Page 2
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in product features or web configurator brand style.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this guide. Warnings tell you about things that could harm you or your Zyxel Device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations.
Table of Contents Table of Contents Document Conventions ........................3 Contents Overview ..........................4 Table of Contents ..........................6 Part I: User’s Guide..................18 Chapter 1 Introducing the Zyxel Device ......................19 1.1 Overview ............................19 1.1.1 Multi-Gigabit Ethernet ......................22 1.2 Example Applications ........................23 1.2.1 Internet Access ........................
Page 7
Table of Contents Chapter 3 Web Configurator..........................56 3.1 Overview ............................56 3.1.1 Access the Web Configurator ..................... 56 3.2 Web Configurator Layout ......................58 3.2.1 Settings Icon .......................... 58 Chapter 4 Quick Start ............................67 4.1 Overview ............................67 4.2 Quick Start Setup ..........................67 4.3 Quick Start Setup –...
Page 8
Table of Contents 5.7.1 Upgrading the Firmware ....................109 5.7.2 Backing up the Device Configuration ................109 5.7.3 Restoring the Device Configuration ................. 110 Chapter 6 App Tutorials.............................112 6.1 Overview ............................112 6.2 What You Can Do ........................112 6.3 MPro Mesh Network ........................113 6.4 General WiFi Settings ........................
Page 9
Table of Contents 8.2.1 Add or Edit Internet Connection ..................151 8.3 Broadband Settings for Ethernet, AON and PON Routers ............159 8.3.1 Add or Edit Internet Connection ..................160 8.4 Cellular Backup ..........................167 8.5 Broadband Advanced Screen ....................173 8.6 Technical Reference ........................
Page 10
Table of Contents 10.5 LAN Additional Subnet ....................... 222 10.6 STB Vendor ID ..........................224 10.7 Wake on LAN ..........................225 10.8 TFTP Server Name ........................225 10.9 Technical Reference ........................226 10.9.1 DHCP Setup ........................227 10.9.2 DNS Server Addresses ....................... 227 10.9.3 LAN TCP/IP .........................
Page 11
Table of Contents 13.1.1 What You Can Do in this Chapter ................... 266 13.1.2 What You Need To Know ....................266 13.2 Port Forwarding ........................... 267 13.2.1 Port Forwarding ......................... 267 13.2.2 Add or Edit Port Forwarding ..................... 268 13.3 Port Triggering ..........................270 13.3.1 Add or Edit Port Triggering Rule ..................
Page 12
Table of Contents 17.1 Interface Grouping Overview ....................293 17.1.1 What You Can Do in this Chapter ................... 293 17.2 Interface Grouping ........................293 17.2.1 Interface Group Configuration ..................294 17.2.2 Interface Grouping Criteria ..................... 298 Chapter 18 USB Service ............................300 18.1 USB Service Overview ........................
Page 13
Table of Contents 21.2 Home Security ..........................320 Chapter 22 Parental Control ..........................322 22.1 Parental Control Overview ......................322 22.2 Parental Control Schedule ......................322 22.2.1 Add or Edit a Parental Control Profile ................323 22.2.2 Define a Schedule ......................324 22.2.3 Parental Control Scheduled Profile .................
Page 14
Table of Contents 25.5 Phone ............................353 25.5.1 Phone Device ........................353 25.5.2 Phone Device Edit ......................354 25.6 Phone Region ..........................355 25.7 Call Rule ............................356 25.8 Call History ........................... 357 Chapter 26 Log ..............................359 26.1 Log Overview ..........................359 26.1.1 What You Can Do in this Chapter ...................
Page 15
Table of Contents Chapter 32 xDSL Statistics ...........................376 32.1 Overview ............................. 376 32.2 xDSL Statistics ..........................376 Chapter 33 WLAN Station Status .........................379 33.1 WLAN Station Status Overview ....................379 Chapter 34 Cellular Statistics ..........................381 34.1 Cellular Statistics Overview ......................381 34.2 Cellular Statistics Settings ......................
Page 17
Table of Contents 45.5 WiFi Problems ..........................423 45.6 USB Problems ..........................424 45.7 UPnP Problems ..........................424 Appendix A Customer Support ..................... 425 Appendix B Wireless LANs....................... 430 Appendix C IPv6..........................443 Appendix D Services ........................449 Appendix E Legal Information ....................... 453 Index ..............................460 AX/DX/EX/PX Series User’s Guide...
H A P T E R Introducing the Zyxel Device 1.1 Overview The Zyxel Device refers to these models as outlined below. • AX7501-B0 • EX3300-T0 • EX5501-B0 • PX7501-B0 • DX3300-T0 • EX2210-T0 • EX5600-T1 • DX3301-T0 • EX3301-T0 •...
Page 20
Chapter 1 Introducing the Zyxel Device Table 1 Zyxel Device Comparison Table (continued) AX7501-B0 DX3300-T0 DX3301-T0 DX5301-B2 DX5301-B3 DX5401-B0 Parental Control URL Filter Home Security URL filter MPro Mesh Extender Support 2.5 Gbe WAN 2.5 Gbe LAN 10 Gbe LAN 1G AON (SFP) 1G Ethernet (SFP)
Page 21
Chapter 1 Introducing the Zyxel Device Table 2 Zyxel Device Comparison Table (continued) EX3300-T0 EX2210-T0 EX3301-T0 EX5300-B3 EX5301-B3 EX5401-B0 EX5501-B0 MPro Mesh Extender Support 2.5 Gbe WAN 2.5 Gbe LAN 10 Gbe LAN 1G AON (SFP) 1G Ethernet (SFP) 2.5G GPON (SFP) 10G AON (SFP) 10G Ethernet...
Chapter 1 Introducing the Zyxel Device Table 3 Zyxel Device Comparison Table (continued) EX5600-T1 EX5601-T0 EX5601-T1 PX7501-B0 1G AON (SFP) 1G Ethernet (SFP) 2.5G GPON (SFP) 10G AON (SFP) 10G Ethernet (SFP) 10G XGPON (SFP+) USB Port for USB 3.0 USB 3.0 USB 3.0 USB 3.0...
Chapter 1 Introducing the Zyxel Device Figure 1 Multi-Gigabit Application See the following table for the cables required and distance limitation to attain the corresponding speed. Table 4 Ethernet Cable Types CABLE TRANSMISSION SPEED MAXIMUM DISTANCE BANDWIDTH CAPACITY Category 5 100 Mbps 100 m 100 MHz...
Chapter 1 Introducing the Zyxel Device • connecting the SFP port to your ISP with an Ethernet or fiber optic cable through an SFP transceiver. For Zyxel Devices that support both DSL/Ethernet WAN port and SFP port, see Section 1.2.2 on page 24 for WAN connection priority.
Chapter 1 Introducing the Zyxel Device 1.2.3 Dual-Band WiFi By default, WiFi is enabled on the Zyxel Device. IEEE 802.11a/b/g/n/ac/ax compliant clients can wirelessly connect to the Zyxel Device to access network resources. The Zyxel Device is a dual-band gateway that can use both 2.4G and 5G networks at the same time. You could use the 2.4 GHz band for regular Internet surfing and downloading while using the 5 GHz band for time sensitive traffic like high-definition video, music, and gaming.
Chapter 1 Introducing the Zyxel Device 1.2.4 VoIP Applications The Zyxel Device’s VoIP function allows you to register up to two SIP (Session Initiation Protocol) accounts and use the Zyxel Device to make and receive VoIP telephone calls. The Zyxel Device sends your call to a VoIP service provider’s SIP server which forwards the calls to either VoIP or PSTN phones.
Page 27
Chapter 1 Introducing the Zyxel Device File Sharing Use the built-in USB 3.0 port to share files on a USB memory stick or a USB hard drive (A). Use FTP to access the files on the USB device. Figure 8 USB File Sharing Application Media Server You can also use the Zyxel Device as a media server.
Chapter 1 Introducing the Zyxel Device 1.3 Ways to Manage the Zyxel Device Use any of the following methods to manage the Zyxel Device. • Web Configurator. This is recommended for management of the Zyxel Device using a (supported) web browser. •...
H A P T E R Hardware 2.1 Hardware This section describes the front and rear panels for each model. If your model is not shown here, refer to the Zyxel Device’s Quick Start Guides to see the product drawings and how to make the hardware connections.
Page 30
Chapter 2 Hardware Table 5 LED Descriptions (AX7501, EX5501 and PX7501) (continued) COLOR STATUS DESCRIPTION 2.5G WAN Blue The Zyxel Device has a successful 2.5 Gbps Ethernet connection on the WAN. Green The Zyxel Device has a successful 1 Gbps Ethernet connection on the WAN. The Zyxel Device does not have an Ethernet connection with the WAN.
Page 31
Chapter 2 Hardware Table 5 LED Descriptions (AX7501, EX5501 and PX7501) (continued) COLOR STATUS DESCRIPTION WiFi 2.4G Green The 2.4G wireless network is activated. Blinking The Zyxel Device is communicating with 2.4G WiFi clients. Note: For AON and PON routers only; see Section 1.1 on page 19 for more information.
Chapter 2 Hardware 2.2.2 DX3300-T0, EX3300-T0, EX2210-T0, DX3301-T0 and EX3301-T0 Figure 12 LED Indicators (DX3300-T0 / DX3301-T0 / EX3300-T0 / EX2210-T0 / EX3301-T0) The following are the LED descriptions for your DX3300-T0 / EX3300-T0/ EX2210-T0. Table 6 LED Descriptions (DX3300-T0 / EX3300-T0/ EX2210-T0) COLOR STATUS DESCRIPTION...
Page 33
Chapter 2 Hardware Table 6 LED Descriptions (DX3300-T0 / EX3300-T0/ EX2210-T0) COLOR STATUS DESCRIPTION Internet Green The Zyxel Device has an IP connection but no traffic. Your device has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up.
Page 34
Chapter 2 Hardware Table 7 LED Descriptions (DX3301-T0 / EX3301-T0) (continued) COLOR STATUS DESCRIPTION Internet Green The Zyxel Device has an IP connection but no traffic. Your device has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up.
Chapter 2 Hardware 2.2.3 DX5301-B2/B3, EX5300-B3 and EX5301-B3 Figure 13 LED Indicators (DX5301-B2 / DX5301-B3 / EX5301-B3) AX/DX/EX/PX Series User’s Guide...
Page 36
Chapter 2 Hardware Figure 14 LED Indicators (EX5300-B3) The following are the LED descriptions for your DX5301-B2/B3, EX5300-B3 and EX5301-B3. Table 8 LED Descriptions (DX5301-B2/B3, EX5300-B3 and EX5301-B3) COLOR STATUS DESCRIPTION POWER Green The Zyxel Device is receiving power and ready for use. Blinking The Zyxel Device is self-testing.
Page 37
Chapter 2 Hardware Table 8 LED Descriptions (DX5301-B2/B3, EX5300-B3 and EX5301-B3) (continued) COLOR STATUS DESCRIPTION DX5301-B3 Green The DSL or Ethernet WAN port is connected successfully. Note: Ethernet WAN connection has priority over DSL connection. The DSL port will be disabled if the Ethernet WAN link is up.
Chapter 2 Hardware 2.2.4 DX5401-B0 and EX5401-B0 Figure 15 LED Indicators (DX5401-B0 / EX5401-B0) Note: The phone LED is for the Zyxel Device with phone ports only; see Section 1.1 on page 19 for more information. The following are the LED descriptions for your DX5401-B0 / EX5401-B0. Table 9 LED Descriptions (DX5401-B0 / EX5401-B0) COLOR STATUS...
Page 39
Chapter 2 Hardware Table 9 LED Descriptions (DX5401-B0 / EX5401-B0) (continued) COLOR STATUS DESCRIPTION Internet Green The Zyxel Device has an IP connection but no traffic. Your device has a WAN IP address (either static or assigned by a DHCP server), PPP negotiation was successfully completed (if used) and the DSL connection is up.
Chapter 2 Hardware 2.2.5 EX5600-T1, EX5601-T0 and EX5601-T1 Figure 16 LED Indicators (EX5600-T1) AX/DX/EX/PX Series User’s Guide...
Page 41
Chapter 2 Hardware Figure 17 LED Indicators (EX5601-T0) Figure 18 LED Indicators (EX5601-T1) AX/DX/EX/PX Series User’s Guide...
Page 42
Chapter 2 Hardware Note: The Phone LED is for the Zyxel Device with phone ports only; the SFP LED is for the Zyxel Device with an SFP port only; see Section 1.1 on page 19 for more information. The following are the LED descriptions for your EX5600-T1 / EX5601-T0/ EX5601-T1. Table 10 LED Descriptions (EX5600-T1 / EX5601-T0/ EX5601-T1) COLOR STATUS...
Chapter 2 Hardware Table 10 LED Descriptions (EX5600-T1 / EX5601-T0/ EX5601-T1) (continued) COLOR STATUS DESCRIPTION Green The SFP port is connected to the ISP’s ONT and the Zyxel Device is receiving optical signals normally, or the SFP port’s Ethernet WAN connection is up.
Chapter 2 Hardware Table 11 Panel Ports and Buttons (continued) LABEL DESCRIPTION The USB port is used for cellular WAN backup, file-sharing, and media server. LAN1 – LAN4 Connect computers or other Ethernet devices to Ethernet ports for Internet access. 2.5G LAN 10G LAN PHONE1/2...
Chapter 2 Hardware The following table describes the items on the ports panels of DX3300-T0, DX3301-T0, DX5301-B2/B3, DX5401-B0, EX3300-T0/EX2210-T0, EX3301-T0, EX5300-B3, EX5301-B3 and EX5401-B0. Table 12 Panel Ports and Buttons LABEL DESCRIPTION For DX5301-B3, EX3300-T0/EX2210-T0, EX3301-T0, EX5300-B3, EX5301-B3 and EX5401-B0, connect an Ethernet cable to the WAN port for Internet access.
Page 50
Chapter 2 Hardware Figure 32 EX5601-T0/EX5601-T1 Note: See Section 1.1 on page 19 to see if your Zyxel Device supports the SFP port. AX/DX/EX/PX Series User’s Guide...
Page 51
Chapter 2 Hardware Figure 33 EX5600-T1/EX5601-T0/EX5601-T1 Side Panels AX/DX/EX/PX Series User’s Guide...
Page 52
Chapter 2 Hardware The following table describes the items on the ports panels of EX5600-T1, EX5601-T0, and EX5601-T1. Table 13 Panel Ports and Buttons LABEL DESCRIPTION 2.5G WAN For EX5600-T1 and EX5601-T1, connect an Ethernet cable to the 2.5G WAN port for an (up to) 2.5 Gbps Ethernet connection.
Page 53
Chapter 2 Hardware Transceiver Installation Use the following steps to install an SFP transceiver. Attach an ESD preventive wrist strap to your wrist and to a bare metal surface. Align the transceiver in front of the slot opening. Make sure the latch is in the lock position (latch styles vary), then insert the transceiver into the slot with the exposed section of PCB board facing down.
Chapter 2 Hardware Note: Make sure the transceiver’s latch is pushed all the way down, so the transceiver can be pulled out successfully. Pull the latch, or use your thumb and index finger to grasp the tabs on both sides of the transceiver, and carefully slide it out of the slot.
Chapter 2 Hardware Table 14 WPS Button Press Duration PRESS MODELS DURATION EX5501-B0 1 second AX7501-B0, DX3300-T0, DX3301-T0, 5 second DX5301-B2/B3, DX5401-B0, EX3300-T0/ EX2210-T0, EX3301-T0, EX5300-B3, EX5301-B3, EX5401-B0, EX5600-T1, EX5601-T0, EX5601-T1 and PX7501-B0 Press the WPS button on another WPS-enabled device within range of the Zyxel Device (within 120 seconds).
H A P T E R Web Configurator 3.1 Overview The Web Configurator is an HTML-based management interface that allows easy system setup and management through Internet browser. Use a browser that supports HTML5, such as Microsoft Edge, Mozilla Firefox, or Google Chrome. The recommended minimum screen resolution is 1024 by 768 pixels. In order to use the Web Configurator you need to allow: •...
Page 57
Chapter 3 Web Configurator Note: The first time you enter the password, you will be asked to change it. Make sure the new password must contain at least one uppercase letter, one lowercase letter and one number. For some models, the password must contain at least one English character and one number.
