnets. The interface is set to 10240 kbps. Each subnet is allocated 2048 kbps.
Page 281: Fairness-Based Allotment Of Unused & Unbudgeted Bandwidth
This is typically used for non-critical “background” traffic such as bulk transfers that are allowed but that should not affect other applications and users. Chapter 21 Bandwidth Management P-2608HWL-Dx Series User’s Guide Administration: 1024 kbps Sales: 3072 kbps Marketing: 3072 kbps...
Page 282: Over Allotment Of Bandwidth
P-2608HWL-Dx Series User’s Guide 21.7 Over Allotment of Bandwidth You can set the bandwidth management speed for an interface higher than the interface’s actual transmission speed. Higher priority traffic gets to use up to its allocated bandwidth, even if it takes up all of the interface’s available bandwidth. This could stop lower priority traffic from being sent.
Page 283: Bandwidth Management Rule Setup
Chapter 21 Bandwidth Management only uses up to the amount of bandwidth that you configure here. The ZyXEL Device does not use any more bandwidth for the interface’s connections, even if the interface has more outgoing bandwidth. P-2608HWL-Dx Series User’s Guide...
Page 284: Figure 154 Bandwidth Management: Rule Setup
P-2608HWL-Dx Series User’s Guide Figure 154 Bandwidth Management: Rule Setup The following table describes the labels in this screen. Table 112 Bandwidth Management: Rule Setup LABEL DESCRIPTION Direction Select LAN to apply bandwidth management to traffic that the ZyXEL Device forwards to the LAN.
Page 285: Rule Configuration
Enable a bandwidth management rule to give traffic that matches the rule priority over traffic that does not match the rule. Enabling a bandwidth management rule also allows you to control the maximum amounts of bandwidth that can be used by traffic that matches the rule. P-2608HWL-Dx Series User’s Guide...
Page 286 P-2608HWL-Dx Series User’s Guide Table 113 Bandwidth Management Rule Configuration (continued) LABEL Rule Name BW Budget Priority Use All Managed Bandwidth Filter Configuration Service Destination Address Enter the destination IP address in dotted decimal notation. Destination Subnet Netmask Destination Port...
Page 287: Bandwidth Monitor
Select the protocol (TCP or UDP) or select User defined and enter the protocol (service type) number. 0 means any protocol number. Click Back to go to the previous screen. Click Apply to save your changes back to the ZyXEL Device. Click Cancel to begin configuring this screen afresh. P-2608HWL-Dx Series User’s Guide...
Page 288 P-2608HWL-Dx Series User’s Guide Chapter 21 Bandwidth Management...
Page 289: Chapter 22 Dynamic Dns Setup
To change your ZyXEL Device’s DDNS, click Advanced > Dynamic DNS. The screen appears as shown. Section 22.1 on page 289 Chapter 22 Dynamic DNS Setup P-2608HWL-Dx Series User’s Guide H A P T E R Dynamic DNS Setup for configuration instruction.
Page 290: Figure 157 Dynamic Dns
P-2608HWL-Dx Series User’s Guide Figure 157 Dynamic DNS The following table describes the fields in this screen. Table 114 Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Active Dynamic Select this check box to use dynamic DNS. Service Provider This is the name of your Dynamic DNS service provider.
Page 291 Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Chapter 22 Dynamic DNS Setup P-2608HWL-Dx Series User’s Guide address if there is an HTTP proxy server between the ZyXEL Device and the DDNS server.
Page 292 P-2608HWL-Dx Series User’s Guide Chapter 22 Dynamic DNS Setup...
Page 293: Remote Management Configuration
1 Console 2 Telnet 3 HTTPS and HTTP 23.1.1 Remote Management Limitations Remote management over LAN or WAN will not work when: Chapter 23 Remote Management Configuration P-2608HWL-Dx Series User’s Guide H A P T E R Remote Management Configuration...
Page 294: Remote Management And Nat
P-2608HWL-Dx Series User’s Guide • You have disabled that service in one of the remote management screens. • The IP address in the Secured Client IP field does not match the client IP address. If it does not match, the ZyXEL Device will disconnect the session immediately.
Page 295: Www
ZyXEL Device blocks all HTTP connection attempts. 23.3 WWW To change your ZyXEL Device’s World Wide Web settings, click Advanced > Remote MGMT to display the WWW screen. Figure 159 Remote Management: WWW Chapter 23 Remote Management Configuration P-2608HWL-Dx Series User’s Guide...
Page 296: Telnet
P-2608HWL-Dx Series User’s Guide The following table describes the labels in this screen. Table 115 Remote Management: WWW LABEL DESCRIPTION Port You may change the server port number for a service if needed, however you must use the same port number in order to use that service for remote management.
Page 297: Configuring Telnet
Choose Selected to just allow the computer with the IP address that you specify to access the ZyXEL Device using this service. Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. Chapter 23 Remote Management Configuration P-2608HWL-Dx Series User’s Guide DESCRIPTION...
Page 298: Configuring Ftp
P-2608HWL-Dx Series User’s Guide 23.6 Configuring FTP You can upload and download the ZyXEL Device’s firmware and configuration files using FTP, please see Chapter 27 on page 331 have an FTP client. To change your ZyXEL Device’s FTP settings, click Advanced > Remote MGMT > FTP tab.
Page 299: Snmp
SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: • Get - Allows the manager to retrieve an object variable from the agent. Chapter 23 Remote Management Configuration P-2608HWL-Dx Series User’s Guide...
Page 300: Supported Mibs
P-2608HWL-Dx Series User’s Guide • GetNext - Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.
Page 301: Figure 164 Remote Management: Snmp
SNMP manager. The default is public and allows all requests. Type the IP address of the station to send your SNMP traps to. Click Apply to save your customized settings and exit this screen. Click Cancel to begin configuring this screen afresh. P-2608HWL-Dx Series User’s Guide...
Page 302: Configuring Dns
P-2608HWL-Dx Series User’s Guide 23.8 Configuring DNS Use DNS (Domain Name System) to map a domain name to its corresponding IP address and vice versa. Refer to Chapter 8 on page 105 To change your ZyXEL Device’s DNS settings, click Advanced > Remote MGMT > DNS.
Page 303: Figure 166 Remote Management: Icmp
Apply Click Apply to save your customized settings and exit this screen. Cancel Click Cancel to begin configuring this screen afresh. Chapter 23 Remote Management Configuration P-2608HWL-Dx Series User’s Guide sys firewall tcprst rst [on|off] " to...
