ZyXEL Communications VMG1312-B10B Series User Manual
ZyXEL Communications VMG1312-B10B Series User Manual

ZyXEL Communications VMG1312-B10B Series User Manual

Wireless n vdsl2 4-port gateway with usb
Table of Contents

Advertisement

Quick Links

VMG1312-B10B and VMG1312-
B30B Series
Wireless N VDSL2 4-port Gateway with USB
Version 1.00
Edition 1, 11/2013
Quick Start Guide
User's Guide
Default Login Details
LAN IP Address
Login
Password
www.zyxel.com
http://192.168.1.1
admin
1234
Copyright © 2013 ZyXEL Communications Corporation

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the VMG1312-B10B Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for ZyXEL Communications VMG1312-B10B Series

  • Page 1 VMG1312-B10B and VMG1312- B30B Series Wireless N VDSL2 4-port Gateway with USB Version 1.00 Edition 1, 11/2013 Quick Start Guide User’s Guide Default Login Details LAN IP Address http://192.168.1.1 Login admin Password 1234 www.zyxel.com Copyright © 2013 ZyXEL Communications Corporation...
  • Page 2 IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
  • Page 3: Table Of Contents

    Contents Overview Contents Overview User’s Guide ............................15 Introducing the Device ..........................17 The Web Configurator ..........................23 Quick Start ...............................31 Tutorials ..............................33 Technical Reference ..........................69 Network Map and Status Screens ......................71 Broadband ...............................75 Wireless ..............................101 Home Networking ..........................137 Routing ..............................161 Quality of Service (QoS) ........................167 Network Address Translation (NAT) ......................185 Dynamic DNS Setup ..........................201 Interface Group .............................205...
  • Page 4 Contents Overview Configuration ............................293 Diagnostic .............................297 Troubleshooting ............................303 VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 5: Table Of Contents

    Table of Contents Table of Contents Contents Overview ..........................3 Table of Contents ..........................5 Part I: User’s Guide ..................15 Chapter 1 Introducing the Device ........................17 1.1 Overview ............................17 1.2 Ways to Manage the Device ......................17 1.3 Good Habits for Managing the Device ....................17 1.4 Applications for the Device .......................18 1.4.1 Internet Access ........................18 1.4.2 Device’s USB Support ......................19...
  • Page 6 Table of Contents 4.3.1 Configuring the Wireless Network Settings ................36 4.3.2 Using WPS ..........................38 4.3.3 Without WPS ...........................42 4.4 Setting Up Multiple Wireless Groups ....................43 4.5 Configuring Static Route for Routing to Another Network ..............47 4.6 Configuring QoS Queue and Class Setup ..................50 4.7 Access the Device Using DDNS .......................53 4.7.1 Registering a DDNS Account on www.dyndns.org ..............53 4.7.2 Configuring DDNS on Your Device ..................54...
  • Page 7 Table of Contents Chapter 7 Wireless .............................101 7.1 Overview ............................101 7.1.1 What You Can Do in this Chapter ..................101 7.1.2 What You Need to Know ......................102 7.2 The General Screen ........................102 7.2.1 No Security ..........................105 7.2.2 Basic (WEP Encryption) ......................105 7.2.3 Basic (802.1X) ........................107 7.2.4 More Secure (WPA(2)-PSK) ....................109 7.2.5 WPA(2) Authentication ......................
  • Page 8 Table of Contents 8.8 The STB Vendor ID Screen ......................155 8.9 The LAN VLAN Screen ........................156 8.10 Technical Reference ........................156 8.10.1 LANs, WANs and the Device ....................157 8.10.2 DHCP Setup ........................157 8.10.3 DNS Server Addresses .......................157 8.10.4 LAN TCP/IP .........................158 Chapter 9 Routing ..............................161 9.1 Overview ............................161...
  • Page 9 Table of Contents 11.4.1 Add/Edit Port Triggering Rule .....................192 11.5 The DMZ Screen ...........................193 11.6 The ALG Screen ..........................194 11.7 The Address Mapping Screen .......................194 11.7.1 Add/Edit Address Mapping Rule ..................195 11.8 Technical Reference ........................196 11.8.1 NAT Definitions ........................196 11.8.2 What NAT Does ........................197 11.8.3 How NAT Works ........................198 11.8.4 NAT Application ........................199 Chapter 12...
  • Page 10 Table of Contents 15.1.2 What You Need to Know ......................218 15.2 The Firewall Screen ........................219 15.3 The Service Screen ........................219 15.3.1 Add/Edit a Service ......................220 15.4 The Access Control Screen ......................221 15.4.1 Add/Edit an ACL Rule ......................222 15.5 The DoS Screen ..........................224 Chapter 16 MAC Filter............................225 16.1 Overview ............................225...
  • Page 11 Table of Contents 20.3 Technical Reference ........................247 20.3.1 IPSec Architecture .......................247 20.3.2 Encapsulation ........................248 20.3.3 IKE Phases .........................249 20.3.4 Negotiation Mode ........................250 20.3.5 IPSec and NAT ........................251 20.3.6 VPN, NAT, and NAT Traversal .....................251 20.3.7 Pre-Shared Key ........................252 20.3.8 Diffie-Hellman (DH) Key Groups ..................252 Chapter 21 Log ..............................253 21.1 Overview ............................253...
  • Page 12 Table of Contents 26.1 The xDSL Statistics Screen ......................267 Chapter 27 3G Statistics .............................271 27.1 Overview ............................271 27.2 The 3G Statistics Screen .......................271 Chapter 28 User Account ............................273 28.1 Overview ............................273 28.2 The User Account Screen ......................273 Chapter 29 Remote Management........................275 29.1 Overview ............................275 29.2 The Remote MGMT Screen ......................275 Chapter 30...
  • Page 13 Table of Contents Chapter 35 Firmware Upgrade ..........................291 35.1 Overview ............................291 35.2 The Firmware Screen ........................291 Chapter 36 Configuration ............................293 36.1 Overview ............................293 36.2 The Configuration Screen ......................293 36.3 The Reboot Screen ........................295 Chapter 37 Diagnostic ............................297 37.1 Overview ............................297 37.1.1 What You Can Do in this Chapter ..................297 37.2 What You Need to Know .......................297 37.3 Ping &...
  • Page 14 Table of Contents VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 15: User's Guide

    User’s Guide...
  • Page 17: Introducing The Device

    H A PT ER Introducing the Device 1.1 Overview The Device is a wireless VDSL router. It has a DSL port for super-fast Internet access over analog (POTS) telephone lines. The Device supports both Packet Transfer Mode (PTM) and Asynchronous Transfer Mode (ATM).
  • Page 18: Applications For The Device

    Chapter 1 Introducing the Device 1.4 Applications for the Device Here are some example uses for which the Device is well suited. 1.4.1 Internet Access Your Device provides shared Internet access by connecting the DSL port to the DSL or MODEM jack on a splitter or your telephone jack.
  • Page 19: Device's Usb Support

    Chapter 1 Introducing the Device 1.4.2 Device’s USB Support The USB port of the Device is used for file-sharing. File Sharing Use the built-in USB 2.0 port to share files on a USB memory stick or a USB hard drive (B). You can connect one USB hard drive to the Device at a time.
  • Page 20: Leds (Lights)

    Chapter 1 Introducing the Device 1.5 LEDs (Lights) The following graphic displays the labels of the LEDs. Figure 4 LEDs on the Device None of the LEDs are on if the Device is not receiving power. Table 1 LED Descriptions COLOR STATUS DESCRIPTION...
  • Page 21: The Reset Button

    Chapter 1 Introducing the Device Table 1 LED Descriptions (continued) COLOR STATUS DESCRIPTION ETHERNET Green The Device has a successful 100 Mbps Ethernet connection with a device on the Local Area Network (LAN). Blinking The Device is sending or receiving data to/from the LAN at 100 Mbps. The Device does not have an Ethernet connection with the LAN.
  • Page 22: Using The Wlan/Wps Button

    Chapter 1 Introducing the Device You can configure your wireless network in either the built-in Web Configurator, or using the WPS button. Figure 5 Wireless Access Example 1.7.1 Using the WLAN/WPS Button If the wireless network is turned off, press the WLAN/WPS button at the back of the Device for one second.
  • Page 23: The Web Configurator

    H A PT ER The Web Configurator 2.1 Overview The web configurator is an HTML-based management interface that allows easy device setup and management via Internet browser. Use Internet Explorer 6.0 and later versions or Mozilla Firefox 3 and later versions or Safari 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
  • Page 24 Chapter 2 The Web Configurator A password screen displays. To access the administrative web configurator and manage the Device, type the default username admin and password 1234 in the password screen and click Login. If advanced account security is enabled (see Section 28.2 on page 273) the number of dots that appears when you type the password changes randomly to prevent anyone watching the password...
  • Page 25 Chapter 2 The Web Configurator After you finished or closed the Quick Start Wizard screen, the Network Map page appears. Figure 8 Network Map Click Status to display the Status screen, where you can view the Device’s interface and system information.
  • Page 26: Web Configurator Layout

    Chapter 2 The Web Configurator 2.2 Web Configurator Layout Figure 9 Screen Layout As illustrated above, the main screen is divided into these parts: • A - title bar • B - main window • C - navigation panel 2.2.1 Title Bar The title bar provides some icons in the upper right corner.
  • Page 27: Main Window

    Chapter 2 The Web Configurator 2.2.2 Main Window The main window displays information and configuration fields. It is discussed in the rest of this document. After you click Status on the Connection Status page, the Status screen is displayed. See Chapter 5 on page 72 for more information about the Status screen.
  • Page 28: Navigation Panel

    Chapter 2 The Web Configurator 2.2.3 Navigation Panel Use the menu items on the navigation panel to open screens to configure Device features. The following tables describe each menu item. Table 3 Navigation Panel Summary LINK FUNCTION Connection Status This screen shows the network status of the Device and computers/ devices connected to it.
  • Page 29 Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK FUNCTION General Use this screen to enable QoS and traffic prioritizing. You can also configure the QoS rules and actions. Queue Setup Use this screen to configure QoS queues. Class Setup Use this screen to define a classifier.
  • Page 30 Chapter 2 The Web Configurator Table 3 Navigation Panel Summary (continued) LINK FUNCTION Traffic Status Use this screen to view the status of all network traffic going through the WAN port of the Device. Use this screen to view the status of all network traffic going through the LAN ports of the Device.
  • Page 31: Quick Start

    H A PT ER Quick Start 3.1 Overview Use the Quick Start screens to configure the Device’s time zone, basic Internet access, and wireless settings. Note: See the technical reference chapters (starting on page 69) for background information on the features in this chapter. 3.2 Quick Start Setup The Quick Start Wizard appears automatically after login.
  • Page 32 Chapter 3 Quick Start Enter your Internet connection information in this screen. The screen and fields to enter may vary depending on your current connection type. Click Next. Click Next. Figure 12 Internet Connection Turn the wireless LAN on or off. If you keep it on, record the security settings so you can configure your wireless clients to connect to the Device.
  • Page 33: Tutorials

    H A PT ER Tutorials 4.1 Overview This chapter shows you how to use the Device’s various features. • Setting Up an ADSL PPPoE Connection, see page 33 • Setting Up a Secure Wireless Network, see page 36 • Setting Up Multiple Wireless Groups, see page 43 •...
  • Page 34 Chapter 4 Tutorials Connection Mode Routing Encapsulation PPPoE IPv6/IPv4 Mode IPv4 ATM PVC Configuration VPI/VCI 36/48 Encapsulation Mode LLC/SNAP-Bridging Service Category UBR without PCR Account Information PPP User Name 1234@DSL-Ex.com PPP Password ABCDEF! PPPoE Service Name MyDSL Static IP Address 192.168.1.32 Others PPPoE Passthrough: Disabled...
  • Page 35 Chapter 4 Tutorials Click Apply to save your settings. VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 36: Setting Up A Secure Wireless Network

    Chapter 4 Tutorials You should see a summary of your new DSL connection setup in the Broadband screen as follows. Try to connect to a website to see if you have correctly set up your Internet connection. Be sure to contact your service provider for any information you need to configure the WAN screens.
  • Page 37 Chapter 4 Tutorials Click Network Setting > Wireless to open the General screen. Select More Secure as the security level and WPA2-PSK as the security mode. Configure the screen using the provided parameters (see page 36). Click Apply. VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 38: Using Wps

    Chapter 4 Tutorials Go to the Wireless > Others screen and select 802.11b/g/n Mixed in the 802.11 Mode field. Click Apply. Thomas can now use the WPS feature to establish a wireless connection between his notebook and the Device (see Section 4.3.2 on page 38).
  • Page 39 Chapter 4 Tutorials Push and hold the WPS button located on the Device’s front panel for more than 5 seconds. Alternatively, you may log into Device’s web configurator and go to the Network Setting > Wireless > WPS screen. Enable the WPS function and click Apply. Then click the Connect button. Note: Your Device has a WPS button located on its front panel as well as a WPS button in its configuration utility.
  • Page 40 Chapter 4 Tutorials The following figure shows you an example of how to set up a wireless network and its security by pressing a button on both Device and wireless client. Example WPS Process: PBC Method Wireless Client Device WLAN/ WITHIN 2 MINUTES Press and hold for 5 seconds...
  • Page 41 Chapter 4 Tutorials PIN Configuration When you use the PIN configuration method, you need to use both the Device’s web configurator and the wireless client’s utility. Launch your wireless client’s configuration utility. Go to the WPS settings and select the PIN method to get a PIN number.
  • Page 42: Without Wps

    Chapter 4 Tutorials The following figure shows you how to set up a wireless network and its security on a Device and a wireless client by using PIN method. Example WPS Process: PIN Method Wireless Client ZyXEL Device WITHIN 2 MINUTES Authentication by PIN SECURITY INFO COMMUNICATION...
  • Page 43: Setting Up Multiple Wireless Groups