Chapter 3 Web Configurator 3.2 Web Configurator Layout Figure 42 Screen Layout As illustrated above, the main screen is divided into these parts: • A – Settings Icon (Navigation Panel and Side Bar) • B – Layout Icon • C – Main Window 3.2.1 Settings Icon Click this icon ( to see the side bar and navigation panel.
Page 59
Chapter 3 Web Configurator Figure 43 Side Bar The icons provide the following functions. Table 15 Web Configurator Icons in the Title Bar ICON DESCRIPTION Wizard: Click this icon to open screens where you can configure the Zyxel Device’s time zone and wireless settings.
Page 60
Chapter 3 Web Configurator Use the menu items on the navigation panel to open screens to configure Zyxel Device features. The following tables describe each menu item. Figure 44 Navigation Panel Table 16 Navigation Panel Summary LINK FUNCTION Connection Status Use this screen to configure basic Internet access, wireless settings, and parental control settings.
Page 61
Chapter 3 Web Configurator Table 16 Navigation Panel Summary (continued) LINK FUNCTION Home LAN Setup Use this screen to configure LAN TCP/IP settings, and other advanced Networking properties. Static DHCP Use this screen to assign specific IP addresses to individual MAC addresses.
Page 62
Chapter 3 Web Configurator Table 16 Navigation Panel Summary (continued) LINK FUNCTION Firewall General Use this screen to configure the security level of your firewall. Protocol Use this screen to add Internet services and configure firewall rules. Access Control Use this screen to enable specific traffic directions for network services. Use this screen to activate protection against Denial of Service (DoS) attacks.
Page 63
Chapter 3 Web Configurator Table 16 Navigation Panel Summary (continued) LINK FUNCTION Security Log Use this screen to view all security related events. You can select the level and category of the security events in their proper drop-down list window. Levels include: •...
Page 64
Chapter 3 Web Configurator Table 16 Navigation Panel Summary (continued) LINK FUNCTION Time Time Use this screen to change your Zyxel Device’s time and date. E-mail E-mail Use this screen to configure up to two mail servers and sender addresses Notification Notification on the Zyxel Device.
Page 65
Chapter 3 Web Configurator Click the Widget icon ( ) in the lower left corner to arrange the screen order. Figure 46 Screen Order The following screen appears. Select a block and hold it to move around. Click the Check icon ( ) in the lower left corner to save the changes.
Page 66
Chapter 3 Web Configurator Figure 47 Screen Order AX/DX/EX/PX Series User’s Guide...
H A P T E R Quick Start 4.1 Overview Use the Wizard screens to configure the Zyxel Device’s time zone and wireless settings. Note: See the technical reference chapters for background information on the features in this chapter. 4.2 Quick Start Setup You can click the Wizard icon in the side bar to open the Wizard screens.
Chapter 4 Quick Start Figure 49 Wizard – Time Zone 4.4 Quick Start Setup – Internet Connection Select the Internet connection mode of the Zyxel Device. Click Next to continue. Figure 50 Wizard – Internet 4.4.1 Successful Internet Connection The Zyxel Device has Internet access. Figure 51 Wizard –...
Chapter 4 Quick Start 4.4.2 Unsuccessful Internet Connection The Zyxel Device did not detect a WAN connection. Figure 52 Wizard – Internet Connection is Down 4.5 Quick Start Setup – WiFi Turn WiFi on or off. If you keep it on, record the WiFi Name and Password in this screen so you can configure your WiFi clients to connect to the Zyxel Device.
H A P T E R Tutorials 5.1 Overview This chapter shows you how to use the Zyxel Device’s various features. • Wired Network Setup • WiFi Network Setup • USB Applications • Network Security • Internet Calls • Device Maintenance 5.2 Wired Network Setup This section shows you how to set up a wired connection.
Page 71
Chapter 5 Tutorials In this example, the DSL connection has the following information. General Name MyDSLConnection Type ADSL over ATM Connection Mode Routing Encapsulation PPPoE IPv6/IPv4 Mode IPv4 ATM PVC Configuration VPI/VCI 36/48 Encapsulation Mode LLC/SNAP-Bridging Service Category UBR without PCR Account Information PPP User Name 1234@DSL-Ex.com...
Page 72
Chapter 5 Tutorials Try to connect to a website to see if you have correctly set up your Internet connection. AX/DX/EX/PX Series User’s Guide...
Chapter 5 Tutorials The new connection is displayed on the Broadband screen. 5.2.2 Setting Up an Ethernet Connection If you connect to the Internet through an Ethernet connection, you need to connect a broadband modem or router with Internet access to the WAN Ethernet port on the Zyxel Device. You need to configure the Internet settings from the broadband modem or router on the Zyxel Device.
Page 74
Chapter 5 Tutorials In this example, configure the following information for the Ethernet connection. General Name My ETH Connection Type Ethernet Connection Mode Routing Encapsulation IPoE IPv6/IPv4 Mode IPv4 Only Enter the General settings provided by your Internet service provider. Enter a Name to identify your WAN connection.
Chapter 5 Tutorials Go to the Network Setting > Broadband screen to view the established Ethernet connection. The new connection is displayed on the Broadband screen. 5.3 WiFi Network Setup In this example, you want to set up a WiFi network so that you can use your notebook to access the Internet.
Chapter 5 Tutorials Figure 54 WiFi Network Setup See the label on the Zyxel Device for the WiFi network settings and then connect manually to the Zyxel Device. Alternatively, you can set up a WiFi network using WPS. See Section 5.3.2 on page 5.3.1 Changing Security on a WiFi Network This example changes the default security settings of a WiFi network to the following: SSID...
Page 77
Chapter 5 Tutorials Go to the Wireless > Others screen. Set 802.11 Mode to 802.11b/g/n Mixed, and then click Apply. AX/DX/EX/PX Series User’s Guide...
Chapter 5 Tutorials You can now use the WPS feature to establish a WiFi connection between your notebook and the Zyxel Device (see Section 5.3.2 on page 78). Now use the new security settings to connect to the Internet through the Zyxel Device using WiFi. 5.3.2 Connecting to the Zyxel Device’s WiFi Network Using WPS This section shows you how to connect a WiFi device to the Zyxel Device’s WiFi network using WPS.
Page 79
Chapter 5 Tutorials In Windows 10, click on the Network icon in the system tray to open the list of available WiFi networks. Locate the WiFi network of the Zyxel Device. The default WiFi network name is “Zyxel_XXXX” (2.4G) or “Zyxel_XXXX_5G”...
Page 80
Chapter 5 Tutorials The Zyxel Device sends the WiFi network settings to Windows using WPS. Windows displays “Getting settings from the router”. AX/DX/EX/PX Series User’s Guide...
Page 81
Chapter 5 Tutorials The WiFi device is then able to connect to the WiFi network securely. 5.3.2.2 WPS PIN Configuration The WPS PIN (Personal Identification Number) method is a more secure version of WPS, used by WiFi- enabled devices such as printers. To use this connection method, you need to log into the Zyxel Device’s Web Configurator.
Chapter 5 Tutorials Within 2 minutes, enable WPS on the WiFi device. The Zyxel Device authenticates the WiFi device using the PIN, and then sends the WiFi network settings to the device using WPS. This process may take up to 2 minutes. The WiFi device is then able to connect to the WiFi network securely.
Page 83
Chapter 5 Tutorials • Employees using the General WiFi network group will have access to the local network and the Internet. • Visitors using the Guest WiFi network group with a different SSID and password will have access to the Internet only.
Page 84
Chapter 5 Tutorials Go to the Network Setting > Wireless > Guest/More AP screen. Click the Modify icon to configure the second WiFi network group. On the Guest/More AP screen, click the Modify icon to configure the other Guest WiFi network group. Configure the screen using the provided parameters and click OK.
Page 85
Chapter 5 Tutorials Check the status of Guest in the Guest/More AP screen. A yellow bulb under Status means the SSID is active and ready for WiFi access. AX/DX/EX/PX Series User’s Guide...
Chapter 5 Tutorials 5.3.4 Setting Up Two Guest WiFi Networks on Different WiFi Bands In this example, a company wants to create two Guest WiFi networks: one for the Guest group and the other for the VIP group as shown in the following figure. Each network will have its SSID and security mode to access the internet.
Page 87
Chapter 5 Tutorials Go to the Wireless > Guest/More AP screen and click the Modify icon. The following screen appears. Configure the Security Mode and Password using the provided parameters and click OK. AX/DX/EX/PX Series User’s Guide...
Page 88
Chapter 5 Tutorials The 2.4GHz Guest WiFi network is now configuring. Go to the Wireless > General screen and set Band to 5GHz to configure the 5G Guest WiFi settings for VIP. Click OK. AX/DX/EX/PX Series User’s Guide...
Page 89
Chapter 5 Tutorials Go to the Wireless > Guest/More AP screen and click the Modify icon. The following screen appears. Configure the Security Mode and Password using the provided parameters and click OK. AX/DX/EX/PX Series User’s Guide...
Page 90
Chapter 5 Tutorials The 5G VIP WiFi network is now configured. AX/DX/EX/PX Series User’s Guide...
Chapter 5 Tutorials 5.4 USB Applications This section shows you how to set up a cellular backup network, access shared folders and play files through Window Media using a USB device. 5.4.1 File Sharing This section shows you how to create a shared folder on your Zyxel Device through a USB device and allow others to access the shared folder with File Sharing services.
Page 92
Chapter 5 Tutorials The Add New Share screen appears. Select your USB device from the Volume drop-down list box. Enter a Description name for the added share to identify the device. Click Browse and the Browse Directory screen appears. On the Browse Directory screen, select the folder that you want to add as a share. In this example, select BobShare and then click OK.
Page 93
Chapter 5 Tutorials In Access Level, select Public to let the share to be accessed by all users connected to the Zyxel Device. Otherwise, select Security to let the share to be accessed by specific users to access only. Click OK to save the settings. To set Access level to Security, you need to create one or more users accounts.
Page 94
Chapter 5 Tutorials 5.4.1.2 Accessing Your Shared Files From a Computer You can use Windows Explorer to access the USB storage devices connected to the Zyxel Device. Note: This example shows you how to use Microsoft Windows 10 to browse shared files in a share called (usb1_sda)Zoeys file.
Chapter 5 Tutorials 5.4.2 Using FTP This section shows how to use an FTP program to access files on an USB storage device connected to the Zyxel Device. Note: This example uses the FileZilla FTP program to browse your shared files. In FileZilla, enter the IP address of the Zyxel Device (The default IP is 192.168.1.1), your account’s Username, Password and Port number, and then click Quickconnect.
Page 96
Chapter 5 Tutorials Open the Access Control screen,click Add New Rule to create a rule. Use the following fields to configure and apply a new ACL (Access Control List) rule. AX/DX/EX/PX Series User’s Guide...
Page 97
Chapter 5 Tutorials AX/DX/EX/PX Series User’s Guide...
Chapter 5 Tutorials • Filter Name: Enter a name to identify the firewall rule. • Source IP Address: Enter the IP address of the computer that initializes traffic for the application or service. • Destination IP Address: Enter the IP address of the computer to which traffic for the application or service is entering.
Page 99
Chapter 5 Tutorials 5.5.2.1 Configuring Parental Control Schedule and Filter Parental Control Profile (PCP) allows you to set up a rule for: • Internet usage scheduling. • Websites and URL keyword blocking. Use this feature to: • Limit the days and times a user can access the Internet. •...
Page 100
Chapter 5 Tutorials Add New PCP Screen Go to Parental Control > Add New PCP. Under General: Select Enable to enable the rule you are configuring. Enter the Parental Control Profile Name given in the above parameter. Select an user this rule applies to in Home Network User, then click Add. You will see the MAC address of the user you just select in Rule List.
Page 101
Chapter 5 Tutorials Use the parameter give above to configure the time settings of your schedule. Under Network Service: In Network Service Setting, select Block. Click Add New Service, then use the parameter given above to configure settings for the Internet service you are blocking.
Page 102
Chapter 5 Tutorials Click OK to save your settings. 5.5.2.2 Configuring a Parental Control Schedule Parental Control Profile allows you to set up a schedule rule for Internet usage. Use this feature to limit the days and times a user can access the Internet. This example shows you how to block an user from accessing the Internet during time for studying.
Page 103
Chapter 5 Tutorials Use this screen to edit the Parental Control schedule. Click Add New Schedule to add a second schedule. Use the parameter given above to configure the time settings of your schedules. Click Save to save the settings. AX/DX/EX/PX Series User’s Guide...
Chapter 5 Tutorials 5.5.3 Configuring a MAC Address Filter You can use a MAC address filter to exclusively allow or permanently block someone from the WiFi network. This example shows that computer B is not allowed access to the WiFi network. Figure 55 Configure a MAC Address Filter Example Go to the Security >...
Chapter 5 Tutorials 5.6 Internet Calls This section shows you how to make Internet calls. 5.6.1 Configuring VoIP To make voice calls over the Internet, you must set up a Session Initiation Protocol (SIP) provider and SIP account on the Zyxel Device. You should have an account with a SIP service provider already set up. 5.6.2 Adding a SIP Service Provider Follow the steps below to add a SIP service provider.
Chapter 5 Tutorials Enter SIP Proxy Server Address, SIP REGISTRAR Server Address, and SIP Service Domain provided by your SIP service provider. Click OK to save your settings. 5.6.3 Adding a SIP Account The SIP account must be associated with the SIP service provider configured above. You may configure several SIP accounts for the same service provider.
Chapter 5 Tutorials Under General, select Enable SIP Account, and then enter the SIP Account Number. Under Authentication, enter Username and Password. Leave the other settings as default. Click OK to save your settings. 5.6.4 Configuring a Phone You must now configure the phone port to use the SIP account you just configured. Go to the VoIP >...
Chapter 5 Tutorials Click the Modify icon of PHONE1 to configure PHONE1 on your Zyxel Device. The following screen appears. Under SIP1 SIP Account to Make Outgoing Call, select SIP1 to have the phone connected to the first phone port use the registered SIP1 account to make outgoing calls. Under SIP Account(s) to Receive Incoming Call, select SIP1 to have the phone connected to the first phone port receive phone calls for the SIP1 account.
Chapter 5 Tutorials Pick up the phone receiver. Dial the VoIP phone number you want to call. 5.7 Device Maintenance This section shows you how to upgrade device firmware, back up the device configuration and restore the device to its previous or default settings. 5.7.1 Upgrading the Firmware Upload the router firmware to the Zyxel Device for feature enhancements.
Chapter 5 Tutorials 5.7.3 Restoring the Device Configuration This section shows you how to restore a previously-saved configuration file from your computer to your Zyxel Device. Go to the Maintenance > Backup/Restore screen. Under Restore Configuration, click Browse/Choose File, and then select the configuration file that you want to upload.
Page 111
Chapter 5 Tutorials The Zyxel Device automatically restarts after the configuration file is successfully uploaded. Wait for one minute before logging into the Zyxel Device again. Go to the Connection Status page to check the firmware version after the reboot. AX/DX/EX/PX Series User’s Guide...
H A P T E R App Tutorials 6.1 Overview This shows you how to use the MPro Mesh app to manage the Zyxel Device and the MPro Mesh network. The table below explains the terms used in this chapter: Table 18 Tutorial Terms Definition TERM DEFINITION...
Chapter 6 App Tutorials 6.3 MPro Mesh Network MPro Mesh Network The Zyxel Device supports MPro Mesh to manage your WiFi network. The Zyxel Device can function as a controller to automatically configure WiFi settings on extenders in the network as well as optimize bandwidth usage.
Page 114
Chapter 6 App Tutorials Figure 58 Band Steering Application Network Controller To set up an MPro Mesh network, you need a Zyxel Device that can function as a controller. The controller can be an MPro Mesh Router or an MPro Mesh Extender. The controller manages and coordinates WiFi activity in a network.
Chapter 6 App Tutorials Figure 59 MPro Mesh Network The following table describes the icons used in the figure. Table 19 Icons used in MPro Mesh Network ICON DESCRIPTION Zyxel Device- MPro Mesh Router or Non- MPro Mesh Router Note: Your router must have an Internet connection. Access Point Repeater Client1...
Page 116
Chapter 6 App Tutorials Setting Up General WiFi Follow the steps below to change your general WiFi settings. Tap on WiFi in the navigation panel. Tap on the edit icon ( ) to edit the general WiFi network group SSID and password using the parameters given above.