Page 304: 304
P-2608HWL-Dx Series User’s Guide 23.10 TR-069 TR-069 is a protocol that defines how your ZyXEL Device can be managed via a management server such as ZyXEL’s Vantage CNM Access. An administrator can use CNM Access to remotely set up the ZyXEL Device, modify settings, perform firmware upgrades as well as monitor and diagnose the ZyXEL Device.
Page 305 [sec] save Chapter 23 Remote Management Configuration P-2608HWL-Dx Series User’s Guide Description Whether or not the device must periodically send information to CNM Access. It is recommended to set this value to 1 in order for the ZyXEL Device to send information to CNM Access.
Page 306 P-2608HWL-Dx Series User’s Guide Chapter 23 Remote Management Configuration...
Page 307: Universal Plug-And-Play (Upnp)
Windows Messenger is an example of an application that supports NAT traversal and UPnP. Chapter 10 on page 139 Chapter 24 Universal Plug-and-Play (UPnP) P-2608HWL-Dx Series User’s Guide H A P T E R for configuration instructions. for more information on NAT.
Page 308: Cautions With Upnp
P-2608HWL-Dx Series User’s Guide 24.1.3 Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments.
Page 309: Table 123 Configuring Upnp
2 Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Chapter 24 Universal Plug-and-Play (UPnP) P-2608HWL-Dx Series User’s Guide DESCRIPTION Select this check box to activate UPnP. Be aware that anyone could use...
Page 310: Figure 169 Add/Remove Programs: Windows Setup: Communication
P-2608HWL-Dx Series User’s Guide Figure 169 Add/Remove Programs: Windows Setup: Communication 3 In the Communications window, select the Universal Plug and Play check box in the Components selection box. Figure 170 Add/Remove Programs: Windows Setup: Communication: Components 4 Click OK to go back to the Add/Remove Programs Properties window and click Next.
Page 311: Installing Upnp In Windows Xp
Networking Service in the Components selection box and click Details. Figure 172 Windows Optional Networking Components Wizard 5 In the Networking Services window, select the Universal Plug and Play check box. Chapter 24 Universal Plug-and-Play (UPnP) P-2608HWL-Dx Series User’s Guide...
Page 312: Using Upnp In Windows Xp Example
P-2608HWL-Dx Series User’s Guide Figure 173 Networking Services 6 Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 24.4 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP. You must already have UPnP installed in Windows XP and UPnP activated on the ZyXEL Device.
Page 313: Figure 174 Network Connections
P-2608HWL-Dx Series User’s Guide Figure 174 Network Connections 3 In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Figure 175 Internet Connection Properties Chapter 24 Universal Plug-and-Play (UPnP)
Page 314: Figure 176 Internet Connection Properties: Advanced Settings
P-2608HWL-Dx Series User’s Guide 4 You may edit or delete the port mappings or click Add to manually add port mappings. Figure 176 Internet Connection Properties: Advanced Settings Figure 177 Internet Connection Properties: Advanced Settings: Add 5 When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
Page 315: Figure 178 System Tray Icon
ZyXEL Device. Follow the steps below to access the web configurator. 1 Click Start and then Control Panel. 2 Double-click Network Connections. 3 Select My Network Places under Other Places. Chapter 24 Universal Plug-and-Play (UPnP) P-2608HWL-Dx Series User’s Guide...
Page 316: Figure 180 Network Connections
P-2608HWL-Dx Series User’s Guide Figure 180 Network Connections 4 An icon with the description for each UPnP-enabled device displays under Local Network. 5 Right-click on the icon for your ZyXEL Device and select Invoke. The web configurator login screen displays.
Page 317: Figure 181 Network Connections: My Network Places
P-2608HWL-Dx Series User’s Guide Figure 181 Network Connections: My Network Places 6 Right-click on the icon for your ZyXEL Device and select Properties. A properties window displays with basic information about the ZyXEL Device. Figure 182 Network Connections: My Network Places: Properties: Example...
Page 318 P-2608HWL-Dx Series User’s Guide Chapter 24 Universal Plug-and-Play (UPnP)
Page 319: Chapter 25 System
(System Name), the domain name can be assigned from the ZyXEL Device via DHCP. Click Maintenance > System to open the General screen. Chapter 25 System P-2608HWL-Dx Series User’s Guide H A P T E R System...
Page 320: Figure 183 System General Setup
P-2608HWL-Dx Series User’s Guide Figure 183 System General Setup The following table describes the labels in this screen. Table 124 System General Setup LABEL DESCRIPTION General Setup System Name Choose a descriptive name for identification purposes. It is recommended you enter your computer’s “Computer name”...
Page 321: Time Setting
Select this to enter the time and date manually. If you configure a new time and date, Time Zone and Daylight Saving at the same time, the new time and date you entered has priority and the Time Zone and Daylight Saving settings do not affect Chapter 25 System P-2608HWL-Dx Series User’s Guide...
Page 322 P-2608HWL-Dx Series User’s Guide Table 125 System Time Setting (continued) LABEL DESCRIPTION New Time This field displays the last updated time from the time server or the last time configured manually. (hh:mm:ss) When you set Time and Date Setup to Manual, enter the new time in this field and then click Apply.
Page 323 In Germany for instance, you would type 2 because Germany's time zone is one hour ahead of GMT or UTC (GMT+1). Apply Click Apply to save your changes back to the ZyXEL Device. Cancel Click Cancel to begin configuring this screen afresh. Chapter 25 System P-2608HWL-Dx Series User’s Guide...
Page 324 P-2608HWL-Dx Series User’s Guide Chapter 25 System...
Page 325: Chapter 26 Logs
Log entries in red indicate alerts. The log wraps around and deletes the old entries after it fills. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order. Chapter 26 Logs P-2608HWL-Dx Series User’s Guide H A P T E R Section 26.3 on page Logs...
Page 326: Configuring Log Settings
P-2608HWL-Dx Series User’s Guide Figure 185 View Log The following table describes the fields in this screen. Table 126 View Log LABEL DESCRIPTION Display The categories that you select in the Log Settings screen display in the drop-down list box.
Page 327: Figure 186 Log Settings
E-mail. Mail Subject Type a title that you want to be in the subject line of the log e-mail message that the ZyXEL Device sends. Not all ZyXEL Device models have this field. Chapter 26 Logs P-2608HWL-Dx Series User’s Guide...
