Page 1 User’s Guide VMG3925-B10C/B30C Dual-Band Wireless AC/N VDSL2 Combo WAN Gateway Default Login Details Version 5.13 Edition 1, 03/2018 LAN IP Address http://192.168.1.1 User Name admin Password See the device label Copyright © 2018 Zyxel Communications Corporation...
Page 2 IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system.
Page 3: Document Conventions
Document Conventions Warnings and Notes These are how warnings and notes are shown in this guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Page 4: Table Of Contents
Contents Overview Contents Overview User’s Guide ............................16 Introducing the VMG ........................... 17 The Web Configurator ......................... 26 Quick Start ............................. 33 Tutorials ..............................35 Technical Reference ........................69 Network Map and Status Screens ...................... 70 Broadband ............................75 Wireless ..............................99 Home Networking ..........................
Page 5 Contents Overview Log Setting ............................264 Firmware Upgrade ..........................267 Backup Restore ........................... 270 Diagnostic ............................273 Troubleshooting ..........................280 Appendices .............................287 VMG3925-B10C/B30C User’s Guide...
Page 6: Table Of Contents
Table of Contents Table of Contents Document Conventions ........................3 Contents Overview ..........................4 Table of Contents ..........................6 Part I: User’s Guide..................16 Chapter 1 Introducing the VMG .........................17 1.1 Overview ............................17 1.1.1 Internet Access ........................17 1.1.2 Wireless Access ........................18 1.1.3 VMG’s USB Support .......................
Page 7 Table of Contents 4.1 Overview ............................35 4.2 Setting Up an ADSL PPPoE Connection ..................35 4.3 Setting Up a Secure Wireless Network ..................38 4.3.1 Configuring the Wireless Network Settings ................. 38 4.3.2 Using WPS ..........................40 4.3.3 Connecting to the VMG’s Wi-Fi Network Manually (No WPS) ......... 43 4.3.4 Configuring Wireless Security on the VMG .................
Page 8 Table of Contents 6.3 The Cellular Backup Screen ......................87 6.4 The Advanced Screen ........................92 6.5 Technical Reference ........................94 Chapter 7 Wireless ...............................99 7.1 Overview ............................99 7.1.1 What You Can Do in this Chapter ..................99 7.1.2 What You Need to Know ..................... 99 7.2 The General Screen ........................
Page 9 Table of Contents 8.7 The Wake on LAN Screen ......................140 8.8 The TFTP Server Name Screen ..................... 141 8.9 Technical Reference ........................141 8.9.1 LANs, WANs and the VMG ....................142 8.9.2 DHCP Setup ......................... 142 8.9.3 DNS Server Addresses ......................142 8.9.4 LAN TCP/IP ...........................
Page 10 Table of Contents 11.3 The Applications Screen ......................175 11.3.1 Add New Application ....................... 176 11.4 The Port Triggering Screen ......................177 11.4.1 Add/Edit Port Triggering Rule ..................178 11.5 The DMZ Screen .......................... 179 11.6 The ALG Screen .......................... 180 11.7 The Address Mapping Screen ....................
Page 11 Table of Contents 15.2.2 Interface Grouping Criteria .................... 201 Chapter 16 USB Service ............................203 16.1 Overview ............................. 203 16.1.1 What You Can Do in this Chapter ................... 203 16.1.2 What You Need To Know ....................203 16.1.3 Before You Begin ....................... 204 16.2 The File Sharing Screen ......................
Page 12 Table of Contents 21.1 Overview ............................. 226 21.1.1 What You Can Do in this Chapter ................... 226 21.2 What You Need to Know ......................226 21.3 The Local Certificates Screen ....................226 21.3.1 Create Certificate Request .................... 227 21.3.2 View Certificate Request ....................228 21.4 The Trusted CA Screen .......................
Page 13 Table of Contents Chapter 27 xDSL Statistics ...........................246 27.1 The xDSL Statistics Screen ......................246 Chapter 28 WLAN Station Status .........................248 28.1 Overview ............................. 248 Chapter 29 Cellular Statistics ..........................250 29.1 Overview ............................. 250 29.2 The Cellular Statistics Screen ..................... 250 Chapter 30 System...............................252 30.1 Overview .............................
Page 14 Table of Contents 35.1 Overview ..........................262 35.2 The Email Notification Screen ....................262 35.2.1 Email Notification Edit ..................... 263 Chapter 36 Log Setting ............................264 36.1 Overview ............................ 264 36.2 The Log Settings Screen ......................264 36.2.1 Example E-mail Log ......................265 Chapter 37 Firmware Upgrade ...........................267 37.1 Overview .............................
Page 15 Table of Contents Appendix A Customer Support ..................... 288 Appendix B Wireless LANs....................... 294 Appendix C IPv6..........................307 Appendix D Services ........................315 Appendix E Legal Information ....................... 319 Index ..............................326 VMG3925-B10C/B30C User’s Guide...
Page 16: User's Guide
User’s Guide...
Page 17: Introducing The Vmg
H A P T E R Introducing the VMG 1.1 Overview The VMG is a wireless VDSL router and Gigabit Ethernet gateway. Note: Cellular networks refer to 3G only at the time of writing. 1.1.1 Internet Access Your VMG has a DSL port and a Gigabit Ethernet port for super-fast Internet access. It provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack.
Page 18: Wireless Access
Chapter 1 Introducing the VMG You can also configure IP filtering on the VMG for secure Internet access. When the IP filter is on, all incoming traffic from the Internet to your network is blocked by default unless it is initiated from your network.
Page 19: Vmg's Usb Support
Chapter 1 Introducing the VMG Figure 3 Wireless Access Example 1.1.3 VMG’s USB Support The USB port of the VMG is used for cellular WAN backup, file-sharing and media server. Cellular WAN (3G) Backup Connect a supported cellular USB dongle with an active SIM card to the USB port. This adds a backup WAN interface and allows the VMG to wirelessly access the Internet via a cellular network.
Page 20: Ways To Manage The Vmg
Chapter 1 Introducing the VMG Figure 5 USB File Sharing Application Media Server You can also use the VMG as a media server. This lets anyone on your network play video, music, and photos from a USB device (B) connected to the VMG’s USB port (without having to copy them to another computer).
Page 21: Good Habits For Managing The Vmg
Chapter 1 Introducing the VMG 1.3 Good Habits for Managing the VMG Do the following things regularly to make the VMG more secure and to manage the VMG more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters.
Page 22 Chapter 1 Introducing the VMG Figure 8 LEDs on the VMG None of the LEDs are on if the VMG is not receiving power. Table 1 LED Descriptions COLOR STATUS DESCRIPTION Green The VMG is receiving power and ready for use. Blinking The VMG is self-testing.
Page 23: Side Panel
Chapter 1 Introducing the VMG Table 1 LED Descriptions (continued) COLOR STATUS DESCRIPTION Green The 5 GHz wireless network is activated. Blinking The VMG is communicating with 5 GHz wireless clients. 5G WLAN/ Amber Blinking The VMG is setting up a WPS connection with a 5 GHz wireless client. The 5 GHz wireless network is not activated.
Page 24: Using The Wlan And Wps Buttons
Chapter 1 Introducing the VMG Rear Panel Ports (continued) LABEL DESCRIPTION Press the WPS button for more than five seconds to quickly set up a secure wireless connection between the device and a WPS-compatible client. The USB port is used for file-sharing and media server. 1.4.4 Using the WLAN and WPS Buttons If the wireless network is turned off, press the WLAN button for more than two seconds.
Page 25: The Reset Button
Chapter 1 Introducing the VMG Figure 10 VMG3925-B10C/B30C Rear Panel The following table describes the items on the rear panel. Rear Panel Ports LABEL DESCRIPTION Connect a RJ-11 cable to the DSL port for Internet access. LAN1 ~ LAN4 Connect computers or other Ethernet devices to Ethernet ports for Internet access.
Page 26: The Web Configurator
H A P T E R The Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy setup and management via Internet browser. Use Internet Explorer 8.0 and later versions or Mozilla Firefox 3 and later versions or Safari 2.0 and later versions.
Page 27 Chapter 2 The Web Configurator Figure 12 Change Password Screen configure basic Internet access, and wireless settings. The Network Map page appears. Figure 13 Network Map Click Status to display the Status screen, where you can view the VMG’s interface and system information.
Page 28: Web Configurator Layout
Chapter 2 The Web Configurator 2.2 Web Configurator Layout Figure 14 Screen Layout As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar provides some icons in the upper right corner.
Page 29: Navigation Panel
Chapter 2 The Web Configurator 2.2.2 Navigation Panel Use the menu items on the navigation panel to open screens to configure VMG features. The following tables describe each menu item. Table 3 Navigation Panel Summary LINK FUNCTION Connection Status This screen shows the network status of the VMG and computers/devices connected to it.
Page 30 Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK FUNCTION General Use this screen to enable QoS and traffic prioritizing. You can also configure the QoS rules and actions. Queue Setup Use this screen to configure QoS queues. Classification Use this screen to define a classifier.
Page 31 Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK FUNCTION System Log Use this screen to view the status of events that occurred to the VMG. You can export or e-mail the logs. Security Log Use this screen to view all security related events. You can select level and category of the security events in their proper drop-down list window.
Page 32 Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK FUNCTION Firmware Firmware Use this screen to upload firmware to your VMG. Upgrade Upgrade Backup/Restore Backup/Restore Use this screen to backup and restore your VMG’s configuration (settings) or reset the factory default settings. Reboot Reboot Use this screen to reboot the VMG without turning the power off.
Page 33: Quick Start
H A P T E R Quick Start 3.1 Overview Use the Quick Start screens to configure the VMG’s time zone, basic Internet access, and wireless settings. Note: See the technical reference chapters (starting on Chapter 4 on page 35) for background information on the features in this chapter.
Page 34 Chapter 3 Quick Start Figure 16 Quick Start - Internet Connection Turn the wireless LAN on or off. If you keep it on, record the security settings so you can configure your wireless clients to connect to the VMG. Click Save. Figure 17 Quick Start - Wireless Your VMG saves your settings and attempts to connect to the Internet.
Page 35: Tutorials
H A P T E R Tutorials 4.1 Overview This chapter shows you how to use the VMG’s various features. • Setting Up an ADSL PPPoE Connection, see page 35 • Setting Up a Secure Wireless Network, see page 38 •...
Page 36 Chapter 4 Tutorials In this example, the DSL connection has the following information. General Name MyDSLConnection Type ADSL Connection Mode Routing Encapsulation PPPoE IPv6/IPv4 Mode IPv4 ATM PVC Configuration VPI/VCI 36/48 Encapsulation Mode LLC/SNAP-Bridging Service Category UBR without PCR Account Information PPP User Name 1234@DSL-Ex.com PPP Password...
Page 37 Chapter 4 Tutorials You should see a summary of your new DSL connection setup in the Broadband screen as follows. VMG3925-B10C/B30C User’s Guide...
Page 38: Setting Up A Secure Wireless Network
Chapter 4 Tutorials Try to connect to a website to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens. 4.3 Setting Up a Secure Wireless Network Thomas wants to set up a wireless network so that he can use his notebook to access the Internet.
Page 39 Chapter 4 Tutorials Click Network Setting > Wireless to open the General screen. Select More Secure as the security level and WPA2-PSK as the security mode. Configure the screen using the provided parameters (see page 38). Click Apply. Go to the Wireless > Others screen and select 802.11b/g/n Mixed in the 802.11 Mode field. Click Apply. VMG3925-B10C/B30C User’s Guide...
Page 40: Using Wps
Chapter 4 Tutorials Thomas can now use the WPS feature to establish a wireless connection between his notebook and the VMG (see Section 4.3.2 on page 40). He can also use the notebook’s wireless client to search for the VMG (see Section 4.3.3 on page 43).
Page 41 Chapter 4 Tutorials Example WPS Process: PBC Method Wireless Client WITHIN 2 MINUTES Press and hold for more than 5 seconds SECURITY INFO COMMUNICATION PIN Configuration When you use the PIN configuration method, you need to check the client’s PIN number and the VMG’s web configurator.
Page 42 Chapter 4 Tutorials Enter the client’s PIN number to the PIN field in the Network Setting > Wireless > WPS screen on the VMG. Click the Register button on the VMG’s WPS screen within two minutes. The VMG authenticates the wireless client and sends the proper configuration settings to the wireless client.
Page 43: Connecting To The Vmg's Wi-Fi Network Manually (No Wps)
Chapter 4 Tutorials Example WPS Process: PIN Method Wireless Client Enter WPS PIN from other device: Register WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION 4.3.3 Connecting to the VMG’s Wi-Fi Network Manually (No WPS) In this example, we change the VMG’s wireless settings, and then manually select the VMG’s new SSID and enter the Wi-Fi key to connect a wireless client to the VMG.
Page 44: Configuring Wireless Security On The Vmg
Chapter 4 Tutorials 4.3.4 Configuring Wireless Security on the VMG This section shows you how to configure wireless security settings with the following parameters on your VMG. Frequency Band 2.4 GHz SSID SSID_Example Channel Auto Security WPA2-PSK (Pre-Shared Key: ThisismyWPA-PSKpre-sharedkey) Follow the steps below to configure the wireless settings on your VMG.