Chapter 6 App Tutorials QR Code for WiFi Connection 6.5 Locations of the Extenders Follow the steps below to adjust the location of your extenders for a better WiFi signal. Tap on Home in the navigation panel. AX/DX/EX/PX Series User’s Guide...
Chapter 6 App Tutorials Home Look for the extender with a red WiFi icon ( ) in front of it. Move the extender closer to the Zyxel Device. Tap the refresh button at the top right corner ( ) to check the updated status of your extenders. The WiFi icons in front of your extenders should be green ( ) or amber ( ) if they’re placed in appropriate...
Chapter 6 App Tutorials Figure 60 Zyxel Device with a WiFi Connection Configure your non-MPro Mesh Router with an MPro Mesh Extender using a wired connection. Figure 61 Zyxel Device with a Wired Connection 6.6.1 Setting up an MPro Mesh Router and MPro Mesh Extender with a WiFi Connection Follow the steps below to set up your MPro Mesh Router with the Zyxel MPro Mesh Extender.
Chapter 6 App Tutorials Change the default SSID and WiFi key on the MPro Mesh Router; see Section 6.4 on page 115 for more information. After applying changes, you will need to reconnect to the MPro Mesh Router again using the new SSID and WiFi key.
Page 121
Chapter 6 App Tutorials Follow the steps below to set up your Non-MPro Mesh Router with the Zyxel MPro Mesh Extender. Table 22 Devices Role Zyxel Device Non-MPro Mesh Router MPro Mesh Extender Role Internet Access Mesh Network Controller& Repeater/ AP Turn on the router.
Chapter 6 App Tutorials Press the WPS button on the second Zyxel Device Turn off Extender 2 and place it where you need to extend WiFi coverage. Use the app to see if Extender 2 is too far from Extender 1; see Section 6.5 on page 117 for more information.
Page 123
Chapter 6 App Tutorials Tap on the edit icon ( ) to change the model name shown on the app to Home Router. AX/DX/EX/PX Series User’s Guide...
Chapter 6 App Tutorials Change model name Tap the icon to save the changes made. 6.7.2 Devices Screen Use this screen to view WiFi clients that are connected to the MPro Mesh Router or MPro Mesh Extender and their link quality. Stopping a Client from Connecting to Your Network Follow the steps below to stop a specific client named Jane’s Phone from connecting to your MPro Mesh network.
Page 125
Chapter 6 App Tutorials Tap on the icon to show the Device Detail screen. Devices Tap the switch in the Pause Internet field. When the switch goes to the right ( ), the function is enabled. The Jane’s Phone client will not be able to connect to your MPro Mesh network. AX/DX/EX/PX Series User’s Guide...
Chapter 6 App Tutorials 6.7.3 WiFi Screen Use this screen to configure settings for your main WiFi and guest network. You can set up a guest WiFi network for your Zyxel Device. Company A wants to create a different WiFi network group for different types of users as shown in the following figure.
Page 127
Chapter 6 App Tutorials • Visiting guests will use the Guest WiFi network group, which has a different SSID and password. Visiting guests cannot connect to the company network using guest WiFi. Figure 63 Visiting Guests Blocked from Company Network For more information on setting up your general WiFi network group, see Section 6.4 on page 115.
Page 128
Chapter 6 App Tutorials Reconnect your phone to the Zyxel Device WiFi in your phone WiFi setting screen. Then open the MPro Mesh app. Tap on the edit icon ( ) to edit the guest WiFi network group SSID and password using the parameters given above.
Page 129
Chapter 6 App Tutorials WiFi Settings Tap on the ( ) icon to show the QR code. QR Code for WiFi Connection Swipe to the left to see the Share Guest WiFi QR code for connecting to the Zyxel Device guest WiFi. Take a screenshot of the QR code with your phone.
Chapter 6 App Tutorials QR Code for WiFi Connection 6.7.4 Account Screen Use this screen to: • Log out of the app. • View the app version. AX/DX/EX/PX Series User’s Guide...
H A P T E R Connection Status 7.1 Connection Status Overview After you log into the Web Configurator, the Connection Status screen appears. You can configure basic Internet access and wireless settings in this screen. It also shows the network status of the Zyxel Device and computers or devices connected to it.
Page 134
Chapter 7 Connection Status Use the Topology view screen to display an overview of your Mesh network. Figure 66 Connectivity: Connected Devices: Topology View Use the List view screen to view IP addresses and MAC addresses of the WiFi and wired devices connected to the Zyxel Device.
Chapter 7 Connection Status 7.1.2 Icon and Device Name Select an icon and/or enter a name in the Device Name field for a connected device. Click to enable ) Internet Blocking (or Active) for a connected WiFi client. Click Save to save your changes. Figure 68 Connectivity: Edit 7.1.3 System Info Use this screen to view the basic system information of the Zyxel Device.
Page 136
Chapter 7 Connection Status Figure 70 System Info: Detailed Information Each field is described in the following table. Table 24 System Info: Detailed Information LABEL DESCRIPTION Host Name This field displays the Zyxel Device system name. It is used for identification. Model Name This shows the model number of your Zyxel Device.
Page 137
Chapter 7 Connection Status Table 24 System Info: Detailed Information (continued) LABEL DESCRIPTION Memory Usage This displays the current RAM usage percentage. Interface Status Virtual ports are shown here. You can see the ports in use and their transmission rate. WAN Information (These fields display when you have an Ethernet WAN connection.) Name This field displays the name given to the Internet connection.
Chapter 7 Connection Status 7.1.4 WiFi Settings Use this screen to enable or disable the main wireless network. When the switch turns blue ( ), the function is enabled. You can use this screen or the QR code on the upper right corner to check the SSIDs (WiFi network name) and passwords of the main wireless networks.
Chapter 7 Connection Status Table 25 WiFi Settings: Configuration (continued) LABEL DESCRIPTION WiFi Name The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated. Wireless devices associating to the access point (AP) must have the same SSID. Enter a descriptive name (up to 32 English keyboard characters) for the wireless LAN.
Page 140
Chapter 7 Connection Status Figure 74 Guest WiFi Settings: Configuration To assign different SSIDs to the 2.4 GHz and 5 GHz guest wireless networks, clear the Keep 2.4G and 5G the same check box in the WiFi Settings screen, and the Guest WiFi Settings screen will change. Figure 75 Guest WiFi Settings: Different SSIDs Each field is described in the following table.
Chapter 7 Connection Status Table 26 WiFi Settings: Configuration (continued) LABEL DESCRIPTION Random Password Select this option to have the Zyxel Device automatically generate a password. The WiFi Password field will not be configurable when you select this option. Hide WiFi network Select this check box to hide the SSID in the outgoing beacon frame so a station cannot name obtain the SSID through scanning using a site survey tool.
Chapter 7 Connection Status Each field is described in the following table. Table 27 LAN Setup LABEL DESCRIPTION LAN IP Setup IP Address Enter the LAN IPv4 IP address you want to assign to your Zyxel Device in dotted decimal notation, for example, 192.168.1.1 (factory default).
Chapter 7 Connection Status Figure 79 Parental Control Each field is described in the following table. Table 28 Parental Control: Schedule LABEL DESCRIPTION Parental Control Click this switch to enable or disable parental control. When the switch goes to the right ), the function is enabled.
Page 144
Chapter 7 Connection Status Figure 81 Parental Control: Schedule Each field is described in the following table. Table 30 Parental Control: Schedule LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile. Profile Active Click this switch to enable or disable Internet access. When the switch goes to the right the function is enabled.
Page 145
Chapter 7 Connection Status Figure 82 Parental Control: Edit_Delete AX/DX/EX/PX Series User’s Guide...
H A P T E R Broadband 8.1 Overview This chapter discusses the Zyxel Device’s Broadband screens. Use these screens to configure your Zyxel Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
Chapter 8 Broadband Table 31 WAN Setup Overview LAYER-2 INTERNET CONNECTION INTERFACE CONNECTION MODE ENCAPSULATION CONNECTION SETTINGS Ethernet Routing PPPoE PPP user name and password, WAN IPv4/IPv6 IP address, routing feature, DNS server, VLAN, QoS, and MTU IPoE WAN IPv4/IPv6 IP address, NAT, DNS server and routing feature Bridge VLAN Note: This table is for the Ethernet, AON and PON routers.
Page 148
Chapter 8 Broadband If your ISP assigns you a static WAN IP address, they should also assign you the subnet mask and DNS server IP addresses. Asynchronous Transfer Mode (ATM) is a WAN networking technology that provides high-speed data transfer. ATM uses fixed-size packets of information called cells. With ATM, a high QoS (Quality of Service) can be guaranteed.
Page 149
Chapter 8 Broadband IPv6 Rapid Deployment Use IPv6 Rapid Deployment (6rd) when the local network uses IPv6 and the ISP has an IPv4 network. When the Zyxel Device has an IPv4 WAN address and you set IPv6/IPv4 Mode to IPv4 Only, you can enable 6rd to encapsulate IPv6 packets in IPv4 packets to cross the ISP’s IPv4 network.
Chapter 8 Broadband Figure 85 Dual Stack Lite 8.1.3 Before You Begin You need to know your Internet access settings such as encapsulation and WAN IP address. Get this information from your ISP. 8.2 Broadband Settings for DSL Routers Use this screen to change your Zyxel Device’s Internet access settings. The summary table shows you the configured WAN services (connections) on the Zyxel Device.
Chapter 8 Broadband The following table describes the labels in this screen. Table 33 Network Setting > Broadband LABEL DESCRIPTION Add New WAN Click this button to create a new connection. Interface This is the index number of the entry. Name This is the service name of the connection.
Page 152
Chapter 8 Broadband Figure 87 Network Setting > Broadband > Add or Edit New WAN Interface (Routing Mode) AX/DX/EX/PX Series User’s Guide...
Page 153
Chapter 8 Broadband The following table describes the labels in this screen. Table 34 Network Setting > Broadband > Add or Edit New WAN Interface (Routing Mode) LABEL DESCRIPTION General Click this switch to enable or disable the interface. When the switch goes to the right , the function is enabled.
Page 154
Chapter 8 Broadband Table 34 Network Setting > Broadband > Add or Edit New WAN Interface (Routing Mode) (continued) LABEL DESCRIPTION 802.1p IEEE 802.1p defines up to 8 separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service.
Page 155
Chapter 8 Broadband Table 34 Network Setting > Broadband > Add or Edit New WAN Interface (Routing Mode) (continued) LABEL DESCRIPTION The 6RD (IPv6 rapid deployment) fields display when you set the IPv6/IPv4 Mode field to IPv4 Only. See IPv6 Rapid Deployment on page 149 for more information.
Page 156
Chapter 8 Broadband Table 34 Network Setting > Broadband > Add or Edit New WAN Interface (Routing Mode) (continued) LABEL DESCRIPTION IPv6 DNS Server (This is available only when you select IPv4 IPv6 DualStack or IPv6 Only in the IPv4/IPv6 Mode field. Configure the IPv6 DNS server in the following section.) Obtain IPv6 DNS Select Obtain IPv6 DNS Info Automatically to have the Zyxel Device get the IPv6 DNS server...
Page 157
Chapter 8 Broadband Table 34 Network Setting > Broadband > Add or Edit New WAN Interface (Routing Mode) (continued) LABEL DESCRIPTION Maximum Burst Maximum Burst Size (MBS) refers to the maximum number of cells that can be sent at the peak Size [cells] rate.
Page 158
Chapter 8 Broadband The following table describes the fields in this screen. Table 35 Network Setting > Broadband > Add/Edit New WAN Interface (Bridge Mode) LABEL DESCRIPTION General Click this switch to enable or disable the interface. When the switch goes to the right , the function is enabled.
Chapter 8 Broadband 8.3 Broadband Settings for Ethernet, AON and PON Routers Use this screen to change your Zyxel Device’s Internet access settings. The summary table shows you the configured WAN services (connections) on the Zyxel Device. Use information provided by your ISP to configure WAN settings.
Chapter 8 Broadband Table 36 Network Setting > Broadband (continued) LABEL DESCRIPTION 802.1p This indicates the 802.1p priority level assigned to traffic sent through this connection. This displays N/A when there is no priority level assigned. 802.1q This indicates the VLAN ID number assigned to traffic sent through this connection. This displays N/A when there is no VLAN ID number assigned.
Page 161
Chapter 8 Broadband Figure 91 Network Setting > Broadband > Add or Edit New WAN Interface (Ethernet Routers Routing Mode) AX/DX/EX/PX Series User’s Guide...
Page 162
Chapter 8 Broadband Figure 92 Network Setting > Broadband > Add or Edit New WAN Interface (AON and PON Routers Routing Mode) AX/DX/EX/PX Series User’s Guide...
Page 163
Chapter 8 Broadband The following table describes the labels in this screen. Table 37 Network Setting > Broadband > Add or Edit New WAN Interface (Routing Mode) LABEL DESCRIPTION General Click this switch to enable or disable the interface. When the switch goes to the right , the function is enabled.
Page 164
Chapter 8 Broadband Table 37 Network Setting > Broadband > Add or Edit New WAN Interface (Routing Mode) (continued) LABEL DESCRIPTION IP Address (This is available only when you select IPv4 Only or IPv4 IPv6 DualStack in the IPv4/IPv6 Mode field.) Obtain an IP A static IP address is a fixed IP that your ISP gives you.
Page 165
Chapter 8 Broadband Table 37 Network Setting > Broadband > Add or Edit New WAN Interface (Routing Mode) (continued) LABEL DESCRIPTION Request Options Select Option 42 to have the Zyxel Device get NTP time server information from DHCP packets sent from the DHCP server. Select Option 43 to have the Zyxel Device get vendor specific information from DHCP packets sent from the DHCP server.
Page 166
Chapter 8 Broadband Table 37 Network Setting > Broadband > Add or Edit New WAN Interface (Routing Mode) (continued) LABEL DESCRIPTION DS-Lite This is available only when you select IPv6 Only in the IPv4/IPv6 Mode field. Enable Dual Stack Lite to let local computers use IPv4 through an ISP’s IPv6 network. See Dual Stack Lite on page for more information.
Chapter 8 Broadband Figure 93 Network Setting > Broadband > Add or Edit New WAN Interface (Bridge Mode) The following table describes the fields in this screen. Table 38 Network Setting > Broadband > Add or Edit New WAN Interface (Bridge Mode) LABEL DESCRIPTION General...
Page 168
Chapter 8 Broadband cellular dongle as your primary WAN connection, as the Zyxel Device automatically uses a wired WAN connection when available. Figure 94 Internet Access Application: Cellular WAN Use this screen to configure your cellular settings. Click Network Setting > Broadband > Cellular Backup. The actual data rate you obtain varies depending on the cellular card you use, the signal strength to the service provider’s base station, and so on.
Page 169
Chapter 8 Broadband Note: If you select Drop in the Current Cellular Connection field, the will drop the Zyxel Device cellular WAN connection when the Time Budget or Data Budget is reached. It may take some time for the cellular WAN connection to be disconnected when the Time Budget or Data Budget is reached.
Page 170
Chapter 8 Broadband Figure 96 Network > Broadband > Cellular Backup (Budget Setup) The following table describes the labels in this screen. Table 39 Network Setting > Broadband > Cellular Backup LABEL DESCRIPTION General Cellular Backup Click this switch to have the Zyxel Device use the cellular connection as your WAN or a backup when the wired WAN connection fails.
Page 171
Chapter 8 Broadband Table 39 Network Setting > Broadband > Cellular Backup (continued) LABEL DESCRIPTION Ping Host Select this to have the Zyxel Device ping the particular host name or IP address you typed in this field. Cellular Connection Settings Card This field displays the manufacturer and model name of your cellular card if you inserted one in description...
Page 172
Chapter 8 Broadband Table 39 Network Setting > Broadband > Cellular Backup (continued) LABEL DESCRIPTION Secondary Enter the second DNS server address assigned by the ISP. DNS Server Enable e-mail Select this to enable the email notification function. The Zyxel Device will email you a notification Notification when the cellular connection is up.
Chapter 8 Broadband Table 39 Network Setting > Broadband > Cellular Backup (continued) LABEL DESCRIPTION Data Budget Select the check boxes and enter a number from 1 to 99 in the percentage fields. If you change the value after you configure and enable budget control, the Zyxel Device resets the statistics. % of time budget/data budget...