Page 328 P-2608HWL-Dx Series User’s Guide Table 127 Log Settings LABEL DESCRIPTION Send Log to The ZyXEL Device sends logs to the e-mail address specified in this field. If this field is left blank, the ZyXEL Device does not send logs via e-mail.
Page 329: Smtp Error Messages
• The date format here is Day-Month-Year. • The date format here is Month-Day-Year. The time format is Hour-Minute-Second. • " " message shows that a complete log has been sent. End of Log Chapter 26 Logs P-2608HWL-Dx Series User’s Guide...
Page 330: Figure 187 E-Mail Log Example
P-2608HWL-Dx Series User’s Guide Figure 187 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 | 09:54:03 |UDP src port:00520 dest port:00520 2|Apr 7 00 |From:192.168.1.131 | 09:54:17 |UDP...
Page 331: Chapter 27 Tools
This is a sample FTP session showing the transfer of the computer file "firmware.bin" to the ZyXEL Device. ftp> get rom-0 config.cfg Chapter 27 Tools P-2608HWL-Dx Series User’s Guide H A P T E R Tools...
Page 332: File Maintenance Over Wan
P-2608HWL-Dx Series User’s Guide This is a sample FTP session saving the current configuration to the computer file “ ”. config.cfg If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the ZyXEL Device only recognizes “rom-0” and “ras”.
Page 333: Figure 188 Firmware Upgrade
ZyXEL Device again. Figure 189 Firmware Upload In Progress The ZyXEL Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Chapter 27 Tools P-2608HWL-Dx Series User’s Guide...
Page 334: Backup And Restore
P-2608HWL-Dx Series User’s Guide Figure 190 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen. If the upload was not successful, the following screen will appear. Click Return to go back to the Firmware screen.
Page 335: Backup Configuration
Click Browse... to find the file you want to upload. Remember that you must decompress compressed (.ZIP) files before you can upload them. Upload Click Upload to begin the upload process. Note: Do not turn off the ZyXEL Device while configuration file upload is in progress. Chapter 27 Tools P-2608HWL-Dx Series User’s Guide...
Page 336: Reset To Factory Defaults
P-2608HWL-Dx Series User’s Guide After you see a “restore configuration successful” screen, you must then wait one minute before logging into the ZyXEL Device again. Figure 193 Configuration Upload Successful The ZyXEL Device automatically restarts in this time causing a temporary network disconnect.
Page 337: Restart
”, followed by a space and the IP address of your ZyXEL Device. open 3 Press [ENTER] when prompted for a username. Chapter 27 Tools P-2608HWL-Dx Series User’s Guide Section 2.1.2 on page 48 for more information on the RESET button.
Page 338: Ftp Command Configuration Backup Example
P-2608HWL-Dx Series User’s Guide 4 Enter your password as requested (the default is “1234”). 5 Enter “ ” to set transfer mode to binary. 6 Use “ ” to transfer files from the ZyXEL Device to the computer, for example, “...
Page 339: Backup Configuration Using Tftp
” to disable the management idle timeout, so the TFTP sys stdio 0 sys stdio 5” ” to transfer from the ZyXEL Device to the computer and ” transfers the file source on the ZyXEL Device P-2608HWL-Dx Series User’s Guide to restore the five- ” (rom-zero, not rom-0...
Page 340: Configuration Backup Using Gui-Based Tftp Clients
P-2608HWL-Dx Series User’s Guide 27.7.6 Configuration Backup Using GUI-based TFTP Clients The following table describes some of the fields that you may see in GUI-based TFTP clients. Table 133 General Commands for GUI-based TFTP Clients COMMAND DESCRIPTION Host Enter the IP address of the ZyXEL Device. 192.168.1.1 is the ZyXEL Device’s default IP address when shipped.
Page 341: Restore Using Ftp Session Example
0 config.rom” transfers the configuration file on the device to your computer and renames it “config.rom.” See earlier in this chapter for more information on filename conventions. 7 Enter “quit” to exit the ftp prompt. Chapter 27 Tools P-2608HWL-Dx Series User’s Guide to read about configurations that disallow TFTP and FTP...
Page 342: Ftp Session Example Of Firmware File Upload
P-2608HWL-Dx Series User’s Guide 27.9.2 FTP Session Example of Firmware File Upload Figure 200 FTP Session Example of Firmware File Upload 331 Enter PASS command Password: 230 Logged in ftp> bin 200 Type I OK ftp> put firmware.bin ras 200 Port command okay...
Page 343: Tftp Upload Command Example
– name of the firmware on the computer) to the file destination on the remote host (ras - name of the firmware on the device). Commands that you may see in GUI-based TFTP clients are listed earlier in this chapter. Chapter 27 Tools P-2608HWL-Dx Series User’s Guide...
Page 344 P-2608HWL-Dx Series User’s Guide Chapter 27 Tools...
Page 345: Chapter 28 Diagnostic
Click this button to ping the IP address that you entered. 28.2 DSL Line Diagnostic Click Maintenance > Diagnostic > DSL Line to open the screen shown next. Chapter 28 Diagnostic P-2608HWL-Dx Series User’s Guide H A P T E R Diagnostic...
Page 346: Figure 202 Diagnostic: Dsl Line
P-2608HWL-Dx Series User’s Guide Figure 202 Diagnostic: DSL Line The following table describes the fields in this screen. Table 135 Diagnostic: DSL Line LABEL ATM Status Click this button to view your DSL connection’s Asynchronous Transfer Mode (ATM) statistics. ATM is a networking technology that provides high-speed data transfer.
Page 347 "Start to reset ADSL Loading ADSL modem F/W... Reset ADSL Line Successfully!" Capture All Logs Click this button to display all logs generated by the DSL line. Chapter 28 Diagnostic P-2608HWL-Dx Series User’s Guide DESCRIPTION...
Page 348 P-2608HWL-Dx Series User’s Guide Chapter 28 Diagnostic...
Page 349: Chapter 29 Troubleshooting
If Any IP is disabled, make sure that the IP address and the subnet mask of the the ZyXEL ZyXEL Device and your computer(s) are on the same subnet. Device from the LAN. Chapter 29 Troubleshooting P-2608HWL-Dx Series User’s Guide H A P T E R Troubleshooting...