Page 45 Chapter 4 Tutorials Set security mode to WPA2-PSK and enter ThisismyWPA-PSKpre-sharedkey in the Pre-Shared Key field. Click Apply. VMG3925-B10C/B30C User’s Guide...
Page 46: Configure Your Notebook
Chapter 4 Tutorials Open the Status screen. Verify your wireless and wireless security settings under Device Information and check if the WLAN connection is up under Interface Status. 4.3.5 Configure Your Notebook Note: In this example, we use a Windows 7 laptop that has a built-in wireless adapter as the wireless client.
Page 47 Chapter 4 Tutorials Select SSID_Example and click Connect. The following screen displays if WPS is enabled on the VMG but you didn’t press the WPS button. Click Connect using as security key instead. Type the security key in the following screen. Click OK. VMG3925-B10C/B30C User’s Guide...
Page 48: Setting Up Multiple Wireless Groups
Chapter 4 Tutorials Check the status of your wireless connection in the screen below. If the wireless client keeps trying to connect to or acquiring an IP address from the VMG, make sure you entered the correct security key. If the connection has limited or no connectivity, make sure the VMG is connected to a router with the DHCP server enabled.
Page 49 Chapter 4 Tutorials • Employees in Company A will use a general Company wireless network group. • Higher management level and important visitors will use the VIP group. • Visiting guests will use the Guest group, which has a different SSID and password. Company A will use the following parameters to set up the wireless network groups.
Page 50 Chapter 4 Tutorials Click Network Setting > Wireless > Guest/More AP to open the following screen. Click the Edit icon to configure the second wireless network group. VMG3925-B10C/B30C User’s Guide...
Page 51 Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. In the Guest/More AP screen, click the Edit icon to configure the third wireless network group. Configure the screen using the provided parameters and click Apply. VMG3925-B10C/B30C User’s Guide...
Page 52 Chapter 4 Tutorials Check the status of VIP and Guest in the Guest/More AP screen. The yellow bulbs signify that the SSIDs are active and ready for wireless access. VMG3925-B10C/B30C User’s Guide...
Page 53: Using The File Sharing Feature
Chapter 4 Tutorials 4.5 Using the File Sharing Feature In this section you can: • Set up file sharing of your USB device from the VMG. • Access the shared files of your USB device from a computer. 4.5.1 Set Up File Sharing To set up file sharing you need to connect your USB device, enable file sharing and set up your share(s).
Page 54 Chapter 4 Tutorials If the share names include spaces and the following special characters listed in the brackets ["`<>^$|&;\/:*?'], the following screen will appear. To avoid this, please correct your share names in the USB, and repeat the steps above. It’s mandatory for you to add a description for the share.
Page 55: Access Your Shared Files From A Computer
Chapter 4 Tutorials If you want specific users only to access the shares, you need to Add New Users in Account Management. Once you click the Add New User button, you’ll be directed to the User Account screen. To create a user account that can access the secured shares on the USB device, click the Add New Account button in the Network Setting >...
Page 56: Using The Media Server Feature
Chapter 4 Tutorials 4.6 Using the Media Server Feature Use the media server feature to play files on a computer or on your television (using DMA-2500). This section shows you how the media server feature works using the following media clients: •...
Page 57 Chapter 4 Tutorials If you cannot see the VMG in the left panel as shown above, go to Organize > Manage Libraries > Music/Videos/Pictures/Recorded TV > Add > \\192.168.1.1\BobShare. (Select the folder containing the media you wish to upload to Windows Media Player.) In the right panel, you should see a list of files available in the USB storage device.
Page 58: Using A Digital Media Adapter
Chapter 4 Tutorials 4.6.3 Using a Digital Media Adapter This section shows you how you can use the VMG with a Zyxel DMA-2500 to play media files stored in the USB storage device in your TV screen. Note: For this tutorial, your DMA-2500 should already be set up with the TV according to the instructions in the DMA-2500 Quick Start Guide.
Page 59: Configuring Static Route For Routing To Another Network
Chapter 4 Tutorials The screen shows you the list of available media files in the USB storage device. Select the file you want to open and push the Play button in the remote control. 4.7 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the VMG’s LAN.
Page 60 Chapter 4 Tutorials You need to specify a static routing rule on the VMG to specify R as the router in charge of forwarding traffic to N2. In this case, the VMG routes traffic from A to R and then R routes the traffic to B. This tutorial uses the following example IP settings: Table 4 IP Settings in this Tutorial DEVICE / COMPUTER...
Page 61 Chapter 4 Tutorials To configure a static route to route traffic from N1 to N2: Log into the VMG’s Web Configurator in advanced mode. Click Network Setting > Routing. Click Add new Static Route in the Static Route screen. Configure the Static Route Setup screen using the following settings: Select the Active check box.
Page 62: Configuring Qos Queue And Class Setup
Chapter 4 Tutorials 4.8 Configuring QoS Queue and Class Setup This section contains tutorials on how you can configure the QoS screen. Let’s say you are a team leader of a small sales branch office. You want to prioritize e-mail traffic because your task includes sending urgent updates to clients at least twice every hour.
Page 63 Chapter 4 Tutorials Click Queue Setup > Add new Queue to create a new queue. In the screen that opens, check Active and enter or select the following values: • Name: E-mail • Interface: WAN • Priority: 1 (High) • Weight: 8 •...
Page 64 Chapter 4 Tutorials Tutorial: Advanced > QoS > Class Setup Class Name Give a class name to this traffic, such as E-mail in this example. From Interface This is the interface from which the traffic will be coming from. Select LAN1 for this example. Ether Type Select IP to identify the traffic source by its IP address or MAC address.
Page 65: Access The Vmg Using Ddns
Chapter 4 Tutorials This maps e-mail traffic coming from port 25 to the highest priority, which you have created in the previous screen (see the IP Protocol field). This also maps your computer’s IP address and MAC address to the E-mail queue (see the Source fields). Verify that the queue setup works by checking Network Setting >...
Page 66: Configuring Ddns On Your Vmg
Chapter 4 Tutorials 4.9.2 Configuring DDNS on Your VMG Configure the following settings in the Network Setting > DNS > Dynamic DNS screen. • Select Enable Dynamic DNS. • Select www.DynDNS.com as the service provider. • Type zyxelrouter.dyndns.org in the Host Name field. •...
Page 67 Chapter 4 Tutorials Click Security > MAC Filter to open the MAC Filter screen. Select the Enable check box to activate MAC filter function. Select Allow. Then enter the host name and MAC address of Thomas’ computer in this screen. Click Apply.
Page 68: Access Your Shared Files From A Computer
Chapter 4 Tutorials 4.11 Access Your Shared Files From a Computer Here is how to use an FTP program to access a file storage device connected to the VMG’s USB port. Note: This example uses the FileZilla FTP program to browse your shared files. In FileZilla enter the IP address of the VMG (the default is 192.168.1.1), your account’s user name and password and port 21 and click Quickconnect.
Page 69: Technical Reference
Technical Reference...
Page 70: Network Map And Status Screens
H A P T E R Network Map and Status Screens 5.1 Overview After you log into the Web Configurator, the Network Map screen appears. This shows the network connection status of the VMG and clients connected to it. You can use the Status screen to look at the current status of the VMG, system resources, and interfaces (LAN, WAN, and WLAN).
Page 71: The Status Screen
Chapter 5 Network Map and Status Screens If you want to view information about a client, click the client’s name and Info. Click the IP address if you want to change it. If you want to change the name or icon of the client, click Change name/icon. If you prefer to view the status in a list, click List View in the Viewing mode selection box.
Page 72 Chapter 5 Network Map and Status Screens Figure 20 Status Screen Each field is described in the following table. Table 5 Status Screen LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Device Information Host Name This field displays the VMG system name.
Page 73 Chapter 5 Network Map and Status Screens Table 5 Status Screen (continued) LABEL DESCRIPTION Secondary DNS This field displays the second DNS server address assigned by the ISP. server DHCP This field displays whether the WAN interface is using a DHCP IP address or a static IP address. Choices are: Client - The WAN interface can obtain an IP address from a DHCP server.
Page 74 Chapter 5 Network Map and Status Screens Table 5 Status Screen (continued) LABEL DESCRIPTION NAT Session This field displays what percentage of the VMG supported NAT sessions are currently being Usage used. This field also displays the number of active NAT sessions and the maximum number of NAT sessions the VMG can support.
Page 75: Broadband
H A P T E R Broadband 6.1 Overview This chapter discusses the VMG’s Broadband screens. Use these screens to configure your VMG for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Page 76: What You Need To Know
Chapter 6 Broadband Table 6 WAN Setup Overview LAYER-2 INTERFACE INTERNET CONNECTION CONNECTION DSL LINK TYPE MODE ENCAPSULATION CONNECTION SETTINGS ADSL over ATM Routing PPPoE/PPPoA ATM PVC configuration, PPP information, IPv4/IPv6 IP address, routing feature, DNS server, VLAN, QoS, and MTU IPoE/IPoA ATM PVC configuration, IPv4/IPv6 IP address, routing feature, DNS server,...
Page 77 Chapter 6 Broadband IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be written as 2001:db8:1a2b:15:0:0:1a2f:0.
Page 78: Before You Begin
Chapter 6 Broadband Figure 22 IPv6 Rapid Deployment Dual Stack Lite Use Dual Stack Lite when local network computers use IPv4 and the ISP has an IPv6 network. When the VMG has an IPv6 WAN address and you set IPv6/IPv4 Mode to IPv6 Only, you can enable Dual Stack Lite to use IPv4 computers and services.
Page 79: The Broadband Screen
Chapter 6 Broadband 6.2 The Broadband Screen Use this screen to change your VMG’s Internet access settings. Click Network Setting > Broadband from the menu. The summary table shows you the configured WAN services (connections) on the VMG. Figure 24 Network Setting > Broadband The following table describes the labels in this screen.
Page 80: Add/Edit Internet Connection
Chapter 6 Broadband 6.2.1 Add/Edit Internet Connection Click Add New WAN Interface in the Broadband screen or the Edit icon next to an existing WAN interface to configure a WAN connection. The screen varies depending on the interface type, mode, encapsulation, and IPv6/IPv4 mode you select.
Page 81 Chapter 6 Broadband The following table describes the labels in this screen. Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) LABEL DESCRIPTION General Active Select Enable or Disable to activate or deactivate the interface. Name Specify a descriptive name for this connection.
Page 82 Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION PPPoE This field is available when you select PPPoE encapsulation. Passthrough In addition to the VMG’s built-in PPPoE client, you can enable PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the VMG.
Page 83 Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION Tunnel The DS-Lite (Dual Stack Lite) fields display when you set the IPv4/IPv6 Mode field to IPv6 Only. Enable Dual Stack Lite to let local computers use IPv4 through an ISP’s IPv6 network. See Dual Stack Lite on page 78 for more information.
Page 84 Chapter 6 Broadband Table 8 Network Setting > Broadband > Add New WAN Interface/Edit (Routing Mode) (continued) LABEL DESCRIPTION IPv6 Default Enter the IP address of the next-hop gateway. The gateway is a router or switch on the same Gateway segment as your VMG's interface(s).
Page 85 Chapter 6 Broadband Figure 26 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL/VDSL over PTM -Bridge Mode) The following table describes the fields in this screen. Table 9 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL/VDSL over PTM -Bridge Mode) LABEL DESCRIPTION...
Page 86 Chapter 6 Broadband Figure 27 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL over ATM-Bridge Mode) The following table describes the fields in this screen. Table 10 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL over ATM-Bridge Mode) LABEL DESCRIPTION General...
Page 87: The Cellular Backup Screen
Chapter 6 Broadband Table 10 Network Setting > Broadband > Add New WAN Interface/Edit (ADSL over ATM-Bridge Mode) LABEL DESCRIPTION Service Select UBR Without PCR for applications that are non-time sensitive, such as e-mail. Category Select CBR (Continuous Bit Rate) to specify fixed (always-on) bandwidth for voice or data traffic. Select Non Realtime VBR (non real-time Variable Bit Rate) for connections that do not require closely controlled delay and delay variation.
Page 88 Chapter 6 Broadband Note: The actual data rate you obtain varies depending the cellular card you use, the signal strength to the service provider’s base station, and so on. Figure 29 Network Setting > Broadband > Cellular Backup VMG3925-B10C/B30C User’s Guide...
Page 89 Chapter 6 Broadband The following table describes the labels in this screen. Table 11 Network Setting > Broadband > Cellular Backup LABEL DESCRIPTION General Cellular Backup Select Enable to have the VMG use the cellular connection as your WAN or a backup when the wired WAN connection fails.
Page 90 Chapter 6 Broadband Table 11 Network Setting > Broadband > Cellular Backup (continued) LABEL DESCRIPTION Obtain an IP Select this option if your ISP did not assign you a fixed IP address. Address Automatically Use the Select this option if the ISP assigned a fixed IP address. following static IP address IP Address...
