Page 2
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system.
Document Conventions Warnings and Notes These are how warnings and notes are shown in this guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Table of Contents Table of Contents Document Conventions ........................3 Contents Overview ..........................4 Table of Contents ..........................6 Part I: User’s Guide..................16 Chapter 1 Introducing the VMG .........................17 1.1 Overview ............................17 1.1.1 Internet Access ........................17 1.1.2 Wireless Access ........................18 1.1.3 VMG’s USB Support .......................
Page 7
Table of Contents 4.1 Overview ............................35 4.2 Setting Up an ADSL PPPoE Connection ..................35 4.3 Setting Up a Secure Wireless Network ..................38 4.3.1 Configuring the Wireless Network Settings ................. 38 4.3.2 Using WPS ..........................40 4.3.3 Connecting to the VMG’s Wi-Fi Network Manually (No WPS) ......... 43 4.3.4 Configuring Wireless Security on the VMG .................
Page 8
Table of Contents 6.3 The Cellular Backup Screen ......................87 6.4 The Advanced Screen ........................92 6.5 Technical Reference ........................94 Chapter 7 Wireless ...............................99 7.1 Overview ............................99 7.1.1 What You Can Do in this Chapter ..................99 7.1.2 What You Need to Know ..................... 99 7.2 The General Screen ........................
Page 9
Table of Contents 8.7 The Wake on LAN Screen ......................140 8.8 The TFTP Server Name Screen ..................... 141 8.9 Technical Reference ........................141 8.9.1 LANs, WANs and the VMG ....................142 8.9.2 DHCP Setup ......................... 142 8.9.3 DNS Server Addresses ......................142 8.9.4 LAN TCP/IP ...........................
Page 10
Table of Contents 11.3 The Applications Screen ......................175 11.3.1 Add New Application ....................... 176 11.4 The Port Triggering Screen ......................177 11.4.1 Add/Edit Port Triggering Rule ..................178 11.5 The DMZ Screen .......................... 179 11.6 The ALG Screen .......................... 180 11.7 The Address Mapping Screen ....................
Page 11
Table of Contents 15.2.2 Interface Grouping Criteria .................... 201 Chapter 16 USB Service ............................203 16.1 Overview ............................. 203 16.1.1 What You Can Do in this Chapter ................... 203 16.1.2 What You Need To Know ....................203 16.1.3 Before You Begin ....................... 204 16.2 The File Sharing Screen ......................
Page 12
Table of Contents 21.1 Overview ............................. 226 21.1.1 What You Can Do in this Chapter ................... 226 21.2 What You Need to Know ......................226 21.3 The Local Certificates Screen ....................226 21.3.1 Create Certificate Request .................... 227 21.3.2 View Certificate Request ....................228 21.4 The Trusted CA Screen .......................
Page 13
Table of Contents Chapter 27 xDSL Statistics ...........................246 27.1 The xDSL Statistics Screen ......................246 Chapter 28 WLAN Station Status .........................248 28.1 Overview ............................. 248 Chapter 29 Cellular Statistics ..........................250 29.1 Overview ............................. 250 29.2 The Cellular Statistics Screen ..................... 250 Chapter 30 System...............................252 30.1 Overview .............................
Page 15
Table of Contents Appendix A Customer Support ..................... 288 Appendix B Wireless LANs....................... 294 Appendix C IPv6..........................307 Appendix D Services ........................315 Appendix E Legal Information ....................... 319 Index ..............................326 VMG3925-B10C/B30C User’s Guide...
H A P T E R Introducing the VMG 1.1 Overview The VMG is a wireless VDSL router and Gigabit Ethernet gateway. Note: Cellular networks refer to 3G only at the time of writing. 1.1.1 Internet Access Your VMG has a DSL port and a Gigabit Ethernet port for super-fast Internet access. It provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack.
Chapter 1 Introducing the VMG You can also configure IP filtering on the VMG for secure Internet access. When the IP filter is on, all incoming traffic from the Internet to your network is blocked by default unless it is initiated from your network.
Chapter 1 Introducing the VMG Figure 3 Wireless Access Example 1.1.3 VMG’s USB Support The USB port of the VMG is used for cellular WAN backup, file-sharing and media server. Cellular WAN (3G) Backup Connect a supported cellular USB dongle with an active SIM card to the USB port. This adds a backup WAN interface and allows the VMG to wirelessly access the Internet via a cellular network.
Chapter 1 Introducing the VMG Figure 5 USB File Sharing Application Media Server You can also use the VMG as a media server. This lets anyone on your network play video, music, and photos from a USB device (B) connected to the VMG’s USB port (without having to copy them to another computer).
Chapter 1 Introducing the VMG 1.3 Good Habits for Managing the VMG Do the following things regularly to make the VMG more secure and to manage the VMG more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
Page 22
Chapter 1 Introducing the VMG Figure 8 LEDs on the VMG None of the LEDs are on if the VMG is not receiving power. Table 1 LED Descriptions COLOR STATUS DESCRIPTION Green The VMG is receiving power and ready for use. Blinking The VMG is self-testing.
Chapter 1 Introducing the VMG Table 1 LED Descriptions (continued) COLOR STATUS DESCRIPTION Green The 5 GHz wireless network is activated. Blinking The VMG is communicating with 5 GHz wireless clients. 5G WLAN/ Amber Blinking The VMG is setting up a WPS connection with a 5 GHz wireless client. The 5 GHz wireless network is not activated.
Chapter 1 Introducing the VMG Rear Panel Ports (continued) LABEL DESCRIPTION Press the WPS button for more than five seconds to quickly set up a secure wireless connection between the device and a WPS-compatible client. The USB port is used for file-sharing and media server. 1.4.4 Using the WLAN and WPS Buttons If the wireless network is turned off, press the WLAN button for more than two seconds.
Chapter 1 Introducing the VMG Figure 10 VMG3925-B10C/B30C Rear Panel The following table describes the items on the rear panel. Rear Panel Ports LABEL DESCRIPTION Connect a RJ-11 cable to the DSL port for Internet access. LAN1 ~ LAN4 Connect computers or other Ethernet devices to Ethernet ports for Internet access.
H A P T E R The Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy setup and management via Internet browser. Use Internet Explorer 8.0 and later versions or Mozilla Firefox 3 and later versions or Safari 2.0 and later versions.
Page 27
Chapter 2 The Web Configurator Figure 12 Change Password Screen configure basic Internet access, and wireless settings. The Network Map page appears. Figure 13 Network Map Click Status to display the Status screen, where you can view the VMG’s interface and system information.
Chapter 2 The Web Configurator 2.2 Web Configurator Layout Figure 14 Screen Layout As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar provides some icons in the upper right corner.
Chapter 2 The Web Configurator 2.2.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure VMG features. The following tables describe each menu item. Table 3 Navigation Panel Summary LINK FUNCTION Connection Status This screen shows the network status of the VMG and computers/devices connected to it.
Page 30
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK FUNCTION General Use this screen to enable QoS and traffic prioritizing. You can also configure the QoS rules and actions. Queue Setup Use this screen to configure QoS queues. Classification Use this screen to define a classifier.
Page 31
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK FUNCTION System Log Use this screen to view the status of events that occurred to the VMG. You can export or e-mail the logs. Security Log Use this screen to view all security related events. You can select level and category of the security events in their proper drop-down list window.
Page 32
Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK FUNCTION Firmware Firmware Use this screen to upload firmware to your VMG. Upgrade Upgrade Backup/Restore Backup/Restore Use this screen to backup and restore your VMG’s configuration (settings) or reset the factory default settings. Reboot Reboot Use this screen to reboot the VMG without turning the power off.
H A P T E R Quick Start 3.1 Overview Use the Quick Start screens to configure the VMG’s time zone, basic Internet access, and wireless settings. Note: See the technical reference chapters (starting on Chapter 4 on page 35) for background information on the features in this chapter.
Page 34
Chapter 3 Quick Start Figure 16 Quick Start - Internet Connection Turn the wireless LAN on or off. If you keep it on, record the security settings so you can configure your wireless clients to connect to the VMG. Click Save. Figure 17 Quick Start - Wireless Your VMG saves your settings and attempts to connect to the Internet.
H A P T E R Tutorials 4.1 Overview This chapter shows you how to use the VMG’s various features. • Setting Up an ADSL PPPoE Connection, see page 35 • Setting Up a Secure Wireless Network, see page 38 •...
Page 36
Chapter 4 Tutorials In this example, the DSL connection has the following information. General Name MyDSLConnection Type ADSL Connection Mode Routing Encapsulation PPPoE IPv6/IPv4 Mode IPv4 ATM PVC Configuration VPI/VCI 36/48 Encapsulation Mode LLC/SNAP-Bridging Service Category UBR without PCR Account Information PPP User Name 1234@DSL-Ex.com PPP Password...
Page 37
Chapter 4 Tutorials You should see a summary of your new DSL connection setup in the Broadband screen as follows. VMG3925-B10C/B30C User’s Guide...
Chapter 4 Tutorials Try to connect to a website to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens. 4.3 Setting Up a Secure Wireless Network Thomas wants to set up a wireless network so that he can use his notebook to access the Internet.
Page 39
Chapter 4 Tutorials Click Network Setting > Wireless to open the General screen. Select More Secure as the security level and WPA2-PSK as the security mode. Configure the screen using the provided parameters (see page 38). Click Apply. Go to the Wireless > Others screen and select 802.11b/g/n Mixed in the 802.11 Mode field. Click Apply. VMG3925-B10C/B30C User’s Guide...
Chapter 4 Tutorials Thomas can now use the WPS feature to establish a wireless connection between his notebook and the VMG (see Section 4.3.2 on page 40). He can also use the notebook’s wireless client to search for the VMG (see Section 4.3.3 on page 43).