Page 174
Chapter 8 Broadband Note: If the settings in the screen are changed, the Zyxel Device will re-establish the DSL connections. Table 40 VDSL Profiles MAX. NUMBER OF CARRIER BANDWIDTH DOWNSTREAM PROFILE DOWNSTREAM BANDWIDTH POWER (DBM) (MHZ) THROUGHPUT CARRIERS (KHZ) (MBIT/S) 8.832 2048 4.3125...
Page 176
Chapter 8 Broadband The following table describes the labels in this screen. Table 41 Network Setting > Broadband > Advanced LABEL DESCRIPTION DSL Capabilities PhyR US Enable or disable PhyR US (upstream) for upstream transmission to the WAN. PhyR US should be enabled if data being transmitted upstream is sensitive to noise.
Chapter 8 Broadband Table 41 Network Setting > Broadband > Advanced (continued) LABEL DESCRIPTION 8a, 8b, 8c, 8d, The G.993.2 VDSL standard defines a wide range of profiles that can be used in different VDSL 12a, 12b, 17a, deployment settings, such as in a central office, a street cabinet or a building. 35b US0 The Zyxel Device must comply with at least one profile specified in G.993.2.
Page 178
Chapter 8 Broadband Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no specific configuration of the broadband modem at the customer site. By implementing PPPoE directly on the Zyxel Device (rather than individual computers), the computers on the LAN do not need PPPoE software installed, since the Zyxel Device does that part of the task.
Page 179
Chapter 8 Broadband The following figure illustrates the relationship between PCR, SCR and MBS. Figure 98 Example of Traffic Shaping ATM Traffic Classes These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0 Specification. Constant Bit Rate (CBR) Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being sent.
Page 180
Chapter 8 Broadband IP Address Assignment A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a different one each time. The Single User Account feature can be enabled or disabled if you have either a dynamic or static IP.
Page 181
Chapter 8 Broadband Internet Group Multicast Protocol (IGMP) is a network-layer protocol used to establish membership in a Multicast group - it is not used to carry user data. IGMP version 2 (RFC 2236) is an improvement over version 1 (RFC 1112) but IGMP version 1 is still in wide use. If you would like to read more detailed information about interoperability between IGMP version 2 and version 1, please see sections 4 and 5 of RFC 2236.
H A P T E R Wireless 9.1 Overview This chapter describes the Zyxel Device’s Network Setting > Wireless screens. Use these screens to set up your Zyxel Device’s WiFi network and security settings. 9.1.1 What You Can Do in this Chapter This section describes the Zyxel Device’s Wireless screens.
Chapter 9 Wireless WiFi6 / IEEE 802.11ax WiFi6 is backwards compatible with IEEE 802.11a/b/g/n/ac and is most suitable in areas with a high concentration of users. WiFi6 devices support Target Wakeup Time (TWT) allowing them to automatically power down when they are inactive. The following table displays the comparison of the different WiFi standards.
Page 184
Chapter 9 Wireless Figure 99 Network Setting > Wireless > General The following table describes the general WiFi labels in this screen. Table 43 Network Setting > Wireless > General LABEL DESCRIPTION Wireless Wireless Select Keep the same settings for 2.4G and 5G wireless networks and the 2.4 GHz and 5 GHz wireless networks will use the same SSID and wireless security settings.
Page 185
Chapter 9 Wireless Table 43 Network Setting > Wireless > General (continued) LABEL DESCRIPTION Wireless/WiFi Network Setup Band This shows the wireless band which this radio profile is using. 2.4GHz is the frequency used by IEEE 802.11b/g/n/ax WiFi clients while 5GHz is used by IEEE 802.11a/n/ac/ax WiFi clients. Wireless/WiFi Click this switch to enable or disable WiFi in this field.
Chapter 9 Wireless Table 43 Network Setting > Wireless > General (continued) LABEL DESCRIPTION Cancel Click Cancel to restore your previously saved settings. Apply Click Apply to save your changes. 9.2.1 No Security Select No Security to allow wireless stations to communicate with the access points without any data encryption or authentication.
Page 187
Chapter 9 Wireless Figure 101 Wireless > General: More Secure: WPA3-SAE/WPA2-PSK The following table describes the labels in this screen. Table 45 Wireless > General: More Secure: WPA3-SAE/WPA2-PSK LABEL DESCRIPTION Security Level Select More Secure to enable data encryption. Security Mode Select a security mode from the drop-down list box.
Chapter 9 Wireless 9.3 Guest/More AP Screen Use this screen to configure a guest wireless network that allows access to the Internet through the Zyxel Device. You can use one access point to provide several BSSs simultaneously. You can then assign varying security types to different SSIDs.
Page 189
Chapter 9 Wireless Note: If upstream/downstream bandwidth is empty, the Zyxel Device sets the value automatically. Setting a maximum upstream/downstream bandwidth will significantly decrease wireless performance. Click the Edit icon next to an SSID in the Guest/More AP screen. The following screen displays. Figure 103 Network Setting >...
Page 190
Chapter 9 Wireless Table 48 Network Setting > Wireless > Guest/More AP > Edit (continued) LABEL DESCRIPTION Wireless Network Settings Wireless The SSID (Service Set IDentity) identifies the service set with which a wireless device is associated. Network Name Wireless devices associating to the access point (AP) must have the same SSID. Enter a descriptive name (up to 32 English keyboard characters) for the wireless LAN.
Chapter 9 Wireless Table 48 Network Setting > Wireless > Guest/More AP > Edit (continued) LABEL DESCRIPTION Encryption Select the encryption type (AES or TKIP+AES) for data encryption. Select AES if your WiFi clients can all use AES. Select TKIP+AES to allow the WiFi clients to use either TKIP or AES. Timer The Timer is the rate at which the RADIUS server sends a new group key out to all clients.
Chapter 9 Wireless Table 49 Network Setting > Wireless > MAC Authentication (continued) LABEL DESCRIPTION MAC address List Add new MAC This field is available when you select Deny or Allow in the MAC Restrict Mode field. address Click this if you want to add a new MAC address entry to the MAC filter list below. Select an existing WiFi client from the list to add as a new entry.
Page 193
Chapter 9 Wireless Figure 105 Network Setting > Wireless > WPS The following table describes the labels in this screen. Table 50 Network Setting > Wireless > WPS LABEL DESCRIPTION General Click to enable ( ) and have the Zyxel Device activate WPS. Otherwise, it is disabled. Add a new device with WPS Method Method 1 PBC Use this section to set up a WPS WiFi network using Push Button Configuration (PBC).
Chapter 9 Wireless Table 50 Network Setting > Wireless > WPS (continued) LABEL DESCRIPTION Release The default WPS status is configured. Configuration Click this button to remove all configured WiFi and WiFi security settings for WPS connections on the Zyxel Device. Generate If this method has been enabled, the PIN (Personal Identification Number) of the Zyxel Device is New PIN...
Chapter 9 Wireless The following table describes the labels in this screen. Table 51 Network Setting > Wireless > WMM LABEL DESCRIPTION WiFi WMM of SSID Select On to have the Zyxel Device automatically give the network (SSIDx) a priority level WiFi according to the ToS value in the IP header of packets it sends.
Page 196
Chapter 9 Wireless The following table describes the labels in this screen. Table 52 Network Setting > Wireless > Others LABEL DESCRIPTION RTS/CTS Data with its frame size larger than this value will perform the RTS (Request To Send)/CTS (Clear Threshold To Send) handshake.
Chapter 9 Wireless Table 52 Network Setting > Wireless > Others (continued) LABEL DESCRIPTION 802.11 Protection Enabling this feature can help prevent collisions in mixed-mode networks (networks with both IEEE 802.11b and IEEE 802.11g traffic). Select Auto to have the wireless devices transmit data after a RTS/CTS handshake. This helps improve IEEE 802.11g performance.
Chapter 9 Wireless Figure 108 Network Setting > Wireless > Channel Status 9.9 MESH Use this screen to enable or disable MPro Mesh for MPro Mesh-supported devices. MPro Mesh is the Zyxel implantation of WiFi-Alliance Easy Mesh. It supports AP steering, band steering, auto-configuration and other advances for your wireless network.
Page 199
Chapter 9 Wireless Figure 109 Mesh Application A controller can automatically configure WiFi settings on extenders in the network as well as optimize bandwidth usage. The controller optimizes bandwidth usage by directing WiFi clients to an extender (AP steering) or 2.4G or 5G band (band steering) that is less busy. AP Steering AP steering allows WiFi clients to roam seamlessly between Mesh supported devices in your Mesh network by using the same SSID and WiFi password.
Page 200
Chapter 9 Wireless Figure 111 Band Steering Application Note: For AP steering and band steering to work, the controller and all the APs in the network need to have the same SSID and password. Therefore, we recommend using the controller to change the SSID and password. When MPro Mesh is enabled: •...
Chapter 9 Wireless Figure 112 Network > Wireless > MESH Press the WPS button for more than 5 seconds on the Zyxel Device. Click Add Extender in the MPro Mesh App. Install from Google Play or the Apple App store. Chapter 6 on page 112 for an MPro Mesh app tutorial.
Page 202
Chapter 9 Wireless Figure 113 Example of a WiFi Network The WiFi network is the part in the blue circle. In this WiFi network, devices A and B use the access point (AP) to interact with the other devices (such as the printer) or with the Internet. Your Zyxel Device is the Every WiFi network must follow these basic guidelines.
Chapter 9 Wireless 9.10.2 Additional Wireless Terms The following table describes some WiFi network terms and acronyms used in the Zyxel Device’s Web Configurator. Table 53 Additional WiFi Terms TERM DESCRIPTION RTS/CTS Threshold In a WiFi network which covers a large area, WiFi devices are sometimes not aware of each other’s presence.
Page 204
Chapter 9 Wireless Vanishing Point (which you know was made in 1971) you could use “70dodchal71vanpoi” as your security key. The following sections introduce different types of WiFi security you can set up in the WiFi network. 9.10.3.1 SSID Normally, the Zyxel Device acts like a beacon and regularly broadcasts the SSID in the area. You can hide the SSID instead, in which case the Zyxel Device does not broadcast the SSID.
Chapter 9 Wireless Note: It is recommended that WiFi networks use WPA3-SAE, WPA2-PSK, or stronger encryption. The other types of encryption are better than none at all, but it is still possible for unauthorized WiFi devices to figure out the original information pretty quickly. Many types of encryption use a key to protect the information in the WiFi network.
Chapter 9 Wireless 9.10.6 MBSSID Traditionally, you need to use different APs to configure different Basic Service Sets (BSSs). As well as the cost of buying extra APs, there is also the possibility of channel interference. The Zyxel Device’s MBSSID (Multiple Basic Service Set IDentifier) function allows you to use one access point to provide several BSSs simultaneously.
Page 207
Chapter 9 Wireless 9.10.8.1 Push Button Configuration WPS Push Button Configuration (PBC) is initiated by pressing a button on each WPS-enabled device, and allowing them to connect automatically. You do not need to enter any information. Not every WPS-enabled device has a physical WPS button. Some may have a WPS PBC button in their configuration utilities instead of or in addition to the physical button.
Page 208
Chapter 9 Wireless If the client device’s configuration interface has an area for entering another device’s PIN, you can either enter the client’s PIN in the AP, or enter the AP’s PIN in the client – it does not matter which. Start WPS on both devices within two minutes.
Page 209
Chapter 9 Wireless (Extensible Authentication Protocol) tunnel and sends the network name (SSID) and the WPA-PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2-PSK is used depends on the standards supported by the devices. If the registrar is already part of a network, it sends the existing information.
Page 210
Chapter 9 Wireless 9.10.8.4 Example WPS Network Setup This section shows how security settings are distributed in a sample WPS setup. The following figure shows a sample network. In step 1, both AP1 and Client 1 are un-configured. When WPS is activated on both, they perform the handshake. In this example, AP1 is the registrar, and Client 1 is the enrollee.
Page 211
Chapter 9 Wireless Figure 119 WPS: Example Network Step 3 9.10.8.5 Limitations of WPS WPS has some limitations of which you should be aware. • When you use WPS, it works between two devices only. You cannot enroll multiple devices simultaneously, you must enroll one after the other.
H A P T E R Home Networking 10.1 Overview A Local Area Network (LAN) is a shared communication system to which many computers are attached. A LAN is usually located in one immediate area such as a building or floor of a building. The LAN screens can help you configure a LAN DHCP server and manage IP addresses.
Page 213
Chapter 10 Home Networking Subnet Mask The subnet mask specifies the network number portion of an IP address. Your Zyxel Device will compute the subnet mask automatically based on the IP address that you entered. You do not need to change the subnet mask computed by the Zyxel Device unless you are instructed to do otherwise.
Chapter 10 Home Networking Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues. Network information and configuration may also be obtained and modified by users in some network environments. When a UPnP device joins a network, it announces its presence with a multicast message.
Page 215
Chapter 10 Home Networking Figure 121 Network Setting > Home Networking > LAN Setup AX/DX/EX/PX Series User’s Guide...
Page 216
Chapter 10 Home Networking The following table describes the fields in this screen. Table 55 Network Setting > Home Networking > LAN Setup LABEL DESCRIPTION Interface Group Group Name This displays the name of the group that your Zyxel Device belongs to. LAN IP Setup IP Address Enter the LAN IP address you want to assign to your Zyxel Device in dotted decimal notation,...
Page 217
Chapter 10 Home Networking Table 55 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION The Zyxel Device supports DNS proxy by default. The Zyxel Device sends out its own LAN IP address to the DHCP clients as the first DNS server address. DHCP clients use this first DNS server to send domain-name queries to the Zyxel Device.
Page 218
Chapter 10 Home Networking Table 55 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION MLD Mode Select Standard Mode to forward multicast packets to a port that joins the multicast group and broadcast unknown multicast packets from the WAN to all LAN ports. Select Blocking Mode to block all unknown multicast packets from the WAN.
Chapter 10 Home Networking Table 55 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION DNS Query Scenario Select how the Zyxel Device handles clients’ DNS information requests. IPv4/IPv6 DNS Server: The Zyxel Device forwards the requests to both the IPv4 and IPv6 DNS servers and sends clients the first DNS information it receives.
Page 220
Chapter 10 Home Networking The following table describes the labels in this screen. Table 56 Network Setting > Home Networking > Static DHCP LABEL DESCRIPTION Static DHCP Click this to configure a static DHCP entry. Configuration This is the index number of the entry. Status This field displays whether the client is connected to the Zyxel Device.
Chapter 10 Home Networking Table 57 Network Setting > Home Networking > Static DHCP: Static DHCP Configuration (continued) LABEL DESCRIPTION IP Address Enter the IP address that you want to assign to the computer on your LAN with the MAC address that you will also specify if you select Manual Input in the previous field.
Chapter 10 Home Networking The following table describes the labels in this screen. Table 58 Network Settings > Home Networking > UPnP LABEL DESCRIPTION UPnP State UPnP Select Enable to activate UPnP. Be aware that anyone could use a UPnP application to open the Web Configurator's login screen without entering the Zyxel Device's IP address (although you must still enter the password to access the Web Configurator).
Page 223
Chapter 10 Home Networking Figure 125 Network Setting > Home Networking > Additional Subnet The following table describes the labels in this screen. Table 59 Network Setting > Home Networking > Additional Subnet LABEL DESCRIPTION IP Alias Setup Group Name Select the interface group name for which you want to configure the IP alias settings.
Chapter 10 Home Networking Table 59 Network Setting > Home Networking > Additional Subnet (continued) LABEL DESCRIPTION IPv4 Address Enter the public IP address provided by your ISP. Subnet Mask Enter the public IPv4 subnet mask provided by your ISP. Offer Public IP Click this switch to enable or disable the Zyxel Device to provide public IP addresses by DHCP by DHCP...
Chapter 10 Home Networking 10.7 Wake on LAN Wake on LAN (WoL) allows you to remotely turn on a device on the network, such as a computer, storage device or media server. To use this feature the remote hardware (for example the network adapter on a computer) must support Wake On LAN using the ‘Magic Packet’...
Chapter 10 Home Networking Click Network Setting > Home Networking > TFTP Server Name to open this screen. Figure 128 Network Setting > Home Networking > TFTP Server Name The following table describes the labels in this screen. Table 62 Network Setting > Home Networking > TFTP Server Name LABEL DESCRIPTION TFTP Server...
Chapter 10 Home Networking 10.9.1 DHCP Setup DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) allows individual clients to obtain TCP/IP configuration at start-up from a server. You can configure the Zyxel Device as a DHCP server or disable it.