    Chapter 4 Tutorials 4.4 Setting Up Multiple Wireless Groups Company A wants to create different wireless network groups for different types of users as shown in the following figure. Each group has its own SSID and security mode. Company Guest •...
  • Page 44 Chapter 4 Tutorials Click Network Setting > Wireless to open the General screen. Use this screen to set up the company’s general wireless network group. Configure the screen using the provided parameters and click Apply. Click Network Setting > Wireless > More AP to open the following screen. Click the Edit icon to configure the second wireless network group.
  • Page 45 Chapter 4 Tutorials Configure the screen using the provided parameters and click Apply. VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 46 Chapter 4 Tutorials In the More AP screen, click the Edit icon to configure the third wireless network group.Configure the screen using the provided parameters and click Apply. Check the status of VIP and Guest in the More AP screen. The yellow bulbs signify that the SSIDs are active and ready for wireless access.
  • Page 47: Configuring Static Route For Routing To Another Network

    Chapter 4 Tutorials 4.5 Configuring Static Route for Routing to Another Network In order to extend your Intranet and control traffic flowing directions, you may connect a router to the Device’s LAN. The router may be used to separate two department networks. This tutorial shows how to configure a static routing rule for two network routings.
  • Page 48 Chapter 4 Tutorials This tutorial uses the following example IP settings: Table 4 IP Settings in this Tutorial DEVICE / COMPUTER IP ADDRESS The Device’s WAN 172.16.1.1 The Device’s LAN 192.168.1.1 IP Type IPv4 Use Interface ADSL/atm0 192.168.1.34 R’s N1 192.168.1.253 R’s N2 192.168.10.2...
  • Page 49 Chapter 4 Tutorials Click OK. Now B should be able to receive traffic from A. You may need to additionally configure B’s firewall settings to allow specific traffic to pass through. VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 50: Configuring Qos Queue And Class Setup

    Chapter 4 Tutorials 4.6 Configuring QoS Queue and Class Setup This section contains tutorials on how you can configure the QoS screen. Let’s say you are a team leader of a small sales branch office. You want to prioritize e-mail traffic because your task includes sending urgent updates to clients at least twice every hour.
  • Page 51 Chapter 4 Tutorials Click Network Setting > QoS > General and select Enable. Set your WAN Managed Upstream Bandwidth to 10,000 kbps (or leave this blank to have the Device automatically determine this figure). Click Apply. Tutorial: Advanced > QoS Click Queue Setup >...
  • Page 52 Chapter 4 Tutorials Click Class Setup > Add new Classifier to create a new class. Check Active and follow the settings as shown in the screen below. Tutorial: Advanced > QoS > Class Setup Class Name Give a class name to this traffic, such as E-mail in this example. From This is the interface from which the traffic will be coming from.
  • Page 53: Access The Device Using Ddns

    Chapter 4 Tutorials This maps e-mail traffic coming from port 25 to the highest priority, which you have created in the previous screen (see the IP Protocol field). This also maps your computer’s IP address and MAC address to the E-mail queue (see the Source fields). Verify that the queue setup works by checking Network Setting >...
  • Page 54: Configuring Ddns On Your Device

    Chapter 4 Tutorials 4.7.2 Configuring DDNS on Your Device Configure the following settings in the Network Setting > DNS > Dynamic DNS screen. • Select Enable Dynamic DNS. • Select www.DynDNS.com as the service provider. • Type zyxelrouter.dyndns.org in the Host Name field. •...
  • Page 55: Configuring The Mac Address Filter

    Chapter 4 Tutorials 4.8 Configuring the MAC Address Filter Thomas noticed that his daughter Josephine spends too much time surfing the web and downloading media files. He decided to prevent Josephine from accessing the Internet so that she can concentrate on preparing for her final exams. Josephine’s computer connects wirelessly to the Internet through the Device.
  • Page 56: Access Your Shared Files From A Computer

    Chapter 4 Tutorials Thomas can also grant access to the computers of other members of his family and friends. However, Josephine and others not listed in this screen will no longer be able to access the Internet through the Device. 4.9 Access Your Shared Files From a Computer Here is how to use an FTP program to access a file storage device connected to the Device’s USB port.
  • Page 57: Using The Media Server Feature

    Chapter 4 Tutorials 4.10 Using the Media Server Feature Use the media server feature to play files on a computer or on your television (using DMA-2500). This section shows you how the media server feature works using the following media clients: •...
  • Page 58 Chapter 4 Tutorials Windows Vista Open Windows Media Player and click Library > Media Sharing as follows. Tutorial: Media Sharing using Windows Vista Check Find media that others are sharing in the following screen and click OK. Tutorial: Media Sharing using Windows Vista (2) VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 59 Chapter 4 Tutorials In the Library screen, check the left panel. The Windows Media Player should detect the Device. Tutorial: Media Sharing using Windows Vista (3) The Device displays as a playlist. Clicking on the category icons in the right panel shows you the media files in the USB storage device attached to your Device.
  • Page 60: Using A Digital Media Adapter

    Chapter 4 Tutorials Select a category in the left panel and wait for Windows Media Player to connect to the Device. Tutorial: Media Sharing using Windows 7 (2) In the right panel, you should see a list of files available in the USB storage device. Tutorial: Media Sharing using Windows 7 (2) 4.10.3 Using a Digital Media Adapter This section shows you how you can use the Device with a ZyXEL DMA-2500 to play media files...
  • Page 61 Chapter 4 Tutorials Connect the DMA-2500 to an available LAN port in your Device. Tutorial: Media Server Setup (Using DMA) USB Storage Device DMA-2500 ZyXEL Device Turn on the TV and wait for the DMA-2500 Home screen to appear. Using the remote control, go to MyMedia to open the following screen.
  • Page 62: Using The Print Server Feature

    Chapter 4 Tutorials 4.11 Using the Print Server Feature The Device allows you to share a USB printer on your LAN. You can do this by connecting a USB printer to one of the USB ports on the Device and then adding the printer on the computers connected to your network.
  • Page 63 Chapter 4 Tutorials Click Start > Control Panel > Devices and Printers to open the Devices and Printers screen. Click Add a printer. Tutorial: Printers Folder The Add Printer wizard screen displays. Click Add a network, wireless or Bluetooth printer. Tutorial: Add Printer Wizard: Welcome VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 64 Chapter 4 Tutorials Click The printer that I want isn’t listed. Tutorial: Add Printer Wizard: Welcome VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 65 Chapter 4 Tutorials Select the Select a shared printer by name option. Enter the URL for your printer, http:// 192.168.1.1:631/printers/USB_PRINTER, in this example. This URL can be found in the Device’s Web Configurator on the Network Setting > USB Service > Printer Server screen. Click Next.
  • Page 66 Chapter 4 Tutorials On your desktop, double-click the Macintosh HD icon to open the Macintosh HD window. Tutorial: Macintosh HD Double-click the Applications folder. Tutorial: Macintosh HD folder Double-click the Utilities folder. Tutorial: Applications Folder Double-click the Print Center icon. Tutorial: Utilities Folder Click the Add icon at the top of the screen.
  • Page 67 Chapter 4 Tutorials In the Printer’s Address field, type the IP address of your Device. Deselect the Use default queue on server check box. 10 Type LP1 in the Queue Name field. 11 Select your Printer Model from the drop-down list box. If the printer's model is not listed, select Generic.
  • Page 68 Chapter 4 Tutorials Your Macintosh print server driver setup is complete. You can now use the Device’s print server to print from a Macintosh computer. VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 69: Technical Reference

    Technical Reference...
  • Page 71: Network Map And Status Screens

    H A PT ER Network Map and Status Screens 5.1 Overview After you log into the Web Configurator, the Network Map screen appears. This shows the network connection status of the Device and clients connected to it. You can use the Status screen to look at the current status of the Device, system resources, and interfaces (LAN, WAN, and WLAN).
  • Page 72: The Status Screen

    Chapter 5 Network Map and Status Screens In Icon Mode, if you want to view information about a client, click the client’s name and Info. Click the IP address if you want to change it. If you want to change the name or icon of the client, click Change icon/name.
  • Page 73 Chapter 5 Network Map and Status Screens Each field is described in the following table. Table 5 Status Screen LABEL DESCRIPTION Refresh Interval Select how often you want the Device to update this screen. Device Information Host Name This field displays the Device system name. It is used for identification. Model This shows the model number of your Device.
  • Page 74 Chapter 5 Network Map and Status Screens Table 5 Status Screen (continued) LABEL DESCRIPTION System Resource CPU Usage This field displays what percentage of the Device’s processing ability is currently used. When this percentage is close to 100%, the Device is running at full load, and the throughput is not going to improve anymore.
  • Page 75: Broadband

    H A PT ER Broadband 6.1 Overview This chapter discusses the Device’s Broadband screens. Use these screens to configure your Device for Internet access. A WAN (Wide Area Network) connection is an outside connection to another network or the Internet. It connects your private networks, such as a LAN (Local Area Network) and other networks, so that a computer in one location can communicate with computers in other locations.
  • Page 76: What You Need To Know

    Chapter 6 Broadband • Use the Advanced screen to enable or disable PTM over ADSL, Annex M/Annex J, and DSL PhyR functions (Section 6.4 on page 91). • Use the 8021x screen to view and configure the IEEE 802.1X settings on the Device (Section 6.5 on page 92).
  • Page 77 Chapter 6 Broadband If your ISP assigns you a static WAN IP address, they should also assign you the subnet mask and DNS server IP address(es). Asynchronous Transfer Mode (ATM) is a WAN networking technology that provides high-speed data transfer. ATM uses fixed-size packets of information called cells. With ATM, a high QoS (Quality of Service) can be guaranteed.
  • Page 78: Before You Begin

    Chapter 6 Broadband compose the network address. The prefix length is written as “/x” where x is a number. For example, 2001:db8:1a2b:15::1a2f:0/32 means that the first 32 bits (2001:db8) is the subnet prefix. IPv6 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation.
  • Page 79 Chapter 6 Broadband Table 7 Network Setting > Broadband (continued) LABEL DESCRIPTION IGMP Proxy This shows whether the Device act as an IGMP proxy on this connection. This shows whether NAT is activated or not for this connection. Default This shows whether the Device use the WAN interface of this connection as the system Gateway default gateway.
  • Page 80: Add/Edit Internet Connection

    Chapter 6 Broadband 6.2.1 Add/Edit Internet Connection Click Add new WAN Interface in the Broadband screen or the Edit icon next to an existing WAN interface to configure a WAN connection. The screen varies depending on the interface type, mode, encapsulation, and IPv6/IPv4 mode you select.
  • Page 81 Chapter 6 Broadband Table 8 Routing Mode (continued) LABEL DESCRIPTION Mode Select Routing if your ISP give you one IP address only and you want multiple computers to share an Internet account. Encapsulation Select the method of encapsulation used by your ISP from the drop-down list box. This option is available only when you select Routing in the Mode field.
  • Page 82 Chapter 6 Broadband Table 8 Routing Mode (continued) LABEL DESCRIPTION Sustainable The Sustainable Cell Rate (SCR) sets the average cell rate (long-term) that can be Cell Rate transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec.
  • Page 83 Chapter 6 Broadband Table 8 Routing Mode (continued) LABEL DESCRIPTION Apply as Select this option to have the Device use the WAN interface of this connection as the system Default default gateway. Gateway DNS Server This is available only when you select IPv4 Only or IPv6/IPv4 DualStack in the IPv6/ IPv4 Mode field.
  • Page 84 Chapter 6 Broadband Table 8 Routing Mode (continued) LABEL DESCRIPTION IPv6 DNS Enter the first IPv6 DNS server address assigned by the ISP. Server 1 IPv6 DNS Enter the second IPv6 DNS server address assigned by the ISP. Server 2 VLAN These fields appear when the Type is set to ADSL/VDSL over PTM.
  • Page 85 Chapter 6 Broadband The following table describes the fields in this screen. Table 9 Bridge Mode (ADSL/VDSL over PTM) LABEL DESCRIPTION General Active Select this to activate the WAN configuration settings. Name Enter a service name of the connection. Type Select ADSL/VDSL over PTM as the interface that you want to configure.
  • Page 86 Chapter 6 Broadband The following table describes the fields in this screen. Table 10 Bridge Mode (ADSL over ATM) LABEL DESCRIPTION General Active Select this to activate the WAN configuration settings. Name Enter a service name of the connection. Type Select ADSL over ATM as the interface for which you want to configure here.
  • Page 87: The 3G Backup Screen

    Chapter 6 Broadband Table 10 Bridge Mode (ADSL over ATM) (continued) LABEL DESCRIPTION Sustainable Cell The Sustainable Cell Rate (SCR) sets the average cell rate (long-term) that can be Rate transmitted. Type the SCR, which must be less than the PCR. Note that system default is 0 cells/sec.
  • Page 88 Chapter 6 Broadband Note: The actual data rate you obtain varies depending the 3G card you use, the signal strength to the service provider’s base station, and so on. Figure 23 Network Setting > Broadband > 3G Backup The following table describes the labels in this screen. Table 11 Network Setting >...
  • Page 89 Chapter 6 Broadband Table 11 Network Setting > Broadband > 3G Backup (continued) LABEL DESCRIPTION Username Type the user name (of up to 64 ASCII printable characters) given to you by your service provider. Password Type the password (of up to 64 ASCII printable characters) associated with the user name above.
  • Page 90 Chapter 6 Broadband Table 11 Network Setting > Broadband > 3G Backup (continued) LABEL DESCRIPTION Data Budget Select this and specify how much downstream and/or upstream data (in Mega bytes) can be (Mbytes) transmitted via the 3G connection within one month. Select Download/Upload to set a limit on the total traffic in both directions.
  • Page 91: The Advanced Screen