Page 41
Chapter 4 Tutorials Example WPS Process: PBC Method Wireless Client WITHIN 2 MINUTES Press and hold for more than 5 seconds SECURITY INFO COMMUNICATION PIN Configuration When you use the PIN configuration method, you need to check the client’s PIN number and the VMG’s web configurator.
Page 42
Chapter 4 Tutorials Enter the client’s PIN number to the PIN field in the Network Setting > Wireless > WPS screen on the VMG. Click the Register button on the VMG’s WPS screen within two minutes. The VMG authenticates the wireless client and sends the proper configuration settings to the wireless client.
Chapter 4 Tutorials Example WPS Process: PIN Method Wireless Client Enter WPS PIN from other device: Register WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION 4.3.3 Connecting to the VMG’s Wi-Fi Network Manually (No WPS) In this example, we change the VMG’s wireless settings, and then manually select the VMG’s new SSID and enter the Wi-Fi key to connect a wireless client to the VMG.
Chapter 4 Tutorials 4.3.4 Configuring Wireless Security on the VMG This section shows you how to configure wireless security settings with the following parameters on your VMG. Frequency Band 2.4 GHz SSID SSID_Example Channel Auto Security WPA2-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your VMG.
Page 45
Chapter 4 Tutorials Set security mode to WPA2-PSK and enter ThisismyWPA-PSKpre-sharedkey in the Pre-Shared Key field. Click Apply. VMG3925-B10C/B30C User’s Guide...
Chapter 4 Tutorials Open the Status screen. Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status. 4.3.5 Configure Your Notebook Note: In this example, we use a Windows 7 laptop that has a built-in wireless adapter as the wireless client.
Page 47
Chapter 4 Tutorials Select SSID_Example and click Connect. The following screen displays if WPS is enabled on the VMG but you didn’t press the WPS button. Click Connect using as security key instead. Type the security key in the following screen. Click OK. VMG3925-B10C/B30C User’s Guide...
Chapter 4 Tutorials Check the status of your wireless connection in the screen below. If the wireless client keeps trying to connect to or acquiring an IP address from the VMG, make sure you entered the correct security key. If the connection has limited or no connectivity, make sure the VMG is connected to a router with the DHCP server enabled.
Page 49
Chapter 4 Tutorials • Employees in Company A will use a general Company wireless network group. • Higher management level and important visitors will use the VIP group. • Visiting guests will use the Guest group, which has a different SSID and password. Company A will use the following parameters to set up the wireless network groups.
Page 50
Chapter 4 Tutorials Click Network Setting > Wireless > Guest/More AP to open the following screen. Click the Edit icon to configure the second wireless network group. VMG3925-B10C/B30C User’s Guide...
Page 51
Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. In the Guest/More AP screen, click the Edit icon to configure the third wireless network group. Configure the screen using the provided parameters and click Apply. VMG3925-B10C/B30C User’s Guide...
Page 52
Chapter 4 Tutorials Check the status of VIP and Guest in the Guest/More AP screen. The yellow bulbs signify that the SSIDs are active and ready for wireless access. VMG3925-B10C/B30C User’s Guide...
Chapter 4 Tutorials 4.5 Using the File Sharing Feature In this section you can: • Set up file sharing of your USB device from the VMG. • Access the shared files of your USB device from a computer. 4.5.1 Set Up File Sharing To set up file sharing you need to connect your USB device, enable file sharing and set up your share(s).
Page 54
Chapter 4 Tutorials If the share names include spaces and the following special characters listed in the brackets ["`<>^$|&;\/:*?'], the following screen will appear. To avoid this, please correct your share names in the USB, and repeat the steps above. It’s mandatory for you to add a description for the share.
Chapter 4 Tutorials If you want specific users only to access the shares, you need to Add New Users in Account Management. Once you click the Add New User button, you’ll be directed to the User Account screen. To create a user account that can access the secured shares on the USB device, click the Add New Account button in the Network Setting >...
Chapter 4 Tutorials 4.6 Using the Media Server Feature Use the media server feature to play files on a computer or on your television (using DMA-2500). This section shows you how the media server feature works using the following media clients: •...
Page 57
Chapter 4 Tutorials If you cannot see the VMG in the left panel as shown above, go to Organize > Manage Libraries > Music/Videos/Pictures/Recorded TV > Add > \\192.168.1.1\BobShare. (Select the folder containing the media you wish to upload to Windows Media Player.) In the right panel, you should see a list of files available in the USB storage device.
Chapter 4 Tutorials 4.6.3 Using a Digital Media Adapter This section shows you how you can use the VMG with a Zyxel DMA-2500 to play media files stored in the USB storage device in your TV screen. Note: For this tutorial, your DMA-2500 should already be set up with the TV according to the instructions in the DMA-2500 Quick Start Guide.
Chapter 4 Tutorials The screen shows you the list of available media files in the USB storage device. Select the file you want to open and push the Play button in the remote control. 4.7 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the VMG’s LAN.
Page 60
Chapter 4 Tutorials You need to specify a static routing rule on the VMG to specify R as the router in charge of forwarding traffic to N2. In this case, the VMG routes traffic from A to R and then R routes the traffic to B. This tutorial uses the following example IP settings: Table 4 IP Settings in this Tutorial DEVICE / COMPUTER...
Page 61
Chapter 4 Tutorials To configure a static route to route traffic from N1 to N2: Log into the VMG’s Web Configurator in advanced mode. Click Network Setting > Routing. Click Add new Static Route in the Static Route screen. Configure the Static Route Setup screen using the following settings: Select the Active check box.
Chapter 4 Tutorials 4.8 Configuring QoS Queue and Class Setup This section contains tutorials on how you can configure the QoS screen. Let’s say you are a team leader of a small sales branch office. You want to prioritize e-mail traffic because your task includes sending urgent updates to clients at least twice every hour.
Page 63
Chapter 4 Tutorials Click Queue Setup > Add new Queue to create a new queue. In the screen that opens, check Active and enter or select the following values: • Name: E-mail • Interface: WAN • Priority: 1 (High) • Weight: 8 •...
Page 64
Chapter 4 Tutorials Tutorial: Advanced > QoS > Class Setup Class Name Give a class name to this traffic, such as E-mail in this example. From Interface This is the interface from which the traffic will be coming from. Select LAN1 for this example. Ether Type Select IP to identify the traffic source by its IP address or MAC address.
Chapter 4 Tutorials This maps e-mail traffic coming from port 25 to the highest priority, which you have created in the previous screen (see the IP Protocol field). This also maps your computer’s IP address and MAC address to the E-mail queue (see the Source fields). Verify that the queue setup works by checking Network Setting >...
Chapter 4 Tutorials 4.9.2 Configuring DDNS on Your VMG Configure the following settings in the Network Setting > DNS > Dynamic DNS screen. • Select Enable Dynamic DNS. • Select www.DynDNS.com as the service provider. • Type zyxelrouter.dyndns.org in the Host Name field. •...
Page 67
Chapter 4 Tutorials Click Security > MAC Filter to open the MAC Filter screen. Select the Enable check box to activate MAC filter function. Select Allow. Then enter the host name and MAC address of Thomas’ computer in this screen. Click Apply.
Chapter 4 Tutorials 4.11 Access Your Shared Files From a Computer Here is how to use an FTP program to access a file storage device connected to the VMG’s USB port. Note: This example uses the FileZilla FTP program to browse your shared files. In FileZilla enter the IP address of the VMG (the default is 192.168.1.1), your account’s user name and password and port 21 and click Quickconnect.
H A P T E R Network Map and Status Screens 5.1 Overview After you log into the Web Configurator, the Network Map screen appears. This shows the network connection status of the VMG and clients connected to it. You can use the Status screen to look at the current status of the VMG, system resources, and interfaces (LAN, WAN, and WLAN).
Chapter 5 Network Map and Status Screens If you want to view information about a client, click the client’s name and Info. Click the IP address if you want to change it. If you want to change the name or icon of the client, click Change name/icon. If you prefer to view the status in a list, click List View in the Viewing mode selection box.
Page 72
Chapter 5 Network Map and Status Screens Figure 20 Status Screen Each field is described in the following table. Table 5 Status Screen LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Device Information Host Name This field displays the VMG system name.
Page 73
Chapter 5 Network Map and Status Screens Table 5 Status Screen (continued) LABEL DESCRIPTION Secondary DNS This field displays the second DNS server address assigned by the ISP. server DHCP This field displays whether the WAN interface is using a DHCP IP address or a static IP address. Choices are: Client - The WAN interface can obtain an IP address from a DHCP server.
Page 74
Chapter 5 Network Map and Status Screens Table 5 Status Screen (continued) LABEL DESCRIPTION NAT Session This field displays what percentage of the VMG supported NAT sessions are currently being Usage used. This field also displays the number of active NAT sessions and the maximum number of NAT sessions the VMG can support.
H A P T E R Broadband 6.1 Overview This chapter discusses the VMG’s Broadband screens. Use these screens to configure your VMG for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Chapter 6 Broadband Table 6 WAN Setup Overview LAYER-2 INTERFACE INTERNET CONNECTION CONNECTION DSL LINK TYPE MODE ENCAPSULATION CONNECTION SETTINGS ADSL over ATM Routing PPPoE/PPPoA ATM PVC configuration, PPP information, IPv4/IPv6 IP address, routing feature, DNS server, VLAN, QoS, and MTU IPoE/IPoA ATM PVC configuration, IPv4/IPv6 IP address, routing feature, DNS server,...
Page 77
Chapter 6 Broadband IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be written as 2001:db8:1a2b:15:0:0:1a2f:0.
Chapter 6 Broadband Figure 22 IPv6 Rapid Deployment Dual Stack Lite Use Dual Stack Lite when local network computers use IPv4 and the ISP has an IPv6 network. When the VMG has an IPv6 WAN address and you set IPv6/IPv4 Mode to IPv6 Only, you can enable Dual Stack Lite to use IPv4 computers and services.