Chapter 10 Home Networking you must enable the Network Address Translation (NAT) feature of the Zyxel Device. The Internet Assigned Number Authority (IANA) reserved this block of addresses specifically for private use; please do not use any other number unless you are told otherwise. Let's say you select 192.168.1.0 as the network number;...
Page 229
Chapter 10 Home Networking Click Network and Sharing Center. Click Change advanced sharing settings. AX/DX/EX/PX Series User’s Guide...
Chapter 10 Home Networking Under Domain, select Turn on network discovery and click Save Changes. Network discovery allows your computer to find other computers and devices on the network and other computers on the network to find your computer. This makes it easier to share files and printers. 10.10.1 Auto-discover Your UPnP-enabled Network Device Before you follow these steps, make sure you already have UPnP activated on the Zyxel Device and in your computer.
Page 231
Chapter 10 Home Networking Make sure your computer is connected to the LAN port of the Zyxel Device. Open File Explorer and click Network. Right-click the Zyxel Device icon and select Properties. Figure 130 Network Connections In the Internet Connection Properties window, click Settings to see port mappings. Figure 131 Internet Connection Properties You may edit or delete the port mappings or click Add to manually add port mappings.
Page 232
Chapter 10 Home Networking Figure 132 Internet Connection Properties: Advanced Settings Figure 133 Internet Connection Properties: Advanced Settings: Add Note: When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically. Click OK. Check the network icon on the system tray to see your Internet connection status. Figure 134 System Tray Icon To see more details about your current Internet connection status, right click the network icon in the system tray and click Open Network &...
Chapter 10 Home Networking Figure 135 Internet Connection Status 10.11 Web Configurator Easy Access in Windows 10 Follow the steps below to access the Web Configurator. Open File Explorer. Click Network. AX/DX/EX/PX Series User’s Guide...
Page 234
Chapter 10 Home Networking Figure 136 Network Connections An icon with the description for each UPnP-enabled device displays under Network Infrastructure. Right-click the icon for your Zyxel Device and select View device webpage. The Web Configurator login screen displays. Figure 137 Network Connections: Network Infrastructure Right-click the icon for your Zyxel Device and select Properties.
Page 235
Chapter 10 Home Networking Figure 138 Network Connections: Network Infrastructure: Properties: Example AX/DX/EX/PX Series User’s Guide...
H A P T E R Routing 11.1 Overview The Zyxel Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the Zyxel Device send data to devices not reachable through the default gateway, use static routes.
Chapter 11 Routing Figure 140 Network Setting > Routing > Static Route The following table describes the labels in this screen. Table 63 Network Setting > Routing > Static Route LABEL DESCRIPTION Add New Static Click this to set up a new static route on the Zyxel Device. Route This is the number of an individual static route.
Page 238
Chapter 11 Routing Figure 141 Network Setting > Routing > Static Route > Add New Static Route The following table describes the labels in this screen. Table 64 Network Setting > Routing > Static Route > Add New Static Route LABEL DESCRIPTION Active...
Page 239
Chapter 11 Routing In the following figure, router R is connected to the Zyxel Device’s LAN. R connects to two networks, N1 (192.168.1.x/24) and N2 (192.168.10.x/24). If you want to send traffic from computer A (in N1 network) to computer B (in N2 network), the traffic is sent to the Zyxel Device’s WAN default gateway by default. In this case, B will never receive the traffic.
Page 240
Chapter 11 Routing This tutorial uses the following example IP settings: Table 65 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS The Zyxel Device’s WAN 172.16.1.1 The Zyxel Device’s LAN 192.168.1.1 IP Type IPv4 Use Interface VDSL 192.168.1.34 R’s N1 192.168.1.253 R’s N2...
Chapter 11 Routing 11.3 DNS Route Use this screen to view and configure DNS routes on the Zyxel Device. A DNS route entry defines a policy for the Zyxel Device to forward a particular DNS query to a specific WAN interface. Click Network Setting >...
Chapter 11 Routing Table 66 Network Setting > Routing > DNS Route (continued) LABEL DESCRIPTION Subnet Mask This parameter specifies the IP network subnet mask. Modify Click the Edit icon to configure a DNS route on the Zyxel Device. Click the Delete icon to remove a DNS route from the Zyxel Device. 11.3.1 Add or Edit DNS Route You can manually add the Zyxel Device’s DNS route entry.
Chapter 11 Routing through specific connections or distribute traffic across multiple paths for load sharing. Policy-based routing is applied to outgoing packets before the default routing rules are applied. The Policy Route screen let you view and configure routing policies on the Zyxel Device. Click Network Setting >...
Page 244
Chapter 11 Routing Figure 145 Network Setting > Routing > Policy Route: Add or Edit The following table describes the labels in this screen. Table 69 Network Setting > Routing > Policy Route: Add or Edit LABEL DESCRIPTION Active Click this to enable (turns blue) activation of the policy route. Otherwise, click to disable (turns gray).
Chapter 11 Routing 11.5 RIP Overview Routing Information Protocol (RIP, RFC 1058 and RFC 1389) allows the Zyxel Device to exchange routing information with other routers. To activate RIP for the WAN interface, select the supported RIP version and operation. 11.5.1 RIP Click Network Setting >...
H A P T E R Quality of Service (QoS) 12.1 QoS Overview Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested.
Page 247
Chapter 12 Quality of Service (QoS) QoS versus CoS QoS is used to prioritize source-to-destination traffic flows. All packets in the same flow are given the same priority. CoS (class of service) is a way of managing traffic in a network by grouping similar types of traffic together and treating each type as a class.
Chapter 12 Quality of Service (QoS) The Zyxel Device supports three incoming traffic metering algorithms: Token Bucket Filter (TBF), Single Rate Two Color Maker (srTCM), and Two Rate Two Color Marker (trTCM). You can specify actions which are performed on the colored packets. See Section 12.8 on page 261 for more information on each metering algorithm.
Page 249
Chapter 12 Quality of Service (QoS) Figure 147 Network > QoS > General The following table describes the labels in this screen. Table 71 Network Setting > QoS > General LABEL DESCRIPTION Select the switch to turn on QoS to improve your network performance. WAN Managed Enter the amount of upstream bandwidth for the WAN interfaces that you want to allocate using Upstream...
Chapter 12 Quality of Service (QoS) 12.4 Queue Setup Click Network Setting > QoS > Queue Setup to open the screen as shown next. Use this screen to configure QoS queue assignment to decide the priority on WAN or LAN interfaces. Traffic with higher priority gets through faster than those with lower priority.
Chapter 12 Quality of Service (QoS) Table 72 Network Setting > QoS > Queue Setup (continued) LABEL DESCRIPTION Discipline This shows the discipline of the queue. The discipline is changed according to the option chosen in Queue Setting. If you choose SP, the discipline will be SP. If you choose SP+WRR, the discipline of the first and second queue will be SP, and the third and fourth queue will be WRR.
Chapter 12 Quality of Service (QoS) The following table describes the labels in this screen. Table 73 Queue Setup: Add LABEL DESCRIPTION Active Click this switch to enable or disable the queue. When the switch turns blue , the function is enabled.
Chapter 12 Quality of Service (QoS) Figure 150 Network Setting > QoS > Classification Setup The following table describes the labels in this screen. Table 74 Network Setting > QoS > Classification Setup LABEL DESCRIPTION Add New Click this to create a new classifier. Classification Order This is the index number of the entry.
Page 254
Chapter 12 Quality of Service (QoS) Figure 151 Classification Setup: Add or Edit AX/DX/EX/PX Series User’s Guide...
Page 255
Chapter 12 Quality of Service (QoS) The following table describes the labels in this screen. Table 75 Classification Setup: Add or Edit LABEL DESCRIPTION Step1: Class Configuration Active Click this switch to enable or disable the classifier. When the switch turns blue , the function is enabled.
Page 256
Chapter 12 Quality of Service (QoS) Table 75 Classification Setup: Add or Edit (continued) LABEL DESCRIPTION Prefix Length This field is available only when you select IPV6 in the Ether Type field. Enter the source prefix length. IPv6 on page 443 for more IPv6 information.
Chapter 12 Quality of Service (QoS) Table 75 Classification Setup: Add or Edit (continued) LABEL DESCRIPTION Exclude Select this option to exclude the packets that match the specified criteria from this classifier. Step3: Packet Modification DSCP Mark This field is available only when you select IP in the Ether Type field. If you select Remark, enter a DSCP value with which the Zyxel Device replaces the DSCP field in the packets.
Chapter 12 Quality of Service (QoS) The following table describes the labels in this screen. Table 76 Network Setting > QoS > Shaper Setup LABEL DESCRIPTION Add New Click this to create a new entry. Shaper This is the index number of the entry. Status This field displays whether the shaper is active or not.
Chapter 12 Quality of Service (QoS) 12.7 QoS Policer Setup Use this screen to view QoS policers that allow you to limit the transmission rate of incoming traffic and apply actions, such as drop, pass, or modify, to the DSCP value of matched traffic. Click Network Setting >...
Page 260
Chapter 12 Quality of Service (QoS) Figure 155 Policer Setup: Add or Edit The following table describes the labels in this screen. Table 79 Policer Setup: Add/Edit LABEL DESCRIPTION Active Click this switch to enable or disable the policer. When the switch turns blue , the function is enabled.
Chapter 12 Quality of Service (QoS) Table 79 Policer Setup: Add/Edit (continued) LABEL DESCRIPTION Committed Specify the committed burst size for packet bursts. This must be equal to or less than the peak Burst Size burst size (two rate three color) or excess burst size (single rate three color) if it is also configured. This is the maximum size of the (first) token bucket in a traffic metering algorithm.
Page 262
Chapter 12 Quality of Service (QoS) IEEE 802.1Q Tag The IEEE 802.1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges. A VLAN tag includes the 12-bit VLAN ID and 3-bit user priority. The VLAN ID associates a frame with a specific VLAN and provides the information that devices need to process the frame across the network.
Page 263
Chapter 12 Quality of Service (QoS) different kinds of forwarding. Resources can then be allocated according to the DSCP values and the configured policies. IP Precedence Similar to IEEE 802.1p prioritization at layer-2, you can use IP precedence to prioritize packets in a layer-3 network.
Page 264
Chapter 12 Quality of Service (QoS) Table 81 Internal Layer2 and Layer3 QoS Mapping (continued) LAYER 2 LAYER 3 PRIORITY IEEE 802.1P USER QUEUE TOS (IP IP PACKET LENGTH PRIORITY (ETHERNET DSCP PRECEDENCE) (BYTE) PRIORITY) 100110 100100 100010 100000 101110 101000 110000 111000...
Page 265
Chapter 12 Quality of Service (QoS) The srTCM evaluates incoming packets and marks them with one of three colors which refer to packet loss priority levels. High packet loss priority level is referred to as red, medium is referred to as yellow and low is referred to as green.
H A P T E R Network Address Translation (NAT) 13.1 Overview NAT (Network Address Translation – NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
Chapter 13 Network Address Translation (NAT) Port Forwarding A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.
Chapter 13 Network Address Translation (NAT) Note: TCP port 7547 is reserved for system use. Figure 157 Network Setting > NAT > Port Forwarding The following table describes the fields in this screen. Table 82 Network Setting > NAT > Port Forwarding LABEL DESCRIPTION Add New Rule...
Page 269
Chapter 13 Network Address Translation (NAT) Figure 158 Network Setting > NAT > Port Forwarding: Add or Edit Note: To configure port forwarding, you need to have the same configurations in the Start Port, End Port, Translation Start Port, and Translation End Port fields. To configure port translation, you need to have different configurations in the Start Port, End Port, Translation Start Port, and Translation End Port fields.
Chapter 13 Network Address Translation (NAT) Table 83 Network Setting > NAT > Port Forwarding: Add or Edit (continued) LABEL DESCRIPTION Start Port Configure this for a user-defined entry. Enter the original destination port for the packets. To forward only one port, enter the port number again in the End Port field. To forward a series of ports, enter the start port number here and the end port number in the End Port field.
Page 271
Chapter 13 Network Address Translation (NAT) Figure 159 Trigger Port Forwarding Process: Example Jane requests a file from the Real Audio server (port 7070). Port 7070 is a “trigger” port and causes the Zyxel Device to record Jane’s computer IP address. The Zyxel Device associates Jane's computer IP address with the "open"...
Chapter 13 Network Address Translation (NAT) Table 84 Network Setting > NAT > Port Triggering (continued) LABEL DESCRIPTION WAN Interface This field shows the WAN interface through which the service is forwarded. Trigger Start Port The trigger port is a port (or a range of ports) that causes (or triggers) the Zyxel Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN.
Chapter 13 Network Address Translation (NAT) The following table describes the labels in this screen. Table 85 Network Setting > NAT > Port Triggering: Add or Edit LABEL DESCRIPTION Active Click to enable (blue switch) or disable (gray switch) to activate or deactivate the rule. Service Name Enter a name to identify this rule using keyboard characters (A –...
Chapter 13 Network Address Translation (NAT) Figure 162 Network Setting > NAT > DMZ The following table describes the fields in this screen. Table 86 Network Setting > NAT > DMZ LABEL DESCRIPTION Default Server Enter the IP address of the default server which receives packets from ports that are not Address specified in the Port Forwarding screen.
Chapter 13 Network Address Translation (NAT) Figure 163 Network Setting > NAT > ALG The following table describes the fields in this screen. Table 87 Network Setting > NAT > ALG LABEL DESCRIPTION NAT ALG Enable this to make sure applications such as FTP and file transfer in IM applications work correctly with port-forwarding and address-mapping rules.
Chapter 13 Network Address Translation (NAT) Figure 164 Network Setting > NAT > Address Mapping The following table describes the fields in this screen. Table 88 Network Setting > NAT > Address Mapping LABEL DESCRIPTION Add New Rule Click this to create a new rule. Rule Name This is the name of the rule.
Page 277
Chapter 13 Network Address Translation (NAT) Figure 165 Network Setting > NAT > Address Mapping > Add New Rule The following table describes the fields in this screen. Table 89 Network Setting > NAT > Address Mapping > Add New Rule LABEL DESCRIPTION Rule Name...
Chapter 13 Network Address Translation (NAT) 13.7 Sessions Use this screen to limit the number of concurrent NAT sessions a client can use, to ensure that no single client uses up too many available NAT sessions. Some applications, such as P2P file sharing, demand a greater number of NAT sessions in order to get a better uploading and downloading rate.
Chapter 13 Network Address Translation (NAT) 13.8.1 NAT Definitions Inside or outside denotes where a host is located relative to the Zyxel Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Chapter 13 Network Address Translation (NAT) 13.8.3 How NAT Works Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN.
Page 281
Chapter 13 Network Address Translation (NAT) Figure 168 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also refer to the Supporting CD for more examples and details on port forwarding and NAT.
Page 282
Chapter 13 Network Address Translation (NAT) Port Forwarding Example Let's say you want to assign ports 21 – 25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
H A P T E R 14.1 DNS Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it.
Chapter 14 DNS 14.1.2 What You Need To Know DYNDNS Wildcard Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname.
Chapter 14 DNS 14.2.1 Add or Edit DNS Entry You can manually add or edit the Zyxel Device’s DNS name and IP address entry. Click Add New DNS Entry in the DNS Entry screen or the Edit icon next to the entry you want to edit. The screen shown next appears.
Page 286
Chapter 14 DNS Figure 172 Network Setting > DNS > Dynamic DNS The following table describes the fields in this screen. Table 95 Network Setting > DNS > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Setup Dynamic DNS Select Enable to use dynamic DNS. Service Provider Select your Dynamic DNS service provider from the drop-down list box.
H A P T E R IGMP/MLD 15.1 IGMP/MLD Overview Multicast delivers IP packets to a group of hosts on the network defined by multicast groups. Membership to these multicast groups are established using IGMP/MLD. Use the IGMP/MLD screen to configure IGMP/MLD group settings. 15.1.1 What You Need To Know Multicast and IGMP Multicast on page 180...
Page 288
Chapter 15 IGMP/MLD Note: Some models might only support IGMP/MLD Default Version configuration. Figure 173 Network Setting > IGMP/MLD The following table describes the labels in this screen. Table 96 Network Setting > IGMP/MLD LABEL DESCRIPTION IGMP/MLD Configuration Default Version Enter the version of IGMP (1~3) and MLD (1~2) that you want the Zyxel Device to use on the WAN.