Page 91 Chapter 6 Broadband Table 11 Network Setting > Broadband > Cellular Backup (continued) LABEL DESCRIPTION Data Budget Select this and specify how much downstream and/or upstream data (in k Packets) can be (kPackets) transmitted via the cellular connection within one month. Select Download/Upload to set a limit on the total traffic in both directions.
Page 92: The Advanced Screen
Chapter 6 Broadband 6.4 The Advanced Screen Use the Advanced screen to enable or disable ADSL over PTM, Annex M, DSL PhyR, and SRA (Seamless Rate Adaptation) functions. The VMG supports the PhyR retransmission scheme. PhyR is a retransmission scheme designed to provide protection against noise on the DSL line. It improves voice, video and data transmission resilience by utilizing a retransmission buffer.
Page 93 Chapter 6 Broadband The following table describes the labels in this screen. Table 13 Network Setting > Broadband > Advanced LABEL DESCRIPTION PhyR US Enable or disable PhyR US (upstream) for upstream transmission to the WAN. PhyR US should be enabled if data being transmitted upstream is sensitive to noise.
Page 94: Technical Reference
Chapter 6 Broadband Table 13 Network Setting > Broadband > Advanced (continued) LABEL DESCRIPTION 8a, 8b, 8c, 8d, The G.993.2 VDSL standard defines a wide range of profiles that can be used in different VDSL 12a, 12b, 17a, deployment settings, such as in a central office, a street cabinet or a building. The VMG must comply with at least one profile specified in G.993.2.
Page 95 Chapter 6 Broadband Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site. By implementing PPPoE directly on the VMG (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the VMG does that part of the task.
Page 96 Chapter 6 Broadband The following figure illustrates the relationship between PCR, SCR and MBS. Figure 31 Example of Traffic Shaping ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
Page 97 Chapter 6 Broadband IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP.
Page 98 Chapter 6 Broadband Internet Group Multicast Protocol (IGMP) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
Page 99: Wireless
H A P T E R Wireless 7.1 Overview This chapter describes the VMG’s Network Setting > Wireless screens. Use these screens to set up your VMG’s wireless connection. 7.1.1 What You Can Do in this Chapter This section describes the VMG’s Wireless screens. Use these screens to set up your VMG’s wireless connection.
Page 100: The General Screen
Chapter 7 Wireless Finding Out More Section 7.10 on page 115 for advanced technical information on wireless networks. 7.2 The General Screen Use this screen to enable the Wireless LAN, enter the SSID and select the wireless security mode. Note: If you are configuring the VMG from a computer connected to the wireless LAN and you change the VMG’s SSID, channel or security settings, you will lose your wireless connection when you press Apply to confirm.
Page 101 Chapter 7 Wireless Figure 32 Network Setting > Wireless > General The following table describes the general wireless LAN labels in this screen. Table 14 Network Setting > Wireless > General LABEL DESCRIPTION Wireless Network Setup Band This shows the wireless band which this radio profile is using. 2.4GHz is the frequency used by IEEE 802.11b/g/n wireless clients while 5GHz is used by IEEE 802.11a/ac wireless clients.
Page 102: No Security
Chapter 7 Wireless Table 14 Network Setting > Wireless > General (continued) LABEL DESCRIPTION Bandwidth Select whether the VMG uses a wireless channel width of 20MHz, 40MHz or 80MHz. A standard 20MHz channel offers transfer speeds of up to 150Mbps whereas a 40MHz channel uses two standard channels and offers speeds of up to 300 Mbps.
Page 103: More Secure (Wpa2-Psk)
Chapter 7 Wireless Figure 33 Wireless > General: No Security The following table describes the labels in this screen. Table 15 Wireless > General: No Security LABEL DESCRIPTION Security Level Choose No Security to allow all wireless connections without data encryption or authentication. 7.2.2 More Secure (WPA2-PSK) The WPA2-PSK security mode is a newer, more robust version of the WPA encryption standard.
Page 104: The Guest / More Ap Screen
Chapter 7 Wireless Table 16 Wireless > General: More Secure: WPA2-PSK (continued) LABEL DESCRIPTION Password The encryption mechanisms used for WPA(2) and WPA(2)-PSK are the same. The only difference between the two is that WPA(2)-PSK uses a simple common password, instead of user-specific credentials.
Page 105: Edit Guest/More Ap
Chapter 7 Wireless Table 17 Network Setting > Wireless > Guest / More AP (continued) LABEL DESCRIPTION Guest WLAN This displays if the guest WLAN function has been enabled for this WLAN. If Home Guest displays, clients can connect to each other directly. If External Guest displays, clients are blocked from connecting to each other directly.
Page 106 Chapter 7 Wireless Figure 36 Network Setting > Wireless > Guest/More AP > Edit The following table describes the fields in this screen. Table 18 Network Setting > Wireless > Guest/More AP > Edit LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in this field.
Page 107: The Mac Authentication Screen
Chapter 7 Wireless Table 18 Network Setting > Wireless > Guest/More AP > Edit (continued) LABEL DESCRIPTION Hide SSID Select this check box to hide the SSID in the outgoing beacon frame so a station cannot obtain the SSID through scanning using a site survey tool. Guest WLAN Select this to create Guest WLANs for home and external clients.
Page 108: The Wps Screen
Chapter 7 Wireless Figure 37 Network Setting > Wireless > MAC Authentication The following table describes the labels in this screen. Table 19 Network Setting > Wireless > Authentication LABEL DESCRIPTION General SSID Select the SSID for which you want to configure MAC filter settings. MAC Restrict Define the filter action for the list of MAC addresses in the MAC address list.
Page 109 Chapter 7 Wireless WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Set up each WPS connection between two devices. Both devices must support WPS. See Section 7.10.8.3 on page 123 for more information about WPS.
Page 110: The Wmm Screen
Chapter 7 Wireless Table 20 Network Setting > Wireless > WPS (continued) LABEL DESCRIPTION Register Enter the PIN of the device that you are setting up a WPS connection with and click Register to authenticate and add the wireless device to your wireless network. You can find the PIN either on the outside of the device, or by checking the device’s settings.
Page 111: The Others Screen
Chapter 7 Wireless The following table describes the labels in this screen. Table 21 Network Setting > Wireless > WMM LABEL DESCRIPTION WMM of SSID1~4 Select On to have the VMG automatically give the wireless network (SSIDx) a priority level according to the ToS value in the IP header of packets it sends.
Page 112: The Channel Status Screen
Chapter 7 Wireless Table 22 Network Setting > Wireless > Others (continued) LABEL DESCRIPTION Output Power Set the output power of the VMG. If there is a high density of APs in an area, decrease the output power to reduce interference with other APs. Select one of the following: 20%, 40%, 60%, 80% or 100%.
Page 113: The Wlan Scheduler Screen
Chapter 7 Wireless Figure 41 Network Setting > Wireless > Channel Status 7.9 The WLAN Scheduler Screen Use this screen to set the times your wireless LAN is turned on and off. Wireless LAN scheduler is disabled by default. The wireless LAN can be scheduled to turn on or off on certain days and at certain times. To open this screen, click Network >...
Page 114: Add A New Rule
Chapter 7 Wireless Figure 42 Network > Wireless > WLAN Scheduler The following table describes the labels in this screen. Table 23 Network > Wireless > WLAN Scheduler LABEL DESCRIPTION WLAN Select Enable to activate the wireless LAN scheduler feature. Select Disable to turn it off. Scheduler Access Add New Rule...
Page 115: Technical Reference
Chapter 7 Wireless Figure 43 Network > Wireless > WLAN Scheduler: Add/Edit a Rule The following table describes the labels in this screen. Table 24 Network > Wireless > WLAN Scheduler: Add/Edit a Rule LABEL DESCRIPTION Active Select Enable or Disable to activate or deactivate this scheduler rule. SSID Select an SSID for this scheduler rule.
Page 116 Chapter 7 Wireless Traditionally, a wireless network operates in one of two ways. • An “infrastructure” type of network has one or more access points and one or more wireless clients. The wireless clients connect to the access points. • An “ad-hoc” type of network is one in which there is no access point. Wireless clients connect to one another in order to exchange information.
Page 117: Additional Wireless Terms
Chapter 7 Wireless Radio Channels In the radio spectrum, there are certain frequency bands allocated for unlicensed, civilian use. For the purposes of wireless networking, these bands are divided into numerous channels. This allows a variety of networks to exist in the same place without interfering with one another. When you create a network, you must select a channel to use.
Page 118 Chapter 7 Wireless random numbers and letters - but it is not very secure if you use a short key which is very easy to guess - for example, a three-letter word from the dictionary. Because of the damage that can be done by a malicious attacker, it’s not just people who have sensitive information on their network who should use security.
Page 119: Signal Problems
Chapter 7 Wireless Unauthorized wireless devices can still see the information that is sent in the wireless network, even if they cannot use the wireless network. Furthermore, there are ways for unauthorized wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network.
Page 120: Bss
Chapter 7 Wireless coincidental emitters such as electric motors or microwaves. Problems with absorption occur when physical objects (such as thick walls) are between the two radios, muffling the signal. 7.10.5 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).
Page 121: Preamble Type
Chapter 7 Wireless 7.10.6.1 Notes on Multiple BSSs • A maximum of eight BSSs are allowed on one AP simultaneously. • You must use different keys for different BSSs. If two wireless devices have different BSSIDs (they are in different BSSs), but have the same keys, they may hear each other’s communications (but not communicate with each other).
Page 122 Chapter 7 Wireless Ensure that the two devices you want to set up are within wireless range of one another. Look for a WPS button on each device. If the device does not have one, log into its configuration utility and locate the button (see the device’s User’s Guide for how to do this - for the VMG, see Section 7.6 on page...
Page 123 Chapter 7 Wireless On a computer connected to the wireless client, try to connect to the Internet. If you can connect, WPS was successful. If you cannot connect, check the list of associated wireless clients in the AP’s configuration utility. If you see the wireless client in the list, WPS was successful.
Page 124 Chapter 7 Wireless standards supported by the devices. If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly. The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point.
Page 125 Chapter 7 Wireless The following figure shows an example network. In step 1, both AP1 and Client 1 are unconfigured. When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information.
Page 126 Chapter 7 Wireless Figure 50 WPS: Example Network Step 3 7.10.8.5 Limitations of WPS WPS has some limitations of which you should be aware. • WPS works in Infrastructure networks only (where an AP and a wireless client communicate). It does not work in Ad-Hoc networks (where there is no AP).
Page 127 Chapter 7 Wireless point is the WPS registrar, the enrollee, or was not involved in the WPS handshake; a rogue device must still associate with the access point to gain access to the network. Check the MAC addresses of your wireless clients (usually printed on a label on the bottom of the device). If there is an unknown MAC address you can remove it or reset the AP.
Page 128: Home Networking
H A P T E R Home Networking 8.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses.
Page 129: What You Need To Know
Chapter 8 Home Networking 8.1.2 What You Need To Know 8.1.2.1 About LAN IP Address IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts.
Page 130: Before You Begin
Chapter 8 Home Networking • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the Chapter 11 on page 171 for more information on NAT. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues.
Page 131 Chapter 8 Home Networking Click Apply to save your settings. Figure 51 Network Setting > Home Networking > LAN Setup VMG3925-B10C/B30C User’s Guide...
Page 132 Chapter 8 Home Networking The following table describes the fields in this screen. Table 27 Network Setting > Home Networking > LAN Setup LABEL DESCRIPTION Interface Group Group Name Select the interface group name for which you want to configure LAN settings. See Chapter 15 on page 198 for how to create a new interface group.
Page 133 Chapter 8 Home Networking Table 27 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION IPv6 State Select Enable to activate the IPv6 mode and configure IPv6 settings on the VMG. Link Local Address Type EUI64 Select this to have the VMG generate an interface ID for the LAN interface’s link-local address using the EUI-64 format.
Page 134: The Static Dhcp Screen
Chapter 8 Home Networking Table 27 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION DNS Query Select how the VMG handles clients’ DNS information requests. Scenario • IPv4/IPv6 DNS Server: The VMG forwards the requests to both the IPv4 and IPv6 DNS servers and sends clients the first DNS information it receives.
Page 135 Chapter 8 Home Networking Table 28 Network Setting > Home Networking > Static DHCP LABEL DESCRIPTION IP Address This field displays the IP address relative to the # field listed above. Modify Click the Edit icon to have the IP address field editable and change it. Click the Delete icon to delete a static DHCP entry.
Page 136: The Upnp Screen
Chapter 8 Home Networking 8.4 The UPnP Screen Universal Plug and Play (UPnP) is a distributed, open networking standard that uses TCP/IP for simple peer-to-peer network connectivity between devices. A UPnP device can dynamically join a network, obtain an IP address, convey its capabilities and learn about other devices on the network. In turn, a device can leave a network smoothly and automatically when it is no longer in use.
Page 137: Turning On Upnp In Windows 7 Example