Chapter 6 Broadband 6.2 The Broadband Screen Use this screen to change your VMG’s Internet access settings. Click Network Setting > Broadband from the menu. The summary table shows you the configured WAN services (connections) on the VMG. Figure 24 Network Setting > Broadband The following table describes the labels in this screen.
Chapter 6 Broadband 6.2.1 Add/Edit Internet Connection Click Add New WAN Interface in the Broadband screen or the Edit icon next to an existing WAN interface to configure a WAN connection. The screen varies depending on the interface type, mode, encapsulation, and IPv6/IPv4 mode you select.
Page 81
Chapter 6 Broadband The following table describes the labels in this screen. Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) LABEL DESCRIPTION General Active Select Enable or Disable to activate or deactivate the interface. Name Specify a descriptive name for this connection.
Page 82
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION PPPoE This field is available when you select PPPoE encapsulation. Passthrough In addition to the VMG’s built-in PPPoE client, you can enable PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the VMG.
Page 83
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION Tunnel The DS-Lite (Dual Stack Lite) fields display when you set the IPv4/IPv6 Mode field to IPv6 Only. Enable Dual Stack Lite to let local computers use IPv4 through an ISP’s IPv6 network. See Dual Stack Lite on page 78 for more information.
Page 84
Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION IPv6 Default Enter the IP address of the next-hop gateway. The gateway is a router or switch on the same Gateway segment as your VMG's interface(s).
Page 85
Chapter 6 Broadband Figure 26 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL/VDSL over PTM -Bridge Mode) The following table describes the fields in this screen. Table 9 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL/VDSL over PTM -Bridge Mode) LABEL DESCRIPTION...
Page 86
Chapter 6 Broadband Figure 27 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL over ATM-Bridge Mode) The following table describes the fields in this screen. Table 10 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL over ATM-Bridge Mode) LABEL DESCRIPTION General...
Chapter 6 Broadband Table 10 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL over ATM-Bridge Mode) LABEL DESCRIPTION Service Select UBR Without PCR for applications that are non-time sensitive, such as e-mail. Category Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select Non Realtime VBR (non real-time Variable Bit Rate) for connections that do not require closely controlled delay and delay variation.
Page 88
Chapter 6 Broadband Note: The actual data rate you obtain varies depending the cellular card you use, the signal strength to the service provider’s base station, and so on. Figure 29 Network Setting > Broadband > Cellular Backup VMG3925-B10C/B30C User’s Guide...
Page 89
Chapter 6 Broadband The following table describes the labels in this screen. Table 11 Network Setting > Broadband > Cellular Backup LABEL DESCRIPTION General Cellular Backup Select Enable to have the VMG use the cellular connection as your WAN or a backup when the wired WAN connection fails.
Page 90
Chapter 6 Broadband Table 11 Network Setting > Broadband > Cellular Backup (continued) LABEL DESCRIPTION Obtain an IP Select this option if your ISP did not assign you a fixed IP address. Address Automatically Use the Select this option if the ISP assigned a fixed IP address. following static IP address IP Address...
Page 91
Chapter 6 Broadband Table 11 Network Setting > Broadband > Cellular Backup (continued) LABEL DESCRIPTION Data Budget Select this and specify how much downstream and/or upstream data (in k Packets) can be (kPackets) transmitted via the cellular connection within one month. Select Download/Upload to set a limit on the total traffic in both directions.
Chapter 6 Broadband 6.4 The Advanced Screen Use the Advanced screen to enable or disable ADSL over PTM, Annex M, DSL PhyR, and SRA (Seamless Rate Adaptation) functions. The VMG supports the PhyR retransmission scheme. PhyR is a retransmission scheme designed to provide protection against noise on the DSL line. It improves voice, video and data transmission resilience by utilizing a retransmission buffer.
Page 93
Chapter 6 Broadband The following table describes the labels in this screen. Table 13 Network Setting > Broadband > Advanced LABEL DESCRIPTION PhyR US Enable or disable PhyR US (upstream) for upstream transmission to the WAN. PhyR US should be enabled if data being transmitted upstream is sensitive to noise.
Chapter 6 Broadband Table 13 Network Setting > Broadband > Advanced (continued) LABEL DESCRIPTION 8a, 8b, 8c, 8d, The G.993.2 VDSL standard defines a wide range of profiles that can be used in different VDSL 12a, 12b, 17a, deployment settings, such as in a central office, a street cabinet or a building. The VMG must comply with at least one profile specified in G.993.2.
Page 95
Chapter 6 Broadband Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site. By implementing PPPoE directly on the VMG (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the VMG does that part of the task.
Page 96
Chapter 6 Broadband The following figure illustrates the relationship between PCR, SCR and MBS. Figure 31 Example of Traffic Shaping ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
Page 97
Chapter 6 Broadband IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP.
Page 98
Chapter 6 Broadband Internet Group Multicast Protocol (IGMP) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
H A P T E R Wireless 7.1 Overview This chapter describes the VMG’s Network Setting > Wireless screens. Use these screens to set up your VMG’s wireless connection. 7.1.1 What You Can Do in this Chapter This section describes the VMG’s Wireless screens. Use these screens to set up your VMG’s wireless connection.
Chapter 7 Wireless Finding Out More Section 7.10 on page 115 for advanced technical information on wireless networks. 7.2 The General Screen Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode. Note: If you are configuring the VMG from a computer connected to the wireless LAN and you change the VMG’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.
Page 101
Chapter 7 Wireless Figure 32 Network Setting > Wireless > General The following table describes the general wireless LAN labels in this screen. Table 14 Network Setting > Wireless > General LABEL DESCRIPTION Wireless Network Setup Band This shows the wireless band which this radio profile is using. 2.4GHz is the frequency used by IEEE 802.11b/g/n wireless clients while 5GHz is used by IEEE 802.11a/ac wireless clients.
Chapter 7 Wireless Table 14 Network Setting > Wireless > General (continued) LABEL DESCRIPTION Bandwidth Select whether the VMG uses a wireless channel width of 20MHz, 40MHz or 80MHz. A standard 20MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300 Mbps.
Chapter 7 Wireless Figure 33 Wireless > General: No Security The following table describes the labels in this screen. Table 15 Wireless > General: No Security LABEL DESCRIPTION Security Level Choose No Security to allow all wireless connections without data encryption or authentication. 7.2.2 More Secure (WPA2-PSK) The WPA2-PSK security mode is a newer, more robust version of the WPA encryption standard.
Chapter 7 Wireless Table 16 Wireless > General: More Secure: WPA2-PSK (continued) LABEL DESCRIPTION Password The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific credentials.
Chapter 7 Wireless Table 17 Network Setting > Wireless > Guest / More AP (continued) LABEL DESCRIPTION Guest WLAN This displays if the guest WLAN function has been enabled for this WLAN. If Home Guest displays, clients can connect to each other directly. If External Guest displays, clients are blocked from connecting to each other directly.
Page 106
Chapter 7 Wireless Figure 36 Network Setting > Wireless > Guest/More AP > Edit The following table describes the fields in this screen. Table 18 Network Setting > Wireless > Guest/More AP > Edit LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in this field.
Chapter 7 Wireless Table 18 Network Setting > Wireless > Guest/More AP > Edit (continued) LABEL DESCRIPTION Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool. Guest WLAN Select this to create Guest WLANs for home and external clients.
Chapter 7 Wireless Figure 37 Network Setting > Wireless > MAC Authentication The following table describes the labels in this screen. Table 19 Network Setting > Wireless > Authentication LABEL DESCRIPTION General SSID Select the SSID for which you want to configure MAC filter settings. MAC Restrict Define the filter action for the list of MAC addresses in the MAC address list.
Page 109
Chapter 7 Wireless WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices. Both devices must support WPS. See Section 7.10.8.3 on page 123 for more information about WPS.
Chapter 7 Wireless Table 20 Network Setting > Wireless > WPS (continued) LABEL DESCRIPTION Register Enter the PIN of the device that you are setting up a WPS connection with and click Register to authenticate and add the wireless device to your wireless network. You can find the PIN either on the outside of the device, or by checking the device’s settings.
Chapter 7 Wireless The following table describes the labels in this screen. Table 21 Network Setting > Wireless > WMM LABEL DESCRIPTION WMM of SSID1~4 Select On to have the VMG automatically give the wireless network (SSIDx) a priority level according to the ToS value in the IP header of packets it sends.
Chapter 7 Wireless Table 22 Network Setting > Wireless > Others (continued) LABEL DESCRIPTION Output Power Set the output power of the VMG. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs. Select one of the following: 20%, 40%, 60%, 80% or 100%.
Chapter 7 Wireless Figure 41 Network Setting > Wireless > Channel Status 7.9 The WLAN Scheduler Screen Use this screen to set the times your wireless LAN is turned on and off. Wireless LAN scheduler is disabled by default. The wireless LAN can be scheduled to turn on or off on certain days and at certain times. To open this screen, click Network >...
Chapter 7 Wireless Figure 42 Network > Wireless > WLAN Scheduler The following table describes the labels in this screen. Table 23 Network > Wireless > WLAN Scheduler LABEL DESCRIPTION WLAN Select Enable to activate the wireless LAN scheduler feature. Select Disable to turn it off. Scheduler Access Add New Rule...
Chapter 7 Wireless Figure 43 Network > Wireless > WLAN Scheduler: Add/Edit a Rule The following table describes the labels in this screen. Table 24 Network > Wireless > WLAN Scheduler: Add/Edit a Rule LABEL DESCRIPTION Active Select Enable or Disable to activate or deactivate this scheduler rule. SSID Select an SSID for this scheduler rule.
Page 116
Chapter 7 Wireless Traditionally, a wireless network operates in one of two ways. • An “infrastructure” type of network has one or more access points and one or more wireless clients. The wireless clients connect to the access points. • An “ad-hoc” type of network is one in which there is no access point. Wireless clients connect to one another in order to exchange information.