Page 350: Problems With The Wan
P-2608HWL-Dx Series User’s Guide 29.3 Problems with the WAN Table 138 Troubleshooting the WAN PROBLEM CORRECTIVE ACTION The DSL light is Check the telephone wire and connections between the ZyXEL Device DSL port off. and the wall jack. Make sure that the telephone company has checked your phone line and set it up for DSL service.
Page 351: Problems Accessing The Zyxel Device
In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). Chapter 29 Troubleshooting for details. Chapter 23 on page 293 for scenarios when remote management may not be P-2608HWL-Dx Series User’s Guide Chapter 23 on...
Page 352: Internet Explorer Pop-Up Blockers
P-2608HWL-Dx Series User’s Guide • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. 29.4.1.1 Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Page 353: Figure 204 Internet Options
Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen. Chapter 29 Troubleshooting P-2608HWL-Dx Series User’s Guide...
Page 354: Figure 205 Internet Options
P-2608HWL-Dx Series User’s Guide Figure 205 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites.
Page 355: Javascripts
29.4.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Chapter 29 Troubleshooting P-2608HWL-Dx Series User’s Guide...
Page 356: Figure 207 Internet Options
P-2608HWL-Dx Series User’s Guide Figure 207 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default).
Page 357: Java Permissions
1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window. Chapter 29 Troubleshooting P-2608HWL-Dx Series User’s Guide...
Page 358: Figure 209 Security Settings - Java
P-2608HWL-Dx Series User’s Guide Figure 209 Security Settings - Java 29.4.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for <applet> under Java (Sun) is selected.
Page 359: Telephone Problems
For example, if you set Phone 1 to use SIP account 1 and set Phone 2 to use SIP account 2, then you can use Phone 1 to call to SIP account 2's SIP number or Phone 2 to call to SIP account 1's SIP number. Chapter 29 Troubleshooting P-2608HWL-Dx Series User’s Guide...
Page 360 P-2608HWL-Dx Series User’s Guide Chapter 29 Troubleshooting...
Page 361: Appendix A Product Specifications
Firmware Specifications Table 142 Firmware Features FEATURE Device Management Firmware Upgrade Appendix A Product Specifications P-2608HWL-Dx Series User’s Guide P P E N D I X Product Specifications for a general overview of the key features. 192.168.1.1 255.255.255.0 (24 bits) 1234 192.168.1.32 to 192.168.1.64...
Page 362 P-2608HWL-Dx Series User’s Guide Table 142 Firmware Features FEATURE IEEE 802.11b/g Wireless Wireless Security MAC Address Filter Any IP Configuration Backup & Restoration Network Address Translation (NAT) Port Forwarding DHCP (Dynamic Host Configuration Protocol) Dynamic DNS Support IP Multicast IP Alias...
Page 363 Management Auto Provisioning IPSec VPN Capability Appendix A Product Specifications P-2608HWL-Dx Series User’s Guide DESCRIPTION TR-069 is a protocol that defines how your ZyXEL Device can be managed via a management server such as ZyXEL’s Vantage CNM Access. The management server can securely manage and update configuration changes in ZyXEL Devices.
Page 364: Table 143 Firmware Specifications
P-2608HWL-Dx Series User’s Guide Table 143 Firmware Specifications ADSL Standards Other Protocol Support Management Support ITU G.992.1 G.dmt (Annex B, U-R2) EOC specified in ITU-T G.992.1 ADSL2 G.dmt.bis (G.992.3) ADSL2 G.lite.bis (G.992.4) ADSL 2/2+ AnnexM ADSL2+ (G.992.5) Reach-Extended ADSL (RE ADSL)
Page 365 Firewall NAT/SUA Content Filtering Static Routes Appendix A Product Specifications P-2608HWL-Dx Series User’s Guide IEEE 802.11g Compliance Frequency Range: 2.4 GHz ISM Band Advanced Orthogonal Frequency Division Multiplexing (OFDM) Data Rates: 54Mbps, 11Mbps, 5.5Mbps, 2Mbps, and 1 Mbps Auto Fallback WPA/WPA2 security IEEE 802.11i...
Page 366: P-2608Hw/Hwl-Dx Series Power Adaptor Specifications
P-2608HWL-Dx Series User’s Guide Table 143 Firmware Specifications (continued) Voice Features Other Features P-2608HW/HWL-Dx Series Power Adaptor Specifications Table 144 P-2608HW/HWL-Dx Series Power Adaptor Specifications DC MODEL PLUG STANDARDS DC Power Adapter Model Input Power Output Power Power Consumption Safety Standards...
Page 367: Setting Up Your Computer's Ip Address
IP addresses that place them in the same subnet as the ZyXEL Device's LAN port. Windows 95/98/Me Click Start, Settings, Control Panel and double-click the Network icon to open the Network window Appendix B Setting up Your Computer’s IP Address P-2608HWL-Dx Series User’s Guide P P E N D I X...
Page 368: Installing Components
P-2608HWL-Dx Series User’s Guide Figure 211 WIndows 95/98/Me: Network: Configuration Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: 1 In the Network window, click Add.
Page 369: Configuring
• • Appendix B Setting up Your Computer’s IP Address P-2608HWL-Dx Series User’s Guide If your IP address is dynamic, select Obtain an IP address automatically. If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields.
Page 370: Verifying Settings
P-2608HWL-Dx Series User’s Guide Figure 213 Windows 95/98/Me: TCP/IP Properties: DNS Configuration 4 Click the Gateway tab. • • 5 Click OK to save and close the TCP/IP Properties window. 6 Click OK to close the Network window. Insert the Windows CD if prompted.
Page 371: Figure 214 Windows Xp: Start Menu
2 For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 215 Windows XP: Control Panel 3 Right-click Local Area Connection and then click Properties. Appendix B Setting up Your Computer’s IP Address P-2608HWL-Dx Series User’s Guide...
Page 372: Figure 216 Windows Xp: Control Panel: Network Connections: Properties
P-2608HWL-Dx Series User’s Guide Figure 216 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties. Figure 217 Windows XP: Local Area Connection Properties 5 The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP).
Page 373: Figure 218 Windows Xp: Advanced Tcp/Ip Settings
7 In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): Appendix B Setting up Your Computer’s IP Address P-2608HWL-Dx Series User’s Guide If you have a static IP address click Use the following IP Address and fill in the IP address, Subnet mask, and Default gateway fields.