Chapter 8 Home Networking Table 30 Network Setting > Home Networking > UPnP (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. 8.4.1 Turning On UPnP in Windows 7 Example This section shows you how to use the UPnP feature in Windows 7.
Page 138: The Additional Subnet Screen
Chapter 8 Home Networking 8.5 The Additional Subnet Screen Use the Additional Subnet screen to configure IP alias and public static IP. IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The VMG supports multiple logical LAN interfaces via its physical Ethernet interface with the VMG3925-B10C/B30C User’s Guide...
Page 139 Chapter 8 Home Networking VMG itself as the gateway for the LAN network. When you use IP alias, you can also configure firewall rules to control access to the LAN's logical network (subnet). If your ISP provides the Public LAN service, the VMG may use an LAN IP address that can be accessed from the WAN.
Page 140: The Stb Vendor Id Screen
Chapter 8 Home Networking 8.6 The STB Vendor ID Screen Set Top Box (STB) devices with dynamic IP addresses sometimes don’t renew their IP addresses before the lease time expires. This could lead to IP address conflicts if the STB continues to use an IP address that gets assigned to another device.
Page 141: The Tftp Server Name Screen
Chapter 8 Home Networking The following table describes the labels in this screen. Table 33 Network Setting > Home Networking > Wake on Lan LABEL DESCRIPTION Wake by Select Manual and enter the IP address or MAC address of the device to turn it on remotely. The Address drop-down list also lists the IP addresses that can be found in the VMG’s ARP table.
Page 142: Lans, Wans And The Vmg
Chapter 8 Home Networking 8.9.1 LANs, WANs and the VMG The actual physical connection determines whether the VMG ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
Page 143: Lan Tcp/Ip
Chapter 8 Home Networking • Some ISPs choose to disseminate the DNS server addresses using the DNS server extensions of IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation.
Page 144 Chapter 8 Home Networking You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
Page 145: Routing
H A P T E R Routing 9.1 Overview The VMG usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the VMG send data to devices not reachable through the default gateway, use static routes.
Page 146: Add/Edit Static Route
Chapter 9 Routing Figure 61 Network Setting > Routing > Static Route The following table describes the labels in this screen. Table 35 Network Setting > Routing > Static Route LABEL DESCRIPTION Add new static Click this to configure a new static route. route This is the index number of the entry.
Page 147 Chapter 9 Routing Figure 62 Routing: Add/Edit The following table describes the labels in this screen. Table 36 Routing: Add/Edit LABEL DESCRIPTION Active This field allows you to activate/deactivate this static route. Select Enable to enable the static route. Select Disable to disable this static route without having to delete the entry.
Page 148: The Dns Route Screen
Chapter 9 Routing 9.3 The DNS Route Screen Use this screen to view and configure DNS routes on the VMG. Click Network Setting > Routing > DNS Route to open the following screen. Figure 63 Network Setting > Routing > DNS Route The following table describes the labels in this screen.
Page 149: The Policy Route Screen
Chapter 9 Routing The following table describes the labels in this screen. Table 38 DNS Route Add LABEL DESCRIPTION Active Select Enable to activate this DNS route. Domain Name Enter the domain name of the DNS route entry. Subnet Mask Enter the subnet mask of the DNS route entry.
Page 150: Add/Edit Policy Route
Chapter 9 Routing Table 39 Network Setting > Routing >Policy Route (continued) LABEL DESCRIPTION Source Port This is the source port number. Source MAC This is the source MAC address. Source This is the interface from which the matched traffic is sent. Interface WAN Interface This is the WAN interface through which the traffic is routed.
Page 151: Rip
Chapter 9 Routing Table 40 Policy Route: Add/Edit (Sheet 2 of 2) LABEL DESCRIPTION Source Interface Type the name of the interface from which the matched traffic is sent. WAN Interface Select a WAN interface through which the traffic is sent. You must have the WAN interface(s) already configured in the Broadband screens.
Page 152 Chapter 9 Routing Table 41 RIP LABEL DESCRIPTION Disable Default Select the check box to set the VMG to not send the route information to the default Gateway gateway. Apply Click Apply to save your changes back to the VMG. VMG3925-B10C/B30C User’s Guide...
Page 153: Quality Of Service (Qos)
H A P T E R Quality of Service (QoS) 10.1 Overview Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested.
Page 154: What You Need To Know
Chapter 10 Quality of Service (QoS) 10.2 What You Need to Know The following terms and concepts may help as you read through this chapter. QoS versus Cos QoS is used to prioritize source-to-destination traffic flows. All packets in the same flow are given the same priority.
Page 155: The Quality Of Service General Screen
Chapter 10 Quality of Service (QoS) Traffic Policing Traffic policing is the limiting of the input or output transmission rate of a class of traffic on the basis of user-defined criteria. Traffic policing methods measure traffic flows against user-defined criteria and identify it as either conforming, exceeding or violating the criteria.
Page 156: The Queue Setup Screen
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 42 Network Setting > QoS > General LABEL DESCRIPTION Select the Enable check box to turn on QoS to improve your network performance. WAN Managed Enter the amount of upstream bandwidth for the WAN interfaces that you want to allocate using Upstream QoS.
Page 157 Chapter 10 Quality of Service (QoS) Figure 69 Network Setting > QoS > Queue Setup The following table describes the labels in this screen. Table 43 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Add New Click this button to create a new queue entry. Queue This is the index number of the entry.
Page 158: Adding A Qos Queue
Chapter 10 Quality of Service (QoS) 10.4.1 Adding a QoS Queue Click Add New Queue or the edit icon in the Queue Setup screen to configure a queue. Figure 70 Queue Setup: Add The following table describes the labels in this screen. Table 44 Queue Setup: Add LABEL DESCRIPTION...
Page 159: The Classification Setup Screen
Chapter 10 Quality of Service (QoS) 10.5 The Classification Setup Screen Use this screen to add, edit or delete QoS classifiers. A classifier groups traffic into data flows according to specific criteria such as the source address, destination address, source port number, destination port number or incoming interface.
Page 160 Chapter 10 Quality of Service (QoS) Figure 72 Classification Setup: Add/Edit VMG3925-B10C/B30C User’s Guide...
Page 161 Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 46 Classification Setup: Add/Edit LABEL DESCRIPTION Step1: Class Configuration Active Select Enable to activate this classifier. Class Name Enter a descriptive name of up to 15 printable English keyboard characters, not including spaces.
Page 162 Chapter 10 Quality of Service (QoS) Table 46 Classification Setup: Add/Edit (continued) LABEL DESCRIPTION Service This field is available only when you select IP in the Ether Type field. This field simplifies classifier configuration by allowing you to select a predefined application. When you select a predefined application, you do not configure the rest of the filter fields.
Page 163: The Qos Shaper Setup Screen
Chapter 10 Quality of Service (QoS) Table 46 Classification Setup: Add/Edit (continued) LABEL DESCRIPTION Step4: Class Routing Forward to Select a WAN interface through which traffic of this class will be forwarded out. If you select Interface Unchange, the VMG forward traffic of this class according to the default routing table. Step5: Outgoing Queue Selection To Queue Index Select a queue that applies to this class.
Page 164: Add/Edit A Qos Shaper
Chapter 10 Quality of Service (QoS) 10.6.1 Add/Edit a QoS Shaper Click Add New Shaper in the Shaper Setup screen or the Edit icon next to a shaper to show the following screen. Figure 74 Shaper Setup: Add/Edit The following table describes the labels in this screen. Table 48 Shaper Setup: Add/Edit LABEL DESCRIPTION...
Page 165: Add/Edit A Qos Policer
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 49 Network Setting > QoS > Policer Setup LABEL DESCRIPTION Add new Policer Click this to create a new entry. This is the index number of the entry. Status This field displays whether the policer is active or not.
Page 166: Technical Reference
Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 50 Policer Setup: Add/Edit LABEL DESCRIPTION Active Select Enableto activate this policer. Name Enter the descriptive name of this policer. Meter Type This shows the traffic metering algorithm used in this policer. The Simple Token Bucket algorithm uses tokens in a bucket to control when traffic can be transmitted.
Page 167 Chapter 10 Quality of Service (QoS) The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process the frame across the network. IEEE 802.1p specifies the user priority field and defines up to eight separate traffic types. The following table describes the traffic types defined in the IEEE 802.1d standard (which incorporates the 802.1p).
Page 168 Chapter 10 Quality of Service (QoS) IP Precedence Similar to IEEE 802.1p prioritization at layer-2, you can use IP precedence to prioritize packets in a layer-3 network. IP precedence uses three bits of the eight-bit ToS (Type of Service) field in the IP header. There are eight classes of services (ranging from zero to seven) in IP precedence.
Page 169 Chapter 10 Quality of Service (QoS) Token Bucket The token bucket algorithm uses tokens in a bucket to control when traffic can be transmitted. The bucket stores tokens, each of which represents one byte. The algorithm allows bursts of up to b bytes which is also the bucket size, so the bucket can hold up to b tokens.
Page 170 Chapter 10 Quality of Service (QoS) • If there are not enough tokens in the CBS bucket, the VMG checks the EBS bucket. The packet is marked yellow if there are sufficient tokens in the EBS bucket. Otherwise, the packet is marked red. No tokens are removed if the packet is dropped.
Page 171: Network Address Translation (Nat)
H A P T E R Network Address Translation (NAT) 11.1 Overview This chapter discusses how to configure NAT on the VMG. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Page 172: The Port Forwarding Screen
Chapter 11 Network Address Translation (NAT) In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side.
Page 173 Chapter 11 Network Address Translation (NAT) Figure 77 Multiple Servers Behind NAT Example Click Network Setting > NAT > Port Forwarding to open the following screen. Appendix D on page 315 for port numbers commonly used for particular services. Figure 78 Network Setting > NAT > Port Forwarding The following table describes the fields in this screen.
Page 174: Add/Edit Port Forwarding
Chapter 11 Network Address Translation (NAT) Table 53 Network Setting > NAT > Port Forwarding (continued) LABEL DESCRIPTION Protocol This shows the IP protocol supported by this virtual server, whether it is TCP, UDP, or TCP/UDP. Modify Click the Edit icon to edit this rule. Click the Delete icon to delete an existing rule.
Page 175: The Applications Screen
Chapter 11 Network Address Translation (NAT) Table 54 Port Forwarding: Add/Edit (continued) LABEL DESCRIPTION End Port Enter the last port of the original destination port range. To forward only one port, enter the port number in the Start Port field above and then enter it again in this field.
Page 176: Add New Application
Chapter 11 Network Address Translation (NAT) Table 55 Network Setting > NAT > Applications (continued) LABEL DESCRIPTION WAN Interface This field shows the WAN interface through which the service is forwarded. Server IP This field displays the destination IP address for the service. Address Modify Click the Delete icon to delete the rule.
Page 177: The Port Triggering Screen
Chapter 11 Network Address Translation (NAT) 11.4 The Port Triggering Screen Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN).
Page 178: Add/Edit Port Triggering Rule
Chapter 11 Network Address Translation (NAT) Figure 83 Network Setting > NAT > Port Triggering The following table describes the labels in this screen. Table 57 Network Setting > NAT > Port Triggering LABEL DESCRIPTION Add New Rule Click this to create a new rule. This is the index number of the entry.
Page 179: The Dmz Screen
Chapter 11 Network Address Translation (NAT) Figure 84 Port Triggering: Add/Edit The following table describes the labels in this screen. Table 58 Port Triggering: Configuration Add/Edit LABEL DESCRIPTION Active Select Enable or Disable to activate or deactivate the rule. Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on).
Page 180: The Alg Screen
Chapter 11 Network Address Translation (NAT) Figure 85 Network Setting > NAT > DMZ The following table describes the fields in this screen. Table 59 Network Setting > NAT > DMZ LABEL DESCRIPTION Default Server Enter the IP address of the default server which receives packets from ports that are not Address specified in the NAT Port Forwarding screen.
Page 181: The Address Mapping Screen
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 60 Network Setting > NAT > ALG LABEL DESCRIPTION NAT ALG Enable this to make sure applications such as FTP and file transfer in IM applications work correctly with port-forwarding and address-mapping rules.
Page 182: Add/Edit Address Mapping Rule
Chapter 11 Network Address Translation (NAT) Table 61 Network Setting > NAT > Address Mapping (continued) LABEL DESCRIPTION Type This is the address mapping type. One-to-One: This mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type.
Page 183: The Sessions Screen
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 62 Address Mapping: Add/Edit LABEL DESCRIPTION Rule Name Type up to 20 alphanumberic characters for the name of this rule. Type Choose the IP/port mapping type from one of the following. One-to-One: This mode maps one local IP address to one global IP address.
Page 184: Technical Reference
Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 63 Network Setting > NAT > Sessions LABEL DESCRIPTION MAX NAT Use this field to set a limit to the number of concurrent NAT sessions each client host can have. Session Per Host If only a few clients use peer to peer applications, you can raise this number to improve their performance.