Chapter 7 Wireless Radio Channels In the radio spectrum, there are certain frequency bands allocated for unlicensed, civilian use. For the purposes of wireless networking, these bands are divided into numerous channels. This allows a variety of networks to exist in the same place without interfering with one another. When you create a network, you must select a channel to use.
Page 118
Chapter 7 Wireless random numbers and letters - but it is not very secure if you use a short key which is very easy to guess - for example, a three-letter word from the dictionary. Because of the damage that can be done by a malicious attacker, it’s not just people who have sensitive information on their network who should use security.
Chapter 7 Wireless Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network.
Chapter 7 Wireless coincidental emitters such as electric motors or microwaves. Problems with absorption occur when physical objects (such as thick walls) are between the two radios, muffling the signal. 7.10.5 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).
Chapter 7 Wireless 7.10.6.1 Notes on Multiple BSSs • A maximum of eight BSSs are allowed on one AP simultaneously. • You must use different keys for different BSSs. If two wireless devices have different BSSIDs (they are in different BSSs), but have the same keys, they may hear each other’s communications (but not communicate with each other).
Page 122
Chapter 7 Wireless Ensure that the two devices you want to set up are within wireless range of one another. Look for a WPS button on each device. If the device does not have one, log into its configuration utility and locate the button (see the device’s User’s Guide for how to do this - for the VMG, see Section 7.6 on page...
Page 123
Chapter 7 Wireless On a computer connected to the wireless client, try to connect to the Internet. If you can connect, WPS was successful. If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful.
Page 124
Chapter 7 Wireless standards supported by the devices. If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly. The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point.
Page 125
Chapter 7 Wireless The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information.
Page 126
Chapter 7 Wireless Figure 50 WPS: Example Network Step 3 7.10.8.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate). It does not work in Ad-Hoc networks (where there is no AP).
Page 127
Chapter 7 Wireless point is the WPS registrar, the enrollee, or was not involved in the WPS handshake; a rogue device must still associate with the access point to gain access to the network. Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP.
H A P T E R Home Networking 8.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses.
Chapter 8 Home Networking 8.1.2 What You Need To Know 8.1.2.1 About LAN IP Address IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.
Chapter 8 Home Networking • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the Chapter 11 on page 171 for more information on NAT. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues.
Page 131
Chapter 8 Home Networking Click Apply to save your settings. Figure 51 Network Setting > Home Networking > LAN Setup VMG3925-B10C/B30C User’s Guide...
Page 132
Chapter 8 Home Networking The following table describes the fields in this screen. Table 27 Network Setting > Home Networking > LAN Setup LABEL DESCRIPTION Interface Group Group Name Select the interface group name for which you want to configure LAN settings. See Chapter 15 on page 198 for how to create a new interface group.
Page 133
Chapter 8 Home Networking Table 27 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION IPv6 State Select Enable to activate the IPv6 mode and configure IPv6 settings on the VMG. Link Local Address Type EUI64 Select this to have the VMG generate an interface ID for the LAN interface’s link-local address using the EUI-64 format.
Chapter 8 Home Networking Table 27 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION DNS Query Select how the VMG handles clients’ DNS information requests. Scenario • IPv4/IPv6 DNS Server: The VMG forwards the requests to both the IPv4 and IPv6 DNS servers and sends clients the first DNS information it receives.
Page 135
Chapter 8 Home Networking Table 28 Network Setting > Home Networking > Static DHCP LABEL DESCRIPTION IP Address This field displays the IP address relative to the # field listed above. Modify Click the Edit icon to have the IP address field editable and change it. Click the Delete icon to delete a static DHCP entry.
Chapter 8 Home Networking 8.4 The UPnP Screen Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.
Chapter 8 Home Networking Table 30 Network Setting > Home Networking > UPnP (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 8.4.1 Turning On UPnP in Windows 7 Example This section shows you how to use the UPnP feature in Windows 7.
Chapter 8 Home Networking 8.5 The Additional Subnet Screen Use the Additional Subnet screen to configure IP alias and public static IP. IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The VMG supports multiple logical LAN interfaces via its physical Ethernet interface with the VMG3925-B10C/B30C User’s Guide...
Page 139
Chapter 8 Home Networking VMG itself as the gateway for the LAN network. When you use IP alias, you can also configure firewall rules to control access to the LAN's logical network (subnet). If your ISP provides the Public LAN service, the VMG may use an LAN IP address that can be accessed from the WAN.
Chapter 8 Home Networking 8.6 The STB Vendor ID Screen Set Top Box (STB) devices with dynamic IP addresses sometimes don’t renew their IP addresses before the lease time expires. This could lead to IP address conflicts if the STB continues to use an IP address that gets assigned to another device.
Chapter 8 Home Networking The following table describes the labels in this screen. Table 33 Network Setting > Home Networking > Wake on Lan LABEL DESCRIPTION Wake by Select Manual and enter the IP address or MAC address of the device to turn it on remotely. The Address drop-down list also lists the IP addresses that can be found in the VMG’s ARP table.
Chapter 8 Home Networking 8.9.1 LANs, WANs and the VMG The actual physical connection determines whether the VMG ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
Chapter 8 Home Networking • Some ISPs choose to disseminate the DNS server addresses using the DNS server extensions of IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation.
Page 144
Chapter 8 Home Networking You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
H A P T E R Routing 9.1 Overview The VMG usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the VMG send data to devices not reachable through the default gateway, use static routes.
Chapter 9 Routing Figure 61 Network Setting > Routing > Static Route The following table describes the labels in this screen. Table 35 Network Setting > Routing > Static Route LABEL DESCRIPTION Add new static Click this to configure a new static route. route This is the index number of the entry.
Page 147
Chapter 9 Routing Figure 62 Routing: Add/Edit The following table describes the labels in this screen. Table 36 Routing: Add/Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Select Enable to enable the static route. Select Disable to disable this static route without having to delete the entry.
Chapter 9 Routing 9.3 The DNS Route Screen Use this screen to view and configure DNS routes on the VMG. Click Network Setting > Routing > DNS Route to open the following screen. Figure 63 Network Setting > Routing > DNS Route The following table describes the labels in this screen.
Chapter 9 Routing The following table describes the labels in this screen. Table 38 DNS Route Add LABEL DESCRIPTION Active Select Enable to activate this DNS route. Domain Name Enter the domain name of the DNS route entry. Subnet Mask Enter the subnet mask of the DNS route entry.
Chapter 9 Routing Table 39 Network Setting > Routing >Policy Route (continued) LABEL DESCRIPTION Source Port This is the source port number. Source MAC This is the source MAC address. Source This is the interface from which the matched traffic is sent. Interface WAN Interface This is the WAN interface through which the traffic is routed.
Chapter 9 Routing Table 40 Policy Route: Add/Edit (Sheet 2 of 2) LABEL DESCRIPTION Source Interface Type the name of the interface from which the matched traffic is sent. WAN Interface Select a WAN interface through which the traffic is sent. You must have the WAN interface(s) already configured in the Broadband screens.
Page 152
Chapter 9 Routing Table 41 RIP LABEL DESCRIPTION Disable Default Select the check box to set the VMG to not send the route information to the default Gateway gateway. Apply Click Apply to save your changes back to the VMG. VMG3925-B10C/B30C User’s Guide...
H A P T E R Quality of Service (QoS) 10.1 Overview Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested.
Chapter 10 Quality of Service (QoS) 10.2 What You Need to Know The following terms and concepts may help as you read through this chapter. QoS versus Cos QoS is used to prioritize source-to-destination traffic flows. All packets in the same flow are given the same priority.
Chapter 10 Quality of Service (QoS) Traffic Policing Traffic policing is the limiting of the input or output transmission rate of a class of traffic on the basis of user-defined criteria. Traffic policing methods measure traffic flows against user-defined criteria and identify it as either conforming, exceeding or violating the criteria.
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 42 Network Setting > QoS > General LABEL DESCRIPTION Select the Enable check box to turn on QoS to improve your network performance. WAN Managed Enter the amount of upstream bandwidth for the WAN interfaces that you want to allocate using Upstream QoS.
Page 157
Chapter 10 Quality of Service (QoS) Figure 69 Network Setting > QoS > Queue Setup The following table describes the labels in this screen. Table 43 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Add New Click this button to create a new queue entry. Queue This is the index number of the entry.
Chapter 10 Quality of Service (QoS) 10.4.1 Adding a QoS Queue Click Add New Queue or the edit icon in the Queue Setup screen to configure a queue. Figure 70 Queue Setup: Add The following table describes the labels in this screen. Table 44 Queue Setup: Add LABEL DESCRIPTION...
Chapter 10 Quality of Service (QoS) 10.5 The Classification Setup Screen Use this screen to add, edit or delete QoS classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming interface.
Page 160
Chapter 10 Quality of Service (QoS) Figure 72 Classification Setup: Add/Edit VMG3925-B10C/B30C User’s Guide...
Page 161
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 46 Classification Setup: Add/Edit LABEL DESCRIPTION Step1: Class Configuration Active Select Enable to activate this classifier. Class Name Enter a descriptive name of up to 15 printable English keyboard characters, not including spaces.
Page 162
Chapter 10 Quality of Service (QoS) Table 46 Classification Setup: Add/Edit (continued) LABEL DESCRIPTION Service This field is available only when you select IP in the Ether Type field. This field simplifies classifier configuration by allowing you to select a predefined application. When you select a predefined application, you do not configure the rest of the filter fields.
Chapter 10 Quality of Service (QoS) Table 46 Classification Setup: Add/Edit (continued) LABEL DESCRIPTION Step4: Class Routing Forward to Select a WAN interface through which traffic of this class will be forwarded out. If you select Interface Unchange, the VMG forward traffic of this class according to the default routing table. Step5: Outgoing Queue Selection To Queue Index Select a queue that applies to this class.