Page 374: Verifying Settings
P-2608HWL-Dx Series User’s Guide • • Figure 219 Windows XP: Internet Protocol (TCP/IP) Properties 8 Click OK to close the Internet Protocol (TCP/IP) Properties window. 9 Click OK to close the Local Area Connection Properties window. 10Turn on your ZyXEL Device and restart your computer (if prompted).
Page 375: Figure 220 Macintosh Os 8/9: Apple Menu
2 Select Ethernet built-in from the Connect via list. Figure 221 Macintosh OS 8/9: TCP/IP 3 For dynamically assigned settings, select Using DHCP Server from the Configure: list. 4 For statically assigned settings, do the following: Appendix B Setting up Your Computer’s IP Address P-2608HWL-Dx Series User’s Guide...
Page 376: Verifying Settings
P-2608HWL-Dx Series User’s Guide • • • • 5 Close the TCP/IP Control Panel. 6 Click Save if prompted, to save changes to your configuration. 7 Turn on your ZyXEL Device and restart your computer (if prompted). Verifying Settings Check your TCP/IP properties in the TCP/IP Control Panel window.
Page 377: Verifying Settings
Verifying Settings Check your TCP/IP properties in the Network window. Appendix B Setting up Your Computer’s IP Address P-2608HWL-Dx Series User’s Guide From the Configure box, select Manually. Type your IP address in the IP Address box. Type your subnet mask in the Subnet mask box.
Page 378 P-2608HWL-Dx Series User’s Guide Appendix B Setting up Your Computer’s IP Address...
Page 379: Ip Addresses And Subnetting
• In a class C address the first three octets make up the network number, and the last octet is the host ID. Appendix C IP Addresses and Subnetting P-2608HWL-Dx Series User’s Guide P P E N D I X...
Page 380: Table 145 Classes Of Ip Addresses
P-2608HWL-Dx Series User’s Guide The following table shows the network number and host ID arrangement for classes A, B and Table 145 Classes of IP Addresses IP ADDRESS OCTET 1 Class A Network number Class B Network number Class C Network number An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 for...
Page 381: Subnet Masks
Table 148 Alternative Subnet Mask Notation SUBNET MASK 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 Appendix C IP Addresses and Subnetting NATURAL MASK 255.0.0.0 255.255.0.0 255.255.255.0 SUBNET MASK “1” BITS LAST OCTET BIT VALUE 0000 0000 1000 0000 1100 0000 1110 0000 P-2608HWL-Dx Series User’s Guide DECIMAL...
Page 382: Example: Two Subnets
P-2608HWL-Dx Series User’s Guide Table 148 Alternative Subnet Mask Notation (continued) SUBNET MASK 255.255.255.240 255.255.255.248 255.255.255.252 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used.
Page 383: Example: Four Subnets
Table 152 Subnet 1 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Appendix C IP Addresses and Subnetting P-2608HWL-Dx Series User’s Guide NETWORK NUMBER Lowest Host ID: 192.168.1.1 Highest Host ID: 192.168.1.126 NETWORK NUMBER 192.168.1. 11000000.10101000.00000001.
Page 384: Example Eight Subnets
P-2608HWL-Dx Series User’s Guide Table 152 Subnet 1 (continued) IP/SUBNET MASK Subnet Address: 192.168.1.0 Broadcast Address: 192.168.1.63 Table 153 Subnet 2 IP/SUBNET MASK IP Address IP Address (Binary) Subnet Mask (Binary) Subnet Address: 192.168.1.64 Broadcast Address: 192.168.1.127 Table 154 Subnet 3...
Page 385: Subnetting With Class A And Class B Networks
ID. A class “B” address has two host ID octets available for subnetting and a class “A” address has three host ID octets (see Appendix C IP Addresses and Subnetting P-2608HWL-Dx Series User’s Guide LAST ADDRESS SUBNET MASK NO. SUBNETS 255.255.255.128 (/25)
Page 386: Table 158 Class B Subnet Planning
P-2608HWL-Dx Series User’s Guide The following table is a summary for class “B” subnet planning. Table 158 Class B Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS 255.255.128.0 (/17) 255.255.192.0 (/18) 255.255.224.0 (/19) 255.255.240.0 (/20) 255.255.248.0 (/21) 255.255.252.0 (/22) 255.255.254.0 (/23)
Page 387: Appendix D Common Services
IPSEC_TUNNEL(ESP:0) IRC(TCP/UDP:6667) MSN Messenger(TCP:1863) MULTICAST(IGMP:0) NEW-ICQ(TCP:5190) NEWS(TCP:144) Appendix D Common Services P-2608HWL-Dx Series User’s Guide Appendix D Common Services DESCRIPTION AOL’s Internet Messenger service, used as a listening port by ICQ. Authentication protocol used by some servers. Border Gateway Protocol.
Page 388 P-2608HWL-Dx Series User’s Guide Table 159 Commonly Used Services SERVICE NFS(UDP:2049) NNTP(TCP:119) PING(ICMP:0) POP3(TCP:110) PPTP(TCP:1723) PPTP_TUNNEL(GRE:0) RCMD(TCP:512) REAL_AUDIO(TCP:7070) REXEC(TCP:514) RLOGIN(TCP:513) RTELNET(TCP:107) RTSP(TCP/UDP:554) SFTP(TCP:115) SMTP(TCP:25) SNMP(TCP/UDP:161) SNMP-TRAPS(TCP/UDP:162) SQL-NET(TCP:1521) SSH(TCP/UDP:22) STRM WORKS(UDP:1558) SYSLOG(UDP:514) TACACS(UDP:49) TELNET(TCP:23) TFTP(UDP:69) VDOLIVE(TCP:7000) DESCRIPTION Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments.
Page 389: Appendix E Importing Certificates
1 In Internet Explorer, double click the lock shown in the following screen. Appendix E Importing Certificates P-2608HWL-Dx Series User’s Guide P P E N D I X Importing Certificates...
Page 390: Figure 225 Login Screen
P-2608HWL-Dx Series User’s Guide Figure 225 Login Screen 2 Click Install Certificate to open the Install Certificate wizard. Figure 226 Certificate General Information before Import 3 Click Next to begin the Install Certificate wizard. Appendix E Importing Certificates...