Page 185: How Nat Works
Chapter 11 Network Address Translation (NAT) network and make them accessible to the outside world. If you do not define any servers (for Many-to- One and Many-to-Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your VMG filters out all incoming inquiries, thus preventing intruders from probing your network.
Page 186 Chapter 11 Network Address Translation (NAT) Figure 91 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also refer to the Supporting CD for more examples and details on port forwarding and NAT.
Page 187 Chapter 11 Network Address Translation (NAT) Port Forwarding Example Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
Page 188: Dynamic Dns Setup
H A P T E R Dynamic DNS Setup 12.1 Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it.
Page 189: The Dns Entry Screen
Chapter 12 Dynamic DNS Setup If you have a private WAN IP address, then you cannot use Dynamic DNS. 12.2 The DNS Entry Screen Use this screen to view and configure DNS routes on the VMG. Click Network Setting > DNS to open the DNS Entry screen.
Page 190: The Dynamic Dns Screen
Chapter 12 Dynamic DNS Setup Figure 94 DNS Entry: Add/Edit The following table describes the labels in this screen. Table 67 DNS Entry: Add/Edit LABEL DESCRIPTION Host Name Enter the host name of the DNS entry. IP Address Enter the IP address of the DNS entry. Apply Click Apply to save your changes.
Page 191 Chapter 12 Dynamic DNS Setup The following table describes the fields in this screen. Table 68 Network Setting > DNS > > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Dynamic DNS Select Enable to use dynamic DNS. Service Provider Select your Dynamic DNS service provider from the drop-down list box. Host/Domain Type the domain name assigned to your VMG by your Dynamic DNS provider.
Page 192: Igmp/Mld
H A P T E R IGMP/MLD 13.1 Overview Use the IGMP/MLD screen to configure IGMP/MLD group settings. 13.1.1 What You Need To Know Multicast and IGMP Multicast on page 97 for more information. Multicast Listener Discovery (MLD) The Multicast Listener Discovery (MLD) protocol (defined in RFC 2710) is derived from IPv4's Internet Group Management Protocol version 2 (IGMPv2).
Page 193 Chapter 13 IGMP/MLD Figure 96 Network Setting > IGMP/MLD The following table describes the labels in this screen. Table 69 Network Setting > IGMP/MLD LABEL DESCRIPTION IGMP/MLD Configuration Default Version Enter the version of IGMP (1~3) and MLD (1~2) that you want the VMG to use on the WAN. Query Interval Enter the number of seconds the VMG sends a query message to hosts to get the group membership information.
Page 194 Chapter 13 IGMP/MLD Table 69 Network Setting > IGMP/MLD (continued) LABEL DESCRIPTION Maximum Enter a number to limit the number of multicast groups an interface on the VMG is allowed to Multicast join. Once a multicast member is registered in the specified number of multicast groups, any Groups new IGMP or MLD join report frames are dropped by the interface.
Page 195: Vlan Group
H A P T E R Vlan Group 14.1 Overview Virtual LAN IDs are used to identify different traffic types over the same physical link. In the following example, the VMG (DSL) can use VLAN IDs (VID) 100 and 200 to identify Video-on- Demand and IPTV traffic respectively coming from the two VoD and IPTV multicast servers.
Page 196: Add/Edit A Vlan Group
Chapter 14 Vlan Group The following table describes the fields in this screen. Table 70 Network Setting > Vlan Group LABEL DESCRIPTION Add New VLAN Click this button to create a new VLAN group. Group This is the index number of the VLAN group. Group Name This shows the descriptive name of the VLAN group.
Page 197 Chapter 14 Vlan Group Table 71 Add/Edit VLAN Group (continued) LABEL DESCRIPTION Select Include to add the associated LAN interface to this VLAN group. Select TX Tagging to tag outgoing traffic from the associated LAN port with the VLAN ID number entered above.
Page 198: Interface Group
H A P T E R Interface Group 15.1 Overview By default, all LAN and WAN interfaces on the VMG are in the same group and can communicate with each other. Create interface groups to have the VMG assign the IP addresses in different domains to different groups.
Page 199: Interface Group Configuration
Chapter 15 Interface Group Click Network Setting > Interface Grouping to open the following screen. Figure 101 Network Setting > Interface Grouping The following table describes the fields in this screen. Table 72 Network Setting > Interface Grouping LABEL DESCRIPTION Add New Click this button to create a new interface group.
Page 200 Chapter 15 Interface Group Figure 102 Interface Group Configuration The following table describes the fields in this screen. Table 73 Interface Group Configuration LABEL DESCRIPTION Group Name Enter a name to identify this group. You can enter up to 30 characters. You can use letters, numbers, hyphens (-) and underscores (_).
Page 201: Interface Grouping Criteria
Chapter 15 Interface Group Table 73 Interface Group Configuration (continued) LABEL DESCRIPTION Automatically Click Add to identify LAN hosts to add to the interface group by criteria such as the type of the Add Clients With hardware or firmware. See Section 15.2.2 on page 201 for more information.
Page 202 Chapter 15 Interface Group Table 74 Interface Grouping Criteria (continued) LABEL DESCRIPTION DHCP Option 61 Select this and enter the device identity of the matched traffic. Enter the Identity Association Identifier (IAID) of the device, for example, the WAN connection index number.
Page 203: Usb Service
H A P T E R USB Service 16.1 Overview You can share files on a USB memory stick or hard drive connected to your VMG with users on your network. The following figure is an overview of the VMG’s file server feature. Computers A and B can access files on a USB device (C) which is connected to the VMG.
Page 204: Before You Begin
Chapter 16 USB Service 16.1.2.1 About File Sharing Workgroup name This is the name given to a set of computers that are connected on a network and share resources such as a printer or files. Windows automatically assigns the workgroup name when you set up a network. Shares When settings are set to default, each USB device connected to the VMG is given a folder, called a “share”.
Page 205 Chapter 16 USB Service Figure 105 Network Setting > USB Service > File Sharing Note: Share Directory List field appears when you connect a USB device to the USB port. Otherwise, it doesn’t. Each field is described in the following table. Table 75 Network Setting >...
Page 206: The Add New Share Screen
Chapter 16 USB Service Table 75 Network Setting > USB Service > File Sharing LABEL DESCRIPTION Add New User Click this button to create a user account to access the secured shares. Status This field shows the status of the user. : The user account is not activated for the share.
Page 207: The Add New User Screen
Chapter 16 USB Service 16.2.2 The Add New User Screen Once you click the Add New User button, you’ll be directed to the User Account screen. To create a user account that can access the secured shares on the USB device, click the Add New Account button in the Maintenance >...
Page 208 Chapter 16 USB Service Table 77 Network Setting > USB Service > Media Server (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings. VMG3925-B10C/B30C User’s Guide...
Page 209: Firewall
H A P T E R Firewall 17.1 Overview This chapter shows you how to enable and configure the VMG’s security settings. Use the firewall to protect your VMG and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
Page 210: What You Need To Know
Chapter 17 Firewall 17.1.2 What You Need to Know SYN Attack A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN- ACK, it queues up all outstanding SYN-ACK responses on a backlog queue.
Page 211: The Protocol Screen
Chapter 17 Firewall Figure 109 Security > Firewall > General The following table describes the labels in this screen. Table 78 Security > Firewall > General LABEL DESCRIPTION Firewall Select Enable to activate the firewall feature on the VMG. Select Low to allow LAN to WAN and WAN to LAN packet directions. Medium Select Medium to allow LAN to WAN but deny WAN to LAN packet directions.
Page 212: Add/Edit A Service
Chapter 17 Firewall Figure 110 Security > Firewall > Protocol The following table describes the labels in this screen. Table 79 Security > Firewall > Protocol LABEL DESCRIPTION Add New Click this to add a new service. Protocol Entry Name This is the name of your customized service.
Page 213: The Access Control Screen
Chapter 17 Firewall The following table describes the labels in this screen. Table 80 Service: Add/Edit LABEL DESCRIPTION Service Name Enter a unique name (up to 32 printable English keyboard characters, including spaces) for your customized port. Description Enter a description for your customized port. Protocol Choose the IP protocol (TCP, UDP, ICMP, or Other) that defines your customized port from the drop-down list box.
Page 214: Add/Edit An Acl Rule
Chapter 17 Firewall Table 81 Security > Firewall > Access Control (continued) LABEL DESCRIPTION Action This field displays whether the rule silently discards packets (DROP), discards packets and sends a TCP reset packet or an ICMP destination-unreachable message to the sender (REJECT) or allows the passage of packets (ACCEPT).
Page 215: The Dos Screen
Chapter 17 Firewall Table 82 Access Control: Add/Edit (continued) LABEL DESCRIPTION Select Source Select the source device to which the ACL rule applies. If you select Specific IP Address, enter Device the source IP address in the field below. Source IP Enter the source IP address.
Page 216 Chapter 17 Firewall Figure 114 Security > Firewall > DoS The following table describes the labels in this screen. Table 83 Security > Firewall > DoS LABEL DESCRIPTION DoS Protection Select Enable to enable protection against DoS attacks. Blocking Apply Click Apply to save your changes.
Page 217: Mac Filter
H A P T E R MAC Filter 18.1 Overview You can configure the VMG to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. Every Ethernet device has a unique MAC (Media Access Control) address.
Page 218 Chapter 18 MAC Filter The following table describes the labels in this screen. Table 84 Security > MAC Filter LABEL DESCRIPTION MAC Address Filter Select Enable to activate the MAC filter function. MAC Restrict Mode Select Allow to only permit the listed MAC addresses access to the VMG. Select Deny to permit anyone access to the VMG except the listed MAC addresses.
Page 219: Parental Control
H A P T E R Parental Control 19.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the VMG performs parental control on a specific user. 19.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules.
Page 220: Add/Edit A Parental Control Profile
Chapter 19 Parental Control Table 85 Security > Parental Control (continued) LABEL DESCRIPTION Internet Access This shows the day(s) and time on which parental control is enabled. Schedule Network Service This shows whether the network service is configured. If not, None will be shown. Website Block This shows whether the website block is configured.
Page 221 Chapter 19 Parental Control The following table describes the fields in this screen. Table 86 Parental Control Rule: Add/Edit LABEL DESCRIPTION General Active Select Enable or Disable to activate or deactivate the parental control rule. Parental Control Enter a descriptive name for the rule. Profile Name Home Network Select the LAN user that you want to apply this rule to from the drop-down list box.
Page 222 Chapter 19 Parental Control Table 86 Parental Control Rule: Add/Edit (continued) LABEL DESCRIPTION Redirect Select this to redirect users who access any blocked websites listed above to the Zyxel Family blocked site to Safety page as shown next. Zyxel Family Figure 118 Zyxel Family Safety Page Example Safety page Click OK to save your changes.
Page 223 Chapter 19 Parental Control Table 87 Parental Control Rule: Add/Edit > Add New Service (continued) LABEL DESCRIPTION Click OK to save your changes. Cancel Click Cancel to exit this screen without saving. Click Security > Parental Control > Add New PCP > Add to open the following screen. Figure 120 Parental Control Rule: Add/Edit Rule >...
Page 224: Scheduler Rule
H A P T E R Scheduler Rule 20.1 Overview You can define time periods and days during which the VMG performs scheduled rules of certain features (such as Firewall Access Control) in the Scheduler Rule screen. 20.2 The Scheduler Rule Screen Use this screen to view, add, or edit time schedule rules.
Page 225 Chapter 20 Scheduler Rule Figure 122 Scheduler Rule: Add/Edit The following table describes the fields in this screen. Table 90 Scheduler Rule: Add/Edit LABEL DESCRIPTION Rule Name Enter a name (up to 31 printable English keyboard characters, not including spaces) for this schedule.
Page 226: Certificates
H A P T E R Certificates 21.1 Overview The VMG can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 21.1.1 What You Can Do in this Chapter •...
Page 227: Create Certificate Request
Chapter 21 Certificates Figure 123 Security > Certificates > Local Certificates The following table describes the labels in this screen. Table 91 Security > Certificates > Local Certificates LABEL DESCRIPTION Private Key is Select the checkbox and enter the private key into the text box to store it on the VMG. The protected by a private key should not exceed 63 ASCII characters (not including spaces).
Page 228: View Certificate Request
Chapter 21 Certificates Figure 124 Create Certificate Request The following table describes the labels in this screen. Table 92 Create Certificate Request LABEL DESCRIPTION Certificate Type up to 63 ASCII characters (not including spaces) to identify this certificate. Name Common Name Select Auto to have the VMG configure this field automatically.
Page 229: The Trusted Ca Screen
Chapter 21 Certificates Figure 125 Certificate Request: View The following table describes the fields in this screen. Table 93 Certificate Request: View LABEL DESCRIPTION Name This field displays the identifying name of this certificate. Type This field displays general information about the certificate. ca means that a Certification Authority signed the certificate.
Page 230: View Trusted Ca Certificate
Chapter 21 Certificates Figure 126 Security > Certificates > Trusted CA The following table describes the fields in this screen. Table 94 Security > Certificates > Trusted CA LABEL DESCRIPTION Import Click this button to open a screen where you can save the certificate of a certification authority Certificate that you trust to the VMG.