Chapter 10 Quality of Service (QoS) 10.6.1 Add/Edit a QoS Shaper Click Add New Shaper in the Shaper Setup screen or the Edit icon next to a shaper to show the following screen. Figure 74 Shaper Setup: Add/Edit The following table describes the labels in this screen. Table 48 Shaper Setup: Add/Edit LABEL DESCRIPTION...
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 49 Network Setting > QoS > Policer Setup LABEL DESCRIPTION Add new Policer Click this to create a new entry. This is the index number of the entry. Status This field displays whether the policer is active or not.
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 50 Policer Setup: Add/Edit LABEL DESCRIPTION Active Select Enableto activate this policer. Name Enter the descriptive name of this policer. Meter Type This shows the traffic metering algorithm used in this policer. The Simple Token Bucket algorithm uses tokens in a bucket to control when traffic can be transmitted.
Page 167
Chapter 10 Quality of Service (QoS) The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process the frame across the network. IEEE 802.1p specifies the user priority field and defines up to eight separate traffic types. The following table describes the traffic types defined in the IEEE 802.1d standard (which incorporates the 802.1p).
Page 168
Chapter 10 Quality of Service (QoS) IP Precedence Similar to IEEE 802.1p prioritization at layer-2, you can use IP precedence to prioritize packets in a layer-3 network. IP precedence uses three bits of the eight-bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence.
Page 169
Chapter 10 Quality of Service (QoS) Token Bucket The token bucket algorithm uses tokens in a bucket to control when traffic can be transmitted. The bucket stores tokens, each of which represents one byte. The algorithm allows bursts of up to b bytes which is also the bucket size, so the bucket can hold up to b tokens.
Page 170
Chapter 10 Quality of Service (QoS) • If there are not enough tokens in the CBS bucket, the VMG checks the EBS bucket. The packet is marked yellow if there are sufficient tokens in the EBS bucket. Otherwise, the packet is marked red. No tokens are removed if the packet is dropped.
H A P T E R Network Address Translation (NAT) 11.1 Overview This chapter discusses how to configure NAT on the VMG. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Chapter 11 Network Address Translation (NAT) In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.
Page 173
Chapter 11 Network Address Translation (NAT) Figure 77 Multiple Servers Behind NAT Example Click Network Setting > NAT > Port Forwarding to open the following screen. Appendix D on page 315 for port numbers commonly used for particular services. Figure 78 Network Setting > NAT > Port Forwarding The following table describes the fields in this screen.
Chapter 11 Network Address Translation (NAT) Table 53 Network Setting > NAT > Port Forwarding (continued) LABEL DESCRIPTION Protocol This shows the IP protocol supported by this virtual server, whether it is TCP, UDP, or TCP/UDP. Modify Click the Edit icon to edit this rule. Click the Delete icon to delete an existing rule.
Chapter 11 Network Address Translation (NAT) Table 54 Port Forwarding: Add/Edit (continued) LABEL DESCRIPTION End Port Enter the last port of the original destination port range. To forward only one port, enter the port number in the Start Port field above and then enter it again in this field.
Chapter 11 Network Address Translation (NAT) Table 55 Network Setting > NAT > Applications (continued) LABEL DESCRIPTION WAN Interface This field shows the WAN interface through which the service is forwarded. Server IP This field displays the destination IP address for the service. Address Modify Click the Delete icon to delete the rule.
Chapter 11 Network Address Translation (NAT) 11.4 The Port Triggering Screen Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN).
Chapter 11 Network Address Translation (NAT) Figure 83 Network Setting > NAT > Port Triggering The following table describes the labels in this screen. Table 57 Network Setting > NAT > Port Triggering LABEL DESCRIPTION Add New Rule Click this to create a new rule. This is the index number of the entry.
Chapter 11 Network Address Translation (NAT) Figure 84 Port Triggering: Add/Edit The following table describes the labels in this screen. Table 58 Port Triggering: Configuration Add/Edit LABEL DESCRIPTION Active Select Enable or Disable to activate or deactivate the rule. Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on).
Chapter 11 Network Address Translation (NAT) Figure 85 Network Setting > NAT > DMZ The following table describes the fields in this screen. Table 59 Network Setting > NAT > DMZ LABEL DESCRIPTION Default Server Enter the IP address of the default server which receives packets from ports that are not Address specified in the NAT Port Forwarding screen.
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 60 Network Setting > NAT > ALG LABEL DESCRIPTION NAT ALG Enable this to make sure applications such as FTP and file transfer in IM applications work correctly with port-forwarding and address-mapping rules.
Chapter 11 Network Address Translation (NAT) Table 61 Network Setting > NAT > Address Mapping (continued) LABEL DESCRIPTION Type This is the address mapping type. One-to-One: This mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type.
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 62 Address Mapping: Add/Edit LABEL DESCRIPTION Rule Name Type up to 20 alphanumberic characters for the name of this rule. Type Choose the IP/port mapping type from one of the following. One-to-One: This mode maps one local IP address to one global IP address.
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 63 Network Setting > NAT > Sessions LABEL DESCRIPTION MAX NAT Use this field to set a limit to the number of concurrent NAT sessions each client host can have. Session Per Host If only a few clients use peer to peer applications, you can raise this number to improve their performance.
Chapter 11 Network Address Translation (NAT) network and make them accessible to the outside world. If you do not define any servers (for Many-to- One and Many-to-Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your VMG filters out all incoming inquiries, thus preventing intruders from probing your network.
Page 186
Chapter 11 Network Address Translation (NAT) Figure 91 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also refer to the Supporting CD for more examples and details on port forwarding and NAT.
Page 187
Chapter 11 Network Address Translation (NAT) Port Forwarding Example Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
H A P T E R Dynamic DNS Setup 12.1 Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it.
Chapter 12 Dynamic DNS Setup If you have a private WAN IP address, then you cannot use Dynamic DNS. 12.2 The DNS Entry Screen Use this screen to view and configure DNS routes on the VMG. Click Network Setting > DNS to open the DNS Entry screen.
Chapter 12 Dynamic DNS Setup Figure 94 DNS Entry: Add/Edit The following table describes the labels in this screen. Table 67 DNS Entry: Add/Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry. IP Address Enter the IP address of the DNS entry. Apply Click Apply to save your changes.
Page 191
Chapter 12 Dynamic DNS Setup The following table describes the fields in this screen. Table 68 Network Setting > DNS > > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Dynamic DNS Select Enable to use dynamic DNS. Service Provider Select your Dynamic DNS service provider from the drop-down list box. Host/Domain Type the domain name assigned to your VMG by your Dynamic DNS provider.
H A P T E R IGMP/MLD 13.1 Overview Use the IGMP/MLD screen to configure IGMP/MLD group settings. 13.1.1 What You Need To Know Multicast and IGMP Multicast on page 97 for more information. Multicast Listener Discovery (MLD) The Multicast Listener Discovery (MLD) protocol (defined in RFC 2710) is derived from IPv4's Internet Group Management Protocol version 2 (IGMPv2).
Page 193
Chapter 13 IGMP/MLD Figure 96 Network Setting > IGMP/MLD The following table describes the labels in this screen. Table 69 Network Setting > IGMP/MLD LABEL DESCRIPTION IGMP/MLD Configuration Default Version Enter the version of IGMP (1~3) and MLD (1~2) that you want the VMG to use on the WAN. Query Interval Enter the number of seconds the VMG sends a query message to hosts to get the group membership information.
Page 194
Chapter 13 IGMP/MLD Table 69 Network Setting > IGMP/MLD (continued) LABEL DESCRIPTION Maximum Enter a number to limit the number of multicast groups an interface on the VMG is allowed to Multicast join. Once a multicast member is registered in the specified number of multicast groups, any Groups new IGMP or MLD join report frames are dropped by the interface.
H A P T E R Vlan Group 14.1 Overview Virtual LAN IDs are used to identify different traffic types over the same physical link. In the following example, the VMG (DSL) can use VLAN IDs (VID) 100 and 200 to identify Video-on- Demand and IPTV traffic respectively coming from the two VoD and IPTV multicast servers.
Chapter 14 Vlan Group The following table describes the fields in this screen. Table 70 Network Setting > Vlan Group LABEL DESCRIPTION Add New VLAN Click this button to create a new VLAN group. Group This is the index number of the VLAN group. Group Name This shows the descriptive name of the VLAN group.
Page 197
Chapter 14 Vlan Group Table 71 Add/Edit VLAN Group (continued) LABEL DESCRIPTION Select Include to add the associated LAN interface to this VLAN group. Select TX Tagging to tag outgoing traffic from the associated LAN port with the VLAN ID number entered above.
H A P T E R Interface Group 15.1 Overview By default, all LAN and WAN interfaces on the VMG are in the same group and can communicate with each other. Create interface groups to have the VMG assign the IP addresses in different domains to different groups.
Chapter 15 Interface Group Click Network Setting > Interface Grouping to open the following screen. Figure 101 Network Setting > Interface Grouping The following table describes the fields in this screen. Table 72 Network Setting > Interface Grouping LABEL DESCRIPTION Add New Click this button to create a new interface group.
Page 200
Chapter 15 Interface Group Figure 102 Interface Group Configuration The following table describes the fields in this screen. Table 73 Interface Group Configuration LABEL DESCRIPTION Group Name Enter a name to identify this group. You can enter up to 30 characters. You can use letters, numbers, hyphens (-) and underscores (_).
Chapter 15 Interface Group Table 73 Interface Group Configuration (continued) LABEL DESCRIPTION Automatically Click Add to identify LAN hosts to add to the interface group by criteria such as the type of the Add Clients With hardware or firmware. See Section 15.2.2 on page 201 for more information.
Page 202
Chapter 15 Interface Group Table 74 Interface Grouping Criteria (continued) LABEL DESCRIPTION DHCP Option 61 Select this and enter the device identity of the matched traffic. Enter the Identity Association Identifier (IAID) of the device, for example, the WAN connection index number.