Page 391: Figure 227 Certificate Import Wizard 1
Figure 227 Certificate Import Wizard 1 4 Select where you would like to store the certificate and then click Next. Figure 228 Certificate Import Wizard 2 5 Click Finish to complete the Import Certificate wizard. Appendix E Importing Certificates P-2608HWL-Dx Series User’s Guide...
Page 392: Figure 229 Certificate Import Wizard 3
P-2608HWL-Dx Series User’s Guide Figure 229 Certificate Import Wizard 3 6 Click Yes to add the Prestige certificate to the root store. Figure 230 Root Certificate Store Appendix E Importing Certificates...
Page 393: Enrolling And Importing Ssl Client Certificates
Client Certificates to be active (see the Certificates chapter for details). Apply for a certificate from a Certification Authority (CA) that is trusted by the Prestige (see the Prestige’s Trusted CA web configurator screen). Appendix E Importing Certificates P-2608HWL-Dx Series User’s Guide...
Page 394: Installing The Ca's Certificate
P-2608HWL-Dx Series User’s Guide Figure 232 Prestige Trusted CA Screen The CA sends you a package containing the CA’s trusted certificate(s), your personal certificate(s) and a password to install the personal certificate(s). Installing the CA’s Certificate 1 Double click the CA’s trusted certificate to produce a screen similar to the one shown next.
Page 395: Installing Your Personal Certificate(S)
File name text box. Click Browse if you wish to import a different certificate. Figure 235 Personal Certificate Import Wizard 2 3 Enter the password given to you by the CA. Appendix E Importing Certificates P-2608HWL-Dx Series User’s Guide...
Page 396: Figure 236 Personal Certificate Import Wizard 3
P-2608HWL-Dx Series User’s Guide Figure 236 Personal Certificate Import Wizard 3 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. Figure 237 Personal Certificate Import Wizard 4 5 Click Finish to complete the wizard and begin the import process.
Page 397: Using A Certificate When Accessing The Prestige Example
2 When Authenticate Client Certificates is selected on the Prestige, the following screen asks you to select a personal certificate to send to the Prestige. This screen displays even if you only have a single certificate as in the example. Appendix E Importing Certificates P-2608HWL-Dx Series User’s Guide...
Page 398: Figure 241 Ssl Client Authentication
P-2608HWL-Dx Series User’s Guide Figure 241 SSL Client Authentication 3 You next see the Prestige login screen. Figure 242 Prestige Secure Login Screen Appendix E Importing Certificates...
Page 399: Appendix F Triangle Route
3 The reply from the WAN goes directly to the computer on the LAN without going through the ZyXEL Device. As a result, the ZyXEL Device resets the connection, as the connection has not been acknowledged. Appendix F Triangle Route P-2608HWL-Dx Series User’s Guide P P E N D I X Triangle Route...
Page 400: The "Triangle Route" Solutions
P-2608HWL-Dx Series User’s Guide Figure 244 “Triangle Route” Problem The “Triangle Route” Solutions This section presents you two solutions to the “triangle route” problem. IP Aliasing IP alias allows you to partition your network into logical sections over the same Ethernet interface.
Page 401: Gateways On The Wan Side
WAN side as the following figure shows. This ensures that all incoming network traffic passes through your ZyXEL Device to your LAN. Therefore your LAN is protected. Figure 246 Gateways on the WAN Side Appendix F Triangle Route P-2608HWL-Dx Series User’s Guide...
Page 402 P-2608HWL-Dx Series User’s Guide Appendix F Triangle Route...
Page 403: Appendix G Log Descriptions
0x%x, Task ID = 0x%x Successful SSH login SSH login failed Appendix G Log Descriptions P-2608HWL-Dx Series User’s Guide P P E N D I X Log Descriptions DESCRIPTION The router has adjusted its time based on information from the time server.
Page 404: Table 161 System Error Logs
P-2608HWL-Dx Series User’s Guide Table 160 System Maintenance Logs (continued) LOG MESSAGE Successful HTTPS login HTTPS login failed Table 161 System Error Logs LOG MESSAGE %s exceeds the max. number of session per host! setNetBIOSFilter: calloc error readNetBIOSFilter: calloc error WAN connection is down.
Page 405: Table 163 Tcp Reset Logs
Firewall rule [NOT] match: ICMP <Packet Direction>, <rule:%d>, <type:%d>, <code:%d> Appendix G Log Descriptions P-2608HWL-Dx Series User’s Guide DESCRIPTION The router sent a TCP reset packet when a host was under a SYN flood attack (the TCP incomplete count is per destination host.) The router sent a TCP reset packet when the number of TCP incomplete connections exceeded the user configured threshold.
Page 406: Table 166 Cdr Logs
P-2608HWL-Dx Series User’s Guide Table 165 ICMP Logs (continued) LOG MESSAGE Triangle route packet forwarded: ICMP Packet without a NAT table entry blocked: ICMP Unsupported/out-of-order ICMP: ICMP Router reply ICMP packet: ICMP Table 166 CDR Logs LOG MESSAGE board %d line %d channel %d,...
Page 407: Table 168 Upnp Logs
- no routing entry [ TCP | UDP | IGMP | ESP | GRE | OSPF ] Appendix G Log Descriptions P-2608HWL-Dx Series User’s Guide DESCRIPTION UPnP packets can pass through the firewall. DESCRIPTION The content of a requested web page matched a user defined keyword.
Page 408: Table 171 802.1X Logs
P-2608HWL-Dx Series User’s Guide Table 170 Attack Logs (continued) LOG MESSAGE ip spoofing - no routing entry ICMP (type:%d, code:%d) vulnerability ICMP (type:%d, code:%d) traceroute ICMP (type:%d, code:%d) Table 171 802.1X Logs LOG MESSAGE Local User Database accepts user. Local User Database reports user credential error.
Page 409: Table 172 Acl Setting Notes
Redirect Redirect datagrams for the Network Redirect datagrams for the Host Redirect datagrams for the Type of Service and Network Redirect datagrams for the Type of Service and Host Echo Echo message P-2608HWL-Dx Series User’s Guide...
Page 410: Table 174 Syslog Logs
P-2608HWL-Dx Series User’s Guide Table 173 ICMP Notes (continued) TYPE CODE Table 174 Syslog Logs LOG MESSAGE <Facility*8 + Severity>Mon dd hr:mm:ss hostname src="<srcIP:srcPort>" dst="<dstIP:dstPort>" msg="<msg>" note="<note>" devID="<mac address last three numbers>" cat="<category> Table 175 SIP Logs LOG MESSAGE SIP Registration Success...