Page 231: Import Trusted Ca Certificate
Chapter 21 Certificates Figure 127 Trusted CA: View The following table describes the fields in this screen. Table 95 Trusted CA: View LABEL DESCRIPTION Name This field displays the identifying name of this certificate. This read-only text box displays the certificate in Privacy Enhanced Mail (PEM) format. PEM uses base 64 to convert the binary certificate into a printable form.
Page 232 Chapter 21 Certificates Figure 128 Trusted CA: Import Certificate The following table describes the fields in this screen. Table 96 Trusted CA: Import Certificate LABEL DESCRIPTION Certificate File Type in the location of the certificate you want to upload in this field or click Choose File to find Path Apply Click Apply to save your changes.
Page 233: Log
H A P T E R 22.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the VMG log and then display the logs or have the VMG send them to an administrator (as e-mail) or to a syslog server.
Page 234: The System Log Screen
Chapter 22 Log Table 97 Syslog Severity Levels CODE SEVERITY Notice: There is a normal but significant condition on the system. Informational: The syslog contains an informational message. Debug: The message is intended for debug-level purposes. 22.2 The System Log Screen Use the System Log screen to see the system logs.
Page 235: The Security Log Screen
Chapter 22 Log 22.3 The Security Log Screen Use the Security Log screen to see the security-related logs for the categories that you select. Click System Monitor > Log > Security Log to open the following screen. Figure 130 System Monitor > Log > Security Log The following table describes the fields in this screen.
Page 236: Traffic Status
H A P T E R Traffic Status 23.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN, LAN interfaces and NAT. 23.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 23.2 on page 236).
Page 237: The Lan Status Screen
Chapter 23 Traffic Status The following table describes the fields in this screen. Table 100 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Connected This shows the name of the WAN interface that is currently connected. Interface Packets Sent Data This indicates the number of transmitted packets on this interface.
Page 238: The Nat Status Screen
Chapter 23 Traffic Status Figure 132 System Monitor > Traffic Status > LAN The following table describes the fields in this screen. Table 101 System Monitor > Traffic Status > LAN LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Interface This shows the LAN or WLAN interface.
Page 239 Chapter 23 Traffic Status Figure 133 System Monitor > Traffic Status > NAT The following table describes the fields in this screen. Table 102 System Monitor > Traffic Status > NAT LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Device Name This displays the name of the connected host.
Page 240: Arp Table
H A P T E R ARP Table 24.1 Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network.
Page 241: Arp Table Screen
Chapter 24 ARP Table 24.2 ARP Table Screen Use the ARP table to view IP-to-MAC address mapping(s). To open this screen, click System Monitor > ARP Table. Figure 134 System Monitor > ARP Table The following table describes the labels in this screen. Table 103 System Monitor >...
Page 242: Routing Table
H A P T E R Routing Table 25.1 Overview Routing is based on the destination address only and the VMG takes the shortest path to forward a packet. 25.2 The Routing Table Screen Click System Monitor > Routing Table to open the following screen. Figure 135 System Monitor >...
Page 243 Chapter 25 Routing Table The following table describes the labels in this screen. Table 104 System Monitor > Routing Table LABEL DESCRIPTION IPv4/IPv6 Routing Table Destination This indicates the destination IPv4 address or IPv6 address and prefix of this route. Gateway This indicates the IPv4 address or IPv6 address of the gateway that helps forward this route’s traffic.
Page 244: Multicast Status
H A P T E R Multicast Status 26.1 Overview Use the Multicast Status screens to look at IGMP/MLD group status and traffic statistics. 26.2 The IGMP Status Screen Use this screen to look at the current list of multicast groups the VMG has joined and which ports have joined it.
Page 245: The Mld Status Screen
Chapter 26 Multicast Status 26.3 The MLD Status Screen Use this screen to look at the current list of multicast groups the VMG has joined and which ports have joined it. To open this screen, click System Monitor > Multicast Status > MLD Status. Figure 137 System Monitor >...
Page 246: Xdsl Statistics
H A P T E R xDSL Statistics 27.1 The xDSL Statistics Screen Use this screen to view detailed DSL statistics. Click System Monitor > xDSL Statistics to open the following screen. Figure 138 System Monitor > xDSL Statistics The following table describes the labels in this screen. Table 107 Status >...
Page 247 Chapter 27 xDSL Statistics Table 107 Status > xDSL Statistics (continued) LABEL DESCRIPTION xDSL Port Details Upstream These are the statistics for the traffic direction going out from the port to the service provider. Downstream These are the statistics for the traffic direction coming into the port from the service provider. Line Rate These are the data transfer rates at which the port is sending and receiving data.
Page 248: Wlan Station Status
Chapter 28 WLAN Station Status H A P T E R WLAN Station Status 28.1 Overview Click the System Monitor > WLAN Station Status to open the following screen. View the wireless stations that are currently associated to the VMG. Being associated means that a wireless client (for example, your network or computer with a wireless network card) has connected successfully to the AP (or wireless router) using the same SSID, channel and security settings.
Page 249 Table 108 System Monitor > WLAN Station Status LABEL DESCRIPTION SNR (Signal-to-Noise Ratio) measures the strength of the wireless LAN signal and the background noise on the line. The greater the number, the better the quality of the wireless LAN. The normal range is 15 to 40.
Page 250: Cellular Statistics
Chapter 29 Cellular Statistics H A P T E R Cellular Statistics 29.1 Overview Use the Cellular Statistics screens to look at Cellular Internet connection status. 29.2 The Cellular Statistics Screen To open this screen, click System Monitor > Cellular Statistics. The Cellular status is available on this screen only when you insert a compatible Cellular dongle in a USB port on the VMG.
Page 251 Chapter 29 Cellular Statistics The following table describes the labels in this screen. Table 109 System Monitor > Cellular Statistics LABEL DESCRIPTION Refresh Interval Select how often you want the VMG to update this screen. Select No Refresh to stop refreshing. Cellular Status This field displays the status of the Cellular Internet connection.
Page 252: System
H A P T E R System 30.1 Overview In the System screen, you can name your VMG (Host) and give it an associated domain name for identification purposes. 30.2 The System Screen Click Maintenance > System to open the following screen. Figure 141 Maintenance >...
Page 253: User Account
H A P T E R User Account 31.1 Overview In the User Account screen, you can view the settings of the “admin” and other user accounts that you used to log in the VMG. 31.2 The User Account Screen Click Maintenance >...
Page 254: The User Account Add/Edit Screen
Chapter 31 User Account 31.2.1 The User Account Add/Edit Screen Click Add New Account or the Edit icon of an existing account in the Maintenance > User Account to open the following screen. Figure 143 Maintenance > User Account > Add/Edit The following table describes the labels in this screen.
Page 255: Remote Management
H A P T E R Remote Management 32.1 Overview Remote management controls through which interface(s), which services can access the VMG. Note: The VMG is managed using the Web Configurator. 32.2 The Remote MGMT Screen Use this screen to configure through which interface(s), which services can access the VMG. You can also specify the port numbers the services must use to connect to the VMG.
Page 256: The Trust Domain Screen
Chapter 32 Remote Management The following table describes the fields in this screen. Table 113 Maintenance > Remote MGMT LABEL DESCRIPTION WAN Interface Select Any_WAN to have the VMG automatically activate the remote management service used for services when any WAN connection is up. Select Multi_WAN and then select one or more WAN connections to have the VMG activate the remote management service when the selected WAN connections are up.
Page 257: The Add Trust Domain Screen
Chapter 32 Remote Management Table 114 Maintenance > Remote MGMT > Trust Domain (continued) LABEL DESCRIPTION IP Address This field shows a trusted host IP address. Delete Click the Delete icon to remove the trust IP address. 32.4 The Add Trust Domain Screen Use this screen to configure a public IP address which is allowed to access the VMG.
Page 258: Snmp
H A P T E R SNMP 33.1 Overview This chapter explains how to configure the SNMP settings on the VMG. 33.2 The SNMP Screen Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Your VMG supports SNMP agent functionality, which allows a manager station to manage and monitor the VMG through the network.
Page 259 Chapter 33 SNMP SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: • Get - Allows the manager to retrieve an object variable from the agent. •...
Page 260: Time Settings
H A P T E R Time Settings 34.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 34.2 The Time Screen To change your VMG’s time and date, click Maintenance > Time. The screen appears as shown. Use this screen to configure the VMG’s time based on your local time zone.
Page 261 Chapter 34 Time Settings The following table describes the fields in this screen. Table 117 Maintenance > Time LABEL DESCRIPTION Current Date/Time Current Time This field displays the time of your VMG. Each time you reload this page, the VMG synchronizes the time with the time server. Current Date This field displays the date of your VMG.
Page 262: E-Mail Notification
H A P T E R E-mail Notification 35.1 Overview A mail server is an application or a computer that runs such an application to receive, forward and deliver e-mail messages. To have the VMG send reports, logs or notifications via e-mail, you must specify an e-mail server and the e-mail addresses of the sender and receiver.
Page 263: Email Notification Edit
Chapter 35 E-mail Notification 35.2.1 Email Notification Edit Click the Add button in the Email Notification screen. Use this screen to configure the required information for sending e-mail via a mail server. Figure 151 Email Notification > Add The following table describes the labels in this screen. Table 119 Email Notification >...
Page 264: Log Setting
H A P T E R Log Setting 36.1 Overview You can configure where the VMG sends logs and which logs and/or immediate alerts the VMG records in the Logs Setting screen. 36.2 The Log Settings Screen To change your VMG’s log settings, click Maintenance > Logs Setting. The screen appears as shown. Figure 152 Maintenance >...
Page 265: Example E-Mail Log
Chapter 36 Log Setting The following table describes the fields in this screen. Table 120 Maintenance > Logs Setting LABEL DESCRIPTION Syslog Setting Syslog Logging The VMG sends a log to an external syslog server. Select Enable to enable syslog logging. Mode Select the syslog destination from the drop-down list box.
Page 266 Chapter 36 Log Setting Figure 153 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP src port:00520 dest port:00520 |<1,00> 2|Apr 7 00 |From:192.168.1.131 To:192.168.1.255 |default policy |forward...
Page 267: Firmware Upgrade
H A P T E R Firmware Upgrade 37.1 Overview This chapter explains how to upload new firmware to your VMG. You can download new firmware releases from your nearest Zyxel FTP site (or www.zyxel.com) to use to upgrade your device’s performance.
Page 268 Chapter 37 Firmware Upgrade The following table describes the labels in this screen. After you see the firmware updating screen, wait two minutes before logging into the VMG again. Table 121 Maintenance > Firmware Upgrade LABEL DESCRIPTION Upgrade Firmware Restore Click the check box to have the VMG automatically reset itself after the new firmware is Default uploaded.
Page 269 Chapter 37 Firmware Upgrade Figure 157 Error Message VMG3925-B10C/B30C User’s Guide...
Page 270: Backup Restore
H A P T E R Backup Restore 38.1 Overview The Backup Restore screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 38.2 The Backup Restore Screen Click Maintenance > Backup Restore. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Page 271 Chapter 38 Backup Restore Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your VMG. Table 122 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Choose File to find it. Choose File Click this to find the file you want to upload.
Page 272: The Reboot Screen
Chapter 38 Backup Restore Figure 161 Reset Warning Message Figure 162 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your VMG. Refer to Section 1.4.6 on page 25 for more information on the RESET button.
Page 273: Diagnostic
H A P T E R Diagnostic 39.1 Overview The Diagnostic screens display information to help you identify problems with the VMG. The route between a CO VDSL switch and one of its CPE may go through switches owned by independent organizations.
Page 274: Ping & Traceroute & Nslookup
Chapter 39 Diagnostic 39.3 Ping & TraceRoute & NsLookup Use this screen to ping, traceroute, or nslookup an IP address. Click Maintenance > Diagnostic > Ping&TraceRoute&NsLookup to open the screen shown next. Figure 164 Maintenance > Diagnostic > Ping &TraceRoute&NsLookup The following table describes the fields in this screen.
Page 275 Chapter 39 Diagnostic Figure 165 Maintenance > Diagnostic > 802.1ag The following table describes the fields in this screen. Table 124 Maintenance > Diagnostic > 802.1ag LABEL DESCRIPTION 802.1ag Connectivity Fault Management IEEE 802.1ag Select Enable or Disable to activate or deactivate the IEEE802.1ag CFM (Connectivity Fault Management) specification, which allows network administrators to identify manage connection faults.
Page 276 Chapter 39 Diagnostic Table 124 Maintenance > Diagnostic > 802.1ag (continued) LABEL DESCRIPTION Select Enable to continue sending MEP information by CCM (Connectivity Check Messages). When CCMs are received the VMG will always process it, no matter if CCM is enabled or not. Remote MEP ID Enter the remote Maintenance Endpoint Identifier (1~8191).