    Chapter 6 Broadband Table 11 Network Setting > Broadband > 3G Backup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes back to the Device. Cancel Click Cancel to return to the previous configuration. 6.4 The Advanced Screen Use the Advanced screen to enable or disable PTM over ADSL, Annex M/Annex J, and DSL PhyR functions.
  • Page 92: The 8021X Screen

    Chapter 6 Broadband Table 12 Network Setting > Network Setting > Broadband (continued) LABEL DESCRIPTION PhyR DS Enable or disable PhyR DS (downstream) for downstream transmission from the WAN. PhyR DS should be enabled if data being transmitted downstream is sensitive to noise. However, enabling PhyR DS can decrease the DS line rate.
  • Page 93: Edit 802.1X Settings

    Chapter 6 Broadband 6.5.1 Edit 802.1X Settings Use this screen to edit 802.1X authentication settings. Click the Edit icon next to the rule you want to edit. The screen shown next appears. Figure 27 802.1x: Add/Edit The following table describes the labels in this screen. Table 14 802.1x: Add/Edit LABEL DESCRIPTION...
  • Page 94: Technical Reference

    Chapter 6 Broadband Figure 28 Network Setting > Broadband > Ethernet WAN The following table describes the fields in this screen. Table 15 Network Setting > Broadband > Ethernet WAN LABEL DESCRIPTION State Select Enable to use the Ethernet LAN port as a WAN port on the Device. Apply Click Apply to save your changes back to the Device.
  • Page 95 Chapter 6 Broadband PPP over Ethernet (PPPoE) Point-to-Point Protocol over Ethernet (PPPoE) provides access control and billing functionality in a manner similar to dial-up services using PPP. PPPoE is an IETF standard (RFC 2516) specifying how a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.) connection.
  • Page 96 Chapter 6 Broadband Peak Cell Rate (PCR) is the maximum rate at which the sender can send cells. This parameter may be lower (but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec.
  • Page 97 Chapter 6 Broadband specified) but is only available when data is being sent. An example of an VBR-RT connection would be video conferencing. Video conferencing requires real-time data transfers and the bandwidth requirement varies in proportion to the video image's changing dynamics. The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not require closely controlled delay and delay variation.
  • Page 98 Chapter 6 Broadband number of 4,096 VLANs. Note that user priority and VLAN ID are independent of each other. A frame with VID (VLAN Identifier) of null (0) is called a priority frame, meaning that only the priority level is significant and the default VID of the ingress port is given as the VID of the frame. Of the 4096 possible VIDs, a VID of 0 is used to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible VLAN configurations are 4,094.
  • Page 99 Chapter 6 Broadband • Leading zeros in a block can be omitted. So 2001:0db8:1a2b:0015:0000:0000:1a2f:0000 can be written as 2001:db8:1a2b:15:0:0:1a2f:0. • Any number of consecutive blocks of zeros can be replaced by a double colon. A double colon can only appear once in an IPv6 address. So 2001:0db8:0000:0000:1a2f:0000:0000:0015 can be written as 2001:0db8::1a2f:0000:0000:0015, 2001:0db8:0000:0000:1a2f::0015, 2001:db8::1a2f:0:0:15 or 2001:db8:0:0:1a2f::15.
  • Page 100 Chapter 6 Broadband VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 101: Wireless

    H A PT ER Wireless 7.1 Overview This chapter describes the Device’s Network Setting > Wireless screens. Use these screens to set up your Device’s wireless connection. 7.1.1 What You Can Do in this Chapter This section describes the Device’s Wireless screens. Use these screens to set up your Device’s wireless connection.
  • Page 102: What You Need To Know

    Chapter 7 Wireless 7.1.2 What You Need to Know Wireless Basics “Wireless” is essentially radio communication. In the same way that walkie-talkie radios send and receive information over the airwaves, wireless networking devices exchange information with one another. A wireless networking device is just like a radio that lets your computer exchange information with radios attached to other computers.
  • Page 103 Chapter 7 Wireless Click Network Setting > Wireless to open the General screen. Figure 30 Network Setting > Wireless > General VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 104 Chapter 7 Wireless The following table describes the general wireless LAN labels in this screen. Table 16 Network Setting > Wireless > General LABEL DESCRIPTION Wireless Network Setup Wireless You can Enable or Disable the wireless LAN in this field. Band This shows the wireless band which this radio profile is using.
  • Page 105: No Security

    Chapter 7 Wireless Table 16 Network Setting > Wireless > General (continued) LABEL DESCRIPTION Maximum Specify the maximum rate for downstream wireless traffic to this WLAN from the WAN in Downstream kilobits per second (Kbps). Bandwidth BSSID This shows the MAC address of the wireless interface on the Device when wireless LAN is enabled.
  • Page 106 Chapter 7 Wireless Note: WEP is extremely insecure. Its encryption can be broken by an attacker, using widely-available software. It is strongly recommended that you use a more effective security mechanism. Use the strongest security mechanism that all the wireless devices in your network support. For example, use WPA-PSK or WPA2-PSK if all your wireless devices support it, or use WPA or WPA2 if your wireless devices support it and you have a RADIUS server.
  • Page 107: Basic (802.1X)

    Chapter 7 Wireless Table 18 Wireless > General: Basic (WEP) (continued) LABEL DESCRIPTION more.../less Click more... to show more fields in this section. Click less to hide them. WEP Encryption Select 64-bits or 128-bits. This dictates the length of the security key that the network is going to use. 7.2.3 Basic (802.1X) Use this screen to configure 802.1X encryption and authentication.
  • Page 108 Chapter 7 Wireless Table 19 Wireless > General: Basic (802.1X) (continued) LABEL DESCRIPTION Password 1~4 The password (WEP key) is used to encrypt data. Both the Device and the wireless stations must use the same password (WEP key) for data transmission. If you chose 64-bit WEP, then enter any 5 ASCII characters or 10 hexadecimal characters ("0-9", "A-F").
  • Page 109: More Secure (Wpa(2)-Psk)

    Chapter 7 Wireless 7.2.4 More Secure (WPA(2)-PSK) The WPA-PSK security mode provides both improved data encryption and user authentication over WEP. Using a Pre-Shared Key (PSK), both the Device and the connecting client share a common password in order to validate the connection. This type of encryption, while robust, is not as strong as WPA, WPA2 or even WPA2-PSK.
  • Page 110: Wpa(2) Authentication

    Chapter 7 Wireless Table 20 Wireless > General: More Secure: WPA(2)-PSK (continued) LABEL DESCRIPTION Encryption Select the encryption type (TKIP, AES or TKIP+AES) for data encryption. Select TKIP if your wireless clients can all use TKIP. Select AES if your wireless clients can all use AES. Select TKIP+AES to allow the wireless clients to use either TKIP or AES.
  • Page 111: The More Ap Screen

    Chapter 7 Wireless Table 21 Wireless > General: More Secure: WPA(2) (continued) LABEL DESCRIPTION Authentication Server IP Address Enter the IP address of the external authentication server in dotted decimal notation. Port Enter the port number of the external authentication server. The default port number is Number 1812.
  • Page 112 Chapter 7 Wireless The following table describes the labels in this screen. Table 22 Network Setting > Wireless > More AP LABEL DESCRIPTION This is the index number of the entry. Status This field indicates whether this SSID is active. A yellow bulb signifies that this SSID is active.
  • Page 113: Edit More Ap

    Chapter 7 Wireless 7.3.1 Edit More AP Use this screen to edit an SSID profile. Click the Edit icon next to an SSID in the More AP screen. The following screen displays. Figure 37 More AP: Edit The following table describes the fields in this screen. Table 23 More AP: Edit LABEL DESCRIPTION...
  • Page 114: Mac Authentication

    Chapter 7 Wireless Table 23 More AP: Edit (continued) LABEL DESCRIPTION Wireless The SSID (Service Set IDentity) identifies the service set with which a wireless device is Network Name associated. Wireless devices associating to the access point (AP) must have the same SSID. (SSID) Enter a descriptive name (up to 32 English keyboard characters) for the wireless LAN.
  • Page 115: The Wps Screen

    Chapter 7 Wireless Use this screen to view your Device’s MAC filter settings and add new MAC filter rules. Click Network Setting > Wireless > MAC Authentication. The screen appears as shown. Figure 38 Wireless > MAC Authentication The following table describes the labels in this screen. Table 24 Wireless >...
  • Page 116 Chapter 7 Wireless Note: The Device applies the security settings of the SSID1 profile (see Section 7.2 on page 102). If you want to use the WPS feature, make sure you have set the security mode of SSID1 to WPA2-PSK or No Security. Click Network Setting >...
  • Page 117: The Wmm Screen

    Chapter 7 Wireless Table 25 Network Setting > Wireless > WPS (continued) LABEL DESCRIPTION Release The default WPS status is configured. Configuratio Click this button to remove all configured wireless and wireless security settings for WPS connections on the Device. Generate The PIN (Personal Identification Number) of the Device is shown here.
  • Page 118: The Wds Screen

    Chapter 7 Wireless 7.7 The WDS Screen An AP using the Wireless Distribution System (WDS) can function as a wireless network bridge allowing you to wirelessly connect two wired network segments. The WDS screen allows you to configure the Device to connect to two or more APs wirelessly when WDS is enabled. Use this screen to set up your WDS (Wireless Distribution System) links between the Device and other wireless APs.
  • Page 119: Wds Scan

    Chapter 7 Wireless Table 27 Network Setting > Wireless > WDS (continued) LABEL DESCRIPTION Remote Bridge You can enter the MAC address of the peer device by clicking the Edit icon under Modify. MAC Address This is the index number of the entry. MAC Address This shows the MAC address of the peer device.
  • Page 120: The Others Screen

    Chapter 7 Wireless 7.8 The Others Screen Use this screen to configure advanced wireless settings. Click Network Setting > Wireless > Others. The screen appears as shown. Section 7.10.2 on page 124 for detailed definitions of the terms listed in this screen. Figure 43 Network Setting >...
  • Page 121 Chapter 7 Wireless Table 29 Network Setting > Wireless > Others (continued) LABEL DESCRIPTION 802.11 Mode Select 802.11b Only to allow only IEEE 802.11b compliant WLAN devices to associate with the Device. Select 802.11g Only to allow only IEEE 802.11g compliant WLAN devices to associate with the Device.
  • Page 122: The Channel Status Screen

    Chapter 7 Wireless 7.9 The Channel Status Screen Use the Channel Status screen to scan wireless LAN channel noises and view the results. Click Network Setting > Wireless > Channel Status. The screen appears as shown. Click Scan to scan the wireless LAN channels. You can view the results in the Channel Scan Result section. Figure 44 Network Setting >...
  • Page 123 Chapter 7 Wireless • An “infrastructure” type of network has one or more access points and one or more wireless clients. The wireless clients connect to the access points. • An “ad-hoc” type of network is one in which there is no access point. Wireless clients connect to one another in order to exchange information.
  • Page 124: Additional Wireless Terms

    Chapter 7 Wireless variety of networks to exist in the same place without interfering with one another. When you create a network, you must select a channel to use. Since the available unlicensed spectrum varies from one country to another, the number of available channels also varies.
  • Page 125 Chapter 7 Wireless Because of the damage that can be done by a malicious attacker, it’s not just people who have sensitive information on their network who should use security. Everybody who uses any wireless network should ensure that effective security is in place. A good way to come up with effective security keys, passwords and so on is to use obscure information that you personally will easily remember, and to enter it in a way that appears random and does not include real words.
  • Page 126: Signal Problems

    Chapter 7 Wireless wireless users to get a valid user name and password. Then, they can use that user name and password to use the wireless network. 7.10.3.4 Encryption Wireless networks can use encryption to protect the information that is sent in the wireless network.
  • Page 127: Bss

    Chapter 7 Wireless coincidental emitters such as electric motors or microwaves. Problems with absorption occur when physical objects (such as thick walls) are between the two radios, muffling the signal. 7.10.5 BSS A Basic Service Set (BSS) exists when all communications between wireless stations or between a wireless station and a wired network client go through one access point (AP).
  • Page 128: Preamble Type

    Chapter 7 Wireless • You must use different keys for different BSSs. If two wireless devices have different BSSIDs (they are in different BSSs), but have the same keys, they may hear each other’s communications (but not communicate with each other). •...
  • Page 129 Chapter 7 Wireless WPS allows you to quickly set up a wireless network with strong security, without having to configure security settings manually. Each WPS connection works between two devices. Both devices must support WPS (check each device’s documentation to make sure). Depending on the devices you have, you can either press a button (on the device itself, or in its configuration utility) or enter a PIN (a unique Personal Identification Number that allows one device to authenticate the other) in each of the two devices.
  • Page 130 Chapter 7 Wireless Ensure WPS is enabled on both devices. Access the WPS section of the AP’s configuration interface. See the device’s User’s Guide for how to do this. Look for the client’s WPS PIN; it will be displayed either on the device, or in the WPS section of the client’s configuration interface (see the device’s User’s Guide for how to find the WPS PIN - for the Device, see Section 7.5 on page...
  • Page 131 Chapter 7 Wireless The following figure shows a WPS-enabled wireless client (installed in a notebook computer) connecting to the WPS-enabled AP via the PIN method. Figure 48 Example WPS Process: PIN Method ENROLLEE REGISTRAR This device’s WPS PIN: 123456 Enter WPS PIN from other device: START START...
  • Page 132 Chapter 7 Wireless The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point. Figure 49 How WPS works ACTIVATE ACTIVATE WITHIN 2 MINUTES WPS HANDSHAKE ENROLLEE REGISTRAR SECURE TUNNEL SECURITY INFO COMMUNICATION The roles of registrar and enrollee last only as long as the WPS setup process is active (two minutes).
  • Page 133 Chapter 7 Wireless is the registrar, and Client 1 is the enrollee. The registrar randomly generates the security information to set up the network, since it is unconfigured and has no existing information. Figure 50 WPS: Example Network Step 1 ENROLLEE REGISTRAR SECURITY INFO...
  • Page 134 Chapter 7 Wireless In step 3, you add another access point (AP2) to your network. AP2 is out of range of AP1, so you cannot use AP1 for the WPS handshake with the new access point. However, you know that Client 2 supports the registrar function, so you use it to perform the WPS handshake instead.
  • Page 135 Chapter 7 Wireless • When you use the PBC method, there is a short period (from the moment you press the button on one device to the moment you press the button on the other device) when any WPS-enabled device could join the network. This is because the registrar has no way of identifying the “correct”...
  • Page 136 Chapter 7 Wireless VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 137: Home Networking