H A P T E R USB Service 16.1 Overview You can share files on a USB memory stick or hard drive connected to your VMG with users on your network. The following figure is an overview of the VMG’s file server feature. Computers A and B can access files on a USB device (C) which is connected to the VMG.
Chapter 16 USB Service 16.1.2.1 About File Sharing Workgroup name This is the name given to a set of computers that are connected on a network and share resources such as a printer or files. Windows automatically assigns the workgroup name when you set up a network. Shares When settings are set to default, each USB device connected to the VMG is given a folder, called a “share”.
Page 205
Chapter 16 USB Service Figure 105 Network Setting > USB Service > File Sharing Note: Share Directory List field appears when you connect a USB device to the USB port. Otherwise, it doesn’t. Each field is described in the following table. Table 75 Network Setting >...
Chapter 16 USB Service Table 75 Network Setting > USB Service > File Sharing LABEL DESCRIPTION Add New User Click this button to create a user account to access the secured shares. Status This field shows the status of the user. : The user account is not activated for the share.
Chapter 16 USB Service 16.2.2 The Add New User Screen Once you click the Add New User button, you’ll be directed to the User Account screen. To create a user account that can access the secured shares on the USB device, click the Add New Account button in the Maintenance >...
Page 208
Chapter 16 USB Service Table 77 Network Setting > USB Service > Media Server (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. VMG3925-B10C/B30C User’s Guide...
H A P T E R Firewall 17.1 Overview This chapter shows you how to enable and configure the VMG’s security settings. Use the firewall to protect your VMG and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
Chapter 17 Firewall 17.1.2 What You Need to Know SYN Attack A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN- ACK, it queues up all outstanding SYN-ACK responses on a backlog queue.
Chapter 17 Firewall Figure 109 Security > Firewall > General The following table describes the labels in this screen. Table 78 Security > Firewall > General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the VMG. Select Low to allow LAN to WAN and WAN to LAN packet directions. Medium Select Medium to allow LAN to WAN but deny WAN to LAN packet directions.
Chapter 17 Firewall Figure 110 Security > Firewall > Protocol The following table describes the labels in this screen. Table 79 Security > Firewall > Protocol LABEL DESCRIPTION Add New Click this to add a new service. Protocol Entry Name This is the name of your customized service.
Chapter 17 Firewall The following table describes the labels in this screen. Table 80 Service: Add/Edit LABEL DESCRIPTION Service Name Enter a unique name (up to 32 printable English keyboard characters, including spaces) for your customized port. Description Enter a description for your customized port. Protocol Choose the IP protocol (TCP, UDP, ICMP, or Other) that defines your customized port from the drop-down list box.
Chapter 17 Firewall Table 81 Security > Firewall > Access Control (continued) LABEL DESCRIPTION Action This field displays whether the rule silently discards packets (DROP), discards packets and sends a TCP reset packet or an ICMP destination-unreachable message to the sender (REJECT) or allows the passage of packets (ACCEPT).
Chapter 17 Firewall Table 82 Access Control: Add/Edit (continued) LABEL DESCRIPTION Select Source Select the source device to which the ACL rule applies. If you select Specific IP Address, enter Device the source IP address in the field below. Source IP Enter the source IP address.
Page 216
Chapter 17 Firewall Figure 114 Security > Firewall > DoS The following table describes the labels in this screen. Table 83 Security > Firewall > DoS LABEL DESCRIPTION DoS Protection Select Enable to enable protection against DoS attacks. Blocking Apply Click Apply to save your changes.
H A P T E R MAC Filter 18.1 Overview You can configure the VMG to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. Every Ethernet device has a unique MAC (Media Access Control) address.
Page 218
Chapter 18 MAC Filter The following table describes the labels in this screen. Table 84 Security > MAC Filter LABEL DESCRIPTION MAC Address Filter Select Enable to activate the MAC filter function. MAC Restrict Mode Select Allow to only permit the listed MAC addresses access to the VMG. Select Deny to permit anyone access to the VMG except the listed MAC addresses.
H A P T E R Parental Control 19.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the VMG performs parental control on a specific user. 19.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules.
Chapter 19 Parental Control Table 85 Security > Parental Control (continued) LABEL DESCRIPTION Internet Access This shows the day(s) and time on which parental control is enabled. Schedule Network Service This shows whether the network service is configured. If not, None will be shown. Website Block This shows whether the website block is configured.
Page 221
Chapter 19 Parental Control The following table describes the fields in this screen. Table 86 Parental Control Rule: Add/Edit LABEL DESCRIPTION General Active Select Enable or Disable to activate or deactivate the parental control rule. Parental Control Enter a descriptive name for the rule. Profile Name Home Network Select the LAN user that you want to apply this rule to from the drop-down list box.
Page 222
Chapter 19 Parental Control Table 86 Parental Control Rule: Add/Edit (continued) LABEL DESCRIPTION Redirect Select this to redirect users who access any blocked websites listed above to the Zyxel Family blocked site to Safety page as shown next. Zyxel Family Figure 118 Zyxel Family Safety Page Example Safety page Click OK to save your changes.
Page 223
Chapter 19 Parental Control Table 87 Parental Control Rule: Add/Edit > Add New Service (continued) LABEL DESCRIPTION Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. Click Security > Parental Control > Add New PCP > Add to open the following screen. Figure 120 Parental Control Rule: Add/Edit Rule >...
H A P T E R Scheduler Rule 20.1 Overview You can define time periods and days during which the VMG performs scheduled rules of certain features (such as Firewall Access Control) in the Scheduler Rule screen. 20.2 The Scheduler Rule Screen Use this screen to view, add, or edit time schedule rules.
Page 225
Chapter 20 Scheduler Rule Figure 122 Scheduler Rule: Add/Edit The following table describes the fields in this screen. Table 90 Scheduler Rule: Add/Edit LABEL DESCRIPTION Rule Name Enter a name (up to 31 printable English keyboard characters, not including spaces) for this schedule.
H A P T E R Certificates 21.1 Overview The VMG can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 21.1.1 What You Can Do in this Chapter •...
Chapter 21 Certificates Figure 123 Security > Certificates > Local Certificates The following table describes the labels in this screen. Table 91 Security > Certificates > Local Certificates LABEL DESCRIPTION Private Key is Select the checkbox and enter the private key into the text box to store it on the VMG. The protected by a private key should not exceed 63 ASCII characters (not including spaces).
Chapter 21 Certificates Figure 124 Create Certificate Request The following table describes the labels in this screen. Table 92 Create Certificate Request LABEL DESCRIPTION Certificate Type up to 63 ASCII characters (not including spaces) to identify this certificate. Name Common Name Select Auto to have the VMG configure this field automatically.
Chapter 21 Certificates Figure 125 Certificate Request: View The following table describes the fields in this screen. Table 93 Certificate Request: View LABEL DESCRIPTION Name This field displays the identifying name of this certificate. Type This field displays general information about the certificate. ca means that a Certification Authority signed the certificate.
Chapter 21 Certificates Figure 126 Security > Certificates > Trusted CA The following table describes the fields in this screen. Table 94 Security > Certificates > Trusted CA LABEL DESCRIPTION Import Click this button to open a screen where you can save the certificate of a certification authority Certificate that you trust to the VMG.
Chapter 21 Certificates Figure 127 Trusted CA: View The following table describes the fields in this screen. Table 95 Trusted CA: View LABEL DESCRIPTION Name This field displays the identifying name of this certificate. This read-only text box displays the certificate in Privacy Enhanced Mail (PEM) format. PEM uses base 64 to convert the binary certificate into a printable form.
Page 232
Chapter 21 Certificates Figure 128 Trusted CA: Import Certificate The following table describes the fields in this screen. Table 96 Trusted CA: Import Certificate LABEL DESCRIPTION Certificate File Type in the location of the certificate you want to upload in this field or click Choose File to find Path Apply Click Apply to save your changes.
H A P T E R 22.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the VMG log and then display the logs or have the VMG send them to an administrator (as e-mail) or to a syslog server.
Chapter 22 Log Table 97 Syslog Severity Levels CODE SEVERITY Notice: There is a normal but significant condition on the system. Informational: The syslog contains an informational message. Debug: The message is intended for debug-level purposes. 22.2 The System Log Screen Use the System Log screen to see the system logs.
Chapter 22 Log 22.3 The Security Log Screen Use the Security Log screen to see the security-related logs for the categories that you select. Click System Monitor > Log > Security Log to open the following screen. Figure 130 System Monitor > Log > Security Log The following table describes the fields in this screen.
H A P T E R Traffic Status 23.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN, LAN interfaces and NAT. 23.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 23.2 on page 236).
Chapter 23 Traffic Status The following table describes the fields in this screen. Table 100 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Connected This shows the name of the WAN interface that is currently connected. Interface Packets Sent Data This indicates the number of transmitted packets on this interface.
Chapter 23 Traffic Status Figure 132 System Monitor > Traffic Status > LAN The following table describes the fields in this screen. Table 101 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Interface This shows the LAN or WLAN interface.
Page 239
Chapter 23 Traffic Status Figure 133 System Monitor > Traffic Status > NAT The following table describes the fields in this screen. Table 102 System Monitor > Traffic Status > NAT LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Device Name This displays the name of the connected host.
H A P T E R ARP Table 24.1 Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Chapter 24 ARP Table 24.2 ARP Table Screen Use the ARP table to view IP-to-MAC address mapping(s). To open this screen, click System Monitor > ARP Table. Figure 134 System Monitor > ARP Table The following table describes the labels in this screen. Table 103 System Monitor >...
H A P T E R Routing Table 25.1 Overview Routing is based on the destination address only and the VMG takes the shortest path to forward a packet. 25.2 The Routing Table Screen Click System Monitor > Routing Table to open the following screen. Figure 135 System Monitor >...