Page 289
Chapter 15 IGMP/MLD Table 96 Network Setting > IGMP/MLD (continued) LABEL DESCRIPTION Query Interval Enter the number of seconds the Zyxel Device sends a query message to hosts to get the group membership information. Query Response Enter the maximum number of seconds the Zyxel Device can wait for receiving a General Query Interval message.
H A P T E R VLAN Group 16.1 Overview A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Devices on a logical network belong to one group. A device can belong to more than one group.
Chapter 16 VLAN Group 16.2 VLAN Group Settings This screen shows the VLAN groups created on the Zyxel Device. Click Network Setting > VLAN Group to open the following screen. Figure 175 Network Setting > VLAN Group The following table describes the fields in this screen. Table 97 Network Setting >...
Page 292
Chapter 16 VLAN Group Figure 176 Network Setting > VLNA Group > Add or Edit VLAN Group The following table describes the fields in this screen. Table 98 Network Setting > VLAN Group > Add or Edit VLAN Group LABEL DESCRIPTION VLAN Group Enter a name to identify this group.
H A P T E R Interface Grouping 17.1 Interface Grouping Overview By default, all LAN and WAN interfaces on the Zyxel Device are in the same group and can communicate with each other. Create interface groups to have the Zyxel Device assign IP addresses in different domains to different groups.
Chapter 17 Interface Grouping You can use this screen to create new user-defined interface groups or modify existing ones. Interfaces that do not belong to any user-defined group always belong to the default group. Click Network Setting > Interface Grouping to open the following screen. Figure 178 Network Setting >...
Page 295
Chapter 17 Interface Grouping Note: You can have up to 15 filter criteria. Figure 179 Network Setting > Interface Grouping > Interface Group Configuration (for DSL routers) AX/DX/EX/PX Series User’s Guide...
Page 297
Chapter 17 Interface Grouping Figure 181 Network Setting > Interface Grouping > Interface Group Configuration (for AON and PON routers) The following table describes the fields in this screen. Table 100 Network Setting > Interface Grouping > Add/Edit LABEL DESCRIPTION Group Name Enter a name to identify this group.
Chapter 17 Interface Grouping Table 100 Network Setting > Interface Grouping > Add/Edit (continued) LABEL DESCRIPTION Selected LAN Select one or more interfaces (Ethernet LAN, wireless LAN) in the Available LAN Interfaces list Interfaces and use the left arrow to move them to the Selected LAN Interfaces list to add the interfaces to this group.
Page 299
Chapter 17 Interface Grouping Figure 182 Network Setting > Interface Grouping > Interface Group Configuration: Add The following table describes the fields in this screen. Table 101 Network Setting > Interface Grouping > Interface Group Configuration: Add LABEL DESCRIPTION Source MAC Enter the source MAC address of the packet.
H A P T E R USB Service 18.1 USB Service Overview You can share files on a USB memory stick or hard drive connected to your Zyxel Device with users on your network. The following figure is an overview of the Zyxel Device’s file server feature. Computers A and B can access files on a USB device (C) which is connected to the Zyxel Device.
Chapter 18 USB Service Shares When settings are set to default, each USB device connected to the Zyxel Device is given a folder, called a “share”. If a USB hard drive connected to the Zyxel Device has more than one partition, then each partition will be allocated a share.
Page 302
Chapter 18 USB Service Figure 184 Network Setting > USB Service Note: The Share Directory List is only visible when you connect a USB device. Each field is described in the following table. Table 102 Network Setting > USB Service LABEL DESCRIPTION Information...
Chapter 18 USB Service Table 102 Network Setting > USB Service (continued) LABEL DESCRIPTION Share Path This field displays the location in the USB of the file you shared. Share This field displays a description of the file you shared. Description Modify Click the Edit icon to change the settings of an existing share.
Chapter 18 USB Service The following table describes the labels in this menu. Table 103 Network Setting > USB Service > Add New Share LABEL DESCRIPTION Volume Select the volume in the USB storage device that you want to add as a share in the Zyxel Device.
Page 305
Chapter 18 USB Service To change your Zyxel Device’s media server settings, click Network Setting > USB Service > Media Server. The screen appears as shown. Figure 186 Network Setting > USB Service > Media Server The following table describes the labels in this menu. Table 104 Network Setting >...
H A P T E R Firewall 19.1 Overview This chapter shows you how to enable the Zyxel Device firewall. Use the firewall to protect your Zyxel Device and network from attacks by hackers on the Internet and control access to it. The firewall: •...
Chapter 19 Firewall Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources.
Chapter 19 Firewall 19.2.1 What You Can Do in this Chapter • Use the General screen to configure the security level of the firewall on the Zyxel Device (Section 19.3 on page 308). • Use the Protocol screen to add or remove predefined Internet services and configure firewall rules (Section 19.4 on page 309).
Chapter 19 Firewall The following table describes the labels in this screen. Table 105 Security > Firewall > General LABEL DESCRIPTION IPv4 Enable firewall protection when using IPv4 (Internet Protocol version 4). Firewall IPv6 Enable firewall protection when using IPv6 (Internet Protocol version 6). Firewall High This setting blocks all traffic to and from the Internet.
Chapter 19 Firewall Table 106 Security > Firewall > Protocol (continued) LABEL DESCRIPTION Ports/Protocol Number This shows the port number or range and the IP protocol (TCP or UDP) that defines your customized service. Modify Click this to edit a customized service. 19.4.1 Add Customized Service Add a customized rule or edit an existing rule by specifying the protocol and the port numbers.
Chapter 19 Firewall Figure 191 Security > Firewall > Access Control The following table describes the labels in this screen. Table 108 Security > Firewall > Access Control LABEL DESCRIPTION Rules Storage Space This read-only bar shows how much of the Zyxel Device's memory is in use for recording Usage firewall rules.
Page 312
Chapter 19 Firewall Figure 192 Security > Firewall > Access Control > Add New ACL Rule The following table describes the labels in this screen. Table 109 Security > Firewall > Access Control > Add New ACL Rule LABEL DESCRIPTION Active Click the Active button to enable this ACL rule.
Chapter 19 Firewall Table 109 Security > Firewall > Access Control > Add New ACL Rule (continued) LABEL DESCRIPTION MAC Address Enter the MAC addresses of the wireless or LAN clients that are allowed access to the Zyxel Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
Chapter 19 Firewall Figure 193 Security > Firewall > DoS The following table describes the labels in this screen. Table 110 Security > Firewall > DoS LABEL DESCRIPTION DoS Protection Enable this to protect against DoS attacks. The Zyxel Device will drop sessions that surpass Blocking maximum thresholds.
Chapter 19 Firewall • LAN to WAN These rules specify which computers on the LAN can access which computers or services on the WAN. By default, the Zyxel Device’s stateful packet inspection drops packets traveling in the following directions: • WAN to LAN These rules specify which computers on the WAN can access which computers or services on the LAN.
Chapter 19 Firewall Protect against IP spoofing by making sure the firewall is active. Keep the firewall in a secured (locked) room. 19.7.3 Security Considerations Note: Incorrectly configuring the firewall may block valid access or introduce security risks to the Zyxel Device and your protected network. Use caution when creating or deleting firewall rules and test your rules after you configure them.
H A P T E R MAC Filter 20.1 MAC Filter Overview You can configure the Zyxel Device to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. Every Ethernet device has a unique MAC (Media Access Control) address.
Chapter 20 MAC Filter The following table describes the labels in this screen. Table 111 Security > MAC Filter LABEL DESCRIPTION MAC Address Filter Select Enable to activate the MAC filter function. MAC Restrict Mode Select Allow to only permit the listed MAC addresses access to the Zyxel Device. Select Deny to permit anyone access to the Zyxel Device except the listed MAC addresses.
Page 319
Chapter 20 MAC Filter Table 112 Security > MAC Filter > Add New Rule LABEL DESCRIPTION Cancel Click Cancel to restore your previously saved settings. Apply Click Apply to save your changes. AX/DX/EX/PX Series User’s Guide...
Chapter 21 Home Security Chapter 21 Home Security 21.1 Home Security Overview The Zyxel Device supports URL (Uniform Resource Locator) filtering that allows you to block user access to specific websites containing inappropriate or harmful content. Users on your network will not be able to enter the websites with URL domain names, keywords or full URLs you specify.
Page 321
Chapter 21 Home Security The following table describes the labels in this screen. Table 113 Security > Home Security LABEL DESCRIPTION Enter Website URL Enter the URL of a website or URL keyword to which the Zyxel Device blocks access. Click Block to add the website to the Block List.
H A P T E R Parental Control 22.1 Parental Control Overview Parental control allows you to limit the time a user can access the Internet and prevent users from viewing inappropriate content or participating in specified online activities. Your parental control screens may be different depending on the model you’re using. Some Zyxel Devices support scheduling, some support scheduling and URL filtering.
Chapter 22 Parental Control The following table describes the fields in this screen. Table 114 Security > Parental Control LABEL DESCRIPTION Parental Control Click this switch to enable or disable parental control. When the switch goes to the right ( the function is enabled.
Chapter 22 Parental Control 22.2.2 Define a Schedule This screen allow you to define time periods and days during which Internet access is blocked on the profile devices. Finish the settings in the Select Device step and click Next to access this screen. Figure 199 Parental Control >...
Chapter 22 Parental Control Figure 200 Parental Control > Scheduled Profile The following table describes the fields in this screen. Table 117 Parental Control > Scheduled Profile LABEL DESCRIPTION Parental Control Click this switch to enable or disable parental control. When the switch goes to the right ( the function is enabled.
Page 326
Chapter 22 Parental Control Figure 201 Security > Parental Control The following table describes the fields in this screen. Table 118 Security > Parental Control LABEL DESCRIPTION General Parental Control Select Enable to activate parental control on the Zyxel Device. Parental Control Profile (PCP) Add new PCP Click this if you want to configure a new Parental Control Profile (PCP).
Chapter 22 Parental Control 22.3.1 Add or Edit a Parental Control Profile Click Add new PCP in the Parental Control screen to add a new rule or click the Edit icon next to an existing rule to edit it. Use this screen to configure a restricted access schedule and/or URL filtering settings to block the users on your network from accessing certain web sites.
Page 328
Chapter 22 Parental Control Figure 203 Security > Parental Control > Add or Edit PCP (Network Service & Site/URL Keyword) The following table describes the fields in this screen. Table 119 Security > Parental Control >Add or Edit PCP LABEL DESCRIPTION General Active...
Page 329
Chapter 22 Parental Control Table 119 Security > Parental Control >Add or Edit PCP (continued) LABEL DESCRIPTION Modify Click the Edit icon to go to the screen where you can edit the rule. Click the Delete icon to delete an existing rule. Site/URL Keyword Block or Allow If you select Block the Web URLs, the Zyxel Device prohibits the users from viewing the Web sites...
Page 330
Chapter 22 Parental Control Table 120 Security > Parental Control > Add or Edit PCP > Add New Service (continued) LABEL DESCRIPTION Cancel Click Cancel to exit this screen without saving any changes. Click OK to save your changes. Add Site/URL Keyword Click Add in the Site/URL Keyword section of the Edit or Add new PCP screen to open the following screen.
H A P T E R Scheduler Rule 23.1 Scheduler Rule Overview A Scheduler Rule allows you to define time periods and days during which the Zyxel Device allows certain actions. 23.2 Scheduler Rule Settings Use this screen to view, add, or edit time schedule rules. A scheduler rule is a reusable object that is applied to other features, such as Firewall Access Control.
Chapter 23 Scheduler Rule 23.2.1 Add or Edit a Schedule Rule Click the Add New Rule button in the Scheduler Rule screen or click the Edit icon next to a schedule rule to open the following screen. Use this screen to configure a restricted access schedule. Figure 207 Security >...
H A P T E R Certificates 24.1 Certificates Overview The Zyxel Device can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.
Page 334
Chapter 24 Certificates Figure 208 Security > Certificates > Local Certificates The following table describes the labels in this screen. Table 124 Security > Certificates > Local Certificates LABEL DESCRIPTION Replace Private Key/Certificate file in PEM format Private Key is Select the check box and enter the private key into the text box to store it on the Zyxel Device.
Chapter 24 Certificates 24.3.1 Create Certificate Request Click Security > Certificates > Local Certificates and then Create Certificate Request to open the following screen. Use this screen to have the Zyxel Device generate a certification request. To create a certificate signing request, you need to enter a common name, organization name, state or province name, and the default US two-letter country code (The US country code is by default and not changeable when sold in the U.S.) for the certificate.
Page 336
Chapter 24 Certificates authentication and must be safely stored. The Signing Request contains the certificate signing request value that you will copy upon submitting the certificate request to the CA (certificate authority). Click the View icon in the Local Certificates screen to open the following screen. Figure 210 Security >...
Chapter 24 Certificates Table 126 Security > Certificates > Local Certificates: View Certificates (continued) LABEL DESCRIPTION Certificate This read-only text box displays the certificate in Privacy Enhanced Mail (PEM) format. PEM uses base 64 to convert the binary certificate into a printable form. You can copy and paste the certificate into an email to send to friends or colleagues or you can copy and paste the certificate into a text editor and save the file on a management computer for later distribution.
Chapter 24 Certificates Table 127 Security > Certificates > Trusted CA (continued) LABEL DESCRIPTION Type This field displays general information about the certificate. ca means that a Certification Authority signed the certificate. Modify Click the View icon to open a screen with an in-depth list of information about the certificate (or certification request).
Chapter 24 Certificates 24.6 View Trusted CA Certificate Use this screen to view in-depth information about the certification authority’s certificate. The certificate text box is read-only and can be distributed to others. Click Security > Certificates > Trusted CA to open the Trusted CA screen. Click the View icon to open the View Certificate screen.
Chapter 24 Certificates Certification Authorities A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. Public and Private Keys When using public-key cryptology for authentication, each host has two keys. One key is public and can be made openly available;...
Page 341
Chapter 24 Certificates You can use a certificate’s fingerprint to verify it. A certificate’s fingerprint is a message digest calculated using the MD5 or SHA1 algorithms. The following procedure describes how to check a certificate’s fingerprint to verify that you have the actual certificate. Browse to where you have the certificate saved on your computer.
H A P T E R Voice 25.1 Overview You can make calls over the Internet using VoIP technology. For this, you first need to set up a SIP account with a SIP service provider. Use this chapter to: • Connect an analog phone to the Zyxel Device. •...
Chapter 25 Voice SIP stands for Session Initiation Protocol. SIP is a signaling standard that lets one network device (like a computer or the Zyxel Device) send messages to another. In VoIP, these messages are about phone calls over the network. For example, when you dial a number on your Zyxel Device, it sends a SIP message over the network asking the other device (the number you dialed) to take part in the call.
Chapter 25 Voice Figure 216 VoIP > SIP > SIP Account The following table describes the labels in this screen. Table 130 VoIP > SIP > SIP Account LABEL DESCRIPTION Add New Account Click this to configure a SIP account. This is the index number of the entry.
Page 345
Chapter 25 Voice Figure 217 VoIP > SIP > SIP Account > Add Account or Edit AX/DX/EX/PX Series User’s Guide...
Page 346
Chapter 25 Voice Figure 218 VoIP > SIP > SIP Account > Add Account or Edit (Call Features) The following table describes the labels in this screen. Table 131 VoIP > SIP > SIP Account > SIP Account Entry Edit LABEL DESCRIPTION SIP Account Selection...
Page 347
Chapter 25 Voice Table 131 VoIP > SIP > SIP Account > SIP Account Entry Edit (continued) LABEL DESCRIPTION SIP Account Associated with Select the SIP service provider profile to use for the SIP account you are configuring in this screen. You should already have configured a SIP service provider profile in the SIP Service Provider screen.
Page 348
Chapter 25 Voice Table 131 VoIP > SIP > SIP Account > SIP Account Entry Edit (continued) LABEL DESCRIPTION Send Caller ID Select this if you want to send identification when you make VoIP phone calls. Clear this if you do not want to send identification. Enable Call Transfer Select this to enable call transfer on the Zyxel Device.
Chapter 25 Voice Table 131 VoIP > SIP > SIP Account > SIP Account Entry Edit (continued) LABEL DESCRIPTION Mail Account Select a mail account for the email address specified below. If you select None here, email notifications will not be sent through email. You must have configured a mail account already in the Email Notification screen.