    H A PT ER Home Networking 8.1 Overview A Local Area Network (LAN) is a shared communication system to which many networking devices are connected. It is usually located in one immediate area such as a building or floor of a building. Use the LAN screens to help you configure a LAN DHCP server and manage IP addresses.
  • Page 138: What You Need To Know

    Chapter 8 Home Networking 8.1.2 What You Need To Know 8.1.2.1 About LAN IP Address IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
  • Page 139: Before You Begin

    Chapter 8 Home Networking • Assigning lease times to mappings Windows Messenger is an example of an application that supports NAT traversal and UPnP. See the Chapter 11 on page 185 for more information on NAT. Cautions with UPnP The automated nature of NAT traversal applications in establishing their own services and opening firewall ports may present network security issues.
  • Page 140 Chapter 8 Home Networking Click Apply to save your settings. Figure 53 Network Setting > Home Networking > LAN Setup The following table describes the fields in this screen. Table 32 Network Setting > Home Networking > LAN Setup LABEL DESCRIPTION Interface Group Group Name...
  • Page 141 Chapter 8 Home Networking Table 32 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION DHCP Relay This field is only available when you select DHCP Relay in the DHCP field. Server Address IP Address Enter the IP address of the actual remote DHCP server in this field. IP Addressing This field is only available when you select Enable in the DHCP field.
  • Page 142: The Static Dhcp Screen

    Chapter 8 Home Networking Table 32 Network Setting > Home Networking > LAN Setup (continued) LABEL DESCRIPTION LAN IPv6 Select how you want to obtain an IPv6 address: Address Assign • stateless + DNS send by RADVD: The Device uses IPv6 stateless autoconfiguration. Setup RADVD (Router Advertisement Daemon) is enabled to have the Device send IPv6 prefix information in router advertisements periodically and in response to router solicitations.
  • Page 143 Chapter 8 Home Networking Use this screen to change your Device’s static DHCP settings. Click Network Setting > Home Networking > Static DHCP to open the following screen. Figure 54 Network Setting > Home Networking > Static DHCP The following table describes the labels in this screen. Table 33 Network Setting >...
  • Page 144: The Upnp Screen

    Chapter 8 Home Networking Table 34 Static DHCP: Add/Edit (continued) LABEL DESCRIPTION Select Device Info If you select Manual Input, you can manually type in the MAC address and IP address of a computer on your LAN. You can also choose the name of a computer from the drop list and have the MAC Address and IP Address auto-detected.
  • Page 145: Installing Upnp In Windows Example

    Chapter 8 Home Networking The following table describes the labels in this screen. Table 35 Network Setting > Home Networking > UPnP LABEL DESCRIPTION UPnP Select Enable to activate UPnP. Be aware that anyone could use a UPnP application to open the web configurator's login screen without entering the Device's IP address (although you must still enter the password to access the web configurator).
  • Page 146 Chapter 8 Home Networking Click on the Windows Setup tab and select Communication in the Components selection box. Click Details. Add/Remove Programs: Windows Setup: Communication In the Communications window, select the Universal Plug and Play check box in the Components selection box. Add/Remove Programs: Windows Setup: Communication: Components VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 147 Chapter 8 Home Networking Click OK to go back to the Add/Remove Programs Properties window and click Next. Restart the computer when prompted. Installing UPnP in Windows XP Follow the steps below to install the UPnP in Windows XP. Click Start and Control Panel. Double-click Network Connections.
  • Page 148: Using Upnp In Windows Xp Example

    Chapter 8 Home Networking In the Networking Services window, select the Universal Plug and Play check box. Networking Services Click OK to go back to the Windows Optional Networking Component Wizard window and click Next. 8.6 Using UPnP in Windows XP Example This section shows you how to use the UPnP feature in Windows XP.
  • Page 149 Chapter 8 Home Networking Right-click the icon and select Properties. Network Connections In the Internet Connection Properties window, click Settings to see the port mappings there were automatically created. Internet Connection Properties VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 150 Chapter 8 Home Networking You may edit or delete the port mappings or click Add to manually add port mappings. Internet Connection Properties: Advanced Settings Internet Connection Properties: Advanced Settings: Add When the UPnP-enabled device is disconnected from your computer, all port mappings will be deleted automatically.
  • Page 151 Chapter 8 Home Networking Double-click on the icon to display your current Internet connection status. Internet Connection Status Web Configurator Easy Access With UPnP, you can access the web-based configurator on the Device without finding out the IP address of the Device first. This comes helpful if you do not know the IP address of the Device. Follow the steps below to access the web configurator.
  • Page 152 Chapter 8 Home Networking Select My Network Places under Other Places. Network Connections An icon with the description for each UPnP-enabled device displays under Local Network. Right-click on the icon for your Device and select Invoke. The web configurator login screen displays.
  • Page 153 Chapter 8 Home Networking Right-click on the icon for your Device and select Properties. A properties window displays with basic information about the Device. Network Connections: My Network Places: Properties: Example VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 154: The Additional Subnet Screen

    Chapter 8 Home Networking 8.7 The Additional Subnet Screen Use the Additional Subnet screen to configure IP alias and public static IP. IP alias allows you to partition a physical network into different logical networks over the same Ethernet interface. The Device supports multiple logical LAN interfaces via its physical Ethernet interface with the Device itself as the gateway for the LAN network.
  • Page 155: The Stb Vendor Id Screen

    Chapter 8 Home Networking Table 36 Network Setting > Home Networking > Additional Subnet (continued) LABEL DESCRIPTION Offer Public IP Select the checkbox to enable the Device to provide public IP addresses by DHCP server. by DHCP Enable ARP Select the checkbox to enable the ARP (Address Resolution Protocol) proxy. Proxy Apply Click Apply to save your changes.
  • Page 156: The Lan Vlan Screen

    Chapter 8 Home Networking 8.9 The LAN VLAN Screen Click Network Setting > Home Networking > LAN VLAN to open this screen. Use this screen to control the VLAN ID and IEEE 802.1p priority tags of traffic sent out through individual LAN ports. Figure 59 Network Setting >...
  • Page 157: Lans, Wans And The Device

    Chapter 8 Home Networking 8.10.1 LANs, WANs and the Device The actual physical connection determines whether the Device ports are LAN or WAN ports. There are two separate IP networks, one inside the LAN network and the other outside the WAN network as shown next.
  • Page 158: Lan Tcp/Ip

    Chapter 8 Home Networking • Some ISPs choose to disseminate the DNS server addresses using the DNS server extensions of IPCP (IP Control Protocol) after the connection is up. If your ISP did not give you explicit DNS servers, chances are the DNS servers are conveyed through IPCP negotiation. The Device supports the IPCP DNS server extensions through the DNS proxy feature.
  • Page 159 Chapter 8 Home Networking You can obtain your IP address from the IANA, from an ISP or it can be assigned from a private network. If you belong to a small organization and your Internet access is through an ISP, the ISP can provide you with the Internet addresses for your local networks.
  • Page 160 Chapter 8 Home Networking VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 161: Routing

    H A PT ER Routing 9.1 Overview The Device usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the Device send data to devices not reachable through the default gateway, use static routes.
  • Page 162: The Routing Screen

    Chapter 9 Routing 9.2 The Routing Screen Use this screen to view and configure the static route rules on the Device. Click Network Setting > Routing > Static Route to open the following screen. Figure 62 Network Setting > Routing > Static Route The following table describes the labels in this screen.
  • Page 163: Add/Edit Static Route

    Chapter 9 Routing 9.2.1 Add/Edit Static Route Use this screen to add or edit a static route. Click Add new static route in the Routing screen or the Edit icon next to the static route you want to edit. The screen shown next appears. Figure 63 Routing: Add/Edit The following table describes the labels in this screen.
  • Page 164 Chapter 9 Routing You can use source-based policy forwarding to direct traffic from different users through different connections or distribute traffic among multiple paths for load sharing. The Policy Forwarding screen let you view and configure routing policies on the Device. Click Network Setting >...
  • Page 165: Add/Edit Policy Forwarding

    Chapter 9 Routing 9.3.1 Add/Edit Policy Forwarding Click Add new Policy Forward Rule in the Policy Forwarding screen or click the Edit icon next to a policy. Use this screen to configure the required information for a policy route. Figure 65 Policy Forwarding: Add/Edit The following table describes the labels in this screen.
  • Page 166: The Rip Screen

    Chapter 9 Routing 9.4.1 The RIP Screen Click Network Setting > Routing > RIP to open the RIP screen. Figure 66 RIP The following table describes the labels in this screen. Table 43 RIP LABEL DESCRIPTION This is the index of the interface in which the RIP setting is used. Interface This is the name of the interface in which the RIP setting is used.
  • Page 167: Quality Of Service (Qos)

    HAPTER Quality of Service (QoS) 10.1 Overview Quality of Service (QoS) refers to both a network’s ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested.
  • Page 168: What You Need To Know

    Chapter 10 Quality of Service (QoS) 10.2 What You Need to Know The following terms and concepts may help as you read through this chapter. QoS versus Cos QoS is used to prioritize source-to-destination traffic flows. All packets in the same flow are given the same priority.
  • Page 169: The Quality Of Service General Screen

    Chapter 10 Quality of Service (QoS) Traffic Policing Traffic policing is the limiting of the input or output transmission rate of a class of traffic on the basis of user-defined criteria. Traffic policing methods measure traffic flows against user-defined criteria and identify it as either conforming, exceeding or violating the criteria. Traffic Rate Traffic Rate Time...
  • Page 170: The Queue Setup Screen

    Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 44 Network Setting > QoS > General LABEL DESCRIPTION Select the Enable check box to turn on QoS to improve your network performance. WAN Managed Enter the amount of upstream bandwidth for the WAN interfaces that you want to allocate Upstream using QoS.
  • Page 171 Chapter 10 Quality of Service (QoS) Use this screen to configure QoS queue assignment. Figure 68 Network Setting > QoS > Queue Setup The following table describes the labels in this screen. Table 45 Network Setting > QoS > Queue Setup LABEL DESCRIPTION Add new Queue...
  • Page 172: Adding A Qos Queue

    Chapter 10 Quality of Service (QoS) 10.4.1 Adding a QoS Queue Click Add new Queue or the edit icon in the Queue Setup screen to configure a queue. Figure 69 Queue Setup: Add The following table describes the labels in this screen. Table 46 Queue Setup: Add LABEL DESCRIPTION...
  • Page 173 Chapter 10 Quality of Service (QoS) You can give different priorities to traffic that the Device forwards out through the WAN interface. Give high priority to voice and video to make them run more smoothly. Similarly, give low priority to many large file downloads so that they do not reduce the quality of other applications. Click Network Setting >...
  • Page 174: Add/Edit Qos Class

    Chapter 10 Quality of Service (QoS) 10.5.1 Add/Edit QoS Class Click Add new Classifier in the Class Setup screen or the Edit icon next to a classifier to open the following screen. Figure 71 Class Setup: Add/Edit VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 175 Chapter 10 Quality of Service (QoS) The following table describes the labels in this screen. Table 48 Class Setup: Add/Edit LABEL DESCRIPTION Active Select this to enable this classifier. Class Name Enter a descriptive name of up to 15 printable English keyboard characters, not including spaces.
  • Page 176 Chapter 10 Quality of Service (QoS) Table 48 Class Setup: Add/Edit (continued) LABEL DESCRIPTION Service This field is available only when you select IP in the Ether Type field. This field simplifies classifier configuration by allowing you to select a predefined application.
  • Page 177: The Qos Policer Setup Screen

    Chapter 10 Quality of Service (QoS) Table 48 Class Setup: Add/Edit (continued) LABEL DESCRIPTION To Queue Index Select a queue that applies to this class. You should have configured a queue in the Queue Setup screen already. Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.
  • Page 178: Add/Edit A Qos Policer

    Chapter 10 Quality of Service (QoS) 10.6.1 Add/Edit a QoS Policer Click Add new Policer in the Policer Setup screen or the Edit icon next to a policer to show the following screen. Figure 73 Policer Setup: Add/Edit The following table describes the labels in this screen. Table 50 Policer Setup: Add/Edit LABEL DESCRIPTION...
  • Page 179: The Qos Monitor Screen

    Chapter 10 Quality of Service (QoS) Table 50 Policer Setup: Add/Edit LABEL DESCRIPTION Available Class Select a QoS classifier to apply this QoS policer to traffic that matches the QoS classifier. Selected Class Highlight a QoS classifier in the Available Class box and use the > button to move it to the Selected Class box.
  • Page 180: Technical Reference