Page 277: Oam Ping
Chapter 39 Diagnostic The following table describes the labels in this screen. Table 125 Maintenance > Diagnostics > 802.3ah LABEL DESCRIPTION IEEE 802.3ah Ethernet OAM Select Enable or Disable to activate or deactivate the Ethernet OAM on the specified interface. Interface Select the interface on which you want to enable the IEEE802.3ah.
Page 278 Chapter 39 Diagnostic Figure 167 Virtual Circuit Topology Think of a virtual path as a cable that contains a bundle of wires. The cable connects two points and wires within the cable provide individual circuits between the two points. In an ATM cell header, a VPI (Virtual Path Identifier) identifies a link formed by a virtual path;...
Page 279 Chapter 39 Diagnostic Figure 168 Maintenance > Diagnostic > OAM Ping The following table describes the fields in this screen. Table 126 Maintenance > Diagnostic > OAM Ping LABEL DESCRIPTION Select a PVC on which you want to perform the loopback test. F4 segment Press this to perform an OAM F4 segment loopback test.
Page 280: Troubleshooting
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • VMG Access and Login • Internet Access •...
Page 281: Vmg Access And Login
Chapter 40 Troubleshooting If the problem continues, contact the vendor. 40.2 VMG Access and Login I forgot the IP address for the VMG. The default LAN IP address is 192.168.1.1. If you changed the IP address and have forgotten it, you might get the IP address of the VMG by looking up the IP address of the default gateway for your computer.
Page 282: Internet Access
Chapter 40 Troubleshooting If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions • Make sure you have logged out of any earlier management sessions using the same user account even if they were through a different interface or using a different browser. •...
Page 283 Chapter 40 Troubleshooting Make sure you entered your ISP account information correctly in the Network Setting > Broadband screen. These fields are case-sensitive, so make sure [Caps Lock] is not on. If you are trying to access the Internet wirelessly, make sure that you enabled the wireless LAN in the VMG and your wireless client and that the wireless settings in the wireless client are the same as the settings in the VMG.
Page 284: Wireless Internet Access
Chapter 40 Troubleshooting If you set up a WAN connection using bridging service, make sure you turn off the DHCP feature in the LAN screen to have the clients get WAN IP addresses directly from your ISP’s DHCP server. I cannot connect to the Internet using a cellular connection. The DSL and Ethernet connections have priority in that order.
Page 285: Usb Device Connection
Chapter 40 Troubleshooting • Place the AP where there are minimum obstacles (such as walls and ceilings) between the AP and the wireless client. • Reduce the number of wireless clients connecting to the same AP simultaneously, or add additional APs if necessary.
Page 286 Chapter 40 Troubleshooting The Local Area Connection icon for UPnP disappears in the screen. Restart your computer. VMG3925-B10C/B30C User’s Guide...
Page 287: Appendices
Appendices Appendices contain general information. Some information may not apply to your device.
Page 288: Appendix A Customer Support
• Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • Zyxel Communications Corporation • http://www.zyxel.com Asia China • Zyxel Communications (Shanghai) Corp. Zyxel Communications (Beijing) Corp. Zyxel Communications (Tianjin) Corp. • http://www.zyxel.cn India • Zyxel Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
Page 289 • Zyxel Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • Zyxel Communications Corporation • http://www.zyxel.com/tw/zh/ Thailand • Zyxel Thailand Co., Ltd • http://www.zyxel.co.th Vietnam • Zyxel Communications Corporation-Vietnam Office • http://www.zyxel.com/vn/vi Europe Austria • Zyxel Deutschland GmbH • http://www.zyxel.de Belarus • Zyxel BY • http://www.zyxel.by...
Page 290 Appendix A Customer Support Belgium • Zyxel Communications B.V. • http://www.zyxel.com/be/nl/ • http://www.zyxel.com/be/fr/ Bulgaria • Zyxel България • http://www.zyxel.com/bg/bg/ Czech Republic • Zyxel Communications Czech s.r.o • http://www.zyxel.cz Denmark • Zyxel Communications A/S • http://www.zyxel.dk Estonia • Zyxel Estonia • http://www.zyxel.com/ee/et/ Finland •...
Page 291 • Zyxel Communications Poland • http://www.zyxel.pl Romania • Zyxel Romania • http://www.zyxel.com/ro/ro Russia • Zyxel Russia • http://www.zyxel.ru Slovakia • Zyxel Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • Zyxel Communications ES Ltd • http://www.zyxel.es Sweden • Zyxel Communications • http://www.zyxel.se Switzerland •...
Page 292 Appendix A Customer Support • http://www.zyxel.ch/ Turkey • Zyxel Turkey A.S. • http://www.zyxel.com.tr • Zyxel Communications UK Ltd. • http://www.zyxel.co.uk Ukraine • Zyxel Ukraine • http://www.ua.zyxel.com Latin America Argentina • Zyxel Communication Corporation • http://www.zyxel.com/ec/es/ Brazil • Zyxel Communications Brasil Ltda.
Page 293 Appendix A Customer Support North America • Zyxel Communications, Inc. - North America Headquarters • http://www.zyxel.com/us/en/ Oceania Australia • Zyxel Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za VMG3925-B10C/B30C User’s Guide...
Page 294: Appendix B Wireless Lans
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C).
Page 295 Appendix B Wireless LANs Figure 170 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).
Page 296 Appendix B Wireless LANs Figure 171 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference.
Page 297 Appendix B Wireless LANs Figure 172 RTS/CTS Note: Stations cannot hear each other. They can hear the AP. When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 298 Appendix B Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard.
Page 299 Appendix B Wireless LANs • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the wireless clients.
Page 300 Appendix B Wireless LANs In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.
Page 301 Appendix B Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 302 Appendix B Wireless LANs wireless gateway and wireless client. As long as the passwords match, a wireless client will be granted access to a WLAN. If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not.
Page 303 Appendix B Wireless LANs Key caching allows a wireless client to store the PMK it derived through a successful authentication with an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again.
Page 304 Appendix B Wireless LANs WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. First enter identical passwords into the AP and all wireless clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). The AP checks each wireless client's password and allows it to join the network only if the password matches.
Page 305 Appendix B Wireless LANs Table 130 Wireless Security Relational Matrix (continued) AUTHENTICATION METHOD/ ENCRYPTION ENTER MANUAL KEY MANAGEMENT IEEE 802.1X METHOD PROTOCOL WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air.
Page 306 Appendix B Wireless LANs • Directional antennas concentrate the RF signal in a beam, like a flashlight does with the light from its bulb. The angle of the beam determines the width of the coverage pattern. Angles typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for hallways and outdoor point-to-point applications.
Page 307: Appendix C Ipv6
P P E N D I X IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 IP addresses.
Page 308 Appendix C IPv6 Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address. It is similar to “0.0.0.0” in IPv4. Loopback Address A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to “127.0.0.1” in IPv4.
Page 309 Appendix C IPv6 Table 133 Reserved Multicast Address (continued) MULTICAST ADDRESS FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
Page 310 Appendix C IPv6 does not respond, the client sends a Rebind message to any available server (S2). For an IA_TA, the client may send a Renew or Rebind message at the client's discretion. Renew Renew Renew Rebind to S1 to S1 to S1 to S2 Renew...
Page 311 Appendix C IPv6 • Router solicitation: A request from a host to locate a router that can act as the default router and forward packets. • Router advertisement: A response to a router solicitation or a periodical multicast advertisement from a router to advertise its presence and other parameters.
Page 312 Appendix C IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses.
Page 313 Appendix C IPv6 Click Start and then OK. Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer.
Page 314 Appendix C IPv6 Click Close to exit the Local Area Connection Status screen. Select Start > All Programs > Accessories > Command Prompt. Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:...
Page 315: Appendix D Services
P P E N D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.
Page 316 Appendix D Services Table 134 Examples of Services NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined The IPSEC AH (Authentication Header) tunneling protocol uses this service. 5190 AOL’s Internet Messenger service. AUTH Authentication protocol used by some servers. Border Gateway Protocol. BOOTP_CLIENT DHCP Client.
Page 317 Appendix D Services Table 134 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments. NNTP Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.
Page 318 Appendix D Services Table 134 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TACACS Login Host Protocol used for (Terminal Access Controller Access Control System). TELNET Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks.
Page 319: Appendix E Legal Information
The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of Zyxel Communications Corporation. Published by Zyxel Communications Corporation. All rights reserved.
Page 320 Appendix E Legal Information Industry Canada RSS-GEN & RSS-247 statement • This device complies with Industry Canada license-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of the device.
Page 321 Appendix E Legal Information • the 5,470 MHz to 5,725 MHz is 939.72 mW. Български С настоящото Zyxel декларира, че това оборудване е в съответствие със съществените изисквания и другите (Bulgarian) приложими разпоредбите на Директива 2014/53/ЕC. National Restrictions • The Belgian Institute for Postal Services and Telecommunications (BIPT) must be notified of any outdoor wireless link having a range exceeding 300 meters.
Page 322 Appendix E Legal Information Română Prin prezenta, Zyxel declară că acest echipament este în conformitate cu cerinţele esenţiale şi alte prevederi relevante ale (Romanian) Directivei 2014/53/UE. Slovenčina Zyxel týmto vyhlasuje, že zariadenia spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 2014/53/EÚ. (Slovak) Slovenščina Zyxel izjavlja, da je ta oprema v skladu z bistvenimi zahtevami in ostalimi relevantnimi določili direktive 2014/53/EU.
Page 323 Appendix E Legal Information • CAUTION: Risk of explosion if battery is replaced by an incorrect type, dispose of used batteries according to the instruction. Dispose them at the applicable collection point for the recycling of electrical and electronic devices. For detailed information about recycling of this product, please contact your local city office, your household waste disposal service or the store where you purchased the product.
Page 324 Appendix E Legal Information 台灣以下訊息僅適用於產品具有無線功能且銷售至台灣地區 • 第十二條經型式認證合格之低功率射頻電機，非經許可，公司，商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。 • 第十四條低功率射頻電機之使用不得影響飛航安全及干擾合法通信；經發現有干擾現象時，應立即停用，並改善至無干擾時方得繼續使用。前項合法通信，指依電信法規定作業之無線電通信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 • 無線資訊傳輸設備忍受合法通信之干擾且不得干擾合法通信；如造成干擾，應立即停用，俟無干擾之虞，始得繼續使用。 • 無線資訊傳設備的製造廠商應確保頻率穩定性，如依製造廠商使用手冊上所述正常操作，發射的信號應維持於操作頻帶中以下訊息僅適用於產品操作於 5.25-5.35 秭赫頻帶內並銷售至台灣地區 • 在 5.25-5.35 秭赫頻帶內操作之無線資訊傳輸設備，限於室內使用。以下訊息僅適用於產品屬於專業安裝並銷售至台灣地區 • 本器材須經專業工程人員安裝及設定，始得設置使用，且不得直接販售給一般消費者。安全警告 - 為了您的安全，請先閱讀以下警告及指示 : • 請勿將此產品接近水、火焰或放置在高溫的環境。 • 避免設備接觸 : - 任何液體...
Page 325 Appendix E Legal Information Explanation of the Symbols SYMBOL EXPLANATION Alternating current (AC): AC is an electric current in which the flow of electric charge periodically reverses direction. Direct current (DC): DC if the unidirectional flow or movement of electric charge carriers. Earth;...
Page 326: Index
Index Index ACL rule 226, 300 activation Canonical Format Indicator See CFI firewalls CCMs media server certificate SIP ALG factory default SSID Certificate Authority Address Resolution Protocol See CA. administrator password certificates antenna authentication directional gain creating omni-directional public key AP (access point) replacing storage space...
Page 327 Index copyright e-mail log example Encapsulation CoS technologies creating certificates PPP over Ethernet CTS (Clear to Send) encapsulation CTS threshold 111, 117 RFC 1483 customer support encryption 119, 302 Extended Service Set IDentification 102, 106 Extended Service Set, See ESS data fragment threshold 111, 117 DDoS...
Page 328 Index iTunes server IBSS ICMPv6 IEEE 802.11g IEEE 802.1Q client list DHCP 129, 142 IGMP 129, 142 multicast group list 192, 244, 245 IP address 129, 130, 143 version MAC address IGMP Fast Leave status IGMPv2 subnet mask 129, 130, 143 IGMPv3 LAN to LAN multicast LAND attack...
Page 329 Index passwords media server activation Peak Cell Rate (PCR) iTunes server Per-Hop Behavior, see PHB PIN, WPS MLDv1 example MLDv2 Ping of Death MTU (Multi-Tenant Unit) Point-to-Point Tunneling Protocol, see PPTP multicast POP3 Multicast Listener Discovery, see MLD port forwarding Multiple BSS, see MBSSID ports multiplexing...
Page 330 Index restoring configuration activation MBSSID RFC 1058. See RIP. static route RFC 1389. See RIP. 145, 151, 262 configuration 146, 148, 189 RFC 1483 example RFC 3164 static VLAN status router features firmware version Routing Information Protocol. See RIP RTS (Request To Send) threshold 296, 297 wireless LAN...
Page 331 Index example channel unicast encryption Universal Plug and Play, see UPnP example upgrading firmware fragmentation threshold 111, 117 UPnP limitations cautions MAC address filter NAT traversal MBSSID USB features preamble 112, 117 RADIUS server RTS/CTS threshold 111, 117 security SSID activation Vendor ID status...
Page 332 Index 121, 123 example limitations example push button 24, 121 ZyXEL Family Safety page VMG3925-B10C/B30C User’s Guide...