Page 243
Chapter 25 Routing Table The following table describes the labels in this screen. Table 104 System Monitor > Routing Table LABEL DESCRIPTION IPv4/IPv6 Routing Table Destination This indicates the destination IPv4 address or IPv6 address and prefix of this route. Gateway This indicates the IPv4 address or IPv6 address of the gateway that helps forward this route’s traffic.
H A P T E R Multicast Status 26.1 Overview Use the Multicast Status screens to look at IGMP/MLD group status and traffic statistics. 26.2 The IGMP Status Screen Use this screen to look at the current list of multicast groups the VMG has joined and which ports have joined it.
Chapter 26 Multicast Status 26.3 The MLD Status Screen Use this screen to look at the current list of multicast groups the VMG has joined and which ports have joined it. To open this screen, click System Monitor > Multicast Status > MLD Status. Figure 137 System Monitor >...
H A P T E R xDSL Statistics 27.1 The xDSL Statistics Screen Use this screen to view detailed DSL statistics. Click System Monitor > xDSL Statistics to open the following screen. Figure 138 System Monitor > xDSL Statistics The following table describes the labels in this screen. Table 107 Status >...
Page 247
Chapter 27 xDSL Statistics Table 107 Status > xDSL Statistics (continued) LABEL DESCRIPTION xDSL Port Details Upstream These are the statistics for the traffic direction going out from the port to the service provider. Downstream These are the statistics for the traffic direction coming into the port from the service provider. Line Rate These are the data transfer rates at which the port is sending and receiving data.
Chapter 28 WLAN Station Status H A P T E R WLAN Station Status 28.1 Overview Click the System Monitor > WLAN Station Status to open the following screen. View the wireless stations that are currently associated to the VMG. Being associated means that a wireless client (for example, your network or computer with a wireless network card) has connected successfully to the AP (or wireless router) using the same SSID, channel and security settings.
Page 249
Table 108 System Monitor > WLAN Station Status LABEL DESCRIPTION SNR (Signal-to-Noise Ratio) measures the strength of the wireless LAN signal and the background noise on the line. The greater the number, the better the quality of the wireless LAN. The normal range is 15 to 40.
Chapter 29 Cellular Statistics H A P T E R Cellular Statistics 29.1 Overview Use the Cellular Statistics screens to look at Cellular Internet connection status. 29.2 The Cellular Statistics Screen To open this screen, click System Monitor > Cellular Statistics. The Cellular status is available on this screen only when you insert a compatible Cellular dongle in a USB port on the VMG.
Page 251
Chapter 29 Cellular Statistics The following table describes the labels in this screen. Table 109 System Monitor > Cellular Statistics LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Select No Refresh to stop refreshing. Cellular Status This field displays the status of the Cellular Internet connection.
H A P T E R System 30.1 Overview In the System screen, you can name your VMG (Host) and give it an associated domain name for identification purposes. 30.2 The System Screen Click Maintenance > System to open the following screen. Figure 141 Maintenance >...
H A P T E R User Account 31.1 Overview In the User Account screen, you can view the settings of the “admin” and other user accounts that you used to log in the VMG. 31.2 The User Account Screen Click Maintenance >...
Chapter 31 User Account 31.2.1 The User Account Add/Edit Screen Click Add New Account or the Edit icon of an existing account in the Maintenance > User Account to open the following screen. Figure 143 Maintenance > User Account > Add/Edit The following table describes the labels in this screen.
H A P T E R Remote Management 32.1 Overview Remote management controls through which interface(s), which services can access the VMG. Note: The VMG is managed using the Web Configurator. 32.2 The Remote MGMT Screen Use this screen to configure through which interface(s), which services can access the VMG. You can also specify the port numbers the services must use to connect to the VMG.
Chapter 32 Remote Management The following table describes the fields in this screen. Table 113 Maintenance > Remote MGMT LABEL DESCRIPTION WAN Interface Select Any_WAN to have the VMG automatically activate the remote management service used for services when any WAN connection is up. Select Multi_WAN and then select one or more WAN connections to have the VMG activate the remote management service when the selected WAN connections are up.
Chapter 32 Remote Management Table 114 Maintenance > Remote MGMT > Trust Domain (continued) LABEL DESCRIPTION IP Address This field shows a trusted host IP address. Delete Click the Delete icon to remove the trust IP address. 32.4 The Add Trust Domain Screen Use this screen to configure a public IP address which is allowed to access the VMG.
H A P T E R SNMP 33.1 Overview This chapter explains how to configure the SNMP settings on the VMG. 33.2 The SNMP Screen Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Your VMG supports SNMP agent functionality, which allows a manager station to manage and monitor the VMG through the network.
Page 259
Chapter 33 SNMP SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: • Get - Allows the manager to retrieve an object variable from the agent. •...
H A P T E R Time Settings 34.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 34.2 The Time Screen To change your VMG’s time and date, click Maintenance > Time. The screen appears as shown. Use this screen to configure the VMG’s time based on your local time zone.
Page 261
Chapter 34 Time Settings The following table describes the fields in this screen. Table 117 Maintenance > Time LABEL DESCRIPTION Current Date/Time Current Time This field displays the time of your VMG. Each time you reload this page, the VMG synchronizes the time with the time server. Current Date This field displays the date of your VMG.
H A P T E R E-mail Notification 35.1 Overview A mail server is an application or a computer that runs such an application to receive, forward and deliver e-mail messages. To have the VMG send reports, logs or notifications via e-mail, you must specify an e-mail server and the e-mail addresses of the sender and receiver.
Chapter 35 E-mail Notification 35.2.1 Email Notification Edit Click the Add button in the Email Notification screen. Use this screen to configure the required information for sending e-mail via a mail server. Figure 151 Email Notification > Add The following table describes the labels in this screen. Table 119 Email Notification >...
H A P T E R Log Setting 36.1 Overview You can configure where the VMG sends logs and which logs and/or immediate alerts the VMG records in the Logs Setting screen. 36.2 The Log Settings Screen To change your VMG’s log settings, click Maintenance > Logs Setting. The screen appears as shown. Figure 152 Maintenance >...
Chapter 36 Log Setting The following table describes the fields in this screen. Table 120 Maintenance > Logs Setting LABEL DESCRIPTION Syslog Setting Syslog Logging The VMG sends a log to an external syslog server. Select Enable to enable syslog logging. Mode Select the syslog destination from the drop-down list box.
H A P T E R Firmware Upgrade 37.1 Overview This chapter explains how to upload new firmware to your VMG. You can download new firmware releases from your nearest Zyxel FTP site (or www.zyxel.com) to use to upgrade your device’s performance.
Page 268
Chapter 37 Firmware Upgrade The following table describes the labels in this screen. After you see the firmware updating screen, wait two minutes before logging into the VMG again. Table 121 Maintenance > Firmware Upgrade LABEL DESCRIPTION Upgrade Firmware Restore Click the check box to have the VMG automatically reset itself after the new firmware is Default uploaded.
H A P T E R Backup Restore 38.1 Overview The Backup Restore screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 38.2 The Backup Restore Screen Click Maintenance > Backup Restore. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Page 271
Chapter 38 Backup Restore Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your VMG. Table 122 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Choose File to find it. Choose File Click this to find the file you want to upload.
Chapter 38 Backup Restore Figure 161 Reset Warning Message Figure 162 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your VMG. Refer to Section 1.4.6 on page 25 for more information on the RESET button.
H A P T E R Diagnostic 39.1 Overview The Diagnostic screens display information to help you identify problems with the VMG. The route between a CO VDSL switch and one of its CPE may go through switches owned by independent organizations.
Chapter 39 Diagnostic 39.3 Ping & TraceRoute & NsLookup Use this screen to ping, traceroute, or nslookup an IP address. Click Maintenance > Diagnostic > Ping&TraceRoute&NsLookup to open the screen shown next. Figure 164 Maintenance > Diagnostic > Ping &TraceRoute&NsLookup The following table describes the fields in this screen.
Page 275
Chapter 39 Diagnostic Figure 165 Maintenance > Diagnostic > 802.1ag The following table describes the fields in this screen. Table 124 Maintenance > Diagnostic > 802.1ag LABEL DESCRIPTION 802.1ag Connectivity Fault Management IEEE 802.1ag Select Enable or Disable to activate or deactivate the IEEE802.1ag CFM (Connectivity Fault Management) specification, which allows network administrators to identify manage connection faults.
Page 276
Chapter 39 Diagnostic Table 124 Maintenance > Diagnostic > 802.1ag (continued) LABEL DESCRIPTION Select Enable to continue sending MEP information by CCM (Connectivity Check Messages). When CCMs are received the VMG will always process it, no matter if CCM is enabled or not. Remote MEP ID Enter the remote Maintenance Endpoint Identifier (1~8191).
Chapter 39 Diagnostic The following table describes the labels in this screen. Table 125 Maintenance > Diagnostics > 802.3ah LABEL DESCRIPTION IEEE 802.3ah Ethernet OAM Select Enable or Disable to activate or deactivate the Ethernet OAM on the specified interface. Interface Select the interface on which you want to enable the IEEE802.3ah.
Page 278
Chapter 39 Diagnostic Figure 167 Virtual Circuit Topology Think of a virtual path as a cable that contains a bundle of wires. The cable connects two points and wires within the cable provide individual circuits between the two points. In an ATM cell header, a VPI (Virtual Path Identifier) identifies a link formed by a virtual path;...
Page 279
Chapter 39 Diagnostic Figure 168 Maintenance > Diagnostic > OAM Ping The following table describes the fields in this screen. Table 126 Maintenance > Diagnostic > OAM Ping LABEL DESCRIPTION Select a PVC on which you want to perform the loopback test. F4 segment Press this to perform an OAM F4 segment loopback test.
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • VMG Access and Login • Internet Access •...