Page 411: Table 176 Rtp Logs
LOG MESSAGE PSTN Call Start PSTN Call End PSTN Call Established Appendix G Log Descriptions P-2608HWL-Dx Series User’s Guide DESCRIPTION The initialization of an RTP session failed. A VoIP phone call failed because the RTP session could not be established.
Page 412: Log Commands
1 Use the sys logs load configure which logs the ZyXEL Device is to record. 2 Use sys logs category Figure 247 Displaying Log Categories Example Copyright (c) 1994 - 2004 ZyXEL Communications Corp. ras> ? Valid commands are: exit wlan radius 8021x ras>...
Page 413: Displaying Logs
• Use the sys logs clear Appendix G Log Descriptions P-2608HWL-Dx Series User’s Guide followed by a log category and a parameter to decide what to command to store the settings in the ZyXEL Device (you must command to show all of the logs in the ZyXEL Device’s...
Page 414: Log Command Example
P-2608HWL-Dx Series User’s Guide Log Command Example This example shows how to set the ZyXEL Device to record the access logs and alerts and then view the results. Figure 249 Log Command Example ras> sys logs load ras> sys logs category access 3 ras>...
Page 415: Appendix H Internal Sptgen
Internal SPTGEN File Modification - Important Points to Remember Each parameter you enter must be preceded by one “=”sign and one space. Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide P P E N D I X Internal SPTGEN parameter values allowed <0(No)| 1(Yes)>...
Page 416: Internal Sptgen Ftp Download Example
P-2608HWL-Dx Series User’s Guide Some parameters are dependent on others. For example, if you disable the Configured field in menu 1 (see Figure 250 on page If you enter a parameter that is invalid in the Input column, the ZyXEL Device will not save the configuration and the command line will display the Field Identification Number.
Page 417: Internal Sptgen Ftp Upload Example
MEANING Field Identification Number Field Name Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide ” file when you save it to your computer but it must rom-t ” when you upload it to your ZyXEL Device. ” sets the transfer mode to binary.
Page 418: Table 182 Menu 1 General Setup
P-2608HWL-Dx Series User’s Guide Table 181 Abbreviations Used in the Example Internal SPTGEN Screens Table ABBREVIATION MEANING Parameter Values Allowed INPUT An example of what you may enter Applies to the ZyXEL Device. The following are the Internal SPTGEN menus.
Page 419 Version 30201006 = IP Alias #1 Incoming protocol filters Set 1 30201007 = IP Alias #1 Incoming protocol filters Set 2 Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide INPUT <0(None) | 1(Server) | 2(Relay)> 192.168.1.33 = 32 = 0.0.0.0 = 0.0.0.0...
Page 420 P-2608HWL-Dx Series User’s Guide Table 183 Menu 3 30201008 = IP Alias #1 Incoming protocol filters Set 3 30201009 = IP Alias #1 Incoming protocol filters Set 4 30201010 = IP Alias #1 Outgoing protocol filters Set 1 30201011 =...
Page 421: Table 184 Menu 4 Internet Access Setup
Table 184 Menu 4 Internet Access Setup / Menu 4 Internet Access Setup 40000000 = Configured 40000001 = Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide <0 ~ 2432> = 2432 <256 ~ 2432> = 2432 <0(DISABLE) | 1(64-bit WEP) | 2(128-bit WEP)>...
Page 422 P-2608HWL-Dx Series User’s Guide Table 184 Menu 4 Internet Access Setup (continued) 40000002 = Active 40000003 = ISP's Name 40000004 = Encapsulation 40000005 = Multiplexing 40000006 = VPI # 40000007 = VCI # 40000008 = Service Name 40000009 = My Login...
Page 423: Table 185 Menu 12
120103005 = IP Static Route set #3, Gateway 120103006 = IP Static Route set #3, Metric 120103007 = IP Static Route set #3, Private Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide <0(Rip-1) | 1(Rip-2B) |2(Rip-2M)> <0(No) |1(Yes)> INPUT <Str>...
Page 424 P-2608HWL-Dx Series User’s Guide Table 185 Menu 12 (continued) / Menu 12.1.4 IP Static Route Setup 120104001 = IP Static Route set #4, Name 120104002 = IP Static Route set #4, Active 120104003 = IP Static Route set #4, Destination...
Page 425 IP Static Route set #11, Name 120111002 = IP Static Route set #11, Active 120111003 = IP Static Route set #11, Destination IP address Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide <0(No) |1(Yes)> INPUT <Str> <0(No) |1(Yes)> = 0.0.0.0 = 0.0.0.0 <0(No) |1(Yes)>...
Page 426 P-2608HWL-Dx Series User’s Guide Table 185 Menu 12 (continued) 120111004 = IP Static Route set #11, Destination IP subnetmask 120111005 = IP Static Route set #11, Gateway 120111006 = IP Static Route set #11, Metric 120111007 = IP Static Route set #11, Private */ Menu 12.1.12 IP Static Route Setup...
Page 427: Table 186 Menu 15 Sua Server Setup
150000011 = SUA Server #3 Local IP address 150000012 = SUA Server #4 Active 150000013 = SUA Server #4 Protocol Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide <0(No) |1(Yes)> = 0.0.0.0 = 0.0.0.0 <0(No) |1(Yes)> INPUT <Str> <0(No) |1(Yes)>...
Page 428 P-2608HWL-Dx Series User’s Guide Table 186 Menu 15 SUA Server Setup (continued) 150000014 = SUA Server #4 Port Start 150000015 = SUA Server #4 Port End 150000016 = SUA Server #4 Local IP address 150000017 = SUA Server #5 Active...
Page 429: Table 187 Menu 21.1 Filter Set #1
IP Filter Set 1,Rule 1 Src Port Comp 210101013 = IP Filter Set 1,Rule 1 Act Match 210101014 = IP Filter Set 1,Rule 1 Act Not Match Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide <0(All)|6(TCP)|17(U DP)> = 0.0.0.0 <0(No) | 1(Yes)> <0(All)|6(TCP)|17(U DP)>...
Page 430 P-2608HWL-Dx Series User’s Guide Table 187 Menu 21.1 Filter Set #1 (continued) / Menu 21.1.1.2 set #1, rule #2 210102001 = IP Filter Set 1,Rule 2 Type 210102002 = IP Filter Set 1,Rule 2 Active 210102003 = IP Filter Set 1,Rule 2 Protocol...