    Chapter 10 Quality of Service (QoS) 10.8 Technical Reference The following section contains additional technical information about the Device features described in this chapter. IEEE 802.1Q Tag The IEEE 802.1Q standard defines an explicit VLAN tag in the MAC header to identify the VLAN membership of a frame across bridges.
  • Page 181 Chapter 10 Quality of Service (QoS) DSCP is backward compatible with the three precedence bits in the ToS octet so that non-DiffServ compliant, ToS-enabled network device will not conflict with the DSCP mapping. DSCP (6 bits) Unused (2 bits) The DSCP value determines the forwarding behavior, the PHB (Per-Hop Behavior), that each packet gets across the DiffServ network.
  • Page 182 Chapter 10 Quality of Service (QoS) Table 53 Internal Layer2 and Layer3 QoS Mapping LAYER 2 LAYER 3 PRIORITY IEEE 802.1P USER QUEUE PRIORITY TOS (IP IP PACKET DSCP (ETHERNET PRECEDENCE) LENGTH (BYTE) PRIORITY) 100110 100100 100010 100000 101110 101000 110000 111000 Token Bucket...
  • Page 183 Chapter 10 Quality of Service (QoS) The srTCM evaluates incoming packets and marks them with one of three colors which refer to packet loss priority levels. High packet loss priority level is referred to as red, medium is referred to as yellow and low is referred to as green.
  • Page 184 Chapter 10 Quality of Service (QoS) VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 185: Network Address Translation (Nat)

    HAPTER Network Address Translation (NAT) 11.1 Overview This chapter discusses how to configure NAT on the Device. NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
  • Page 186: The Port Forwarding Screen

    Chapter 11 Network Address Translation (NAT) WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host. Port Forwarding A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.
  • Page 187 Chapter 11 Network Address Translation (NAT) third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet. Figure 75 Multiple Servers Behind NAT Example A=192.168.1.33 B=192.168.1.34 192.168.1.1...
  • Page 188: Add/Edit Port Forwarding

    Chapter 11 Network Address Translation (NAT) Table 54 Network Setting > NAT > Port Forwarding (continued) LABEL DESCRIPTION Protocol This shows the IP protocol supported by this virtual server, whether it is TCP, UDP, or TCP/ UDP. Modify Click the Edit icon to edit this rule. Click the Delete icon to delete an existing rule.
  • Page 189: The Applications Screen

    Chapter 11 Network Address Translation (NAT) Table 55 Port Forwarding: Add/Edit (continued) LABEL DESCRIPTION End Port Enter the last port of the original destination port range. To forward only one port, enter the port number in the Start Port field above and then enter it again in this field.
  • Page 190: Add New Application

    Chapter 11 Network Address Translation (NAT) 11.3.1 Add New Application This screen lets you create new NAT application rules. Click Add new application in the Applications screen to open the following screen. Figure 79 Applications: Add The following table describes the labels in this screen. Table 57 Applications: Add LABEL DESCRIPTION...
  • Page 191 Chapter 11 Network Address Translation (NAT) For example: Figure 80 Trigger Port Forwarding Process: Example Jane requests a file from the Real Audio server (port 7070). Port 7070 is a “trigger” port and causes the Device to record Jane’s computer IP address. The Device associates Jane's computer IP address with the "open"...
  • Page 192: Add/Edit Port Triggering Rule

    Chapter 11 Network Address Translation (NAT) Table 58 Network Setting > NAT > Port Triggering (continued) LABEL DESCRIPTION Open Start Port The open port is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service.
  • Page 193: The Dmz Screen

    Chapter 11 Network Address Translation (NAT) Table 59 Port Triggering: Configuration Add/Edit (continued) LABEL DESCRIPTION Open Start Port The open port is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The Device forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service.
  • Page 194: The Alg Screen

    Chapter 11 Network Address Translation (NAT) 11.6 The ALG Screen Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream. When the Device registers with the SIP register server, the SIP ALG translates the Device’s private IP address inside the SIP data stream to a public IP address.
  • Page 195: Add/Edit Address Mapping Rule

    Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 62 Network Setting > NAT > Address Mapping LABEL DESCRIPTION Add new rule Click this to create a new rule. This is the index number of the address mapping set. Local Start IP This is the starting Inside Local IP Address (ILA).
  • Page 196: Technical Reference

    Chapter 11 Network Address Translation (NAT) The following table describes the fields in this screen. Table 63 Address Mapping: Add/Edit LABEL DESCRIPTION Type Choose the IP/port mapping type from one of the following. One-to-One: This mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-one NAT mapping type.
  • Page 197: What Nat Does

    Chapter 11 Network Address Translation (NAT) Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside host when the packet is on the WAN side.
  • Page 198: How Nat Works

    Chapter 11 Network Address Translation (NAT) 11.8.3 How NAT Works Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN.
  • Page 199: Nat Application

    Chapter 11 Network Address Translation (NAT) 11.8.4 NAT Application The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the Device can communicate with three distinct WAN networks. Figure 88 NAT Application With IP Alias Port Forwarding: Services and Port Numbers The most often used port numbers are shown in the following table.
  • Page 200 Chapter 11 Network Address Translation (NAT) Port Forwarding Example Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example).
  • Page 201: Dynamic Dns Setup

    HAPTER Dynamic DNS Setup 12.1 Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list.
  • Page 202: What You Need To Know

    Chapter 12 Dynamic DNS Setup 12.1.2 What You Need To Know DYNDNS Wildcard Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname.
  • Page 203: Add/Edit Dns Entry

    Chapter 12 Dynamic DNS Setup 12.2.1 Add/Edit DNS Entry You can manually add or edit the Device’s DNS name and IP address entry. Click Add new DNS entry in the DNS Entry screen or the Edit icon next to the entry you want to edit. The screen shown next appears.
  • Page 204 Chapter 12 Dynamic DNS Setup The following table describes the fields in this screen. Table 68 Network Setting > DNS > > Dynamic DNS LABEL DESCRIPTION Dynamic DNS Select Enable to use dynamic DNS. Service Select your Dynamic DNS service provider from the drop-down list box. Provider Hostname Type the domain name assigned to your Device by your Dynamic DNS provider.
  • Page 205: Interface Group

    HAPTER Interface Group 13.1 Overview By default, all LAN and WAN interfaces on the Device are in the same group and can communicate with each other. Create interface groups to have the Device assign the IP addresses in different domains to different groups. Each group acts as an independent network on the Device. This lets devices connected to an interface group’s LAN interfaces communicate through the interface group’s WAN or LAN interfaces but not other WAN or LAN interfaces.
  • Page 206: Interface Group Configuration

    Chapter 13 Interface Group In the following example, the client that sends packets with the DHCP Vendor ID option set to MSFT 5.0 (meaning it is a Windows 2000 DHCP client) is assigned the IP address 192.168.2.2 and uses the WAN VDSL_PoE/ppp0.1 interface. Figure 93 Interface Grouping Application Default: ETH 2~4 192.168.1.x/24...
  • Page 207 Chapter 13 Interface Group Note: An interface can belong to only one group at a time. Figure 95 Interface Group Configuration The following table describes the fields in this screen. Table 70 Interface Group Configuration LABEL DESCRIPTION Group Name Enter a name to identify this group. You can enter up to 30 characters. You can use letters, numbers, hyphens (-) and underscores (_).
  • Page 208: Interface Grouping Criteria

    Chapter 13 Interface Group Table 70 Interface Group Configuration (continued) LABEL DESCRIPTION This shows the index number of the rule. Filter Criteria This shows the filtering criteria. The LAN interface on which the matched traffic is received will belong to this group automatically. WildCard This shows if wildcard on DHCP option 60 is enabled.
  • Page 209 Chapter 13 Interface Group Table 71 Interface Grouping Criteria (continued) LABEL DESCRIPTION DHCP Option Select this and enter the device identity of the matched traffic. IAID Enter the Identity Association Identifier (IAID) of the device, for example, the WAN connection index number. DUID type Select DUID-LLT (DUID Based on Link-layer Address Plus Time) to enter the hardware type, a time value and the MAC address of the device.
  • Page 210 Chapter 13 Interface Group VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 211: Usb Service

    HAPTER USB Service 14.1 Overview The Device has a USB port used to share files via a USB memory stick or a USB hard drive. In the USB Service screens, you can enable file-sharing server, media server, and printer server. 14.1.1 What You Can Do in this Chapter •...
  • Page 212: The File Sharing Screen

    Chapter 14 USB Service protocol is supported on Microsoft Windows, Linux Samba and other operating systems (refer to your systems specifications for CIFS compatibility). 14.1.2.2 About Printer Server Print Server This is a computer or other device which manages one or more printers, and which sends print jobs to each printer from the computer itself or other devices.
  • Page 213: Before You Begin

    Chapter 14 USB Service The following figure is an overview of the Device’s file server feature. Computers A and B can access files on a USB device (C) which is connected to the Device. Figure 97 File Sharing Overview The Device will not be able to join the workgroup if your local area network has restrictions set up that do not allow devices to join a workgroup.
  • Page 214: The Media Server Screen

    Chapter 14 USB Service Each field is described in the following table. Table 72 Network Setting > Home Networking > File Sharing LABEL DESCRIPTION File Sharing Select Enable to activate file sharing through the Device. Services Host Name Enter the host name on the share. Apply Click Apply to save your changes.
  • Page 215: The Printer Server Screen

    Chapter 14 USB Service The following table describes the labels in this menu. Table 73 Network Setting > USB Service > Media Server LABEL DESCRIPTION Media Server Select Enable to have the Device function as a DLNA-compliant media server. Enable the media server to let (DLNA-compliant) media clients on your network play media files located in the shares.
  • Page 216 Chapter 14 USB Service To access this screen, click Network Setting > USB Service > Printer Server. Figure 101 Network Setting > USB Service > Printer Server The following table describes the labels in this menu. Table 74 Network Setting > USB Service > Print Server LABEL DESCRIPTION Printer Server...
  • Page 217: Firewall

    HAPTER Firewall 15.1 Overview This chapter shows you how to enable and configure the Device’s security settings. Use the firewall to protect your Device and network from attacks by hackers on the Internet and control access to it. By default the firewall: •...
  • Page 218: What You Need To Know

    Chapter 15 Firewall 15.1.2 What You Need to Know SYN Attack A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue.
  • Page 219: The Firewall Screen

    Chapter 15 Firewall 15.2 The Firewall Screen Use this screen to set the security level of the firewall on the Device. Firewall rules are grouped based on the direction of travel of packets to which they apply. Click Security > Firewall to display the General screen. Figure 103 Security >...
  • Page 220: Add/Edit A Service

    Chapter 15 Firewall Click Security > Firewall > Service to display the following screen. Figure 104 Security > Firewall > Service The following table describes the labels in this screen. Table 76 Security > Firewall > Service LABEL DESCRIPTION Add new Click this to add a new service.
  • Page 221: The Access Control Screen

    Chapter 15 Firewall The following table describes the labels in this screen. Table 77 Service: Add/Edit LABEL DESCRIPTION Protocol Choose the IP protocol (TCP, UDP, ICMP, or Other) that defines your customized port from the drop-down list box. Select Other to be able to enter a protocol number. Source/ These fields are displayed if you select TCP or UDP as the IP port.
  • Page 222: Add/Edit An Acl Rule

    Chapter 15 Firewall Table 78 Security > Firewall > Access Control (continued) LABEL DESCRIPTION Name This displays the name of the rule. Src IP This displays the source IP addresses to which this rule applies. Please note that a blank source address is equivalent to Any.
  • Page 223 Chapter 15 Firewall The following table describes the labels in this screen. Table 79 Access Control: Add/Edit LABEL DESCRIPTION Filter Name Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes. You must enter the filter name to add an ACL rule. This field is read-only if you are editing the ACL rule.
  • Page 224: The Dos Screen

    Chapter 15 Firewall 15.5 The DoS Screen DoS (Denial of Service) attacks can flood your Internet connection with invalid packets and connection requests, using so much bandwidth and so many resources that Internet access becomes unavailable. Use the DoS screen to activate protection against DoS attacks. Click Security > Firewall > DoS to display the following screen.
  • Page 225: Mac Filter

    HAPTER MAC Filter 16.1 Overview You can configure the Device to permit access to clients based on their MAC addresses in the MAC Filter screen. This applies to wired and wireless connections. Every Ethernet device has a unique MAC (Media Access Control) address. The MAC address is assigned at the factory and consists of six pairs of hexadecimal characters, for example, 00:A0:C5:00:00:02.
  • Page 226 Chapter 16 MAC Filter The following table describes the labels in this screen. Table 81 Security > MAC Filter LABEL DESCRIPTION MAC Address Filter Select Enable to activate the MAC filter function. This is the index number of the MAC address. Allow Select Allow to permit access to the Device.
  • Page 227: Parental Control

    HAPTER Parental Control 17.1 Overview Parental control allows you to block web sites with the specific URL. You can also define time periods and days during which the Device performs parental control on a specific user. 17.2 The Parental Control Screen Use this screen to enable parental control, view the parental control rules and schedules.
  • Page 228: Add/Edit A Parental Control Rule

    Chapter 17 Parental Control Table 82 Security > Parental Control (continued) LABEL DESCRIPTION Internet Access This shows the day(s) and time on which parental control is enabled. Schedule Network This shows whether the network service is configured. If not, None will be shown. Service Website Block This shows whether the website block is configured.
  • Page 229 Chapter 17 Parental Control The following table describes the fields in this screen. Table 83 Parental Control Rule: Add/Edit LABEL DESCRIPTION General Active Select the checkbox to activate this parental control rule. Parental Enter a descriptive name for the rule. Control Profile Name Home Network...
  • Page 230 Chapter 17 Parental Control VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 231: Scheduler Rule

    HAPTER Scheduler Rule 18.1 Overview You can define time periods and days during which the Device performs scheduled rules of certain features (such as Firewall Access Control) in the Scheduler Rule screen. 18.2 The Scheduler Rule Screen Use this screen to view, add, or edit time schedule rules. Click Security >...
  • Page 232: Add/Edit A Schedule

    Chapter 18 Scheduler Rule 18.2.1 Add/Edit a Schedule Click the Add button in the Scheduler Rule screen or click the Edit icon next to a schedule rule to open the following screen. Use this screen to configure a restricted access schedule. Figure 113 Scheduler Rule: Add/Edit The following table describes the fields in this screen.
  • Page 233: Certificates