Page 350
Chapter 25 Voice Note: Click this to see all the fields in the screen. You do not necessarily need to use all these fields to set up your account. Click again to see and configure only the fields needed for this feature. Figure 220 VoIP >...
Page 351
Chapter 25 Voice The following table describes the labels in this screen. Table 133 VoIP > SIP > SIP Service Provider > Add New Provider or Edit LABEL DESCRIPTION SIP Service Provider Selection Service Provider Selection This field displays ADD_NEW if you are creating a new SIP service provider profile or the SIP service provider name you are modifying.
Page 352
Chapter 25 Voice Table 133 VoIP > SIP > SIP Service Provider > Add New Provider or Edit (continued) LABEL DESCRIPTION Outbound Proxy Outbound Proxy Address Enter the IP address or domain name of the SIP outbound proxy server. Outbound Proxy Port Enter the SIP outbound proxy server’s listening port, if your VoIP service provider gave you one.
Chapter 25 Voice Table 133 VoIP > SIP > SIP Service Provider > Add New Provider or Edit (continued) LABEL DESCRIPTION Dialing Interval Selection Enter the number of seconds the Zyxel Device should wait after you stop dialing numbers before it makes the phone call. The value depends on how quickly you dial phone numbers.
Chapter 25 Voice Each field is described in the following table. Table 134 VoIP > Phone > Phone Device LABEL DESCRIPTION This displays the index number of the phone device. Phone ID This field displays the name of a phone port on the Zyxel Device. Internal Number This field displays the internal call prefix of a phone port on the Zyxel Device.
Chapter 25 Voice Each field is described in the following table. Table 135 VoIP > Phone > Phone Device > Edit LABEL DESCRIPTION SIP Account to Select the SIP account you want to use when making outgoing calls with the analog Make Outgoing phone connected to this phone port.
Chapter 25 Voice The following table describes the labels in this screen. Table 136 VoIP > Phone LABEL DESCRIPTION Region Setting Select the place in which the Zyxel Device is located. Call Service Mode Select the mode for supplementary phone services (call hold, call waiting, call transfer and three-way conference calls) that your VoIP service provider supports.
Chapter 25 Voice The following table describes the labels in this screen. Table 137 VoIP > Call Rule LABEL DESCRIPTION Keys This field displays the speed-dial number you should dial to use this entry. Number Enter the SIP number you want the Zyxel Device to call when you dial the speed-dial number.
Page 358
Chapter 25 Voice Table 138 VoIP > Call History LABEL DESCRIPTION Date This is the date when the calls were made. Total Calls This displays the total number of calls from or to your SIP addresses that day. Outgoing Calls This displays how many calls originated from you that day.
H A P T E R 26.1 Log Overview These screens allow you to determine the categories of events and/or alerts that the Zyxel Device logs and then display these logs or have the Zyxel Device send them to an administrator (through email) or to a syslog server.
Chapter 26 Log Table 139 Syslog Severity Levels (continued) CODE SEVERITY Notice: There is a normal but significant condition on the system. Informational: The syslog contains an informational message. Debugging: The message is intended for debug-level purposes. 26.2 System Log Use the System Log screen to see the system logs.
Chapter 26 Log 26.3 Security Log Use the Security Log screen to see the security-related logs for the categories that you select. You can filter the entries by selecting a severity level and/or category. Click System Monitor > Log > Security Log to open the following screen.
H A P T E R Traffic Status 27.1 Traffic Status Overview Use the Traffic Status screens to look at the network traffic status and statistics of the WAN/LAN interfaces and NAT. 27.1.1 What You Can Do in this Chapter •...
Page 363
Chapter 27 Traffic Status Figure 228 System Monitor > Traffic Status > WAN The following table describes the fields in this screen. Table 142 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Refresh Interval Select how often you want the Zyxel Device to update this screen. Connected This shows the name of the WAN interface that is currently connected.
Chapter 27 Traffic Status Table 142 System Monitor > Traffic Status > WAN (continued) LABEL DESCRIPTION Error This indicates the number of frames with errors received on this interface. Drop This indicates the number of received packets dropped on this interface. 27.3 LAN Status Click System Monitor >...
Chapter 27 Traffic Status Table 143 System Monitor > Traffic Status > LAN (continued) LABEL DESCRIPTION Error This indicates the number of frames with errors received on this interface. Drop This indicates the number of received packets dropped on this interface. 27.4 NAT Status Click System Monitor >...
H A P T E R VoIP Status 28.1 VoIP Status Screen Click System Monitor > VoIP Status to open the following screen. You can view the Voice over IP (VoIP) registration, current call status and phone numbers in this screen. Figure 231 System Monitor >...
Page 367
Chapter 28 VoIP Status Table 145 System Monitor > VoIP Status (continued) LABEL DESCRIPTION Registration This field displays the current registration status of the SIP account. Registered - The SIP account is activated and has been registered with a SIP server. You can use it to make a VoIP call.
Page 368
Chapter 28 VoIP Status Table 145 System Monitor > VoIP Status (continued) LABEL DESCRIPTION Call Type This field displays the call direction type of the current VoIP call. Outgoing Call – It is a SIP VoIP call made by local phone ports, and this SIP account is able to issue a (SIP-based) call setup to the SIP account of remote peers for a VoIP call establishment.
H A P T E R ARP Table 29.1 ARP Table Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol (IP) address to a physical machine address, known as a Media Access Control (MAC) address, on the local area network.
Page 370
Chapter 29 ARP Table Figure 232 System Monitor > ARP Table The following table describes the labels in this screen. Table 146 System Monitor > ARP Table LABEL DESCRIPTION This is the ARP table entry number. IPv4 / IPv6 This is the learned IPv4 or IPv6 IP address of a device connected to a port. Address MAC Address This is the MAC address of the device with the listed IP address.
H A P T E R Routing Table 30.1 Routing Table Overview Routing is based on the destination address only and the Zyxel Device takes the shortest path to forward a packet. 30.2 Routing Table The table below shows IPv4 and IPv6 routing information. The IPv4 subnet mask is ‘255.255.255.255’ for a host destination and ‘0.0.0.0’...
Page 372
Chapter 30 Routing Table Figure 233 System Monitor > Routing Table The following table describes the labels in this screen. Table 147 System Monitor > Routing Table LABEL DESCRIPTION IPv4 / IPv6 Routing Table Destination This indicates the destination IPv4 address or IPv6 address and prefix of this route. Gateway This indicates the IPv4 address or IPv6 address of the gateway that helps forward this route’s traffic.
Page 373
Chapter 30 Routing Table Table 147 System Monitor > Routing Table (continued) LABEL DESCRIPTION Flag This indicates the route status. U–Up: The route is up. !–Reject: The route is blocked and will force a route lookup to fail. G–Gateway: The route uses a gateway to forward traffic. H–Host: The target of the route is a host.
H A P T E R Multicast Status 31.1 Multicast Status Overview Use the Multicast Status screens to look at IGMP/MLD group status and traffic statistics. 31.2 The IGMP Status Screen Use this screen to look at the current list of multicast groups the Zyxel Device manages through IGMP. Configure IGMP in Network Setting >...
Chapter 31 Multicast Status 31.3 The MLD Status Screen Use this screen to look at the current list of multicast groups the Zyxel Device manages through MLD. Configure MLD in Network Setting > IGMP/MLD. To open this screen, click System Monitor > Multicast Status >...
H A P T E R xDSL Statistics 32.1 Overview You can view information about DSL statistics, such as port details, in this screen. 32.2 xDSL Statistics Use this screen to view detailed DSL statistics. Click System Monitor > xDSL Statistics to open the following screen.
Page 377
Chapter 32 xDSL Statistics Figure 237 System Monitor > xDSL Statistics The following table describes the labels in this screen. Table 150 System Monitor > xDSL Statistics LABEL DESCRIPTION Type Select the type of DSL line for refreshing statistics. Refresh Interval Select the time interval for refreshing statistics.
Page 378
Chapter 32 xDSL Statistics Table 150 System Monitor > xDSL Statistics (continued) LABEL DESCRIPTION SNR Margin This is the upstream and downstream Signal-to-Noise Ratio margin (in dB). A DMT sub-carrier’s SNR is the ratio between the received signal power and the received noise power. The signal- to-noise ratio margin is the maximum that the received noise power could increase with the system still being able to meet its transmission targets.
H A P T E R WLAN Station Status 33.1 WLAN Station Status Overview Click System Monitor > WLAN Station Status to open the following screen. Use this screen to view information and status of the wireless stations (wireless clients) that are currently associated with the Zyxel Device.
Page 380
Chapter 33 WLAN Station Status Table 151 System Monitor > WLAN Station Status (continued) LABEL DESCRIPTION The Signal-to-Noise Ratio (SNR) is the ratio between the received signal power and the received noise power. The greater the number, the better the quality of WiFi. The normal range is 15 to 40.
H A P T E R Cellular Statistics 34.1 Cellular Statistics Overview Use the Cellular Statistics screens to look at cellular Internet connection status. By default, a cellular WAN connection is used as a backup for the wired DSL or Ethernet WAN connections. 34.2 Cellular Statistics Settings To open this screen, click System Monitor >...
Page 382
Chapter 34 Cellular Statistics The following table describes the labels in this screen. Table 152 System Monitor > Cellular Statistics LABEL DESCRIPTION Monitor Refresh Interval Select how often you want the Zyxel Device to update this screen. Select None to stop refreshing.
H A P T E R System 35.1 System Overview Use this screen to name your Zyxel Device (Host) and give it an associated domain name for identification purposes. 35.2 System Click Maintenance > System to open the following screen. Assign a unique name to the Zyxel Device so it can be easily recognized on your network.
H A P T E R User Account 36.1 User Account Overview In the User Account screen, you can view the settings of the “admin” and other user accounts that you use to log into the Zyxel Device to manage it. 36.2 User Account Click Maintenance >...
Chapter 36 User Account Table 154 Maintenance > User Account (continued) LABEL DESCRIPTION Group This field displays whether this user has Administrator or User privileges. Remote This field displays whether this user can access the Zyxel Device with HTTP, Telnet or SSH through Privilege the WAN, LAN or LAN/WAN.
Page 386
Table 155 Maintenance > User Account > User Account Add (continued) LABEL DESCRIPTION Verify Password Type the new password again for confirmation. Retry Times Enter the number of times consecutive wrong passwords can be entered for this account. 0 means there is no limit. Idle Timeout Enter the length of inactive time before the Zyxel Device will automatically log the user out of the Web Configurator.
H A P T E R Remote Management 37.1 Overview Remote management controls through which interfaces, which web services (such as HTTP, HTTPS, FTP, Telnet, SSH and Ping) can access the Zyxel Device. Note: The Zyxel Device is managed using the Web Configurator. 37.1.1 What You Can Do in this Chapter •...
Page 388
Chapter 37 Remote Management Figure 243 Maintenance > Remote Management > MGMT Services The following table describes the fields in this screen. Table 156 Maintenance > Remote Management > MGMT Services LABEL DESCRIPTION Service Control WAN Interface Select Any_WAN to have the Zyxel Device automatically activate the remote management used for services service when any WAN connection is up.
Chapter 37 Remote Management 37.3 Trust Domain Use this screen to view a list of public IP addresses which are allowed to access the Zyxel Device through the services configured in the Maintenance > Remote Management > MGMT Services screen. Click Maintenance >...
Page 390
Chapter 37 Remote Management Figure 245 Maintenance > Remote Management > Trust Domain > Add Trust Domain The following table describes the fields in this screen. Table 158 Maintenance > Remote Management > Trust Domain > Add Trust Domain LABEL DESCRIPTION IP Address Enter a public IPv4/IPv6 IP address which is allowed to access the service on the...
H A P T E R SNMP 38.1 Overview This chapter explains how to configure the SNMP settings on the Zyxel Device. Simple Network Management Protocol is a protocol used for exchanging management information between network devices. Your Zyxel Device supports SNMP agent functionality, which allows a manager station to manage and monitor the Zyxel Device through the network.
Chapter 38 SNMP • Get – Allows the manager to retrieve an object variable from the agent. • GetNext – Allows the manager to retrieve the next object variable from a table or list within an agent. In SNMPv1, when a manager wants to retrieve all elements of a table from an agent, it initiates a Get operation, followed by a series of GetNext operations.
Page 393
Chapter 38 SNMP Table 159 Maintenance > SNMP (continued) LABEL DESCRIPTION System Contact Enter the SNMP system contact. Trap Destination Type the IP address of the station to send your SNMP traps to. Apply Click this to save your changes back to the Zyxel Device. Cancel Click this to restore your previously saved settings.
H A P T E R Time Settings 39.1 Time Settings Overview This chapter shows you how to configure system related settings, such as system date and time. 39.2 Time For effective scheduling and logging, the Zyxel Device system time must be accurate. Use this screen to configure the Zyxel Device’s time based on your local time zone.
Page 395
Chapter 39 Time Settings Figure 248 Maintenance > Time The following table describes the fields in this screen. Table 160 Maintenance > Time LABEL DESCRIPTION Current Date/Time Current Time This displays the time of your Zyxel Device. Each time you reload this screen, the Zyxel Device synchronizes the time with the time server. Current Date This displays the date of your Zyxel Device.
Page 396
Chapter 39 Time Settings Table 160 Maintenance > Time (continued) LABEL DESCRIPTION First – Fifth Time Select an NTP time server from the drop-down list box. Server Address Otherwise, select Other and enter the IP address or URL (up to 29 extended ASCII characters in length) of your time server.
H A P T E R Email Notification 40.1 Email Notification Overview A mail server is an application or a computer that can receive, forward and deliver email messages. To have the Zyxel Device send reports, logs or notifications through email, you must specify an email server and the email addresses of the sender and receiver.
Chapter 40 Email Notification The following table describes the labels in this screen. Table 161 Maintenance > E-mail Notification LABEL DESCRIPTION Add New e-mail Click this button to create a new entry (up to 32 can be created). Mail Server This displays the server name or the IP address of the mail server.
Page 399
Chapter 40 Email Notification Table 162 Maintenance > E-mail Notification: Add New e-mail (continued) LABEL DESCRIPTION Authentication Enter the password associated with the user name above. Password Account e-mail Enter the email address that you want to be in the from or sender line of the email notification Address that the Zyxel Device sends.
H A P T E R Log Setting 41.1 Log Setting Overview You can configure where the Zyxel Device sends logs and which type of logs the Zyxel Device records in the Logs Setting screen. 41.2 Log Setting Use this screen to configure where the Zyxel Device sends logs, and which type of logs the Zyxel Device records.
Chapter 41 Log Setting The following table describes the fields in this screen. Table 163 Maintenance > Log Setting LABEL DESCRIPTION Syslog Settings Syslog Logging Click the switch (it will turn blue) to enable syslog logging. Mode Select Remote to have the Zyxel Device send it to an external syslog server. Select Local File to have the Zyxel Device save the log file on the Zyxel Device itself.
H A P T E R Firmware Upgrade 42.1 Overview This chapter explains how to upload new firmware to your Zyxel Device. You can download new firmware releases from your nearest Zyxel FTP site (or www.zyxel.com), or check for new firmware online, to use to upgrade your Zyxel Device’s performance.
Page 405
Chapter 42 Firmware Upgrade The following table describes the labels in this screen. Table 164 Maintenance > Firmware Upgrade LABEL DESCRIPTION Upgrade Firmware Restore Select this to enable this option that restores the factory-default to the Zyxel Device after Default upgrading the firmware.
Page 406
Chapter 42 Firmware Upgrade Figure 255 Network Temporarily Disconnected After 2 minutes, log in again and check your new firmware version in the Connection Status screen. If the upload was not successful, an error screen will appear. Click OK to go back to the Firmware Upgrade screen.
H A P T E R Backup/Restore 43.1 Backup/Restore Overview Information related to factory default settings and backup configuration are shown in this screen. You can also use this to restore previous device configurations. 43.2 Backup/Restore Click Maintenance > Backup/Restore. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
Page 408
Chapter 43 Backup/Restore Click Backup to save the Zyxel Device’s current configuration to your computer. Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your Zyxel Device. Table 165 Maintenance > Backup/Restore: Restore Configuration LABEL DESCRIPTION File Path...
Chapter 43 Backup/Restore Figure 260 Reset Warning Message Figure 261 Reset In Progress You can also press the RESET button on the panel to reset the factory defaults of your Zyxel Device. 43.3 Reboot System Reboot allows you to reboot the Zyxel Device remotely without turning the power off. You may need to do this if the Zyxel Device hangs, for example.