Chapter 40 Troubleshooting If the problem continues, contact the vendor. 40.2 VMG Access and Login I forgot the IP address for the VMG. The default LAN IP address is 192.168.1.1. If you changed the IP address and have forgotten it, you might get the IP address of the VMG by looking up the IP address of the default gateway for your computer.
Chapter 40 Troubleshooting If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Make sure you have logged out of any earlier management sessions using the same user account even if they were through a different interface or using a different browser. •...
Page 283
Chapter 40 Troubleshooting Make sure you entered your ISP account information correctly in the Network Setting > Broadband screen. These fields are case-sensitive, so make sure [Caps Lock] is not on. If you are trying to access the Internet wirelessly, make sure that you enabled the wireless LAN in the VMG and your wireless client and that the wireless settings in the wireless client are the same as the settings in the VMG.
Chapter 40 Troubleshooting If you set up a WAN connection using bridging service, make sure you turn off the DHCP feature in the LAN screen to have the clients get WAN IP addresses directly from your ISP’s DHCP server. I cannot connect to the Internet using a cellular connection. The DSL and Ethernet connections have priority in that order.
Chapter 40 Troubleshooting • Place the AP where there are minimum obstacles (such as walls and ceilings) between the AP and the wireless client. • Reduce the number of wireless clients connecting to the same AP simultaneously, or add additional APs if necessary.
Page 286
Chapter 40 Troubleshooting The Local Area Connection icon for UPnP disappears in the screen. Restart your computer. VMG3925-B10C/B30C User’s Guide...
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • Zyxel Communications Corporation • http://www.zyxel.com Asia China • Zyxel Communications (Shanghai) Corp. Zyxel Communications (Beijing) Corp. Zyxel Communications (Tianjin) Corp. • http://www.zyxel.cn India • Zyxel Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
Page 290
Appendix A Customer Support Belgium • Zyxel Communications B.V. • http://www.zyxel.com/be/nl/ • http://www.zyxel.com/be/fr/ Bulgaria • Zyxel България • http://www.zyxel.com/bg/bg/ Czech Republic • Zyxel Communications Czech s.r.o • http://www.zyxel.cz Denmark • Zyxel Communications A/S • http://www.zyxel.dk Estonia • Zyxel Estonia • http://www.zyxel.com/ee/et/ Finland •...
Page 291
• Zyxel Communications Poland • http://www.zyxel.pl Romania • Zyxel Romania • http://www.zyxel.com/ro/ro Russia • Zyxel Russia • http://www.zyxel.ru Slovakia • Zyxel Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • Zyxel Communications ES Ltd • http://www.zyxel.es Sweden • Zyxel Communications • http://www.zyxel.se Switzerland •...
Page 292
Appendix A Customer Support • http://www.zyxel.ch/ Turkey • Zyxel Turkey A.S. • http://www.zyxel.com.tr • Zyxel Communications UK Ltd. • http://www.zyxel.co.uk Ukraine • Zyxel Ukraine • http://www.ua.zyxel.com Latin America Argentina • Zyxel Communication Corporation • http://www.zyxel.com/ec/es/ Brazil • Zyxel Communications Brasil Ltda.
Page 293
Appendix A Customer Support North America • Zyxel Communications, Inc. - North America Headquarters • http://www.zyxel.com/us/en/ Oceania Australia • Zyxel Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za VMG3925-B10C/B30C User’s Guide...
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C).
Page 295
Appendix B Wireless LANs Figure 170 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).
Page 296
Appendix B Wireless LANs Figure 171 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference.
Page 297
Appendix B Wireless LANs Figure 172 RTS/CTS Note: Stations cannot hear each other. They can hear the AP. When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 298
Appendix B Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard.
Page 299
Appendix B Wireless LANs • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients.
Page 300
Appendix B Wireless LANs In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.
Page 301
Appendix B Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 302
Appendix B Wireless LANs wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not.
Page 303
Appendix B Wireless LANs Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again.
Page 304
Appendix B Wireless LANs WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). The AP checks each wireless client's password and allows it to join the network only if the password matches.
Page 305
Appendix B Wireless LANs Table 130 Wireless Security Relational Matrix (continued) AUTHENTICATION METHOD/ ENCRYPTION ENTER MANUAL KEY MANAGEMENT IEEE 802.1X METHOD PROTOCOL WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air.
Page 306
Appendix B Wireless LANs • Directional antennas concentrate the RF signal in a beam, like a flashlight does with the light from its bulb. The angle of the beam determines the width of the coverage pattern. Angles typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for hallways and outdoor point-to-point applications.
P P E N D I X IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 IP addresses.
Page 308
Appendix C IPv6 Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address. It is similar to “0.0.0.0” in IPv4. Loopback Address A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to “127.0.0.1” in IPv4.
Page 309
Appendix C IPv6 Table 133 Reserved Multicast Address (continued) MULTICAST ADDRESS FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
Page 310
Appendix C IPv6 does not respond, the client sends a Rebind message to any available server (S2). For an IA_TA, the client may send a Renew or Rebind message at the client's discretion. Renew Renew Renew Rebind to S1 to S1 to S1 to S2 Renew...
Page 311
Appendix C IPv6 • Router solicitation: A request from a host to locate a router that can act as the default router and forward packets. • Router advertisement: A response to a router solicitation or a periodical multicast advertisement from a router to advertise its presence and other parameters.
Page 312
Appendix C IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses.
Page 313
Appendix C IPv6 Click Start and then OK. Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer.
Page 314
Appendix C IPv6 Click Close to exit the Local Area Connection Status screen. Select Start > All Programs > Accessories > Command Prompt. Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:...
P P E N D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.
Page 316
Appendix D Services Table 134 Examples of Services NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined The IPSEC AH (Authentication Header) tunneling protocol uses this service. 5190 AOL’s Internet Messenger service. AUTH Authentication protocol used by some servers. Border Gateway Protocol. BOOTP_CLIENT DHCP Client.
Page 317
Appendix D Services Table 134 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments. NNTP Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.
Page 318
Appendix D Services Table 134 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TACACS Login Host Protocol used for (Terminal Access Controller Access Control System). TELNET Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks.
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of Zyxel Communications Corporation. Published by Zyxel Communications Corporation. All rights reserved.
Page 320
Appendix E Legal Information Industry Canada RSS-GEN & RSS-247 statement • This device complies with Industry Canada license-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device.
Page 321
Appendix E Legal Information • the 5,470 MHz to 5,725 MHz is 939.72 mW. Български С настоящото Zyxel декларира, че това оборудване е в съответствие със съществените изисквания и другите (Bulgarian) приложими разпоредбите на Директива 2014/53/ЕC. National Restrictions • The Belgian Institute for Postal Services and Telecommunications (BIPT) must be notified of any outdoor wireless link having a range exceeding 300 meters.
Page 322
Appendix E Legal Information Română Prin prezenta, Zyxel declară că acest echipament este în conformitate cu cerinţele esenţiale şi alte prevederi relevante ale (Romanian) Directivei 2014/53/UE. Slovenčina Zyxel týmto vyhlasuje, že zariadenia spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 2014/53/EÚ. (Slovak) Slovenščina Zyxel izjavlja, da je ta oprema v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 2014/53/EU.
Page 323
Appendix E Legal Information • CAUTION: Risk of explosion if battery is replaced by an incorrect type, dispose of used batteries according to the instruction. Dispose them at the applicable collection point for the recycling of electrical and electronic devices. For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product.
Page 325
Appendix E Legal Information Explanation of the Symbols SYMBOL EXPLANATION Alternating current (AC): AC is an electric current in which the flow of electric charge periodically reverses direction. Direct current (DC): DC if the unidirectional flow or movement of electric charge carriers. Earth;...
Index Index ACL rule 226, 300 activation Canonical Format Indicator See CFI firewalls CCMs media server certificate SIP ALG factory default SSID Certificate Authority Address Resolution Protocol See CA. administrator password certificates antenna authentication directional gain creating omni-directional public key AP (access point) replacing storage space...
Page 327
Index copyright e-mail log example Encapsulation CoS technologies creating certificates PPP over Ethernet CTS (Clear to Send) encapsulation CTS threshold 111, 117 RFC 1483 customer support encryption 119, 302 Extended Service Set IDentification 102, 106 Extended Service Set, See ESS data fragment threshold 111, 117 DDoS...
Page 328
Index iTunes server IBSS ICMPv6 IEEE 802.11g IEEE 802.1Q client list DHCP 129, 142 IGMP 129, 142 multicast group list 192, 244, 245 IP address 129, 130, 143 version MAC address IGMP Fast Leave status IGMPv2 subnet mask 129, 130, 143 IGMPv3 LAN to LAN multicast LAND attack...
Page 329
Index passwords media server activation Peak Cell Rate (PCR) iTunes server Per-Hop Behavior, see PHB PIN, WPS MLDv1 example MLDv2 Ping of Death MTU (Multi-Tenant Unit) Point-to-Point Tunneling Protocol, see PPTP multicast POP3 Multicast Listener Discovery, see MLD port forwarding Multiple BSS, see MBSSID ports multiplexing...
Page 330
Index restoring configuration activation MBSSID RFC 1058. See RIP. static route RFC 1389. See RIP. 145, 151, 262 configuration 146, 148, 189 RFC 1483 example RFC 3164 static VLAN status router features firmware version Routing Information Protocol. See RIP RTS (Request To Send) threshold 296, 297 wireless LAN...
Page 331
Index example channel unicast encryption Universal Plug and Play, see UPnP example upgrading firmware fragmentation threshold 111, 117 UPnP limitations cautions MAC address filter NAT traversal MBSSID USB features preamble 112, 117 RADIUS server RTS/CTS threshold 111, 117 security SSID activation Vendor ID status...
Page 332
Index 121, 123 example limitations example push button 24, 121 ZyXEL Family Safety page VMG3925-B10C/B30C User’s Guide...