    HAPTER Certificates 19.1 Overview The Device can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication. 19.1.1 What You Can Do in this Chapter •...
  • Page 234: The Local Certificates Screen

    Chapter 19 Certificates 19.3 The Local Certificates Screen Click Security > Certificates to open the Local Certificates screen. This is the Device’s summary list of certificates and certification requests. Figure 114 Security > Certificates > Local Certificates The following table describes the labels in this screen. Table 86 Security >...
  • Page 235: Create Certificate Request

    Chapter 19 Certificates 19.3.1 Create Certificate Request Click Security > Certificates > Local Certificates and then Create Certificate Request to open the following screen. Use this screen to have the Device generate a certification request. Figure 115 Create Certificate Request The following table describes the labels in this screen.
  • Page 236: Load Signed Certificate

    Chapter 19 Certificates Figure 116 Certificate Request Created 19.3.2 Load Signed Certificate After you create a certificate request and have it signed by a Certificate Authority, in the Local Certificates screen click the certificate request’s Load Signed icon to import the signed certificate into the Device.
  • Page 237: The Trusted Ca Screen

    Chapter 19 Certificates The following table describes the labels in this screen. Table 88 Load Signed Certificate LABEL DESCRIPTION Certificate This is the name of the signed certificate. Name Certificate Copy and paste the signed certificate into the text box to store it on the Device. Apply Click Apply to save your changes.
  • Page 238: View Trusted Ca Certificate

    Chapter 19 Certificates 19.4.1 View Trusted CA Certificate Click the View icon in the Trusted CA screen to open the following screen. Use this screen to view in-depth information about the certification authority’s certificate. Figure 119 Trusted CA: View The following table describes the fields in this screen. Table 90 Trusted CA: View LABEL DESCRIPTION...
  • Page 239: Import Trusted Ca Certificate

    Chapter 19 Certificates 19.4.2 Import Trusted CA Certificate Click the Import Certificate button in the Trusted CA screen to open the following screen. The Device trusts any valid certificate signed by any of the imported trusted CA certificates. Figure 120 Trusted CA: Import Certificate The following table describes the fields in this screen.
  • Page 240 Chapter 19 Certificates VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 241: Vpn

    HAPTER 20.1 Overview A virtual private network (VPN) provides secure communications over the the Internet. Internet Protocol Security (IPSec) is a standards-based VPN that provides confidentiality, data integrity, and authentication. This chapter shows you how to configure the Device’s VPN settings. 20.2 IPSec VPN 20.2.1 The General Screen Use this screen to view and manage your VPN tunnel policies.
  • Page 242: Ipsec Vpn: Add

    Chapter 20 VPN This screen contains the following fields: Table 92 IPSec VPN LABEL DESCRIPTION Add new Click this button to add an item to the list. connection Enable This displays if the VPN policy is enabled. Connection Name The name of the VPN connection. Remote Gateway This is the IP address of the remote IPSec router in the IKE SA.
  • Page 243 Chapter 20 VPN Figure 123 IPSec VPN: Add This screen contains the following fields: Table 93 IPSec VPN: Add LABEL DESCRIPTION IPSec Setup IPSec Enter the name of the VPN connection. Connection Name VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 244 Chapter 20 VPN Table 93 IPSec VPN: Add LABEL DESCRIPTION Tunnel Mode Select which protocol you want to use in the IPSec SA. Choices are: AH (RFC 2402) - provides integrity, authentication, sequence integrity (replay resistance), and non-repudiation but not encryption. If you select AH, you must select an Authentication algorithm.
  • Page 245 Chapter 20 VPN Table 93 IPSec VPN: Add LABEL DESCRIPTION Pre-Shared Type your pre-shared key in this field. A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal ("0-9", "A-F") characters.
  • Page 246 Chapter 20 VPN Table 93 IPSec VPN: Add LABEL DESCRIPTION Key Life Time Define the length of time before an IPSec SA automatically renegotiates in this field. A short SA Life Time increases security by forcing the two VPN gateways to update the encryption and authentication keys.
  • Page 247: Technical Reference

    Chapter 20 VPN Table 93 IPSec VPN: Add LABEL DESCRIPTION Encryption Select which key size and encryption algorithm to use in the IKE SA. Choices Algorithm are: DES - a 56-bit key with the DES encryption algorithm 3DES - a 168-bit key with the DES encryption algorithm AES - AES encryption algorithm Encryption This field is applicable when you select an Encryption Algorithm.
  • Page 248: Encapsulation

    Chapter 20 VPN Figure 124 IPSec Architecture IPSec Algorithms The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms). The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.
  • Page 249: Ike Phases

    Chapter 20 VPN Transport Mode Transport mode is used to protect upper layer protocols and only affects the data in the IP packet. In Transport mode, the IP packet contains the security protocol (AH or ESP) located after the original IP header and options, but before any upper layer protocols contained in the packet (such as TCP and UDP).
  • Page 250: Negotiation Mode

    Chapter 20 VPN Figure 126 Two Phases to Set Up the IPSec SA In phase 1 you must: • Choose a negotiation mode. • Authenticate the connection by entering a pre-shared key. • Choose an encryption algorithm. • Choose an authentication algorithm. •...
  • Page 251: Ipsec And Nat

    Chapter 20 VPN • Aggressive Mode is quicker than Main Mode because it eliminates several steps when the communicating parties are negotiating authentication (phase 1). However the trade-off is that faster speed limits its negotiating power and it also does not provide identity protection. It is useful in remote access situations where the address of the initiator is not know by the responder and both parties want to use pre-shared key authentication.
  • Page 252: Pre-Shared Key

    Chapter 20 VPN Figure 127 NAT Router Between IPSec Routers Normally you cannot set up an IKE SA with a NAT router between the two IPSec routers because the NAT router changes the header of the IPSec packet. NAT traversal solves the problem by adding a UDP port 500 header to the IPSec packet.
  • Page 253: Log

    HAPTER 21.1 Overview The web configurator allows you to choose which categories of events and/or alerts to have the Device log and then display the logs or have the Device send them to an administrator (as e-mail) or to a syslog server. 21.1.1 What You Can Do in this Chapter •...
  • Page 254: The System Log Screen

    Chapter 21 Log Table 96 Syslog Severity Levels CODE SEVERITY Notice: There is a normal but significant condition on the system. Informational: The syslog contains an informational message. Debug: The message is intended for debug-level purposes. 21.2 The System Log Screen Use the System Log screen to see the system logs.
  • Page 255: The Security Log Screen

    Chapter 21 Log 21.3 The Security Log Screen Use the Security Log screen to see the security-related logs for the categories that you select. Click System Monitor > Log > Security Log to open the following screen. Figure 129 System Monitor > Log > Security Log The following table describes the fields in this screen.
  • Page 256 Chapter 21 Log VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 257: Traffic Status

    HAPTER Traffic Status 22.1 Overview Use the Traffic Status screens to look at network traffic status and statistics of the WAN and LAN interfaces. 22.1.1 What You Can Do in this Chapter • Use the WAN screen to view the WAN traffic statistics (Section 22.2 on page 257).
  • Page 258 Chapter 22 Traffic Status The following table describes the fields in this screen. Table 99 System Monitor > Traffic Status > WAN LABEL DESCRIPTION Connected This shows the name of the WAN interface that is currently connected. Interface Packets Sent Data This indicates the number of transmitted packets on this interface.
  • Page 259: The Lan Status Screen

    Chapter 22 Traffic Status 22.3 The LAN Status Screen Click System Monitor > Traffic Status > LAN to open the following screen. The figure in this screen shows the interface that is currently connected on the Device. Figure 131 System Monitor > Traffic Status > LAN The following table describes the fields in this screen.
  • Page 260: The Nat Status Screen

    Chapter 22 Traffic Status 22.4 The NAT Status Screen Click System Monitor > Traffic Status > NAT to open the following screen. The figure in this screen shows the NAT statistics for hosts that are currently connected on the Device. Figure 132 System Monitor >...
  • Page 261: Arp Table

    HAPTER ARP Table 23.1 Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long.
  • Page 262 Chapter 23 ARP Table Table 102 System Monitor > ARP Table (continued) LABEL DESCRIPTION MAC Address This is the MAC address of the device with the listed IP address. Device This is the type of interface used by the device. You can click on the device type to go to its configuration screen.
  • Page 263: Routing Table

    HAPTER Routing Table 24.1 Overview Routing is based on the destination address only and the Device takes the shortest path to forward a packet. 24.2 The Routing Table Screen Click System Monitor > Routing Table to open the following screen. Figure 134 System Monitor >...
  • Page 264 Chapter 24 Routing Table Table 103 System Monitor > Routing Table (continued) LABEL DESCRIPTION Service This indicates the name of the service used to forward the route. Interface This indicates the name of the interface through which the route is forwarded. br0 indicates the LAN interface.
  • Page 265: Igmp Status

    HAPTER IGMP Status 25.1 Overview Use the IGMP Status screens to look at IGMP group status and traffic statistics. 25.2 The IGMP Group Status Screen Use this screen to look at the current list of multicast groups the Device has joined and which ports have joined it.
  • Page 266 Chapter 25 IGMP Status VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 267: Xdsl Statistics

    HAPTER xDSL Statistics 26.1 The xDSL Statistics Screen Use this screen to view detailed DSL statistics. Click System Monitor > xDSL Statistics to open the following screen. Figure 136 System Monitor > xDSL Statistics VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 268 Chapter 26 xDSL Statistics The following table describes the labels in this screen. Table 105 Status > xDSL Statistics LABEL DESCRIPTION Refresh Interval Select the time interval for refreshing statistics. Line Select which DSL line’s statistics you want to display. xDSL Training This displays the current state of setting up the DSL connection.
  • Page 269 Chapter 26 xDSL Statistics Table 105 Status > xDSL Statistics (continued) LABEL DESCRIPTION Downstream These are the statistics for the traffic direction coming into the port from the service provider. Upstream These are the statistics for the traffic direction going out from the port to the service provider.
  • Page 270 Chapter 26 xDSL Statistics VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 271: Statistics

    HAPTER 3G Statistics 27.1 Overview Use the 3G Statistics screens to look at 3G Internet connection status. 27.2 The 3G Statistics Screen To open this screen, click System Monitor > 3G Statistics. Figure 137 System Monitor > 3G Statistics The following table describes the labels in this screen. Table 106 System Monitor >...
  • Page 272 Chapter 27 3G Statistics Table 106 System Monitor > 3G Statistics (continued) LABEL DESCRIPTION Connection This field displays the time the connection has been up. Uptime 3G Card This field displays the manufacturer of the 3G card. Manufacturer 3G Card Model This field displays the model name of the 3G card.
  • Page 273: User Account

    HAPTER User Account 28.1 Overview In the Users Account screen, you can change the password of the user account that you used to log in the Device. 28.2 The User Account Screen Click Maintenance > User Account to open the following screen. Figure 138 Maintenance >...
  • Page 274 Chapter 28 User Account VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 275: Remote Management

    HAPTER Remote Management 29.1 Overview Remote Management allows you to manage your Device from a remote location through the following interfaces: • LAN • WAN • Trust Domain Note: The Device is managed using the Web Configurator. 29.2 The Remote MGMT Screen Use this screen to configure through which interface(s) users can use which service(s) to manage the Device.
  • Page 276 Chapter 29 Remote Management The following table describes the fields in this screen. Table 108 Maintenance > Remote MGMT LABEL DESCRIPTION Trust Domain Status This field displays whether the Trust Domain is active or not. IP Address Enter the Trust Domain IP address. Services This is the service you may use to access the Device.
  • Page 277: Client

    HAPTER TR-069 Client 30.1 Overview This chapter explains how to configure the Device’s TR-069 auto-configuration settings. 30.2 The TR-069 Client Screen TR-069 defines how Customer Premise Equipment (CPE), for example your Device, can be managed over the WAN by an Auto Configuration Server (ACS). TR-069 is based on sending Remote Procedure Calls (RPCs) between an ACS and a client device.
  • Page 278 Chapter 30 TR-069 Client The following table describes the fields in this screen. Table 109 Maintenance > TR-069 Client LABEL DESCRIPTION Inform Select Enable for the Device to send periodic inform via TR-069 on the WAN. Otherwise, select Disable. Inform Interval Enter the time interval (in seconds) at which the Device sends information to the auto- configuration server.
  • Page 279: Chapter 31 Tr-064

    HAPTER TR-064 31.1 Overview This chapter explains how to configure the Device’s TR-064 auto-configuration settings. 31.2 The TR-064 Screen TR-064 is a LAN-Side DSL CPE Configuration protocol defined by the DSL Forum. TR-064 is built on top of UPnP. It allows the users to use a TR-064 compliant CPE management application on their computers from the LAN to discover the CPE and configure user-specific parameters, such as the username and password.
  • Page 280 Chapter 31 TR-064 VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 281: Time Settings

    HAPTER Time Settings 32.1 Overview This chapter shows you how to configure system related settings, such as system time, password, name, the domain name and the inactivity timeout interval. 32.2 The Time Screen To change your Device’s time and date, click Maintenance > Time. The screen appears as shown. Use this screen to configure the Device’s time based on your local time zone.
  • Page 282 Chapter 32 Time Settings The following table describes the fields in this screen. Table 111 Maintenance > Time Setting LABEL DESCRIPTION Current Date/Time Current Time This field displays the time of your Device. Each time you reload this page, the Device synchronizes the time with the time server. Current Date This field displays the date of your Device.
  • Page 283 Chapter 32 Time Settings Table 111 Maintenance > Time Setting (continued) LABEL DESCRIPTION Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving. VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 284 Chapter 32 Time Settings VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 285: E-Mail Notification