Page 431 IP Filter Set 1,Rule 5 Dest Port 210105007 = IP Filter Set 1,Rule 5 Dest Port Comp 210105008 = IP Filter Set 1,Rule 5 Src IP Address Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide <1(check next)|2(forward)| 3(drop) <1(check next)|2(forward)|...
Page 432: Table 188 Menu 21.1 Filer Set #2
P-2608HWL-Dx Series User’s Guide Table 187 Menu 21.1 Filter Set #1 (continued) 210105009 = IP Filter Set 1,Rule 5 Src Subnet Mask 210105010 = IP Filter Set 1,Rule 5 Src Port 210105011 = IP Filter Set 1,Rule 5 Src Port Comp...
Page 433 210202007 = IP Filter Set 2, Rule 2 Dest Port Comp 210202008 = IP Filter Set 2, Rule 2 Src IP address Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide INPUT <0(none)|2(TCP/IP)> = 2 <0(No)|1(Yes)> = 0.0.0.0 = 137 <0(none)|1(equal)|2...
Page 434 P-2608HWL-Dx Series User’s Guide Table 188 Menu 21.1 Filer Set #2, (continued) 210202009 = IP Filter Set 2, Rule 2 Src Subnet Mask 210202010 = IP Filter Set 2,Rule 2 Src Port 210202011 = IP Filter Set 2, Rule 2 Src Port...
Page 435 210205009 = IP Filter Set 2, Rule 5 Src Subnet Mask 210205010 = IP Filter Set 2, Rule 5 Src Port Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide <0(No)|1(Yes )> = 1 = 17 = 0.0.0.0 = 137 <0(none)|1(equal)|2...
Page 436 P-2608HWL-Dx Series User’s Guide Table 188 Menu 21.1 Filer Set #2, (continued) 210205011 = IP Filter Set 2, Rule 5 Src Port Comp 210205013 = IP Filter Set 2, Rule 5 Act Match 210205014 = IP Filter Set 2, Rule 5 Act Not Match / Menu 21.1.2.6 Filter set #2, rule #6...
Page 437: Table 189 Menu 23 System Menus
Idle Timeout (in second) 230400004 = Authentication Databases 230400005 = Key Management Protocol 230400006 = Dynamic WEP Key Exchange 230400007 = Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide INPUT = 1234 INPUT <0(No) | 1(Yes)> <0(No) | 1(Yes)> 192.168.1.32 = 1822 111111111111...
Page 438: Command Examples
P-2608HWL-Dx Series User’s Guide Table 189 Menu 23 System Menus (continued) 230400008 = WPA Mixed Mode 230400009 = Data Privacy for Broadcast/ Multicast packets 230400010 = WPA Broadcast/Multicast Key Update Timer Table 190 Menu 24.11 Remote Management Control / Menu 24.11 Remote Management Control...
Page 439 Table 191 Command Examples (continued) 990000001 = ADSL OPMD Appendix H Internal SPTGEN P-2608HWL-Dx Series User’s Guide INPUT INPUT <0(etsi)|1(normal) |2(gdmt)|3(multimo de)>...
Page 440 P-2608HWL-Dx Series User’s Guide Appendix H Internal SPTGEN...
Page 441: Index
Authentication Header. See AH. automatic log out Auto-negotiating Rate Adaptation Index P-2608HWL-Dx Series User’s Guide backup configuration backup gateway 102, 104 backup type bandwidth management allocating and rules capacity...
Page 442 P-2608HWL-Dx Series User’s Guide and cryptology and directory servers 250, 270 and IKE SA and public-key cryptology and public-private keys and remote hosts and remote management creating file formats generating requests importing remote hosts replacing revoked storage space trusted CAs...
Page 443 Index P-2608HWL-Dx Series User’s Guide and transport mode Ethernet lights Europe type call service mode Europe type supplementary services extended authentication IKE SA Extended Service Set IDentification...
Page 444 P-2608HWL-Dx Series User’s Guide and Smurf attack and SYN attack and SYN Flood and TCP/IP and Teardrop and three-way-handshake and upper layer protocols application level denial of service guidelines for enhancing security introduction, ZyXEL packet filtering upper layer protocols when to use firewalls vs.
Page 445 Perfect Forward Secrecy (PFS) proposal remote policy Security Parameter Index (SPI) (manual keys) Index P-2608HWL-Dx Series User’s Guide transport mode tunnel mode when IKE SA is disconnected IPSec SA. See also VPN. IPSec. See also VPN. and domain name...
Page 446 P-2608HWL-Dx Series User’s Guide schedule settings sorting syslog server viewing MAC address filter action MAC filter Management Information Base (MIB) Management Information Base, See MIB management software, SNMP management tools mapping rules, and NAT maximizing bandwidth usage Maximum Burst Size (MBS)
Page 447 RFC 1483 90, 364 RFC 1631 RFC 1889 154, 366 RFC 1890 RFC 2327 RFC 2364 RFC 2516 P-2608HWL-Dx Series User’s Guide 299, 300...
Page 448 P-2608HWL-Dx Series User’s Guide RFC 2684 RFC 3261 RFC 3489 direction version RIP (Routing Information Protocol) romfile, configuration file root class, and bandwidth management router features routing, static route RTCP 154, 366 rules LAN to WAN rules, and bandwidth management...
Page 449 Forum installation examples security issues Windows OS UPnP (Universal Plug and Play) upper layer protocols, and firewalls USA type call service mode user agent, SIP 167, 366 P-2608HWL-Dx Series User’s Guide 102, 103, 104 169, 170 309, 311 195, 196...
Page 450 P-2608HWL-Dx Series User’s Guide VBR-nRT VBR-RT VCI (Virtual Channel Identifier) Virtual Channel Identifier (VCI) virtual circuit (VC), and multiplexing Virtual Local Area Network Virtual Path Identifier (VPI) virtual private networks. See VPN. VLAN VLAN group VLAN ID VLAN ID tags...
Page 451 P-2608HWL-Dx Series User’s Guide zero configuration Internet access ZyNOS ZyNOS (ZyXEL Network Operating System) ZyNOS firmware version ZyXEL’s firewall introduction Index...

This manual is also suitable for:

P-2608hwl-d1