This manual is also suitable for:

Vmg3925-b10c

ZyXEL Communications VMG3925-B30C User Manual

Chapter 1 Introducing the VMG

Chapter 3 Quick Start

Chapter 4 Tutorials

Chapter 6 Broadband

Chapter 7 Wireless

Chapter 8 Home Networking

Chapter 9 Routing

Chapter 10 Quality of Service (Qos)

Chapter 12 Dynamic DNS Setup

Chapter 13 IGMP/MLD

Chapter 14 Vlan Group

Chapter 15 Interface Group

Chapter 16 USB Service

Chapter 17 Firewall

Chapter 18 MAC Filter

Chapter 19 Parental Control

Chapter 20 Scheduler Rule

Chapter 21 Certificates

Chapter 22 Log

Chapter 23 Traffic Status

Chapter 24 ARP Table

Chapter 25 Routing Table

Chapter 26 Multicast Status

Chapter 27 Xdsl Statistics

Chapter 28 WLAN Station Status

Chapter 29 Cellular Statistics

Chapter 30 System

Chapter 31 User Account

Chapter 32 Remote Management

Chapter 33 SNMP

Chapter 34 Time Settings

Chapter 35 E-Mail Notification

Quick Links

Related Manuals for ZyXEL Communications VMG3925-B30C

Summary of Contents for ZyXEL Communications VMG3925-B30C