    HAPTER E-mail Notification 33.1 Overview A mail server is an application or a computer that runs such an application to receive, forward and deliver e-mail messages. To have the Device send reports, logs or notifications via e-mail, you must specify an e-mail server and the e-mail addresses of the sender and receiver.
  • Page 286: Email Notification Edit

    Chapter 33 E-mail Notification 33.2.1 Email Notification Edit Click the Add button in the Email Notification screen. Use this screen to configure the required information for sending e-mail via a mail server. Figure 144 Email Notification > Add The following table describes the labels in this screen. Table 113 Email Notification >...
  • Page 287: Logs Setting

    HAPTER Logs Setting 34.1 Overview You can configure where the Device sends logs and which logs and/or immediate alerts the Device records in the Logs Setting screen. 34.2 The Log Settings Screen To change your Device’s log settings, click Maintenance > Logs Setting. The screen appears as shown.
  • Page 288: Example E-Mail Log

    Chapter 34 Logs Setting The following table describes the fields in this screen. Table 114 Maintenance > Logs Setting LABEL DESCRIPTION Syslog Setting Syslog Logging The Device sends a log to an external syslog server. Select Enable to enable syslog logging. Mode Select the syslog destination from the drop-down list box.
  • Page 289 Chapter 34 Logs Setting • "End of Log" message shows that a complete log has been sent. Figure 146 E-mail Log Example Subject: Firewall Alert From Date: Fri, 07 Apr 2000 10:05:42 From: user@zyxel.com user@zyxel.com 1|Apr 7 00 |From:192.168.1.1 To:192.168.1.255 |default policy |forward | 09:54:03 |UDP...
  • Page 290 Chapter 34 Logs Setting VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 291: Firmware Upgrade

    HAPTER Firmware Upgrade 35.1 Overview This chapter explains how to upload new firmware to your Device. You can download new firmware releases from your nearest ZyXEL FTP site (or www.zyxel.com) to use to upgrade your device’s performance. Only use firmware for your device’s specific model. Refer to the label on the bottom of your Device.
  • Page 292 Chapter 35 Firmware Upgrade After you see the firmware updating screen, wait two minutes before logging into the Device again. Figure 148 Firmware Uploading The Device automatically restarts in this time causing a temporary network disconnect. In some operating systems, you may see the following icon on your desktop. Figure 149 Network Temporarily Disconnected After two minutes, log in again and check your new firmware version in the Status screen.
  • Page 293: Chapter 36 Configuration

    HAPTER Configuration 36.1 Overview The Configuration screen allows you to backup and restore device configurations. You can also reset your device settings back to the factory default. 36.2 The Configuration Screen Click Maintenance > Configuration. Information related to factory defaults, backup configuration, and restoring configuration appears in this screen, as shown next.
  • Page 294 Chapter 36 Configuration Restore Configuration Restore Configuration allows you to upload a new or previously saved configuration file from your computer to your Device. Table 116 Restore Configuration LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse ... to find it. Browse...
  • Page 295: The Reboot Screen

    Chapter 36 Configuration Reset to Factory Defaults Click the Reset button to clear all user-entered configuration information and return the Device to its factory defaults. The following warning screen appears. Figure 154 Reset Warning Message Figure 155 Reset In Process Message You can also press the RESET button on the rear panel to reset the factory defaults of your Device.
  • Page 296 Chapter 36 Configuration VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 297: Chapter 37 Diagnostic

    HAPTER Diagnostic 37.1 Overview The Diagnostic screens display information to help you identify problems with the Device. The route between a CO VDSL switch and one of its CPE may go through switches owned by independent organizations. A connectivity fault point generally takes time to discover and impacts subscriber’s network access.
  • Page 298: Ping & Traceroute & Nslookup

    Chapter 37 Diagnostic 37.3 Ping & TraceRoute & NsLookup Use this screen to ping, traceroute, or nslookup an IP address. Click Maintenance > Diagnostic > Ping & TraceRoute & NsLookup to open the screen shown next. Figure 157 Maintenance > Diagnostic > Ping & TraceRoute & NsLookup The following table describes the fields in this screen.
  • Page 299 Chapter 37 Diagnostic 37.4 802.1ag Click Maintenance > Diagnostic > 8.2.1ag to open the following screen. Use this screen to perform CFM actions. Figure 158 Maintenance > Diagnostic > 802.1ag The following table describes the fields in this screen. Table 118 Maintenance > Diagnostic > 802.1ag LABEL DESCRIPTION 802.1ag Connectivity Fault Management...
  • Page 300: Oam Ping

    Chapter 37 Diagnostic 37.5 OAM Ping Click Maintenance > Diagnostic > OAM Ping to open the screen shown next. Use this screen to perform an OAM (Operation, Administration and Maintenance) F4 or F5 loopback test on a PVC. The Device sends an OAM F4 or F5 packet to the DSLAM or ATM switch and then returns it to the Device.
  • Page 301 Chapter 37 Diagnostic Note: This screen is available only when you configure an ATM layer-2 interface. Figure 160 Maintenance > Diagnostic > OAM Ping The following table describes the fields in this screen. Table 119 Maintenance > Diagnostic > OAM Ping LABEL DESCRIPTION Select a PVC on which you want to perform the loopback test.
  • Page 302 Chapter 37 Diagnostic VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 303: Chapter 38 Troubleshooting

    HAPTER Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • Device Access and Login • Internet Access • Wireless Internet Access •...
  • Page 304: Device Access And Login

    Chapter 38 Troubleshooting If the problem continues, contact the vendor. 38.2 Device Access and Login I forgot the IP address for the Device. The default LAN IP address is 192.168.1.1. If you changed the IP address and have forgotten it, you might get the IP address of the Device by looking up the IP address of the default gateway for your computer.
  • Page 305 Chapter 38 Troubleshooting Reset the device to its factory defaults, and try to access the Device with the default IP address. Section 1.6 on page If the problem continues, contact the network administrator or vendor, or try one of the advanced suggestions.
  • Page 306: Internet Access

    Chapter 38 Troubleshooting 38.3 Internet Access I cannot access the Internet. Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page Make sure you entered your ISP account information correctly in the Network Setting > Broadband screen.
  • Page 307: Wireless Internet Access

    Chapter 38 Troubleshooting Check the hardware connections, and make sure the LEDs are behaving as expected. See the Quick Start Guide and Section 1.5 on page Turn the Device off and on. If the problem continues, contact your ISP. 38.4 Wireless Internet Access What factors may cause intermittent or unstabled wireless connection? How can I solve this problem? The following factors may cause interference:...
  • Page 308: Usb Device Connection

    Chapter 38 Troubleshooting 38.5 USB Device Connection The Device fails to detect my USB device. Disconnect the USB device. Reboot the Device. If you are connecting a USB hard drive that comes with an external power supply, make sure it is connected to an appropriate power source that is on.
  • Page 309 Chapter 38 Troubleshooting VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 310 VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 311: Appendix A Customer Support

    • Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Asia China • ZyXEL Communications (Shanghai) Corp. ZyXEL Communications (Beijing) Corp. ZyXEL Communications (Tianjin) Corp. • http://www.zyxel.cn India • ZyXEL Technology India Pvt Ltd • http://www.zyxel.in Kazakhstan •...
  • Page 312 • ZyXEL Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • ZyXEL Communications Corporation • http://www.zyxel.com Thailand • ZyXEL Thailand Co., Ltd • http://www.zyxel.co.th Vietnam • ZyXEL Communications Corporation-Vietnam Office • http://www.zyxel.com/vn/vi Europe Austria • ZyXEL Deutschland GmbH • http://www.zyxel.de Belarus • ZyXEL BY • http://www.zyxel.by...
  • Page 313 Appendix A Customer Support Belgium • ZyXEL Communications B.V. • http://www.zyxel.com/be/nl/ Bulgaria • ZyXEL България • http://www.zyxel.com/bg/bg/ Czech • ZyXEL Communications Czech s.r.o • http://www.zyxel.cz Denmark • ZyXEL Communications A/S • http://www.zyxel.dk Estonia • ZyXEL Estonia • http://www.zyxel.com/ee/et/ Finland • ZyXEL Communications •...
  • Page 314 • ZyXEL Communications Poland • http://www.zyxel.pl Romania • ZyXEL Romania • http://www.zyxel.com/ro/ro Russia • ZyXEL Russia • http://www.zyxel.ru Slovakia • ZyXEL Communications Czech s.r.o. organizacna zlozka • http://www.zyxel.sk Spain • ZyXEL Spain • http://www.zyxel.es Sweden • ZyXEL Communications • http://www.zyxel.se Switzerland •...
  • Page 315 • ZyXEL Communication Corporation • http://www.zyxel.com/ec/es/ Middle East Egypt • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml Middle East • ZyXEL Communication Corporation • http://www.zyxel.com/homepage.shtml North America • ZyXEL Communications, Inc. - North America Headquarters • http://www.us.zyxel.com/ VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 316 Appendix A Customer Support Oceania Australia • ZyXEL Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.za VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 317: Appendix B Setting Up Your Computer's Ip Address

    PP EN D I X Setting up Your Computer’s IP Address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP/Vista, Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the software components you need to install and use TCP/IP on your computer.
  • Page 318 Appendix B Setting up Your Computer’s IP Address Installing Components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you need the adapter: In the Network window, click Add. Select Adapter and then click Add.
  • Page 319 Appendix B Setting up Your Computer’s IP Address • If you have a static IP address, select Specify an IP address and type your information into the IP Address and Subnet Mask fields. Figure 162 Windows 95/98/Me: TCP/IP Properties: IP Address Click the DNS Configuration tab.
  • Page 320 Appendix B Setting up Your Computer’s IP Address Click the Gateway tab. • If you do not know your gateway’s IP address, remove previously installed gateways. • If you have a gateway IP address, type it in the New gateway field and click Add. Click OK to save and close the TCP/IP Properties window.
  • Page 321 Appendix B Setting up Your Computer’s IP Address In the Control Panel, double-click Network Connections (Network and Dial-up Connections in Windows 2000/NT). Figure 165 Windows XP: Control Panel Right-click Local Area Connection and then click Properties. Figure 166 Windows XP: Control Panel: Network Connections: Properties VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 322 Appendix B Setting up Your Computer’s IP Address Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and then click Properties. Figure 167 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). •...
  • Page 323 Appendix B Setting up Your Computer’s IP Address • Click Advanced. Figure 168 Windows XP: Internet Protocol (TCP/IP) Properties If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
  • Page 324 Appendix B Setting up Your Computer’s IP Address • Click OK when finished. Figure 169 Windows XP: Advanced TCP/IP Properties In the Internet Protocol TCP/IP Properties window (the General tab in Windows XP): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
  • Page 325 Appendix B Setting up Your Computer’s IP Address If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure 170 Windows XP: Internet Protocol (TCP/IP) Properties Click OK to close the Internet Protocol (TCP/IP) Properties window. Click Close (OK in Windows 2000/NT) to close the Local Area Connection Properties window.
  • Page 326 Appendix B Setting up Your Computer’s IP Address Click the Start icon, Control Panel. Figure 171 Windows Vista: Start Menu In the Control Panel, double-click Network and Internet. Figure 172 Windows Vista: Control Panel Click Network and Sharing Center. Figure 173 Windows Vista: Network And Internet VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 327 Appendix B Setting up Your Computer’s IP Address Click Manage network connections. Figure 174 Windows Vista: Network and Sharing Center Right-click Local Area Connection and then click Properties. Note: During this procedure, click Continue whenever Windows displays a screen saying that it needs your permission to continue.
  • Page 328 Appendix B Setting up Your Computer’s IP Address Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Figure 176 Windows Vista: Local Area Connection Properties The Internet Protocol Version 4 (TCP/IPv4) Properties window opens (the General tab). • If you have a dynamic IP address click Obtain an IP address automatically. •...
  • Page 329 Appendix B Setting up Your Computer’s IP Address • Click Advanced. Figure 177 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties If you do not know your gateway's IP address, remove any previously installed gateways in the IP Settings tab and click OK. Do one or more of the following if you want to configure additional IP addresses: •...
  • Page 330 Appendix B Setting up Your Computer’s IP Address • Click OK when finished. Figure 178 Windows Vista: Advanced TCP/IP Properties In the Internet Protocol Version 4 (TCP/IPv4) Properties window, (the General tab): • Click Obtain DNS server address automatically if you do not know your DNS server IP address(es).
  • Page 331 Appendix B Setting up Your Computer’s IP Address If you have previously configured DNS servers, click Advanced and then the DNS tab to order them. Figure 179 Windows Vista: Internet Protocol Version 4 (TCP/IPv4) Properties 10 Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties window. 11 Click Close to close the Local Area Connection Properties window.
  • Page 332 Appendix B Setting up Your Computer’s IP Address Macintosh OS 8/9 Click the Apple menu, Control Panel and double-click TCP/IP to open the TCP/IP Control Panel. Figure 180 Macintosh OS 8/9: Apple Menu VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 333 Appendix B Setting up Your Computer’s IP Address Select Ethernet built-in from the Connect via list. Figure 181 Macintosh OS 8/9: TCP/IP For dynamically assigned settings, select Using DHCP Server from the Configure: list. For statically assigned settings, do the following: •...
  • Page 334 Appendix B Setting up Your Computer’s IP Address • Select Built-in Ethernet from the Show list. • Click the TCP/IP tab. For dynamically assigned settings, select Using DHCP from the Configure list. Figure 183 Macintosh OS X: Network For statically assigned settings, do the following: •...
  • Page 335 Appendix B Setting up Your Computer’s IP Address Linux This section shows you how to configure your computer’s TCP/IP settings in Red Hat Linux 9.0. Procedure, screens and file location may vary depending on your Linux distribution and release version. Note: Make sure you are logged in as the root administrator.
  • Page 336 Appendix B Setting up Your Computer’s IP Address Double-click on the profile of the network card you wish to configure. The Ethernet Device General screen displays as shown. Figure 185 Red Hat 9.0: KDE: Ethernet Device: General • If you have a dynamic IP address, click Automatically obtain IP address settings with and select dhcp from the drop down list.
  • Page 337 Appendix B Setting up Your Computer’s IP Address Click the Activate button to apply the changes. The following screen displays. Click Yes to save the changes in all screens. Figure 187 Red Hat 9.0: KDE: Network Configuration: Activate After the network card restart process is complete, make sure the Status is Active in the Network Configuration screen.
  • Page 338 Appendix B Setting up Your Computer’s IP Address If you know your DNS server IP address(es), enter the DNS server information in the resolv.conf file in the /etc directory. The following figure shows an example where two DNS server IP addresses are specified.
  • Page 339: Appendix C Ip Addresses And Subnetting