H A P T E R Diagnostic 44.1 Diagnostic Overview The Diagnostic screen displays information to help you identify problems with the Zyxel Device. The route between an Ethernet switch and one of its Customer-Premises Equipment (CPE) may go through switches owned by independent organizations. A connectivity fault point generally takes time to discover and impacts subscriber’s network access.
Chapter 44 Diagnostic 44.3 Ping/TraceRoute/Nslookup Test/ Speed Test Use this screen to ping, traceroute, nslookup, or speed test for troubleshooting. Ping and traceroute are used to test whether a particular host is reachable. After entering an IP address and clicking one of the buttons to start a test, the results will be shown in the Ping/Traceroute Test area.
Chapter 44 Diagnostic Table 166 Maintenance > Diagnostic (continued) LABEL DESCRIPTION Trace Route Click this button to perform the IPv4 trace route function. This determines the path a packet takes to the specified host. Trace Route 6 Click this button to perform the IPv6 trace route function. This determines the path a packet takes to the specified host.
Chapter 44 Diagnostic The following table describes the fields in this screen. Table 167 Maintenance > Diagnostic > 802.1ag LABEL DESCRIPTION 802.1ag Connectivity Fault Management IEEE 802.1ag Click this switch to enable or disable the IEEE802.1ag CFM specification, which allows network administrators to identify and manage connection faults.
Chapter 44 Diagnostic Figure 265 Maintenance > Diagnostic > 802.3ah The following table describes the labels in this screen. Table 168 Maintenance > Diagnostics > 802.3ah LABEL DESCRIPTION IEEE 802.3ah Ethernet OAM Click this switch to enable or disable the Ethernet OAM on the specified interface. When the switch goes to the right , the function is enabled.
Page 415
Chapter 44 Diagnostic B3 sends an OAM F4 or F5 packet to the DSLAM or ATM switch and then returns it to the DX5301-B2/B3. The test result then displays in the text box. ATM sets up virtual circuits over which end systems communicate. The terminology for virtual circuits is as follows: •...
Page 416
Chapter 44 Diagnostic Figure 267 Maintenance > Diagnostic > OAM Ping The following table describes the labels in this screen. Table 169 Maintenance > Diagnostics > OAM Ping LABEL DESCRIPTION Select a PVC on which you want to perform the loopback test. F4 segment Press this to perform an OAM F4 segment loopback test.
H A P T E R Troubleshooting 45.1 Overview This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power and Hardware Problems • Device Access Problems • Internet Problems •...
Chapter 45 Troubleshooting Turn the Zyxel Device off and on. If the problem continues, contact the vendor. 45.3 Device Access Problems I do not know the IP address of the Zyxel Device. The default IP address is 192.168.1.1. If you changed the IP address, you might be able to find the IP address of the Zyxel Device by looking up the IP address of your computer’s default gateway.
Page 420
Chapter 45 Troubleshooting Reset the Zyxel Device to its factory default, and try to access the Zyxel Device with the default IP address. If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions. Advanced Suggestions •...
Page 421
Chapter 45 Troubleshooting Step 1 Register for a DDNS Account on www.dyndns.org Open a browser and type http://www.dyndns.org. Apply for a user account. This tutorial uses UserName1 and 12345 as the username and password. Log into www.dyndns.org using your account. Add a new DDNS host name.
Chapter 45 Troubleshooting 45.4 Internet Problems I cannot access the Internet. Check the hardware connections and make sure the LEDs are behaving as expected. See the Quick Start Guide. Check the SIM card. Maybe it has wrong settings, the account has expired, it needs to be removed and reinserted (refer to the Quick Start Guide), or it is missing.
Chapter 45 Troubleshooting I cannot connect to the Internet using a cellular connection. The Internet connection is slow or intermittent. There might be a lot of traffic on the network. If the Zyxel Device is sending or receiving a lot of information, try closing some programs that use the Internet, especially peer-to-peer applications.
Chapter 45 Troubleshooting • Reduce the number of WiFi clients connecting to the same AP simultaneously, or add additional APs if necessary. • Try closing some programs that use the Internet, especially peer-to-peer applications. If the WiFi client is sending or receiving a lot of information, it may have too many programs open that use the Internet.
In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a Zyxel office for the region in which you bought the device. For Zyxel Communications offices, see https://service-provider.zyxel.com/global/en/contact-us for the latest information. For Zyxel Networks offices, see https://www.zyxel.com/index.shtml for the latest information.
Page 427
Appendix A Customer Support Czech Republic • Zyxel Communications Czech s.r.o • https://www.zyxel.com/cz/cs/ Denmark • Zyxel Communications A/S • https://www.zyxel.com/dk/da/ Finland • Zyxel Communications • https://www.zyxel.com/fi/fi/ France • Zyxel France • https://www.zyxel.fr Germany • Zyxel Deutschland GmbH • https://www.zyxel.com/de/de/ Hungary •...
Page 428
Appendix A Customer Support • https://www.zyxel.com/ro/ro Russia • Zyxel Russia • https://www.zyxel.com/ru/ru/ Slovakia • Zyxel Communications Czech s.r.o. organizacna zlozka • https://www.zyxel.com/sk/sk/ Spain • Zyxel Communications ES Ltd. • https://www.zyxel.com/es/es/ Sweden • Zyxel Communications • https://www.zyxel.com/se/sv/ Switzerland • Studerus AG •...
Page 429
Ecuador • Zyxel Communications Corporation • https://www.zyxel.com/co/es/ South America • Zyxel Communications Corporation • https://www.zyxel.com/co/es/ Middle East Israel • Zyxel Communications Corporation • http://il.zyxel.com/ North America • Zyxel Communications, Inc. – North America Headquarters • https://www.zyxel.com/us/en/ AX/DX/EX/PX Series User’s Guide...
P P E N D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C).
Page 431
Appendix B Wireless LANs Figure 269 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network. This wired connection between APs is called a Distribution System (DS).
Page 432
Appendix B Wireless LANs Figure 270 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area. You may have a choice of channels (for your region) so you should use a channel different from an adjacent AP (access point) to reduce interference.
Page 433
Appendix B Wireless LANs Figure 271 RTS/CTS When station A sends data to the AP, it might not know that the station B is already using the channel. If these two stations send data at the same time, collisions may occur when both sets of data arrive at the AP at the same time, resulting in a loss of messages for both stations.
Page 434
Appendix B Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard.
Page 435
Appendix B Wireless LANs • User based identification that allows for roaming. • Support for RADIUS (Remote Authentication Dial In User Service, RFC 2138, 2139) for centralized user profile and accounting management on a network RADIUS server. • Support for EAP (Extensible Authentication Protocol, RFC 2486) that allows additional authentication methods to be deployed with no changes to the access point or the WiFi clients.
Page 436
Appendix B Wireless LANs In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know. The key is not sent over the network. In addition to the shared key, password information exchanged is also encrypted to protect the network from unauthorized access.
Page 437
Appendix B Wireless LANs PEAP (Protected EAP) Like EAP-TTLS, server-side certificate authentication is used to establish a secure connection, then use simple username and password methods through the secured connection to authenticate the clients, thus hiding client identity. However, PEAP only supports EAP methods, such as EAP-MD5, EAP-MSCHAPv2 and EAP-GTC (EAP-Generic Token Card), for client authentication.
Page 438
Appendix B Wireless LANs gateway and WiFi client. As long as the passwords match, a WiFi client will be granted access to a WLAN. If the AP or the WiFi clients do not support WPA2, just use WPA or WPA-PSK depending on whether you have an external RADIUS server or not.
Page 439
Appendix B Wireless LANs Key caching allows a WiFi client to store the PMK it derived through a successful authentication with an AP. The WiFi client uses the PMK when it tries to connect to the same AP and does not need to go with the authentication process again.
Page 440
Appendix B Wireless LANs WPA(2)-PSK Application Example A WPA(2)-PSK application looks as follows. First enter identical passwords into the AP and all WiFi clients. The Pre-Shared Key (PSK) must consist of between 8 and 63 ASCII characters or 64 hexadecimal characters (including spaces and symbols). The AP checks each WiFi client's password and allows it to join the network only if the password matches.
Page 441
Appendix B Wireless LANs Table 173 Wireless Security Relational Matrix (continued) AUTHENTICATION METHOD/ ENCRYPTION ENTER MANUAL KEY MANAGEMENT IEEE 802.1X METHOD PROTOCOL TKIP/AES Enable WPA-PSK TKIP/AES Disable WPA2 TKIP/AES Enable WPA2-PSK TKIP/AES Disable Antenna Overview An antenna couples RF signals onto air. A transmitter within a wireless device sends an RF signal to the antenna, which propagates the signal through the air.
Page 442
Appendix B Wireless LANs • Directional antennas concentrate the RF signal in a beam, like a flashlight does with the light from its bulb. The angle of the beam determines the width of the coverage pattern. Angles typically range from 20 degrees (very directional) to 120 degrees (less directional). Directional antennas are ideal for hallways and outdoor point-to-point applications.
P P E N D I X IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 IP addresses.
Page 444
Appendix C IPv6 Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address. It is similar to “0.0.0.0” in IPv4. Loopback Address A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to “127.0.0.1” in IPv4.
Page 445
Appendix C IPv6 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 – 10, A – F). Each block’s 16 bits are then represented by four hexadecimal characters. For example, FFFF:FFFF:FFFF:FFFF:FC00:0000:0000:0000.
Page 446
Appendix C IPv6 DHCP Relay Agent A DHCP relay agent is on the same network as the DHCP clients and helps forward messages between the DHCP server and clients. When a client cannot use its link-local address and a well-known multicast address to locate a DHCP server on its network, it then needs a DHCP relay agent to send a message to a DHCP server that is not attached to the same network.
Page 447
Appendix C IPv6 receives a neighbor advertisement in response, it stores the neighbor’s link-layer address in the neighbor cache. When the Zyxel Device uses a router solicitation message to query for a router and receives a router advertisement message, it adds the router’s information to the neighbor cache, prefix list and destination cache.
Page 448
Appendix C IPv6 Click the Search icon ( ) and then type “cmd” in the search box.. Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix...
P P E N D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.
Page 450
Appendix D Services Table 179 Examples of Services NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined The IPSEC AH (Authentication Header) tunneling protocol uses this service. 5190 AOL’s Internet Messenger service. AUTH Authentication protocol used by some servers. Border Gateway Protocol. BOOTP_CLIENT DHCP Client.
Page 451
Appendix D Services Table 179 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION 2049 Network File System - NFS is a client/server distributed file service that provides transparent file sharing for network environments. NNTP Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service.
Page 452
Appendix D Services Table 179 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION TACACS Login Host Protocol used for (Terminal Access Controller Access Control System). TELNET Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments. It operates over TCP/IP networks.
Page 454
Appendix E Legal Information The following information applies if you use the product within the European Union and United Kingdom. Declaration of Conformity with Regard to EU Directive 2014/53/EU (Radio Equipment Directive, RED) and UK Regulation Model List: AX7501-B0, DX3300-T0, DX3301-T0, DX5301-B2, DX5301-B3, DX5401-B0, EX3300-T0, EX3301-T0, EX5300-B3, EX5301-B3, EX5501-B0, EX5401-B0, EX5600-T1, EX5601-T0, EX5601-T1, PX7501-B0 •...
Page 455
Appendix E Legal Information Eesti keel Käesolevaga kinnitab Zyxel seadme seadmed vastavust direktiivi 2014/53/EL põhinõuetele ja nimetatud direktiivist (Estonian) tulenevatele teistele asjakohastele sätetele. Ελληνικά ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ Zyxel ∆ΗΛΩΝΕΙ ΟΤΙ εξοπλισμός ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩ∆ΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ (Greek) ∆ΙΑΤΑΞΕΙΣ...
Page 456
Appendix E Legal Information List of national codes COUNTRY ISO 3166 2 LETTER CODE COUNTRY ISO 3166 2 LETTER CODE Austria Liechtenstein Belgium Lithuania Bulgaria Luxembourg Croatia Malta Cyprus Netherlands Czech Republic Norway Denmark Poland Estonia Portugal Finland Romania France Serbia Germany Slovakia...
Page 457
Appendix E Legal Information Environment Statement ErP (Energy-related Products) Zyxel products put on the EU and United Kingdom market in compliance with the requirement of the European Parliament and the Council published Directive 2009/125/EC and UK regulation establishing a framework for the setting of ecodesign requirements for energy-related products (recast), so called as "ErP Directive (Energy-related Products directive) as well as ecodesign requirement laid down in applicable implementing measures, power consumption has satisfied regulation requirements which are: •...
Page 459
Appendix E Legal Information Registration Register your product online at www.zyxel.com to receive e-mail notices of firmware upgrades and related information. Open Source Licenses This product may contain in part some free software distributed under GPL license terms and/or GPL-like licenses. To request the source code covered under these licenses, please go to: https://service-provider.zyxel.com/global/en/gpl-oss-software-notice.
Index Index Numbers 2.5G WAN backup configuration 2.5G WiFi LED 31, 37 backup configuration 5G WiFi LED Backup/Restore screen IPv6 bandwidth capacity cable type Basic Service Set, See BSS Basic Service Set, see BSS blinking LEDs bottom panel access buttons troubleshooting Bridge mode 157, 166...
Page 461
Index public and private keys creating certificates verification CTS (Clear to Send) Certificate Authority CTS threshold 196, 203 See CA. customer support certificate request customized service create view customized services certificates advantages authentication 333, 340 creating public key data fragment threshold 196, 203 replacing DDoS...
Page 462
Index Dual Stack Lite file sharing dual-band application filters MAC address 191, 204 dual-band gateway Finger services dynamic DNS wildcard firewall enhancing security Dynamic Host Configuration Protocol, see DHCP LAND attack dynamic WEP key exchange security considerations DYNDNS wildcard traffic rule direction Firewall DoS screen Firewall General screen firewall rules...
Page 463
Index Internet Protocol version 6 Internet Protocol version 6, see IPv6 Intra LAN Multicast hidden node IP address Home Security URL filtering private HTTP IP address assignment IP alias NAT applications IP over Ethernet IBSS IP packet ICMP transmission method ICMPv6 IPoE technical reference IEEE 802.11ax...
Page 464
Index LAN IPv6 Mode Setup Maintenance End Point, see MEP LAN Setup screen Management Information Base (MIB) LAN subnet mask managing the device good habits LAN to LAN multicast Maximum Burst Size (MBS) LAND attack MBSSID 2.4G WiFi media server 31, 37 5G WiFi activation...
Page 465
Index services port forwarding rule add/edit NAT ALG screen 274, 275, 278 Port Forwarding screen 267, 268 NAT example Port Triggering Network Address Translation, see NAT add new rule network disconnect Port Triggering screen temporary ports network map ports panel NNTP buttons Nslookup test...
Page 466
Index messages Manager shared secret key managers Reboot screen network components reset RESET button 44, 49, 52 Trap using versions reset to factory defaults SNMP trap restart system restore default settings srTCM after firmware upgrade restoring configuration unusable RFC 1058, see RIP SSID RFC 1389, see RIP activation...
Page 467
Index Telnet unusable thresholds data fragment 196, 203 RTS/CTS 196, 203 time TPID Trace Route test traffic shaping transmission speed cable type troubleshooting trTCM Trust Domain Trust Domain screen Trusted CA certificate view Trusted CA screen Two Rate Three Color Marker, see trTCM TWT (Target Wakeup Time) unicast Universal Plug and Play, see UPnP...
Page 468
Index Vendor ID Virtual Circuit (VC) Virtual Local Area Network See VLAN VLAN Introduction VLAN ID VLAN tag Wake on LAN status Wide Area Network, see WAN WAN IP address warranty note Web Configurator login password WEP Encryption WiFi MBSSID Wi-Fi Protected Access WiFi standards comparison table...
Page 469
Index status 206, 208 example limitations push button wireless security Wireless tutorial wizard setup Internet WLAN interference security parameters WLAN button WMM screen 186, 437 key caching pre-authentication user authentication vs WPA-PSK wireless client supplicant with RADIUS application example WPA2 186, 437 user authentication vs WPA2-PSK...
Page 470
Index Zyxel Device managing AX/DX/EX/PX Series User’s Guide...
Need help?
Do you have a question about the AX Series and is the answer not in the manual?
Questions and answers