    PP EN D I X IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network.
  • Page 340 Appendix C IP Addresses and Subnetting The following figure shows an example IP address in which the first three octets (192.168.1) are the network number, and the fourth octet (16) is the host ID. Figure 193 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask.
  • Page 341 Appendix C IP Addresses and Subnetting Subnet masks can be referred to by the size of the network number part (the bits with a “1” value). For example, an “8-bit mask” means that the first 8 bits of the mask are ones and the remaining 24 bits are zeroes.
  • Page 342 Appendix C IP Addresses and Subnetting The following table shows some possible subnet masks using both notations. Table 123 Alternative Subnet Mask Notation ALTERNATIVE LAST OCTET LAST OCTET SUBNET MASK NOTATION (BINARY) (DECIMAL) 255.255.255.0 0000 0000 255.255.255.128 1000 0000 255.255.255.192 1100 0000 255.255.255.224 1110 0000...
  • Page 343 Appendix C IP Addresses and Subnetting The following figure shows the company network after subnetting. There are now two sub- networks, A and B. Figure 195 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 2 –...
  • Page 344 Appendix C IP Addresses and Subnetting Table 124 Subnet 1 (continued) LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE Subnet Address: Lowest Host ID: 192.168.1.1 192.168.1.0 Broadcast Address: Highest Host ID: 192.168.1.62 192.168.1.63 Table 125 Subnet 2 LAST OCTET BIT IP/SUBNET MASK NETWORK NUMBER VALUE...
  • Page 345 Appendix C IP Addresses and Subnetting Table 128 Eight Subnets (continued) SUBNET LAST BROADCAST SUBNET FIRST ADDRESS ADDRESS ADDRESS ADDRESS Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 129 24-bit Network Number Subnet Planning NO.
  • Page 346 Appendix C IP Addresses and Subnetting Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask. If the ISP did not explicitly give you an IP network number, then most likely you have a single user account and the ISP will assign you a dynamic IP address when the connection is established.
  • Page 347: Appendix D Pop-Up Windows, Javascripts And Java Permissions

    PP EN D I X Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here.
  • Page 348 Appendix D Pop-up Windows, JavaScripts and Java Permissions Clear the Block pop-ups check box in the Pop-up Blocker section of the screen. This disables any web pop-up blockers you may have enabled. Figure 197 Internet Options: Privacy Click Apply to save this setting. Enable Pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps.
  • Page 349 Appendix D Pop-up Windows, JavaScripts and Java Permissions Select Settings…to open the Pop-up Blocker Settings screen. Figure 198 Internet Options: Privacy Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”.
  • Page 350 Appendix D Pop-up Windows, JavaScripts and Java Permissions Click Add to move the IP address to the list of Allowed sites. Figure 199 Pop-up Blocker Settings Click Close to return to the Privacy screen. Click Apply to save this setting. JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed.
  • Page 351 Appendix D Pop-up Windows, JavaScripts and Java Permissions In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 200 Internet Options: Security Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default). Under Scripting of Java applets make sure that Enable is selected (the default).
  • Page 352 Appendix D Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 201 Security Settings - Java Scripting Java Permissions From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM.
  • Page 353 Appendix D Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 202 Security Settings - Java JAVA (Sun) From Internet Explorer, click Tools, Internet Options and then the Advanced tab. Make sure that Use Java 2 for <applet> under Java (Sun) is selected. VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 354 Appendix D Pop-up Windows, JavaScripts and Java Permissions Click OK to close the window. Figure 203 Java (Sun) Mozilla Firefox Mozilla Firefox 2.0 screens are used here. Screens for other versions may vary. You can enable Java, Javascripts and pop-ups in one screen. Click Tools, then click Options in the screen that appears.
  • Page 355 Appendix D Pop-up Windows, JavaScripts and Java Permissions Click Content.to show the screen below. Select the check boxes as shown in the following screen. Figure 205 Mozilla Firefox Content Security VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 356 Appendix D Pop-up Windows, JavaScripts and Java Permissions VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 357: Appendix E Wireless Lans

    PP EN D I X Wireless LANs Wireless LAN Topologies This section discusses ad-hoc and infrastructure wireless LAN topologies. Ad-hoc Wireless LAN Configuration The simplest WLAN configuration is an independent (Ad-hoc) WLAN that connects a set of computers with wireless adapters (A, B, C). Any time two or more wireless adapters are within range of each other, they can set up an independent network, which is commonly referred to as an ad-hoc network or Independent Basic Service Set (IBSS).
  • Page 358 Appendix E Wireless LANs disabled, wireless client A and B can still access the wired network but cannot communicate with each other. Figure 207 Basic Service Set An Extended Service Set (ESS) consists of a series of overlapping BSSs, each containing an access point, with each access point connected together by a wired network.
  • Page 359 Appendix E Wireless LANs An ESSID (ESS IDentification) uniquely identifies each ESS. All access points and their associated wireless clients within the same ESS must have the same ESSID in order to communicate. Figure 208 Infrastructure WLAN Channel A channel is the radio frequency(ies) used by wireless devices to transmit and receive data. Channels available depend on your geographical area.
  • Page 360 Appendix E Wireless LANs cannot "hear" each other, that is they do not know if the channel is currently being used. Therefore, they are considered hidden from each other. RTS/CTS Figure 209 When station A sends data to the AP, it might not know that the station B is already using the channel.
  • Page 361 Appendix E Wireless LANs If the Fragmentation Threshold value is smaller than the RTS/CTS value (see previously) you set then the RTS (Request To Send)/CTS (Clear to Send) handshake will never occur as data frames will be fragmented before they reach RTS/CTS size. IEEE 802.11g Wireless LAN IEEE 802.11g is fully compatible with the IEEE 802.11b standard.
  • Page 362 Appendix E Wireless LANs IEEE 802.1x In June 2001, the IEEE 802.1x standard was designed to extend the features of IEEE 802.11 to support extended authentication as well as providing additional accounting and control features. It is supported by Windows XP and a number of network devices. Some advantages of IEEE 802.1x are: •...
  • Page 363 Appendix E Wireless LANs • Accounting-Request Sent by the access point requesting accounting. • Accounting-Response Sent by the RADIUS server to indicate that it has started or stopped accounting. In order to ensure network security, the access point and the RADIUS server use a shared secret key, which is a password, they both know.
  • Page 364 Appendix E Wireless LANs EAP-TTLS (Tunneled Transport Layer Service) EAP-TTLS is an extension of the EAP-TLS authentication that uses certificates for only the server- side authentications to establish a secure connection. Client authentication is then done by sending username and password through the secure connection, thus client identity is protected. For client authentication, EAP-TTLS supports EAP methods and legacy authentication methods such as PAP, CHAP, MS-CHAP and MS-CHAP v2.
  • Page 365 Appendix E Wireless LANs WPA and WPA2 Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2 (IEEE 802.11i) is a wireless security standard that defines stronger encryption, authentication and key management than WPA. Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication.
  • Page 366 Appendix E Wireless LANs password-guessing attacks but it’s still an improvement over WEP as it employs a consistent, single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of WEP) User Authentication WPA and WPA2 apply IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate...
  • Page 367 Appendix E Wireless LANs The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and management system, using the PMK to dynamically generate unique data encryption keys. The keys are used to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.
  • Page 368 Appendix E Wireless LANs Security Parameters Summary Refer to this table to see what other security parameters you should configure for each authentication method or key management protocol type. MAC address filters are not dependent on how you configure these security features. Table 134 Wireless Security Relational Matrix AUTHENTICATION ENCRYPTIO...
  • Page 369 Appendix E Wireless LANs 2.5%. For an unobstructed outdoor site, each 1dB increase in gain results in a range increase of approximately 5%. Actual results may vary depending on the network environment. Antenna gain is sometimes specified in dBi, which is how much the antenna increases the signal power compared to using an isotropic antenna.
  • Page 370 Appendix E Wireless LANs VMG1312-B10B / VMG1312-B30B Series User’s Guide...
  • Page 371: Appendix F Ipv6

    P P EN D I X IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 10 addresses.
  • Page 372 Appendix F IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address.
  • Page 373 Appendix F IPv6 Table 137 Reserved Multicast Address (continued) MULTICAST ADDRESS FF08:0:0:0:0:0:0:0 FF09:0:0:0:0:0:0:0 FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F).
  • Page 374 Appendix F IPv6 the time T2 is reached and the server does not respond, the client sends a Rebind message to any available server (S2). For an IA_TA, the client may send a Renew or Rebind message at the client's discretion.
  • Page 375 Appendix F IPv6 • Neighbor advertisement: A response from a node to announce its link-layer address. • Router solicitation: A request from a host to locate a router that can act as the default router and forward packets. • Router advertisement: A response to a router solicitation or a periodical multicast advertisement from a router to advertise its presence and other parameters.
  • Page 376 Appendix F IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses.
  • Page 377 Appendix F IPv6 Double click Dibbler - a DHCPv6 client. Click Start and then OK. Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer.
  • Page 378 Appendix F IPv6 Click Close to exit the Local Area Connection Status screen. Select Start > All Programs > Accessories > Command Prompt. Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection:...
  • Page 379: Appendix G Services

    PP E N D I X Services The following table lists some commonly-used services and their associated protocols and port numbers. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like.
  • Page 380 Appendix G Services Table 138 Examples of Services NAME PROTOCOL PORT(S) DESCRIPTION AH (IPSEC_TUNNEL) User-Defined The IPSEC AH (Authentication Header) tunneling protocol uses this service. 5190 AOL’s Internet Messenger service. AUTH Authentication protocol used by some servers. Border Gateway Protocol. BOOTP_CLIENT DHCP Client.
  • Page 381 Appendix G Services Table 138 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION NEW-ICQ 5190 An Internet chat program. NEWS A protocol for news groups. 2049 Network File System - NFS is a client/ server distributed file service that provides transparent file sharing for network environments.
  • Page 382 Appendix G Services Table 138 Examples of Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SQL-NET 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers. SSDP 1900 The Simple Service Discovery Protocol...
  • Page 383: Appendix H Legal Information

    ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved.
  • Page 384 Appendix H Legal Information Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. Consult the dealer or an experienced radio/TV technician for help. FCC Radiation Exposure Statement • This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
  • Page 385 Appendix H Legal Information ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, ZyXEL will, at its discretion, repair or replace the defective products or components without charge for either parts or labor, and to whatever extent it shall...
  • Page 386 Appendix H Legal Information • Place connecting cables carefully so that no one will step on them or stumble over them. • Always disconnect all cables from this device before servicing or disassembling. • Use ONLY an appropriate power adaptor or cord for your device. •...
  • Page 387: Index

    Index Index broadcast 127, 357 example ACL rule activation firewalls media server SIP ALG 233, 363 SSID Canonical Format Indicator See CFI adding a printer example CCMs Address Resolution Protocol certificate administrator password factory default Certificate Authority algorithms See CA. alternative subnet mask notation certificates antenna...
  • Page 388 Index firewalls Dynamic Host Configuration Protocol, see DHCP reset dynamic WEP key exchange restoring DYNDNS wildcard static route 93, 163, 203 Connectivity Check Messages, see CCMs contact information copyright EAP Authentication CoS technologies ECHO creating certificates e-mail CTS (Clear to Send) log example CTS threshold 120, 124...
  • Page 389 Index private IP Address Assignment General wireless LAN screen IP alias Guide NAT applications Quick Start IPSec algorithms architecture IPSec VPN hidden node IPv6 77, 371 HTTP addressing 77, 98, 371 EUI-64 global address interface ID link-local address Neighbor Discovery Protocol IANA ping Internet Assigned Numbers Authority...
  • Page 390 Index passwords inside IPSec logs 253, 257, 265, 271, 287 local Loop Back Response, see LBR outside loopback port forwarding port number services SIP ALG activation traversal NAT example negotiation mode Network Address Translation MAC address 115, 143 see NAT filter 114, 125 Network Address Translation, see NAT...
  • Page 391 Index preamble RFC 1058. See RIP. 121, 124 preamble mode RFC 1389. See RIP. prefix delegation RFC 1483 pre-shared key RFC 3164 Printer Server printer sharing router features and LAN Routing Information Protocol. See RIP configuration RPPCs requirements RTS (Request To Send) private IP address threshold 359, 360...
  • Page 392 Index status indicators subnet subnet mask unicast 138, 158, 340 subnetting Universal Plug and Play, see UPnP Sustained Cell Rate (SCR) upgrading firmware SYN attack UPnP cautions syslog example protocol installation severity levels NAT traversal system USB features firmware version passwords reset status...
  • Page 393 Index Wi-Fi Protected Access vs WPA2-PSK wireless client supplicant wireless client WPA supplicants with RADIUS application example Wireless Distribution System, see WDS WPA2-Pre-Shared Key wireless LAN 101, 122 WPA2-PSK authentication 124, 125 application example example WPA-PSK 126, 365 channel application example encryption 128, 131 example...
  • Page 394 Index VMG1312-B10B / VMG1312-B30B Series User’s Guide...

This manual is also suitable for:

Vmg1312- b30b series

Table of Contents

Save PDF